Hi Continuum Security, I've recently been looking at integrating a N

I attempted to update the <a href="https://github.com/continuumsecurity/bdd-security/b

Thanks for reporting and fixing that error <a class="user-mention notranslate" data-ho

<a class="user-mention notranslate" data-hovercard-type="organization" data-hovercard-

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-u

Thank you for the quick response <a class="user-mention notranslate" data-hovercard-t

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Issues with getting the Nessus Scan feature to work about bdd-security HOT 11 CLOSED

iriusrisk commented on August 17, 2024

Issues with getting the Nessus Scan feature to work

from bdd-security.

Comments (11)

403studios commented on August 17, 2024

I attempted to update the NessusScanningSteps.java regex to:

@Given("a nessus version (\\d+) server at (.*)$")
public void createNessusClient(int version, String url) {
nessusUrl = url;
nessusVersion = version;
scanClient = ClientFactory.createScanClient(url, nessusVersion, ignoreHostNamesInSSLCert); }

This regex change allows this step to be executed. Progress. However, I'm now receiving the following error when the code instantiates scanClient:

15:35:24.888 [DEBUG] [TestEventLogger] Gradle Test Executor 1 STARTED
15:35:24.892 [DEBUG] [TestEventLogger] 
15:35:24.893 [DEBUG] [TestEventLogger] net.continuumsecurity.junit.SecurityTest STARTED
15:35:24.892 [QUIET] [system.out] 15:35:24.891 [DEBUG] [org.gradle.api.internal.tasks.testing.junit.JUnitTestClassProcessor] Executing test class net.continuumsecurity.junit.SecurityTest
15:35:25.237 [DEBUG] [TestEventLogger] 
15:35:25.237 [DEBUG] [TestEventLogger] net.continuumsecurity.junit.SecurityTest STANDARD_OUT
15:35:25.237 [DEBUG] [TestEventLogger]     @nessus_scan @skip
15:35:25.239 [DEBUG] [TestEventLogger]     Feature: Nessus Scan
15:35:25.239 [DEBUG] [TestEventLogger]       Scan the hosts for known security vulnerabilities
15:35:25.239 [DEBUG] [TestEventLogger] 
15:35:25.239 [DEBUG] [TestEventLogger] net.continuumsecurity.junit.SecurityTest > Scenario: The host systems should not expose known security vulnerabilities.classMethod STARTED
15:35:25.354 [DEBUG] [TestEventLogger] 
15:35:25.354 [DEBUG] [TestEventLogger] net.continuumsecurity.junit.SecurityTest > Scenario: The host systems should not expose known security vulnerabilities.Given a nessus API client that accepts all hostnames in SSL certificates STARTED
15:35:25.357 [DEBUG] [TestEventLogger] 
15:35:25.357 [DEBUG] [TestEventLogger] net.continuumsecurity.junit.SecurityTest > Scenario: The host systems should not expose known security vulnerabilities.Given a nessus API client that accepts all hostnames in SSL certificates                                                                                                                                                                                     PASSED
15:35:25.473 [DEBUG] [TestEventLogger] 
15:35:25.473 [DEBUG] [TestEventLogger] net.continuumsecurity.junit.SecurityTest > Scenario: The host systems should not expose known security vulnerabilities.And a nessus version 6 server at https://localhost:8834 STARTED
15:35:25.510 [DEBUG] [TestEventLogger] 
15:35:25.516 [DEBUG] [TestEventLogger] net.continuumsecurity.junit.SecurityTest > Scenario: The host systems should not expose known security vulnerabilities.And a nessus version 6 server at https://localhost:8834                                                                                                                                                                                                      FAILED
15:35:25.517 [DEBUG] [TestEventLogger]     java.lang.RuntimeException: java.lang.InstantiationException: com.fasterxml.jackson.jaxrs.annotation.JacksonFeatures
15:35:25.517 [DEBUG] [TestEventLogger]         at org.apache.cxf.jaxrs.impl.ConfigurationImpl.createProvider(ConfigurationImpl.java:208)
15:35:25.517 [DEBUG] [TestEventLogger]         at org.apache.cxf.jaxrs.impl.ConfigurableImpl.register(ConfigurableImpl.java:102)
15:35:25.517 [DEBUG] [TestEventLogger]         at org.apache.cxf.jaxrs.impl.ConfigurableImpl.register(ConfigurableImpl.java:97)
15:35:25.517 [DEBUG] [TestEventLogger]         at org.apache.cxf.jaxrs.client.spec.ClientBuilderImpl.register(ClientBuilderImpl.java:56)
15:35:25.520 [DEBUG] [TestEventLogger]         at org.apache.cxf.jaxrs.client.spec.ClientBuilderImpl.register(ClientBuilderImpl.java:35)
15:35:25.520 [DEBUG] [TestEventLogger]         at net.continuumsecurity.ClientFactory.createV6Client(ClientFactory.java:54)
