OWASP / glue

Application Security Automation
Other
522 stars 112 forks source link

`block (2 levels) in get_options': undefined local variable or method `path' for Glue::Options:Module (NameError) #176

Open bc-venkata opened 4 years ago

bc-venkata commented 4 years ago

Unable to run glue locally.

`$ glue -T report.json

/Library/Ruby/Gems/2.3.0/gems/owasp-glue-0.9.0/lib/glue/options.rb:49:in block (2 levels) in get_options': undefined local variable or methodpath' for Glue::Options:Module (NameError) from /System/Library/Frameworks/Ruby.framework/Versions/2.3/usr/lib/ruby/2.3.0/optparse.rb:1578:in block in parse_in_order' from /System/Library/Frameworks/Ruby.framework/Versions/2.3/usr/lib/ruby/2.3.0/optparse.rb:1534:incatch' from /System/Library/Frameworks/Ruby.framework/Versions/2.3/usr/lib/ruby/2.3.0/optparse.rb:1534:in parse_in_order' from /System/Library/Frameworks/Ruby.framework/Versions/2.3/usr/lib/ruby/2.3.0/optparse.rb:1528:inorder!' from /System/Library/Frameworks/Ruby.framework/Versions/2.3/usr/lib/ruby/2.3.0/optparse.rb:1620:in permute!' from /System/Library/Frameworks/Ruby.framework/Versions/2.3/usr/lib/ruby/2.3.0/optparse.rb:1642:inparse!' from /Library/Ruby/Gems/2.3.0/gems/owasp-glue-0.9.0/lib/glue/options.rb:257:in get_options' from /Library/Ruby/Gems/2.3.0/gems/owasp-glue-0.9.0/lib/glue/options.rb:16:inparse!' from /Library/Ruby/Gems/2.3.0/gems/owasp-glue-0.9.0/bin/glue:11:in <top (required)>' from /usr/local/bin/glue:22:inload' from /usr/local/bin/glue:22:in `

'

$ `

omerlh commented 4 years ago

I tried and wasn't able to reproduce it locally. 0.9 is pretty old (my bad, we didn't pushed a new version to ruby gem for a while). Can you try either cloning the repo and running wiht ruby bin/glue or using docker?

omerlh commented 4 years ago

I just pushed 0.9.4 to GitHub packages - can you please try it out?

bc-venkata commented 4 years ago

$ ruby bin/glue -t Dynamic -T report.json --mapping-file mobsf -z 2 Setting severity_threshold to 2 Logfile nil? calling scan Running scanner Loading scanner... Processing target...report.json Running tasks in stage: wait Running tasks in stage: mount Running tasks in stage: file Running tasks in stage: code code - Dynamic - # Invalid mappings JSON: ["The property '#/mappings/0/properties' did not contain a required property of 'source' in schema b9d9fa95-af34-55cd-827a-d1762791af40"]

bc-venkata commented 4 years ago

Here is the mapping file that I used

{ "task_name": "MobSF", "app_name": "app_name", "mappings": [ { "key": "manifest_analysis", "properties": { "description": "desc", "detail": "title", "source": "title", "severity": "stat", "fingerprint": "title" }, "key": "findings", "properties": { "description": "cwe", "detail": "path", "severity": "level", "fingerprint": "cwe" } } ] }

omerlh commented 4 years ago

The alert is (maybe not enough) pretty seld explanatory - you are missing a required filed, source, on your second mapping (key=findings). Can you please try to add it?

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

valentin-muschici commented 4 years ago

Hi Omer, I´m facing the same issue. I created a container from the latest glue image and connected on it and when I´m running:

"ruby bin/glue -T report_scan.json --mapping-file mobsf -z 2"

I´m getting : /home/glue/glue/lib/glue/options.rb:41:in block (2 levels) in get_options': undefined local variable or methodpath' for Glue::Options:Module (NameError) from /home/glue/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/optparse.rb:1571:in block in parse_in_order' from /home/glue/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/optparse.rb:1527:incatch' from /home/glue/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/optparse.rb:1527:in parse_in_order' from /home/glue/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/optparse.rb:1521:inorder!' from /home/glue/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/optparse.rb:1613:in permute!' from /home/glue/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/optparse.rb:1635:inparse!' from /home/glue/glue/lib/glue/options.rb:356:in get_options' from /home/glue/glue/lib/glue/options.rb:16:inparse!' from bin/glue:11:in `

'

The json file is copied in the glue folder. Running the command from /home/glue/glue. I have the latest 0.9.4 version. Any commands that I´m executing (with or without z parameter) gives me this error. It looks like by running with the docker command it works. Please support me on that.

valentin-muschici commented 4 years ago

Did some further investigations: I tried using the docker command. Same output.
docker run -it owasp/glue:latest ruby bin/glue -t Dynamic -T report_scan.json --mapping-file mobsf -z 2

I tried with the owasp/glue:raw-latest and with this one I cannot see the issue. So works. docker run -it owasp/glue:raw-latest ruby bin/glue -t Dynamic -T report_scan.json --mapping-file mobsf -z 2

The issue with owasp/glue:raw-latest is that I cannot connect to the container created with this image. It gives me :

OCI runtime exec failed: exec failed: container_linux.go:346: starting container process caused "exec: \"bash\": executable file not found in $PATH": unknown command terminated with exit code 126

omerlh commented 4 years ago

Yep, the raw-latests is the right one to use. It gives you this error because it is alpine based, so you need to use /bin/sh instead :)

valentin-muschici commented 4 years ago

Thanks Omer. I´ll give it a try.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.