Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PostgreSQL Output: Issue with Nullbytes in JSON-Data #2203

Closed
wagner-intevation opened this issue Jul 4, 2022 · 0 comments · Fixed by #2223
Closed

PostgreSQL Output: Issue with Nullbytes in JSON-Data #2203

wagner-intevation opened this issue Jul 4, 2022 · 0 comments · Fixed by #2223
Assignees
@wagner-intevation
Labels
bug Indicates an unexpected problem or unintended behavior component: bots
Milestone
3.1.0

Comments

@wagner-intevation
Copy link
Contributor

wagner-intevation commented Jul 4, 2022
edited
Loading

Nullbytes in JSON-Data (in the field extra) can cause troubles:

psycopg2.errors.UntranslatableCharacter: unsupported Unicode escape sequence
DETAIL:  \\u0000 cannot be converted to text.
CONTEXT:  JSON data, line 1: ....0\"}, \"malware\": \"Conficker\", \"payload\": {\"text\":...
PL/pgSQL function directives_from_extra(bigint,json) line 5 during statement block local variable initialization
SQL statement \"SELECT directives_from_extra(NEW.id, NEW.extra)\"
PL/pgSQL function events_insert_directives_for_row() line 3 at PERFORM"

A problematic extra-value can look like:

'{"payload": {"text": "M41\u0012)3U>\bxӾ6\u0000\u0013M6M6M4M4]4y]4ӭ4"}}'

Source: Microsoft CTIP

While the json type in postgres allows (encoded) Nullbytes in principle, some systems have a problem with that. I have not found out yet, what causes some Postgres-Systems to throw an error here, while others work.
Tested with PostgreSQL 14.4. Works fine on e.g. openSUSE Tumbleweed, but not on Ubuntu 20.04 with Postgres-APT-Repo. But the latter is a target plattform of IntelMQ, so IntelMQ should be compatible with it.

The only solution I see is to escape the Nullbytes in the SQL Output for Postgres (SQLite does not have an issue with these characters).
Working on it.
@sebix sebix added bug Indicates an unexpected problem or unintended behavior component: bots labels Jul 4, 2022
@sebix sebix added this to the 3.1.0 milestone Jul 4, 2022
sebix pushed a commit that referenced this issue Jul 25, 2022
@wagner-intevation
postgresql output: escape all null bytes
bcfc2c0 
while null bytes (`\0`, not SQL "NULL") in TEXT and JSON/JSONB fields are valid, data containing null bytes can cause troubles in some combinations of clients, servers and each settings.
To prevent unhandled errors, and data which can't be inserted into the database, all null bytes are escaped

fixes #2203
@wagner-intevation wagner-intevation mentioned this issue Jul 25, 2022
Merged
sebix pushed a commit that referenced this issue Jul 25, 2022
@wagner-intevation
postgresql output: escape all null bytes
c75c21d 
while null bytes (`\0`, not SQL "NULL") in TEXT and JSON/JSONB fields are valid, data containing null bytes can cause troubles in some combinations of clients, servers and each settings.
To prevent unhandled errors, and data which can't be inserted into the database, all null bytes are escaped

fixes #2203
sebix pushed a commit that referenced this issue Jul 25, 2022
@wagner-intevation
postgresql output: escape all null bytes
09c75d1 
while null bytes (`\0`, not SQL "NULL") in TEXT and JSON/JSONB fields are valid, data containing null bytes can cause troubles in some combinations of clients, servers and each settings.
To prevent unhandled errors, and data which can't be inserted into the database, all null bytes are escaped

fixes #2203
sebix pushed a commit that referenced this issue Jul 25, 2022
@wagner-intevation
postgresql output: escape all null bytes
bbc3c91 
while null bytes (`\0`, not SQL "NULL") in TEXT and JSON/JSONB fields are valid, data containing null bytes can cause troubles in some combinations of clients, servers and each settings.
To prevent unhandled errors, and data which can't be inserted into the database, all null bytes are escaped

fixes #2203
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wagner-intevation wagner-intevation

Labels
bug Indicates an unexpected problem or unintended behavior component: bots
Projects
None yet
Milestone
3.1.0
Development

Successfully merging a pull request may close this issue.

postgresql output: escape all null bytes certtools/intelmq
2 participants
@sebix @wagner-intevation