search

KvasirSecurity / Kvasir

Kvasir: Penetration Test Data Management
Other
426 stars 85 forks source link

Host lookup in service formatting fails #171

Open mwulftange opened 9 years ago

mwulftange commented 9 years ago

The host lookup db.t_hosts[r.f_hosts_id] in the formatting function for services in _models/db_02kvasir.py fails when trying to edit a vulnerability of a service (…/vulns/service_vulns_edit.html/123) with the following trace:

Traceback (most recent call last):
  File "/opt/web2py/gluon/restricted.py", line 224, in restricted
    exec ccode in environment
  File "/opt/web2py/applications/kvasir/controllers/vulns.py", line 807, in <module>
  File "/opt/web2py/gluon/globals.py", line 392, in <lambda>
    self._caller = lambda f: f()
  File "/opt/web2py/gluon/tools.py", line 3449, in f
    return action(*a, **b)
  File "/opt/web2py/applications/kvasir/controllers/vulns.py", line 491, in service_vulns_edit
    onaccept=crud.archive)
  File "/opt/web2py/gluon/tools.py", line 4066, in update
    **attributes # contains hidden
  File "/opt/web2py/gluon/sqlhtml.py", line 1230, in __init__
    inp = self.widgets.options.widget(field, default)
  File "/opt/web2py/gluon/sqlhtml.py", line 289, in widget
    options = requires[0].options()
  File "/opt/web2py/gluon/validators.py", line 579, in options
    self.build_set()
  File "/opt/web2py/gluon/validators.py", line 576, in build_set
    self.labels = [self.label(r) for r in records]
  File "/opt/web2py/applications/kvasir/models/db_02_kvasir.py", line 81, in <lambda>
    format=lambda r:XML("%s :: %s/%s" % (db.t_hosts[r.f_hosts_id].f_ipaddr, r.f_proto, r.f_number)),
AttributeError: 'NoneType' object has no attribute 'f_ipaddr'
fnoelscher commented 9 years ago

it works for me. how did you create the vulnerability and the host?

grutz commented 9 years ago

Was this on a fresh database or from one prior to the f_ipv4/f_ipv6 to f_ipaddr change?

This could also be a cached select() issue. Did you just create a vulnerability and attempt to assign it to a service?

Kurt Grutzmacher -=- grutz@jingojango.net

On Thu, Feb 5, 2015 at 7:11 AM, fnoelscher notifications@github.com wrote:

it works for me. how did you create the vulnerability and the host?

— Reply to this email directly or view it on GitHub https://github.com/KvasirSecurity/Kvasir/issues/171#issuecomment-73061666 .

mwulftange commented 9 years ago

I imported NMAP XML results into a fresh database, created a vulnerability and added it to a service. That worked. But when trying to edit the assigned vulnerability, the mentioned error occurred.

I already did some debugging and although r.f_hosts_id has a value and replacing r.f_hosts_id by its value (i. e., db.t_hosts[12345]) works, somehow db.t_hosts[r.f_hosts_id] just returns None.