Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(ui): Fetch GPT Vulnerability Details always blank dates on high & critical vulns #12

Open
1 task done
psyray opened this issue Apr 21, 2024 · 1 comment · May be fixed by #233
Open
1 task done

bug(ui): Fetch GPT Vulnerability Details always blank dates on high & critical vulns #12

psyray opened this issue Apr 21, 2024 · 1 comment · May be fixed by #233
Labels
bug Something isn't working
Milestone
v2.2.0 release

Comments

@psyray
Copy link
Contributor

psyray commented Apr 21, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Submitted bu @carboncrystal

  1. I have OpenAI API Key & Netlas API Key set in Rengine.

  2. At OpenAI I have premium API plan and sufficient credits, at Netlas I have plan with 2000 API calls/month.

  3. At Subdomains menu (for example: https://127.0.0.1/scan/myprojectname/detail/15#subdomain-tab) > clicking on Eye Icon (Show Attack Surface) everything works perfectly, you get data (Attack Surface recommendations).

  4. But on the Vulnerabilities menu (e.g. https://127.0.0.1/scan/myprojectname/detail/15#vulnerabilities-tab) > click on 3 dots (...), under the menu in the Action table and selecting Fetch GPT Vulnerability Details, you GET ALWAYS BLANK RESULTS.

Whether Critical, High, Medium, Low, Info, Unknown vulnerabilities are identified in Rengine, you always get the same result: EMPTY BLANK DATES when Fetch GPT Vulnerability Details!

Screenshots

Screenshot from 2024-01-02 09-24-01

Screenshot from 2024-01-02 09-24-38

Expected Behavior

Fetch GPT Vulnerability Details to get data from the OpenAI GPT API.

Steps To Reproduce

Specified above!

Environment

- reNgine: 2.0.2
- OS: Ubuntu 22.04.3 LTS
- Python: Python 3.10.12
- Docker Engine: latest for Ubuntu
- Docker Compose: latest for Ubuntu
- Browser: Firefox, Chrome

Anything else?

No response
@psyray psyray added the bug Something isn't working label Apr 21, 2024
@psyray
Copy link
Contributor Author

psyray commented Apr 21, 2024
edited
Loading

Submitted by @Ondjultomte

I experience the same

Vulnerability detail for GeoServer OGC Filter - SQL Injection

Description
null

Impact
null

Remediation
null

References

openAI reports no usage of the API.

running a new install or 2.0.3

I can add that after alittle more testing it only happends on critical and high vulns, not medium. medium and info works just fine to get text from chatgpt. its only critical and high that doesnt wortk for me.

@psyray psyray changed the title bug: Fetch GPT Vulnerability Details always blank dates on high & critical vulns bug(ai): Fetch GPT Vulnerability Details always blank dates on high & critical vulns Jun 13, 2024
@psyray psyray changed the title bug(ai): Fetch GPT Vulnerability Details always blank dates on high & critical vulns bug(ui): Fetch GPT Vulnerability Details always blank dates on high & critical vulns Jun 13, 2024
@psyray psyray added this to the v2.2.0 release milestone Aug 27, 2024
@psyray psyray modified the milestones: v2.2.0 release, v2.1.1 release Nov 11, 2024
@psyray psyray linked a pull request Nov 12, 2024 that will close this issue
feat: refactor LLM model selection and attack surface analysis #233
Open
2 tasks
@psyray psyray modified the milestones: v2.1.1 release, v2.2.0 release Nov 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
v2.2.0 release
Development

Successfully merging a pull request may close this issue.

feat: refactor LLM model selection and attack surface analysis Security-Tools-Alliance/rengine-ng
1 participant
@psyray