aws-sdk-go: GuardDuty API occasionally causes a serialization error

Version of AWS SDK for Go?

$ git describe --tags
v1.12.54-2-gf98ff350

$ git show
commit f98ff3505c17e44d349af899eb85e6b37a7953db (HEAD -> master, origin/master, origin/HEAD)
Merge: 4dd51c2f 5db34a6d
Author: awstools <aws-dr-tools-github-user@amazon.com>
Date:   Fri Dec 29 10:14:11 2017 -0800

    Merge pull request #1715 from aws/release

    Release v1.12.54

Version of Go (go version)?

$ go version
go version go1.9.2 darwin/amd64

What issue did you see?

GuardDuty inconsistently returns an extra field - imageDescription - when calling the GetFindings resource. The interesting thing is that this field is present in the GuardDuty UI when the “Resource affected” section contains EC2 instance details. However, the field is missing in the official API documentation (https://docs.aws.amazon.com/guardduty/latest/ug/get-findings.html) and the SDK’s JSON spec (https://github.com/aws/aws-sdk-go/blob/master/models/apis/GuardDuty/2017-11-28/api-2.json).

The response body includes the following fragment:

"resource": {
  "instanceDetails": {
    "imageDescription": "null",

Another example:

"resource": {
  "instanceDetails": {
    "imageDescription": "AMI backup for app server",

When the response contains the field, it results in the following error:

SerializationError: failed decoding JSON RPC response
caused by: unsupported value: <nil> (*string)

Steps to reproduce

This might be tricky to test at your end unless you have real GuardDuty “findings.” The sample data that can be generated under Settings | General does not include full instance data, so the field is not present. Here’s some sample code for you:

package main

import (
	"log"
	"os"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/guardduty"
)

func main() {
	session, _ := session.NewSession(&aws.Config{
		LogLevel: aws.LogLevel(aws.LogDebugWithHTTPBody),
	})

	svc := guardduty.New(session)
	svc.AddDebugHandlers()

	findingIdsList, awsErr := svc.ListFindings(&guardduty.ListFindingsInput{
		DetectorId: aws.String(os.Getenv("DETECTOR_ID")),
	})

	if awsErr != nil {
		log.Fatalln(awsErr.Error())
	}

	findingsList, awsErr := svc.GetFindings(&guardduty.GetFindingsInput{
		DetectorId: aws.String(os.Getenv("DETECTOR_ID")),
		FindingIds: findingIdsList.FindingIds,
	})

	// will show any Finding that was successfully serialized
	log.Println(findingsList)

	if awsErr != nil {
		log.Fatalln(awsErr)
	}
}

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 21 (11 by maintainers)

Most upvoted comments

@philm - The service is looking into. Will follow up when I have more information.

+1
xibz on Jan 4, 2018
Read more comments on GitHub
← aws-sdk-go: GetBucketLocation fails if region specified does not match the region the bucket is in.
aws-sdk-go: NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors →