ERROR Error Code 0 error Response Text undefined vulsrepo report
nateambringit opened this issue · comments
Hi, when i select the result of vuls for viewing in vulsrepo, vulsrepo display like that. i am trying to copy the result/ from my vuls directory /usr/share/vuls/result to /opt/vuls/result but nothing change. what's problem here and how to fix this?
Thank you.
vuls dir : /usr/share/vuls/
vulsrepo : /home/ubuntu/go/src/github.com/ishiDACo/vulsrepo/
Please check vulsrepo-config.toml.
[Server]
resultsPath = "/opt/vuls/results"If resultsPath is /opt/vuls/results, you need to copy /opt/vuls/results, not /opt/vuls/result.
For example,
$ pwd
/opt/vuls
$ tree .
.
└── results
├── 2020-11-16T07:38:02Z
│ ├── localhost.json
│ ├── oracle_linux7.json
│ ├── raspberry10.json
│ └── vuls@localhost.json
├── 2020-11-17T01:14:17Z
│ └── localhost.json
└── current -> /opt/vuls/results/2020-11-17T01:14:17Z/Alternatively, rewrite vulsrepo-config.toml as follows, and then restart VulsRepo.
[Server]
resultsPath = "/usr/share/vuls/result" <--- your vuls results directoryI already that method too, but nothing change.
vulsrepo-config.toml
[Server]
rootPath = "/home/ubuntu/go/src/github.com/ishiDACo/vulsrepo/"
resultsPath = "/usr/share/vuls-data/results/"
serverPort = "5111"
#serverIP = "127.0.0.1"
#serverSSL = "yes"
#serverCert = "cert.pem"
#serverKey = "key.pem"
#[Auth]
#authFilePath = "/home/vuls-user/.htdigest"
#realm = "vulsrepo_local"
$ pwd
/usr/share/vuls-data
$ ll
total 1452588
drwxr-xr-x 4 ubuntu root 4096 Nov 17 04:41 ./
drwxr-xr-x 110 root root 4096 Nov 12 07:57 ../
-rw-r--r-- 1 root root 514 Nov 13 03:44 config.toml
-rw-r--r-- 1 root root 1405997056 Nov 12 10:11 cve.sqlite3
-rw-r--r-- 1 ubuntu ubuntu 17395712 Nov 17 04:41 go-exploitdb.sqlite3
-rw-r--r-- 1 ubuntu ubuntu 2322432 Nov 17 04:36 go-msfdb.sqlite3
lrwxrwxrwx 1 ubuntu ubuntu 57 Nov 12 10:39 gost.sqlite3 -> /home/ubuntu/go/src/github.com/knqyf263/gost/gost.sqlite3
-rw-r--r-- 1 ubuntu root 61698048 Nov 13 07:42 oval.sqlite3
drwx------ 4 ubuntu ubuntu 4096 Nov 17 04:48 results/
drwxrwxr-x 2 ubuntu ubuntu 4096 Nov 13 03:50 ssh/
/usr/share/vuls-data/results$ ll
total 16
drwx------ 4 ubuntu ubuntu 4096 Nov 17 04:48 ./
drwxr-xr-x 4 ubuntu root 4096 Nov 17 04:41 ../
drwx------ 2 ubuntu ubuntu 4096 Nov 17 03:58 2020-11-17T03:48:53Z/
drwx------ 2 ubuntu ubuntu 4096 Nov 17 04:48 2020-11-17T04:48:40Z/
lrwxrwxrwx 1 ubuntu ubuntu 49 Nov 17 04:48 current -> /usr/share/vuls-data/results/2020-11-17T04:48:40Z/
Result when i click submit
Have you restarted your Vuls repo?
Have you restarted your Vuls repo?
I did but nothing change.
I understand the situation.
I think resultsPath and directory are fine.
But I can't reproduce this problem.
Please let me know a few things.
- What version of Vuls are you using?
- What are Vuls' options for
scanandreportexecution? - What is the operating system and version of the target server?
-
Vuls version v0.13.4 from https://github.com/future-architect/vuls
-
Vuls execution :
vuls scan
$ vuls scan
[Nov 17 08:07:47] INFO [localhost] Start scanning
[Nov 17 08:07:47] INFO [localhost] config: /usr/share/vuls-data/config.toml
[Nov 17 08:07:47] INFO [localhost] Validating config...
[Nov 17 08:07:47] INFO [localhost] Detecting Server/Container OS...
[Nov 17 08:07:47] INFO [localhost] Detecting OS of servers...
[Nov 17 08:07:47] INFO [localhost] (1/1) Detected: ip-10-0-0-251: ubuntu 14.04
[Nov 17 08:07:47] INFO [localhost] Detecting OS of containers...
[Nov 17 08:07:47] INFO [localhost] Checking Scan Modes...
[Nov 17 08:07:47] INFO [localhost] Detecting Platforms...
