Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parsing logs fails with "runtime error: makeslice: len out of range" v4.6.0 #750

Closed
jnimmo opened this issue Aug 31, 2022 · 3 comments
Closed

Parsing logs fails with "runtime error: makeslice: len out of range" v4.6.0 #750

jnimmo opened this issue Aug 31, 2022 · 3 comments

Comments

@jnimmo
Copy link

jnimmo commented Aug 31, 2022

Hi team,
Running RITA 4.6.0 on a fresh SO 2.3.150 installation and experiencing the following error

       [-] Finished parsing logs in 566ms
        [-] Host Analysis:            465 / 465  [==================] 100 %
        [-] Host Aggregation:         14 / 14  [==================] 100 %
        [-] Unique Connection Analysis: 1055 / 1055  [==================] 100 %
        [-] Unique Connection Aggregation: 14 / 14  [==================] 100 %
        [-] Uconn Proxy Analysis:     7 / 7  [==================] 100 %
        [-] SNI Connection Analysis:  691 / 691  [==================] 100 %
        [!] No DNS data to analyze
        [!] No Hostname data to analyze
        [-] Beacon Analysis:          1055 / 1055  [==================] 100 %
        [-] Beacon Aggregation:       14 / 14  [==================] 100 %
        [-] Gathering FQDNs for Beacon Analysis ...     [                    ] 
        [-] FQDN Beacon Analysis:     366 / 366  [==================] 100 %
        [-] FQDN Beacon Aggregation:  14 / 14  [==================] 100 %
panic: runtime error: makeslice: len out of range

goroutine 1428 [running]:
github.com/activecm/rita/pkg/beaconproxy.(*analyzer).start.func1()
        /go/src/github.com/activecm/rita/pkg/beaconproxy/analyzer.go:109 +0x44e
created by github.com/activecm/rita/pkg/beaconproxy.(*analyzer).start
        /go/src/github.com/activecm/rita/pkg/beaconproxy/analyzer.go:66 +0x6f
panic: runtime error: makeslice: len out of range
@Zalgo2462
Copy link
Contributor

Thank you for your bug report. We have begun tracking down the issue using the info in your report.

Version 4.6.0 is currently in pre-release. We recommend using version 4.5.1 for any meaningful work at this time.

The error appears to be stemming from
https://github.com/activecm/rita/blob/5383a55c629fb9b6997b127fd671b784f8388f30/pkg/beaconproxy/analyzer.go#L107

In this line, we assume len(entry.TsListFull) is positive. In this error case, we can see that len(entry.TsListFull) must be 0. So, there is either a bug in the code which gathers these timestamps in the proxy beacons module or we are missing a filter which would have prevented this code from executing.

@Zalgo2462
Copy link
Contributor

@jnimmo Please replace your existing copy of RITA v4.6.0 with a fresh copy from the v4.6.0 pre-release page and try importing your data once again.

It appears that this issue was resolved in PR #749 5 days ago, but the rita binary on the pre-release page was not updated afterwards.

@jnimmo
Copy link
Author

jnimmo commented Sep 1, 2022

Fantastic thanks for the quick response! That's solved it now :)

@jnimmo jnimmo closed this as completed Sep 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jnimmo @Zalgo2462