From 7faee32574118af7f1cc80d0ab9f989912e32d13 Mon Sep 17 00:00:00 2001 From: Christopher Amin Date: Thu, 10 Aug 2017 17:36:51 +0200 Subject: [PATCH] Catch problems parsing SSL certificates and treat them as parsing errors instead of exceptions --- ripe/atlas/sagan/ssl.py | 8 ++++++-- tests/ssl.py | 7 +++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/ripe/atlas/sagan/ssl.py b/ripe/atlas/sagan/ssl.py index 262a4f6..4f6db6b 100644 --- a/ripe/atlas/sagan/ssl.py +++ b/ripe/atlas/sagan/ssl.py @@ -265,9 +265,13 @@ def __init__(self, data, **kwargs): if "cert" in self.raw_data and isinstance(self.raw_data["cert"], list): for certificate in self.raw_data["cert"]: - self.certificates.append(Certificate(certificate, **kwargs)) + try: + self.certificates.append(Certificate(certificate, **kwargs)) + except Exception as exc: + self._handle_error(str(exc)) + continue - if len(self.raw_data["cert"]) == 1: + if len(self.certificates) == 1: certificate = self.certificates[0] if certificate.subject_cn == certificate.issuer_cn: self.is_self_signed = True diff --git a/tests/ssl.py b/tests/ssl.py index 5dcf110..350bd9c 100644 --- a/tests/ssl.py +++ b/tests/ssl.py @@ -407,3 +407,10 @@ def test_ssl_x509_san(): {}, ] assert extensions == should_be + + +def test_invalid_country_code(): + result = Result.get('{"af":4,"cert":["-----BEGIN CERTIFICATE-----\\nMIIENTCCAx2gAwIBAgIBADANBgkqhkiG9w0BAQUFADBzMQ8wDQYDVQQGEwZCcmF6\\naWwxCTAHBgNVBAgMADESMBAGA1UEBwwJU2FvIFBhdWxvMQ4wDAYDVQQKDAVJQ0FO\\nTjEOMAwGA1UECwwFTFJPT1QxITAfBgNVBAMMGGdydTAxLmwucm9vdC1zZXJ2ZXJz\\nLm9yZzAeFw0xNzA0MDMyMTU4MzlaFw0yNzA0MDEyMTU4MzlaMHMxDzANBgNVBAYT\\nBkJyYXppbDEJMAcGA1UECAwAMRIwEAYDVQQHDAlTYW8gUGF1bG8xDjAMBgNVBAoM\\nBUlDQU5OMQ4wDAYDVQQLDAVMUk9PVDEhMB8GA1UEAwwYZ3J1MDEubC5yb290LXNl\\ncnZlcnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEHu8DoR\\nTlawVGz1bUyzFXpnnOVQwPQU9Z4q5auL74MTRizabE/6+V0Q3bfc3dLWOIY58WvX\\nq52Q81N1HynOZ5ZFYz+GMeeilxKJ4GlWQ22lYXBDobweCNhDEDQsh59AklzdyiWc\\n9g08THiaxFE85c3XlDzWCmlJGInZBZcml2VxQVEM8zrjqZXn/T3kUx8rej65q0v4\\nWEay02nrQxjUeFSRYx48WfgAz7S7LruLiPNO12pvVIpJro+MLzRrYD7f4Ba6pF8W\\nket/+nIAchbc+RjEyHyyE+hRmPfTDNARgZgSaEqB98tpav6k7Z7bijsIpwx6U4l6\\nYRxz3DIWKMe++QIDAQABo4HTMIHQMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\\nFCwFtz6hwT4qsx5j0lUluDyXbJpBMIGdBgNVHSMEgZUwgZKAFCwFtz6hwT4qsx5j\\n0lUluDyXbJpBoXekdTBzMQ8wDQYDVQQGEwZCcmF6aWwxCTAHBgNVBAgMADESMBAG\\nA1UEBwwJU2FvIFBhdWxvMQ4wDAYDVQQKDAVJQ0FOTjEOMAwGA1UECwwFTFJPT1Qx\\nITAfBgNVBAMMGGdydTAxLmwucm9vdC1zZXJ2ZXJzLm9yZ4IBADANBgkqhkiG9w0B\\nAQUFAAOCAQEAVSqrE2xMOqOMT/0r0ijSJVJjMRtdd2WPnpFLZsIt5siHXZHitoF/\\nFLlgaDfWd70uVlL8EjGHxwKPJL2l8WU1foCKCHUA7syarvpQEpm3kaGAoPm8VPm8\\n/ZcjetBxvAF0ZImoAcNE66aanPRSCvcna/5ANgHyZp6a0i7DT/Tqd+/0U3PNZK0Z\\nI7K2HvWx8wgN9WnMwEcNDVw9/pvNpC4Uh4MNDXYJZeC1xMNlB3sfm/ohP15lPsxI\\nN2afNemOosSyqViiPCVl6HaEwrR7YZB2wffnMAC2RAkJYyRkv/V5L4Hf4xz3C+Bl\\n47GfJQP8dNoGhIt1iCtMQp1iRNUfYCuqhQ==\\n-----END CERTIFICATE-----"],"dst_addr":"199.7.83.80","dst_name":"199.7.83.80","dst_port":"443","from":"123.203.145.125","fw":4790,"group_id":1965073,"lts":54,"method":"TLS","msm_id":1965073,"msm_name":"SSLCert","prb_id":1004,"rt":701.811596,"src_addr":"192.168.1.100","timestamp":1502117346,"ttc":346.966342,"type":"sslcert","ver":"1.2"}') + assert(result.is_error) + print(type(result.error_message), result.error_message) + assert(result.error_message == "Country name must be a 2 character country code")