Hello Community,
We are trying to change a custom field values to default value if ticket status changes to either resolved/rejected/autorejected through scrip way. We are able to do that if length of a custom field value is small. Problem arises when the custom field value is big (more than 2 lines). Some one please assist us to resolve this issue.
Working custom field value:
This alert indicates an attempt to exploit a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable.
Problematic custom field values (example):
-
This alert is triggered when a command shell connection is made to a Unix server. Normally, there should not be any unencrypted command shell connections active to Unix servers. This alert indicates that someone has gained unauthorized privileges or access. Backdoor attacks are unauthorized entry attempts into your system. Often these attacks go unnoticed, and may allow an attacker to execute commands as a privileged user.
-
This alert indicates that someone attempted to submit a crafted URL to inject a SQL command, which can then be run by the SQL server. “SQL injection” occurs when an attacker is able to insert a SQL statement into a SQL query generated by a trusted Web server. These injected SQL queries can be used to execute commands and possibly compromise the database.
Details:
custom field: Alert Definition (Type: Enter one value)
Scrip:
Custom condition:
my $txn = $self->TransactionObj;
if(($txn->NewValue eq “resolved”) || ($txn->NewValue eq “rejected”) || ($txn->NewValue eq “autorejected”))
{
return 1;
}
else
{
return 0;
}
Custom action preparation code:
my $queue = ‘IDS Alerts’;
my $cf_name = ‘Alert Definition’;
RT::LoadConfig();
RT::Init();
my $tx = RT::Tickets->new($RT::SystemUser);
my $cf = RT::CustomField->new($RT::SystemUser);
my $q = RT::Queue->new($RT::SystemUser);
$q->Load($queue);
$cf->LoadByNameAndQueue(Queue => $q->Id, Name => $cf_name);
unless( $cf->id )
{
die “Could not load custom field”;
}
my $cf_value = $self->TicketObj->FirstCustomFieldValue($cf_name);
my ($ret, $msg) = $self->TicketObj->DeleteCustomFieldValue(Field => $cf->Id, Value => $cf_value);
$self->TicketObj->AddCustomFieldValue(Field => $cf->Id, Value => ‘Deleted’);
Custom action commit code:
return 1;
Note:
We also tried changing the type of the custom field value to below. But, nothing is working 
- Fill in one wikitext area
- Fill in one text area
Code Courtesy:
RT Wiki
