Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keiko error generating organization report due to _, ^, $, and # characters #749

Closed
tobiasBDO opened this issue Apr 18, 2023 · 4 comments · Fixed by #900
Closed

Keiko error generating organization report due to _, ^, $, and # characters #749

tobiasBDO opened this issue Apr 18, 2023 · 4 comments · Fixed by #900
Assignees
@praseodym
Labels
bug Something isn't working keiko Issues related to keiko

Comments

@tobiasBDO
Copy link
Contributor

Describe the bug
During the generation of the report on organization level Keiko times out and generates a debug log. It does however manage to generate reports on smaller objects and/or findings. For example, findings about SPF, SKIM and DMARC.

To Reproduce
Steps to reproduce the behavior:

  1. Fill your OpenKAT with scans and CVE's
  2. Try to generate a report with all findings
  3. Download the report

Expected behavior
I expect Keiko to generate a report, and being able to succesfuly download it.

Screenshots
afbeelding

OpenKAT version
I am making use of the make kat install on Ubuntu 22.04.02 with Docker version 23.0.3, build 3e7cbfd.

Additional context
I can attach the whole log on request, I'll paste a piece of it down below since it is about 21116 lines.

INFO:     Will watch for changes in these directories: ['/app/keiko/keiko']
INFO:     Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit)
INFO:     Started reloader process [1] using StatReload
[2023-04-18 09:26:18 +0000] [8] [INFO] [logging] [keiko.logging] Logging configuration loaded. [log_cfg=logging.json]
[2023-04-18 09:26:18 +0000] [8] [INFO] [templates] [keiko.templates] Loading samples in folder: /app/keiko/templates
INFO:     Started server process [8]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     172.24.0.13:37262 - "POST /reports HTTP/1.1" 200 OK
[2023-04-18 09:26:28 +0000] [8] [INFO] [keiko] [keiko.keiko] Data shape validation successful. [report_id=ab435fc3] [template=bevindingenrapport]
[2023-04-18 09:26:28 +0000] [8] [INFO] [keiko] [keiko.keiko] Glossary loaded. [report_id=ab435fc3] [glossary=dutch.hiero.csv]
[2023-04-18 09:26:28 +0000] [8] [INFO] [keiko] [keiko.keiko] Template rendered. [report_id=ab435fc3] [template=bevindingenrapport]
[2023-04-18 09:26:28 +0000] [8] [INFO] [keiko] [keiko.keiko] Temporary folder created. [report_id=ab435fc3] [template=bevindingenrapport] [directory=/tmp/tmp91pkxkmu]
[2023-04-18 09:26:28 +0000] [8] [INFO] [keiko] [keiko.keiko] Assets copied. [report_id=ab435fc3] [template=bevindingenrapport]
INFO:     172.24.0.13:37262 - "GET /ab435fc3.keiko.pdf HTTP/1.1" 404 Not Found
INFO:     172.24.0.13:37262 - "GET /ab435fc3.keiko.pdf HTTP/1.1" 404 Not Found
[2023-04-18 09:26:31 +0000] [8] [INFO] [keiko] [keiko.keiko] pdflatex [run=1] [report_id=ab435fc3] [template=bevindingenrapport] [command=pdflatex -synctex=1 -interaction=nonstopmode /tmp/tmp91pkxkmu/ab435fc3.keiko.tex]
[2023-04-18 09:26:31 +0000] [8] [ERROR] [keiko] [keiko.keiko] stdout: This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex)
 restricted \write18 enabled.
entering extended mode
(/tmp/tmp91pkxkmu/ab435fc3.keiko.tex
LaTeX2e <2020-10-01> patch level 4
L3 programming layer <2021-01-09> xparse <2020-03-03>
(/usr/share/texlive/texmf-dist/tex/latex/base/report.cls
