search

reportportal / reportportal

Main Repository. ReportPortal starts here - see readme below.
http://reportportal.io
Apache License 2.0
1.74k stars 466 forks source link

VUlnerability in RabbitMQ : disable cleartext authentication mechanisms in the amqp configuration which is not allowing Report Portal API service to run in 5671 port #1686

Open satishkovuru opened 2 years ago

satishkovuru commented 2 years ago

Describe the bug There is a bug in RabbitMQ which is using 5672 port has some vulnarability. This has to be modifed by updating port to 5671 in Rabbitmq config file.

Expected behavior ...I have completed updating the config file with port 5671 and started RabbitMQ which is working fine but, When I start the API service with below command getting error and Report Portal API is not able to connect with new port 5671 getting below error

RP_AMQP_HOST=localhost RP_AMQP_APIUSER=$RP_RABBITMQ_USER RP_AMQP_APIPASS=$RP_RABBITMQ_PASSWORD RP_AMQP_USER=$RP_RABBITMQ_USER RP_AMQP_PASS=$RP_RABBITMQ_PASSWORD RP_DB_USER=$RP_POSTGRES_USER RP_DB_PASS=$RP_POSTGRES_PASSWORD RP_DB_HOST=localhost java $SERVICE_API_JAVA_OPTS -jar service-api.jar 2>&1 &

Screenshots

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'analyzerInfoContributor' defined in URL [jar:file:/opt/reportportal/service-api.jar!/BOOT-INF/classes!/com/epam/ta/reportportal/info/AnalyzerInfoContributor.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'managementTemplate' defined in class path resource [com/epam/ta/reportportal/core/configs/rabbit/AnalyzerRabbitMqConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.epam.ta.reportportal.core.analyzer.auto.client.RabbitMqManagementClient]: Factory method 'managementTemplate' threw exception; nested exception is com.epam.ta.reportportal.exception.ReportPortalException: Unclassified Report Portal Error
        at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:798)
        at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:228)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1358)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1204)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
        at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.addCandidateEntry(DefaultListableBeanFactory.java:1503)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1467)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveMultipleBeans(DefaultListableBeanFactory.java:1358)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1245)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1207)
        at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:885)
        at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:789)
        ... 105 common frames omitted
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'managementTemplate' defined in class path resource [com/epam/ta/reportportal/core/configs/rabbit/AnalyzerRabbitMqConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.epam.ta.reportportal.core.analyzer.auto.client.RabbitMqManagementClient]: Factory method 'managementTemplate' threw exception; nested exception is com.epam.ta.reportportal.exception.ReportPortalException: Unclassified Report Portal Error
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:656)
        at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:636)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1338)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1177)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
        at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1287)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1207)
        at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:885)
        at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:789)
        ... 122 common frames omitted
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.epam.ta.reportportal.core.analyzer.auto.client.RabbitMqManagementClient]: Factory method 'managementTemplate' threw exception; nested exception is com.epam.ta.reportportal.exception.ReportPortalException: Unclassified Report Portal Error
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:651)
        ... 136 common frames omitted
Caused by: com.epam.ta.reportportal.exception.ReportPortalException: Unclassified Report Portal Error
        at com.epam.ta.reportportal.core.configs.rabbit.AnalyzerRabbitMqConfiguration.managementTemplate(AnalyzerRabbitMqConfiguration.java:56)
        at com.epam.ta.reportportal.core.configs.rabbit.AnalyzerRabbitMqConfiguration$$EnhancerBySpringCGLIB$$8de9e959.CGLIB$managementTemplate$1(<generated>)
        at com.epam.ta.reportportal.core.configs.rabbit.AnalyzerRabbitMqConfiguration$$EnhancerBySpringCGLIB$$8de9e959$$FastClassBySpringCGLIB$$15675bfe.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
        at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331)
        at com.epam.ta.reportportal.core.configs.rabbit.AnalyzerRabbitMqConfiguration$$EnhancerBySpringCGLIB$$8de9e959.managementTemplate(<generated>)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
        ... 137 common frames omitted

Comments: How to pass in the API and override RabbitMQ host to 5671 instead of 5672?

Versions:

DzmitryHumianiuk commented 2 years ago

@satishkumar9549 Did you make update in these lines? https://github.com/reportportal/reportportal/blob/master/docker-compose.yml#L62 https://github.com/reportportal/reportportal/blob/master/docker-compose.yml#L79 https://github.com/reportportal/reportportal/blob/master/docker-compose.yml#L108

satishkovuru commented 2 years ago

@DzmitryHumianiuk

We installed report Portal using Linux installation. Do you have any fox for that?

DzmitryHumianiuk commented 2 years ago

@satishkumar9549 https://github.com/reportportal/linux-installation set of parameters (environment variables) is absolutely the same for each mentioned service.

satishkovuru commented 2 years ago

If I add RP_AMQP_PORT=5671 additionally to start my API service it is throwing me error.

Command: RP_AMQP_HOST=localhost RP_AMQP_PORT=5671 RP_AMQP_APIUSER=$RP_RABBITMQ_USER RP_AMQP_APIPASS=$RP_RABBITMQ_PASSWORD RP_AMQP_USER=$RP_RABBITMQ_USER RP_AMQP_PASS=$RP_RABBITMQ_PASSWORD RP_DB_USER=$RP_POSTGRES_USER RP_DB_PASS=$RP_POSTGRES_PASSWORD RP_DB_HOST=localhost java $SERVICE_API_JAVA_OPTS -jar service-api.jar 2>&1 &

satishkovuru commented 2 years ago

@DzmitryHumianiuk Any update on this issue?

DzmitryHumianiuk commented 2 years ago

@satishkumar9549 i'll forward it to the team