Many requests are quickly followed by a request to /acvp/v1/version endpoint

Question

Many requests are quickly followed by a request to /acvp/v1/version endpoint

Closed this issue 2 years ago · 6 comments

While looking through the server logs I notice there are a ton of 404s sent because a client is sending a request to /acvp/v1/version which is not an endpoint we support. It appears to be from libacvp clients. I looked through the code here and didn't see anything hitting that endpoint. Could you confirm that libacvp isn't trying to hit /acvp/v1/version?

Answer 1 · 2023-02-03T18:07:23.000Z

Hi Chris,

There is no where in the code that is intentionally trying to reach /acvp/v1/version. Does this seem like its happening at random intervals or in a pattern? are there enough requests that it could be multiple users?

if someone wanted, they could run acvp_app --get /acvp/v1/version, but I am not sure why.

This is definitely a headscratcher.

Thanks,
Andrew

Answer 2 · 2023-02-03T18:14:41.000Z

We see this from multiple unrelated users which tells us that it seems to happen from an open-source client. It appears they all use libacvp. It could be on their end by adding those calls within some scripts. It appears to happen immediately after some different requests, and the server always returns a 404.

Today on Demo, we saw it 23 times. On Prod today over 4000 times.

Answer 3 · 2023-02-03T18:25:04.000Z

Wow, thats alot of 404s!

If its a relatively new development, it definitely seems like its a script doing that; especially looking at the prod quantity vs demo. libacvp doesn't do anything differently depending on the server provided.

If that doesn't seem to be the case, is it possible to pull the libacvp version from the HTTP user agents making the requests? Otherwise, I am at a bit of a loss :)

Thanks,
Andrew

Answer 4 · 2023-02-03T18:37:38.000Z

I was able to pull some more detailed logs. It appears to be coming from the python-requests library. Libacvp doesn't make any requests through python does it?

Answer 5 · 2023-02-03T18:42:28.000Z

There is a python script (metadata/metadata.py) that is unmaintained and I have planning to remove it in an upcoming release. It was originally intended just to help with managing module/OE entries. However, I don't see anything in there that would hit that endpoint.

Andrew

Answer 6 · 2023-02-03T18:44:03.000Z

Thanks for checking. I'll follow up with the labs specifically and see what they use.