Fix: Handle Werkzeug 3.x constraints in malware_tools_analyzer to resolve #3617 (#3618)

Abhishek9639 · web-flow · commit 534c7d53c90b · 2026-04-03T16:39:54.000+02:00
* Fix #3617: Handle Werkzeug 3.x multipart constraints and JSONDecodeError * fix: resolve ruff formatting and overlapping exception lint errors * fix: apply Werkzeug 3.x multipart constraints logic across all Flask containers
diff --git a/api_app/analyzers_manager/classes.py b/api_app/analyzers_manager/classes.py
@@ -290,7 +290,10 @@ def __raise_in_case_bad_request(name, resp, params_to_check=None) -> bool:
         if resp.status_code == 404:
             raise AnalyzerConfigurationException(f"{name} docker container is not running.")
         if resp.status_code == 400:
-            err = resp.json().get("error", "")
+            try:
+                err = resp.json().get("error", "")
+            except ValueError:
+                err = resp.text or f"Bad Request in {name} docker container"
             raise AnalyzerRunException(err)
         if resp.status_code == 500:
             raise AnalyzerRunException(f"Internal Server Error in {name} docker container")
diff --git a/integrations/malware_tools_analyzers/app.py b/integrations/malware_tools_analyzers/app.py
@@ -39,9 +39,26 @@
 # Globals
 app = Flask(__name__)
 app.config["SECRET_KEY"] = secrets.token_hex(16)
+# Disable Werkzeug 3.x default form memory limit (500kB) to avoid false 400
+# errors on multipart requests.
+# See: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0
+app.config["MAX_FORM_MEMORY_SIZE"] = None
+app.config["MAX_CONTENT_LENGTH"] = 1024 * 1024 * 1024  # 1GB
 executor = Executor(app)
 shell2http = Shell2HTTP(app, executor)
 
+
+# ensure error responses are JSON (not HTML) for flask-shell2http callers
+@app.errorhandler(400)
+def bad_request(e):
+    return {"error": str(e)}, 400
+
+
+@app.errorhandler(413)
+def too_large(e):
+    return {"error": str(e)}, 413
+
+
 # we are changeing the directory for execution of
 #  artifacts script as it requires us to be in the
 #  same directory
diff --git a/integrations/nuclei_analyzer/app.py b/integrations/nuclei_analyzer/app.py
@@ -34,6 +34,11 @@
 # Flask application instance with secret key
 app = Flask(__name__)
 app.config["SECRET_KEY"] = os.getenv("SECRET_KEY", os.urandom(24).hex())
+# Disable Werkzeug 3.x default form memory limit (500kB) to avoid false 400
+# errors on multipart requests.
+# See: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0
+app.config["MAX_FORM_MEMORY_SIZE"] = None
+app.config["MAX_CONTENT_LENGTH"] = 1024 * 1024 * 1024  # 1GB
 
 # Initialize the Executor for background task processing
 executor = Executor(app)
@@ -42,6 +47,17 @@
 shell2http = Shell2HTTP(app=app, executor=executor)
 
 
+# ensure error responses are JSON (not HTML) for flask-shell2http callers
+@app.errorhandler(400)
+def bad_request(e):
+    return {"error": str(e)}, 400
+
+
+@app.errorhandler(413)
+def too_large(e):
+    return {"error": str(e)}, 413
+
+
 @app.route("/health", methods=["GET"])
 def health_check():
     return {"status": "healthy"}, 200
diff --git a/integrations/pcap_analyzers/app.py b/integrations/pcap_analyzers/app.py
@@ -39,10 +39,26 @@
 # Globals
 app = Flask(__name__)
 app.config["SECRET_KEY"] = secrets.token_hex(16)
+# Disable Werkzeug 3.x default form memory limit (500kB) to avoid false 400
+# errors on multipart requests.
+# See: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0
+app.config["MAX_FORM_MEMORY_SIZE"] = None
+app.config["MAX_CONTENT_LENGTH"] = 1024 * 1024 * 1024  # 1GB
 executor = Executor(app)
 shell2http = Shell2HTTP(app, executor)
 
 
+# ensure error responses are JSON (not HTML) for flask-shell2http callers
+@app.errorhandler(400)
+def bad_request(e):
+    return {"error": str(e)}, 400
+
+
+@app.errorhandler(413)
+def too_large(e):
+    return {"error": str(e)}, 413
+
+
 def intercept_suricata_result(context, future: Future) -> None:
     # 1. get current result object
     res = future.result()
diff --git a/integrations/phishing_analyzers/app.py b/integrations/phishing_analyzers/app.py
@@ -29,9 +29,26 @@
 
 app = Flask(__name__)
 app.config["SECRET_KEY"] = secrets.token_hex(16)
+# Disable Werkzeug 3.x default form memory limit (500kB) to avoid false 400
+# errors on multipart requests.
+# See: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0
+app.config["MAX_FORM_MEMORY_SIZE"] = None
+app.config["MAX_CONTENT_LENGTH"] = 1024 * 1024 * 1024  # 1GB
 executor = Executor(app)
 shell2http = Shell2HTTP(app, executor)
 
+
+# ensure error responses are JSON (not HTML) for flask-shell2http callers
+@app.errorhandler(400)
+def bad_request(e):
+    return {"error": str(e)}, 400
+
+
+@app.errorhandler(413)
+def too_large(e):
+    return {"error": str(e)}, 413
+
+
 shell2http.register_command(
     endpoint="phishing_extractor",
     command_name="/usr/local/bin/python3 /opt/deploy/phishing_analyzers/analyzers/extract_phishing_site.py",
diff --git a/integrations/thug/app.py b/integrations/thug/app.py
@@ -38,10 +38,26 @@
 # Globals
 app = Flask(__name__)
 app.config["SECRET_KEY"] = secrets.token_hex(16)
+# Disable Werkzeug 3.x default form memory limit (500kB) to avoid false 400
+# errors on multipart requests.
+# See: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0
+app.config["MAX_FORM_MEMORY_SIZE"] = None
+app.config["MAX_CONTENT_LENGTH"] = 1024 * 1024 * 1024  # 1GB
 executor = Executor(app)
 shell2http = Shell2HTTP(app, executor)
 
 
+# ensure error responses are JSON (not HTML) for flask-shell2http callers
+@app.errorhandler(400)
+def bad_request(e):
+    return {"error": str(e)}, 400
+
+
+@app.errorhandler(413)
+def too_large(e):
+    return {"error": str(e)}, 413
+
+
 def intercept_thug_result(context, future: Future) -> None:
     """
     Thug doesn't output result to standard output but to a file,
diff --git a/integrations/tor_analyzers/app.py b/integrations/tor_analyzers/app.py
@@ -37,9 +37,26 @@
     "SECRET_KEY": __import__("secrets").token_hex(16),
 }
 app.config.update(CONFIG)
+# Disable Werkzeug 3.x default form memory limit (500kB) to avoid false 400
+# errors on multipart requests.
+# See: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0
+app.config["MAX_FORM_MEMORY_SIZE"] = None
+app.config["MAX_CONTENT_LENGTH"] = 1024 * 1024 * 1024  # 1GB
 
 executor = Executor(app)
 shell2http = Shell2HTTP(app, executor)
 
+
+# ensure error responses are JSON (not HTML) for flask-shell2http callers
+@app.errorhandler(400)
+def bad_request(e):
+    return {"error": str(e)}, 400
+
+
+@app.errorhandler(413)
+def too_large(e):
+    return {"error": str(e)}, 413
+
+
 # with this, we can make http calls to the endpoint: /onionscan
 shell2http.register_command(endpoint="onionscan", command_name="./bundled/onionscan")
