Handle bad ip.protocol strings better (issue arkime#330)

baubaubau · Jan 21, 2015 · 679ce73 · 679ce73
1 parent a3225fd
commit 679ce73
Show file tree

Hide file tree

Showing 7 changed files with 55 additions and 4 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -47,6 +47,7 @@
   - New tls.sessionid.dst, tls.sessionid.src, tls.sessionid fields (issue #326) 
   - Use ELS doc_values for some fields to reduce ES memory
   - Added cert.cnt back
+  - Handle bad ip.protocol strings better (issue #330)
 
 
 

diff --git a/tests/api-connections.t b/tests/api-connections.t
@@ -1,4 +1,4 @@
-use Test::More tests => 3;
+use Test::More tests => 4;
 use Cwd;
 use URI::Escape;
 use MolochTest;
@@ -24,3 +24,7 @@ my $files = "(file=$pwd/socks-http-example.pcap||file=$pwd/socks-http-pass.pcap|
     $json = viewerGet("/connections.json?date=-1&dstField=tls.notAfter&expression=" . uri_escape("$files"));
     delete $json->{health};
     eq_or_diff($json, from_json('{ "nodes": [ { "id": "1418212800", "db": 26760, "by": 32958, "pa": 93, "cnt": 1, "sessions": 3, "type": 2, "pos": 0 }, { "id": "1648944000", "db": 26760, "by": 32958, "pa": 93, "cnt": 1, "sessions": 3, "type": 2, "pos": 1 }, { "id": "10.180.156.185", "db": 53520, "by": 65916, "pa": 186, "cnt": 2, "sessions": 6, "type": 1, "pos": 2 } ], "links": [ { "value": 3, "source": 2, "target": 0, "by": 32958, "db": 26760, "pa": 93, "no": { "test": 1 } }, { "value": 3, "source": 2, "target": 1, "by": 32958, "db": 26760, "pa": 93, "no": { "test": 1 } } ], "iTotalDisplayRecords": 3 }', {relaxed => 1}), "a1 to tls.notAfter", { context => 3 });
+
+    my $json = viewerGet("/connections.json?date=-1&expression=" . uri_escape("$files&&ip.protocol==blah"));
+    delete $json->{health};
+    eq_or_diff($json, from_json('{ "bsqErr": "Unknown protocol string blah" }', {relaxed => 1}), "ip.protocol==blah", { context => 3 });
diff --git a/tests/api-sessions.t b/tests/api-sessions.t
@@ -1,4 +1,4 @@
-use Test::More tests => 26;
+use Test::More tests => 27;
 use Cwd;
 use URI::Escape;
 use MolochTest;
@@ -49,6 +49,10 @@ my $pwd = getcwd() . "/pcap";
     is ($json->{iTotalDisplayRecords}, 5, "records ALL");
     is ($json->{graph}->{interval}, 3600, "correct interval ALL");
 
+# Check ip.protocol=blah
+    my $json = viewerGet("/sessions.json?date=-1&&spi=a1&expression=" . uri_escape("file=$pwd/bigendian.pcap&&ip.protocol==blah"));
+    is($json->{bsqErr}, "Unknown protocol string blah", "ip.protocol==blah");
+
 # csv
     my $csv = $MolochTest::userAgent->get("http://$MolochTest::host:8123/sessions.csv?date=-1&expression=" . uri_escape("file=$pwd/socks-http-example.pcap"))->content;
     $csv =~ s/\r//g;

diff --git a/tests/api-spiview.t b/tests/api-spiview.t
@@ -0,0 +1,22 @@
+use Test::More tests => 3;
+use Cwd;
+use URI::Escape;
+use MolochTest;
+use JSON;
+use Test::Differences;
+use Data::Dumper;
+use strict;
+
+my $pwd = getcwd() . "/pcap";
+my $files = "(file=$pwd/socks-http-example.pcap||file=$pwd/socks-http-pass.pcap||file=$pwd/socks-https-example.pcap||file=$pwd/socks5-http-302.pcap||file=$pwd/socks5-rdp.pcap||file=$pwd/socks5-reverse.pcap||file=$pwd/socks5-smtp-503.pcap)";
+
+
+    my $json = viewerGet("/spiview.json?date=-1&spi=a1&expression=" . uri_escape("$files&&ip.protocol==tcp"));
+    delete $json->{health};
+    eq_or_diff($json, from_json('{ "iTotalRecords": 141, "spi": { "a1": { "_type": "terms", "missing": 0, "total": 13, "other": 0, "terms": [ { "term": 179608761, "count": 9 }, { "term": 167772161, "count": 2 }, { "term": 167772163, "count": 1 }, { "term": 167772162, "count": 1 } ] } }, "iTotalDisplayRecords": 13, "bsqErr": null }', {relaxed => 1}), "a1 ip.protocol==tcp", { context => 3 });
+
+    my $json = viewerGet("/spiview.json?date=-1&&spi=a1&expression=" . uri_escape("$files&&ip.protocol==blah"));
+    eq_or_diff($json, from_json('{ "spi": {}, "bsqErr": "Unknown protocol string blah" }', {relaxed => 1}), "a1 ip.protocol==blah", { context => 3 });
+
+    my $json = viewerGet("/spiview.json?date=-1&&spi=a1&expression=" . uri_escape("$files&&ip.protocol==[tcp,blah2]"));
+    eq_or_diff($json, from_json('{ "spi": {}, "bsqErr": "Unknown protocol string blah2" }', {relaxed => 1}), "a1 ip.protocol==[tcp,blah2]", { context => 3 });
diff --git a/viewer/molochparser.jison b/viewer/molochparser.jison
@@ -525,10 +525,14 @@ var protocols = {
 global.moloch.ipProtocolLookup = function (text) {
     if (typeof text !== "string") {
         for (var i = 0; i < text.length; i++) {
+            if (!protocols[text[i]] && isNaN(text[i]))
+                throw ("Unknown protocol string " + text);
             text[i] = protocols[text[i]] || +text[i];
         }
         return text;
     } else {
+        if (!protocols[text] && isNaN(text))
+            throw ("Unknown protocol string " + text);
         return protocols[text] || +text;
     }
 };

diff --git a/viewer/molochparser.js b/viewer/molochparser.js
diff --git a/viewer/viewer.js b/viewer/viewer.js
@@ -285,10 +285,22 @@ function fmenum(field) {
 }
 
 function errorString(err, result) {
-  if ((err || result.error).match("IndexMissingException")) {
+  var str;
+  if (err && typeof err === "string") {
+    str = err;
+  } else if (err && typeof err.message === "string") {
+    str = err.message;
+  } else if (result && result.error) {
+    str = result.error;
+  } else {
+    str == "Unknown issue, check logs";
+    console.log(err, result);
+  }
+
+  if (str.match("IndexMissingException")) {
     return "Moloch's Elasticsearch database has no matching session indices for timeframe selected";
   } else {
-    return "Elasticsearch error: " + (err || result.error);
+    return "Elasticsearch error: " + str;
   }
 }