search

iriusrisk / bdd-security

BDD Automated Security Tests for Web Applications
http://www.continuumsecurity.net/bdd-intro.html
GNU Affero General Public License v3.0
561 stars 178 forks source link

Crash Ropeytask #73

Closed Drakas closed 6 years ago

Drakas commented 7 years ago

Hello, Ropeytask crushes after execute ".gradlew" with bdd-security.

Error: probable memory leak(?)

Stack: Cannot invoke method verifyAnswer() on null object. Stacktrace follows: java.lang.NullPointerException: Cannot invoke method verifyAnswer() on null object at net.continuumsecurity.ropeytasks.UserController.recover(UserController.groovy:71) at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:198) at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) 2017-05-12 15:34:11,038 [http-nio-8080-exec-4] ERROR errors.GrailsExceptionResolver - NullPointerException occurred when processing request: [POST] /user/index - parameters: email: ZAP _action_recover: <!-- Cannot invoke method verifyAnswer() on null object. Stacktrace follows: java.lang.NullPointerException: Cannot invoke method verifyAnswer() on null object at net.continuumsecurity.ropeytasks.UserController.recover(UserController.groovy:71) at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:198) at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) 2017-05-12 15:34:11,046 [http-nio-8080-exec-5] ERROR errors.GrailsExceptionResolver - NullPointerException occurred when processing request: [POST] /user/index - parameters: email: ZAP _action_recover: ]]> Cannot invoke method verifyAnswer() on null object. Stacktrace follows: java.lang.NullPointerException: Cannot invoke method verifyAnswer() on null object at net.continuumsecurity.ropeytasks.UserController.recover(UserController.groovy:71) at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:198) at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) 2017-05-12 15:34:28,128 [http-nio-8080-exec-4] ERROR errors.GrailsExceptionResolver - CannotRedirectException occurred when processing request: [GET] /admin/list Cannot issue a redirect(..) here. A previous call to redirect(..) has already redirected the response.. Stacktrace follows: org.codehaus.groovy.grails.web.servlet.mvc.exceptions.CannotRedirectException: Cannot issue a redirect(..) here. A previous call to redirect(..) has already redirected the response. at net.continuumsecurity.ropeytasks.SecurityFilters$_closure1_closure3_closure7.doCall(SecurityFilters.groovy:26) at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:198) at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748)

2017-05-12 15:34:56,177 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@3232c06d]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,178 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@5d4a175e]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,178 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@34f3adef]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,178 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@1447b627]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,178 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@1190670e]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,178 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@1ced6285]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,178 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@35582822]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,179 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@ebdfab9]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,179 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@793358a1]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,179 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@dde669d]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,179 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@2bce8750]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,179 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@4ac7c8a2]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. 2017-05-12 15:34:56,180 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@2952770b]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.

ghost commented 7 years ago

Getting the same error also.

Drakas commented 7 years ago

@continuumsecurity new bug of the framework?

stephendv1 commented 7 years ago

Does the ropeytasks web app actually stop responding after generating this error? If you try to access it through the browser - is it still there?

Drakas commented 7 years ago

@continuumsecurity start to crash and stop responding when I get this type of error: 2017-05-12 15:34:56,177 [localhost-startStop-2] ERROR loader.WebappClassLoaderBase - The web application [ROOT] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19a2ed29]) and a value of type [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8.CounterHashCode] (value [com.googlecode.concurrentlinkedhashmap.ConcurrentHashMapV8$CounterHashCode@3232c06d]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.

And I can't reach it from the browser.. total stop and crash.. I can't figure out why and what is that memory leak message

Drakas commented 7 years ago

i tryed also to assign more memory

stephendv1 commented 7 years ago

This should be solved now with the new version of Ropeytasks. Replaced Tomcat with Jetty and no more crashes. Please download the new ropeytasks.jar file and try again.