'CSV Results' Export Option Broken in GSA and gvm-cli

[jeffleder]

Expected behavior

Exporting to 'CSV Results' works (like it did in gvmd 7.0.3 [report_format_id c1645568-627a-11e3-a660-406186ea4fc5])

Current behavior

No results are exported regardless of filter options

Steps to reproduce

GSA:

1. Navigate to report results page at https://localhost:9392/report/[REPORT_ID]
2. Click 'Download Filtered Report' icon
3. Select 'CSV Results' report format
4. Click 'OK'
5. Click 'Save File'

6. Resulting file is blank

   gvm-cli:

7. Get desired '[REPORT_ID]'
8. Execute {gvm-cli 'socket' --gmp-username '[USER]' --gmp-password '[PASSWORD]!' --sockpath '[SOCKPATH]' -X "<get_reports report_id='[REPORT_ID]' format_id='c1645568-627a-11e3-a660-406186ea4fc5'}
9. The output of the command is an XML string containing no results instead of the anticipated Base64 blob

GVM versions

gsa: (gsad --version) Oops, secure memory pool already initialized Greenbone Security Assistant 8.0.0~git Copyright (C) 2010-2016 Greenbone Networks GmbH License GPLv2+: GNU GPL version 2 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

gvm: (gvmd --version) Greenbone Vulnerability Manager 8.0.0 Manager DB revision 205 Copyright (C) 2010-2017 Greenbone Networks GmbH License GPLv2+: GNU GPL version 2 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

openvas-scanner: (openvassd --version) OpenVAS Scanner 6.0.0 Most new code since 2005: (C) 2018 Greenbone Networks GmbH Nessus origin: (C) 2004 Renaud Deraison deraison@nessus.org License GPLv2: GNU GPL version 2 This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

gvm-libs: https://github.com/greenbone/gvm-libs/releases

openvas-smb: https://github.com/greenbone/openvas-smb/archive/v1.0.5.tar.gz

Environment

Operating system: Debian GNU/Linux 10 (buster)

Installation method / source: (packages, source installation) Source install

Logfiles

No relevant log entries have been identified at this point

[jeffleder]

This issue appears to have been related to the version 1.1.32-2 of the following packages...

• libxslt1-dev
• libxslt1.1
• xsltproc

...available in the Debian Buster (10) Main repo.

This post could be related: https://community.greenbone.net/t/all-reports-are-empty/2468 The xsltproc bug is available here: https://gitlab.gnome.org/GNOME/libxslt/issues/2

As a workaround, I downgraded to the previous version [1.1.29-2.1] of these packages (listing of prior Debian package versions: https://packages.debian.org/stretch/xsltproc) using the following commands (after all other installation steps were complete):

• echo ''>>/etc/apt/sources.list
• echo '## Legacy Stretch Repo (for xsltproc)'>>/etc/apt/sources.list
• echo 'deb http://mirrors.digitalocean.com/debian stretch main contrib non-free'>>/etc/apt/sources.list
• apt-get -y -qq update >/dev/null
• apt-get -y -qq install libxslt1.1=1.1.29-2.1 libxslt1-dev=1.1.29-2.1 xsltproc=1.1.29-2.1 --allow-downgrades >/dev/null #added because a bug in 1.1.32-2 caused reporting to break
• apt-mark hold libxslt1.1 libxslt1-dev xsltproc >/dev/null #hold the package states to prevent 'apt upgrade' from breaking reporting