Skip to content

fix: make Quad9 analyzers and YARA updater resilient to network errors #3099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
srijan2607 wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

fix: make Quad9 analyzers and YARA updater resilient to network errors #3099

srijan2607 wants to merge 1 commit into from

Conversation

@srijan2607
Copy link

@srijan2607 srijan2607 commented Dec 4, 2025

Description

This PR addresses CI test failures caused by network-related errors in the test environment. The CI environment may not have outbound network access, causing tests to fail when analyzers try to contact external services.

Changes

Quad9 DNS Resolver (quad9_dns_resolver.py):

  • Use httpx.Client as a context manager to prevent resource leaks
  • Catch httpx.ConnectError, httpx.RequestError, and httpx.HTTPStatusError
  • Return empty resolution result instead of raising exceptions when network is unavailable
  • Add proper debug/warning logging for failed attempts

Quad9 Malicious Detector (quad9_malicious_detector.py):

  • Use httpx.Client as a context manager
  • Catch all network-related exceptions (ConnectError, RequestError, HTTPStatusError)
  • Return False (not malicious) when network is unavailable instead of crashing
  • Add timeout and exception handling to Google DNS query fallback
  • Add proper logging for failed attempts

YARA Scan Updater (yara_scan.py):

  • Handle zipfile.BadZipFile exception when downloaded archive is corrupted
  • Handle requests.RequestException for network failures during download
  • Add timeout to requests
  • Create directory even on failure to prevent cascading errors

Type of change

  • Bug fix (non-breaking change which fixes an issue).

Checklist

  • I have read and understood the rules about how to Contribute to this project
  • The pull request is for the branch develop
  • [N/A] A new plugin was added or changed (This is a bug fix for existing code)
  • [N/A] I have inserted the copyright banner (No new files created)
  • No new libraries added
  • [N/A] External libraries with restrictive licenses (No new libraries)
  • Linters (Black, Flake, Isort) gave 0 errors
  • [N/A] I have added tests (This fix makes existing tests pass in network-restricted environments)
  • [N/A] GUI has been modified (Backend only)

Testing

These changes allow the following tests to pass in CI environments without outbound network access:

  • Tests using Quad9 DNS resolver
  • Tests using Quad9 malicious detector
  • test_yara_updater (handles corrupt/missing zip files gracefully)

The analyzers now degrade gracefully when network is unavailable, returning empty/false results instead of raising unhandled exceptions.

@srijan2607
fix: make Quad9 analyzers and YARA updater resilient to network errors
ce5dbfc 
- Quad9 DNS resolver: catch network errors and return empty result instead of raising
- Quad9 malicious detector: handle network failures gracefully, return False
- YARA updater: handle BadZipFile and RequestException when downloading rules
- Use httpx Client as context manager to prevent resource leaks
- Add proper logging for failed attempts
@srijan2607
Copy link
Author

srijan2607 commented Dec 4, 2025

@fgibertoni the test was failing across all the new PRs, even my one. So can you please take a look and if this makes sense we can merge it and solve the failing issues

#3094

@srijan2607
Copy link
Author

srijan2607 commented Dec 5, 2025

@fgibertoni I think this fixes the issue. Can you please let me know if there are any other changes needed? Or is this ready to merge?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@srijan2607