Not able to test TLS-Scanner because of "Exception in thread "main" java.lang.IllegalArgumentException: argument "src" is null"
sajualways opened this issue · 28 comments
I have installed TLS-Scanner-3.0.2 and tried below basic command to test a server but it gives error as below
java -jar apps/TLS-Scanner.jar -connect :
INFO : Main - Performing Scan, this may take some time...
Exception in thread "main" java.lang.IllegalArgumentException: argument "src" is null
at com.fasterxml.jackson.databind.ObjectMapper._assertNotNull(ObjectMapper.java:4413)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3241)
at de.rub.nds.tlsscanner.trust.TrustAnchorManager.readPlatform(TrustAnchorManager.java:92)
at de.rub.nds.tlsscanner.trust.TrustAnchorManager.(TrustAnchorManager.java:63)
at de.rub.nds.tlsscanner.trust.TrustAnchorManager.getInstance(TrustAnchorManager.java:55)
at de.rub.nds.tlsscanner.TlsScanner.scan(TlsScanner.java:147)
at de.rub.nds.tlsscanner.Main.main(Main.java:46)
Ah, this is because you did not check out git submodules (which adds a CA repo to TLS-Scanner). The next version will handle this problem more gracefully. Sorry
which is the next version and when it will be ready ?
We will release it in september since it contains tests for vulnerabilities which are currently still under embargo
Ok, Thanks for the update.
Till then any workaround so that i can test with this version ?
git submodule init
git submodule update
after using above git update, now i see continuous exception in a loop when i use
java -jar apps/TLS-Scanner.jar -connect
at de.rub.nds.tlsscanner.ThreadedScanJobExecutor.execute(ThreadedScanJobExecutor.java:72)
at de.rub.nds.tlsscanner.TlsScanner.scan(TlsScanner.java:162)
at de.rub.nds.tlsscanner.Main.main(Main.java:46)
Caused by: java.lang.NullPointerException
at de.rub.nds.tlsscanner.probe.certificate.CertificateChain.(CertificateChain.java:87)
at de.rub.nds.tlsscanner.probe.CertificateProbe.executeTest(CertificateProbe.java:60)
at de.rub.nds.tlsscanner.probe.TlsProbe.call(TlsProbe.java:75)
at de.rub.nds.tlsscanner.probe.TlsProbe.call(TlsProbe.java:32)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
ERROR: ThreadedScanJobExecutor - Encountered an exceptiuon before we could merge the result
java.util.concurrent.ExecutionException: java.lang.NullPointerException
at java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.util.concurrent.FutureTask.get(FutureTask.java:192)
at de.rub.nds.tlsscanner.ThreadedScanJobExecutor.executeProbesTillNoneCanBeExecuted(ThreadedScanJobExecutor.java:100)
at de.rub.nds.tlsscanner.ThreadedScanJobExecutor.execute(ThreadedScanJobExecutor.java:72)
at de.rub.nds.tlsscanner.TlsScanner.scan(TlsScanner.java:162)
at de.rub.nds.tlsscanner.Main.main(Main.java:46)
Caused by: java.lang.NullPointerException
at de.rub.nds.tlsscanner.probe.certificate.CertificateChain.(CertificateChain.java:87)
at de.rub.nds.tlsscanner.probe.CertificateProbe.executeTest(CertificateProbe.java:60)
at de.rub.nds.tlsscanner.probe.TlsProbe.call(TlsProbe.java:75)
at de.rub.nds.tlsscanner.probe.TlsProbe.call(TlsProbe.java:32)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Oh that should not happen. It looks like TLS-Scanner was unable to retrieve the Certificate of the server which then results in this NPE. Can you try it with this patch?:
diff --git a/src/main/java/de/rub/nds/tlsscanner/probe/CertificateProbe.java b/src/main/java/de/rub/nds/tlsscanner/probe/CertificateProbe.java
index 86bb390..9cc9d40 100644
--- a/src/main/java/de/rub/nds/tlsscanner/probe/CertificateProbe.java
+++ b/src/main/java/de/rub/nds/tlsscanner/probe/CertificateProbe.java
@@ -57,8 +57,13 @@ public class CertificateProbe extends TlsProbe {
tlsConfig.setDefaultClientSupportedCiphersuites(toTestList);
tlsConfig.setStopActionsAfterFatal(true);
Certificate serverCert = CertificateFetcher.fetchServerCertificate(tlsConfig);
- CertificateChain chain = new CertificateChain(serverCert, tlsConfig.getDefaultClientConnection().getHostname());
- return new CertificateResult(chain, serverCert);
+ if (serverCert == null) {
+ return getCouldNotExecuteResult();
+ } else {
+ CertificateChain chain = new CertificateChain(serverCert, tlsConfig.getDefaultClientConnection().getHostname());
+
+ return new CertificateResult(chain, serverCert);
+ }
}
@Override
I tried "git pull" but it says Already up to date.
