cisagov / decider Goto Github PK

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

License: Other

Shell 0.15% Python 8.67% CSS 0.42% JavaScript 27.05% HTML 63.69% Dockerfile 0.03%

cybersecurity ttp

decider's Introduction

Decider

This work is licensed under a Creative Commons Attribution 4.0 International License.
This project makes use of MITRE ATT&CK® - ATT&CK Terms of Use.

📰 3.0.0 - Kiosk is Here

Decider is now login-less and responsive.
Content updates have been simplified to copying files and restarting Docker.
The Docker setup has changed enough that there isn't exactly a 2 → 3 update process, just a fresh install of 3.
The database structure is the same though - so Decider 2.x.y can be leveraged for editing content.

This is Firefox - but it works on mobile too!

🤔 What is it?

⏩ In-Short

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® Framework.

📕 In-Depth

Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK Framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigator heatmaps.

📖 User Guide

Note: The MD can be viewed directly on GitHub, while the HTML must be downloaded for local viewing. The MD will appear slightly weird - as it contains Pandoc directives used in generating the HTML.

📐 Intended Purpose

Decider ultimately tries to make mapping to ATT&CK easier.

It offers:

A question tree with pagination of results (structures your progress)
Technique search + filtering options
Suggestions of other techniques that may have occurred

Decider does not intend to replace the ATT&CK site - but rather, it acts as a complementary tool that leads you there in the end. Only information assisting mapping is included.

💻 In-App Screenshots

🌳 Question Tree

(you are here)[Matrix > Tactic] > Technique > SubTechnique

🔍 Full Technique Search

Boolean expressions, prefix-matching, and stemming included.

Installation

🐳 Docker

Best option for 99% of people

git clone https://github.com/cisagov/decider.git
cd decider
cp .env.docker .env
# edit .env - define DB_ADMIN_PASS, DB_KIOSK_PASS, CART_ENC_KEY, APP_ADMIN_PASS
# no default passwords are given :)
cp -r default_config/. config/
sudo docker compose up

Then visit the link once started (default: http://localhost:8001/).

Config Made Easy

Changing config/? Just:

sudo docker compose stop
sudo docker compose start

However, changing variables in .env requires

sudo docker compose up

which will recreate containers with modified environments

HTTPS / URL

Endpoint Determination (.env vars):

WEB_HTTPS_ON='' -> http://WEB_IP:WEB_PORT/
WEB_HTTPS_ON='anything' -> https://WEB_IP:WEB_PORT/

HTTPS Cert Location

Write these 2 files to set SSL up:
- config/certs/decider.key
- config/certs/decider.crt
If either file is missing, a self-signed cert is generated and used instead

🧑‍💻 Manual Install

⚠️ Instructions out of date

Docker is the preferred method of install
The manual install instructions require adjustments if followed
- You need Python 3.12+ (instructions mention Python 3.8.16, which will not work ⚠️)
- You may need PostgreSQL 16 (instructions mention PostgreSQL 12+, which should work)

Ubuntu 22.04

Ubuntu Install Guide

CentOS 7

CentOS Install Guide

Pip Requirements Note

For Everyone

pip install -r requirements-pre.txt
pip install -r requirements.txt

For Developers

pip install -r requirements-dev.txt
pre-commit install

Other OSes

Read the Ubuntu & CentOS guides and recreate actions according to your platform.

Windows

open() in Python uses the system's default text encoding

This is utf-8 on macOS and Linux
This is windows-1252 on Windows
- This causes issues in reading the jsons for the database build process
- Adding encoding='utf-8' as an arg in each open() may allow Windows deployment

macOS

(M1 users at least) Make sure to (1) install Postgres before (2, 3) installing the pip requirements

brew install postgresql
pip install -r requirements-pre.txt
pip install -r requirements.txt

⚙️ Requirements

as of April 24th, 2023

Software

Docker

Exact required version(s) unspecified.

An up-to-date version of Docker and Docker Compose should be used.
docker compose should work, whereas docker-compose is outdated.

Manual

Operating System
- CentOS 7+
- Ubuntu 22.04.2+
- Fedora 37+ works fine (earlier versions should work too)
Python 3.12+ (instructions mention Python 3.8.16, which will not work ⚠️)
PostgreSQL 16 (instructions mention PostgreSQL 12+, which should work)

Hardware

Suggested Specs

1-2 Cores
1-2 GB Memory
20 GB Disk Space

Decider has not yet been tested against many concurrent users (this is soon to change).
But it is extremely lightweight - it sits at roughly 250MB of RAM total for both containers (docker stats).
It does peak during the build process where sources are loaded into RAM, hitting 375MB or so.

🧑‍⚖️ ATT&CK® Data Disclaimer

JSONs under default_config/build_sources/enterprise-attack are pulled from https://github.com/mitre-attack/attack-stix-data/tree/master/enterprise-attack

Appendix A: Updating ATT&CK Content on Decider 1/2

🐳 Docker Update Instructions

# (in repo root)

# pull v13 content
git pull

# remove containers (DB data is safe)
sudo docker compose down

# rebuild images (v13 files copy-over)
sudo docker compose up --build

# add version
sudo docker exec decider-web python -m app.utils.db.actions.add_version --config DefaultConfig --version v13.0

🧑‍💻 Manual Update Instructions

# (install root, same as repo root, contains app/ folder)
cd /opt/decider/1.0.0

# use decider app-user, with app venv, for add_version script
sudo -u decider -g decider /opt/decider/python3.8.10/bin/python3.8 -m app.utils.db.actions.add_version --config DefaultConfig --version v13.0

decider's People

Contributors

Stargazers

Watchers

Forkers

v0rts ghostlyd cirrt johnmyers2 craigspaz kurtseifried cybersecops mc-yarinmor zvikar72 jplobianco mlynchcogent pabit timb-machine-mirrors dpdug4n amarjitghuman saharshtapi dooreemii ericopawn tomkallo pawnmuncher magnologan ferthelet abdeslamrehaimi bandar-a jarriagadac mfaridi1394 rolandoescobar cadmius ukaserge sfrias eltociear besnikl azizzmoe scs-labrat cbk914 shamimrezasohag f-peng keephowling sgnls queopius crisgtz09 thewallg5 k-mkrops beaukinstler 6un9-h0-dan sidneysimas smaiifakher alnash28 percydeleon waterway micky1warrior grcman mamadoudemb rfcti pablomartinfranco cr0kz marioperezben iacavd root4rce sumodgeorge lincolnx2 matjavier chillux bijou1983 sn1ck3r5 orguetta jheeree just5ky 5l1v3r1 3r9b0dy justinegumba24 c0axial osorioleomar subedibibek-cmd zouxifeng ethicalsecurity-agency bcp-infosec-repo parkerhorejs hawjin genes1sx l3aalteshuva theh2oweb techris45 karapassdotio sbruices hartl3y94 cb0y dievus jodiskripe seronsecurity rajivraj danielhsudada janedoe667 git-nmb xnn280 professorkilo muhammedtaufiq delengr1026 mission-secure estesio

decider's Issues

CISA Decider DB error

🐛 Summary

Error is created when using Docker to clone git from CISA.gov Installation page in Github.

Setup:
Docker Desktop in Windows 11 that uses Ubuntu distro combined with WSL.

I had no problems with Decider Webapp; only with Decider db/Postgres.

ERROR:
Cannot start Docker Compose application. Reason: compose [start] exit status 1. Container decider-db Starting Container decider-db Started Container decider-db Waiting Container decider-db Error dependency failed to start: container decider-db is unhealthy

To reproduce

On Docker Desktop, using Windows terminal/Ubuntu, copy code and enter into terminal in Ubuntu and it should produce the following error.

