Merge pull request #84 from RIPE-NCC/problem-parsing-country-names

Catch problems parsing SSL certificates
RIPE-NCC · Aug 29, 2017 · 12b6714 · 12b6714
2 parents 8aafc7d + 7faee32
commit 12b6714
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/ripe/atlas/sagan/ssl.py b/ripe/atlas/sagan/ssl.py
@@ -265,9 +265,13 @@ def __init__(self, data, **kwargs):
         if "cert" in self.raw_data and isinstance(self.raw_data["cert"], list):
 
             for certificate in self.raw_data["cert"]:
-                self.certificates.append(Certificate(certificate, **kwargs))
+                try:
+                    self.certificates.append(Certificate(certificate, **kwargs))
+                except Exception as exc:
+                    self._handle_error(str(exc))
+                    continue
 
-            if len(self.raw_data["cert"]) == 1:
+            if len(self.certificates) == 1:
                 certificate = self.certificates[0]
                 if certificate.subject_cn == certificate.issuer_cn:
                     self.is_self_signed = True

diff --git a/tests/ssl.py b/tests/ssl.py
@@ -407,3 +407,10 @@ def test_ssl_x509_san():
         {},
     ]
     assert extensions == should_be
+
+
+def test_invalid_country_code():
+    result = Result.get('{"af":4,"cert":["-----BEGIN CERTIFICATE-----\\nMIIENTCCAx2gAwIBAgIBADANBgkqhkiG9w0BAQUFADBzMQ8wDQYDVQQGEwZCcmF6\\naWwxCTAHBgNVBAgMADESMBAGA1UEBwwJU2FvIFBhdWxvMQ4wDAYDVQQKDAVJQ0FO\\nTjEOMAwGA1UECwwFTFJPT1QxITAfBgNVBAMMGGdydTAxLmwucm9vdC1zZXJ2ZXJz\\nLm9yZzAeFw0xNzA0MDMyMTU4MzlaFw0yNzA0MDEyMTU4MzlaMHMxDzANBgNVBAYT\\nBkJyYXppbDEJMAcGA1UECAwAMRIwEAYDVQQHDAlTYW8gUGF1bG8xDjAMBgNVBAoM\\nBUlDQU5OMQ4wDAYDVQQLDAVMUk9PVDEhMB8GA1UEAwwYZ3J1MDEubC5yb290LXNl\\ncnZlcnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEHu8DoR\\nTlawVGz1bUyzFXpnnOVQwPQU9Z4q5auL74MTRizabE/6+V0Q3bfc3dLWOIY58WvX\\nq52Q81N1HynOZ5ZFYz+GMeeilxKJ4GlWQ22lYXBDobweCNhDEDQsh59AklzdyiWc\\n9g08THiaxFE85c3XlDzWCmlJGInZBZcml2VxQVEM8zrjqZXn/T3kUx8rej65q0v4\\nWEay02nrQxjUeFSRYx48WfgAz7S7LruLiPNO12pvVIpJro+MLzRrYD7f4Ba6pF8W\\nket/+nIAchbc+RjEyHyyE+hRmPfTDNARgZgSaEqB98tpav6k7Z7bijsIpwx6U4l6\\nYRxz3DIWKMe++QIDAQABo4HTMIHQMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\\nFCwFtz6hwT4qsx5j0lUluDyXbJpBMIGdBgNVHSMEgZUwgZKAFCwFtz6hwT4qsx5j\\n0lUluDyXbJpBoXekdTBzMQ8wDQYDVQQGEwZCcmF6aWwxCTAHBgNVBAgMADESMBAG\\nA1UEBwwJU2FvIFBhdWxvMQ4wDAYDVQQKDAVJQ0FOTjEOMAwGA1UECwwFTFJPT1Qx\\nITAfBgNVBAMMGGdydTAxLmwucm9vdC1zZXJ2ZXJzLm9yZ4IBADANBgkqhkiG9w0B\\nAQUFAAOCAQEAVSqrE2xMOqOMT/0r0ijSJVJjMRtdd2WPnpFLZsIt5siHXZHitoF/\\nFLlgaDfWd70uVlL8EjGHxwKPJL2l8WU1foCKCHUA7syarvpQEpm3kaGAoPm8VPm8\\n/ZcjetBxvAF0ZImoAcNE66aanPRSCvcna/5ANgHyZp6a0i7DT/Tqd+/0U3PNZK0Z\\nI7K2HvWx8wgN9WnMwEcNDVw9/pvNpC4Uh4MNDXYJZeC1xMNlB3sfm/ohP15lPsxI\\nN2afNemOosSyqViiPCVl6HaEwrR7YZB2wffnMAC2RAkJYyRkv/V5L4Hf4xz3C+Bl\\n47GfJQP8dNoGhIt1iCtMQp1iRNUfYCuqhQ==\\n-----END CERTIFICATE-----"],"dst_addr":"199.7.83.80","dst_name":"199.7.83.80","dst_port":"443","from":"123.203.145.125","fw":4790,"group_id":1965073,"lts":54,"method":"TLS","msm_id":1965073,"msm_name":"SSLCert","prb_id":1004,"rt":701.811596,"src_addr":"192.168.1.100","timestamp":1502117346,"ttc":346.966342,"type":"sslcert","ver":"1.2"}')
+    assert(result.is_error)
+    print(type(result.error_message), result.error_message)
+    assert(result.error_message == "Country name must be a 2 character country code")