Problems when sent a analisis to web manager in a another host.

Question

Problems when sent a analisis to web manager in a another host.

Closed this issue 3 years ago · 16 comments

What happened:
I install the web manager in another host i am trying run a analysis and sent it, but the analysis dont show in web manager
How to reproduce it (as minimally and precisely as possible):
install horusec manager in another host.
Run a analisis and put the flag -u whit the ip where manager are located and the token
Web manager dont show the analisys
Anything else we need to know?:
How to know what is the error, because, the anlysis dont show if the conection was succesfull
Environment:

Horusec version : V2.0
Operating System: kali linux
Network plugin / Tool and version (if this is a network-related / tool bug):
Others: instalation whit docker and docker compose

Answer 1 · 2022-02-16T23:36:48.000Z

Hello @dschacon288 tnks for report.

Is not clear for me the Version. Do you can sent again what is version:

Horusec-CLI
Horusec-Platform micro services

Answer 2 · 2022-02-16T23:42:26.000Z

version is Horusec-Platform micro services, but i dont know if the cli sent the analysis because never lauch a confirmacion, when the cli have a issue to sent the analisis have a alert

Answer 3 · 2022-02-17T14:07:12.000Z

Ok.
Horusec-Platform service is in v2.0.0, correct ?

Now, run horusec version in your terminal and sent me what is your version of the Horusec-CLI.

Show me prints or errors when you sent analysis too, this help me to understand the problem :)

Answer 4 · 2022-02-17T16:19:01.000Z

The version:

There is no error message or confirmation that the analysis has been sent, but the analysis does not appear on the web.

Answer 5 · 2022-02-17T17:06:37.000Z

okay. I need more details!
1º - Run horusec with the flag --log-level debug too. And sent to me the log file your path is showed in first lines of the analysis, something like this:

or sent to me all output of the analysis

2º Sent to me if your services is running with versions, something like this: docker ps

3º Sent to me Logs of the micro service Horusec-API, something like this: docker logs horusec-api

Answer 6 · 2022-02-17T17:30:11.000Z

Log file
Sevices runing
logs docker horusec-api

Answer 7 · 2022-02-17T17:35:34.000Z

this is the horusec start log

Answer 8 · 2022-02-17T18:49:03.000Z

OK. Your Horusec-CLI is in v2.7.1 and Horusec-Platform is in v2.17.4 both in latest version.

Now, in your project you have config file with name horusec-config.json
Check if exist this fields and clear them:

{
...
"horusecCliPrintOutputType": "",
"horusecCliJsonOutputFilepath": "",
"horusecCliRepositoryAuthorization": "",
"horusecCliHorusecApiUri": ""
...
}

For best security use environment variable to pass URI and Authorization token, somenthing like this:

> export HORUSEC_CLI_HORUSEC_API_URI="http://HOST:8000"
> export HORUSEC_CLI_REPOSITORY_AUTHORIZATION="YOUR_TOKEN"

If this works, remember to set this environments variables in safe place!

> sudo horusec start -p . --log-level debug

Answer 9 · 2022-02-17T19:30:22.000Z

Well, i clean the horuseg-confif.json and use the variable enviroment, so the result was this:

in this image, show de id of analisis

and finally the result of analisis

so, I think that the problem is in the database of web manager, because in logs of docker horusec-api show that he send a analysys to host and recive a 201 status code. but I dont undertstand why make a get

Answer 10 · 2022-02-18T12:55:34.000Z

The GET has necessary in Horusec-CLI to merge all false-positives in web application and show in your analysis locally.

Well, your analysis is being saved successfully. And when you go into your browser and access the Horusec-Manager application, it doesn't show any vulnerability on the Dashboard screen or on the Vulnerability Manager screen?

Answer 11 · 2022-02-18T12:57:23.000Z

Try access Dashboard screen in your browser and show me logs of the Horusec-Analytic service.

Answer 12 · 2022-02-18T13:38:09.000Z

This is the log of analytic services

In the browser the dashboard are empty but the vulnerability no

Vulnerabilities

Answer 13 · 2022-02-18T21:32:36.000Z

This is really strange.

You can access the analytic database and check if there is recorded data in any table?

Answer 14 · 2022-02-21T17:38:58.000Z

Well, we have these db

we are only interested in the first two

the analytic db have records

consulting data

and in horusec_db too

In the web, appear a error in the dashboard network

Answer 15 · 2022-02-21T18:23:49.000Z

wow i think i found the problem :)

Your Configuration in Horusec-Manager micro-service is wrong. The port correct of the horusec-analytic is 8005.

Change this environment variable in Horusec-Manager to:
HORUSEC_ENDPOINT_ANALYTIC = https:\\/\\/:192.168.145.129:8005

and try again

Answer 16 · 2022-02-21T18:44:26.000Z

In effect, there is the problem. Now is all correct

I have a last question, when i try to run a analisis into pipeline of azure devops. I have this error, maybe you know how to fix it