Actual behavior

A bug has emerged following the update to MISP version 2.4.193. The previous version, 2.4.192, did not exhibit this issue.

Affected Module:

The update adversely affects the Decaying Tools module. While existing rules continue to function correctly, the bug appears when creating new rules.

Expected behavior

The changes should save without issues.

Steps to reproduce

Create a new rule in the Decaying Tools module.
Attempt to add attributes using the 'Decaying Of Indicator Fine Tuning Tool'.
Click the 'EDIT' button to save the changes.

The changes are not saved. Instead, an error message is generated:

Error Message: "Uncaught SyntaxError: JSON.parse: expected property name or '}' at line 1 column 2 of the JSON data."
This suggests there is a problem with JSON handling somewhere in the code that needs to be addressed.

Version

2.4.193

Operating System

Ubuntu

Operating System version

22.04

PHP version

7.4

Browser

Chrome

Browser version

No response

Relevant log output

No response

Extra attachments

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

After the latest update it is now displaying "SyntaxError: JSON Parse error: Unrecognized token '&'" instead of previous "Uncaught SyntaxError: JSON.parse: expected property name or '}' at line 1 column 2 of the JSON data."

I suspect JsonTool.php or perhaps RestResponseComponent.php and relevant the htmlspecialchars part. This is what it looks like
{"data":{"DecayingModel":{"id":"4","uuid":null,"name":"Tor Exit Node Decay","parameters": etc etc.

Instead of properly formatted {"data":{"DecayingModel":{"id":"4","uuid":null,"name":"Tor Exit Node Decay", etc etc.

Yep, indeed, this is caught by a new security feature - it sadly (or luckily) highlights badly coded endpoints that barf back JSON without setting the correct response headers. Will fix it asap.