Closed Thoemmy closed 1 month ago
jennifer-shehane
commented
3 months ago @Thoemmy Can you give any more information on why paloalto is regarding Cypress as a threat? All I can see in the screenshots is a couple of low severity alerts for ffmpeg and pxielmatch. There's not much we can act on with this information. We don't have access to this service. I would definitely say we're not a virus though.
Thoemmy
commented
3 months ago According to the infrastructure technician, Cypress has been on the threat list for a few days. This list is shared by some network solutions, but I am not that familiar with this topic. I thought I should report this issue because he told me that it is not our company that recognizes Cypress as a threat, but the software is grabbing this information from a shared list. I also assume that this "error" occurs by mistake.
Edit: And you can see in the screenshot that the "suspicious" file is "cypress_runner.js"
MikeMcC399
commented
3 months ago Similar symptoms were reported today for Cypress 12.17.4 in Discord https://discord.com/channels/755913899261296641/1255885464351674382
MikeMcC399
commented
3 months ago @Thoemmy
You may need to request your network provider to "allowlist" the Cypress binary cypress.zip.
Thoemmy
commented
3 months ago @MikeMcC399 When i visit the url "https://download.cypress.io/desktop/13.12.0?platform=win32&arch=x64" within the browser the download start immediatly. As you can see in the screenshot.
If i run npm i --ignore-scripts then the script in cypress will not start and the installation is done without any error.
MikeMcC399
commented
3 months ago @Thoemmy
You can allow the browser download from https://download.cypress.io/desktop/13.12.0?platform=win32&arch=x64 to complete and then examine the zip file with a zip program. I expect it will be corrupted due to your network provider stopping the complete download. That is the problem in your original logs
npm ERR! Expected downloaded file to have size: 195511441
npm ERR! Computed size: 148879624If you run npm install cypress --save-dev --ignore-scripts then this will install the npm module cypress into node_modules. It does not install the Cypress binary.
You can then manually attempt to download the Cypress binary after setting the environment variable DEBUG=cypress:*
npx cypress cache clear
npx cypress installI expect this will also fail.
Your options are:
cypress.zipcypress.zip on a different network where the download is not blocked then unzip it into your cache directory Thoemmy
commented
3 months ago @MikeMcC399
PS C:\> npm install --ignore-scripts
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated read-package-json@7.0.1: This package is no longer supported. Please use @npmcli/package-json instead.
npm WARN deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated vis@4.21.0-EOL: Please consider using https://github.com/visjs
added 2379 packages, and audited 2380 packages in 51s
386 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilitiesI typed: npx cypress cahce clear then npx cypress install
PS C:\> npx cypress install
Installing Cypress (version: 13.12.0)
✖ The Cypress App could not be downloaded.
Does your workplace require a proxy to be used to access the Internet? If so, you must configure the HTTP_PROXY environment variable before downloading Cypress. Read more: https://on.cypress.io/proxy-configuration
Otherwise, please check network connectivity and try again:
----------
URL: https://download.cypress.io/desktop/13.12.0?platform=wi…
The Cypress App could not be downloaded.
Does your workplace require a proxy to be used to access the Internet? If so, you must configure the HTTP_PROXY environment variable before downloading Cypress. Read more: https://on.cypress.io/proxy-configuration
Otherwise, please check network connectivity and try again:
----------
URL: https://download.cypress.io/desktop/13.12.0?platform=win32&arch=x64
Error: Corrupted download
Expected downloaded file to have checksum: 27188b9002308550027906d5036d0fbc85d1f198a488225e11ae2b2c927539286f593331e88b3cec1eabc3770ee8e8cc66f6020702d4bca46358970270464391
Computed checksum: 05c67f11db384d647d659037eb7f42715ac8a2bb3e9085fafb94999ab874a7cf3e4d8e1a39e51ae63c4e292cccfb723b5591fbcef9ee18e5ca2c8a7f81e5dc08
Expected downloaded file to have size: 195511441
Computed size: 148896011
----------
Platform: win32-x64 (10.0.22631)
Cypress Version: 13.12.0Same error as you mentioned
MikeMcC399
commented
3 months ago @Thoemmy
If you are able to download via personal WiFi, do you need any additional assistance?
You, or your network support colleagues, can contact Palo Alto Networks concerning the potential false positive categorization of the Cypress binary. See https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3aCAC
Thoemmy
commented
3 months ago @MikeMcC399 I thought it would be interesting for you to know that your binary is recognized as a threat by Global Threat intelligence. Because i can not prove them that this file is a false positive
MikeMcC399
commented
3 months ago @Thoemmy
Thank you for sharing the problem. I scanned the file downloaded from https://download.cypress.io/desktop/13.12.0?platform=win32&arch=x64 using Norton Security and it reported "No Threats Found".
Thoemmy
commented
3 months ago I also made some checks, i will see if some internal can get in contact with Palo Alto.
Currently we are unable to use cypress because also v13.10.0 got corrupted today
jennifer-shehane
commented
1 month ago I don't see anything being actionable on our side here, so will close this issue.
Current behavior
I am using nx workspace v19.0.7 and in the npm package nx added the cypress version: "^13.10.0". (which installs the v13.12.0 lts)
While installing the packages with "npm i" i receive following error which can be seen in Debug logs
I've talked to the IT Infrasctucture to analyse this problem and they told me that the cypress_runner.js is marked as a threath in the Paloalto Networker Threatvault
See images for more details:
I set the cypress version to "~13.10.0" and the installation had no problems I did not tried it with v13.11.0.
Note: if i visit the link (https://download.cypress.io/desktop/13.12.0?platform=win32&arch=x64) via browser then the zip file gets downloaded
Debug logs
Cypress Version
13.12.0
Node version
20.13.1
Package Manager
npm
Package Manager Version
10.5.2
Operating system
Windows
Operating System Version
Windows 11 Enterprise 23H2
Other
If you need further information, dont hesitate to contact me.