Decider Admin Guide Missing

💡 Summary

What is the work, as a high-level summary?

Add the "Decider Admin Guide" or a link to it as referenced in the README. Thank you.

issue with the /opt/decider/entrypoint.sh file

🐛 Summary

The /opt/decider/entrypoint.sh is showing Syntax error: "fi" unexpected (expecting "then"). I have observerved this file was updated yesterday

To reproduce

Steps to reproduce the behavior:

Just execute
cp .env.docker .env
docker compose up

Expected behavior

The web server running

Thanks in advance

[Docker] loading / fails, but loading /static/user-guide.html succeeds

🐛 Summary

I'm deploying the docker container via the instructions in the readme. Everything works well and I can connect no problems if I connect to the instance directly.

But when I attempt to connect through a load balancer to the same instance, I get an error 502: upstream connect error or disconnect/reset before headers. retried and the latest reset reason: protocol error

if i connect through my loadbalancer to /static/user-guide.html, then everything works well and the site loads.

Here are some logs from the decider-web container:

A successful 200 connection over http

decider-web  | 2024-02-13 19:53:43,854 - app.routes.question - DEBUG - qvtMtePs (AnonymousUser) - Start -> Tactics Question Page: got 11 Platforms and 37 Data Sources
decider-web  | 2024-02-13 19:53:43,855 - app.routes.question - INFO - qvtMtePs (AnonymousUser) - Start -> Tactics Question Page: serving page
decider-web  | [pid: 33|app: 0|req: 45/118] X.X.X.X () {42 vars in 953 bytes} [Tue Feb 13 19:53:43 2024] GET /question/v14.1 => generated 8505 bytes in 7 msecs (HTTP/1.1 200) 5 headers in 148 bytes (1 switches on core 2)
decider-web  | [pid: 25|app: -1|req: -1/119] X.X.X.X () {42 vars in 905 bytes} [Tue Feb 13 19:53:43 2024] GET /static/css/lib/bootstrap-5.3.0/bootstrap.min.css => generated 30837 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 1)
decider-web  | [pid: 25|app: -1|req: -1/120] X.X.X.X () {42 vars in 889 bytes} [Tue Feb 13 19:53:43 2024] GET /static/css/decider.css?cache_bust=24feb07 => generated 3110 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 175 bytes (0 switches on core 0)
decider-web  | [pid: 25|app: -1|req: -1/121] X.X.X.X () {42 vars in 931 bytes} [Tue Feb 13 19:53:43 2024] GET /static/css/lib/bootstrap-icons-1.10.5/bootstrap-icons.min.css => generated 12590 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 2)
decider-web  | [pid: 33|app: -1|req: -1/122] X.X.X.X () {42 vars in 920 bytes} [Tue Feb 13 19:53:43 2024] GET /static/js/lib/jquery-3.7.0.slim/jquery-3.7.0.slim.min.js => generated 23946 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 0)
decider-web  | [pid: 33|app: -1|req: -1/123] X.X.X.X () {42 vars in 907 bytes} [Tue Feb 13 19:53:43 2024] GET /static/js/lib/mark.js-9.0.0/jquery.mark.es6.min.js => generated 5585 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 0)
decider-web  | [pid: 33|app: -1|req: -1/124] X.X.X.X () {42 vars in 928 bytes} [Tue Feb 13 19:53:43 2024] GET /static/js/lib/bootstrap-bundle-5.3.0/bootstrap.bundle.min.js => generated 23190 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 3)
decider-web  | [pid: 25|app: -1|req: -1/125] X.X.X.X () {42 vars in 884 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/docx-8.0.4/docx-8.0.4.js => generated 89104 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 1)
decider-web  | [pid: 25|app: -1|req: -1/126] X.X.X.X () {44 vars in 963 bytes} [Tue Feb 13 19:53:44 2024] GET /static/font/source-sans-pro/SourceSansPro-Regular.ttf => generated 68826 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 2)
decider-web  | [pid: 33|app: -1|req: -1/127] X.X.X.X () {44 vars in 1075 bytes} [Tue Feb 13 19:53:44 2024] GET /static/css/lib/bootstrap-icons-1.10.5/fonts/bootstrap-icons.woff2?1fa40e8900654d2863d011707b9fb6f2 => generated 121241 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 179 bytes (0 switches on core 1)
decider-web  | [pid: 33|app: -1|req: -1/128] X.X.X.X () {44 vars in 957 bytes} [Tue Feb 13 19:53:44 2024] GET /static/font/source-sans-pro/SourceSansPro-Bold.ttf => generated 68155 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 3)
decider-web  | [pid: 33|app: -1|req: -1/129] X.X.X.X () {44 vars in 961 bytes} [Tue Feb 13 19:53:44 2024] GET /static/font/source-sans-pro/SourceSansPro-Italic.ttf => generated 57000 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 2)
decider-web  | [pid: 33|app: -1|req: -1/130] X.X.X.X () {42 vars in 887 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/FileSaver/FileSaver.min.js => generated 1386 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 0)
decider-web  | [pid: 25|app: -1|req: -1/131] X.X.X.X () {42 vars in 908 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/lodash-4.17.15/lodash-4.17.15.min.js => generated 24296 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 2)
decider-web  | [pid: 25|app: -1|req: -1/132] X.X.X.X () {42 vars in 915 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/minisearch-6.1.0/minisearch-6.1.0.min.js => generated 8944 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 1)
decider-web  | [pid: 25|app: -1|req: -1/133] X.X.X.X () {42 vars in 885 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/decider.js?cache_bust=24feb07 => generated 13196 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 3)
decider-web  | [pid: 25|app: -1|req: -1/134] X.X.X.X () {42 vars in 899 bytes} [Tue Feb 13 19:53:44 2024] GET /static/cisa-logo.svg => generated 6855 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 180 bytes (0 switches on core 0)
decider-web  | [pid: 33|app: -1|req: -1/135] X.X.X.X () {42 vars in 923 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/alpinejs-3.12.2/alpinejs-focus-3.12.2.min.js => generated 4351 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 1)
decider-web  | [pid: 33|app: -1|req: -1/136] X.X.X.X () {42 vars in 912 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/alpinejs-3.12.2/alpinejs-3.12.2.min.js => generated 15528 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 3)
decider-web  | 2024-02-13 19:53:44,349 - app.routes.api - DEBUG - twanwnrK (AnonymousUser) - Get Answer Cards: querying start -> Tactic answer cards under ATT&CK v14.1
decider-web  | 2024-02-13 19:53:44,380 - app.routes.api - INFO - twanwnrK (AnonymousUser) - Get Answer Cards: queried start -> Tactic answer cards
decider-web  | 2024-02-13 19:53:44,380 - app.routes.api - DEBUG - twanwnrK (AnonymousUser) - Get Answer Cards: got 14 answer cards
decider-web  | [pid: 33|app: 0|req: 46/137] X.X.X.X () {42 vars in 911 bytes} [Tue Feb 13 19:53:44 2024] GET /api/answers?index=start&tactic=null&version=v14.1 => generated 1524 bytes in 32 msecs (HTTP/1.1 200) 5 headers in 139 bytes (1 switches on core 2)
decider-web  | [pid: 25|app: -1|req: -1/138] X.X.X.X () {42 vars in 905 bytes} [Tue Feb 13 19:53:44 2024] GET /static/favicon.ico => generated 157 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 2)
decider-web  | 2024-02-13 19:53:43,854 - app.routes.question - DEBUG - qvtMtePs (AnonymousUser) - Start -> Tactics Question Page: got 11 Platforms and 37 Data Sources
decider-web  | 2024-02-13 19:53:43,855 - app.routes.question - INFO - qvtMtePs (AnonymousUser) - Start -> Tactics Question Page: serving page
decider-web  | [pid: 33|app: 0|req: 45/118] X.X.X.X () {42 vars in 953 bytes} [Tue Feb 13 19:53:43 2024] GET /question/v14.1 => generated 8505 bytes in 7 msecs (HTTP/1.1 200) 5 headers in 148 bytes (1 switches on core 2)
decider-web  | [pid: 25|app: -1|req: -1/119] X.X.X.X () {42 vars in 905 bytes} [Tue Feb 13 19:53:43 2024] GET /static/css/lib/bootstrap-5.3.0/bootstrap.min.css => generated 30837 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 1)
decider-web  | [pid: 25|app: -1|req: -1/120] X.X.X.X () {42 vars in 889 bytes} [Tue Feb 13 19:53:43 2024] GET /static/css/decider.css?cache_bust=24feb07 => generated 3110 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 175 bytes (0 switches on core 0)
decider-web  | [pid: 25|app: -1|req: -1/121] X.X.X.X () {42 vars in 931 bytes} [Tue Feb 13 19:53:43 2024] GET /static/css/lib/bootstrap-icons-1.10.5/bootstrap-icons.min.css => generated 12590 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 2)
decider-web  | [pid: 33|app: -1|req: -1/122] X.X.X.X () {42 vars in 920 bytes} [Tue Feb 13 19:53:43 2024] GET /static/js/lib/jquery-3.7.0.slim/jquery-3.7.0.slim.min.js => generated 23946 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 0)
decider-web  | [pid: 33|app: -1|req: -1/123] X.X.X.X () {42 vars in 907 bytes} [Tue Feb 13 19:53:43 2024] GET /static/js/lib/mark.js-9.0.0/jquery.mark.es6.min.js => generated 5585 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 0)
decider-web  | [pid: 33|app: -1|req: -1/124] X.X.X.X () {42 vars in 928 bytes} [Tue Feb 13 19:53:43 2024] GET /static/js/lib/bootstrap-bundle-5.3.0/bootstrap.bundle.min.js => generated 23190 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 3)
decider-web  | [pid: 25|app: -1|req: -1/125] X.X.X.X () {42 vars in 884 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/docx-8.0.4/docx-8.0.4.js => generated 89104 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 1)
decider-web  | [pid: 25|app: -1|req: -1/126] X.X.X.X () {44 vars in 963 bytes} [Tue Feb 13 19:53:44 2024] GET /static/font/source-sans-pro/SourceSansPro-Regular.ttf => generated 68826 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 2)
decider-web  | [pid: 33|app: -1|req: -1/127] X.X.X.X () {44 vars in 1075 bytes} [Tue Feb 13 19:53:44 2024] GET /static/css/lib/bootstrap-icons-1.10.5/fonts/bootstrap-icons.woff2?1fa40e8900654d2863d011707b9fb6f2 => generated 121241 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 179 bytes (0 switches on core 1)
decider-web  | [pid: 33|app: -1|req: -1/128] X.X.X.X () {44 vars in 957 bytes} [Tue Feb 13 19:53:44 2024] GET /static/font/source-sans-pro/SourceSansPro-Bold.ttf => generated 68155 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 3)
decider-web  | [pid: 33|app: -1|req: -1/129] X.X.X.X () {44 vars in 961 bytes} [Tue Feb 13 19:53:44 2024] GET /static/font/source-sans-pro/SourceSansPro-Italic.ttf => generated 57000 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 2)
decider-web  | [pid: 33|app: -1|req: -1/130] X.X.X.X () {42 vars in 887 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/FileSaver/FileSaver.min.js => generated 1386 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 0)
decider-web  | [pid: 25|app: -1|req: -1/131] X.X.X.X () {42 vars in 908 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/lodash-4.17.15/lodash-4.17.15.min.js => generated 24296 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 2)
decider-web  | [pid: 25|app: -1|req: -1/132] X.X.X.X () {42 vars in 915 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/minisearch-6.1.0/minisearch-6.1.0.min.js => generated 8944 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 1)
decider-web  | [pid: 25|app: -1|req: -1/133] X.X.X.X () {42 vars in 885 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/decider.js?cache_bust=24feb07 => generated 13196 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 3)
decider-web  | [pid: 25|app: -1|req: -1/134] X.X.X.X () {42 vars in 899 bytes} [Tue Feb 13 19:53:44 2024] GET /static/cisa-logo.svg => generated 6855 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 180 bytes (0 switches on core 0)
decider-web  | [pid: 33|app: -1|req: -1/135] X.X.X.X () {42 vars in 923 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/alpinejs-3.12.2/alpinejs-focus-3.12.2.min.js => generated 4351 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 1)
decider-web  | [pid: 33|app: -1|req: -1/136] X.X.X.X () {42 vars in 912 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/alpinejs-3.12.2/alpinejs-3.12.2.min.js => generated 15528 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 3)
decider-web  | 2024-02-13 19:53:44,349 - app.routes.api - DEBUG - twanwnrK (AnonymousUser) - Get Answer Cards: querying start -> Tactic answer cards under ATT&CK v14.1
decider-web  | 2024-02-13 19:53:44,380 - app.routes.api - INFO - twanwnrK (AnonymousUser) - Get Answer Cards: queried start -> Tactic answer cards
decider-web  | 2024-02-13 19:53:44,380 - app.routes.api - DEBUG - twanwnrK (AnonymousUser) - Get Answer Cards: got 14 answer cards
decider-web  | [pid: 33|app: 0|req: 46/137] X.X.X.X () {42 vars in 911 bytes} [Tue Feb 13 19:53:44 2024] GET /api/answers?index=start&tactic=null&version=v14.1 => generated 1524 bytes in 32 msecs (HTTP/1.1 200) 5 headers in 139 bytes (1 switches on core 2)
decider-web  | [pid: 25|app: -1|req: -1/138] X.X.X.X () {42 vars in 905 bytes} [Tue Feb 13 19:53:44 2024] GET /static/favicon.ico => generated 157 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 2)

an unsuccessful - 502 error - from http/https from a loadbalancer

decider-web  | 2024-02-13 19:53:43,854 - app.routes.question - DEBUG - qvtMtePs (AnonymousUser) - Start -> Tactics Question Page: got 11 Platforms and 37 Data Sources
decider-web  | 2024-02-13 19:53:43,855 - app.routes.question - INFO - qvtMtePs (AnonymousUser) - Start -> Tactics Question Page: serving page
decider-web  | [pid: 33|app: 0|req: 45/118] X.X.X.X () {42 vars in 953 bytes} [Tue Feb 13 19:53:43 2024] GET /question/v14.1 => generated 8505 bytes in 7 msecs (HTTP/1.1 200) 5 headers in 148 bytes (1 switches on core 2)
decider-web  | [pid: 25|app: -1|req: -1/119] X.X.X.X () {42 vars in 905 bytes} [Tue Feb 13 19:53:43 2024] GET /static/css/lib/bootstrap-5.3.0/bootstrap.min.css => generated 30837 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 1)
decider-web  | [pid: 25|app: -1|req: -1/120] X.X.X.X () {42 vars in 889 bytes} [Tue Feb 13 19:53:43 2024] GET /static/css/decider.css?cache_bust=24feb07 => generated 3110 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 175 bytes (0 switches on core 0)
decider-web  | [pid: 25|app: -1|req: -1/121] X.X.X.X () {42 vars in 931 bytes} [Tue Feb 13 19:53:43 2024] GET /static/css/lib/bootstrap-icons-1.10.5/bootstrap-icons.min.css => generated 12590 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 2)
decider-web  | [pid: 33|app: -1|req: -1/122] X.X.X.X () {42 vars in 920 bytes} [Tue Feb 13 19:53:43 2024] GET /static/js/lib/jquery-3.7.0.slim/jquery-3.7.0.slim.min.js => generated 23946 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 0)
decider-web  | [pid: 33|app: -1|req: -1/123] X.X.X.X () {42 vars in 907 bytes} [Tue Feb 13 19:53:43 2024] GET /static/js/lib/mark.js-9.0.0/jquery.mark.es6.min.js => generated 5585 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 0)
decider-web  | [pid: 33|app: -1|req: -1/124] X.X.X.X () {42 vars in 928 bytes} [Tue Feb 13 19:53:43 2024] GET /static/js/lib/bootstrap-bundle-5.3.0/bootstrap.bundle.min.js => generated 23190 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 3)
decider-web  | [pid: 25|app: -1|req: -1/125] X.X.X.X () {42 vars in 884 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/docx-8.0.4/docx-8.0.4.js => generated 89104 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 1)
decider-web  | [pid: 25|app: -1|req: -1/126] X.X.X.X () {44 vars in 963 bytes} [Tue Feb 13 19:53:44 2024] GET /static/font/source-sans-pro/SourceSansPro-Regular.ttf => generated 68826 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 2)
decider-web  | [pid: 33|app: -1|req: -1/127] X.X.X.X () {44 vars in 1075 bytes} [Tue Feb 13 19:53:44 2024] GET /static/css/lib/bootstrap-icons-1.10.5/fonts/bootstrap-icons.woff2?1fa40e8900654d2863d011707b9fb6f2 => generated 121241 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 179 bytes (0 switches on core 1)
decider-web  | [pid: 33|app: -1|req: -1/128] X.X.X.X () {44 vars in 957 bytes} [Tue Feb 13 19:53:44 2024] GET /static/font/source-sans-pro/SourceSansPro-Bold.ttf => generated 68155 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 3)
decider-web  | [pid: 33|app: -1|req: -1/129] X.X.X.X () {44 vars in 961 bytes} [Tue Feb 13 19:53:44 2024] GET /static/font/source-sans-pro/SourceSansPro-Italic.ttf => generated 57000 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 176 bytes (0 switches on core 2)
decider-web  | [pid: 33|app: -1|req: -1/130] X.X.X.X () {42 vars in 887 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/FileSaver/FileSaver.min.js => generated 1386 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 0)
decider-web  | [pid: 25|app: -1|req: -1/131] X.X.X.X () {42 vars in 908 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/lodash-4.17.15/lodash-4.17.15.min.js => generated 24296 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 2)
decider-web  | [pid: 25|app: -1|req: -1/132] X.X.X.X () {42 vars in 915 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/minisearch-6.1.0/minisearch-6.1.0.min.js => generated 8944 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 1)
decider-web  | [pid: 25|app: -1|req: -1/133] X.X.X.X () {42 vars in 885 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/decider.js?cache_bust=24feb07 => generated 13196 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 3)
decider-web  | [pid: 25|app: -1|req: -1/134] X.X.X.X () {42 vars in 899 bytes} [Tue Feb 13 19:53:44 2024] GET /static/cisa-logo.svg => generated 6855 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 180 bytes (0 switches on core 0)
decider-web  | [pid: 33|app: -1|req: -1/135] X.X.X.X () {42 vars in 923 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/alpinejs-3.12.2/alpinejs-focus-3.12.2.min.js => generated 4351 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 189 bytes (0 switches on core 1)
decider-web  | [pid: 33|app: -1|req: -1/136] X.X.X.X () {42 vars in 912 bytes} [Tue Feb 13 19:53:44 2024] GET /static/js/lib/alpinejs-3.12.2/alpinejs-3.12.2.min.js => generated 15528 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 3)
decider-web  | 2024-02-13 19:53:44,349 - app.routes.api - DEBUG - twanwnrK (AnonymousUser) - Get Answer Cards: querying start -> Tactic answer cards under ATT&CK v14.1
decider-web  | 2024-02-13 19:53:44,380 - app.routes.api - INFO - twanwnrK (AnonymousUser) - Get Answer Cards: queried start -> Tactic answer cards
decider-web  | 2024-02-13 19:53:44,380 - app.routes.api - DEBUG - twanwnrK (AnonymousUser) - Get Answer Cards: got 14 answer cards
decider-web  | [pid: 33|app: 0|req: 46/137] X.X.X.X () {42 vars in 911 bytes} [Tue Feb 13 19:53:44 2024] GET /api/answers?index=start&tactic=null&version=v14.1 => generated 1524 bytes in 32 msecs (HTTP/1.1 200) 5 headers in 139 bytes (1 switches on core 2)
decider-web  | [pid: 25|app: -1|req: -1/138] X.X.X.X () {42 vars in 905 bytes} [Tue Feb 13 19:53:44 2024] GET /static/favicon.ico => generated 157 bytes in 0 msecs via offload() (HTTP/1.1 200) 5 headers in 190 bytes (0 switches on core 2)

Cant start decider as a service. Please help me with this issue.

Cant start decider as a service. Please help me with this issue.
sudo systemctl start decider
sudo systemctl status decider
● decider.service - Decider
Loaded: loaded (/etc/systemd/system/decider.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2023-03-07 16:47:42 EET; 18h ago
Main PID: 36910 (code=exited, status=1/FAILURE)

Mar 07 16:47:42 cybersec-test-sys uwsgi[36910]: your memory page size is 4096 bytes
Mar 07 16:47:42 cybersec-test-sys uwsgi[36910]: detected max file descriptor number: 1024
Mar 07 16:47:42 cybersec-test-sys uwsgi[36910]: lock engine: pthread robust mutexes
Mar 07 16:47:42 cybersec-test-sys uwsgi[36910]: thunder lock: disabled (you can enable it with --thunder-lock)
Mar 07 16:47:42 cybersec-test-sys uwsgi[36910]: Python version: 3.8.10 (default, Nov 14 2022, 12:59:47) [GCC 9.4.0]
Mar 07 16:47:42 cybersec-test-sys uwsgi[36910]: Python main interpreter initialized at 0x5641281b9fd0
Mar 07 16:47:42 cybersec-test-sys uwsgi[36910]: python threads support enabled
Mar 07 16:47:42 cybersec-test-sys uwsgi[36910]: The -s/--socket option is missing and stdin is not a socket.
Mar 07 16:47:42 cybersec-test-sys systemd[1]: decider.service: Main process exited, code=exited, status=1/FAILURE
Mar 07 16:47:42 cybersec-test-sys systemd[1]: decider.service: Failed with result 'exit-code'.

root@cybersec-test-sys:/etc/decider# /usr/local/bin/uwsgi --ini /etc/decider/uwsgi.ini
[uWSGI] getting INI configuration from /etc/decider/uwsgi.ini
*** Starting uWSGI 2.0.20 (64bit) on [Wed Mar 8 11:00:35 2023] ***
compiled with version: 9.4.0 on 07 March 2023 09:39:05
os: Linux-5.4.0-144-generic #161-Ubuntu SMP Fri Feb 3 14:49:04 UTC 2023
nodename: cybersec-test-sys
machine: x86_64
clock source: unix
detected number of CPU cores: 1
current working directory: /etc/decider
detected binary path: /usr/local/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
uwsgi shared socket 0 bound to TCP address :443 fd 3
setgid() to 1001
setuid() to 113
chdir() to /etc/decider
your processes number limit is 7080
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
Python version: 3.8.10 (default, Nov 14 2022, 12:59:47) [GCC 9.4.0]
Python main interpreter initialized at 0x557accb7d8d0
python threads support enabled
The -s/--socket option is missing and stdin is not a socket.

