Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

list_vuln_exceptions returns API error #312

Closed
peterjmcg opened this issue Jan 17, 2018 · 9 comments
Closed

list_vuln_exceptions returns API error #312

peterjmcg opened this issue Jan 17, 2018 · 9 comments

Comments

@peterjmcg
Copy link

Script to list vulnerability exceptions has recently (within last week) started returning API error :

C:/Ruby22-x64/lib/ruby/gems/2.2.0/gems/nexpose-7.1.1/lib/nexpose/ajax.rb:172:in request': NexposeAPI: GET request to /api/experimental/vulnerability_exceptions?_size=500&_page=0 failed. request body: (Nexpose::APIError) from C:/Ruby22-x64/lib/ruby/gems/2.2.0/gems/nexpose-7.1.1/lib/nexpose/ajax.rb:35:in get'
from C:/Ruby22-x64/lib/ruby/gems/2.2.0/gems/nexpose-7.1.1/lib/nexpose/vuln_exception.rb:25:in list_vuln_exceptions' from Exceptions.rb:59:in

'

Rapid7 support suggested opening issue in this forum, pointing out that the URI path name contains 'experimental'.

To reproduce:

(Parameters host, user, pass, port passed as input parameters).

@nsc = Nexpose::Connection.new(host, user, pass, port)

@nsc.login

puts("Successful login to #{host} at #{Time.now.strftime('%H:%M')}")

at_exit { @nsc.logout }

#Check for vulnerability exceptions
puts("Checking vulnerability exceptions")

exceptions = @nsc.list_vuln_exceptions || []

Note: failure was first seen 2 days ago with client version 5.3.2 with error message complaining about date format. After upgrade to client 7.1.1 script still fails but with different error message (above).

Your Environment

  • Nexpose gem version: 7.1.1
  • Ruby version: ruby 2.2.6p396 (2016-11-15 revision 56800) [x64-mingw32]
  • Operating System and version: Windows 10 (console Windows Server 2012R2)
  • Nexpose product version: 6.5.1
@ghost
Copy link

ghost commented Jan 17, 2018

This is caused by the official release of these endpoints (it is no longer experimental). The URI just needs to change. Patch in the works.

@ghost ghost mentioned this issue Jan 17, 2018
Merged
@peterjmcg
Copy link
Author

Thanks. If you can give me the new URI I can try it.

@ghost
Copy link

ghost commented Jan 17, 2018

See #313

@peterjmcg
Copy link
Author

New error message (with changed URI) :
C:/Ruby22-x64/lib/ruby/gems/2.2.0/gems/nexpose-7.1.1/lib/nexpose/vuln_exception.rb:30:in list_vuln_exceptions': undefined method count' for nil:NilClass (NoMethodError)
from Exceptions.rb:59:in `

'

@peterjmcg
Copy link
Author

I think _links needs to be links.

@ghost
Copy link

ghost commented Jan 17, 2018

Indeed. Thanks.

@peterjmcg
Copy link
Author

Also _resources to resources. Then it works ok.

@peterjmcg
Copy link
Author

Also, you might want to mention in the release notes that the timestamps (expiration date etc) were changed from Date to Time. Could save some broken scripts.

@gschneider-r7
Copy link
Contributor

Released v7.2.0 with the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gschneider-r7 @peterjmcg