15:35:25.521 [DEBUG] [TestEventLogger]         at net.continuumsecurity.v6.SessionClientV6.<init>(SessionClientV6.java:30)
15:35:25.521 [DEBUG] [TestEventLogger]         at net.continuumsecurity.v6.ScanClientV6.<init>(ScanClientV6.java:22)
15:35:25.521 [DEBUG] [TestEventLogger]         at net.continuumsecurity.ClientFactory.createScanClient(ClientFactory.java:66)
15:35:25.521 [DEBUG] [TestEventLogger]         at net.continuumsecurity.steps.NessusScanningSteps.createNessusClient(NessusScanningSteps.java:41)
15:35:25.521 [DEBUG] [TestEventLogger]         at ✽.And a nessus version 6 server at https://localhost:8834(nessus_scan.feature:7)
15:35:25.521 [DEBUG] [TestEventLogger] 
15:35:25.524 [DEBUG] [TestEventLogger]         Caused by:
15:35:25.524 [DEBUG] [TestEventLogger]         java.lang.InstantiationException: com.fasterxml.jackson.jaxrs.annotation.JacksonFeatures
15:35:25.524 [DEBUG] [TestEventLogger]             at java.lang.Class.newInstance(Class.java:427)
15:35:25.524 [DEBUG] [TestEventLogger]             at org.apache.cxf.jaxrs.impl.ConfigurationImpl.createProvider(ConfigurationImpl.java:206)
15:35:25.524 [DEBUG] [TestEventLogger]             at org.apache.cxf.jaxrs.impl.ConfigurableImpl.register(ConfigurableImpl.java:102)
15:35:25.525 [DEBUG] [TestEventLogger]             at org.apache.cxf.jaxrs.impl.ConfigurableImpl.register(ConfigurableImpl.java:97)
15:35:25.525 [DEBUG] [TestEventLogger]             at org.apache.cxf.jaxrs.client.spec.ClientBuilderImpl.register(ClientBuilderImpl.java:56)
15:35:25.525 [DEBUG] [TestEventLogger]             at org.apache.cxf.jaxrs.client.spec.ClientBuilderImpl.register(ClientBuilderImpl.java:35)
15:35:25.525 [DEBUG] [TestEventLogger]             at net.continuumsecurity.ClientFactory.createV6Client(ClientFactory.java:54)
15:35:25.525 [DEBUG] [TestEventLogger]             at net.continuumsecurity.v6.SessionClientV6.<init>(SessionClientV6.java:30)
15:35:25.525 [DEBUG] [TestEventLogger]             at net.continuumsecurity.v6.ScanClientV6.<init>(ScanClientV6.java:22)
15:35:25.526 [DEBUG] [TestEventLogger]             at net.continuumsecurity.ClientFactory.createScanClient(ClientFactory.java:66)
15:35:25.526 [DEBUG] [TestEventLogger]             at net.continuumsecurity.steps.NessusScanningSteps.createNessusClient(NessusScanningSteps.java:41)
15:35:25.526 [DEBUG] [TestEventLogger]             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
15:35:25.526 [DEBUG] [TestEventLogger]             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
15:35:25.526 [DEBUG] [TestEventLogger]             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
15:35:25.526 [DEBUG] [TestEventLogger]             at java.lang.reflect.Method.invoke(Method.java:498)
15:35:25.526 [DEBUG] [TestEventLogger]             at cucumber.runtime.Utils$1.call(Utils.java:37)
15:35:25.527 [DEBUG] [TestEventLogger]             at cucumber.runtime.Timeout.timeout(Timeout.java:13)
15:35:25.527 [DEBUG] [TestEventLogger]             at cucumber.runtime.Utils.invoke(Utils.java:31)
15:35:25.527 [DEBUG] [TestEventLogger]             at cucumber.runtime.java.JavaStepDefinition.execute(JavaStepDefinition.java:38)
15:35:25.527 [DEBUG] [TestEventLogger]             at cucumber.runtime.StepDefinitionMatch.runStep(StepDefinitionMatch.java:37)
15:35:25.527 [DEBUG] [TestEventLogger]             at cucumber.runtime.Runtime.runStep(Runtime.java:299)
15:35:25.527 [DEBUG] [TestEventLogger]             at cucumber.runtime.model.StepContainer.runStep(StepContainer.java:44)
15:35:25.527 [DEBUG] [TestEventLogger]             at cucumber.runtime.model.StepContainer.runSteps(StepContainer.java:39)
15:35:25.528 [DEBUG] [TestEventLogger]             at cucumber.runtime.model.CucumberScenario.run(CucumberScenario.java:44)
15:35:25.528 [DEBUG] [TestEventLogger]             at cucumber.runtime.junit.ExecutionUnitRunner.run(ExecutionUnitRunner.java:91)
15:35:25.528 [DEBUG] [TestEventLogger]             at cucumber.runtime.junit.FeatureRunner.runChild(FeatureRunner.java:63)
15:35:25.528 [DEBUG] [TestEventLogger]             at cucumber.runtime.junit.FeatureRunner.runChild(FeatureRunner.java:18)
15:35:25.528 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
15:35:25.528 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
15:35:25.528 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
15:35:25.529 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
15:35:25.529 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
15:35:25.529 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
15:35:25.529 [DEBUG] [TestEventLogger]             at cucumber.runtime.junit.FeatureRunner.run(FeatureRunner.java:70)
15:35:25.529 [DEBUG] [TestEventLogger]             at cucumber.api.junit.Cucumber.runChild(Cucumber.java:93)
15:35:25.529 [DEBUG] [TestEventLogger]             at cucumber.api.junit.Cucumber.runChild(Cucumber.java:37)
15:35:25.529 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
15:35:25.529 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
15:35:25.530 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
15:35:25.530 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
15:35:25.530 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
15:35:25.530 [DEBUG] [TestEventLogger]             at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
15:35:25.530 [DEBUG] [TestEventLogger]             at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
15:35:25.530 [DEBUG] [TestEventLogger]             at cucumber.api.junit.Cucumber.run(Cucumber.java:98)
15:35:25.530 [DEBUG] [TestEventLogger]             at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.runTestClass(JUnitTestClassExecuter.java:105)
15:35:25.531 [DEBUG] [TestEventLogger]             at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.execute(JUnitTestClassExecuter.java:56)
15:35:25.531 [DEBUG] [TestEventLogger]             at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassProcessor.processTestClass(JUnitTestClassProcessor.java:64)
15:35:25.531 [DEBUG] [TestEventLogger]             at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.processTestClass(SuiteTestClassProcessor.java:50)
15:35:25.531 [DEBUG] [TestEventLogger]             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
15:35:25.531 [DEBUG] [TestEventLogger]             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
15:35:25.531 [DEBUG] [TestEventLogger]             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
15:35:25.531 [DEBUG] [TestEventLogger]             at java.lang.reflect.Method.invoke(Method.java:498)
15:35:25.531 [DEBUG] [TestEventLogger]             at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
15:35:25.532 [DEBUG] [TestEventLogger]             at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
15:35:25.532 [DEBUG] [TestEventLogger]             at org.gradle.messaging.dispatch.ContextClassLoaderDispatch.dispatch(ContextClassLoaderDispatch.java:32)
15:35:25.532 [DEBUG] [TestEventLogger]             at org.gradle.messaging.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:93)
15:35:25.532 [DEBUG] [TestEventLogger]             at com.sun.proxy.$Proxy2.processTestClass(Unknown Source)
15:35:25.536 [DEBUG] [TestEventLogger]             at org.gradle.api.internal.tasks.testing.worker.TestWorker.processTestClass(TestWorker.java:106)
15:35:25.537 [DEBUG] [TestEventLogger]             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
15:35:25.537 [DEBUG] [TestEventLogger]             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
15:35:25.537 [DEBUG] [TestEventLogger]             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
15:35:25.537 [DEBUG] [TestEventLogger]             at java.lang.reflect.Method.invoke(Method.java:498)
15:35:25.537 [DEBUG] [TestEventLogger]             at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
15:35:25.538 [DEBUG] [TestEventLogger]             at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
15:35:25.538 [DEBUG] [TestEventLogger]             at org.gradle.messaging.remote.internal.hub.MessageHub$Handler.run(MessageHub.java:360)
15:35:25.538 [DEBUG] [TestEventLogger]             at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:54)
15:35:25.540 [DEBUG] [TestEventLogger]             at org.gradle.internal.concurrent.StoppableExecutorImpl$1.run(StoppableExecutorImpl.java:40)
15:35:25.540 [DEBUG] [TestEventLogger]             at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
15:35:25.541 [DEBUG] [TestEventLogger]             at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
15:35:25.541 [DEBUG] [TestEventLogger]             at java.lang.Thread.run(Thread.java:745)
15:35:25.541 [DEBUG] [TestEventLogger] 
15:35:25.541 [DEBUG] [TestEventLogger]             Caused by:
15:35:25.541 [DEBUG] [TestEventLogger]             java.lang.NoSuchMethodException: com.fasterxml.jackson.jaxrs.annotation.JacksonFeatures.<init>()
15:35:25.541 [DEBUG] [TestEventLogger]                 at java.lang.Class.getConstructor0(Class.java:3082)
15:35:25.541 [DEBUG] [TestEventLogger]                 at java.lang.Class.newInstance(Class.java:412)
15:35:25.541 [DEBUG] [TestEventLogger]                 ... 69 more

I've traced this back to the createV6Client() method in the ClientFactory class of the nessus-java-client library.

I'm unfamiliar with Jackson and not able to take this further. If this can be resolved, I will submit a pull request to fix the regex errors in the Nessus Scan feature. Any help is appreciated. Thanks!

Regards,
Rob

from bdd-security.

commented on August 17, 2024

Thanks for reporting and fixing that error @403studios
I'll have a look at the Jackson error - which version of JVM are you using?

from bdd-security.

403studios commented on August 17, 2024

@continuumsecurity Thanks for taking a look at the Jackson error.

Here's my JVM version:

403studios@ubuntu-pxe0:~$ java -version
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)

Let me know if you would like me to file a report against nessus-java-client instead.

Regards,
Rob

from bdd-security.

Traxspeed commented on August 17, 2024

Does anyone has an update on this?
I am running into the same issue. I have updated Jackson to a later version (2.8.1) but error still persists!?

Regards,
Trax

from bdd-security.

403studios commented on August 17, 2024

@Traxspeed No update on the Jackson error from me. I've got a couple more pull requests ready to fix an AmbiguousStepDefinitionsException and fix an incorrect variable reference in NessusScanningSteps.java. I've held off on submitting these pull requests.

@continuumsecurity any update on the Jackson error?

Regards,
Rob

from bdd-security.

stephendv1 commented on August 17, 2024

@Traxspeed @403studios apologies for the delay - will address this by the 4th April.

from bdd-security.

403studios commented on August 17, 2024

Thanks @stephendv1 for the update. I'll submit the previously-mentioned PRs once I'm able to test my changes.

Regards,
Rob

from bdd-security.

Traxspeed commented on August 17, 2024

Thank you for the quick response @stephendv1, great support!

Regards,
Trax

from bdd-security.

stephendv1 commented on August 17, 2024

@403studios @Traxspeed the problem seems to be a conflict with Apache CXF, have removed it as it's only needed for the web services example. Fixed version pushed to master.

from bdd-security.

Traxspeed commented on August 17, 2024

@stephendv1
Bedankt, Gracias, thank you, good work!
Nessus scan are running properly now!

Kind regards,
Trax

from bdd-security.

stephendv1 commented on August 17, 2024

Glad to hear it! :)

from bdd-security.

Issues with getting the Nessus Scan feature to work about bdd-security HOT 11 CLOSED

Comments (11)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent