Closed chrisdlangton closed 4 years ago
looks like the S3 object is missing or miss-configured, the github release points to something S3 can't serve
also the previous release is broken
curl -IL https://github.com/OWASP/Amass/releases/download/v3.6.2/amass_v3.6.2_linux_amd64.zip
HTTP/1.1 302 Found
date: Sun, 31 May 2020 04:59:14 GMT
content-type: text/html; charset=utf-8
server: GitHub.com
status: 302 Found
vary: X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
location: https://github-production-release-asset-2e65be.s3.amazonaws.com/140457254/f642a480-9aa7-11ea-864d-36147df4a577?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200531%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200531T045914Z&X-Amz-Expires=300&X-Amz-Signature=644522502f7a467560b476488f26bde71c8641115fd407078a873c12d9d84f51&X-Amz-SignedHeaders=host&actor_id=0&repo_id=140457254&response-content-disposition=attachment%3B%20filename%3Damass_v3.6.2_linux_amd64.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js
Set-Cookie: _gh_sess=wLrA4OKsQS%2Fx1el9WUpysSViyKw03DFm1ce7oNiPYjckexp%2BbwKxkf7urjMu0OZZiIKU6AWSBx%2BvO01ZJpL0ElbzdG9%2F3nxNwudgbzri8GGzmeVPzunuLYFljpgAUbaj5RA%2Baif8bX8rxVS4utcg1DGej01DlasBJl7x%2FzL26sdvfV%2FXHWp1mPxW6z8hX0ARG0x3NoR6XFukaPlm0qH%2FHdVxFGR%2FY%2FxgtTIKego%2BlBpPnWuK6jmmIZ8Tzjbsfm2HD%2B67AkrtrGJVRF05WW1GQw%3D%3D--cmWt7%2BOjJug5Ho7F--cgFwxJeFnBdx2A8xMbRxDw%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
Set-Cookie: _octo=GH1.1.564353362.1590901154; Path=/; Domain=github.com; Expires=Mon, 31 May 2021 04:59:14 GMT; Secure; SameSite=Lax
Set-Cookie: logged_in=no; Path=/; Domain=github.com; Expires=Mon, 31 May 2021 04:59:14 GMT; HttpOnly; Secure; SameSite=Lax
Content-Length: 641
X-GitHub-Request-Id: 7D52:4834:291225:3E0725:5ED339A2
HTTP/1.1 403 Forbidden
x-amz-request-id: 35309E7B5C350934
x-amz-id-2: 4Wl+jfJU8fDuR7V5wjhl+XFSuRZ1WetVnNlBa8Bi2JctUQHJCXuPvUGnX+jatD2aCDLQbQvWIKE=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Sun, 31 May 2020 04:59:14 GMT
Server: AmazonS3
I noticed a new path is being used, maybe a bug in your migration paln broke past releases and is also not quite right for the new release paths too
Closing Amazon S3 likely had some bugs, it started working all of a sudden
Just in case you need a clear way to debug a missing release file;
curl -IL https://github.com/OWASP/Amass/releases/download/v3.6.3/amass_linux_amd64.zip