Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore errors when parsing text-based forensic reports #460

Merged
merged 1 commit into from Feb 19, 2024
Merged

Ignore errors when parsing text-based forensic reports #460

merged 1 commit into from Feb 19, 2024

Conversation

bendem
Copy link
Contributor

@bendem bendem commented Jan 15, 2024
edited

Starting 8.2.0, parsedmarc crashes instead of ignoring some invalid reports.

In my case, this was due to dmarc reports being forwarded to a mailing list and the content being wrapped (thus received-date header was mangled/missing).

I first tried to unwrap the payload, but that's too finicky.

The original change was introduced in abf9695.

An example of failure I got recently:

Traceback (most recent call last):
  File "/home/demarteaub/.local/bin/parsedmarc", line 8, in <module>
    sys.exit(_main())
             ^^^^^^^
  File "/home/demarteaub/.local/pipx/venvs/parsedmarc/lib64/python3.11/site-packages/parsedmarc/cli.py", line 933, in _main
    reports = get_dmarc_reports_from_mbox(mbox_path,
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/demarteaub/.local/pipx/venvs/parsedmarc/lib64/python3.11/site-packages/parsedmarc/__init__.py", line 1032, in get_dmarc_reports_from_mbox
    parsed_email = parse_report_email(msg_content,
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/demarteaub/.local/pipx/venvs/parsedmarc/lib64/python3.11/site-packages/parsedmarc/__init__.py", line 869, in parse_report_email
    raise e
  File "/home/demarteaub/.local/pipx/venvs/parsedmarc/lib64/python3.11/site-packages/parsedmarc/__init__.py", line 865, in parse_report_email
    "".format(fields["received-date"],
              ~~~~~~^^^^^^^^^^^^^^^^^
KeyError: 'received-date'

content of fields variable:

{'sender-domain': 'liege.be Sender IP Address: 40.107.6.95 Receiv=', 'ed-date': 'Wed, 16 Aug 2023 09:11:18 +0200 SPF Alignment: no DKIM Alignment: =', 'no-dmarc-results': 'Quarantine ------ This is a copy of the headers that were='}

@bendem
Ignore errors when parsing text-based forensic reports
3a85724 
Starting 8.2.0, parsedmarc crashes instead of ignoring some invalid reports.

The original change was introduced in abf9695.
@seanthegeek seanthegeek merged commit fc49f7f into domainaware:master Feb 19, 2024
seanthegeek added a commit that referenced this pull request Feb 20, 2024
@seanthegeek
8.7.0
77132b3 
- Add support for SMTP TLS reports (PR #453 closes issue #71)
- Do not replace content in forensic samples (fix #403)
- Pin `msgraph-core` dependency at version `0.2.2` until Microsoft provides better documentation (PR #466 Close [#464](#464))
- Properly handle base64-encoded email attachments (PR #453)
- Do not crash when attempting to parse invalid email content (PR #453)
- Ignore errors when parsing text-based forensic reports (PR #460)
- Add email date to email processing debug logs (PR #462)
- Set default batch size to 10 to match the documentation (PR #465)
- Properly handle none values (PR #468)
- Add Gmail pagination (PR #469)
- Use the correct `msgraph` scope (PR #471)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bendem @seanthegeek