search

dradis / dradis-ce

Dradis Framework: Collaboration and reporting for IT Security teams
https://dradis.com/ce/
GNU General Public License v2.0
672 stars 190 forks source link

import of .nessus files bigger then 1M fails in dradis 3.1.0 #1

Closed zwebel closed 8 years ago

zwebel commented 8 years ago

Hi,

I recently installed dradis-ce from github. Guest OS: Kali 2016.1 ruby 2.3.0p0

I would like to upload a .nessus file. When the file is larger then 1MB the upload fails. When the file is smaller the upload succeeds.

I did have the same issue on dradis 3.0.0.

It looks like of the file is big then the job will run in the background. I waited for about 25 minutes and without any information from dradis.

Further analysis of the failed run reveiled that dradis had a problem with the authenticity of the CSRF token.

The log shows in message:

Started POST "/session" for 172.16.2.3 at 2016-03-15 14:17:18 +0100 Processing by SessionsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"iOoGeWkZ5mLiTPPFnCbRrbtnJ5gy3pz6P0XpwwYQs11QJ3mkE+15bT2D6o0pH57iLhptaknmUIjzGNZfBFc3/Q==", "login"=>"admin", "password"=>"[FILTERED]", "commit"=>"Let me in!"} Can't verify CSRF token authenticity Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)

and in message :

Started POST "/session" for 172.16.2.3 at 2016-03-15 14:17:27 +0100 Processing by SessionsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"iOoGeWkZ5mLiTPPFnCbRrbtnJ5gy3pz6P0XpwwYQs11QJ3mkE+15bT2D6o0pH57iLhptaknmUIjzGNZfBFc3/Q==", "login"=>"admin", "password"=>"[FILTERED]", "commit"=>"Let me in!"} Can't verify CSRF token authenticity Completed 422 Unprocessable Entity in 3ms (ActiveRecord: 0.0ms)

Here is the complete log of the import It is an extract of the file /opt/dradis-ce/logs/development.log attempt1 log import1.log more then 1 MBupload file R16A-LSV18_sepdej.nessus size 1063892 NOK import1.log.zip

As a reference I added a logfile of a nessus import file smaller then 1MB. attempt2 log import2.log less then 1 MBupload file R16A-LSV18_vsfrio.nessus size 808916 OK import2.log.zip

Please let me know if you need more information. zwebel

etdsoft commented 8 years ago

I don't see any errors in the upload itself. That error in /session is unrelated.

The upload part is happening here:

Started POST "/upload/parse" for 172.16.2.16 at 2016-03-15 14:15:42 +0100
Cannot render console from 172.16.2.16! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by UploadController#parse as JS
  Parameters: {"item_id"=>"3", "uploader"=>"Dradis::Plugins::Nessus", "file"=>"R16A-LSV18_sepdej.nessus"}
  Rendered text template (0.0ms)
Completed 200 OK in 100ms (Views: 1.1ms | ActiveRecord: 50.4ms)

Started GET "/upload/status?item_id=3&after=0&_=1458047629706" for 172.16.2.16 at 2016-03-15 14:15:42 +0100
Cannot render console from 172.16.2.16! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by UploadController#status as JS
  Parameters: {"item_id"=>"3", "after"=>"0", "_"=>"1458047629706"}
  Rendered logs/_log.html.erb (0.9ms)
  Rendered upload/status.js.erb (41.9ms)
Completed 200 OK in 110ms (Views: 72.1ms | ActiveRecord: 1.0ms)

Are you running the Redis server and the background worker? What happens when you upload a large file is that parsing gets delegated to the background worker thread to liberate the web app to handle other people's requests (and also to ensure a long-running upload doesn't timeout the server process).

zwebel commented 8 years ago

Hi,

I'm running redis-server: root@stb1-2:/opt/dradis-ce/log# ps -ef | grep redis redis 851 1 0 Mar13 ? 00:07:09 /usr/bin/redis-server 127.0.0.1:6379 root 11359 8441 0 12:03 pts/2 00:00:00 grep redis root@stb1-2:/opt/dradis-ce/log#

Here is the log during an import of nessus. 851:M 15 Mar 15:05:41.788 * Background saving terminated with success 851:M 16 Mar 12:18:00.279 * 1 changes in 900 seconds. Saving... 851:M 16 Mar 12:18:00.279 * Background saving started by pid 11443 11443:C 16 Mar 12:18:00.313 * DB saved on disk 11443:C 16 Mar 12:18:00.313 * RDB: 0 MB of memory used by copy-on-write 851:M 16 Mar 12:18:00.380 * Background saving terminated with success

How can I verify that:

parsing gets delegated to the background worker thread to liberate the web app to handle other people's requests

Thanks

etdsoft commented 8 years ago

I now realise we already had this conversation in the forum, please see:

http://discuss.dradisframework.org/t/nessus-file-import/237/7

zwebel commented 8 years ago

Hi,

So as suggested in the links I should upload nessus file manually.

Then I tried this but failed:

root@stb1-2:/opt# cd dradis-ce/
root@stb1-2:/opt/dradis-ce# RAILS_ENV=production bundle exec thor dradis:plugins:nessus:upload /root/Downloads/R16A-LSV18_7df2ai.nessus 
Could not find command "dradis:plugins:nessus:upload".
root@stb1-2:/opt/dradis-ce# cd ..
root@stb1-2:/opt# RAILS_ENV=production bundle exec thor dradis:plugins:nessus:upload /root/Downloads/R16A-LSV18_7df2ai.nessus 
Could not locate Gemfile or .bundle/ directory
root@stb1-2:/opt# ls -ald dradis-nessus
drwxr-xr-x 6 root root 4096 Mar 13 14:45 dradis-nessus
root@stb1-2:/opt# ls -al /root/Downloads/R16A-LSV18_7df2ai.nessus 
-rw-r--r-- 1 root root 6822460 Mar 15 13:34 /root/Downloads/R16A-LSV18_7df2ai.nessus
root@stb1-2:/opt#

Are there any preconditions that are not fullfilled? I used the installation from the GIT repository. Am I in the correct directory=?

As an information. The resque process is not running on my server. I also tried to start this without any luck.

etdsoft commented 8 years ago

in the dradis-ce/ folder, run this:

RAILS_ENV=production bundle exec thor -T

What output do you get there? Is Nessus listed?

etdsoft commented 8 years ago

Actually this doesn't seem like a bug in the code, please open a thread in the forum to continue the conversation. I'll update this ticket pointing to the thread for future reference.