search

magneticstain / Inquisition

An advanced and versatile open-source network anomaly detection platform
MIT License
8 stars 4 forks source link

Exception Generated When Alert Fails To Be Inserted Into DB #151

Closed magneticstain closed 5 years ago

magneticstain commented 5 years ago

An exception is generated when Revelation tries to insert a new alert into the Inquisition DB, but fails (for any reason). The intention is to rollback the transaction, but the try/catch to implement that fails:

TypeError: catching classes that do not inherit from BaseException is not allowed

This can be traced back to the tr/catch at line 74 in Revelation.py:

            try:
                dbCursor.execute(sql, (alert.alertType, alert.host, alert.srcNode, alert.dstNode, alert.alertDetails,
                                       alert.logData))
                self.inquisitionDbHandle.commit()
                if self.getCfgValue(section='logging', name='verbose', defaultVal=False, dataType=bool):
                    self.lgr.debug(
                        'successfully added alert ' + str(alert) + ' to Inquisition database')
            except Exception as e:
                self.inquisitionDbHandle.rollback()
                self.lgr.critical(
                    'database error when adding new alert ' + str(alert) + ' :: [ ' + str(e) + ' ]')
            finally:
                dbCursor.close()
magneticstain commented 5 years ago

Sentry issue: INQUISITION-4A

magneticstain commented 5 years ago

Looking at the traceback on Sentry, it looks like this was caused by an OperationError exception when Inquisition couldn't access the database. The database is up and running on the dev box I'm working on, and has been for some time. So not sure why it didn't recognize it.

But regardless, we need to fail this gracefully and make sure the error gets logged.

magneticstain commented 5 years ago

err is the name of PyMYSQL's error library; instead of listing that, we should specify the exception we're expecting. Similar to https://github.com/magneticstain/Inquisition/blob/master/lib/inquisit/Inquisit.py#L63 .

The pymysql code specifically lists unexpected disconnect from the database as a condition that would throw a OpertionalError. https://github.com/PyMySQL/PyMySQL/blob/master/pymysql/err.py#L36

Exception raised for errors that are related to the operation and not necessarily under the control of the programmer, e.g. an unexpected disconnect occurs, the data source name is not found, a transaction could not be processed, a memory allocation error occurred during processing, etc.