GetReportTemplate function and Base64Decode function #2

Closed
greenprince opened this Issue May 10, 2012 · 21 comments

3 participants

@greenprince

Hi Brandon,
I'm sorry, but I would like to submit you two issues I have using your C# project:

1) The GetReportTemplate function doesn't return all templates available. I create a custom CSV report template with console website but it doesn't appear in the function output. Anyway I'm able to use it successfully in GenerateAdHocReport function.
Do you know where I'm in error?

2) I launched GenerateAdHocReport function for one SiteID and report was generated without any problem. Then I tried to do a report for another SiteID and I get an error in Base64Decode function (NexposeSession.cs:174): exception message is about not well formatted base64 string. The only thing I've changed is SiteID: why I get this error? Do I do something wrong?

Thanks.
Federico

@brandonprry
VolatileMinds member

Hi, what revision are you using currently? Are you sure you are up to date?

@greenprince

Hi, I'm just using the latest commit available. I downloaded it again...today I'll perform new tests.

@greenprince

Hi Brandon,
I performed new tests but I had the same problem... :-(
Furthermore, I've some problem using your NeXpose Client project with mono (version 2.8.6.3) because I receive an error when it perform HttpWebRequest: System.String.Remove in :0
So I'm using Visual Studio 2010.

@brandonprry
VolatileMinds member

Hmmm, I cannot reproduce this. Can you send me the whole report response from nexpose in a LZMA archive to brandon_perry@rapid7.com? You may encrypt it as well, with details in the email.

@greenprince

I've just mailed to you an HttpResponseStream.

Bye.

@brandonprry
VolatileMinds member

Hi, using this following small program to load your response and decode it, I was able to successfully decode the CSV report from the response. I am not sure what is going on on your side, but feel free to give it a try. With the latest commit, you will see a new project called ArbitraryReportLoader (https://github.com/brandonprry/nexpose-sharp/blob/master/ArbitraryReportLoad/Main.cs).

Let me know if this still breaks for you. The code in the small program is the exact same code being used in NexposeSession.cs to parse responses and decode them.

@greenprince

Hi,
it works fine on my linux machine with mono. It doesn't work with my windows machine with Visual Studio 2011. I think it's due to character encoding. What do you think about?

Now problem is that solution on mono doesn't work; when I run NexposeReportingExample and it performs HttpRequest I get this error (I added a try-catch in ExecuteCommand method, NexposeSession class):

Unhandled Exception: System.Exception: Error HttpWebRequestCannot be negative.
Parameter name: startIndex
at nexposesharp.NexposeSession.ExecuteCommand (System.String commandXml) [0x0008c] in NexposeSession.cs:121
at nexposesharp.NexposeSession.Authenticate (System.String username, System.String password) [0x0002c] in NexposeSession.cs:42
at NexposeReportingExample.MainClass.Main (System.String[] args) [0x0000b] in NexposeReportingExample/Main.cs:16
[ERROR] FATAL UNHANDLED EXCEPTION: System.Exception: Error HttpWebRequestCannot be negative.
...
...

Is it a problem with my mono version (2.8.6.3) or what else?

Thanks

@brandonprry
VolatileMinds member
@brandonprry
VolatileMinds member

Hi, debugging now, I want to make sure we are targeting the same framework version. Which are you targeting (1.0 - 4.0)?

@brandonprry
VolatileMinds member
    it works fine on my linux machine with mono. It doesn't work with my windows machine with Visual Studio 2011. 
    I think it's due to character encoding. What do you think about?

    Now problem is that solution on mono doesn't work; when I run NexposeReportingExample and it performs HttpRequest
    I get this error (I added a try-catch in ExecuteCommand method, NexposeSession class):

I am confused by this. Are you using mono on windows? I am running:

bperry@w00den-pickle:~$ mono --version
Mono JIT compiler version 2.10.8.1 (Debian 2.10.8.1-1ubuntu2)
Copyright (C) 2002-2011 Novell, Inc, Xamarin, Inc and Contributors. www.mono-project.com
TLS: __thread
SIGSEGV: altstack
Notifications: epoll
Architecture: amd64
Disabled: none
Misc: softdebug
LLVM: supported, not enabled.
GC: Included Boehm (with typed GC and Parallel Mark)
bperry@w00den-pickle:~$

I have also run this code on the mono that ships with 10.04, and that is 2.4.

