Coder Social home page Coder Social logo

Question about poison records about acra HOT 7 CLOSED

m8522s avatar m8522s commented on June 3, 2024
Question about poison records

from acra.

Comments (7)

Lagovas avatar Lagovas commented on June 3, 2024

Nice catch.

(but you will have to move the keys into AcraServer’s key storage manually).

This row is not relevant and incorrect. We will remove it. acra-poisonrecordmaker generates poison record that you should place into your storage. If you didn't generate keys for poison records, this tool will generate it automatically. By default it will place it to .acrakeys folder using specified ACRA_MASTER_KEY. So, if you run acra-poisonrecord that configured to use acra-server's keystore, then you don't need to do anything more.

But you should keep in mind, that tool generates binary poison record encoded into the base64 to print it to stdout. But storages uses binary format. PostgreSQL uses bytea, MySQL BINARY/BLOB. So, you need decode base64 output and save into the db poison record in the binary format

from acra.

m8522s avatar m8522s commented on June 3, 2024

So I need to run acra-poisonrecordmaker, base64-decode the output and store it in the database?
In case of MySQL, are the following commands the right way to place a poison record?

acra-poisonrecordmaker
JSUl2wAAAAAAAADxIiIiIiIiIiJVRUMyAAAALTls2DQDONAG1vIFH/KyTqZzUFXlHzPRN9rVxoREcOIsDh0i8ScgJwQmVAAAAAABAUAMAAAAEAAAACAAAADqxJKo+kJ9oNUn6bI9WKaPJSaIx1hm9TG7AtkzgBYyGJ1jaTNSlA385Rf7wGnNLPE+mpZhAldNc6cLn00+AAAAAAAAAAABAUAMAAAAEAAAABIAAABnESuzeVeVfsNUlsyRmA2ezKkOVpKRhvCzxv6NTAAxkafxOWdM119lnJw0ghT4

INSERT INTO users (user_id,password) VALUES (994, FROM_BASE64('JSUl2wAAAAAAAADxIiIiIiIiIiJVRUMyAAAALTls2DQDONAG1vIFH/KyTqZzUFXlHzPRN9rVxoREcOIsDh0i8ScgJwQmVAAAAAABAUAMAAAAEAAAACAAAADqxJKo+kJ9oNUn6bI9WKaPJSaIx1hm9TG7AtkzgBYyGJ1jaTNSlA385Rf7wGnNLPE+mpZhAldNc6cLn00+AAAAAAAAAAABAUAMAAAAEAAAABIAAABnESuzeVeVfsNUlsyRmA2ezKkOVpKRhvCzxv6NTAAxkafxOWdM119lnJw0ghT4'));

from acra.

Lagovas avatar Lagovas commented on June 3, 2024

You didn't decode base64 output. If you want store in with INSERT query, then decode base64 to binary, then encode to hex:

echo -n 'JSUl2wAAAAAAAADxIiIiIiIiIiJVRUMyAAAALTls2DQDONAG1vIFH/KyTqZzUFXlHzPRN9rVxoREcOIsDh0i8ScgJwQmVAAAAAABAUAMAAAAEAAAACAAAADqxJKo+kJ9oNUn6bI9WKaPJSaIx1hm9TG7AtkzgBYyGJ1jaTNSlA385Rf7wGnNLPE+mpZhAldNc6cLn00+AAAAAAAAAAABAUAMAAAAEAAAABIAAABnESuzeVeVfsNUlsyRmA2ezKkOVpKRhvCzxv6NTAAxkafxOWdM119lnJw0ghT4' | base64 -d | xxd -ps -c 2000 | tr -d '\n'

You will get:

252525db00000000000000f12222222222222222554543320000002d396cd8340338d006d6f2051ff2b24ea6735055e51f33d137dad5c6844470e22c0e1d22f1272027042654000000000101400c0000001000000020000000eac492a8fa427da0d527e9b23d58a68f252688c75866f531bb02d933801632189d63693352940dfce517fbc069cd2cf13e9a966102574d73a70b9f4d3e00000000000000000101400c000000100000001200000067112bb37957957ec35496cc91980d9ecca90e56929186f0b3c6fe8d4c003191a7f139674cd75f659c9c348214f8

Then according to MySQL doc you can send it as hexadecimal literal:

INSERT INTO users (user_id,password) VALUES (994, FROM_BASE64(X'252525db00000000000000f12222222222222222554543320000002d396cd8340338d006d6f2051ff2b24ea6735055e51f33d137dad5c6844470e22c0e1d22f1272027042654000000000101400c0000001000000020000000eac492a8fa427da0d527e9b23d58a68f252688c75866f531bb02d933801632189d63693352940dfce517fbc069cd2cf13e9a966102574d73a70b9f4d3e00000000000000000101400c000000100000001200000067112bb37957957ec35496cc91980d9ecca90e56929186f0b3c6fe8d4c003191a7f139674cd75f659c9c348214f8'));

from acra.

m8522s avatar m8522s commented on June 3, 2024

Unfortunately the INSERT query returns an error:

ERROR 1958 (HY000): Bad base64 data as position 0

Can you provide a minimal working example? The documentation is all about creating the record and not about storing it in a database table.
Thanks!

from acra.

Lagovas avatar Lagovas commented on June 3, 2024

I missed that you example contained FROM_BASE64(...). Use you variant

INSERT INTO users (user_id,password) VALUES (994, FROM_BASE64('JSUl2wAAAAAAAADxIiIiIiIiIiJVRUMyAAAALTls2DQDONAG1vIFH/KyTqZzUFXlHzPRN9rVxoREcOIsDh0i8ScgJwQmVAAAAAABAUAMAAAAEAAAACAAAADqxJKo+kJ9oNUn6bI9WKaPJSaIx1hm9TG7AtkzgBYyGJ1jaTNSlA385Rf7wGnNLPE+mpZhAldNc6cLn00+AAAAAAAAAAABAUAMAAAAEAAAABIAAABnESuzeVeVfsNUlsyRmA2ezKkOVpKRhvCzxv6NTAAxkafxOWdM119lnJw0ghT4'));

or mine without FROM_BASE64

INSERT INTO users (user_id,password) VALUES (994, X'252525db00000000000000f12222222222222222554543320000002d396cd8340338d006d6f2051ff2b24ea6735055e51f33d137dad5c6844470e22c0e1d22f1272027042654000000000101400c0000001000000020000000eac492a8fa427da0d527e9b23d58a68f252688c75866f531bb02d933801632189d63693352940dfce517fbc069cd2cf13e9a966102574d73a70b9f4d3e00000000000000000101400c000000100000001200000067112bb37957957ec35496cc91980d9ecca90e56929186f0b3c6fe8d4c003191a7f139674cd75f659c9c348214f8');

Both should work. You need just save binary value in proper way for your database.

If you want an example, please provide a reproducible environment ready to run and extension. Some docker-compose with working mysql, generated keys, configured acra-server to work with this database, generated poison record and dumped into some file and entrypoint that has access to the database and this poison record in the file. It will help not to spend much time reproducing your environment to write 1 valid SQL query

from acra.

m8522s avatar m8522s commented on June 3, 2024

OK, got it. I now have inserted a poison record into the users table.
Next, I start the acra-server with poison_detect_enable:

acra-server --mysql_enable=true --db_host=10.5.1.95 --db_port=3306 --incoming_connection_string=tcp://0.0.0.0:3306 -v   --poison_detect_enable=true --poison_shutdown_enable=true

Now, when a client requests SELECT * FROM users; it receives the full table including the poison record. The log file of acra-server does not warn or shut down.

Do I have to include acra-censor to make poison record detection work? Thanks for your help.

from acra.

Lagovas avatar Lagovas commented on June 3, 2024

Do I have to include acra-censor to make poison record detection work?

No, you don't need.

We tested it locally with MySQL and poison records, with your flags and all still works. Plus, we have integration tests that do the same.
If you still having problems, please provide docker-compose file that reproduces your environment with all params and steps that you do.
You can find our docker-compose examples in our engineering demos for acra-server that depends on key generation and databases. Example how we do it for python script.

from acra.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.