Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OpenPortCollector does not work under all circumstances on Ubuntu

See original GitHub issue

Describe the bug There are certain cases when the OpenPortCollector will fail parsing the output of ss. The issue arises when there’s only a single space separating the data of two columns. For me it’s the data of the State and the Recv-Q columns. I don’t know whether it can happen with other columns too, the formatting logic of ss is quite unclear. It actually seems to be affected by the terminal width too, at least when there’s a tty attached, so it’s even more uncertain what the ASA app “sees”.

Partial example from an effectively empty Ubuntu 22.04 VM:

# ss -lnp | head
Netid State  Recv-Q Send-Q                              Local Address:Port        Peer Address:PortProcess                                                          
nl    UNCONN 0      0                                               0:530                     *                                                                     
nl    UNCONN 0      0                                               0:1559                    *                                                                     
nl    UNCONN 0      0                                               0:0                       *                                                                     
nl    UNCONN 0      0                                               0:1                       *                                                                     
nl    UNCONN 0      0                                               0:1559                    *                                                                     
nl    UNCONN 0      0                                               0:530                     *                                                                     
nl    UNCONN 0      0                                               0:1                       *                                                                     
nl    UNCONN 4352   0                                               4:5054                    *                                                                     
nl    UNCONN 768    0                                               4:0                       *

This will break the parsing of the lines, I believe here, where it’s expected that the column data is separated by at least 2 spaces.

To Reproduce Reproduction is not trivial, as the output formatting of ss depends on a lot of not-so-well-known factors (see above).

Expected behavior Detection of open ports should work even if ss columns are only separated by a single space.

System Configuration

root@ubuntu:~/ASA# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu Jammy Jellyfish (development branch)
Release:	22.04
Codename:	jammy
root@ubuntu:~/ASA# uname -a
Linux ubuntu 5.15.0-25-generic #25-Ubuntu SMP Wed Mar 30 15:54:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu:~/ASA# ./Asa --version
[13:17:49 INF] AttackSurfaceAnalyzer v.2.3.277+40072595ef
Asa 2.3.277+40072595ef

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:10 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
gfscommented, May 2, 2022

Thank you for rechecking. I can merge another fix with the proposed Regex today.

1reaction
lpeter91commented, May 2, 2022

Thank you! I checked the fix, and it does seem to fix the original issue, but I think it accidentally broke process/PID extraction for some cases. Simple example:

# Start a webserver
# python -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

# Check `ss` output in different terminal
# ss -lnp | grep 8000
tcp   LISTEN 0      5                                                                      0.0.0.0:8000             0.0.0.0:*    users:(("python",pid=21611,fd=3))

Now this doesn’t fully match the current regex (does not produce 10 groups), basically due to the second :.

Going with the current approach the smallest diff fix is probably using the following slightly modified regex (not string-escaped): ^([\S]+)\s+([\S]+)\s+([\S]+)\s+([\S]+)\s+([\S]+)[\s:]([\S]+)\s+([\S]+)(?:([\s:]([\S]+))?\s+([\S]+))?\s*$

I tested it (only the regex, not the whole app) on a larger real example, which I attached here (should have than this earlier, sorry): ss.txt

Also seems to be working with my earlier examples.

Read more comments on GitHub >

github_iconTop Results From Across the Web

More about Snap Issues - Desktop - Ubuntu Community Hub
Me, I'm going to set aside time to find out how to set up the non-snap versions of every snap that doesn't work...
Read more >
Incoming connections to Ubuntu 22.04 seems broken in ...
I have TeamViewer 15.30.3 installed on Ubuntu 22.04 and I'm not able to connect to it using another computer.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[SARIF EXPORT]: Crash on export-collect: Unhandled exception. System.InvalidCastException: Unable to cast object of type 'System.Collections.Concurrent.ConcurrentBag`1[Microsoft.CST.AttackSurfaceAnalyzer.Objects.CompareResult]' to type 'System.Collections.Generic.List`1[Microsoft.CST.AttackSurfaceAnalyzer.Objects.CompareResult]'.

Next page

Crash when doing analysis