SSH Error — Github or AWS CloudFormation? | by Teri Radichel | Bugs That Bite | Oct, 2022

While trying to access the Github meta API to get the list of CIDRs associated with GitHub and put them into an AWS Prefix List I randomly got this error.



The thing is, my code never changed when I got this error. I had run the same code a number of times. After I got this error I ran the same code again and never saw the error again.

“Cidr:” in the error message above seemed to be part of the AWS template code I was trying to generate. I was not using any authentication to get to GitHub. I was using SSH to get into an EC2 instance, however the code from there was just using HTTPS to get to GitHub.

Nothing came up for the exact phrases above in the error message when I searched on Google so initially I thought this is internal code at either GitHub as part of their meta API service or AWS CloudFormation.

Then I remembered that I had seen part of one of those strings in the GitHub meta API I was looking at:

So there we have:


But not:


But if you look at the above we do have:


So somehow the “false” got inserted in the wrong place.

And “Cidr” is coming from the CloudFormation template I was trying to auto-generate.

So perhaps there was some kind of parsing problem that caused the text from the GitHub API to be managed and merged into the CloudFormation template I was generating.

That error above seems like a YAML parsing error so somehow more data was pulled from GitHub than expected. How that happened, I am not exactly sure. The API call brings down some data from GitHub and then filters out only what I need but it seemed like the whole file was pulled in rather than the subset of data I needed.

I had a separate bash function that pulls down that data so the only thing I could think of was a multi-threading error in the AWS Linux OS where the first function didn’t finish processing before the second in what should be a single-threaded application.

At any rate, I never saw the error again after that one time.

Teri Radichel

If you liked this story please clap and follow:

Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research

© 2nd Sight Lab 2022



Cybersecurity for Executives in the Age of Cloud on Amazon

Need Cloud Security Training? 2nd Sight Lab Cloud Security Training

Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.

Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.

Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts

Source link