Skip to content
This repository has been archived by the owner on Oct 5, 2019. It is now read-only.

"ValueError: Invalid IPv6 URL" when running the analyze filter #5

Closed
jjsendor opened this issue Dec 17, 2015 · 1 comment
Closed

"ValueError: Invalid IPv6 URL" when running the analyze filter #5

jjsendor opened this issue Dec 17, 2015 · 1 comment

Comments

@jjsendor
Copy link
Contributor

Migrated from Yelp/osxcollector#97

I have got the ValueError: Invalid IPv6 URL when running the analyze filter for a certain file path:

$ cat ../INCIDENT-28-2015_07_27-10_56_02.json | python -m osxcollector.output_filters.analyze -f '/Users/jdoe/Downloads/some_malware_file'
Traceback (most recent call last):
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/Users/jsendor/Documents/osxcollector/osxcollector/output_filters/analyze.py", line 453, in <module>
    main()
  File "/Users/jsendor/Documents/osxcollector/osxcollector/output_filters/analyze.py", line 449, in main
    run_filter_main(AnalyzeFilter)
  File "osxcollector/output_filters/base_filters/output_filter.py", line 142, in run_filter_main
    _run_filter(output_filter)
  File "osxcollector/output_filters/base_filters/output_filter.py", line 109, in _run_filter
    blob = output_filter.filter_line(blob)
  File "osxcollector/output_filters/base_filters/chain.py", line 48, in filter_line
    return self._on_filter_line(blob, self._head_of_chain)
  File "osxcollector/output_filters/base_filters/chain.py", line 61, in _on_filter_line
    return self._on_filter_line(link.filter_line(blob), link._next_link)
  File "osxcollector/output_filters/base_filters/chain.py", line 61, in _on_filter_line
    return self._on_filter_line(link.filter_line(blob), link._next_link)
  File "osxcollector/output_filters/base_filters/chain.py", line 61, in _on_filter_line
    return self._on_filter_line(link.filter_line(blob), link._next_link)
  File "osxcollector/output_filters/find_domains.py", line 33, in filter_line
    self._look_for_domains(blob)
  File "osxcollector/output_filters/find_domains.py", line 63, in _look_for_domains
    self._look_for_domains(elem, key)
  File "osxcollector/output_filters/find_domains.py", line 56, in _look_for_domains
    domain = self._url_to_domain(maybe_url)
  File "osxcollector/output_filters/find_domains.py", line 79, in _url_to_domain
    split_url = urlsplit(url)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urlparse.py", line 213, in urlsplit
    raise ValueError("Invalid IPv6 URL")
ValueError: Invalid IPv6 URL

I am quite sure the problem is with some URL in the OSXCollector output file.

It seems that the error is caused by a URL with trailing ] character, as in:

https://example.com]
@jjsendor jjsendor mentioned this issue Dec 17, 2015
Closed
@jjsendor jjsendor mentioned this issue Mar 31, 2016
Closed
@jjsendor
Copy link
Contributor Author

This is caused by any string that although looks like it should be a URL (e.g. starts with http or https) it really isn't. In that case the exception should be caught and simply ignored, returning None from the _url_to_domain method.

@jjsendor jjsendor mentioned this issue Mar 31, 2016
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jjsendor