IntelOwl icon indicating copy to clipboard operation
IntelOwl copied to clipboard
verified publisher icon intelowlproject

fix: make Quad9 analyzers and YARA updater resilient to network errors

Open srijan2607 opened this issue 3 weeks ago • 2 comments

Description

This PR addresses CI test failures caused by network-related errors in the test environment. The CI environment may not have outbound network access, causing tests to fail when analyzers try to contact external services.

Changes

Quad9 DNS Resolver (quad9_dns_resolver.py):

  • Use httpx.Client as a context manager to prevent resource leaks
  • Catch httpx.ConnectError, httpx.RequestError, and httpx.HTTPStatusError
  • Return empty resolution result instead of raising exceptions when network is unavailable
  • Add proper debug/warning logging for failed attempts

Quad9 Malicious Detector (quad9_malicious_detector.py):

  • Use httpx.Client as a context manager
  • Catch all network-related exceptions (ConnectError, RequestError, HTTPStatusError)
  • Return False (not malicious) when network is unavailable instead of crashing
  • Add timeout and exception handling to Google DNS query fallback
  • Add proper logging for failed attempts

YARA Scan Updater (yara_scan.py):

  • Handle zipfile.BadZipFile exception when downloaded archive is corrupted
  • Handle requests.RequestException for network failures during download
  • Add timeout to requests
  • Create directory even on failure to prevent cascading errors

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue).

Checklist

  • [x] I have read and understood the rules about how to Contribute to this project
  • [x] The pull request is for the branch develop
  • [N/A] A new plugin was added or changed (This is a bug fix for existing code)
  • [N/A] I have inserted the copyright banner (No new files created)
  • [x] No new libraries added
  • [N/A] External libraries with restrictive licenses (No new libraries)
  • [x] Linters (Black, Flake, Isort) gave 0 errors
  • [N/A] I have added tests (This fix makes existing tests pass in network-restricted environments)
  • [N/A] GUI has been modified (Backend only)

Testing

These changes allow the following tests to pass in CI environments without outbound network access:

  • Tests using Quad9 DNS resolver
  • Tests using Quad9 malicious detector
  • test_yara_updater (handles corrupt/missing zip files gracefully)

The analyzers now degrade gracefully when network is unavailable, returning empty/false results instead of raising unhandled exceptions.

srijan2607 avatar Dec 04 '25 11:12 srijan2607

@fgibertoni the test was failing across all the new PRs, even my one. So can you please take a look and if this makes sense we can merge it and solve the failing issues

#3094

srijan2607 avatar Dec 04 '25 11:12 srijan2607

@fgibertoni I think this fixes the issue. Can you please let me know if there are any other changes needed? Or is this ready to merge?

srijan2607 avatar Dec 05 '25 23:12 srijan2607

This pull request has been marked as stale because it has had no activity for 10 days. If you are still working on this, please provide some updates or it will be closed in 5 days.

github-actions[bot] avatar Dec 17 '25 09:12 github-actions[bot]

@drosetti can you take a look

srijan2607 avatar Dec 18 '25 00:12 srijan2607