fix: handle SSL and DNS errors gracefully in DNStwist analyzer. Close #3282

[NikhilRaikwar]

Description

This PR fixes the ssl.SSLEOFError and socket.gaierror in the DNStwist analyzer. These errors occurred when the analyzer encountered misconfigured domains or non-existent domains, causing the Celery worker to crash or report a failed job.

The fix wraps the dnstwist.run() call in a try...except block to catch ssl.SSLError and socket.error. Instead of failing, the analyzer now returns a structured error message within the analysis report, allowing IntelOwl to handle the situation gracefully and inform the user.

Closes #3282

Type of change

• Bug fix (non-breaking change which fixes an issue).
• New feature (non-breaking change which adds functionality).
• Breaking change (fix or feature that would cause existing functionality to not work as expected).

Checklist

• I have read and understood the rules about how to Contribute to this project
• The pull request is for the branch develop
• A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
  • I strictly followed the documentation "How to create a Plugin"
  • Usage file was updated. A link to the PR to the docs repo has been added as a comment here. (N/A)
  • Advanced-Usage was updated (in case the plugin provides additional optional configuration). A link to the PR to the docs repo has been added as a comment here. (N/A)
  • I have dumped the configuration from Django Admin using the dumpplugin command and added it in the project as a data migration. (N/A)
  • If a File analyzer was added and it supports a mimetype which is not already supported... (N/A)
  • If you created a new analyzer and it is free... (N/A)
  • Check if it could make sense to add that analyzer/connector to other freely available playbooks. (N/A)
  • I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
  • If the plugin interacts with an external service, I have created an attribute called precisely url that contains this information.
  • If a new analyzer has beed added, I have created a unittest for it in the appropriate dir. (Added new test cases to existing test file)
  • I have added that raw JSON sample to the get_mocker_response() method of the unittest class.
  • I have created the corresponding DataModel for the new analyzer... (N/A)
• I have inserted the copyright banner at the start of the file: # This file is a part of IntelOwl https://github.com/intelowlproject/IntelOwl # See the file 'LICENSE' for copying permission.
• Please avoid adding new libraries as requirements whenever it is possible. (No new libraries added)
• If external libraries/packages with restrictive licenses were added, they were added in the Legal Notice section. (N/A)
• Linters (Ruff) gave 0 errors.
• I have added tests for the feature/bug I solved (see tests folder). All the tests (new and old ones) gave 0 errors.
• If the GUI has been modified:
  • I have a provided a screenshot of the result in the PR.
  • I have created new frontend tests for the new component or updated existing ones.
• After you had submitted the PR, if DeepSource, Django Doctors or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.

Screenshots & Verification

The fix has been verified by simulating the SSL and DNS exceptions encountered during analysis and by adding automated unit tests.

1. Automated Unit Tests Result

Added 3 new test cases to tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_dnstwist.py to verify handling of SSLEOFError, gaierror, and unexpected exceptions.

(Command: python3 manage.py test tests.api_app.analyzers_manager.unit_tests.observable_analyzers.test_dnstwist)

2. DNS Resolution Error Handling

Verified that non-existent domains now return a graceful gateway error instead of crashing the worker.

3. SSL Handshake Error Handling

Verified that domains with SSL/TLS protocol violations (Python 3.11 strict handling) are now caught and reported.

4. Celery Worker Stability

The Celery worker logs confirm that these exceptions no longer produce tracebacks or interrupt the worker process.

JSON Result (Graceful error report)

{
  "error": "Network/SSL error: [Errno -2] Name or service not known"
}

Important Rules

• If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.
• Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review by using GitHub's reviewing system.

[mlodic]

unexpected errors should still make the analyzer fail so please remove this.

Here we want to manage the errors that are not caused by the tool itself but are based on the input data based on the current observations that we reported in the issue.

[NikhilRaikwar]

I've removed the catch-all Exception block in the latest commit.

[NikhilRaikwar]

Hi @mlodic,

Thanks for the feedback! I've removed the catch-all Exception block in the latest commit.

The analyzer now only catches OSError and ssl.SSLError to handle the specific input-based network/SSL issues reported, while allowing any other unexpected internal errors to fail as intended. I have also updated the unit tests to reflect this change.

[github-actions]

This pull request has been marked as stale because it has had no activity for 10 days. If you are still working on this, please provide some updates or it will be closed in 5 days.