这是indexloc提供的服务,不要输入任何密码
Skip to content

Added context to crtsh database query to prevent it from blocking forever if the connection was lost #1190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 26, 2024
Merged

Added context to crtsh database query to prevent it from blocking forever if the connection was lost #1190

merged 2 commits into from
Mar 26, 2024

Conversation

@UFeindschiff
Copy link
Contributor

@UFeindschiff UFeindschiff commented Mar 13, 2024

The db.Query() call used prior blocks until results have been received. However, if using an unreliable connection (e.g. routing all traffic through Tor), the connection may break, resulting in db.Query() to block forever and as a result for the enumeration to never finish if crtsh was used as a datasource (even if the maximum enumeration time was reached).

This MR is a simple duct-tape fix to query the database with the enumeration context (which is usually a timeout context), so the enumeration will at least always finish after the enumeration timeout was reached. While not a very elegant solution to the problem (we may still be attempting to query a broken connection until the maximum enumeration time is reached), it at least assures that the enumeration actually finishes eventually.

@ehsandeep ehsandeep requested a review from Mzack9999 March 26, 2024 13:15
Mzack9999
Mzack9999 approved these changes Mar 26, 2024
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm - @UFeindschiff Thanks for this PR, the proposed solution is by no means a dutch tape but a very good fit as it uses native methods and perfectly respect the maximum enumeration timeout without altering the existing functionality

@UFeindschiff
Copy link
Contributor Author

UFeindschiff commented Mar 26, 2024

@Mzack9999 I meant duct tape solution in a way that a query may still hang until the context is canceled, which usually means that if the db connection is lost during enumeration, an enumeration will always take the maximum enumeration time. A "proper" solution would be to check every n seconds to see whether the database connection is still alive and if not open a new TCP connection. That however would need to be patched in the postgresql driver.

@ehsandeep ehsandeep merged commit 7df3d9b into projectdiscovery:dev Mar 26, 2024
@BrewTestBot BrewTestBot mentioned this pull request Mar 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Mzack9999 Mzack9999 Mzack9999 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@UFeindschiff @ehsandeep @Mzack9999