Document Class: report 2020/04/10 v1.4m Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo))
(/usr/share/texlive/texmf-dist/tex/generic/babel/babel.sty
(/usr/share/texlive/texmf-dist/tex/generic/babel/babel.def
(/usr/share/texlive/texmf-dist/tex/generic/babel/txtbabel.def))
(/usr/share/texlive/texmf-dist/tex/generic/babel-dutch/dutch.ldf))
(/usr/share/texlive/texmf-dist/tex/latex/booktabs/booktabs.sty)
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption.sty
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption3.sty
(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty)))
(/usr/share/texlive/texmf-dist/tex/latex/fancyhdr/fancyhdr.sty)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphicx.sty
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphics.sty
(/usr/share/texlive/texmf-dist/tex/latex/graphics/trig.sty)
(/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/graphics.cfg)
(/usr/share/texlive/texmf-dist/tex/latex/graphics-def/pdftex.def)))
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hyperref.sty
(/usr/share/texlive/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty)
(/usr/share/texlive/texmf-dist/tex/generic/iftex/iftex.sty)
(/usr/share/texlive/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
(/usr/share/texlive/texmf-dist/tex/generic/infwarerr/infwarerr.sty))
(/usr/share/texlive/texmf-dist/tex/generic/kvsetkeys/kvsetkeys.sty)
(/usr/share/texlive/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty)
(/usr/share/texlive/texmf-dist/tex/generic/pdfescape/pdfescape.sty)
(/usr/share/texlive/texmf-dist/tex/latex/hycolor/hycolor.sty)
(/usr/share/texlive/texmf-dist/tex/latex/letltxmacro/letltxmacro.sty)
(/usr/share/texlive/texmf-dist/tex/latex/auxhook/auxhook.sty)
(/usr/share/texlive/texmf-dist/tex/latex/kvoptions/kvoptions.sty)
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/pd1enc.def)
(/usr/share/texlive/texmf-dist/tex/generic/intcalc/intcalc.sty)
(/usr/share/texlive/texmf-dist/tex/generic/etexcmds/etexcmds.sty)
(/usr/share/texlive/texmf-dist/tex/latex/url/url.sty)
(/usr/share/texlive/texmf-dist/tex/generic/bitset/bitset.sty
(/usr/share/texlive/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty))
(/usr/share/texlive/texmf-dist/tex/latex/base/atbegshi-ltx.sty))
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hpdftex.def
(/usr/share/texlive/texmf-dist/tex/latex/base/atveryend-ltx.sty)
(/usr/share/texlive/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
(/usr/share/texlive/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty)))
(/usr/share/texlive/texmf-dist/tex/latex/tools/longtable.sty)
(/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty)
(/usr/share/texlive/texmf-dist/tex/latex/lastpage/lastpage.sty)
(/usr/share/texlive/texmf-dist/tex/latex/ragged2e/ragged2e.sty
(/usr/share/texlive/texmf-dist/tex/latex/everysel/everysel.sty
(/usr/share/texlive/texmf-dist/tex/latex/everysel/everysel-2011-10-28.sty)))
(/usr/share/texlive/texmf-dist/tex/latex/titlepic/titlepic.sty)
(/usr/share/texlive/texmf-dist/tex/latex/sectsty/sectsty.sty

LaTeX Warning: Command \underbar  has changed.
               Check if current package is valid.


LaTeX Warning: Command \underline  has changed.
               Check if current package is valid.

) (/usr/share/texlive/texmf-dist/tex/latex/xcolor/xcolor.sty
(/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/color.cfg))
(/usr/share/texlive/texmf-dist/tex/latex/draftwatermark/draftwatermark.sty)
(/usr/share/texlive/texmf-dist/tex/latex/colortbl/colortbl.sty
(/usr/share/texlive/texmf-dist/tex/latex/tools/array.sty))
(/usr/share/texlive/texmf-dist/tex/latex/psnfss/helvet.sty)
(/usr/share/texlive/texmf-dist/tex/latex/psnfss/ot1phv.fd)
(/usr/share/texlive/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def)
No file ab435fc3.keiko.aux.
(/usr/share/texlive/texmf-dist/tex/latex/caption/ltcaption.sty)
(/usr/share/texlive/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
) (/usr/share/texlive/texmf-dist/tex/latex/epstopdf-pkg/epstopdf-base.sty
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg))
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/nameref.sty
(/usr/share/texlive/texmf-dist/tex/latex/refcount/refcount.sty)
(/usr/share/texlive/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty))
ABD: EverySelectfont initializing macros [1{/var/lib/texmf/fonts/map/pdftex/upd
map/pdftex.map} <./hex.png (PNG copy)> <./bdo_managedcyber_logo.png (PNG copy)>
]
Hoofdstuk 1.

Overfull \hbox (5.2875pt too wide) in paragraph at lines 85--91
\OT1/phv/m/n/10.95 In de in-for-ma-tie-be-vei-li-ging wordt ge-werkt met het []
[]Traf-fic Light Pro-to-col (TLP)[][].
(/usr/share/texlive/texmf-dist/tex/latex/psnfss/ts1phv.fd)
Overfull \hbox (0.23932pt too wide) in paragraph at lines 93--98
[][][][][][][]\OT1/phv/m/n/10.95 . Deze in-for-ma-tie heeft de hoog-ste ver-tro
u-we-lijk-heid. Deze

Package fancyhdr Warning: \headheight is too small (12.0pt):
(fancyhdr)                Make it at least 40.7509pt, for example:
(fancyhdr)                \setlength{\headheight}{40.7509pt}.
(fancyhdr)                You might also make \topmargin smaller to compensate:

(fancyhdr)                \addtolength{\topmargin}{-28.7509pt}.


LaTeX Warning: Reference `LastPage' on page 1 undefined on input line 116.

pdfTeX warning (ext4): destination with the same identifier (name{page.1}) has
been already used, duplicate ignored
<to be read again>
                   \relax
l.116 \tableofcontents
                       [1 <./bdo_logo.png>]

Package fancyhdr Warning: \headheight is too small (12.0pt):
(fancyhdr)                Make it at least 40.7509pt, for example:
(fancyhdr)                \setlength{\headheight}{40.7509pt}.
(fancyhdr)                You might also make \topmargin smaller to compensate:

(fancyhdr)                \addtolength{\topmargin}{-28.7509pt}.


LaTeX Warning: Reference `LastPage' on page 2 undefined on input line 118.

[2]
Hoofdstuk 2.

Package fancyhdr Warning: \headheight is too small (12.0pt):
(fancyhdr)                Make it at least 40.7509pt, for example:
(fancyhdr)                \setlength{\headheight}{40.7509pt}.
(fancyhdr)                You might also make \topmargin smaller to compensate:

(fancyhdr)                \addtolength{\topmargin}{-28.7509pt}.


LaTeX Warning: Reference `LastPage' on page 3 undefined on input line 127.

[3]

Package fancyhdr Warning: \headheight is too small (12.0pt):
(fancyhdr)                Make it at least 13.59999pt, for example:
(fancyhdr)                \setlength{\headheight}{13.59999pt}.
(fancyhdr)                You might also make \topmargin smaller to compensate:

(fancyhdr)                \addtolength{\topmargin}{-1.59999pt}.

[4]
Overfull \vbox (1040.4621pt too high) has occurred while \output is active

Package fancyhdr Warning: \headheight is too small (12.0pt):
(fancyhdr)                Make it at least 13.59999pt, for example:
(fancyhdr)                \setlength{\headheight}{13.59999pt}.
(fancyhdr)                You might also make \topmargin smaller to compensate:

(fancyhdr)                \addtolength{\topmargin}{-1.59999pt}.

[5]
Hoofdstuk 3.

Underfull \hbox (badness 10000) in paragraph at lines 379--379
[]|\OT1/phv/m/n/10.95 Informatie laatst

Overfull \hbox (24.0pt too wide) in alignment at lines 363--381
 [] []

Package fancyhdr Warning: \headheight is too small (12.0pt):
(fancyhdr)                Make it at least 40.7509pt, for example:
(fancyhdr)                \setlength{\headheight}{40.7509pt}.
(fancyhdr)                You might also make \topmargin smaller to compensate:

(fancyhdr)                \addtolength{\topmargin}{-28.7509pt}.


LaTeX Warning: Reference `LastPage' on page 6 undefined on input line 390.

[6]
! Missing $ inserted.
<inserted text>
                $
l.403             Beschrijving & The c_
                               rehash script does not properly sanitise shel...

! Missing $ inserted.
<inserted text>
                $
l.404


Overfull \hbox (2063.78499pt too wide) in paragraph at lines 403--404
[]|\OT1/phv/m/n/10.95 The c$[]\OML/cmm/m/it/10.95 ehashscriptdoesnotproperlysan
itiseshellmetacharacterstopreventcommandinjection:Thisscriptisdistributedbysome
operatingsystemsinamannerwhereitisautomaticallyexecuted:Onsuchoperatingsystems;
 anattackercouldexecutearbitrarycommandswiththeprivilegesofthescript:Useofthec[
]ehashscriptisconsideredobsoleteandshouldbereplacedbytheOpenSSLrehashcommandlin
etool:FixedinOpenSSL\OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95
 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 3(\OML/cmm/m/it/10.95 Affected\OT1/cm
r/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1
/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :
\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.9
5 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/
10.95 :\OT1/cmr/m/n/10.95 2)\OML/cmm/m/it/10.95 :FixedinOpenSSL\OT1/cmr/m/n/10.
95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/
10.95 1\OML/cmm/m/it/10.95 o\OT1/cmr/m/n/10.95 (\OML/cmm/m/it/10.95 Affected\OT
1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :
\OT1/cmr/m/n/10.95 1 \OMS/cmsy/m/n/10.95 ^^@

Underfull \hbox (badness 10000) in paragraph at lines 403--404
\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.9
5 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 n\OT1/cmr/m/n/10.95 )\OML/cmm/m/it/1
0.95 :FixedinOpenSSL\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95
 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 2\OML/cmm/m/it/10.95 ze\OT1/cmr/m/n/1
0.95 (\OML/cmm/m/it/10.95 Affected\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1
/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 2 \OMS/cmsy/m/n/10.95 ^
^@

Underfull \hbox (badness 10000) in paragraph at lines 413--413
[]|\OT1/phv/m/n/10.95 Informatie laatst

Overfull \hbox (24.0pt too wide) in alignment at lines 395--415
 [] []
! Missing $ inserted.
<inserted text>
                $
l.420           The c_
              rehash script does not properly sanitise shell metacharacters ...

! Missing $ inserted.
<inserted text>
                $
l.421


Overfull \hbox (1973.78499pt too wide) in paragraph at lines 420--421
\OT1/phv/m/n/10.95 The c$[]\OML/cmm/m/it/10.95 ehashscriptdoesnotproperlysaniti
seshellmetacharacterstopreventcommandinjection:Thisscriptisdistributedbysomeope
ratingsystemsinamannerwhereitisautomaticallyexecuted:Onsuchoperatingsystems; an
attackercouldexecutearbitrarycommandswiththeprivilegesofthescript:Useofthec[]eh
ashscriptisconsideredobsoleteandshouldbereplacedbytheOpenSSLrehashcommandlineto
ol:FixedinOpenSSL\OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\
OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 3(\OML/cmm/m/it/10.95 Affected\OT1/cmr/m
/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cm
r/m/n/10.95 0\OML/cmm/m/it/10.95 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT
1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 ;
 \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.
95 :\OT1/cmr/m/n/10.95 2)\OML/cmm/m/it/10.95 :FixedinOpenSSL\OT1/cmr/m/n/10.95
1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.
95 1\OML/cmm/m/it/10.95 o\OT1/cmr/m/n/10.95 (\OML/cmm/m/it/10.95 Affected\OT1/c
mr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT
1/cmr/m/n/10.95 1 \OMS/cmsy/m/n/10.95 ^^@
! Missing $ inserted.
<inserted text>
                $
l.423           The c_
              rehash script does not properly sanitise shell metacharacters ...

