'Set up completed' instead of vulnerability report

Question

'Set up completed' instead of vulnerability report

1shevelov opened this issue 5 years ago · 16 comments

Running the library from Windows Command Processor as suggested in README 'npx is-website-vulnerable /full URL/' without installing first. Tried couple of times with different websites with the same result.

Expected Behavior

I see vulnerability report as demonstrated on the README's screenshot.

Current Behavior

After waiting several minutes (3-4 at least) of running messages with different packages I get a message "V Set up completed in 2.67 seconds!" (or another number of seconds). Command Prompt freezes not showing command prompt or respond to any keys like Ctrl-C.

Possible Solution

No idea.

Steps to Reproduce (for bugs)

Run Command Prompt cmd.exe
type npx is-website-vulnerable /any string/
press Enter

Context

Your Environment

Date: today
OS: Windows 10 Home
npm/npx 6.11.3

Answer 1 · 2019-11-07T06:52:24.000Z

@1shevelov thanks for letting us know and sorry for the bad experience.
if you add a --json to the command does it work or are you experiencing similar issues?

Answer 2 · 2019-11-07T15:45:42.000Z

It worked with '--json' flag!
Took about 5 minutes on my SSD-less system (less then 4 min for wrong address) but found a vulnerability, displayed a report and finished correctly.

Answer 3 · 2019-11-08T07:58:47.000Z

Thanks! it seems like the animations aren't showing up properly on that command prompt.
I assume if you try to run it again without JSON it still freezes?

If so, can I ask you to run: npx terminal-detect and share the output here?
Maybe there's a way we can detect incompatible terminals and fix it. And, If you are able to find a fix and push a PR I will happily merge it.

Answer 4 · 2019-11-12T12:43:10.000Z

Faced the same issue and I have given your command as well .
npx terminal-detect is-website-vulnerable http://localhost:4200/ --desktop
npx: installed 4 in 40.989s
{ colors: { '16': true, '256': false, '16m': false },
charset: { unicode: false } }

Answer 5 · 2019-11-12T14:03:00.000Z

Change Line 31 of the file is-website-vulnerable.js to fix this.
const showProgressBar = !argv; instead of const showProgressBar = !argv.json;

Answer 6 · 2019-11-13T14:34:23.000Z

Thanks! it seems like the animations aren't showing up properly on that command prompt.
I assume if you try to run it again without JSON it still freezes?

Yep, still freezes like reported, checked just now.

If so, can I ask you to run: npx terminal-detect and share the output here?

Answer 7 · 2019-11-13T18:13:40.000Z

Change Line 31 of the file is-website-vulnerable.js to fix this.
const showProgressBar = !argv; instead of const showProgressBar = !argv.json;

This shouldn't be the reason, that line of code is ok.

Answer 8 · 2019-11-13T18:45:33.000Z

🎉 This issue has been resolved in version 1.9.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

Answer 9 · 2019-11-14T05:35:27.000Z

For me with just line 31 changes the code worked with the following test cases in Windows 8.
is-website-vulnerable http://localhost:localport/
is-website-vulnerable http://localhost:localport/ --json (will take mobile as the argument as default).
is-website-vulnerable http://localhost:localport/ --json --desktop
is-website-vulnerable http://localhost:localport/ --json --js-lib
is-website-vulnerable http://localhost:localport/ --js-lib.
is-website-vulnerable

Tested with Run as Admin for cmd prompt.

Answer 10 · 2019-11-14T09:43:45.000Z

Yep because you're disabling all prompt animation entirely.
I added a commit that disables it only when being used on Windows. Can you confirm that this is working well now for you?

Answer 11 · 2019-11-14T10:31:52.000Z

Did that and works. However for certain sites (https://www.linkedin.com/) it gives me the following error

node is-website-vulnerable.js https://www.linkedin.com/ --json
ERROR: The process with PID 14648 (child process of PID 4764) could not be terminated.
Reason: There is no running instance of the task.

Error: Chrome could not be killed Command failed: taskkill /pid 4764 /T /F
ERROR: The process with PID 14648 (child process of PID 4764) could not be terminated.
Reason: There is no running instance of the task.

at Promise (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:256:28)
at new Promise (<anonymous>)
at Launcher.kill (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:238:16)
at Object.<anonymous> (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:58:29)
at Generator.next (<anonymous>)
at D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:12:71
at new Promise (<anonymous>)
at __awaiter (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:8:12)
at Object.kill (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:53:28)
at Audit.scanUrl (D:\TEST\TestNPM\LatestCode\is-website-vulnerable-master\src\Audit.js:81:26)

Usage:
is-website-vulnerable https://www.example.com

Answer 12 · 2019-11-14T12:59:37.000Z

looks like an issue with Chrome launcher. I suppose that doesn't happen all the time with the same website, right?

Answer 13 · 2019-11-14T13:08:59.000Z

Happens all the time with https://www.linkedin.com/

Answer 14 · 2019-11-14T13:12:20.000Z

Unfortunately I can't reproduce it here. Maybe that's just running a bit slow on your end which does some trouble to the chrome launcher when it attempts to kill the process?

Answer 15 · 2019-11-14T15:20:30.000Z

Looks like the dependency module is having the issue

GoogleChrome/chrome-launcher#178

Answer 16 · 2019-11-14T17:31:22.000Z

Oh thanks!
I may need to update that library in the shrinkwrap file then