search

MISP / misp-docker

A production ready Dockered MISP
GNU General Public License v3.0
161 stars 93 forks source link

Upgrade from v2.4.194 to .198 results in CSRF error #168

Closed captainfalcon23 closed 3 weeks ago

captainfalcon23 commented 3 weeks ago

Hi,

I am using official docker images and upgrading from .194 to .198, however, I am greeted with CSRF errors when logging in. In addition, the error.log is filled with errors such as:


2024-10-09 02:33:22 Warning: Warning (2): session_start() [<a href='http://php.net/function.session-start'>function.session-start</a>]: Redis connection not available in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/CakeSession.php, line 745]
Trace:
ErrorHandler::handleError() - APP/Lib/cakephp/lib/Cake/Error/ErrorHandler.php, line 230
session_start - [internal], line ??
CakeSession::_startSession() - APP/Lib/cakephp/lib/Cake/Model/Datasource/CakeSession.php, line 745
CakeSession::start() - APP/Lib/cakephp/lib/Cake/Model/Datasource/CakeSession.php, line 219
CakeSession::check() - APP/Lib/cakephp/lib/Cake/Model/Datasource/CakeSession.php, line 248
FlashHelper::render() - APP/Lib/cakephp/lib/Cake/View/Helper/FlashHelper.php, line 72
include - APP/View/Layouts/default.ctp, line 58
View::_evaluate() - APP/Lib/cakephp/lib/Cake/View/View.php, line 971
View::_render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 933
View::renderLayout() - APP/Lib/cakephp/lib/Cake/View/View.php, line 546
View::render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 481
Controller::render() - APP/Lib/cakephp/lib/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 101

2024-10-09 02:33:22 Warning: Warning (2): session_start() [<a href='http://php.net/function.session-start'>function.session-start</a>]: Failed to read session data: redis (path: tcp://redis:6379?auth=XXXXX) in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/CakeSession.php, line 745]
Trace:
ErrorHandler::handleError() - APP/Lib/cakephp/lib/Cake/Error/ErrorHandler.php, line 230
session_start - [internal], line ??
CakeSession::_startSession() - APP/Lib/cakephp/lib/Cake/Model/Datasource/CakeSession.php, line 745
CakeSession::start() - APP/Lib/cakephp/lib/Cake/Model/Datasource/CakeSession.php, line 219
CakeSession::check() - APP/Lib/cakephp/lib/Cake/Model/Datasource/CakeSession.php, line 248
FlashHelper::render() - APP/Lib/cakephp/lib/Cake/View/Helper/FlashHelper.php, line 72
include - APP/View/Layouts/default.ctp, line 58
View::_evaluate() - APP/Lib/cakephp/lib/Cake/View/View.php, line 971
View::_render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 933
View::renderLayout() - APP/Lib/cakephp/lib/Cake/View/View.php, line 546
View::render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 481
Controller::render() - APP/Lib/cakephp/lib/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 101

Logs also filled with:

misp-core-1     | 2024-10-09 03:15:36,224 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:36,224 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:37,227 INFO spawned: 'cache_01' with pid 5510
misp-core-1     | 2024-10-09 03:15:38,314 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:38,315 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:39,317 INFO spawned: 'cache_01' with pid 5518
misp-core-1     | 2024-10-09 03:15:40,405 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:40,405 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:41,408 INFO spawned: 'cache_01' with pid 5526
misp-core-1     | 2024-10-09 03:15:42,494 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:42,495 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:43,497 INFO spawned: 'cache_01' with pid 5534
misp-core-1     | 2024-10-09 03:15:44,583 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:44,584 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:45,586 INFO spawned: 'cache_01' with pid 5542
misp-core-1     | 2024-10-09 03:15:46,674 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:46,674 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:47,677 INFO spawned: 'cache_01' with pid 5550
misp-core-1     | 2024-10-09 03:15:48,763 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:48,763 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:49,766 INFO spawned: 'cache_01' with pid 5558
misp-core-1     | 2024-10-09 03:15:50,852 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:50,853 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:51,855 INFO spawned: 'cache_01' with pid 5566
misp-core-1     | 2024-10-09 03:15:52,942 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:52,943 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:53,944 INFO spawned: 'cache_01' with pid 5574
misp-core-1     | 2024-10-09 03:15:55,033 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:55,033 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:56,036 INFO spawned: 'cache_01' with pid 5582
misp-core-1     | 2024-10-09 03:15:57,123 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:57,123 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:15:58,125 INFO spawned: 'cache_01' with pid 5590
misp-core-1     | 2024-10-09 03:15:59,215 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:15:59,215 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:16:00,218 INFO spawned: 'cache_01' with pid 5598
misp-core-1     | 2024-10-09 03:16:01,304 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:16:01,305 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:16:02,307 INFO spawned: 'cache_01' with pid 5606
misp-core-1     | 2024-10-09 03:16:03,395 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:16:03,395 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:16:04,398 INFO spawned: 'cache_01' with pid 5614
misp-core-1     | 2024-10-09 03:16:05,487 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:16:05,488 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:16:06,491 INFO spawned: 'cache_01' with pid 5622
misp-core-1     | 2024-10-09 03:16:07,579 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:16:07,580 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:16:08,582 INFO spawned: 'cache_01' with pid 5630
misp-core-1     | 2024-10-09 03:16:09,677 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:16:09,677 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:16:10,680 INFO spawned: 'cache_01' with pid 5638
misp-core-1     | 2024-10-09 03:16:11,767 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:16:11,767 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:16:12,770 INFO spawned: 'cache_01' with pid 5646
misp-core-1     | 2024-10-09 03:16:13,858 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:16:13,858 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:16:14,861 INFO spawned: 'cache_01' with pid 5654
misp-core-1     | 2024-10-09 03:16:15,948 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:16:15,948 INFO exited: cache_01 (exit status 1; not expected)
misp-core-1     | 2024-10-09 03:16:16,950 INFO spawned: 'cache_01' with pid 5662
misp-core-1     | 2024-10-09 03:16:18,037 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-core-1     | 2024-10-09 03:16:18,038 INFO exited: cache_01 (exit status 1; not expected)

I haven't changed anything except the MISP-core and MISP-modules version. My docker-compose is exactly the same. Note that I have been using the official redis image since the start, and not "valkey" like in your dockerfile. Not sure if this makes a difference.

ostefano commented 3 weeks ago

Check docker-compose.yml. You will see that now Redis is configured with a password (mandatory).

I am going to close this. If you need further assistance check the gitter/matrix channels.

adpaccent commented 6 days ago

Hi Stefano,

This issue is still present. I tested 2.4.198 and the latest versions of misp-core and misp-modules, I configured Redis with the password and the CSRF error is still present.

This issue is not acceptable, because with CSRF error it's impossible to login into MISP and use it for everyday activities.

Please re-open this issue and fix it as soon as possible.

Let us know