I'm succesfully done all steps with manual.

Error after login consider increasing buffer size

🐛 Summary

After I have setup a new docker image and logged in with the credentials configured it will not load any more. And in the logs I can see lots of instances of this:

To reproduce

Steps to reproduce the behaviour:

Create a docker image
Then login

Expected behavior

the page would let me login, but it confirms login and then doesn't load

Any helpful log output or screenshots

Paste the results here:

Adding the JSON files for MITRE ATT&CK Framework Version 15.0

For planning purposes, I was wondering your planned completion date for the addition and modification of the MITRE ATT&CK Framework Version 15.0 JSON files to the Decider repository.

Unable to authenticate to localhost:8001

When calling the localhost:8011 I get "Requested endpoint requires auth login." as terminal output and unable to reach page in my browser.

What is the right way to authenticate? I would expect a prompt where I should enter user: [email protected] pw: admin?

thanks

"User Guide" refers to non-existent PDF file

🐛 Summary

The following section on the repository's main Readme page references the following section

📖 User Guide
Over Here

To reproduce

Steps to reproduce the behavior:

Follow this link to relevant section

https://github.com/cisagov/decider?tab=readme-ov-file#book-user-guide

Expected behavior

A linked PDF should render within the repository, or any replacement document such as user-guide.md

"https://github.com/cisagov/decider/blob/develop/docs/user_guide_3_0_0/user-guide.md"

Any helpful log output or screenshots

Paste the results here:

Add any screenshots of the problem here.

PermissionError: [Errno 13] Permission denied...

🐛 Summary

Following instructions to start the latest 3.0.0 container in Docker results in a failure at runtime due to a permissions error with user_additions.html

The fix is simple - chmod 644 config/user_additions.html and then docker compose up

To reproduce

Steps to reproduce the behavior:

Follow docker instructions on wiki
Navigate to http://localhost:8001
page fails to load. errors in the log

Expected behavior

The webpage to render without error.

Any helpful log output or screenshots

Paste the results here:

decider-web  | 2024-03-13 22:44:46,841 - app.routes.question - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: querying existence of version v14.1
decider-web  | 2024-03-13 22:44:46,841 - app.routes.utils_db - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: VersionPicker querying available ATT&CK versions
decider-web  | 2024-03-13 22:44:46,842 - app.routes.question - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: requested ATT&CK version exists
decider-web  | 2024-03-13 22:44:46,843 - app.routes.question - INFO - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: Crumb Bar: successfully built
decider-web  | 2024-03-13 22:44:46,843 - app.routes.question - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: querying Platforms and Data Sources in version v14.1
decider-web  | 2024-03-13 22:44:46,845 - app.routes.question - DEBUG - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: got 11 Platforms and 37 Data Sources
decider-web  | 2024-03-13 22:44:46,845 - app.routes.question - INFO - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: serving page
decider-web  | 2024-03-13 22:44:46,846 - decider - ERROR - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: A general unexpected error occurred
decider-web  | Traceback (most recent call last):
decider-web  |   File "/opt/decider/app/routes/utils.py", line 445, in wrapper
decider-web  |     return fn(*args, **kwargs)
decider-web  |            ^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/app/routes/question.py", line 467, in question_start_page
decider-web  |     return render_template("questionlist.html", **qna, **crumbs)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 151, in render_template
decider-web  |     return _render(app, template, context)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 132, in _render
decider-web  |     rv = template.render(context)
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/environment.py", line 1301, in render
decider-web  |     self.environment.handle_exception()
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/environment.py", line 936, in handle_exception
decider-web  |     raise rewrite_traceback_stack(source=source)
decider-web  |   File "/opt/decider/app/templates/questionlist.html", line 1, in top-level template code
decider-web  |     {% extends 'base.html' %}
decider-web  |   File "/opt/decider/app/templates/base.html", line 2, in top-level template code
decider-web  |     {% import 'user_additions.html' as user_additions %}
decider-web  |     ^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 64, in get_source
decider-web  |     return self._get_source_fast(environment, template)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 95, in _get_source_fast
decider-web  |     return loader.get_source(environment, template)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/loaders.py", line 206, in get_source
decider-web  |     with open(filename, encoding=self.encoding) as f:
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  | PermissionError: [Errno 13] Permission denied: '/opt/decider/./app/templates/user_additions.html'
decider-web  | 
decider-web  | The above exception was the direct cause of the following exception:
decider-web  | 
decider-web  | Traceback (most recent call last):
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/app.py", line 1484, in full_dispatch_request
decider-web  |     rv = self.dispatch_request()
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/app.py", line 1469, in dispatch_request
decider-web  |     return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/app/routes/utils.py", line 447, in wrapper
decider-web  |     raise new_ex from old_ex  # ErrorDuring____.__cause__ is the wrapped Exception
decider-web  |     ^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  | app.routes.utils.ErrorDuringHTMLRoute
decider-web  | 2024-03-13 22:44:46,848 - decider - ERROR - qOQgmIyM (AnonymousUser) - Start -> Tactics Question Page: Exception on /question/v14.1 [GET]
decider-web  | Traceback (most recent call last):
decider-web  |   File "/opt/decider/app/routes/utils.py", line 445, in wrapper
decider-web  |     return fn(*args, **kwargs)
decider-web  |            ^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/app/routes/question.py", line 467, in question_start_page
decider-web  |     return render_template("questionlist.html", **qna, **crumbs)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 151, in render_template
decider-web  |     return _render(app, template, context)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 132, in _render
decider-web  |     rv = template.render(context)
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/environment.py", line 1301, in render
decider-web  |     self.environment.handle_exception()
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/environment.py", line 936, in handle_exception
decider-web  |     raise rewrite_traceback_stack(source=source)
decider-web  |   File "/opt/decider/app/templates/questionlist.html", line 1, in top-level template code
decider-web  |     {% extends 'base.html' %}
decider-web  |   File "/opt/decider/app/templates/base.html", line 2, in top-level template code
decider-web  |     {% import 'user_additions.html' as user_additions %}
decider-web  |     ^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 64, in get_source
decider-web  |     return self._get_source_fast(environment, template)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/flask/templating.py", line 95, in _get_source_fast
decider-web  |     return loader.get_source(environment, template)
decider-web  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decider-web  |   File "/opt/decider/venv/lib/python3.12/site-packages/jinja2/loaders.py", line 206, in get_source
decider-web  |     with open(filename, encoding=self.encoding) as f:
decider-web  |          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Add any screenshots of the problem here.

