Actions
Bug #7572
closedEvents search crashes on specific query
Start date:
03/22/2022
Due date:
% Done:
100%
Estimated time:
To be discussed:
No
Description
## internal server error if `host_ports=11` https://mentat-hub.cesnet.cz/mentat/events/search?st_from=&st_to=&host_addrs=&host_ports=11&groups=abuse2%40spstrplz.cz&protocols=adb&description=aa&categories=Abusive.Spam&severities=low&detectors=cz.avcr.nemea.blacklist&detector_types=Auth&submit=Search
Updated by Rajmund Hruška over 2 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 10
So far I have found this:
b'SELECT * FROM events AS "_mentatq(4_elyccj)_" WHERE "detecttime" >= \\'2022-05-26T12:00:00+00:00\\'::timestamptz AND "detecttime" <= \\'2022-06-02T12:00:00+00:00\\'::timestamptz AND ("source_port" && ARRAY[\\'22\\'] OR "target_port" && ARRAY[22]) ORDER BY "detecttime" DESC LIMIT 100'
For some reason host_port is saved as int in target_port but as string in source_port.
Updated by Rajmund Hruška over 2 years ago
- % Done changed from 10 to 50
Parameters for source_ports weren't cast to integers. I fixed that in 6f2533eb.
Updated by Rajmund Hruška over 2 years ago
There is one more /events query which results in a crash.
Request: /events/search?st_from=&st_to=&source_addrs=78.128.214.3&source_ports=1&source_types=Botnet&target_addrs=78.128.214.3&target_ports=1&target_types=Botnet&groups=abuse2%40spstrplz.cz&protocols=adb&description=aa%00rapjh%22%3e%3ca%3ew1a4k&categories=Abusive.Spam&severities=low&detectors=cz.avcr.nemea.blacklist&detector_types=Auth&submit=Search
Traceback:
Traceback (most recent call last):
File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
response = self.full_dispatch_request()
File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/var/mentat/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
rv = self.dispatch_request()
File "/var/mentat/venv/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/var/mentat/venv/lib/python3.7/site-packages/flask_login/utils.py", line 272, in decorated_view
return func(*args, **kwargs)
File "/var/mentat/venv/lib/python3.7/site-packages/flask/views.py", line 89, in view
return self.dispatch_request(*args, **kwargs)
File "/var/mentat/venv/lib/python3.7/site-packages/vial/view/__init__.py", line 909, in dispatch_request
items = self.search(form_data)
File "/var/mentat/venv/lib/python3.7/site-packages/hawat/base.py", line 378, in search
qname = query_name
File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/eventstorage.py", line 947, in wrapped_f
return func(other_self, *args, **kwargs)
File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/eventstorage.py", line 983, in exc_handle_wrapper
return func(self, *args, **kwargs)
File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/eventstorage.py", line 1366, in search_events
count, result = self.cursor.search_events(parameters, qtype = qtype, qname = qname)
File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/eventstorage.py", line 686, in search_events
self.lastquery = self.cursor.mogrify(query, params)
ValueError: A string literal cannot contain NUL (0x00) characters.
Updated by Rajmund Hruška over 2 years ago
- Status changed from In Progress to Resolved
- % Done changed from 50 to 100
Updated by Rajmund Hruška over 2 years ago
- Status changed from Resolved to In Review
Merged into devel and deployed on mentat-alt.
Actions