Project

General

Profile

Actions

Bug #7572

closed

Events search crashes on specific query

Added by Pavel Kácha almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Development - GUI
Target version:
Start date:
03/22/2022
Due date:
% Done:

100%

Estimated time:
To be discussed:
No

Description

## internal server error if `host_ports=11`

https://mentat-hub.cesnet.cz/mentat/events/search?st_from=&st_to=&host_addrs=&host_ports=11&groups=abuse2%40spstrplz.cz&protocols=adb&description=aa&categories=Abusive.Spam&severities=low&detectors=cz.avcr.nemea.blacklist&detector_types=Auth&submit=Search
Actions #1

Updated by Pavel Kácha almost 3 years ago

FLAB Pentest 2022-03 no. 36

Actions #2

Updated by Rajmund Hruška over 2 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

So far I have found this:

b'SELECT * FROM events AS "_mentatq(4_elyccj)_" WHERE "detecttime" >= \\'2022-05-26T12:00:00+00:00\\'::timestamptz AND "detecttime" <= \\'2022-06-02T12:00:00+00:00\\'::timestamptz AND ("source_port" && ARRAY[\\'22\\'] OR "target_port" && ARRAY[22]) ORDER BY "detecttime" DESC LIMIT 100'

For some reason host_port is saved as int in target_port but as string in source_port.

Actions #3

Updated by Rajmund Hruška over 2 years ago

  • % Done changed from 10 to 50

Parameters for source_ports weren't cast to integers. I fixed that in 6f2533eb.

Actions #4

Updated by Rajmund Hruška over 2 years ago

There is one more /events query which results in a crash.

Request: /events/search?st_from=&st_to=&source_addrs=78.128.214.3&source_ports=1&source_types=Botnet&target_addrs=78.128.214.3&target_ports=1&target_types=Botnet&groups=abuse2%40spstrplz.cz&protocols=adb&description=aa%00rapjh%22%3e%3ca%3ew1a4k&categories=Abusive.Spam&severities=low&detectors=cz.avcr.nemea.blacklist&detector_types=Auth&submit=Search
Traceback:
Traceback (most recent call last):
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
    response = self.full_dispatch_request()
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
    rv = self.dispatch_request()
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/var/mentat/venv/lib/python3.7/site-packages/flask_login/utils.py", line 272, in decorated_view
    return func(*args, **kwargs)
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/views.py", line 89, in view
    return self.dispatch_request(*args, **kwargs)
  File "/var/mentat/venv/lib/python3.7/site-packages/vial/view/__init__.py", line 909, in dispatch_request
    items = self.search(form_data)
  File "/var/mentat/venv/lib/python3.7/site-packages/hawat/base.py", line 378, in search
    qname = query_name
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/eventstorage.py", line 947, in wrapped_f
    return func(other_self, *args, **kwargs)
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/eventstorage.py", line 983, in exc_handle_wrapper
    return func(self, *args, **kwargs)
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/eventstorage.py", line 1366, in search_events
    count, result = self.cursor.search_events(parameters, qtype = qtype, qname = qname)
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/eventstorage.py", line 686, in search_events
    self.lastquery = self.cursor.mogrify(query, params)
ValueError: A string literal cannot contain NUL (0x00) characters.
Actions #5

Updated by Rajmund Hruška over 2 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 50 to 100

Rajmund Hruska wrote in #note-4:

There is one more /events query which results in a crash.

[...]

This issue was present in almost every search form and it is now fixed in fab73a82.

Actions #6

Updated by Rajmund Hruška over 2 years ago

  • Status changed from Resolved to In Review

Merged into devel and deployed on mentat-alt.

Actions #7

Updated by Pavel Kácha over 2 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF