Bug: Decaying Tools ( in 2.4.193 only) casing 'Uncaught SyntaxError: JSON.parse'
elvidence opened this issue · comments
Actual behavior
A bug has emerged following the update to MISP version 2.4.193. The previous version, 2.4.192, did not exhibit this issue.
Affected Module:
The update adversely affects the Decaying Tools module. While existing rules continue to function correctly, the bug appears when creating new rules.
Expected behavior
The changes should save without issues.
Steps to reproduce
Create a new rule in the Decaying Tools module.
Attempt to add attributes using the 'Decaying Of Indicator Fine Tuning Tool'.
Click the 'EDIT' button to save the changes.
The changes are not saved. Instead, an error message is generated:
Error Message: "Uncaught SyntaxError: JSON.parse: expected property name or '}' at line 1 column 2 of the JSON data."
This suggests there is a problem with JSON handling somewhere in the code that needs to be addressed.
Version
2.4.193
Operating System
Ubuntu
Operating System version
22.04
PHP version
7.4
Browser
Chrome
Browser version
No response
Relevant log output
No response
Extra attachments
No response
Code of Conduct
- I agree to follow this project's Code of Conduct
After the latest update it is now displaying "SyntaxError: JSON Parse error: Unrecognized token '&'" instead of previous "Uncaught SyntaxError: JSON.parse: expected property name or '}' at line 1 column 2 of the JSON data."
I suspect JsonTool.php or perhaps RestResponseComponent.php and relevant the htmlspecialchars part. This is what it looks like
{"data":{"DecayingModel":{"id":"4","uuid":null,"name":"Tor Exit Node Decay","parameters":
etc etc.
Instead of properly formatted {"data":{"DecayingModel":{"id":"4","uuid":null,"name":"Tor Exit Node Decay", etc etc.
Yep, indeed, this is caught by a new security feature - it sadly (or luckily) highlights badly coded endpoints that barf back JSON without setting the correct response headers. Will fix it asap.