Merge pull request #37 from FCG-LLC/fix/release

Fix: - Lack of Authorization header for /api/v1/status raise Exception - Lack of masscan output freeze Aucote
FCG-LLC · Mar 8, 2017 · a82a947 · a82a947
2 parents d3cec7d + 6c3c788
commit a82a947
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 9 deletions.
diff --git a/api/handler.py b/api/handler.py
@@ -38,13 +38,15 @@ def auth(handler_class):
 
         """
         MAX_PASSWORD_HEADER_LENGTH = 80
+        BEARER_START = 'Bearer '
 
         def wrap_execute(handler_execute):
             def require_auth(handler, *args, **kwargs):
                 auth_header = handler.request.headers.get('Authorization')
 
-                if len(auth_header) < MAX_PASSWORD_HEADER_LENGTH and auth_header.startswith('Bearer '):
-                    password = auth_header.split('Bearer ')[1]
+                if auth_header is not None and len(auth_header) < MAX_PASSWORD_HEADER_LENGTH \
+                        and auth_header.startswith(BEARER_START):
+                    password = auth_header[len(BEARER_START):]
                     password_hash = hashlib.sha512(password.encode()).hexdigest()
                     correct = cfg.get('service.api.password')
 

diff --git a/tests/test_api/test_kill_handler.py b/tests/test_api/test_kill_handler.py
@@ -43,3 +43,8 @@ def test_bad_password(self, cfg):
         result = self.fetch('/', method='POST', headers={'Authorization': 'Bearer testt'}, body='')
         self.assertFalse(self.aucote.kill.called)
         self.assertEqual(result.code, 401)
+
+    def test_no_header(self):
+        result = self.fetch('/', method='POST', headers={}, body='')
+        self.assertFalse(self.aucote.kill.called)
+        self.assertEqual(result.code, 401)
diff --git a/tests/test_utils/test_async_task_manager.py b/tests/test_utils/test_async_task_manager.py
@@ -107,3 +107,14 @@ def test_add_crontab_task(self):
         self.assertIn('test_name', self.task_manager.run_tasks.keys())
         self.assertIsInstance(self.task_manager._cron_tasks.get('test_name'), CronTabCallback)
         self.assertFalse(self.task_manager.run_tasks.get('test_name'))
+
+    @gen_test
+    def test_decorator_with_exception(self):
+        @AsyncTaskManager.unique_task
+        @gen.coroutine
+        def task_1():
+            self.task_1()
+            raise Exception
+
+        yield task_1()
+        self.task_1.assert_called_once_with()
diff --git a/tools/common/parsers.py b/tools/common/parsers.py
@@ -5,6 +5,7 @@
 from xml.etree import ElementTree
 
 from utils.exceptions import NonXMLOutputException
+import logging as log
 
 
 class Parser(object):
@@ -44,9 +45,11 @@ def parse(cls, output):
             ElementTree.Element|None
 
         """
+        if not output:
+            log.warning("No output data for parsing")
+            raise NonXMLOutputException()
+
         try:
-            if not output:
-                raise NonXMLOutputException()
             return ElementTree.fromstring(output)
         except ElementTree.ParseError:
             raise NonXMLOutputException()
diff --git a/utils/async_task_manager.py b/utils/async_task_manager.py
@@ -8,6 +8,7 @@
 from tornado.ioloop import IOLoop
 from tornado.locks import Event
 from tornado_crontab import CronTabCallback
+import logging as log
 
 
 class AsyncTaskManager(object):
@@ -102,8 +103,10 @@ def return_function(*args, **kwargs):
                 return
 
             cls._instance.run_tasks[function.__name__] = True
-
-            yield function(*args, **kwargs)
+            try:
+                yield function(*args, **kwargs)
+            except Exception:
+                log.exception("Exception while running %s", function.__name__)
 
             cls._instance.run_tasks[function.__name__] = False
 

diff --git a/utils/exceptions.py b/utils/exceptions.py
@@ -3,14 +3,15 @@
 
 """
 
-class NonXMLOutputException(BaseException):
+
+class NonXMLOutputException(Exception):
     """
     Raise if output should be xml but it isn't
 
     """
 
 
-class HydraPortMismatchException(BaseException):
+class HydraPortMismatchException(Exception):
     """
     Raise if port number from output is different than expected
 
@@ -23,6 +24,7 @@ class NmapUnsupported(NameError):
 
     """
 
+
 class ServiceUnsupportedByNmapException(NmapUnsupported):
     """
     Raise if service name does not exist in nmap services file
@@ -51,7 +53,7 @@ class PortRangeUnsupported(NmapUnsupported):
     """
 
 
-class TopdisConnectionException(BaseException):
+class TopdisConnectionException(Exception):
     """
     Raises if topdis connection error occurred