New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VULS in server mode, new issue about OVAL DB docker image which prevents to get json report #851
Comments
I have the same problem, i get 404 for all oval requests. |
I tested this problem, and looks like root cause is, that vuls don't provide arch value, that oval is expecting when running as server.
If I append arch to the same request, I get 200 response with json data
If we check routes in goval-dictonary project |
Hi! |
@artdanad Yes you are right, latest oval db server is expecting an arch parameter at the end of the call URL, and vuls does not send this parameter. For now, a workaround is to add a |
Latest versions of goval and vuls docker images fix the issue. |
Unfortunately, latest version of vuls docker image has introduced again this issue. It seems the arch parameter is not sent in the oval url by vuls (oval/util.go). |
What did you do?
Launching vuls docker images for vuls, cve db and oval db (oval.sqlite3 and cve.sqlite3 are existing and have been fetched).
And requesting vuls in server mode with a post and list of packages and versions to get a json report about CVEs.
What did you expect to happen?
As before, i expected to get a json report, but an error message is displayed instead.
What happened instead?
Error message is:
Failed to fill with OVAL: Failed to fetch OVAL. err: [%!w(*xerrors.errorString) %!w(*xerrors.errorString) %!w(*xerrors.errorString) %!w(*xerrors.erro
String) %!w(*xerrors.errorString)]
Probably a new issue on the OVAL docker image, its version is:
goval-dictionary v0.1.2 078b163
Which shows these errors in logs:
{"time":"2019-06-24T16:03:39.592672217Z","level":"ERROR","prefix":"echo","file":"echo.go","line":"294","message":"Not Found"}
{"time":"2019-06-24T16:03:39Z","remote_ip":"172.17.0.1","method":"GET","uri":"/packs/ubuntu/16.04/jasper","status":404, "latency":274,"latency_human":
"274.178µs","bytes_in":0,"bytes_out":9}
It is also not possible anymore to request directly the OVAL DB server in http.
Configuration :
Latest docker images for vuls, cve, and oval.
vuls: vuls v0.8.0 build-20190618_012226_4cf9a72
[cveDict]
type = "http"
url = "http://192.168.99.100:1323"
[ovalDict]
type = "http"
url = "http://192.168.99.100:1324"
The text was updated successfully, but these errors were encountered: