In this issue, we address the MISP module server’s inability to effectively handle events exceeding 100MB in size. The root cause lies in a limitation within the HTTPServerobject from the Tornado Python framework. Specifically, the max_buffer_sizeparameter defaults to 100MB, which restricts the server’s ability to process large events efficiently.
Steps to Reproduce:
Create a MISP event with a size greater than 100MB.
Develop an action Python module.
Set up a workflow for the publish trigger.
Insert the action module into the workflow.
Publish the event.
Expected Result: The Python action module should execute successfully, processing the event regardless of its size.
Actual Result: Due to the default max_buffer_size limitation, the Python action module fails to execute when handling events larger than 100MB.
Proposed Solution: To address this issue, modify the misp_modules/__init__.py file at line 301 within the MISP module server codebase. Replace the existing line:
In this issue, we address the MISP module server’s inability to effectively handle events exceeding 100MB in size. The root cause lies in a limitation within the
HTTPServer
object from the Tornado Python framework. Specifically, themax_buffer_size
parameter defaults to 100MB, which restricts the server’s ability to process large events efficiently.Steps to Reproduce:
Expected Result: The Python action module should execute successfully, processing the event regardless of its size.
Actual Result: Due to the default max_buffer_size limitation, the Python action module fails to execute when handling events larger than 100MB.
Proposed Solution: To address this issue, modify the
misp_modules/__init__.py
file at line 301 within the MISP module server codebase. Replace the existing line:application.listen(args.port, address=args.listen)
This change increases the buffer size limit to 1GB, allowing the MISP module server to handle larger events effectively.