Rita crashes on import when it encounters a partial IPv4 address

[william-stearns]

When importing zeek logs, if an IPv4 address is only partially written to the log, Rita crashes with the following error:

Example crash:

    [-] Parsing /.../2023-03-07/http_20230307_10:00:00-10:05:00+0000.log.gz -> database_name-rolling

panic: runtime error: slice bounds out of range [:16] with capacity 0

goroutine 330 [running]: github.com/activecm/rita/util.IPv4ToBinary(...) /go/src/github.com/activecm/rita/util/ip.go:133 github.com/activecm/rita/parser.updateHostsByConn({, , }, {, , }, {{0xc00cabaea0, 0xe}, {0x4, {0xdbc8d0, ...}}, ...}, ...) /go/src/github.com/activecm/rita/parser/conn.go:177 +0x6b9 github.com/activecm/rita/parser.parseConnEntry(_, {{0xc000288600, 0x1f, 0x20}, {0x0, 0x0, 0x0}, {0xc00026fe00, 0x8, 0x8}, ...}, ...) /go/src/github.com/activecm/rita/parser/conn.go:56 +0x8a7 github.com/activecm/rita/parser.(FSImporter).parseFiles.func1({0xc000de0300, 0x5, 0x8}, 0xc0002f2a10, 0xc000b1a330, 0x0, 0x8, 0x5) /go/src/github.com/activecm/rita/parser/fsimporter.go:374 +0x93e created by github.com/activecm/rita/parser.(FSImporter).parseFiles /go/src/github.com/activecm/rita/parser/fsimporter.go:324 +0x410

This shows up when importing http, conn, dns, ssl, and conn_log files.  It's not clear whether this is only related to source IP, destination IP, or both.
My best guess is that rita is importing logs that are actively being transferred onto the system, and when it comes time to unzip them the underlying log has not been completely transferred, leading to parsing a partial IPv4 address sometimes.

[william-stearns]

This is part of AC-Hunter 6.3.0, so the rita version would be 4.7.0 .

[lisaSW]

Addressed in #791