[BUG] Custom Attributes UI Error 500 in IRIS v2.4.23 & v2.4.26 #1006
Description
Environment
- IRIS Version: v2.4.23 & v2.4.26
- Installation Method: Docker Compose
- Deployment:
ghcr.io/dfir-iris/iriswebapp_app:latestghcr.io/dfir-iris/iriswebapp_db:latest(PostgreSQL 12.22)ghcr.io/dfir-iris/iriswebapp_nginx:latest
- Installed: 3 months ago
- User Role: Super Administrator
Description
Unable to add Case Custom Attributes via the Web UI. Both Preview and Save operations result in HTTP 500 Internal Server Error.
Steps to Reproduce
- Navigate to:
Advanced → Custom Attributes → Cases (#7) - Click on "Cases" to open the attribute editor
- Enter JSON in the "Attribute definition" field (see examples below)
- Click "Preview" → Success (shows all fields)
- Click "Update" or "Partial overwrite" → Error 500
Expected Behavior
Custom Attributes should be saved successfully and appear in Case forms.
Actual Behavior
Error 500 with the following server log:
2026-01-09 09:59:39 :: ERROR :: app :: log_exception :: Exception on /manage/attributes/update/7 [POST]
Traceback (most recent call last):
File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 2190, in wsgi_app
response = self.full_dispatch_request()
File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1486, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1484, in full_dispatch_request
rv = self.dispatch_request()
File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1469, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File "/iriswebapp/app/util.py", line 747, in wrap
return f(*args, **kwargs)
File "/iriswebapp/app/blueprints/manage/manage_attributes_routes.py", line 127, in update_attribute
attr_contents, logs = validate_attribute(attr_content)
File "/iriswebapp/app/datamgmt/manage/manage_attribute_db.py", line 243, in validate_attribute
if not data[tab][field].get('type'):
AttributeError: 'str' object has no attribute 'get'JSON Examples That Fail.
Minimal Example (1 attribute):
{
"bsi_meldepflicht": {
"type": "select",
"mandatory": true,
"description": "Reporting Obligation Status",
"label": "Meldepflicht Status",
"values": [
"Ja (§8b BSIG)",
"Ja (NIS2)",
"Nein"
]
}
}
With Tab Structure (also fails):
{
"Compliance": {
"bsi_meldepflicht": {
"type": "select",
"mandatory": true,
"description": " Reporting Obligation",
"label": "Meldepflicht",
"values": ["Ja", "Nein"]
}
}
}
Analysis
The error occurs in /iriswebapp/app/datamgmt/manage/manage_attribute_db.py line 243:
if not data[tab][field].get('type'):
AttributeError: 'str' object has no attribute 'get'
This suggests the validation function expects a different JSON structure than what the UI accepts.
Workaround Direct database insertion works:
UPDATE cases
SET custom_attributes = '{
"bsi_meldepflicht": "Ja (blabla)",
"chain_of_custody_id": "COC-2025-01-09-001"
}'::json
WHERE case_id = 1;
Custom Attributes stored this way do appear in the IRIS UI, confirming the database schema is correct.
Database Schema
\d cases
-- Column: custom_attributes | json | nullable
The custom_attribute table exists but the UI error prevents proper schema registration.
Use Case: Implementing ORG-compliant DFIR workflows requiring custom fields for:
Meldepflicht Status (§8b BSIG, NIS2, GDPR)
Chain of Custody ID
MITRE ATT&CK Tactics
Evidence Management
Impact
Severity: High
Affected Users: Anyone trying to extend Case attributes via UI
Blocking: Yes - prevents proper Case template customization
Additional Context
Preview function works correctly (displays fields as expected)
Only Save/Update operations fail
Same error occurs for Super Admin and regular Admin users
Problem persists after Docker container restart
Browser: Tested in Chrome, Firefox (same result)
Suggested Fix
Review validate_attribute() function in manage_attribute_db.py line 243 to handle the JSON structure correctly or update documentation on expected format.
Related
This may be related to [insert any similar issues if you find them]