target / strelka

Real-time, container-based file scanning at enterprise scale
Other
882 stars 116 forks source link

[BUG] ScanRar Emits Exception on Password-Protected Archives #441

Closed ryanohoro closed 8 months ago

ryanohoro commented 8 months ago

Describe the bug

{
  "elapsed": 0.003019,
  "exception": "Traceback (most recent call last):\n\n  File \"/strelka/strelka.py\", line 769, in scan_wrapper\n    self.scan(data, file, options, expire_at)\n\n  File \"/strelka/scanners/scan_rar.py\", line 79, in scan\n    data = rar_obj.open(\n\nTypeError: RarFile.open() got an unexpected keyword argument 'psw'\n",
  "flags": [
    "password_protected",
    "uncaught_exception"
  ],
  "host_os": "RAR_OS_WIN32",
  "total": {
    "extracted": 0,
    "files": 1
  }
}

Environment details

Steps to reproduce Steps to reproduce the behavior:

  1. Upload a password-protected RAR archive created by WinRAR
  2. Observe ScanRar output contains an "uncaught exception"

Expected behavior

ScanRar should note that the archive is password protected and gracefully catch the exception

Release

ryanohoro commented 8 months ago

Root of this problem was that the password parameter name Strelka was using for python rarfile did not match the parameter name in the module.

https://github.com/target/strelka/blob/227f7b6b455c02ea97a9dc906554923862d32daf/src/python/strelka/scanners/scan_rar.py#L79-L83

https://python-unrar.readthedocs.io/en/v0.3/rarfile.html#rarfile.RarFile.open

This was a result of a breaking change introduced in rarfile 4 (2020-07-31)

rarfile