search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.39k stars 164 forks source link

404 for static assets #65

Closed initstring closed 4 years ago

initstring commented 4 years ago

Hi team VECTR,

Thanks for your hard work on such a cool product. We're just getting set up and ran into a little issue.

Assets from /static/ are returning 404 and causing issues with displaying of icons.

Here is an example screenshot of the issue: image

When this occurs, here is some output from the browser inspect tools:

GET https://[REDACTED]/static/icons/T1219.svg 404
GET https://[REDACTED]/static/icons/T1526.svg 404

And here is the matching output from inside the Docker container running VECTR:

- - [17/Jun/2020:01:30:39 +0000] "GET /static/icons/T1219.svg HTTP/1.1" 404 739
- - [17/Jun/2020:01:30:39 +0000] "GET /static/icons/T1526.svg HTTP/1.1" 404 739

I do see that the icon files actually exist in /opt/vectr/release/defaults/resources/static/icons inside the container.

I'm running VECTR v5.5.8. The installation is fairly default, with the exception that I've applied the manual fix in this issue to get things working behind a reverse proxy inside GCP.

initstring commented 4 years ago

Just to add - the initial install was done about 2 weeks ago. Then, the system was upgraded to the newest release by changing the version number in the docker-compose.yml file and running down/up as stated in the docs.

thebleucheese commented 4 years ago

I think I know what happened. Since you had existing files in ./resources/static it's not copying the new icons out of the release folder inside the container.

Our typical upgrade practice is backup existing instance, tear everything down, create a new VECTR deploy dir with the upgraded version and then copy the data folder into the new instance. We persist icon sets and other ./resources that the application uses or creates. Due to this, we didn't address what happens when we release new icons with VECTR and a user has an existing ./resources/static/icons folder with content in it. We do it this way so you can add/delete/change the icons that show up in the system.

I'm attaching a zip with all the icons we use. You can extract to ./resources/static/icons and it should fix the issue. We'll have to think on how to address shipping icons with the application in the future so we can push them to in-place upgrades. We'll probably need to ship them in a way that tracks state - separating user-added icons and system icons and adding a way in the UI to disable or hide specific system icons if desired.

icons.zip

initstring commented 4 years ago

@thebleucheese Wow that was quick!

Thanks so much. Yes, copying the files from the zip to /opt/vectr/resources/static/icons/ indeed solves the issue.

Closing the issue, have a great day!