search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.4k stars 1.07k forks source link

Adding Sigma Repos dont use the proxy configuration #16269

Open rkmbaxed opened 1 year ago

rkmbaxed commented 1 year ago

Adding Sigma repos like SigmaHQ or other repos the proxy configuration is not used like in Graylog v5.0.

Expected Behavior

Within Graylog v5.0 we are able to get a connection with the configured proxy to the SigmaHQ and other repos. Since we did the update to Graylog v5.1.4 we get an error and we dont see any logs for the connections to SigmaHQ etc. at our proxy. We still the Graylog connections from other parts of Graylog at our proxy. Seems there is a issue with proxy implementation at the GitRepositoryService.

Current Behavior

2023-08-25T09:18:33.170+02:00 ERROR [GitRepositoryService] Error cloning Git repository at 'https://github.com/SigmaHQ/sigma.git': https://github.com/SigmaHQ/sigma.git: connection failed org.eclipse.jgit.api.errors.TransportException: https://github.com/SigmaHQ/sigma.git: connection failed at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:244) ~[?:?] at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:325) ~[?:?] at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:191) ~[?:?] at org.graylog.plugins.securityapp.sigma.git.GitRepositoryService.cloneRepository(GitRepositoryService.java:104) ~[?:?] at org.graylog.plugins.securityapp.sigma.git.GitRepositoryService.cloneDefaultRepository(GitRepositoryService.java:306) ~[?:?] at org.graylog.plugins.securityapp.sigma.rest.GitRepositoryResource.createDefault(GitRepositoryResource.java:96) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?] at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52) ~[graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:134) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:177) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:81) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:478) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:400) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81) [graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:292) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:274) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:244) [graylog.jar:?] at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) [graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234) [graylog.jar:?] at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684) [graylog.jar:?] at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:356) [graylog.jar:?] at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:200) [graylog.jar:?] at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:180) [graylog.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?] at java.lang.Thread.run(Thread.java:833) [?:?] Caused by: org.eclipse.jgit.errors.TransportException: https://github.com/SigmaHQ/sigma.git: connection failed at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:729) ~[?:?] at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:465) ~[?:?] at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:151) ~[?:?] at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:103) ~[?:?] at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1405) ~[?:?] at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:233) ~[?:?] ... 32 more Caused by: java.net.ConnectException: Connection refused github.com at org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:240) ~[?:?] at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:654) ~[?:?] at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:465) ~[?:?] at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:151) ~[?:?] at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:103) ~[?:?] at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1405) ~[?:?] at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:233) ~[?:?] ... 32 more

Possible Solution

Use the proxy configuration from server.conf for GitRepositoryService

Steps to Reproduce (for bugs)

  1. Update to Graylog 5.1.4
  2. Use a proxy
  3. Try to add SigmaHQ or another GIT for Sigma rules

Context

Your Environment

danotorrey commented 1 year ago

Refs: https://github.com/Graylog2/graylog-plugin-enterprise/issues/5694

rkmbaxed commented 1 year ago

Is there any information in which version the error will be fixed?

The error still exists in Graylog v5.1.5 up to v5.1.7 and also in v5.2.0-rc.1 und v5.2.0-rc.2

danotorrey commented 1 year ago

@rkmbaxed Thanks for the followup. Apologies on the delay. We are still looking into a fix, but we are not certain on the fix timing yet. The main challenge is that the fix would require a different Git implementation that has direct support for proxies. We will keep looking into this and will keep you updated on the progress.