pwndoc-ng / pwndoc-ng

Pentest Report Generator
https://pwndoc-ng.github.io/pwndoc-ng/#/
MIT License
374 stars 85 forks source link

Fields "Description" and "Observation" remaines empty even with vulnebility filled #396

Closed Libereau closed 3 weeks ago

Libereau commented 5 months ago

When creating a vulnerability, you can describe it and add observations. This fields are filled with data the auditor add. But when he adds the vuln to it's audit, those fileds are empty. Even after filling the fields on the audit, save it, quit and go in back on the vuln, the fields remains empty.

Steps to reproduce the behavior:

  1. Go to 'vulnerability" and add a vuln with all filled (Description, observation, recommandationn etc)
  2. Save it. It's now added to the database
  3. Create an audit and add the vuln previously created to the audit
  4. Both field 'Description' and 'Observation' are empty.

In the vulnerability tab : image

On the audit, with the same vuln : image

Note : I just PoC the tool, don't mind the content of the vuln.

Elevennails commented 5 months ago

Hmm this was working in the previous version seems to be a bug! Custom fields seem to be ok

I have the same thing after update. Also the same for previous audits.

Reverting to previous version...

Libereau commented 5 months ago

Do you mind sharing the way to reverting to previous version ? Curently i have git clone the project and docker build the project. Is there an easy way to download and build previous version of the project ?

Edit : the content of 'description' and 'observation' is still stored in database because displayed where generating the report. Just a display issue then.

Elevennails commented 5 months ago

Sorry I'm not a git expert by any means. Trying doing a git clone from before the 22 May. Looks like there was a commit at 22:47 da999b9b1c6eb78d3dde24dfb3c79f189e2f5d48 which may be the issue. My current clone is only --depth 1 so i only have the current version and I don't know the history.

I have a local backup copy from Feb I'm restoring to. (heavily modified version sorry i can't share it). Hopefully a mod will help us.

m57 commented 5 months ago

+1 also have this bug

diggidong commented 5 months ago

Could you do me a favor and wait for at least one minute, after opening that window? I encountered something similar, which was a problem of me providing not enough resources to the VM running that docker instance. After some time those fields get filled with the proper data. At least in my case. After giving the VM more resources it works fine again - at least without that lags.

Libereau commented 5 months ago

It's not the VM the issue. It has enough ressources, i double checked that before opening the issue. When the vuln are added to an audit whatever you wrote inn Description and Observation, even if saved, is discarded when you change audit, or just refresh the page.

diggidong commented 5 months ago

Oh, ok. I referred to that delay here: https://github.com/pwndoc-ng/pwndoc-ng/issues/110

But you are totally right, in the actual version (seems I have been on an older version) some field data disappears once added to a report.

diggidong commented 5 months ago

Do you mind sharing the way to reverting to previous version ? Curently i have git clone the project and docker build the project. Is there an easy way to download and build previous version of the project ?

Edit : the content of 'description' and 'observation' is still stored in database because displayed where generating the report. Just a display issue then.

Thats how I did it - at least this is the last working commit https://github.com/pwndoc-ng/pwndoc-ng/tree/0ebce492a1b8a5c6e4d1fd7851a2db4d7b1234fe : git reset --hard 0ebce492a1b8a5c6e4d1fd7851a2db4d7b1234fe docker compose up -d --build

@Syzik pls look into this commit https://github.com/pwndoc-ng/pwndoc-ng/commit/f2e428eb3d0b60a05dbd8a5746c6c91216cdbe05 , which seems to introduce that bug.

Syzik commented 5 months ago

I reverted the commit for now. We will try to fix the problem next week. Sorry about that.

LegoCar commented 2 months ago

Do you mind sharing the way to reverting to previous version ? Curently i have git clone the project and docker build the project. Is there an easy way to download and build previous version of the project ? Edit : the content of 'description' and 'observation' is still stored in database because displayed where generating the report. Just a display issue then.

Thats how I did it - at least this is the last working commit https://github.com/pwndoc-ng/pwndoc-ng/tree/0ebce492a1b8a5c6e4d1fd7851a2db4d7b1234fe : git reset --hard 0ebce492a1b8a5c6e4d1fd7851a2db4d7b1234fe docker compose up -d --build

@Syzik pls look into this commit f2e428e , which seems to introduce that bug.

It doesn't work!

diggidong commented 2 months ago

Do you mind sharing the way to reverting to previous version ? Curently i have git clone the project and docker build the project. Is there an easy way to download and build previous version of the project ? Edit : the content of 'description' and 'observation' is still stored in database because displayed where generating the report. Just a display issue then.

Thats how I did it - at least this is the last working commit https://github.com/pwndoc-ng/pwndoc-ng/tree/0ebce492a1b8a5c6e4d1fd7851a2db4d7b1234fe : git reset --hard 0ebce492a1b8a5c6e4d1fd7851a2db4d7b1234fe docker compose up -d --build @Syzik pls look into this commit f2e428e , which seems to introduce that bug.

It doesn't work!

Strange, worked for me pretty well. Have you followed my full description? Also build the new docker image?