could you please let me know how to update this specific patch?
safe the patch in a file.
then run:
git apply patch.file
then rebuild with mvn clean install
Thanks a lot.......It is working now.
Further during the test, i found this exception now
INFO : Main - Scanned in: 78s
WARN : SiteReportRater - Influencer has 'null' influence
WARN : SiteReportRater - Influencer has 'null' influence
Exception in thread "main" java.lang.NullPointerException
at de.rub.nds.tlsscanner.rating.PropertyResultRatingInfluencer.compareTo(PropertyResultRatingInfluencer.java:104)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.lambda$appendRecommendations$1(SiteReportPrinter.java:1055)
at java.util.TimSort.countRunAndMakeAscending(TimSort.java:355)
at java.util.TimSort.sort(TimSort.java:234)
at java.util.Arrays.sort(Arrays.java:1512)
at java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:353)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:483)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:485)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.appendRecommendations(SiteReportPrinter.java:1056)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.getFullReport(SiteReportPrinter.java:131)
at de.rub.nds.tlsscanner.report.SiteReport.getFullReport(SiteReport.java:404)
at de.rub.nds.tlsscanner.Main.main(Main.java:52)
uf. This is not looking good. May I know what server you are scanning? It seems like TLS-Scanner is really struggeling with this one.
You can get it working by doing this:
diff --git a/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java b/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java
index 793fb54..5813201 100644
--- a/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java
+++ b/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java
@@ -127,7 +127,7 @@ public class SiteReportPrinter {
appendHttps(builder);
appendRandom(builder);
appendPublicKeyIssues(builder);
- appendScoringResults(builder);
+ //appendScoringResults(builder);
appendRecommendations(builder);
appendPerformanceData(builder);
But this just prevents the apparently buggy feature from getting executed...
This is one of my internal server....It actually finished the scan but at last it gave an exception
INFO : Main - Performing Scan, this may take some time...
+++COMMON_BUGS executed
+++SNI executed
+++COMPRESSIONS executed
+++NAMED_GROUPS executed
+++CERTIFICATE executed
+++PROTOCOL_VERSION executed
+++CIPHERSUITE executed
+++CIPHERSUITE_ORDER executed
+++EXTENSIONS executed
+++TLS13 executed
+++TOKENBINDING executed
+++HTTP_HEADER executed
+++HEARTBLEED executed
+++DROWN executed
+++EARLY_CCS executed
+++RESUMPTION executed
+++RENEGOTIATION executed
+++PADDING_ORACLE executed
+++BLEICHENBACHER executed
+++TLS_POODLE executed
+++INVALID_CURVE executed
+++MAC executed
+++SESSION_TICKET_ZERO_KEY executed
INFO : ThreadedScanJobExecutor - Finished scan for: :
INFO : Main - Scanned in: 78s
WARN : SiteReportRater - Influencer has 'null' influence
WARN : SiteReportRater - Influencer has 'null' influence
Exception in thread "main" java.lang.NullPointerException
at de.rub.nds.tlsscanner.rating.PropertyResultRatingInfluencer.compareTo(PropertyResultRatingInfluencer.java:104)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.lambda$appendRecommendations$1(SiteReportPrinter.java:1055)
at java.util.TimSort.countRunAndMakeAscending(TimSort.java:355)
at java.util.TimSort.sort(TimSort.java:234)
at java.util.Arrays.sort(Arrays.java:1512)
at java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:353)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:483)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:485)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.appendRecommendations(SiteReportPrinter.java:1056)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.getFullReport(SiteReportPrinter.java:131)
at de.rub.nds.tlsscanner.report.SiteReport.getFullReport(SiteReport.java:404)
at de.rub.nds.tlsscanner.Main.main(Main.java:52)
I tried to install above patch but it gave error
error: corrupt patch at line 13
Ah sorry I did not copy the last empty line. Just add an empty line at the end and it should work
even after the patch it is still giving the exception
INFO : Main - Scanned in: 79s
WARN : SiteReportRater - Influencer has 'null' influence
Exception in thread "main" java.lang.NullPointerException
at de.rub.nds.tlsscanner.rating.PropertyResultRatingInfluencer.compareTo(PropertyResultRatingInfluencer.java:104)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.lambda$appendRecommendations$1(SiteReportPrinter.java:1055)
at java.util.TimSort.countRunAndMakeAscending(TimSort.java:355)
at java.util.TimSort.sort(TimSort.java:234)
at java.util.Arrays.sort(Arrays.java:1512)
at java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:353)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:483)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:485)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.appendRecommendations(SiteReportPrinter.java:1056)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.getFullReport(SiteReportPrinter.java:131)
at de.rub.nds.tlsscanner.report.SiteReport.getFullReport(SiteReport.java:404)
at de.rub.nds.tlsscanner.Main.main(Main.java:52)
I think you did not rebuilt
mvn clean install
Yes I did rebuilt but still it failed
INFO : ThreadedScanJobExecutor - Finished scan for: ip:port
INFO : Main - Scanned in: 87s
WARN : SiteReportRater - Influencer has 'null' influence
Exception in thread "main" java.lang.NullPointerException
at de.rub.nds.tlsscanner.rating.PropertyResultRatingInfluencer.compareTo(PropertyResultRatingInfluencer.java:104)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.lambda$appendRecommendations$1(SiteReportPrinter.java:1055)
at java.util.TimSort.countRunAndMakeAscending(TimSort.java:355)
at java.util.TimSort.sort(TimSort.java:234)
at java.util.Arrays.sort(Arrays.java:1512)
at java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:353)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:483)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:485)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.appendRecommendations(SiteReportPrinter.java:1056)
at de.rub.nds.tlsscanner.report.SiteReportPrinter.getFullReport(SiteReportPrinter.java:131)
at de.rub.nds.tlsscanner.report.SiteReport.getFullReport(SiteReport.java:404)
at de.rub.nds.tlsscanner.Main.main(Main.java:52)
ups sorry my bad,
diff --git a/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java b/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java
index 793fb54..2c5fdc7 100644
--- a/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java
+++ b/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java
@@ -127,8 +127,8 @@ public class SiteReportPrinter {
appendHttps(builder);
appendRandom(builder);
appendPublicKeyIssues(builder);
- appendScoringResults(builder);
- appendRecommendations(builder);
+ //appendScoringResults(builder);
+ //appendRecommendations(builder);
appendPerformanceData(builder);
Is there a difference in behaviour, because same TLS-Scanner works with my other SSL server
well - yes. The TLS-Scanner tries to perform various handshakes to determine the supported features and present vulnerabilities. But some servers have exotic configurations or have certain bugs which prevent the scanner currently from scanning it successfully. I am always trying to hunt those cases down...
ups sorry my bad,
diff --git a/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java b/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java index 793fb54..2c5fdc7 100644 --- a/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java +++ b/src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java @@ -127,8 +127,8 @@ public class SiteReportPrinter { appendHttps(builder); appendRandom(builder); appendPublicKeyIssues(builder); - appendScoringResults(builder); - appendRecommendations(builder); + //appendScoringResults(builder); + //appendRecommendations(builder); appendPerformanceData(builder);
this patch gave me error while applying patch
error: patch failed: src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java:127
error: src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java: patch does not apply
uff, please comment out the line in the file: src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java manually then.
//appendRecommendations(builder);
ok...now it is fine.
uff, please comment out the line in the file: src/main/java/de/rub/nds/tlsscanner/report/SiteReportPrinter.java manually then.
//appendRecommendations(builder);
ok......now it is fine
so all these issues will be fixed in next upcoming release in September ?
I hope so, yes
Thanks for all the help !!