! Missing $ inserted.
<inserted text>
                $
l.424


Overfull \hbox (1973.78499pt too wide) in paragraph at lines 423--424
\OT1/phv/m/n/10.95 The c$[]\OML/cmm/m/it/10.95 ehashscriptdoesnotproperlysaniti
seshellmetacharacterstopreventcommandinjection:Thisscriptisdistributedbysomeope
ratingsystemsinamannerwhereitisautomaticallyexecuted:Onsuchoperatingsystems; an
attackercouldexecutearbitrarycommandswiththeprivilegesofthescript:Useofthec[]eh
ashscriptisconsideredobsoleteandshouldbereplacedbytheOpenSSLrehashcommandlineto
ol:FixedinOpenSSL\OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\
OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 3(\OML/cmm/m/it/10.95 Affected\OT1/cmr/m
/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cm
r/m/n/10.95 0\OML/cmm/m/it/10.95 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT
1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 ;
 \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.
95 :\OT1/cmr/m/n/10.95 2)\OML/cmm/m/it/10.95 :FixedinOpenSSL\OT1/cmr/m/n/10.95
1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.
95 1\OML/cmm/m/it/10.95 o\OT1/cmr/m/n/10.95 (\OML/cmm/m/it/10.95 Affected\OT1/c
mr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT
1/cmr/m/n/10.95 1 \OMS/cmsy/m/n/10.95 ^^@
! Missing $ inserted.
<inserted text>
                $
l.437             Beschrijving & In addition to the c_
                                              rehash shell command injection...

! Missing $ inserted.
<inserted text>
                $
l.438


Overfull \hbox (60.55203pt too wide) in paragraph at lines 437--438
[]|\OT1/phv/m/n/10.95 In ad-di-tion to the c$[]\OML/cmm/m/it/10.95 ehashshellco
mmandinjectionidentifiedinCVE \OMS/cmsy/m/n/10.95 ^^@

Overfull \hbox (565.55783pt too wide) in paragraph at lines 437--438
\OT1/cmr/m/n/10.95 2022 \OMS/cmsy/m/n/10.95 ^^@ \OT1/cmr/m/n/10.95 1292\OML/cmm
/m/it/10.95 ; furthercircumstanceswherethec[]ehashscriptdoesnotproperlysanitise
shellmetacharacterstopreventcommandinjectionwerefoundbycodereview:WhentheCVE \O
MS/cmsy/m/n/10.95 ^^@

Overfull \hbox (2514.72763pt too wide) in paragraph at lines 437--438
\OT1/cmr/m/n/10.95 2022 \OMS/cmsy/m/n/10.95 ^^@ \OT1/cmr/m/n/10.95 1292\OML/cmm
/m/it/10.95 wasfixeditwasnotdiscoveredthatthereareotherplacesinthescriptwhereth
efilenamesofcertificatesbeinghashedwerepossiblypassedtoacommandexecutedthrought
heshell:Thisscriptisdistributedbysomeoperatingsystemsinamannerwhereitisautomati
callyexecuted:Onsuchoperatingsystems; anattackercouldexecutearbitrarycommandswi
ththeprivilegesofthescript:Useofthec[]ehashscriptisconsideredobsoleteandshouldb
ereplacedbytheOpenSSLrehashcommandlinetool:FixedinOpenSSL\OT1/cmr/m/n/10.95 3\O
ML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95
4(\OML/cmm/m/it/10.95 Affected\OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr
/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 ; \OT1
/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\
OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.9
5 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 2\OML/cmm/m/it/1
0.95 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/
it/10.95 :\OT1/cmr/m/n/10.95 3)\OML/cmm/m/it/10.95 :FixedinOpenSSL\OT1/cmr/m/n/
10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m
/n/10.95 1\OML/cmm/m/it/10.95 p\OT1/cmr/m/n/10.95 (\OML/cmm/m/it/10.95 Affected
\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.9
5 :\OT1/cmr/m/n/10.95 1 \OMS/cmsy/m/n/10.95 ^^@

