Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PIL.UnidentifiedImageError (Empty image file) #412

Closed
0xdade opened this issue Aug 6, 2020 · 1 comment · Fixed by #422
Closed

PIL.UnidentifiedImageError (Empty image file) #412

0xdade opened this issue Aug 6, 2020 · 1 comment · Fixed by #422
Labels
agent affecting natlas-agent bug Something isn't working server affecting natlas-server

Comments

@0xdade
Copy link
Member

0xdade commented Aug 6, 2020

Version:
943b660

Describe the bug
There appears to be a scenario where the agent will take screenshots and pass along an empty file to the server. The server does a base64 decode and saves the results to a file and then tries to create a thumbnail based on the now-saved file. PIL reads an empty file and says "woah buddy this doesn't look like an image to me" and natlas throws an exception and doesn't save the document as a result.

To Reproduce
Steps to reproduce the behavior:

  1. It's unclear to me exactly what is leading aquatone to produce an empty screenshot file at this time
  2. Mock a submission with an empty screenshot and watch the fireworks

Expected behavior
If a file is empty, the agent shouldn't count it as a valid screenshot. If a file is empty, the server shouldn't count it as a valid screenshot, and it shouldn't attempt to do image manipulation on it.

Screenshots / Logs

[2020-07-25 00:22:59,784] ERROR in app: Exception on /api/submit [POST]
Traceback (most recent call last):
  File "/.venv/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/.venv/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/.venv/lib/python3.8/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/.venv/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/.venv/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/.venv/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/opt/natlas/natlas-server/app/auth/wrappers.py", line 49, in decorated_function
    return f(*args, **kwargs)
  File "/opt/natlas/natlas-server/app/api/routes.py", line 187, in submit
    newhost["screenshots"], newhost["num_screenshots"] = process_screenshots(
  File "/opt/natlas/natlas-server/app/api/processing/screenshot.py", line 52, in process_screenshots
    item["thumb_hash"] = create_thumbnail(fname, file_ext)
  File "/opt/natlas/natlas-server/app/api/processing/screenshot.py", line 10, in create_thumbnail
    thumb = Image.open(fname)
  File "/.venv/lib/python3.8/site-packages/PIL/Image.py", line 2895, in open
    raise UnidentifiedImageError(
PIL.UnidentifiedImageError: cannot identify image file '/data/media/original/e3/b0/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.png'
@0xdade 0xdade added bug Something isn't working server affecting natlas-server agent affecting natlas-agent labels Aug 6, 2020
@tw-sentry-io
Copy link

tw-sentry-io bot commented Aug 12, 2020

Sentry issue: NATLAS-SERVER-13

0xdade referenced this issue in 0xdade/natlas Aug 13, 2020
@0xdade
Fix: Image verification on agent and server
e91446e 
This closes #412 by implementing agent side image validation before including the image in the scan results. The server also makes use of a similar function to validate that an image is valid before saving it.
0xdade referenced this issue in 0xdade/natlas Aug 13, 2020
@0xdade
Fix: Image verification on agent and server
9e3611c 
This closes #412 by implementing agent side image validation before including the image in the scan results. The server also makes use of a similar function to validate that an image is valid before saving it.
@0xdade 0xdade mentioned this issue Aug 13, 2020
Merged
0xdade referenced this issue in 0xdade/natlas Aug 13, 2020
@0xdade
Fix: Image verification on agent and server
47e86de 
This closes #412 by implementing agent side image validation before including the image in the scan results. The server also makes use of a similar function to validate that an image is valid before saving it.
0xdade referenced this issue in 0xdade/natlas Aug 13, 2020
@0xdade
Fix: Image verification on agent and server
2ce7543 
This closes #412 by implementing agent side image validation before including the image in the scan results. The server also makes use of a similar function to validate that an image is valid before saving it.
0xdade added a commit that referenced this issue Aug 15, 2020
@0xdade
Fix: Image verification on agent and server (#422)
05a9d52 
* Fix: Image verification on agent and server

This closes #412 by implementing agent side image validation before including the image in the scan results. The server also makes use of a similar function to validate that an image is valid before saving it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
agent affecting natlas-agent bug Something isn't working server affecting natlas-server
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: Image verification on agent and server 0xdade/natlas
1 participant
@0xdade