What happened
Across the codebase, specifically in many analyzers and connectors, the requests library is frequently used without an explicit timeout parameter.
Affected Components (Examples):
api_app/analyzers_manager/observable_analyzers/stratosphere.py (Line 66)api_app/analyzers_manager/observable_analyzers/abuseipdb.py (Line 29)- Many other analyzers and connectors using
requests.get() or requests.post().
Because IntelOwl uses a fixed-size pool of Celery workers, a malicious or slow external service can keep a request open indefinitely (a "slow-tail" attack). If an attacker targets multiple analyzers at once, they can occupy every available worker, effectively causing a Denial of Service (DoS) where no legitimate scans can be processed.
Environment
- OS: Linux
- IntelOwl version: Current develop branch
What did you expect to happen
All outgoing HTTP requests should have a reasonable, explicit timeout (e.g., requests.get(url, timeout=30)).
How to reproduce your issue
- Point an analyzer (like the Stratosphere or any web-based analyzer) to a server designed to never close the connection (e.g.,
slowloris or a simple infinite loop server).
- Observe that the Celery worker for that task stays in a "Started" state forever and never returns to the pool.
- Repeat for all worker slots to halt the entire system.
Error messages and logs
No error messages are generated because the worker simply hangs. This is visible in Celery monitoring tools like Flower as tasks that never progress.
Suggested Fix
- Define a global default timeout for all HTTP requests within IntelOwl's utility modules.
- Iterate through all analyzers and connectors to ensure they use this default timeout or an explicit one.
- Consider using a wrapper for
requests or switching to a library that enforces timeouts.
or messages are generated because the worker simply hangs. This is visible in Celery monitoring tools like Flower as tasks that never progress.
What happened
Across the codebase, specifically in many analyzers and connectors, the
requestslibrary is frequently used without an explicittimeoutparameter.Affected Components (Examples):
api_app/analyzers_manager/observable_analyzers/stratosphere.py(Line 66)api_app/analyzers_manager/observable_analyzers/abuseipdb.py(Line 29)requests.get()orrequests.post().Because IntelOwl uses a fixed-size pool of Celery workers, a malicious or slow external service can keep a request open indefinitely (a "slow-tail" attack). If an attacker targets multiple analyzers at once, they can occupy every available worker, effectively causing a Denial of Service (DoS) where no legitimate scans can be processed.
Environment
What did you expect to happen
All outgoing HTTP requests should have a reasonable, explicit timeout (e.g.,
requests.get(url, timeout=30)).How to reproduce your issue
slowlorisor a simple infinite loop server).Error messages and logs
No error messages are generated because the worker simply hangs. This is visible in Celery monitoring tools like Flower as tasks that never progress.
Suggested Fix
requestsor switching to a library that enforces timeouts.or messages are generated because the worker simply hangs. This is visible in Celery monitoring tools like Flower as tasks that never progress.