Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Abuse_Finder : pythonwhois dependency tree broken #742

Closed
LetMeR00t opened this issue Apr 10, 2020 · 4 comments
Closed

[Bug] Abuse_Finder : pythonwhois dependency tree broken #742

LetMeR00t opened this issue Apr 10, 2020 · 4 comments
Labels
category:bug Issue is related to a bug

Comments

@LetMeR00t
Copy link
Contributor

LetMeR00t commented Apr 10, 2020
edited
Loading

Describe the bug
With the current version of Abuse_Finder, when we install the requirements, it's downloading pythonwhois == 2.4.3.
However, this version has its dependency tree broken : joepie91/python-whois#151

To Reproduce
Steps to reproduce the behavior:

  1. pip3 install -r requirements.txt (for Abuse_Finder)
  2. Run an analysis over a domain or an IP, you will get this error anytime :

Invalid output
Traceback (most recent call last):
File "/usr/lib/python3.7/sre_parse.py", line 1015, in parse_template
this = chr(ESCAPES[this][1])
KeyError: '\s'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "Abuse_Finder/abusefinder.py", line 9, in
from abuse_finder import domain_abuse, ip_abuse,
File "/usr/local/lib/python3.7/dist-packages/abuse_finder/init.py", line 2, in
from .domain import domain_abuse
File "/usr/local/lib/python3.7/dist-packages/abuse_finder/domain.py", line 3, in
from pythonwhois.net import get_whois_raw
File "/usr/local/lib/python3.7/dist-packages/pythonwhois/init.py", line 1, in
from . import net, parse
File "/usr/local/lib/python3.7/dist-packages/pythonwhois/parse.py", line 363, in
registrant_regexes = [preprocess_regex(regex) for regex in registrant_regexes]
File "/usr/local/lib/python3.7/dist-packages/pythonwhois/parse.py", line 363, in
registrant_regexes = [preprocess_regex(regex) for regex in registrant_regexes]
File "/usr/local/lib/python3.7/dist-packages/pythonwhois/parse.py", line 205, in preprocess_regex
regex = re.sub(r"\s*(?P<([^>]+)>.+)", r"\s*(?P<\1>\S.*)", regex)
File "/usr/lib/python3.7/re.py", line 192, in sub
return _compile(pattern, flags).sub(repl, string, count)
File "/usr/lib/python3.7/re.py", line 309, in _subx
template = _compile_repl(template, pattern)
File "/usr/lib/python3.7/re.py", line 300, in _compile_repl
return sre_parse.parse_template(repl, pattern)
File "/usr/lib/python3.7/sre_parse.py", line 1018, in parse_template
raise s.error('bad escape %s' % this, len(this))
re.error: bad escape \s at position 0

Expected behavior
The analysis should be running normaly

Complementary information
All is given above

Work environment

  • Client and Server OS, type and version
    Description: Ubuntu 19.10 (eoan)
  • Cortex version: 2.1.3-1
  • Cortex Analyzer/Responder name: Abuse_Finder
  • Cortex Analyzer/Responder version: 3.0

Possible solutions
Just add on the requirements.txt the following line : pythonwhois==2.2.2 (last release working)
Thanks to this ongoing PR : #621
@LetMeR00t LetMeR00t added the category:bug Issue is related to a bug label Apr 10, 2020
@dadokkio
Copy link
Contributor

I think there are other issues in that package:

root@08a6398e012a:/opt/Cortex-Analyzers/analyzers/Abuse_Finder# python3
Python 3.5.3 (default, Sep 27 2018, 17:25:39) 
[GCC 6.3.0 20170516] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from abuse_finder import domain_abuse
>>> domain_abuse("www.google.com")
Could not get WHOIS for google.com (name 'unicode' is not defined)
{'names': [], 'value': 'google.com', 'abuse': [], 'raw': ''}
>>> from pythonwhois.net import get_whois_raw
>>> get_whois_raw("www.google.com")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.5/dist-packages/pythonwhois/net.py", line 15, in get_whois_raw
    domain = encode( domain if type(domain) is unicode else decode(domain, "utf8"), "idna" )
NameError: name 'unicode' is not defined
>>>

unicode has been renamed to str in python3

@dadokkio
Copy link
Contributor

In order to use abuse_finder with python3 I had to use the following pull request:

https://github.com/certsocietegenerale/abuse_finder/pull/4/commits/a6b40e924f47e87ff47422c230c6d7cda282bb47

Using the following requirements.

cortexutils
git+https://github.com/garanews/abuse_finder@a6b40e924f47e87ff47422c230c6d7cda282bb47#egg=python-woisabuse_finder
future

@dadokkio dadokkio mentioned this issue Apr 21, 2020
Closed
@garanews
Copy link
Contributor

Hello @LetMeR00t , just merged this PR in abuse_finder .
The analyzer will work, install pythonwhois-alt instead pythonwhois and let me know.

@dadokkio
Copy link
Contributor

dadokkio commented Jun 9, 2020

Closing the issue, feel free to reopen if the issue is not resolved.

@dadokkio dadokkio closed this as completed Jun 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
category:bug Issue is related to a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dadokkio @LetMeR00t @garanews