Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nexpose changed answer format since yesterday? #6

Closed
thesp0nge opened this issue Mar 21, 2012 · 12 comments
Closed

Nexpose changed answer format since yesterday? #6

thesp0nge opened this issue Mar 21, 2012 · 12 comments

Comments

@thesp0nge
Copy link

I there, after the today software update, when I asked nexpose a CSV report the format is application/xml;charset=UTF-8 and so code in ReportAdHoc.generate doesn't work anymore. Note that when asking for a raw-xml the answer is multipart/mixed; boundary=AxB9sl3299asdjvbA;charset=UTF-8 and the API doesn't return nil.

Has the product update changed something?
@bperry-r7
Copy link
Contributor

Could you show me the code you are using to generate the report? Nothing changed afaik. I can try to reproduce.

@thesp0nge
Copy link
Author

def self.generate_and_save(site_list, nsc)
site_list=Nexty::Sites.load_from_file(site_list)
site_list_score = 0

  report = Nexpose::ReportAdHoc.new(nsc, 'report-card', 'raw-xml')

  site_list.each do |site|
    s = nsc.find_site_by_name_2(site) || []

    if ! s[:site_id].nil?
      site_config = Nexpose::SiteConfig.new
      site_config.getSiteConfig(nsc, s[:site_id])

      scan_history = nsc.site_scan_history(s[:site_id])
      scan_history.sort! { |a,b| b[:start_time] <=> a[:start_time]}
      scan_history.take(4).each do |scan|
        report.addFilter('scan', scan[:scan_id])
      end
    end
  end

  file_name = "export_#{Time.now.strftime("%Y%m%d%H%M%s")}.csv"
  file = File.open(file_name, "w")
  file.write(report.generate)
  file.close

  file_name

end

I added also some prints in my nexpose-client report and it seems that response content type is different if format is CSV rather than RAW-XML. It happened starting from today after the Nexpose automatic product update. So nothing changed in API nor in my personal code... only Nexpose is :(

@bperry-r7
Copy link
Contributor

You are correct, this was an oversight of the engineering team. The response for CSV has changed. I will be working today to fix this in our various API wrappers, should have a fixed version this evening. Very sorry about this and any inconvenience it has caused. We are looking into better testing requirements to catch this before releases.

Will also be getting your other pull request checked in with the Nexpose::Misc changes, stay tuned.

@bperry-r7
Copy link
Contributor

Ok, an update. It appears that the way templates and CSV reports interact have changed with the last release. For CSV reports, you need to create a template of type 'data' rather than a 'document' type report. Type 'document' templates will no longer work with CSV reports.

Please create a template of type 'data' rather than type 'document' in the UI and see if this fixes your issue. I am still looking into this reporting code because, to be honest, a lot of it could have been written better. This also could have been better communicated through the release notes, even I wasn't aware this change was made. Oh well, c'est la vie.

@bperry-r7
Copy link
Contributor

To reinforce this, if you look in nsc.log in your nexpose installation directory, you will see an error similar to this:

2012-03-21T20:11:22 [INFO] [Thread: Generating report Adhoc_1332360682634 (default:838)] CSVReportExporter exporting to /opt/rapid7/nexpose/nsc/htroot/reports/00000346/00000345
2012-03-21T20:11:22 [INFO] [Thread: Generating report Adhoc_1332360682634 (default:838)] Failed to generate report: Adhoc_1332360682634
com.rapid7.nexpose.report.ReportException: Invalid report template. Template type should be 'data'.
at com.rapid7.nexpose.report.CSVReportExporter.export(Unknown Source) ~[nxshared.jar:na]
at com.rapid7.nexpose.report.ReportCreationContext.generateReports(Unknown Source) [nxshared.jar:na]
at com.rapid7.nexpose.report.service.ReportService.generateReport(Unknown Source) [nxshared.jar:na]
at com.rapid7.nexpose.report.service.ReportGenerationThread.run(Unknown Source) [nxshared.jar:na]

@bperry-r7
Copy link
Contributor

This also should only affect CSV reports.

@thesp0nge
Copy link
Author

Perry, any update on this topic?

@thesp0nge
Copy link
Author

No news guys?

@brandonprry
Copy link

Hi, sorry I just saw this email. Was the above information not correct? After creating a template for the CSV reports you are still getting improper reports?

@thesp0nge
Copy link
Author

Brandon (sorry I misunderstood your name in the nick), I mean... there are no changes in the API call that I must wait for?
By the way I hacked SiteDeviceListing class and I'll submit a pull request but I want to make sure I can take the repo as reference :)

@brandonprry
Copy link

No, the API will not change, you need to specify a template that is specifically for a CSV report. You will need to create this through the UI.

@thesp0nge
Copy link
Author

That's fine Brandon, you're the boss so if you tell API won't change I'll check the template way. Thank you indeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thesp0nge @brandonprry @bperry-r7