search

cisagov / decider

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Other
1.07k stars 117 forks source link

PermissionError: [Errno 13] Permission denied... #81

Closed jaxley closed 6 months ago

jaxley commented 7 months ago

🐛 Summary

Following instructions to start the latest 3.0.0 container in Docker results in a failure at runtime due to a permissions error with user_additions.html

The fix is simple - chmod 644 config/user_additions.html and then docker compose up

To reproduce

Steps to reproduce the behavior:

  1. Follow docker instructions on wiki
  2. Navigate to http://localhost:8001
  3. page fails to load. errors in the log

Expected behavior

The webpage to render without error.

Any helpful log output or screenshots

Paste the results here:

decider-web  | 2024-03-13 22:44:46,841 - app.routes.question - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: querying existence of version v14.1
decider-web  | 2024-03-13 22:44:46,841 - app.routes.utils_db - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: VersionPicker querying available ATT&CK versions
decider-web  | 2024-03-13 22:44:46,842 - app.routes.question - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: requested ATT&CK version exists
decider-web  | 2024-03-13 22:44:46,843 - app.routes.question - INFO - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: Crumb Bar: successfully built
decider-web  | 2024-03-13 22:44:46,843 - app.routes.question - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: querying Platforms and Data Sources in version v14.1
decider-web  | 2024-03-13 22:44:46,845 - app.routes.question - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: got 11 Platforms and 37 Data Sources
decider-web  | 2024-03-13 22:44:46,845 - app.routes.question - INFO - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: serving page
decider-web  | 2024-03-13 22:44:46,846 - decider - ERROR - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: A general unexpected error occurred
decider-web  | Traceback (most recent call last):
decider-web  |   File "/opt/decider/app/routes/utils.py", line 445, in wrapper
decider-web  |     return fn(*args, **kwargs)
decider-web  |            ^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/app/routes/question.py", line 467, in question_start_page
decider-web  |     return render_template("questionlist.html", **qna, **crumbs)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 151, in render_template
decider-web  |     return _render(app, template, context)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 132, in _render
decider-web  |     rv = template.render(context)
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/environment.py", line 1301, in render
decider-web  |     self.environment.handle_exception()
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/environment.py", line 936, in handle_exception
decider-web  |     raise rewrite_traceback_stack(source=source)
decider-web  |   File "/opt/decider/app/templates/questionlist.html", line 1, in top-level template code
decider-web  |     {% extends 'base.html' %}
decider-web  |   File "/opt/decider/app/templates/base.html", line 2, in top-level template code
decider-web  |     {% import 'user_additions.html' as user_additions %}
decider-web  |     ^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 64, in get_source
decider-web  |     return self._get_source_fast(environment, template)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 95, in _get_source_fast
decider-web  |     return loader.get_source(environment, template)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/loaders.py", line 206, in get_source
decider-web  |     with open(filename, encoding=self.encoding) as f:
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  | PermissionError: [Errno 13] Permission denied: '/opt/decider/./app/templates/user_additions.html'
decider-web  | 
decider-web  | The above exception was the direct cause of the following exception:
decider-web  | 
decider-web  | Traceback (most recent call last):
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/app.py", line 1484, in full_dispatch_request
decider-web  |     rv = self.dispatch_request()
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/app.py", line 1469, in dispatch_request
decider-web  |     return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/app/routes/utils.py", line 447, in wrapper
decider-web  |     raise new_ex from old_ex  # ErrorDuring____.__cause__ is the wrapped Exception
decider-web  |     ^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  | app.routes.utils.ErrorDuringHTMLRoute
decider-web  | 2024-03-13 22:44:46,848 - decider - ERROR - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: Exception on /question/v14.1 [GET]
decider-web  | Traceback (most recent call last):
decider-web  |   File "/opt/decider/app/routes/utils.py", line 445, in wrapper
decider-web  |     return fn(*args, **kwargs)
decider-web  |            ^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/app/routes/question.py", line 467, in question_start_page
decider-web  |     return render_template("questionlist.html", **qna, **crumbs)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 151, in render_template
decider-web  |     return _render(app, template, context)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 132, in _render
decider-web  |     rv = template.render(context)
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/environment.py", line 1301, in render
decider-web  |     self.environment.handle_exception()
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/environment.py", line 936, in handle_exception
decider-web  |     raise rewrite_traceback_stack(source=source)
decider-web  |   File "/opt/decider/app/templates/questionlist.html", line 1, in top-level template code
decider-web  |     {% extends 'base.html' %}
decider-web  |   File "/opt/decider/app/templates/base.html", line 2, in top-level template code
decider-web  |     {% import 'user_additions.html' as user_additions %}
decider-web  |     ^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 64, in get_source
decider-web  |     return self._get_source_fast(environment, template)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 95, in _get_source_fast
decider-web  |     return loader.get_source(environment, template)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/loaders.py", line 206, in get_source
decider-web  |     with open(filename, encoding=self.encoding) as f:
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Add any screenshots of the problem here.

damionmounts commented 7 months ago

Hello,

Would you happen to know what mode user_additions.html was in before you changed it?

I hadn't run into any mode issues with it before - and checking just gives me 644 - which means it should be good to go.

# latest develop branch (updated ~2wk ago) -> got 644
git clone https://github.com/cisagov/decider.git
stat --format '%a' decider/default_config/user_additions.html
rm -rf decider/

_(from defaultconfig/, as config/* doesn't exist on clone - it must be copied over)

damionmounts commented 6 months ago

Closing due to inactivity - always happy to re-open if needed.

jaxley commented 6 months ago 
ls -alcrt default_config 
total 24
drwxr-x---   9 jaxley  staff   288 Mar 13 17:35 build_sources
drwxr-x---   3 jaxley  staff    96 Mar 13 17:35 certs
-rw-r-----   1 jaxley  staff   970 Mar 13 17:35 frontend.json
-rw-r-----   1 jaxley  staff  1575 Mar 13 17:35 logging.json
drwxr-x---   7 jaxley  staff   224 Mar 13 17:35 .
-rw-r-----   1 jaxley  staff  1051 Mar 13 17:35 user_additions.html
drwxr-x---  27 jaxley  staff   864 Mar 13 17:38 ..
jaxley@88665a3753dd decider % uname
Darwin
jaxley@88665a3753dd decider % umask   
027

My umask may be an issue. The original file mode after checkout is 640.

damionmounts commented 6 months ago

I'd say that pretty much solves it - mine is 022, which is a common default.