-
Notifications
You must be signed in to change notification settings - Fork 624
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Rust] API reports no error when scan lookup fails #1744
Comments
Thank you for filing this bug, we highly appreciate it. When the OSPD socket is unreachable, the loop of warnings persists. However, in this case, scans should not remain in the 'OK' state. It’s unclear if an immediate abort is appropriate, as there could still be results left in Redis if ospd-openvas has restarted. Maybe we should introduce a new state. Aside from the incorrect behavior in openvasd, could you retrieve the result from ospd-openvas and include the XML that triggered the ReadXML("invalid number") error? For mitigation did you try to run openvasd in 'openvas' mode rather than ospd mode? |
I'm using the default memory store. Agree that need to see what is causing the error, what is in the XML. Just haven't put the time in that direction yet. What would be a good setup where I can access those interim XML files? |
Toyed around with it near the beginning. Will get back to you tomorrow. |
when you're using ospd mode, openvasd delegates each call to ospd-openvas. To get the XML reply of ospd you need to send the following XML to the configured ospd socket (/run/ospd/ospd-openvas.sock):
Replace |
That's open for negotiation. |
I did notice that it would be a Easy to argue that is in fact a There is the case of "Scan not found" more broadly though, do still wonder if when there is no status to return then a 404 might work. |
That's a fair point. For now we decided that we don't want to change the API definition and will return a 200 until a product decision was made. Did you manage to get the xml response that triggered that invalid integer exception to begin with? |
Haven't got there yet. Some priorities ahead of it but will get there next few days. |
After testing a bit more ScanResult struct of ospd has been changed, can you verify if it resolves the issue? |
Project priorities switched around for a week or two. Will get back to you. |
Expected behavior
When a scan is not found, or contains invalid data the backend warns in logs, however the API fails to pass on this warning and instead reports everything being fine. This gives clients no opportunity to stop checking for updates or retry.
Actual behavior
/results
and/status
API continue to respond with 200 saying that the scan is running. i.e.status": "running"
Errors and warnings on the backend then seem to cascade into greater issues which result in server being inaccessible.
Steps to reproduce
Start scans until one breaks.
GVM versions
gsa: (gsad --version)
Greenbone Security Assistant 22.04.1
gvm: (gvmd --version)
openvas: (openvas --version)
gvm-libs:
openvas-smb:
ospd-openvas: (ospd-openvas --version)
Environment
Operating system:
Linux XXXXX 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Installation method / source: (packages, source installation)
Source.
Logfiles
Possibly then causes the socket to fail:
Which then ends up in a loop repeating the same log over and over:
The text was updated successfully, but these errors were encountered: