search

denimgroup / threadfix

ThreadFix is a software vulnerability management platform. This GitHub site is far out of date. Please go to www.threadfix.it for up-to-date information.
340 stars 127 forks source link

API Set Application URL System Error #1109

Closed aparsons closed 9 years ago

aparsons commented 9 years ago

The set application url api call (rest/applications/[appId]/addUrl) returns a system error HTML document. It does correctly set the url, but I would expect the response to be the application json object.

Documentation: https://github.com/denimgroup/threadfix/wiki/Threadfix-REST-Interface#set-url

Here is a curl example.

curl --insecure -H 'Accept: application/json' -X POST --data 'url=http://www.example-url2.com' https://[REDACTED]:8443/threadfix/rest/applications/7/addUrl?apiKey=[REDACTED]

Here is the response body.

<head>
   <title>System error</title>
</head>
<h2>System error</h2>
A system error occurred.
<br/><br/><!-- error.jsp -->
<a href="/threadfix/;jsessionid=49B00C1BA11473C646D3B88AD3E81D16">Home</a>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
   <head>
      <!-- HTTP 1.1 -->
      <meta http-equiv="Cache-Control" content="no-store"/>
      <!-- HTTP 1.0 -->
      <meta http-equiv="Pragma" content="no-cache"/>
      <!-- Prevents caching at the Proxy Server -->
      <meta http-equiv="Expires" content="0"/>
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <link rel="icon" href="/threadfix/images/favicon.ico;jsessionid=49B00C1BA11473C646D3B88AD3E81D16"/>
      <title>System error | ThreadFix</title>
      <link rel="stylesheet" type="text/css" href="/threadfix/styles/reset-fonts-grids.css"/>
      <link rel="stylesheet" type="text/css" href="/threadfix/styles/bootstrap.min.css"/>
      <link rel="stylesheet" type="text/css" href="/threadfix/styles/main.css"/>
      <link rel="stylesheet" type="text/css" href="/threadfix/styles/jquery-ui.css"/>
      <link rel="stylesheet" type="text/css" href="/threadfix/styles/d3.css"/>
      <link rel="stylesheet" type="text/css" href="/threadfix/styles/angular-multi-select.css"/>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/angular-file-upload-shim.min.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/angular.min.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/ui-bootstrap-tpls-0.10.0.min.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/angular-file-upload.min.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/dynamic-forms.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/filters.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/threadfix-module.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/services.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/generic-modal-controller.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/header-controller.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/wrapper-controller.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/init-controller.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/directives.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/angular-multi-select.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/jspdf.debug.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/report/directives/d3-dashboards.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/report/directives/d3-trending-scans.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/report/d3.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/report/d3-donut.js"></script>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/report/report-services.js"></script>
      <!--[if lt IE 7]>
      <link rel="stylesheet" type="text/css" href="/threadfix/styles/ie6.css"/>
      <script type="text/javascript" src="/threadfix/v/2.2-SNAPSHOT-506b47d/scripts/iepngfix_tilebg.js"></script>
      <![endif]-->
   </head>
   <body ng-app='threadfix'
      >
      <div id="wrapper">
         <div id="main">
            <div class="top-corners corners">
               <div class="left corner">
                  <!-- -->
               </div>
               <div class="right corner">
                  <!-- -->
               </div>
               <div class="center">
                  <!-- -->
               </div>
            </div>
            <div id="main-content" ng-controller="WrapperController" class="hide-wrapper" ng-class="{ 'cancel-hide-wrapper': loaded }">
               {{name}}
               <h2>System error</h2>
               A system error occurred and has been logged to the database at Apr 29, 2015 10:40:18 PM.
               <br/><br/>
               <a href="/threadfix/;jsessionid=49B00C1BA11473C646D3B88AD3E81D16">Back to Home Page</a>
               <div ng-hide="loaded" class="modal-loading">
                  <div><span class="spinner dark"></span>Loading...</div>
               </div>
            </div>
            <div class="bottom-corners corners">
               <div class="left corner">
                  <!-- -->
               </div>
               <div class="right corner">
                  <!-- -->
               </div>
               <div class="center">
                  <!-- -->
               </div>
            </div>
         </div>
      </div>
      <div id="footer">
         <div id="poweredBy">ThreadFix is Powered by</div>
         <div id="bottomLogo">
            <a href="http://www.denimgroup.com/" class="denim-group" target="_blank">
            <img src="/threadfix/images/dg_logo_white.png" class="transparent_png"
               alt="Denim Group" />
            </a>
         </div>
         <div id="copyright">
            Version 2.2RC2. Copyright &copy; 2009 - 2015. Denim Group, Ltd. All rights reserved. Built on
            Mar 17, 2015
         </div>
      </div>
      <style type="text/css">
         .ui-widget-header {
         background: url("images/ui-bg_highlight-soft_75_cccccc_1x100.png") repeat-x scroll 50% 50% #38616D;
         color: #FFFFFF;
         }
         .ui-state-default, .ui-widget-content .ui-state-default, .ui-widget-header .ui-state-default {
         background:url("images/ui-bg_glass_75_e6e6e6_1x400.png") repeat-x scroll 50% 50% #38616D;
         border:1px solid #D3D3D3;
         color:#FFFFFF;
         font-weight:bold;
         }
         .ui-widget-content {
         background: #EFEFEF;
         }
      </style>
      <div id="delete-dialog" title="Delete" style="display:none">
         <p><span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span>Are you sure you want to delete this <span id="deleteType"></span>?</p>
      </div>
   </body>
</html>

