dradis / dradis-ce

Dradis Framework: Collaboration and reporting for IT Security teams
https://dradis.com/ce/
GNU General Public License v2.0
678 stars 190 forks source link

Openvas 9 reports not processed #163

Closed florism closed 7 years ago

florism commented 7 years ago

Steps to reproduce

Help us help you, how can we reproduce the problem?

Import xml report from Openvas 9 shows no output in output window. It will only be visible as an attachment

Expected behavior

It should be parsed and available

Actual behavior

Nothing, no output, no xml processing

System configuration

Dradis version: 3.6.0

Ruby version: ruby 2.3.3p222 (2016-11-21) [x86_64-linux-gnu]

OS version: Kali Linux Linux kali 4.12.0-kali1-amd64 #1 SMP Debian 4.12.6-1kali6 (2017-08-30) x86_64 GNU/Linux

r3k2 commented 7 years ago

same on blackarch

rachkor commented 7 years ago

@florism + @ChrisFernandez, I'm Rachael with the Dradis support team. We'd heard that OpenVAS v8 was working as expected with Dradis but they may have changed something in the XML format in v9 that's tripping up our upload plugin. Could either of you provide a sample (sanitized if necessary) XML file that we can use for testing? Here's an example of our v7 sample file: https://github.com/dradis/dradis-openvas/blob/master/spec/fixtures/files/v7/report_v7.xml. I'm rachkor over here on Slack if that's easier: https://evening-hamlet-4416.herokuapp.com/.

florism commented 7 years ago

Hi @rachkor Please find attached. Kind regards, Flo

report-4bb88c06-9254-4bdc-9664-66dcddcaed02.xml.zip

rachkor commented 7 years ago

@florism I was able to upload the file you sent into Dradis CE without any problems. All the Nodes/Issues/etc were created as expected. I'm running Dradis Community v3.7.0 but there haven't been any changes to the OpenVAS plugin recently. Could you confirm that you have the background worker running to allow uploads? Step #5 under "Setting up the App" here: https://dradisframework.com/ce/documentation/install_git.html.

If that doesn't do the trick, can you try upgrading to the latest version (v3.7.0) and then try the OpenVAS v9 upload again?

florism commented 7 years ago

@rachkor

This works on v3.6.0, the previous production scan from around 13 hosts did not, I will create a diff between the two and check what the differences are. The background proces must have been running since I could upload nmap xml output without any problem. I'll let you know tomorrow. Very Odd, tbc !

Thanks Flo

rachkor commented 7 years ago

@florism any updates on this? If not, I'd like to close this issue.