API: cannot create alert if one alert artifact contains the IOC field set

[rolinh]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Ubuntu
OS version (client)	16.04
TheHive version / git hash	2.12.0
Package Type	Binary

Problem Description

Trying to create an alert using an HTTP post request on /api/alert with an alert which contains the IOC field set in one of its observables/artifacts results in a 400 Bad Request being returned by the server with a message like this one:

{"tableName":"alert","type":"AttributeCheckingError","errors":[[{"name":"alert.artifacts","format":"string","value":{"type":"JsonInputValue","value":true},"type":"InvalidFormatAttributeError","message":"Invalid format for alert.artifacts: JsonInputValue(true), expected string"}]]}

By the way, the message returned by the API server is rather cryptic. I had to trial and error several times to find which attribute of my alert was causing the issue and lost considerable time... Improvements in this area welcome 😃 .

Steps to Reproduce

curl -XPOST -u myuser:mypassword -H 'Content-Type: application/json' http://127.0.0.1:9000/api/alert -d '{
  "title": "Other alert",
  "description": "alert description",
  "type": "external",
  "source": "instance1",
  "sourceRef": "alert-ref",
  "severity": 3,
  "tlp": 3,
  "artifacts": [
    { "dataType": "ip", "data": "127.0.0.1", "message": "localhost", "ioc": true }
  ],
  "caseTemplate": "external-alert"
}'