[Nov 17 08:07:47] INFO [localhost] (1/1) ip-10-0-0-251 is running on aws
[Nov 17 08:07:47] INFO [localhost] Detecting IPS identifiers...
[Nov 17 08:07:47] INFO [localhost] (1/1) ip-10-0-0-251 has 0 IPS integration
[Nov 17 08:07:47] INFO [localhost] Scanning vulnerabilities...
[Nov 17 08:07:47] INFO [localhost] Scanning vulnerable OS packages...
[Nov 17 08:07:47] INFO [ip-10-0-0-251] Scanning in fast mode
- Vuls Report Execution : vuls report -format-json
$ vuls report -format-json
[Nov 17 08:12:13] INFO [localhost] Validating config...
[Nov 17 08:12:13] INFO [localhost] Loaded: /usr/share/vuls-data/results/2020-11-17T08:07:47Z
[Nov 17 08:12:13] INFO [localhost] Validating db config...
INFO[0000] -cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /usr/share/vuls-data/cve.sqlite3
INFO[0000] -ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /usr/share/vuls-data/oval.sqlite3
INFO[0000] -gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /usr/share/vuls-data/gost.sqlite3
INFO[0000] -exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /usr/share/vuls-data/go-exploitdb.sqlite3
INFO[0000] -msfdb-type: sqlite3, -msfdb-url: , -msfdb-path: /usr/share/vuls-data/go-msfdb.sqlite3
DBUG[11-17|08:12:13] Opening DB (sqlite3).
DBUG[11-17|08:12:13] Migrating DB (sqlite3).
INFO[11-17|08:12:13] Opening DB. db=sqlite3
INFO[11-17|08:12:13] Migrating DB. db=sqlite3
INFO[11-17|08:12:13] Opening Database. db=sqlite3
INFO[11-17|08:12:13] Migrating DB. db=sqlite3
INFO[11-17|08:12:13] Opening DB db=sqlite3
INFO[11-17|08:12:13] Migrating DB db=sqlite3
[Nov 17 08:12:13] INFO [localhost] ip-10-0-0-251: 0 CVEs are detected with Library
[Nov 17 08:12:13] WARN [localhost] OVAL for ubuntu 14.04 is old, last modified is 2020-11-13 07:42:26.798720515 +0000 UTC. It's recommended to update OVAL to improve scanning accuracy. How to update OVAL database, see https://github.com/kotakanbe/goval-dictionary#usage
[Nov 17 08:12:13] WARN [localhost] The OVAL name of the running kernel image {Release:3.13.0-116-generic Version: RebootRequired:false} is not found. So vulns of `linux` wll be detected. server: ip-10-0-0-251
[Nov 17 08:12:15] INFO [localhost] ip-10-0-0-251: 667 CVEs are detected with OVAL
[Nov 17 08:12:15] INFO [localhost] ip-10-0-0-251: 0 CVEs are detected with CPE
[Nov 17 08:12:15] INFO [localhost] ip-10-0-0-251: 0 CVEs are detected with GitHub Security Alerts
[Nov 17 08:12:15] INFO [localhost] ip-10-0-0-251: 0 unfixed CVEs are detected with gost
[Nov 17 08:12:15] INFO [localhost] Fill CVE detailed information with CVE-DB
[Nov 17 08:12:19] INFO [localhost] Fill exploit information with Exploit-DB
[Nov 17 08:12:19] INFO [localhost] ip-10-0-0-251: 36 exploits are detected
[Nov 17 08:12:19] INFO [localhost] Fill metasploit module information with Metasploit-DB
[Nov 17 08:12:20] INFO [localhost] ip-10-0-0-251: 12 modules are detected
- My target OS server is Ubuntu 14.04
I hadn't tested loading the Ubuntu 14.04 output,
so I'm going to install Ubuntu 14.04 on my computer and see what happens.
I have Ubuntu 14.04 LTS without Extended Security Maintenance, It is EOL.
One more question, What OS and version are you running Vuls/VulsRepo?
I am running on Ubuntu 18.04.
Unfortunately, I targeted Ubuntu 14.04 on a Docker container, but the problem did not reproduce.
I am using Ubuntu 18.04 in aws
$ uname -a
Linux ip-10-0-5-34 5.4.0-1029-aws #30~18.04.1-Ubuntu SMP Tue Oct 20 11:09:25 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
I am trying to scan in localhost (ubuntu 18.04) but still error from vuls repo. Trying to look report from vuls tui is working, maybe the problem from vulsrepo.
There's probably an error in vulsrepo.js around line 207.
Line 207 in 7bf6f37
Use Chrome's developer tool to stop the breakpoints.
And tell me what values are in jqXHR, textStatus and errorThrown.
jqXHR = {readyState: 0, getResponseHeader: ƒ, getAllResponseHeaders: ƒ, setRequestHeader: ƒ, overrideMimeType: ƒ, …}, textStatus = "error", errorThrown = ""
Maybe problem in this area?
