Request Type
Bug
Work Environment
| Question |
Answer |
| OS version (server) |
Ubuntu |
| OS version (client) |
Win7 |
| Cortex version / git hash |
3.0.0-RC4 |
| Package Type |
DEB |
Problem Description
The JSON output generated for debugging purposes when an analyzer could not run is no valid JSON.
This is the output I get from running Google_DNSResolve where I have PAP:AMBER and the analyzer at max-PAP:GREEN:
{
"input": "{\"data\":\"192.99.215.95\",\"dataType\":\"ip\",\"tlp\":0,\"message\":\"61\",\"parameters\":{},\"config\":{\"proxy_https\":null,\"max_pap\":1,\"service\":\"get\",\"check_tlp\":true,\"proxy_http\":null,\"max_tlp\":1,\"auto_extract_artifacts\":true,\"check_pap\":true},\"pap\":2}",
"success": false,
"errorMessage": "PAP is higher than allowed.",
"artifacts": []
}
This is no valid JSON, because ...
First, almost every quotation sign is escaped:
Second, after cleaning up these escape characters, it's invalid JSON because there the object-type value of "input" is placed in quotes
I'm quite sure the qouting of the object introduces the problem with the escaping.
Steps to Reproduce
Run any analyzer where the observables TLP/PAP is higher than allowed by the analyzer and look at the raw report.
Request Type
Bug
Work Environment
Problem Description
The JSON output generated for debugging purposes when an analyzer could not run is no valid JSON.
This is the output I get from running Google_DNSResolve where I have PAP:AMBER and the analyzer at max-PAP:GREEN:
This is no valid JSON, because ...
First, almost every quotation sign is escaped:
Second, after cleaning up these escape characters, it's invalid JSON because there the object-type value of "input" is placed in quotes
I'm quite sure the qouting of the object introduces the problem with the escaping.
Steps to Reproduce
Run any analyzer where the observables TLP/PAP is higher than allowed by the analyzer and look at the raw report.