Use URL encoding when calling the API

[Desvelao]

Description
The date values of the Wazuh API contain the + character. If the user does a query that contains this character, this should be encoded according to the framework co-workers. wazuh/wazuh#16899 (comment).

This affects the new search bar #4312.

All our request must encode the URL as defined in the standard. The library we use to build requests should do this automatically for us. We must review if our usage prevents this behavior, or it is a bug.

[Desvelao]

Research

In a first view, this problem could be caused in the API console of the plugin that could are coding the + to a space.

Search bar query:

amaz+ng

API logs (using the search bar in Agents):

2023/08/21 09:18:14 INFO: wazuh-wui 172.24.0.8 "GET /agents" with parameters {"q": "id!=000;(id~amaz+ng,name~amaz+ng,ip~amaz+ng,group~amaz+ng,os.name~amaz+ng,os.version~amaz+ng,node_name~amaz+ng,version~amaz+ng,status~amaz+ng)", "offset": "0", "limit": "10", "sort": "+id"} and body {} done in 0.033s: 400

q has the + character.
sort has the + character`

I tried in the API console of the plugin and seems here is the problem:

API console request:

GET /agents?q=dateAdd=2023-04-27T11:05:57+00:00

API logs:

2023/08/21 09:22:28 INFO: wazuh-wui 172.24.0.8 "GET /agents" with parameters {"q": "dateAdd=2023-04-27T11:05:57 00:00"} and body {} done in 0.016s: 200

q has not the + character.

[Desvelao]

Research

The path parameter of the Axios request is the value of the request:

Example

GET /agents?q=dateAdd=2023-04-27T11:05:57+00:00

path: GET /agents?q=dateAdd=2023-04-27T11:05:57+00:00

The path parameter is URL encoded, so when using some special character as +, this is URL encoded by the request method of axios library, resulting in the + character being replaced by a whitespace. The query string must be specified through the options.params of the library instead and don't be part of the path parameter.

As workaround, if the request (path and query string) is typed using URL encoding, the character is received by the Wazuh server API as expected:

The + is URL enconded as %2B . so using this request:

GET /agents?q=dateAdd=2023-04-27T11:05:57%2B00:00

Browser request:

API logs:

2023/10/30 13:33:35 INFO: wazuh-wui 172.22.0.7 "GET /agents" with parameters {"q": "dateAdd=2023-04-27T11:05:57+00:00"} and body {} done in 0.018s: 200

[Desvelao]

I will close the issue because the current behavior could be considered as expected.