Closed moerketh closed 2 months ago
Thanks for the detailed report. Would you be able to share your template with me privately at develop [at] factionsecurity [dot] com.
Nevermind that last part I think I can reproduce it now.
Thanks for your response! Sure can, I've shared my reproduction code with you via draft PR.
I'm working on getting a release before my DEFCON presentation and this issue will get resolved in that release. Expect it to be mitigated in the main branch in about 2 weeks.
@moerketh This issue is now fixed in the july24-updates branch. You can see the changes here: https://github.com/factionsecurity/faction/commit/e29514424de8eb74de366b67dd13648644d60198
@summitt can you open the resulting document? The code now passes the unittest, however I think the resulting document is corrupt or invalid.
Yes. The documents worked fine for me.
I just tested on both the report tester and generated an assessment report. No issues with either. Did you get any errors in the console?
@moerketh I was a little too quick to respond. I had created my own template instead of using yours which was checked in as part of the unit test. When I used your template I did get the corrupted file. Digging into this today. Thanks for reporting it!
@moerketh which version of Word did you edit the doc with or did you use something like Google Docs to edit the docx file?
@summitt, thanks for your efforts! Not sure why my test would be any different than yours. To create the document, I took the default document from https://github.com/factionsecurity/report_templates and added a textbox to it. I'm using what I think is the latest version of the Microsoft Word desktop application (Microsoft® Word for Microsoft 365 MSO (Version 2406) on Windows 11. Lastly, I used the properties > details dialog on the document to remove document properties before committing.
Thanks. A while ago I encountered this problem but it was because I was using an older version of Word. When I took your doc and resaved it the problem went away on my end which made me think that might be the case again. This helps narrow down what might have caused it.
@moerketh I just updated the docx4j libs and removed some old dependencies and that seemed to fix it on my end but I'm not totally convinced. Would mind trying it on your end using the july24-updates branch?
One thing to note: the TOC should be on its own page. Having the textbox (or any other text or variables) on that page may cause it to be removed by the insertion of the TOC. You can use the textbox on another page w/o issue though.
Hopefully, this mitigates the issue. 🤞🏼
@summitt awesome, thanks for your time and effort on this! I verified tests and runtime, it's fixed 🎉 Agree the placement of the textbox is awkward :) It getting overridden by the TOC and producing a document without errors is absolutely fine for me.
Awesome! glad it worked on your end. Going to leave the issue open until I push the next release in case anyone else has a similar issue.
Hi, thanks for building Faction! I've been trying it out and tried to get a modified template in, but can't get it past: https://github.com/factionsecurity/faction/blob/4267f949476db122b06f93f1a8d722fd654f8e6d/src/com/fuse/docx/DocxUtils.java#L1131
Actual result
Generation completes with an error, after which the download fails. Here is the log:
Expected result
Ignoring the presence of textboxes would work for my use case. I don't have any templating placeholders in the textbox.
Reproduction
Reproduction is faily easy, put a textbox with the text "Just a text box" in the default-report-template.docx document and upload it via Templates > Report Designer > Edit Sample Template. Then generate a new report and (attempt to) download it.
Additional information
Running Faction 1.2.6
I changed the error to:
Preconditions.checkState(index > -1, "could not located the paragraph " + paragraph + " in the specified list! at " + index);
and got:
java.lang.IllegalStateException: could not located the paragraph Just a text box in the specified list! at -1
I'm not sure what would be the proper fix in the code.