Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tenable.sc error uploading accept risk rule: Please specify ips for this Accept Risk Rule. Tenable.sc version 6.0.0 #677

Closed
jeffmallozzi opened this issue Feb 21, 2023 · 4 comments
Closed

Tenable.sc error uploading accept risk rule: Please specify ips for this Accept Risk Rule. Tenable.sc version 6.0.0 #677

jeffmallozzi opened this issue Feb 21, 2023 · 4 comments
Labels
Tenable.sc Tenable.sc Package upstream-api The issue is related to the calling API or API Docs

Comments

@jeffmallozzi
Copy link

Describe the bug
Attempting to use the TenableSC accept_risks.create() method while providing a list of ip addresses with the 'ips' argument returns
the following error:

ERROR:restfly.errors.APIError:[403: POST] https://XXXXXXXXXXXXX:443/rest/acceptRiskRule body=b'{"type":"regular","response":"","error_code":146,"error_msg":"Please specify ips for this Accept Risk Rule.\\nPlease specify an IP Range.\\n","warnings":[],"timestamp":1677001796}\n'

The debug output below shows that the request body has the proper 'hostType" and 'hostValue' properties set.

This error occurs with Tenable.sc version 6.0.0.
Accept Risk rules are successfully created on Tenable.sc version 5.23.1.
When the 'ips' argument is omitted, an accept risk rule is successful created which targets all assets in the repository.

To Reproduce

import logging
from tenable.sc import TenableSC

logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger("Bug-report")

with TenableSC(
    host="<TENABLE.SC HOST>", 
    access_key="<ACCESS KEY>",
    secret_key="<SECRET KEY>") as sc:
    try:
        sc.accept_risks.create(
            99130,
            [2],
            ips = ["192.168.1.5","192.168.1.6"]
        )
    except Exception as e:
        logger.debug(e)

Expected behavior
A new accept risk rule is created for plugin id 99130 targeting ip addresses 192.168.1.5 and 192.168.1.6

Debug output

DEBUG:tenable.sc.TenableSC:Request: {"method": "GET", "url": "https://XXXXXXXXX:443/rest/system", "params": {}, "body": {}}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): XXXXXXXX:443
DEBUG:urllib3.connectionpool:https://XXXXXXXXX:443 "GET /rest/system HTTP/1.1" 200 None
DEBUG:tenable.sc.TenableSC:Request: {"method": "POST", "url": "https://XXXXXXXXX:443/rest/acceptRiskRule", "params": {}, "body": {"hostType": "ip", "repositories": [{"id": 2}], "plugin": {"id": "99130"}, "hostValue": "192.168.1.5,192.168.1.6"}}
DEBUG:urllib3.connectionpool:https://XXXXXXXXXX:443 "POST /rest/acceptRiskRule HTTP/1.1" 403 178
ERROR:restfly.errors.APIError:[403: POST] https://XXXXXXXXXX:443/rest/acceptRiskRule body=b'{"type":"regular","response":"","error_code":146,"error_msg":"Please specify ips for this Accept Risk Rule.\\nPlease specify an IP Range.\\n","warnings":[],"timestamp":1677002768}\n'
DEBUG:Bug-report:[403: POST] https://XXXXXXXXXXX:443/rest/acceptRiskRule body=b'{"type":"regular","response":"","error_code":146,"error_msg":"Please specify ips for this Accept Risk Rule.\\nPlease specify an IP Range.\\n","warnings":[],"timestamp":1677002768}\n'

System Information (please complete the following information):

  • OS: Windows 10
  • Architecture: 64bit
  • Version 21H2
  • Memory 16G
  • pyTenable version: 1.4.12
  • Python version: 3.10.2
  • Tenable.sc version: 6.0.0
  • Tenable.sc OS version: CentOS 7

Additional context
Add any other context about the problem here.
@aseemsavio aseemsavio added Tenable.sc Tenable.sc Package upstream-api The issue is related to the calling API or API Docs labels Feb 22, 2023
@aseemsavio
Copy link
Collaborator

@jeffmallozzi thanks for creating the issue. The team is looking into this issue. Will keep you posted here.

@aseemsavio
Copy link
Collaborator

Hi, here's the response from SC engineering:

We cannot duplicate this. I used a Tenable.sc instance version SC 6.0.0. I've tried the exact same request using the API, for an IPv4, Agent, and Universal repository. The rule was created for each. It did not create the rule for an IPv6 repository, but did not return an error, returned 200, error code 0, because the addresses were not IPv6 addresses.
The error code in the example response that you gave us above is 146, which means Invalid Data. Is it possible that there are invisible characters in the POST request?

Please let me know if the above is a possibility.

@jeffmallozzi
Copy link
Author

I've left the organization where I encounter this error so I'm afraid I can no longer troubleshoot. However as far as my example is concerned, you can see the post request on line 4 of the Debug Output section above.

DEBUG:tenable.sc.TenableSC:Request: {"method": "POST", "url": "https://XXXXXXXXX:443/rest/acceptRiskRule", "params": {}, "body": {"hostType": "ip", "repositories": [{"id": 2}], "plugin": {"id": "99130"}, "hostValue": "192.168.1.5,192.168.1.6"}}

I don't see room for any invisible characters "hostValue": "192.168.1.5,192.168.1.6"

I can try to reach out to the folks at my old org and see if someone else can take over this issue for me

@aseemsavio
Copy link
Collaborator

That'd be great!

@SteveMcGrath SteveMcGrath closed this as not planned Won't fix, can't repro, duplicate, stale Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Tenable.sc Tenable.sc Package upstream-api The issue is related to the calling API or API Docs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SteveMcGrath @aseemsavio @jeffmallozzi