Can't setup the database

🐛 Summary

Ubuntu 20.04, Python 3.8.10; After successfully installing all required packages to ultimately installing all the python requirements in requirements.txt and requirements_dev.txt, I am not able to setup the database with the step mentioned in the Admin Guide (page: 12)

(venv)~/CISA/decider$ sudo -u decider python3 initial_setup.py
Traceback (most recent call last):
  File "initial_setup.py", line 3, in <module>
    import dotenv
ModuleNotFoundError: No module named 'dotenv'

and the package dotenv cannot be installed for some reason (no matter if I clean up pip cache or not):

(venv)~/CISA/decider$ python -m pip install dotenv
Collecting dotenv
  Using cached dotenv-0.0.5.tar.gz (2.4 kB)
  Preparing metadata (setup.py) ... error
  error: subprocess-exited-with-error

  × python setup.py egg_info did not run successfully.
  │ exit code: 1
  ╰─> [68 lines of output]
        error: subprocess-exited-with-error

        × python setup.py egg_info did not run successfully.
        │ exit code: 1
        ╰─> [16 lines of output]
            Traceback (most recent call last):
              File "<string>", line 2, in <module>
              File "<pip-setuptools-caller>", line 14, in <module>
              File "/tmp/pip-wheel-3yb12le_/distribute_5011ef5ea61a4abb99ab7ca0e1d255e2/setuptools/__init__.py", line 2, in <module>
                from setuptools.extension import Extension, Library
              File "/tmp/pip-wheel-3yb12le_/distribute_5011ef5ea61a4abb99ab7ca0e1d255e2/setuptools/extension.py", line 5, in <module>
                from setuptools.dist import _get_unpatched
              File "/tmp/pip-wheel-3yb12le_/distribute_5011ef5ea61a4abb99ab7ca0e1d255e2/setuptools/dist.py", line 7, in <module>
                from setuptools.command.install import install
              File "/tmp/pip-wheel-3yb12le_/distribute_5011ef5ea61a4abb99ab7ca0e1d255e2/setuptools/command/__init__.py", line 8, in <module>
                from setuptools.command import install_scripts
              File "/tmp/pip-wheel-3yb12le_/distribute_5011ef5ea61a4abb99ab7ca0e1d255e2/setuptools/command/install_scripts.py", line 3, in <module>
                from pkg_resources import Distribution, PathMetadata, ensure_directory
              File "/tmp/pip-wheel-3yb12le_/distribute_5011ef5ea61a4abb99ab7ca0e1d255e2/pkg_resources.py", line 1518, in <module>
                register_loader_type(importlib_bootstrap.SourceFileLoader, DefaultProvider)
            AttributeError: module 'importlib._bootstrap' has no attribute 'SourceFileLoader'
            [end of output]

Can't login after fresh install

I set up user art with the password shown but get 500 error and can't log in

`2023-03-06 16:19:45,339 - main - ERROR - EOturXNn (AnonymousUser) - Login Request: Database error occurred
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/base.py", line 3240, in _wrap_pool_connect
return fn()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 310, in connect
return _ConnectionFairy._checkout(self)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 868, in _checkout
fairy = _ConnectionRecord.checkout(pool)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 476, in checkout
rec = pool._do_get()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/impl.py", line 146, in do_get
self.dec_overflow()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/util/langhelpers.py", line 70, in exit
compat.raise(
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/util/compat.py", line 207, in raise
raise exception
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/impl.py", line 143, in _do_get
return self._create_connection()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 256, in _create_connection
return _ConnectionRecord(self)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 371, in init
self.__connect()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 666, in connect
pool.logger.debug("Error on connect(): %s", e)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/util/langhelpers.py", line 70, in exit
compat.raise(
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/util/compat.py", line 207, in raise
raise exception
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 661, in __connect
self.dbapi_connection = connection = pool._invoke_creator(self)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/create.py", line 590, in connect
return dialect.connect(*cargs, **cparams)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/default.py", line 584, in connect
return self.dbapi.connect(*cargs, **cparams)
File "/usr/local/lib/python3.8/dist-packages/psycopg2/init.py", line 122, in connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
psycopg2.OperationalError: could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/home/art/decider/app/routes/utils.py", line 405, in wrapper
return fn(*args, **kwargs)
File "/home/art/decider/app/routes/auth.py", line 78, in login_post
user = User.query.filter_by(email=email).first()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/orm/query.py", line 2762, in first
return self.limit(1)._iter().first()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/orm/query.py", line 2846, in _iter
result = self.session.execute(
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/orm/session.py", line 1688, in execute
conn = self._connection_for_bind(bind)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/orm/session.py", line 1529, in _connection_for_bind
return self._transaction._connection_for_bind(
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/orm/session.py", line 747, in _connection_for_bind
conn = bind.connect()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/base.py", line 3194, in connect
return self._connection_cls(self, close_with_result=close_with_result)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/base.py", line 96, in init
else engine.raw_connection()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/base.py", line 3273, in raw_connection
return self._wrap_pool_connect(self.pool.connect, _connection)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/base.py", line 3243, in _wrap_pool_connect
Connection.handle_dbapi_exception_noconnection(
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/base.py", line 2097, in handle_dbapi_exception_noconnection
util.raise(
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/util/compat.py", line 207, in raise
raise exception
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/base.py", line 3240, in _wrap_pool_connect
return fn()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 310, in connect
return _ConnectionFairy._checkout(self)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 868, in _checkout
fairy = _ConnectionRecord.checkout(pool)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 476, in checkout
rec = pool._do_get()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/impl.py", line 146, in do_get
self.dec_overflow()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/util/langhelpers.py", line 70, in exit
compat.raise(
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/util/compat.py", line 207, in raise
raise exception
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/impl.py", line 143, in _do_get
return self._create_connection()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 256, in _create_connection
return _ConnectionRecord(self)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 371, in init
self.__connect()
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 666, in connect
pool.logger.debug("Error on connect(): %s", e)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/util/langhelpers.py", line 70, in exit
compat.raise(
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/util/compat.py", line 207, in raise
raise exception
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/pool/base.py", line 661, in __connect
self.dbapi_connection = connection = pool._invoke_creator(self)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/create.py", line 590, in connect
return dialect.connect(*cargs, **cparams)
File "/usr/local/lib/python3.8/dist-packages/sqlalchemy/engine/default.py", line 584, in connect
return self.dbapi.connect(*cargs, **cparams)
File "/usr/local/lib/python3.8/dist-packages/psycopg2/init.py", line 122, in connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?

(Background on this error at: https://sqlalche.me/e/14/e3q8)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1516, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1502, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/home/art/decider/app/routes/utils.py", line 407, in wrapper
raise new_ex from old_ex # ErrorDuring____.cause is the wrapped Exception
`

docker compose command error

Hello,

I am not able to start, below is the error screen that generates when executing the command according to the documentation.

Issue during DB init (full technique search)

___________Creating index for full Technique search
Failed to add ATT&CK/Tree content for version v12.0 at 1.0s into build - due to:
(psycopg2.errors.UndefinedFunction) function imm_unaccent(text) does not exist
HINT: No function matches the given name and argument types. You might need to add explicit type casts.

[SQL: DROP INDEX IF EXISTS tech_ts_index;
ALTER TABLE technique DROP COLUMN IF EXISTS tech_ts;

ALTER TABLE technique ADD COLUMN tech_ts tsvector
    GENERATED ALWAYS AS
        (setweight(to_tsvector('english_nostop',
        imm_unaccent(technique.full_tech_name)), 'B') ||
        setweight(to_tsvector('english_nostop',
        regexp_replace(technique.tech_id ||
        ' ' || substr(technique.tech_id, 2), '[^a-z0-9 ]+', ' ', 'gi')), 'A') ||
        setweight(to_tsvector('english_nostop',
        regexp_replace(regexp_replace(regexp_replace(regexp_replace(imm_unaccent(technique.tech_description),
        '<\/?(sup|a|code)[^>]*>', '', 'gi'), '\[[0-9]{1,2}\]', '', 'gi'),
        '\[([^\]]+)\]\([^\)]+\)', '\1', 'gi'), '[^a-z0-9 ]', ' ', 'gi')), 'D')) STORED;
CREATE INDEX tech_ts_index ON technique USING gist(tech_ts);]

What is this actually for?

