search

hRun / SA-haveibeenpwned

Splunk add-on providing a custom search command to query Troy Hunt's haveibeenpwned API (https://haveibeenpwned.com/api/v3/) for known breaches of your domains or mail addresses.
https://splunkbase.splunk.com/app/5050/
Apache License 2.0
6 stars 4 forks source link

Not working for Splunk version 8.2 #3

Closed aloysiuschee closed 3 years ago

aloysiuschee commented 3 years ago

The configuration page was unable to load and errors found in log REST Error [500]: Internal Server Error -- Traceback (most recent call last):\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/handler.py", line 117,

hRun commented 3 years ago

Hi aloysiuschee,

Unfortunately I am unable to reproduce this issue on a linux machine runnning Splunk 8.2.1 and add-on version 2.0.2. Would you kindly share some more details on the platform and versions you're using and under which circumstances this issue occurs?

Cheers, hRun

aloysiuschee commented 3 years ago

below is the extract of the error appearing in the Splunk log when I am trying to load the configuration page.

+0000 ERROR AdminManagerExternal [2483422 TcpChannelThread] - Stack trace from python handler:\nTraceback (most recent call last):\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/handler.py", line 117, in wrapper\n for name, data, acl in meth(self, *args, kwargs):\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/handler.py", line 303, in _format_response\n masked = self.rest_credentials.decrypt_for_get(name, data)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/credentials.py", line 188, in decrypt_for_get\n clear_password = self._get(name)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/credentials.py", line 393, in _get\n string = mgr.get_password(user=context.username())\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/utils.py", line 159, in wrapper\n return func(*args, *kwargs)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/credentials.py", line 118, in get_password\n all_passwords = self._get_all_passwords()\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/utils.py", line 159, in wrapper\n return func(args, kwargs)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/credentials.py", line 272, in _get_all_passwords\n clear_password += field_clear[index]\nTypeError: can only concatenate str (not "NoneType") to str\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 151, in init\n hand.execute(info)\n File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 637, in execute\n if self.requestedAction == ACTION_LIST: self.handleList(confInfo)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunk_aoblib/rest_migration.py", line 39, in handleList\n AdminExternalHandler.handleList(self, confInfo)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/admin_external.py", line 40, in wrapper\n for entity in result:\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/handler.py", line 124, in wrapper\n raise RestError(500, traceback.format_exc())\nsplunktaucclib.rest_handler.error.RestError: REST Error [500]: Internal Server Error -- Traceback (most recent call last):\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/handler.py", line 117, in wrapper\n for name, data, acl in meth(self, *args, kwargs):\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/handler.py", line 303, in _format_response\n masked = self.rest_credentials.decrypt_for_get(name, data)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/credentials.py", line 188, in decrypt_for_get\n clear_password = self._get(name)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/credentials.py", line 393, in _get\n string = mgr.get_password(user=context.username())\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/utils.py", line 159, in wrapper\n return func(*args, *kwargs)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/credentials.py", line 118, in get_password\n all_passwords = self._get_all_passwords()\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/utils.py", line 159, in wrapper\n return func(args, kwargs)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/credentials.py", line 272, in _get_all_passwords\n clear_password += field_clear[index]\nTypeError: can only concatenate str (not "NoneType") to str\n\n

+0000 ERROR AdminManagerExternal [2483422 TcpChannelThread] - Unexpected error "<class 'splunktaucclib.rest_handler.error.RestError'>" from python handler: "REST Error [500]: Internal Server Error -- Traceback (most recent call last):\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/handler.py", line 117, in wrapper\n for name, data, acl in meth(self, *args, kwargs):\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/handler.py", line 303, in _format_response\n masked = self.rest_credentials.decrypt_for_get(name, data)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/credentials.py", line 188, in decrypt_for_get\n clear_password = self._get(name)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/splunktaucclib/rest_handler/credentials.py", line 393, in _get\n string = mgr.get_password(user=context.username())\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/utils.py", line 159, in wrapper\n return func(*args, *kwargs)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/credentials.py", line 118, in get_password\n all_passwords = self._get_all_passwords()\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/utils.py", line 159, in wrapper\n return func(args, kwargs)\n File "/opt/splunk/etc/apps/SA-haveibeenpwned/bin/sa_haveibeenpwned/aob_py3/solnlib/credentials.py", line 272, in _get_all_passwords\n clear_password += field_clear[index]\nTypeError: can only concatenate str (not "NoneType") to str\n". See splunkd.log/python.log for more details.

hRun commented 3 years ago

Hi aloysiuschee,

I am unable to reproduce your issue and suspect it is not a problem with the app's code but rather a configured password or api key failing to be decrypted. This seems to be a known issue when copying an app (or rather it's local/passwords.conf) from one Splunk instance to another when these two servers don't share the same splunk.secret. See for example: https://community.splunk.com/t5/All-Apps-and-Add-ons/CrowdStrike-app-fails-Fail-to-decrypt-the-encrypted-credential/m-p/469486. Removing SA-haveibeenpwned/local/passwords.conf, restarting the Splunk instance and then providing the API key anew via the configuration page should fix your issue.

Best Regards, hRun

aloysiuschee commented 3 years ago

Hi hRun,

Since the configuration page was unable to complete the initial load up, I was unable to even enter the API key and hence there is no SA-haveibeenpwned/local/passwords.conf created.

hRun commented 3 years ago

Hi,

Thanks for the feedback. Unfortunately I am still unable to reproduce the issue. I've now repackaged the add-on using the latest Splunk Add-On Builder version, which is something Splunk recently asked all developers to do anyways to ensure compatibility with upcoming Splunk releases. This seems to also have changed some of the files related to your issue and might fix it for you. I am afraid this is all I can do to support you, as the whole configuration page and key handling relies on code auto-generated by the Splunk Add-On builder and cannot be touched by me without breaking Splunk's EULA. I'll release the update on Splunkbase shortly, so you can update from within your Splunk web interface.

Best Regards, hRun