search

google / osdfir-infrastructure

Helm charts for running open source digital forensic tools in Kubernetes
Apache License 2.0
76 stars 16 forks source link

Possibly incorrect paths in Turbinia config #132

Closed nerok closed 7 months ago

nerok commented 7 months ago

This might very well be a lack of understanding on my end, but I tried uploading a file to Turbinia (gpt.raw from Turbinia test-data), with turbinia-client which failed with HTTP status 500.

turbinia-client evidence upload -j -p ./gpt.raw 123       
2024-03-26 15:28:09,192 INFO turbinia - Using configuration instance name -> default with host http://localhost:8000
2024-03-26 15:28:10,054 ERROR turbinia - Received status code 500 when calling upload_evidence: (500)
Reason: Internal Server Error
HTTP response headers: HTTPHeaderDict({'date': 'Tue, 26 Mar 2024 14:28:09 GMT', 'server': 'uvicorn', 'content-length': '21', 'content-type': 'text/plain; charset=utf-8'})
HTTP response body: Internal Server Error

{
  "/Users/user/Downloads/gpt.raw": "Received status code 500 when calling upload_evidence: (500)\nReason: Internal Server Error\nHTTP response headers: HTTPHeaderDict({'date': 'Tue, 26 Mar 2024 14:28:09 GMT', 'server': 'uvicorn', 'content-length': '21', 'content-type': 'text/plain; charset=utf-8'})\nHTTP response body: Internal Server Error\n"
}

Looking at the server logs the exception was:

2024-03-26 14:28:10 [ERROR] Failed in setting path for file gpt in ticket 123
INFO:     127.0.0.1:52302 - "POST /api/evidence/upload HTTP/1.1" 500 Internal Server Error
ERROR:    Exception in ASGI application
Traceback (most recent call last):
  File "/home/turbinia/.venv/lib/python3.10/site-packages/uvicorn/protocols/http/httptools_impl.py", line 412, in run_asgi
    result = await app(  # type: ignore[func-returns-value]
  File "/home/turbinia/.venv/lib/python3.10/site-packages/uvicorn/middleware/proxy_headers.py", line 69, in __call__
    return await self.app(scope, receive, send)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/fastapi/applications.py", line 284, in __call__
    await super().__call__(scope, receive, send)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/starlette/applications.py", line 122, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/starlette/middleware/errors.py", line 184, in __call__
    raise exc
  File "/home/turbinia/.venv/lib/python3.10/site-packages/starlette/middleware/errors.py", line 162, in __call__
    await self.app(scope, receive, _send)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/starlette/middleware/cors.py", line 83, in __call__
    await self.app(scope, receive, send)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/starlette/middleware/exceptions.py", line 79, in __call__
    raise exc
  File "/home/turbinia/.venv/lib/python3.10/site-packages/starlette/middleware/exceptions.py", line 68, in __call__
    await self.app(scope, receive, sender)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/fastapi/middleware/asyncexitstack.py", line 20, in __call__
    raise e
  File "/home/turbinia/.venv/lib/python3.10/site-packages/fastapi/middleware/asyncexitstack.py", line 17, in __call__
    await self.app(scope, receive, send)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/starlette/routing.py", line 718, in __call__
    await route.handle(scope, receive, send)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/starlette/routing.py", line 276, in handle
    await self.app(scope, receive, send)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/starlette/routing.py", line 66, in app
    response = await func(request)
  File "/home/turbinia/.venv/lib/python3.10/site-packages/fastapi/routing.py", line 241, in app
    raw_response = await run_endpoint_function(
  File "/home/turbinia/.venv/lib/python3.10/site-packages/fastapi/routing.py", line 167, in run_endpoint_function
    return await dependant.call(**values)
  File "/home/turbinia/turbinia/api/routes/evidence.py", line 260, in upload_evidence
    os.remove(file_path)
UnboundLocalError: local variable 'file_path' referenced before assignment

From a quick look at the api/routes/evidence.py it seems to reference a config variable called API_EVIDENCE_UPLOAD_DIR, which in my config is set to /evidence. This isn't a directory as far as I can see, neither is it mounted. It seems to be the default from the config downloaded in init-configmap

It also seems that the init-configmap for Turbinia sets some values to the PVC mount in the helm chart, but for some reason MOUNT_DIR_PREFIX seems to point to another directory, which isn't the PVC mount. https://github.com/google/osdfir-infrastructure/blob/42b1774552d53091f8ae79f004037c356bd5eda6/charts/turbinia/templates/init-configmap.yaml#L56

Additional info: the stack is K3S with Longhorn, deployed with ArgoCD. I access turbinia through port-forwarding.

wajihyassine commented 7 months ago

Hello @nerok thanks for filing!

So I had a look with one of my colleagues from the Turbinia side and your theory is right, we have not updated that variable in the init-configmap.yaml and that path doesn't exist within the API pod itself. We will put out a fix for this soon but in the meantime, a workaround can be to either execute into the API pod and create that directory or download the Helm chart and the turbinia config and manually make the change as shown below:

helm pull osdfir-charts/turbinia --untar
cd turbinia/
wget "https://raw.githubusercontent.com/google/turbinia/master/turbinia/config/turbinia_config_tmpl.py" -O turbinia.conf
# Edit the API_EVIDENCE_UPLOAD_DIR (e.g. `/mnt/turbiniavolume/uploads` )
helm install <release> ../turbinia