I'm really sorry if this seems like a stupid question, but.. what does this actually do? I've installed it, tried out some pretend scenarios, got info on what the adversary might be doing, and past exploits that used the same techniques. Then what? I seem to exit with little to no new information than I entered the app with.

Error on Decider_Admin_Guide_v1.0.0

Page 9 on admin guide says to sudo mkdir /etc/decider && sudo mv decider.tar.gz /etc/decider/decider.tar.gz

however there is no TAR provided. Figured out that the tar is referencing the files in the git itself.

Recommend changing this to to what it says in the CentOS guide for ease of use

cd /etc sudo git clone https://gitlab.mitre.org/dhs-cisa-cti/decider_tool.git decider

entrypoint.sh error

🐛 Summary

What's wrong? Please be specific.

Error when running the command "docker compose up"
it fail when it gets to the web build session.

: not found-1 | /opt/decider/entrypoint.sh: 2:
decider-web-1 | /opt/decider/entrypoint.sh: 83: Syntax error: end of file unexpected (expecting "then")
decider-web-1 exited with code 2

Any helpful log output or screenshots

Paste the results here:

decider-db-1 | 2023-04-13 00:58:08.620 UTC [38] LOG: shutting down
decider-db-1 | 2023-04-13 00:58:08.664 UTC [36] LOG: database system is shut down
decider-db-1 | done
decider-db-1 | server stopped
decider-db-1 |
decider-db-1 | PostgreSQL init process complete; ready for start up.
decider-db-1 |
decider-db-1 | 2023-04-13 00:58:08.746 UTC [1] LOG: starting PostgreSQL 14.7 on x86_64-pc-linux-musl, compiled by gcc (Alpine 12.2.1_git20220924-r4) 12.2.1 20220924, 64-bit
decider-db-1 | 2023-04-13 00:58:08.749 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
decider-db-1 | 2023-04-13 00:58:08.752 UTC [1] LOG: listening on IPv6 address "::", port 5432
decider-db-1 | 2023-04-13 00:58:08.762 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
decider-db-1 | 2023-04-13 00:58:08.776 UTC [53] LOG: database system was shut down at 2023-04-13 00:58:08 UTC
decider-db-1 | 2023-04-13 00:58:08.783 UTC [1] LOG: database system is ready to accept connections
: not found-1 | /opt/decider/entrypoint.sh: 2:
decider-web-1 | /opt/decider/entrypoint.sh: 83: Syntax error: end of file unexpected (expecting "then")
decider-web-1 exited with code 2

error when building docker - error="git was not found in the system: exec: \"git.exe\": executable file not found in %PATH%"

🐛 Summary

I have been running into the below error when running docker compose for the first time.

level=warning msg="current commit information was not captured by the build" error="git was not found in the system: exec: "git.exe": executable file not found in %PATH%"
failed to solve: lstat /var/lib/docker/tmp/buildkit-mount2052740645/docker/web/root_files: no such file or directory

Deployment with docker

💡 Summary

The project is nice, but I think a Docker Image/deployment method is missing.

Motivation and context

The current deployment is inconvenient and is not fitting well in a production environment.

Issue with Navigator Export

🐛 Hello. I am getting an error when I try to upload the navigator export .json to Navigator.

error I am getting when trying to upload to navigator
Exported .json file from Decider
Exported Navigator .json file from Decider

Better README Overview of the App

💡 Summary

What is the work, as a high-level summary?

Currently, one has to jump into the Admin/User guides (in files) in order to see what the app looks like.
Linking the guides in the README makes them more readily available.
Adding a couple in-app screenshots to the README would help quickly showcase the app.

Output to MITRE ATT&CK Navigator suggestion

Currently, output to MITRE ATT&CK navigator only colors the techniques in cart in red. When uploading it to the ATT&CK navigator it leaves all the non-selected techniques on. This makes it hard to find the marked techniques.

Recommend when exporting to MITRE ATT&CK navigator to automatically set any techniques not in cart.

"enabled": false,"

Or rather do it backwards, where all things in the JSON are intiated as "enabled": false,

then only set items in the car as "enabled": false,

This will make output from Decider easier to read in ATT&CK navigator

Cannot connect to the Decider docker container from outside EC2 instance

🐛 Summary

About 2 weeks ago, I built and run the decider docker image/container successfully, however now with the latest update I cannot connect to the container using the EC2 instance public ip and port 8001. I now it was built successfully because I can curl localhost:8001 without any issue.

What's wrong? Please be specific.
Cannot connect to the decider running container using instance IP address port 8001

To reproduce

Steps to reproduce the behavior:

Do this - run docker compose up
Then this go to browser and enter your instance instance ip address and port 8001 i.e. http://125.1.1.5:8001

Expected behavior

What did you expect to happen that didn't?
It should show the login page

Any helpful log output or screenshots

Paste the results here:

$ curl localhost:8001

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="/login">/login</a>. If not click the link.ubuntu@ip-172-31-88-122:~/theDecider/decider$

docker-compose logs

| SUCCESS - Full Build Complete In: 8.8s!
decider-web-1  | Running in HTTP mode
decider-web-1  | *** Starting uWSGI 2.0.20 (64bit) on [Sun Mar 26 09:41:52 2023] ***
decider-web-1  | compiled with version: 10.2.1 20210110 on 26 March 2023 09:40:32
decider-web-1  | os: Linux-5.15.0-1028-aws #32-Ubuntu SMP Mon Jan 9 12:28:07 UTC 2023
decider-web-1  | nodename: a17873eac2bd
decider-web-1  | machine: x86_64
decider-web-1  | clock source: unix
decider-web-1  | pcre jit disabled
decider-web-1  | detected number of CPU cores: 1
decider-web-1  | current working directory: /
decider-web-1  | detected binary path: /usr/local/bin/uwsgi
decider-web-1  | uWSGI running as root, you can use --uid/--gid/--chroot options
decider-web-1  | *** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
decider-web-1  | your memory page size is 4096 bytes
decider-web-1  | detected max file descriptor number: 1048576
decider-web-1  | lock engine: pthread robust mutexes
decider-web-1  | thunder lock: disabled (you can enable it with --thunder-lock)
decider-web-1  | uwsgi socket 0 bound to TCP address 0.0.0.0:5000 fd 3
decider-web-1  | uWSGI running as root, you can use --uid/--gid/--chroot options
decider-web-1  | *** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
decider-web-1  | Python version: 3.8.16 (default, Mar 23 2023, 17:40:49)  [GCC 10.2.1 20210110]
decider-web-1  | *** Python threads support is disabled. You can enable it with --enable-threads ***
decider-web-1  | Python main interpreter initialized at 0x55b89393c950
decider-web-1  | uWSGI running as root, you can use --uid/--gid/--chroot options
decider-web-1  | *** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
decider-web-1  | your server socket listen backlog is limited to 100 connections
decider-web-1  | your mercy for graceful operations on workers is 60 seconds
decider-web-1  | mapped 145840 bytes (142 KB) for 1 cores
decider-web-1  | *** Operational MODE: single process ***
decider-web-1  | 2023-03-26 09:41:53,597 - decider - DEBUG - Creating the App.
decider-web-1  | WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x55b89393c950 pid: 9 (default app)
decider-web-1  | uWSGI running as root, you can use --uid/--gid/--chroot options
decider-web-1  | *** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
decider-web-1  | *** uWSGI is running in multiple interpreter mode ***
decider-web-1  | spawned uWSGI master process (pid: 9)
decider-web-1  | spawned uWSGI worker 1 (pid: 11, cores: 1)

