Open cwiph opened 1 year ago
Update: it turns out that I am also not able to download the actual artifact. The artifact 9e2f4f87-50d8-3038-ae79-a990da460c38
is a text file. However, a download results in some encrypted binary blob:
bash$ curl -k 'https://vectr-internal:8081/sra-purpletools-rest/files/getExecArtifact/9e2f4f87-50d8-3038-ae79-a990da460c38' -H 'User-Agent: foo' -H 'Accept: application/json, text/plain, */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Connection: keep-alive' -H 'Referer: https://vectr-internal:8081/sra-purpletools-webui/app/' -H 'Cookie: vectr_jwt=ey_snip; vectr_refreshToken=b_snip' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-origin' --output artifact.bin
< HTTP/1.1 200
< Strict-Transport-Security: max-age=31536000
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Expires: Wed, 27 Jun 2012 05:15:00 GMT
< Last-Modified: Wed, 07 Jun 2023 12:28:09 GMT
< Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
< Content-Disposition: attachment; filename=test.txt
< Date: Wed, 07 Jun 2023 12:28:09 GMT
< Content-Type: application/octet-stream;charset=UTF-8
< Content-Length: 1669
< Keep-Alive: timeout=60
< Connection: keep-alive
<
{ [1669 bytes data]
bash$ xxd artifact.bin | head
00000000: 32fb 7922 d7ad 4a65 850d ed08 f60c 1b88 2.y"..Je........
00000010: 2395 a70d 15ae ce5b 39ab 1148 49ac 4119 #......[9..HI.A.
00000020: ba09 cc18 5430 2386 59b3 24d3 ffc4 a7cd ....T0#.Y.$.....
00000030: 2b4e c95e 1de3 3e33 dead a3a9 1a43 7cf7 +N.^..>3.....C|.
Update: it turns out that I am also not able to download the actual artifact. The artifact
9e2f4f87-50d8-3038-ae79-a990da460c38
is a text file. However, a download results in some encrypted binary blob:bash$ curl -k 'https://vectr-internal:8081/sra-purpletools-rest/files/getExecArtifact/9e2f4f87-50d8-3038-ae79-a990da460c38' -H 'User-Agent: foo' -H 'Accept: application/json, text/plain, */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Connection: keep-alive' -H 'Referer: https://vectr-internal:8081/sra-purpletools-webui/app/' -H 'Cookie: vectr_jwt=ey_snip; vectr_refreshToken=b_snip' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-origin' --output artifact.bin < HTTP/1.1 200 < Strict-Transport-Security: max-age=31536000 < X-Frame-Options: DENY < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < Expires: Wed, 27 Jun 2012 05:15:00 GMT < Last-Modified: Wed, 07 Jun 2023 12:28:09 GMT < Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 < Content-Disposition: attachment; filename=test.txt < Date: Wed, 07 Jun 2023 12:28:09 GMT < Content-Type: application/octet-stream;charset=UTF-8 < Content-Length: 1669 < Keep-Alive: timeout=60 < Connection: keep-alive < { [1669 bytes data] bash$ xxd artifact.bin | head 00000000: 32fb 7922 d7ad 4a65 850d ed08 f60c 1b88 2.y"..Je........ 00000010: 2395 a70d 15ae ce5b 39ab 1148 49ac 4119 #......[9..HI.A. 00000020: ba09 cc18 5430 2386 59b3 24d3 ffc4 a7cd ....T0#.Y.$..... 00000030: 2b4e c95e 1de3 3e33 dead a3a9 1a43 7cf7 +N.^..>3.....C|.
This is expected behavior. The file is decoded in the browser, so hitting the API directly will just return a binary formatted blob.
We'll look into the other issue that you mentioned. We're a bit backed up with prior work at the moment, but will add this to our triage queue.
Update: it turns out that I am also not able to download the actual artifact. The artifact
9e2f4f87-50d8-3038-ae79-a990da460c38
is a text file. However, a download results in some encrypted binary blob:bash$ curl -k 'https://vectr-internal:8081/sra-purpletools-rest/files/getExecArtifact/9e2f4f87-50d8-3038-ae79-a990da460c38' -H 'User-Agent: foo' -H 'Accept: application/json, text/plain, */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Connection: keep-alive' -H 'Referer: https://vectr-internal:8081/sra-purpletools-webui/app/' -H 'Cookie: vectr_jwt=ey_snip; vectr_refreshToken=b_snip' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-origin' --output artifact.bin < HTTP/1.1 200 < Strict-Transport-Security: max-age=31536000 < X-Frame-Options: DENY < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < Expires: Wed, 27 Jun 2012 05:15:00 GMT < Last-Modified: Wed, 07 Jun 2023 12:28:09 GMT < Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 < Content-Disposition: attachment; filename=test.txt < Date: Wed, 07 Jun 2023 12:28:09 GMT < Content-Type: application/octet-stream;charset=UTF-8 < Content-Length: 1669 < Keep-Alive: timeout=60 < Connection: keep-alive < { [1669 bytes data] bash$ xxd artifact.bin | head 00000000: 32fb 7922 d7ad 4a65 850d ed08 f60c 1b88 2.y"..Je........ 00000010: 2395 a70d 15ae ce5b 39ab 1148 49ac 4119 #......[9..HI.A. 00000020: ba09 cc18 5430 2386 59b3 24d3 ffc4 a7cd ....T0#.Y.$..... 00000030: 2b4e c95e 1de3 3e33 dead a3a9 1a43 7cf7 +N.^..>3.....C|.
This is expected behavior. The file is decoded in the browser, so hitting the API directly will just return a binary formatted blob.
We'll look into the other issue that you mentioned. We're a bit backed up with prior work at the moment, but will add this to our triage queue.
The web request was sent by the UI originally. Binary blob is returned and then not downloaded by the browser. Thanks for looking into it
The actual error thrown in the web browser console is:
services.dist.bd4e76004e9137873a65.js:83 Error: wrong secret key for the given ciphertext
at _ (sodium.js:1:524672)
at Object.gg [as crypto_secretbox_open_easy] (sodium.js:1:563865)
at services.dist.bd4e76004e9137873a65.js:83:97758
at angular.js:18075:37
at m.$digest (angular.js:19242:15)
at angular.js:19562:15
at Yg.completeTask (angular.js:21403:7)
at angular.js:6879:7
(anonymous) @ services.dist.bd4e76004e9137873a65.js:83
Describe the bug There seems to be an error in the handling of execution artifacts.
To Reproduce Steps to reproduce the behavior:
/sra-purpletools-webui/app/#/app/executionArtifacts
Expected behavior The execution artifact is created.
Screenshots I search for a specific artifact that used to be in VECTR. The search return no results.![no_results](https://github.com/SecurityRiskAdvisors/VECTR/assets/67684412/903428e2-0988-4327-a3e8-eec887d14519)
When I try to create the artifact VECTR informs me that it already exists. However, there seems to be already some inconsistency since the search did not find the artifact.![duplicate](https://github.com/SecurityRiskAdvisors/VECTR/assets/67684412/c057ffbc-ce1e-4262-a8af-d7a38bcf0bb5)
When I try to overwrite the artifact the following error is displayed:![failure](https://github.com/SecurityRiskAdvisors/VECTR/assets/67684412/d82fea36-4071-41c0-a9a8-e60435c7b5b6)
Additional context
Output from
docker logs vectr-tomcat_1