search

Badgerati / Pode

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers
https://badgerati.github.io/Pode
MIT License
854 stars 94 forks source link

Nexus scan #1268

Open mdaneri opened 7 months ago

mdaneri commented 7 months ago

I have a Pode in pre-production, and like any machine on the network, it is scanned with Nexus. I was surprised to find so many exceptions on the console and not on the log.

I presume it's a bug because my code includes those 2 lines:

    New-PodeLoggingMethod -File -Name 'request' -Path './base/log/frontend' -MaxSize 10MB | Enable-PodeRequestLogging 
    New-PodeLoggingMethod  -File -Name 'errors' -Path './base/log/frontend' -MaxSize 10MB | Enable-PodeErrorLogging
[Error] HttpRequestException: Invalid request line: t3s 12.2.1 [2]
   at Pode.PodeHttpRequest.ValidateInput(Byte[] bytes) in /home/scan/Pode/src/Listener/PodeHttpRequest.cs:line 100
   at Pode.PodeRequest.Receive(CancellationToken cancellationToken)
[Error] HttpRequestException: Unable to read data from the transport connection: Connection reset by peer.

[Error] IOException: Unable to read data from the transport connection: Connection reset by peer.
   at System.Net.Security.SslStream.EnsureFullTlsFrameAsync[TIOAdapter](CancellationToken cancellationToken, Int32 estimatedSize)
   at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
   at System.Net.Security.SslStream.ReadAsyncInternal[TIOAdapter](Memory`1 buffer, CancellationToken cancellationToken)
   at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
   at System.Threading.Tasks.ValueTask`1.ValueTaskSourceAsTask.<>c.<.cctor>b__4_0(Object state)
--- End of stack trace from previous location ---
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
   at Pode.PodeRequest.BeginRead(Byte[] buffer, CancellationToken cancellationToken) in /home/scan/Pode/src/Listener/PodeRequest.cs:line 125
   at Pode.PodeRequest.Receive(CancellationToken cancellationToken) in /home/scan/Pode/src/Listener/PodeRequest.cs:line 140
[Error] HttpRequestException: Unable to read data from the transport connection: Connection reset by peer.

[Error] IOException: Unable to read data from the transport connection: Connection reset by peer.
   at System.Net.Security.SslStream.EnsureFullTlsFrameAsync[TIOAdapter](CancellationToken cancellationToken, Int32 estimatedSize)
   at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
   at System.Net.Security.SslStream.ReadAsyncInternal[TIOAdapter](Memory`1 buffer, CancellationToken cancellationToken)
   at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
   at System.Threading.Tasks.ValueTask`1.ValueTaskSourceAsTask.<>c.<.cctor>b__4_0(Object state)
--- End of stack trace from previous location ---
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
   at Pode.PodeRequest.BeginRead(Byte[] buffer, CancellationToken cancellationToken) in /home/scan/Pode/src/Listener/PodeRequest.cs:line 125
   at Pode.PodeRequest.Receive(CancellationToken cancellationToken) in /home/scan/Pode/src/Listener/PodeRequest.cs:line 140
[Error] HttpRequestException: Invalid request line: GNUTELLA CONNECT/0.6 [2]
   at Pode.PodeHttpRequest.ValidateInput(Byte[] bytes) in /home/scan/Pode/src/Listener/PodeHttpRequest.cs:line 100
   at Pode.PodeRequest.Receive(CancellationToken cancellationToken)
[Error] HttpRequestException: Invalid request line: GNUTELLA CONNECT/0.4 [2]
   at Pode.PodeHttpRequest.ValidateInput(Byte[] bytes) in /home/scan/Pode/src/Listener/PodeHttpRequest.cs:line 100
   at Pode.PodeRequest.Receive(CancellationToken cancellationToken)
[Error] HttpRequestException: Index was outside the bounds of the array.

[Error] IndexOutOfRangeException: Index was outside the bounds of the array.
   at Pode.PodeHttpRequest.ValidateInput(Byte[] bytes) in /home/scan/Pode/src/Listener/PodeHttpRequest.cs:line 72
   at Pode.PodeRequest.Receive(CancellationToken cancellationToken)
[Error] HttpRequestException: Invalid request line: rU [1]
   at Pode.PodeHttpRequest.ValidateInput(Byte[] bytes) in /home/scan/Pode/src/Listener/PodeHttpRequest.cs:line 100
   at Pode.PodeRequest.Receive(CancellationToken cancellationToken)
[Error] HttpRequestException: Unable to read data from the transport connection: Connection reset by peer.

[Error] IOException: Unable to read data from the transport connection: Connection reset by peer.
   at System.Net.Security.SslStream.EnsureFullTlsFrameAsync[TIOAdapter](CancellationToken cancellationToken, Int32 estimatedSize)
   at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
   at System.Net.Security.SslStream.ReadAsyncInternal[TIOAdapter](Memory`1 buffer, CancellationToken cancellationToken)
   at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
   at System.Threading.Tasks.ValueTask`1.GetTaskForValueTaskSource(IValueTaskSource`1 t)
--- End of stack trace from previous location ---
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
   at Pode.PodeRequest.BeginRead(Byte[] buffer, CancellationToken cancellationToken) in /home/scan/Pode/src/Listener/PodeRequest.cs:line 125
   at Pode.PodeRequest.Receive(CancellationToken cancellationToken) in /home/scan/Pode/src/Listener/PodeRequest.cs:line 140
Cannot retrieve the dynamic parameters for the cmdlet. The path '/../../../../../../../../../windows/win.ini' referred to an item that was outside the base ''.
Cannot retrieve the dynamic parameters for the cmdlet. The path '/../../../../../../../../../winnt/win.ini' referred to an item that was outside the base ''.
[Error] HttpRequestException: Unable to read data from the transport connection: Connection reset by peer.

[Error] IOException: Unable to read data from the transport connection: Connection reset by peer.
   at System.Net.Security.SslStream.EnsureFullTlsFrameAsync[TIOAdapter](CancellationToken cancellationToken, Int32 estimatedSize)
   at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
   at System.Net.Security.SslStream.ReadAsyncInternal[TIOAdapter](Memory`1 buffer, CancellationToken cancellationToken)
   at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
   at System.Threading.Tasks.ValueTask`1.GetTaskForValueTaskSource(IValueTaskSource`1 t)
--- End of stack trace from previous location ---
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
   at Pode.PodeRequest.BeginRead(Byte[] buffer, CancellationToken cancellationToken) in /home/scan/Pode/src/Listener/PodeRequest.cs:line 125
   at Pode.PodeRequest.Receive(CancellationToken cancellationToken) in /home/scan/Pode/src/Listener/PodeRequest.cs:line 140
mdaneri commented 7 months ago

the Cannot retrieve the dynamic parameters for the cmdlet. The path '/../../../../../../../../../windows/win.ini' referred to an item that was outside the base ''. is more a PowerShell problem than Pode

Badgerati commented 7 months ago

Yeeeah, this is expected - for now anyway. The logs produced from the .NET side of Pode only get written to the console, and not a file or anything else specified. It's actually one I'm going to fix for 2.11.0, as I want to do a small refactor on how the logs get written so both the PowerShell and .NET sides of Pode can use the same system.