$ docker network inspect decider_default

[
    {
        "Name": "decider_default",
        "Id": "ce66e8ed95efae5dfde5a37a092530ec0d508776182e1dab225510219509d04c",
        "Created": "2023-03-26T10:37:14.034209976Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "6731af70eb387799c726756a7517458d29efd37a7e513c8ffb860610351e6717": {
                "Name": "decider-db-1",
                "EndpointID": "abcb9adb8dcb5da12203a94358215ed77c1a0dd84874218ffd7abbdebf8ea91c",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            },
            "bc8a1a03a5f35f9d2b19454822e83c36c271cd879f4f53628ec250f4dcc602ce": {
                "Name": "decider-web-1",
                "EndpointID": "d0ee07712907e082bacc965b31adc10b056246cec11c6796a437accfff406dc8",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "default",
            "com.docker.compose.project": "decider",
            "com.docker.compose.version": "2.16.0"
        }
    }
]

Add any screenshots of the problem here.

nginx reverse proxy config advice

Using NGINX resverse proxy in front of decider and getting 502 Bad Gateway (nginx/1.25.4)
There seems to be an issue with redirect to decider.local.lan/question/v14.1

Nginx Error log:
[error] 29#29: *1 upstream sent "Content-Length" and "Transfer-Encoding" headers at the same time while reading response header from upstream, client: 172.28.0.66, server: decider.local.lan, request: "GET /question/v14.1 HTTP/1.1", upstream: "http://192.168.128.3:5000/question/v14.1", host: "decider.local.lan"

Running Decider Docker

I can access the logo image at https://decider.local.lan/static/cisa-logo.svg, so site is accessible, just can't get to homepage

hostnames are included in my /etc/hosts/

nginx location config:

location / {
	    resolver 127.0.0.10 valid=5s;
	    set $upstream_endpoint http://decider-web:5000;
	    include  /etc/nginx/mime.types;
	    proxy_pass $upstream_endpoint;
	    proxy_redirect     off;
	    proxy_set_header   Host $host;
	    proxy_set_header   X-Real-IP $remote_addr;
	    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_set_header   X-Forwarded-Host $server_name;
	}

Ident authentication error

'FATAL: Ident authentication failed for user "decider"' error when building initial DB in Fedora local installation.

Fixed this issue by changing authentication method from ident to md5 in /var/lib/pgsql/data/pg_hba.conf

I'm not certain if this is due to a poor installation of postgresql or Fedora being funky.

Decider Docker image installation

🐛 Summary

I installed decider docker image on 3 environments and one of them failed to run the docker compose. I didn't have any issues installing the decider docker image on Windows and Ubuntu 22. when I tried to install it on redhat 8.7 on AWS EC2 I received an error.

What's wrong? Please be specific.
Error after executing docker compose up command. The error says "Error [decider-web 3/8] RUN pip install --no-cache-dir -- requirement" this happened after COPY ./requirements.txt /requirements.txt step.

Deploy the decider app container to ECR and then to EKS

💡 Summary

What is the work, as a high-level summary?
To expand the number of organizations and end users who interested to use the decider app but they don't have the technical knowledge to provision the decider app.

Motivation and context

Why does this work belong in this project?
CISA objective is to help American companies by providing them tools to protect Their infrastructure from cyberattacks.

This would be useful because...
It everyone has a gun the bad guys will run away.

Implementation notes

Please provide details for implementation, such as:

an example for how this would be used
what this would look like
how this would act
any related work, including links to related issues

Acceptance criteria

How do we know when this work is done?

Criterion

Connection Refused via Web, password authentication failed via CLI

🐛 Summary

Unable to load site after fresh docker install, received the error 'refused to connect' in the browser. When using the "docker compose up" command I saw the error of "connection to server at "db" (172.23.0.2), port 5432 failed: FATAL: password authentication failed for user "decideradmin""

To reproduce

Steps to reproduce the behavior:

Defined the default credentials in the file while following the suggested steps on the main decider project page.
Brought the containers up using "sudo docker compose up".
Attempted to access via the web portal (http://10.1.10.111:8001).

Expected behavior

The website to load properly on the pre-defined port.

Any helpful log output or screenshots

The variables in .env:
`# admin (full-access, used in db scripts / normal modes)
DB_ADMIN_NAME=decideradmin
DB_ADMIN_PASS=D3c1d3rAdm1n

kiosk (limited read-only, used in kiosk mode)

DB_KIOSK_NAME=deciderkiosk
DB_KIOSK_PASS=D3c1d3rK10sk

cart encryption key

CART_ENC_KEY=a9OGQZnxCDo6RDx4RGGoF6eaup2I6Kvs`

Paste the results here:

decider-web  | ___________Removing all tables from DB
decider-web  | Failed to recreate tables at 0.0s into build - due to:
decider-web  | (psycopg2.OperationalError) connection to server at "db" (172.23.0.2), port 5432 failed: FATAL:  password authentication failed for user "decideradmin"
decider-web  |
decider-web  | (Background on this error at: https://sqlalche.me/e/14/e3q8)

Information provided on the sqlalche.me page was not helpful at all. Tried completely removing and purging the docker containers AND files from host, re-added them using the same instructions on the main project page with same result.

Manual Install | Decider DB Admin Perms Incorrect

initial_setup.py, which creates init.sql, should be modified to adjust the permissions of the created Decider Admin role.

The role currently cannot create extensions - of which pg_trgm is needed by Decider.

This issue is not present on Docker 🐳

FATAL: password authentication failed for user "deciderdbuser

🐛 Summary

After fresh installation (https://github.com/cisagov/decider#whale-docker) docker web container cant't connect to db container.

decider-db  | PostgreSQL Database directory appears to contain a database; Skipping initialization
decider-db  | 
decider-db  | 2023-05-05 11:46:04.652 UTC [1] LOG:  starting PostgreSQL 14.7 on x86_64-pc-linux-musl, compiled by gcc (Alpine 12.2.1_git20220924-r4) 12.2.1 20220924, 64-bit
decider-db | 2023-05-05 11:46:04.652 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
decider-db | 2023-05-05 11:46:04.652 UTC [1] LOG:  listening on IPv6 address "::", port 5432
decider-db | 2023-05-05 11:46:04.656 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
decider-db | 2023-05-05 11:46:04.664 UTC [22] LOG:  database system was shut down at 2023-05-05 11:45:24 UTC
decider-db  | 2023-05-05 11:46:04.673 UTC [1] LOG:  database system is ready to accept connections
decider-web   | Overwriting / creating user.json file with admin (ADMIN_EMAIL, ADMIN_PASS)
decider-db  | 2023-05-05 11:46:16.911 UTC [36] FATAL:  password authentication failed for user "deciderdbuser"
decider-db | 2023-05-05 11:46:16.911 UTC [36] DETAIL:  Password does not match for user "deciderdbuser".
decider-db | 	Connection matched pg_hba.conf line 96: "host all all all md5"
decider-web   | 
decider-web   | ------------------------------------------------
decider-web   | 
decider-web   | FULL_BUILD_MODE = preserve -> Checking DB Content
decider-web   | Failed to read what ATT&CK content is currently installed in the DB - due to:
decider-web   | (psycopg2.OperationalError) connection to server at "db" (192.168.64.2), port 5432 failed: FATAL:  password authentication failed for user "deciderdbuser"