ACAS SCAP Failure to Parse

[Sean-Be]

Prerequisites

Before submitting a new issue, please ensure you have completed the following (replace the space in the box with an "x" to denote that it has been completed)

• [x] I have ensured that I am running the latest release
• [x] The issue is repeatable
• [x] The issue has not already been reported

Category

Please select a category for the item being created

• [x] Bug
• [ ] Enhancement
• [x] Assistance Request

Description

Please provide a brief synopsis of the feature request or issue; if the item being created is due to a bug, please complete the "Expected Outcome", "Actual Outcome", and "Reproduction Steps" sections as well, otherwise, check the boxes to show that it doesn't apply

Synopsis

Exported ACAS Scap Scan results XML. Select the XCCDF XML Files to import. Click Excute, Fails to parse SCAP files. Use Scap Compliance Checker took, works fine with those XCCDF files.

Expected Outcome

• [ ] N/A (Non-Bug Issue)

What did you think was going to happen? Thought we would get the same excel report with ACAS Scap results and we would the SCAP Tool

Actual Outcome

• [ ] N/A (Non-Bug Issue)

What really happened?

2017-05-22 14:32:27,953        ERROR                                                    0                    Unable to parse ACAS XCCDF.
2017-05-22 14:32:27,956        ERROR                                                    0                    Unable to parse XCCDF using XML reader.
2017-05-22 14:32:27,956        ERROR                                                    0                    Unable to process XCCDF file.
2017-05-22 14:32:27,957        ERROR                                                    0                    1-1_windows-0-xccdf-res processing failed; Elapsed time: 00:00:00.0840300
2017-05-22 14:32:27,958        INFO                                                     0                    Begin processing of 1-6_windows-1-xccdf-res
2017-05-22 14:32:27,970        ERROR                                                    0                    Unable to parse ACAS XCCDF.
2017-05-22 14:32:27,972        ERROR                                                    0                    Unable to parse XCCDF using XML reader.
2017-05-22 14:32:27,973        ERROR                                                    0                    Unable to process XCCDF file.
2017-05-22 14:32:27,973        ERROR                                                    0                    1-6_windows-1-xccdf-res processing failed; Elapsed time: 00:00:00.0155216

Reproduction Steps

• [ ] N/A (Non-Bug Issue)

How did you get Vulnerator to do that? Re-Ran ACAS Scap scans, exported SCAP results from ACAS, same issues when running again.

Attachments

Please provide any relevant attachments, as you see fit (e.g. screenshots); if supplying vulnerability data (e.g. CKL/Nessus files or reports), please ensure that they are sanitized of IP addresses and host names and email them to alex.kuchta@navy.mil - DO NOT POST VULNERABILITY FILES HERE

• [X] Vulnerator Log (Required for bugs) - this can be found at C:\Users\%UserName%\AppData\Roaming\Vulnerator\V6Log.txt, where %UserName% is the user profile used to run the application
• [ ] Screenshots (Optional)
• [ ] Vulnerability Files (SANITIZED AND EMAILED)

[Sean-Be]

V6Log.txt

[amkuchta]

@Sean-Be are you able to provide a sanitized version of the file you attempted to process (host name / IP addresses removed) via an encrypted email to alex.kuchta@navy.mil? I would like to run it through the debugger to identify the issue at hand, if possible.

[akajeremy]

I'm experiencing the same problem - additionally, when I try and use vulnerator to parse a .nessus file, it only outputs one plugin (id: 66756) repeated 263 times.

Log results for XCCDF error: "2017-08-07 10:43:04,458 INFO 0 Refreshing findings database. 2017-08-07 10:43:04,620 INFO 0 Findings database refeshed successfully. 2017-08-07 10:43:04,621 INFO 0 Begin processing of 1-1_windows-0-xccdf-res 2017-08-07 10:43:04,838 ERROR 0 Unable to parse ACAS XCCDF. 2017-08-07 10:43:04,840 ERROR 0 Unable to parse XCCDF using XML reader. 2017-08-07 10:43:04,841 ERROR 0 Unable to process XCCDF file. 2017-08-07 10:43:04,841 ERROR 0 1-1_windows-0-xccdf-res processing failed; Elapsed time: 00:00:00.2206568 2017-08-07 10:43:07,875 INFO 0 Begin creation of C:\Users*\vuln.xlsx 2017-08-07 10:43:07,876 ERROR 0 Unable to create C:\Users*\vuln.xlsx (Excel Report). 2017-08-07 10:43:07,881 ERROR 0 Creation of C:\Users**\vuln.xlsx failed; Elapsed time: 00:00:00.0047631 2017-08-07 10:43:07,898 INFO 0 Processing complete; Excel report creation error; see log for details; PDF report not required; Elapsed time: 00:00:32.4476385"

Not sure how to troubleshoot this. When I look through the XCCDF with STIGViewer it seems to be correct, but Vulnerator doesn't like it. Any input is appreciated. @amkuchta

-Jeremy

[CyberSecDef]

Just adding my two cents here. It would seem odd to me that the log says it's unable to parse ACAS XCCDF. ACAS shouldn't have XCCDF. XCCDF should be only linked to SCAP scans....possibly CKLs.

-----Original Message----- From: Jeremy [mailto:notifications@github.com] Sent: Monday, August 07, 2017 10:49 AM To: Vulnerator/Vulnerator Cc: Subscribed Subject: [Non-DoD Source] Re: [Vulnerator/Vulnerator] ACAS SCAP Failure to Parse (#115)

I'm experiencing the same problem - additionally, when I try and use vulnerator to parse a .nessus file, it only outputs one plugin (id: 66756) repeated 263 times.

Log results for XCCDF error: "2017-08-07 10:43:04,458 INFO 0 Refreshing findings database. 2017-08-07 10:43:04,620 INFO 0 Findings database refeshed successfully. 2017-08-07 10:43:04,621 INFO 0 Begin processing of 1-1_windows-0-xccdf-res 2017-08-07 10:43:04,838 ERROR 0 Unable to parse ACAS XCCDF. 2017-08-07 10:43:04,840 ERROR 0 Unable to parse XCCDF using XML reader. 2017-08-07 10:43:04,841 ERROR 0 Unable to process XCCDF file. 2017-08-07 10:43:04,841 ERROR 0 1-1_windows-0-xccdf-res processing failed; Elapsed time: 00:00:00.2206568 2017-08-07 10:43:07,875 INFO 0 Begin creation of C:\Users\vuln.xlsx 2017-08-07 10:43:07,876 ERROR 0 Unable to create C:\Users\vuln.xlsx (Excel Report). 2017-08-07 10:43:07,881 ERROR 0 Creation of C:\Users**\vuln.xlsx failed; Elapsed time: 00:00:00.0047631 2017-08-07 10:43:07,898 INFO 0 Processing complete; Excel report creation error; see log for details; PDF report not required; Elapsed time: 00:00:32.4476385"

Not sure how to troubleshoot this. When I look through the XCCDF with STIGViewer it seems to be correct, but Vulnerator doesn't like it. Any input is appreciated.

-Jeremy

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Vulnerator/Vulnerator/issues/115#issuecomment-320685144 , or mute the thread https://github.com/notifications/unsubscribe-auth/AQyCjEsDjXwZbq1sd6u8ZVUel_rCFVgLks5sVyP4gaJpZM4NivuS . https://github.com/notifications/beacon/AQyCjPidkpVixQg37aA9XWUPlD5Hdc34ks5sVyP4gaJpZM4NivuS.gif