Here is the error log.

Diagnostics: 260 megabytes memory available out of 2 gigabytes. 13 gigabytes disk space available.

java.lang.IllegalArgumentException: @JsonView only supported for response body advice with exactly 1 class argument: org.springframework.web.method.HandlerMethod$ReturnValueMethodParameter@26f0ac1f
    at org.springframework.web.servlet.mvc.method.annotation.JsonViewResponseBodyAdvice.beforeBodyWriteInternal(JsonViewResponseBodyAdvice.java:59)
    at org.springframework.web.servlet.mvc.method.annotation.AbstractMappingJacksonResponseBodyAdvice.beforeBodyWrite(AbstractMappingJacksonResponseBodyAdvice.java:49)
    at org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdviceChain.invoke(ResponseBodyAdviceChain.java:74)
    at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodProcessor.writeWithMessageConverters(AbstractMessageConverterMethodProcessor.java:158)
    at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodProcessor.writeWithMessageConverters(AbstractMessageConverterMethodProcessor.java:101)
    at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.handleReturnValue(RequestResponseBodyMethodProcessor.java:202)
    at org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite.handleReturnValue(HandlerMethodReturnValueHandlerComposite.java:71)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:126)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:777)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:706)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:943)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:877)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:868)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:690)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:477)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:402)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329)
    at org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:213)
    at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:171)
    at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
    at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
    at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:230)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at com.denimgroup.threadfix.webapp.filter.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at com.denimgroup.threadfix.webapp.filter.ClickjackHeaderFilter.doFilter(ClickjackHeaderFilter.java:36)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
    at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at com.denimgroup.threadfix.webapp.filter.EnterpriseFilter.doFilter(EnterpriseFilter.java:71)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at com.denimgroup.threadfix.webapp.filter.CacheBustFilter.doFilter(CacheBustFilter.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
aparsons commented 9 years ago

Why was this closed?

dancornell commented 9 years ago

An excellent question.

It was closed because we think we have actually addressed this issue in recent commits that should be back-ported to the ThreadFix 2.2 stable branch. This discussion was played out in our internal JIRA discussions of open ThreadFix issues and communications about them.

BUT - the reason it was closed without further information being forwarded along your way (which is a completely reasonable thing for you to expect) was that we take all GitHub issues and pipe them to our internal JIRA instance where we manage the actual ThreadFix workload which is based on developers completing features, etc. Comments to those JIRA issues don't get pumped to more public repositories just yet and that is something we need to fix.

SO - I think your issue will have been resolved when some of the most recent updates have been applied. Sorry for any confusion about what folks have been doing

Thanks,

Dan

dancornell commented 9 years ago

Additionally, we're looking for a better way for us to push DG-internal comments about an issue out to an external audience. My apologies for any confusion and please work with us to address this issue.

aparsons commented 9 years ago

Great. I'll test it on the later code in a bit and if I still see the issue I'll let you guys know.