Maybe problem in this area?
I think so. XMLHttpRequest blocked by CORS Policy.
One more, Please provide ip-10-0-0-251.json HTTP Status code, Response Headers and Request Headers information.
The result of sending and receiving HTTP requests in my environment is as follows
One more question, Are you using Application Load Balancer or Classic Load Balancer?
If use it, please check load balancer settings.
In my server with vuls and vulsrepo i'm not using load balancer but in my target server i'm used it, is any problem when vulsrepo if the target server using load balancer?
"Provisional headers are shown" would indicate that they are retrieved from the cache without communication.
Please check Disable cache and retry it.
I already check Disable Cache and try again but nothing change
I don't know why, but Request URL appears to be incorrect.
Your Request URL is results2020-11-17t09:36:11Z/localhost.json.
The URL to expect is http://10.0.5.34:5111/results/2020-11-17T09:36:11Z/localhost.json.
Line 182 in 7bf6f37
Use Chrome's developer tool to stop the breakpoints.
And tell me what values are in value.url.
"results/2020-11-17T09:36:11Z/localhost.json" is the correct value.
Also, please tell me the results of the curl command.
curl -I -v http://10.0.5.34:5111/results/2020-11-17T09:36:11Z/localhost.jsonI don't know why, but Request URL appears to be incorrect.
Your Request URL is
results2020-11-17t09:36:11Z/localhost.json.The URL to expect is
http://10.0.5.34:5111/results/2020-11-17T09:36:11Z/localhost.json.Line 182 in 7bf6f37
Use Chrome's developer tool to stop the breakpoints.
And tell me what values are invalue.url.
Result :
please tell me the results of the curl command.
curl -I -v http://10.0.5.34:5111/results/2020-11-17T09:36:11Z/localhost.json
Result :
I don't know why two result are different values.
results/2020-11-17T09:36:11Z/localhost.json is the correct value.
But, your value.url is results2020-11-17T09:36:11Z/localhost.json. Missing /.
Please tell me the results of the curl command.
curl -v http://http://10.0.5.34:5111/getfilelist/
curl response body includes url. I would like to know if the url value starts with a /.
results/2020-11-17T09:36:11Z/localhost.jsonis the correct value.
But, your value.url isresults2020-11-17T09:36:11Z/localhost.json. Missing/.Please tell me the results of the curl command.
curl -v http://http://10.0.5.34:5111/getfilelist/curl response body includes
url. I would like to know if theurlvalue starts with a/.
$ curl -v http://10.0.5.34:5111/getfilelist/
* Trying 10.0.5.34...
* TCP_NODELAY set
* Connected to 10.0.5.34 (10.0.5.34) port 5111 (#0)
> GET /getfilelist/ HTTP/1.1
> Host: 10.0.5.34:5111
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json
< Date: Wed, 25 Nov 2020 03:47:46 GMT
< Content-Length: 851
<
* Connection #0 to host 10.0.5.34 left intact
[{"isFolder":"true","title":"2020-11-17T03:48:53Z","children":[{"title":"ip-10-0-0-251.json","url":"2020-11-17T03:48:53Z/ip-10-0-0-251.json"}]},{"isFolder":"true","title":"2020-11-17T04:48:40Z","children":[{"title":"ip-10-0-0-251.json","url":"2020-11-17T04:48:40Z/ip-10-0-0-251.json"}]},{"isFolder":"true","title":"2020-11-17T08:07:47Z","children":[{"title":"ip-10-0-0-251.json","url":"2020-11-17T08:07:47Z/ip-10-0-0-251.json"}]},{"isFolder":"true","title":"2020-11-17T08:47:57Z","children":[{"title":"ip-10-0-0-251.json","url":"2020-11-17T08:47:57Z/ip-10-0-0-251.json"}]},{"isFolder":"true","title":"2020-11-17T09:36:11Z","children":[{"title":"localhost.json","url":"2020-11-17T09:36:11Z/localhost.json"}]},{"isFolder":"true","title":"2020-11-17T09:45:49Z","children":[{"title":"ip-10-0-0-251.json","url":"2020-11-17T09:45:49Z/ip-10-0-0-251.json"}]}]
Is this correct value?
$ curl -v http://10.0.5.34:5111/getfilelist/
Is this correct value?
No. It is incorrect value. It seems strange.
Expect
"url":"/2020-11-17T03:48:53Z/ip-10-0-0-251.json"Actual
"url":"2020-11-17T03:48:53Z/ip-10-0-0-251.json"Your vulsrepo-config.toml
resultsPath = "/usr/share/vuls-data/results/"Change as follows. Remove the trailing /.
resultsPath = "/usr/share/vuls-data/results"Now implementation expects there will be no / at the end.
Line 264 in 52d8c4d
Change to return the correct value, regardless of the presence or absence of a trailing /.
yes, it's working when i deleted / at the end of resultPath, Thank you for your support.. i really like this apps.