search

minvws / nl-kat-coordination

OpenKAT scans networks, finds vulnerabilities and creates accessible reports. It integrates the most widely used network tools and scanning software into a modular framework, accesses external databases such as shodan, and combines the information from all these sources into clear reports. It also includes lots of cat hair.
https://openkat.nl
European Union Public License 1.2
128 stars 58 forks source link

Snyk.io boefje not backed by detail page #3158

Open stephanie0x00 opened 5 months ago

stephanie0x00 commented 5 months ago

Describe the bug After fixing #3139 another error message with Snyk.io was shown. As quoted in that ticket:

It looks like our handling of Snyk is correct, however not all listed Snyk findings are backed by a detail page. This means we see various 404's returned by SNYK which in turn mean our Snyk Findings Hydration Boefje throw an error on these. I suspect these are no longer accessible due to archiving or license requirements. I'd be ideal if we could use the snyk api in those cases where a user has supplied a snyk api-key. Optionally we could still use this non-api variant for those users who dont have an api-key

To Reproduce Steps to reproduce the behavior:

  1. Let Snyk.io boefje run against mispo.es.
  2. Observe that the Snyk.io task fails.
  3. See error

Expected behavior Snyk.io boefje runs and parses data properly without failing.

OpenKAT version main

Additional context

Traceback (most recent call last):
  File "/app/boefjes/boefjes/local.py", line 57, in run
    return boefje_resource.module.run(boefje_meta)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/boefjes/boefjes/plugins/kat_snyk_finding_types/main.py", line 16, in run
    "risk": soup.select("[data-snyk-test-score]")[0].attrs["data-snyk-test-score"],
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^
IndexError: list index out of range

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/app/boefjes/boefjes/job_handler.py", line 143, in handle
    boefje_results = self.job_runner.run(boefje_meta, boefje_meta.environment)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/boefjes/boefjes/local.py", line 59, in run
    raise JobRuntimeError("Boefje failed") from e
boefjes.runtime_interfaces.JobRuntimeError: Boefje failed
noamblitz commented 2 months ago

Im trying to reproduce this but have difficulties finding out on which softwareinstance it fails. The ticket says: run snyk.io boefje on mispo.es but snyk boefje consumes softwareinstances.