Giters

GhostManager / Ghostwriter

The SpecterOps project management and reporting engine

Home Page:https://ghostwriter.wiki

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

{{.project_type}} Keyword Reference within Finding Writeup KeyError

m4lwhere opened this issue · comments

commented

Describe the bug
When using the {{.project_type}} keyword in the Finding WYSIWIG editor, it causes a KeyError on export for DOCX. This appears to be because the reportwriter is attempting to reference ["project"]["project_type"] when it is stored as ["project"]["type"] within the exported JSON.

To Reproduce
Note that this is for a custom project type added to Ghostwriter. This is for a "Vulnerability Assessment" type which has been added to Ghostwriter through the Django panel. Steps to reproduce the behavior:

  1. Go to a Finding and place {{.project_type}} into an editor for the finding.
  2. Click on 'Submit' to save the changes to the Finding.
  3. Click on the Docx export button.
  4. See error below:
Great Failure
Encountered an error generating the document: `project_type`
  1. Removing this keyword reference allows the report to export without error.

Expected Behavior
Expected to have the Project Type placed into the writeup. In the associated JSON, this is stored as the project.type key.

Screenshots
Toast message error showing the message:
image

Server Specs:

  • OS: Kali 2023.3 (ARM)
  • Docker: docker-compose version 1.29.2, build unknown
  • Ghostwriter: v3.2.10

Additional context
Viewing the logs within the containers shows that there is a KeyError during report generation where it's trying to use the key ["project"]["project_type"].

INFO 2023-09-05 15:31:46,292 reportwriter 17 281473199032568 Processing Active Directory Certificate Services ESC1 Template
ERROR 2023-09-05 15:31:46,312 views 17 281473199032568 DOCX generation failed unexpectedly for Report 3 and user admin
Traceback (most recent call last):
  File "/app/./ghostwriter/reporting/views.py", line 1705, in get
    docx = engine.generate_word_docx()
  File "/app/./ghostwriter/modules/reportwriter.py", line 1549, in generate_word_docx
    context = self._process_richtext(context)
  File "/app/./ghostwriter/modules/reportwriter.py", line 1584, in _process_richtext
    finding["description_rt"] = render_subdocument(finding["description"], finding)
  File "/app/./ghostwriter/modules/reportwriter.py", line 1571, in render_subdocument
    self._process_text_xml(section, finding)
  File "/app/./ghostwriter/modules/reportwriter.py", line 1398, in _process_text_xml
    self._process_nested_html_tags(contents, p, finding)
  File "/app/./ghostwriter/modules/reportwriter.py", line 1155, in _process_nested_html_tags
    par = self._replace_and_write(part, par, finding, parent_styles)
  File "/app/./ghostwriter/modules/reportwriter.py", line 901, in _replace_and_write
    self.report_json["project"]["project_type"].lower(),
KeyError: 'project_type'

Note that this is for a custom project type added to Ghostwriter. This is for a "Vulnerability Assessment" type which has been added to Ghostwriter through the Django panel.

I believe the fix will be to have the {{.project_type}} reference use the ["project"]["type"] key instead. I'd be happy to provide more details if needed!

commented

Hey @m4lwhere, thanks for reporting this. That's a simple fix. I resolved it for the latest (not-yet-released) v4 RC and I'll fix it for a patch release for v3.