Malformed JSON output leads to jq parsing error: "Expected another key-value pair at line X"

prbinu / tls-scan

An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )

https://prbinu.github.io/tls-scan

Other

290 stars 54 forks source link

Malformed JSON output leads to jq parsing error: "Expected another key-value pair at line X" #38

Closed daehee closed 4 years ago

daehee commented 4 years ago

tls-scan outputs a malformed JSON line item, which throws errors when trying to parse the output file with jq.

jq error:

parse error: Expected another key-value pair at line 14607, column 43

Line 14607 in tls-scan output file -- notice ending with , char and missing certificateChain key.

{ "host": "XXX", "ip": "XXX", "port": 443, "elapsedTime": 611, "tlsVersion": "TLSv1.2", "cipher": "ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1", "tempPublicKeyAlg": "DH", "tempPublicKeySize": 2048, "secureRenego": true, "compression": "NONE", "expansion": "NONE", "sessionLifetimeHint": 300, "x509ChainDepth": -1, "verifyCertResult": true, "verifyHostResult": false, "ocspStapled": false, }

prbinu commented 4 years ago

@daehee Can you share the (redacted) tls-scan output?

prbinu commented 4 years ago

@daehee I've made some code changes that is expected to fix this issue.

Please test new binary and confirm. https://github.com/prbinu/tls-scan/releases/tag/1.4.4

daehee commented 4 years ago

@prbinu just tested v1.4.4 and tripping on the same error. See output below:

CleanShot 2020-09-08 at 19 44 45@2x

The tls-scan output file is 456M, but I can email you snippets if it would be helpful.

Another jq parse error are invalid escape patterns \* in the certificate values.

CleanShot 2020-09-08 at 19 52 56@2x

prbinu commented 4 years ago

@daehee Please share the output snippets to prbinu@yahoo.com

prbinu commented 4 years ago

@daehee I've fixed the issue. Please try the new binary: https://github.com/prbinu/tls-scan/releases/tag/1.4.5

daehee commented 4 years ago

@prbinu I just ran another mass scan with tls-scan v1.4.5, and confirming that this latest release did clear those issues reported above.

Another edge case discovered for: Invalid string: control characters from U+0000 through U+001F

CleanShot 2020-09-11 at 19 12 28@2x

prbinu commented 4 years ago

This should fix the issue. I have escaped all control chars. https://github.com/prbinu/tls-scan/releases/tag/1.4.6

daehee commented 4 years ago

@prbinu closing the loop on this issue, this latest 1.4.6 release cleared all errors with jq parse of my sample output file.

prbinu commented 4 years ago

@daehee thanks for confirming!