Thanks for creating an issue! But first: did you read our community guidelines?
https://cuckoo.sh/docs/introduction/community.html
My issue is: linux STAP parsing error (not actually error, but just mongodb key issue)
My Cuckoo version and operating system are:
cuckoo: Cuckoo 2.0.7
os: Ubuntu 18.04
guest: Ubuntu 18.04
This can be reproduced by:
while processing reporting module mongodb.py, when 'specific logs' come out.
The log, error, files etc can be found at:
part of stap logs:
Tue Jul 21 07:38:30 2020.301949 Cache2 I/O@7fd936dc94ea[1446] quotactl(Q_GETQUOTA|USRQUOTA, "ext4", 1000, {dqb_bhardlimit=3547209367405213234, dqb_bsoftlimit=3204155142452555552, dqb_curspace=7308613718863799666, dqb_ihardlimit=4207599493805798176, dqb_isoftlimit=3779778362997547057, ...}) = -13 (EACCES)
when it parsed as process call:
{
"status": "EACCES",
"raw": "Tue Jul 21 07:38:30 2020.301949 Cache2 I/O@7fd936dc94ea[1446] quotactl(Q_GETQUOTA|USRQUOTA, \"ext4\", 1000, {dqb_bhardlimit=3547209367405213234, dqb_bsoftlimit=3204155142452555552, dqb_curspace=7308613718863799666, dqb_ihardlimit=4207599493805798176, dqb_isoftlimit=3779778362997547057, ...}) = -13 (EACCES)\n",
"api": "quotactl",
"return_value": "-13",
"instruction_pointer": "7fd936dc94ea",
"time": {
"$date": 1595317110301
},
"process_name": "Cache2 I/O",
"pid": 1446,
"arguments": {
"p2": "1000",
"p3": {
"...": "",
"dqb_ihardlimit": "4207599493805798176",
"dqb_bhardlimit": "3547209367405213234",
"dqb_curspace": "7308613718863799666",
"dqb_bsoftlimit": "3204155142452555552",
"dqb_isoftlimit": "3779778362997547057"
},
"p0": "Q_GETQUOTA|USRQUOTA",
"p1": "ext4"
}
},
logs:
2020-07-22 14:08:19,743 [cuckoo.core.plugins] ERROR: Failed to run the reporting module: MongoDB
Traceback (most recent call last):
File "/home/cuckoo/Desktop/207/local/lib/python2.7/site-packages/cuckoo/core/plugins.py", line 659, in process
current.run(self.results)
File "/home/cuckoo/Desktop/207/local/lib/python2.7/site-packages/cuckoo/reporting/mongodb.py", line 225, in run
chunk_id = self.db.calls.insert(to_insert)
File "/home/cuckoo/Desktop/207/local/lib/python2.7/site-packages/pymongo/collection.py", line 1926, in insert
check_keys, manipulate, write_concern)
File "/home/cuckoo/Desktop/207/local/lib/python2.7/site-packages/pymongo/collection.py", line 430, in _insert
gen(), check_keys, self.codec_options, sock_info)
InvalidDocument: key '...' must not contain '.'
the problem is:
"arguments": {
"p2": "1000",
"p3": {
"...": "",
"dqb_ihardlimit": "4207599493805798176",
"dqb_bhardlimit": "3547209367405213234",
"dqb_curspace": "7308613718863799666",
"dqb_bsoftlimit": "3204155142452555552",
"dqb_isoftlimit": "3779778362997547057"
},
"...":"" is produced while parsing arguments of stap logs.
and it comes to mongodb, InvalidDocument: key '...' must not contain '.' is coming out
to solve this:
i think the arguments "..." is not important, so
cuckoo - processing.platform.linux.py
def parse_struct(self, argstr):
# Return as regular array if elements aren't named.
if "=" not in argstr:
return self.parse_array(argstr.lstrip("{"))
# Return as dict, parse value as array and struct when appropriate.
parsed = {}
arg = argstr.lstrip("{")
while arg:
key, _, arg = arg.partition("=")
"""this part"""
if key == "...":
continue
delim = self.get_delim(arg)
if delim != ", ":
delim += ", "
val, _, arg = arg.partition(delim)
parsed[key] = self.parse_arg(val)
return parsedor
def parse_struct(self, argstr):
# Return as regular array if elements aren't named.
if "=" not in argstr:
return self.parse_array(argstr.lstrip("{"))
# Return as dict, parse value as array and struct when appropriate.
parsed = {}
arg = argstr.lstrip("{")
while arg:
key, _, arg = arg.partition("=")
"""this part"""
if not arg:
continue
delim = self.get_delim(arg)
if delim != ", ":
delim += ", "
val, _, arg = arg.partition(delim)
parsed[key] = self.parse_arg(val)
return parsedthank you
Thanks for creating an issue! But first: did you read our community guidelines?
https://cuckoo.sh/docs/introduction/community.html
My issue is: linux STAP parsing error (not actually error, but just mongodb key issue)
My Cuckoo version and operating system are:
cuckoo: Cuckoo 2.0.7
os: Ubuntu 18.04
guest: Ubuntu 18.04
This can be reproduced by:
while processing reporting module mongodb.py, when 'specific logs' come out.
The log, error, files etc can be found at:
part of stap logs:
Tue Jul 21 07:38:30 2020.301949 Cache2 I/O@7fd936dc94ea[1446] quotactl(Q_GETQUOTA|USRQUOTA, "ext4", 1000, {dqb_bhardlimit=3547209367405213234, dqb_bsoftlimit=3204155142452555552, dqb_curspace=7308613718863799666, dqb_ihardlimit=4207599493805798176, dqb_isoftlimit=3779778362997547057, ...}) = -13 (EACCES)
when it parsed as process call:
logs:
2020-07-22 14:08:19,743 [cuckoo.core.plugins] ERROR: Failed to run the reporting module: MongoDB
Traceback (most recent call last):
File "/home/cuckoo/Desktop/207/local/lib/python2.7/site-packages/cuckoo/core/plugins.py", line 659, in process
current.run(self.results)
File "/home/cuckoo/Desktop/207/local/lib/python2.7/site-packages/cuckoo/reporting/mongodb.py", line 225, in run
chunk_id = self.db.calls.insert(to_insert)
File "/home/cuckoo/Desktop/207/local/lib/python2.7/site-packages/pymongo/collection.py", line 1926, in insert
check_keys, manipulate, write_concern)
File "/home/cuckoo/Desktop/207/local/lib/python2.7/site-packages/pymongo/collection.py", line 430, in _insert
gen(), check_keys, self.codec_options, sock_info)
InvalidDocument: key '...' must not contain '.'
the problem is:
"...":"" is produced while parsing arguments of stap logs.
and it comes to mongodb, InvalidDocument: key '...' must not contain '.' is coming out
to solve this:
i think the arguments "..." is not important, so
cuckoo - processing.platform.linux.py
or
thank you