search

rapid7 / nexpose-client

DEPRECATED: Rapid7 Nexpose API client library written in Ruby
https://www.rapid7.com/
BSD 3-Clause "New" or "Revised" License
150 stars 103 forks source link

list_vuln_exceptions returns API error #312

Closed peterjmcg closed 6 years ago

peterjmcg commented 6 years ago

Script to list vulnerability exceptions has recently (within last week) started returning API error :

C:/Ruby22-x64/lib/ruby/gems/2.2.0/gems/nexpose-7.1.1/lib/nexpose/ajax.rb:172:in request': NexposeAPI: GET request to /api/experimental/vulnerability_exceptions?_size=500&_page=0 failed. request body: (Nexpose::APIError) from C:/Ruby22-x64/lib/ruby/gems/2.2.0/gems/nexpose-7.1.1/lib/nexpose/ajax.rb:35:inget' from C:/Ruby22-x64/lib/ruby/gems/2.2.0/gems/nexpose-7.1.1/lib/nexpose/vuln_exception.rb:25:in list_vuln_exceptions' from Exceptions.rb:59:in

'

Rapid7 support suggested opening issue in this forum, pointing out that the URI path name contains 'experimental'.

To reproduce:

(Parameters host, user, pass, port passed as input parameters).

@nsc = Nexpose::Connection.new(host, user, pass, port)

@nsc.login

puts("Successful login to #{host} at #{Time.now.strftime('%H:%M')}")

at_exit { @nsc.logout }

Check for vulnerability exceptions

puts("Checking vulnerability exceptions")

exceptions = @nsc.list_vuln_exceptions || []

Note: failure was first seen 2 days ago with client version 5.3.2 with error message complaining about date format. After upgrade to client 7.1.1 script still fails but with different error message (above).

Your Environment

  • Nexpose gem version: 7.1.1
  • Ruby version: ruby 2.2.6p396 (2016-11-15 revision 56800) [x64-mingw32]
  • Operating System and version: Windows 10 (console Windows Server 2012R2)
  • Nexpose product version: 6.5.1
ghost commented 6 years ago

This is caused by the official release of these endpoints (it is no longer experimental). The URI just needs to change. Patch in the works.

peterjmcg commented 6 years ago

Thanks. If you can give me the new URI I can try it.

ghost commented 6 years ago

See https://github.com/rapid7/nexpose-client/pull/313

peterjmcg commented 6 years ago

New error message (with changed URI) : C:/Ruby22-x64/lib/ruby/gems/2.2.0/gems/nexpose-7.1.1/lib/nexpose/vuln_exception.rb:30:in list_vuln_exceptions': undefined methodcount' for nil:NilClass (NoMethodError) from Exceptions.rb:59:in `

'

peterjmcg commented 6 years ago

I think _links needs to be links.

ghost commented 6 years ago

Indeed. Thanks.

peterjmcg commented 6 years ago

Also _resources to resources. Then it works ok.

peterjmcg commented 6 years ago

Also, you might want to mention in the release notes that the timestamps (expiration date etc) were changed from Date to Time. Could save some broken scripts.

gschneider-r7 commented 6 years ago

Released v7.2.0 with the fix.