Time&Date and Order question

[torabi12]

Describe the bug On the report page in EMBArk the start and end date/time does not show the real values if the OS is not in UTC time. My timezone is CEST and I started the scanning in this timezone:

and according to the logs ended in correctly:

but on the report page all the time/date values are in UTC:

Would it be possible to display the Start/End date according to the OS's time/date parameter?

---

By default the ordering on the report page is by ID in ascending of the tests but in case of many runs it is not user friendly because very difficult to find the last test which may be placed on the 2nd or 3rd page in this default ordering. I know it can be easily customizable by the arrows but if I go to orther page the default ID order comes back, the user must set the custom order all the report page openings. I think it would be more user friendly to show always the last scan on the top and the previous ones under to see always the actual results:

To Reproduce Steps to reproduce the behavior:

1. EMBArk installation default mode
2. Start EMBArk: sudo ./run-server.sh -a
3. Do some scan
4. Check the report page behaviour.

Expected behavior Like above.

Screenshots Like above.

Desktop (please complete the following information):

• OS: Ubuntu Server 22.04.3

Additional context These are minor findings, but if it not a big effort it would make the surface more user friendly in my point of view.

[BenediktMKuehne]

We'll try to address this in the next few weeks👍

[torabi12]

The detail view page displays the date & time in UTC also:

and the main page's blank frame is not so nice:

and the last idea would be that the graphs like OS distribution and Architecture Distribution where the value can only be an integer, it should display only integers on the Y axis:

[BenediktMKuehne]

@torabi12 feel free to check if the changes in #164 are satisfactory

Note: The main-dashboard will get a major overhaul in the near future, that's when the timzone setting will take effect there too.

[torabi12]

Something has been changed on NIST side because this was the longest DB installation today with EMBArk setup. It took around 6 or more hours on my side, I got a warning:

"Could not find a NIST API key in the '~/.cvexplore/.env' file; you should request one at blablabla." I have an API key, but the ~/.cvexplore/.env does not exist on my Ubuntu server. :(

Under the My Account menu the 3rd item is not visible:

It can be used but the readablity is simply hidden:)

I set the local time zone to Budapest:

The green frame contained the selected value but the Time Zone selection field went back to UTC. I went to other page and back to Time zone and the UTC was shown. I did a scan and the dashboard used UTC:

but the log displayed the real time values:

and the same as in the detailed view:

For the scan duration, I think a time measurement based on seconds would be sufficient, smaller units are not practical, and there seems to be a few seconds difference in the length of the scan.

During the scan the time is OK for the test sections:

Delete analysis works fine, the main dashboard is also cleared. Maybe the Close button is unnecessary:

On the detailed page the Delete Firmware function is available, maybe the Delete Analysis would be also useful for user perspective:

These are my first impressions, please let me know if I can test something specific in more detail.

[m-1-k-3]

We currently switch from v1 API to v2 API from NIST and there we are running into little starting issues. See here https://github.com/e-m-b-a/emba/issues/725 and https://github.com/e-m-b-a/emba/issues/888

[m-1-k-3]

NIST issue should be fixed now https://github.com/e-m-b-a/emba/pull/899

[torabi12]

NIST issue should be fixed now e-m-b-a/emba#899

This is on my screen right now with EMBArk installation:

working.

[m-1-k-3]

I recommend to setup a NIST API key from here https://nvd.nist.gov/developers/request-an-api-key

[m-1-k-3]

Have added this to our prereq docs here https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites

[torabi12]

I recommend to setup a NIST API key from here https://nvd.nist.gov/developers/request-an-api-key

Yes I have a key, I created the ~/cvexplore folder with a .env file in it. I cheked the beginner's guide:) https://nvd.nist.gov/developers/start-here

and simply entered the key in this form: apiKey:{key value}

but the yellow warnings still comes. :(

I know this topic does not belong to this thread, but I have no more idea:(

[torabi12]

A did a scan which was OK, but EMBArk hangs at the end.

Finish in terminal:

but:

EMBArk's console:

is hanging:

[BenediktMKuehne]

I recommend to setup a NIST API key from here https://nvd.nist.gov/developers/request-an-api-key

Yes I have a key, I created the ~/cvexplore folder with a .env file in it. I cheked the beginner's guide:) https://nvd.nist.gov/developers/start-here

and simply entered the key in this form: apiKey:{key value}

but the yellow warnings still comes. :(

I know this topic does not belong to this thread, but I have no more idea:(

Will check, might be an issue with the sudo-user var

[m-1-k-3]

This should work:

└─$ cat ~/.cvexplore/.env 
NVD_NIST_API_KEY=<your key>
MONGODB_HOST="172.36.0.1"
MONGODB_PORT="27017"

[torabi12]

This should work:

└─$ cat ~/.cvexplore/.env 
NVD_NIST_API_KEY=<your key>
MONGODB_HOST="172.36.0.1"
MONGODB_PORT="27017"

Sorry but it does not work for me:

As I saw only EMBArk is affected, emba update works without this warning.

[m-1-k-3]

As quick fix could you try to add the .env file for the root user and try again?

[torabi12]

As quick fix could you try to add the .env file for the root user and try again?

The same:(

[BenediktMKuehne]

The servers timezone can be set using the TIME_ZONE variable on startup (default UTC), like so: TIME_ZONE="CET" sudo -E ./run-server.sh

[torabi12]

I started EMBArk with time_zone settings:

The actual value was displayed in the user menu:

I started a scan and the times were OK:

but the report page displayed the times in UTC:

according to the log:

and the details page is also shows the time in UTC:

I think the time and date format is not uniform.

[BenediktMKuehne]

Some parts only use the raw value inside the DB for now If the values were put in with a different timezone setting, this leads to issues

Can't recommend using anything other than UTC for the server anyway I'll see when I get to adjusting the rest of the dashboards

[torabi12]

I used a brand new installation yesterday on a clean Ubuntu server. This is my local time settings on OS side:

I started EMBArk with "UTC" parameter, the user menu displayed UTC as expected. I deleted the scan from yesterday evening and started again, it used CET here:

Test ended in CET:

but the details were in UTC:

Actually it would be nice if the OS time setting could be applied uniformly.

[BenediktMKuehne]

I'll check and add an indicator for the servers-timezone 👍

[BenediktMKuehne]

Added some indicator and check function. Will close this for now since I strongly recommend using UTC for host and server.

(Timezone filter will be added in the future where possible)