Also, line 121 for me is

        request.ContentType = "text/xml";

and I am not sure how that could cause the error you are seeing. Are you sure you are totally up to date with git and have done a clean and recompile?

@greenprince

Hi Brandon,
I try to summarize the problems I encountered and I hope to be more explicit.

**** PROBLEM 1 ****
Environment: Ubuntu x86_64 with Mono JIT compiler version 2.10.8.1 (Debian 2.10.8.1-1ubuntu2)
Description:
When I run your NexposeReportingExample project, after recompiling it, I receive an error (error details are in my precedent post) when software perform this statement in NexposeSession.cs: HttpWebRequest request = WebRequest.Create("https://" + this.NexposeHost + ":" + this.NexposePort.ToString() + uri) as HttpWebRequest;
I verified that all parameters were set properly.
Instead, when I run ArbitraryLoadReport project, it works fine: the response.txt file content is decoded without any problem.

**** PROBLEM 2 ****
Environment: Windows 7 with Visual Studio 2010
Description:
When I run NexposeReportingExample it works fine. I can retrieve informations from NeXpose but when I create ad hoc report I get an error in Base64Decode function when it execute "Convert.FromBase64String(data);" command. Error description is that it's not a valid Base64 string. I get the same error when I run ArbitraryLoadReport project.

@brandonprry
VolatileMinds member
@brandonprry
VolatileMinds member

I can replicate the windows issue, working on a fix. Once that is checked in, I will look into the mono issue. Now to figure out why mono and .net don't do the same thing.

@bperry-r7

I am trying to figure out whether this base64 issue is with mono or .NET. I currently have a bug open in the Xamarin Bugzilla: https://bugzilla.xamarin.com/show_bug.cgi?id=5464

I am also trying to get an answer on the MSDN forum: http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/622f5763-5d67-4941-a9de-715c07cf6b83

This is a very odd bug and I need to know whom is right in order to fix it correctly, sorry for the wait.

@brandonprry
VolatileMinds member

Could you please get latest and retry the reporting base64 issue you were having? I had to workaround a bug in nexpose which is causing the base64 encoded data to be returned malformed. I also have not been able to reproduce your other issue.

@brandonprry
VolatileMinds member

Also, just FYI. The reports returned will now be a byte[] rather than a string. This remediates some issues with PDF reports.

@greenprince

Hi Brandon,
I'm using your latest commit. It seems to work fine now in Windows environment.
Today I tried to generate a standard audit-report but generated file is protected and I don't know the password so I can't open it. Here my vb.net code:

    Dim filters As New Dictionary(Of NexposeReportFilterType, String)

    session = New NexposeSession(/*NeXpose console IP*/)
    session.Authenticate(/*username*/, /*password*/)
    manager = New NexposeManager11(session)


    filters.Add(NexposeReportFilterType.Site, "17")
    report = manager.GenerateAdHocReport(NexposeUtil.GenerateAdHocReportConfig("audit-report", NexposeReportFormat.PDF, filters))

    Dim oFileStream As System.IO.FileStream
    oFileStream = New System.IO.FileStream("C:\report.pdf", System.IO.FileMode.Create)
    oFileStream.Write(report, 0, report.Length)
    oFileStream.Close()

Where is the problem? As you can see, I never set any password for PDF.

Thanks for your support.

@brandonprry
VolatileMinds member

Yes, there was a bug in my base64 decode implementation. I have commited the fix. Please get latest and rebuild. Should be straight forward, but if not, please let me know.

@greenprince

Hi Brandon,
it works!!! I would like to submit a question: is possible to set a custom name to AdHoc Report?

Thanks.

@bperry-r7
@greenprince

Hi Brandon,
I need to create a PDF report based on a specific scan-id with a custon name.
I thought the right way is to use AdHocReport but it wasn't. Which is the way to do this work? Can you help me?

Thanks.
Federico

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment