Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution]: Error icon shows on search bar while user search timelines with special characters. #138499

Closed
ghost opened this issue Aug 10, 2022 · 11 comments
Assignees
Labels
bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team

Comments

@ghost
Copy link

ghost commented Aug 10, 2022

Describe the bug:
Error icon shows on search bar while user search timelines with special characters.

Build Details:

VERSION: 8.4.0-BC2
COMMIT: 9e9e0d6a685cbc2858a85a357f93dcb76259fdee
BUILD: 55166

Preconditions

  1. Kibana should be running.

Steps to Reproduce

  1. Navigate to Timelines tab.
  2. Now, click create new timeline.
  3. Now add timeline name with special characters and save the timeline.
  4. Now, navigate back to timelines tab.
  5. On the search bar. search the timeline with timeline name.
  6. Observe that error icon shows on search bar while user search timelines with special characters.

Note: The same issue is reproducible for timelines templates.

Actual Result
Error icon shows on search bar while user search timelines with special characters.

Expected Result
Error icon should not show on search bar while user search timelines with special characters.

Screen-Recording:

Timelines.-.Kibana.-.Google.Chrome.2022-08-09.17-35-02.mp4
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.4.0 labels Aug 10, 2022
@ghost ghost self-assigned this Aug 10, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost ghost removed their assignment Aug 10, 2022
@ghost ghost added the impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. label Aug 10, 2022
@ghost ghost assigned MadameSheema Aug 10, 2022
@MadameSheema MadameSheema added Team:Threat Hunting Security Solution Threat Hunting Team Team:Threat Hunting:Investigations Security Solution Investigations Team labels Aug 10, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@janmonschke
Copy link
Contributor

@samratbhadra-qasource If you hover over the error icon, does it show you an error message?

@jamster10
Copy link
Contributor

I saw this yesterday on the /app/dashboards#/list table and I am fairly certain this is related to EUIMemoryTable.

I think is the text input is doing preemptive checks for an ElasticSearch query. and expecting closing characters if you put just 1 special character.

Unsure if this should be considered a bug, as the there is a fair error message suggesting they have an unterminated possible elasticsearch query directive.

image

If it is a bug, it might be to EUI to determine if that error catching should be there. If it's meant to be an only in memory table it might make sense to remove it since the query would never go to ElasticSearch, but at the same time, /app/dashboards#/list does query an actual ElasticSearch instance 🤔

@ghost
Copy link
Author

ghost commented Aug 11, 2022

Hi @janmonschke
Yes, while hovering over the error icon it shows an error message. Please find below the details of the error message.

Screenshot:
image

Please do let us know if anything else if required from our end.

Thanks!

@janmonschke
Copy link
Contributor

Unsure if this should be considered a bug, as the there is a fair error message suggesting they have an unterminated possible elasticsearch query directive.

@jamster10 Yeah, hard to say if it is a bug. It's a good indicator for a wrong query but as the video shows, the query works just fine.
Do you know if the behaviour of the underlying EUI component has changed recently?

@jamster10
Copy link
Contributor

@jamster10 Yeah, hard to say if it is a bug. It's a good indicator for a wrong query but as the video shows, the query works just fine. Do you know if the behaviour of the underlying EUI component has changed recently?

This I don't know 🤔 . When I saw the behaviour elsewhere (other than the dashbaord) where I needed it, I assumed it was a known expected behavour.

@michaelolo24 michaelolo24 added v8.6.0 and removed v8.5.0 labels Oct 6, 2022
@michaelolo24 michaelolo24 removed their assignment Nov 14, 2022
@cybersecdiva
Copy link

Tested in 8.9.0 BC5

Build Details:
VERSION: 8.9.0 BC5
BUILD: 64715
COMMIT: beb56356c5c037441f89264361302513ff5bd9f8

Preconditions:

  • Kibana must be running

Describe the bug:
Error icon shows on search bar while user search timelines with special characters.

Steps to reproduce:

  1. Navigate to Security ->Timelines
  2. Click on Create new timeline
  3. In the "Untitled timeline" header section, select the ✏️ edit icon and type in a new name containing special characters and select "Save"
  4. Click on the newly created Timeline name and this will take you back to the main Timelines menu selection
  5. In the search box, type in the timeline name that contains special characters

Current behavior:
Error icon 🔺 displays in search bar when searching for timeline name with special characters

Expected behavior:

Error icon should not 🔺 display in search bar when searching for timeline name with special characters

Observations:

  • When searching for timelines that contain special characters in the name, an error icon🔺displays.
  • The error 🔺 does not display on timelines that have all alpha characters or alphanumeric combinations

Screenshots of behavior:

Screenshot of timeline name search containing special characters with the error 🔺 icon displayed:
Screenshot 2023-08-14 at 7 07 15 PM

Screenshot of timeline name search containing alphanumeric characters (No error 🔺 icon displays):
Screenshot 2023-08-14 at 7 22 12 PM

Screenshot of timeline name search containing alpha characters (No error 🔺 icon displays):
Screenshot 2023-08-14 at 7 07 50 PM

Screen share recording:

timeline.error.icon.for.search.bar.with.special.character.names.mp4

Conclusion:

  • Validated that behavior is still occurring in 8.9.0 BC5.
  • There is also a known and similar issue open for searching custom rules containing special characters in #97094

@MadameSheema @michaelolo24 @janmonschke Updated FYI Observations

@cybersecdiva cybersecdiva added the QA:Validated Issue has been validated by QA label Aug 14, 2023
@janmonschke
Copy link
Contributor

@cybersecdiva This appears to be an issue in EUI itself. The issue can be reproduced here by typing in %% in the search bar: https://elastic.github.io/eui/#/tabular-content/in-memory-tables#in-memory-table-with-search-callback

The best way to proceed is to involve the EUI team imo.

@janmonschke
Copy link
Contributor

For tracking purposes, the associated EUI issue is this one: elastic/eui#7160

@PhilippeOberti
Copy link
Contributor

After talking to the team, this is an issue with the EUI component we're using, therefore we're likely not the only ones facing the problem. There isn't an easy fix for this... like @janmonschke suggested, we probably could move away from that component and add our own validation, but he also said that that wouldn't make much sense, and I agree with him.

I'm closing this ticket as this is an edge case and it seems that not many users have noticed it or cared enough about it to comment on this ticket or create new ones.
We will most likely not fix it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team
Projects
None yet
Development

No branches or pull requests

7 participants