Underfull \hbox (badness 10000) in paragraph at lines 437--438
\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.9
5 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 o\OT1/cmr/m/n/10.95 )\OML/cmm/m/it/1
0.95 :FixedinOpenSSL\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95
 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 2\OML/cmm/m/it/10.95 zf\OT1/cmr/m/n/1
0.95 (\OML/cmm/m/it/10.95 Affected\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1
/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 2 \OMS/cmsy/m/n/10.95 ^
^@

Underfull \hbox (badness 10000) in paragraph at lines 447--447
[]|\OT1/phv/m/n/10.95 Informatie laatst

Overfull \hbox (24.0pt too wide) in alignment at lines 429--449
 [] []

Package fancyhdr Warning: \headheight is too small (12.0pt):
(fancyhdr)                Make it at least 13.59999pt, for example:
(fancyhdr)                \setlength{\headheight}{13.59999pt}.
(fancyhdr)                You might also make \topmargin smaller to compensate:

(fancyhdr)                \addtolength{\topmargin}{-1.59999pt}.

[7]
! Missing $ inserted.
<inserted text>
                $
l.454           In addition to the c_
                             rehash shell command injection identified in CV...

! Missing $ inserted.
<inserted text>
                $
l.455


Overfull \hbox (0.96875pt too wide) in paragraph at lines 454--455
\OT1/phv/m/n/10.95 In ad-di-tion to the c$[]\OML/cmm/m/it/10.95 ehashshellcomma
ndinjectionidentifiedinCVE \OMS/cmsy/m/n/10.95 ^^@ \OT1/cmr/m/n/10.95 2022 \OMS
/cmsy/m/n/10.95 ^^@

Overfull \hbox (445.14111pt too wide) in paragraph at lines 454--455
\OT1/cmr/m/n/10.95 1292\OML/cmm/m/it/10.95 ; furthercircumstanceswherethec[]eha
shscriptdoesnotproperlysanitiseshellmetacharacterstopreventcommandinjectionwere
foundbycodereview:WhentheCVE \OMS/cmsy/m/n/10.95 ^^@

Overfull \hbox (2424.72763pt too wide) in paragraph at lines 454--455
\OT1/cmr/m/n/10.95 2022 \OMS/cmsy/m/n/10.95 ^^@ \OT1/cmr/m/n/10.95 1292\OML/cmm
/m/it/10.95 wasfixeditwasnotdiscoveredthatthereareotherplacesinthescriptwhereth
efilenamesofcertificatesbeinghashedwerepossiblypassedtoacommandexecutedthrought
heshell:Thisscriptisdistributedbysomeoperatingsystemsinamannerwhereitisautomati
callyexecuted:Onsuchoperatingsystems; anattackercouldexecutearbitrarycommandswi
ththeprivilegesofthescript:Useofthec[]ehashscriptisconsideredobsoleteandshouldb
ereplacedbytheOpenSSLrehashcommandlinetool:FixedinOpenSSL\OT1/cmr/m/n/10.95 3\O
ML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95
4(\OML/cmm/m/it/10.95 Affected\OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr
/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 ; \OT1
/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\
OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.9
5 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 2\OML/cmm/m/it/1
0.95 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/
it/10.95 :\OT1/cmr/m/n/10.95 3)\OML/cmm/m/it/10.95 :FixedinOpenSSL\OT1/cmr/m/n/
10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m
/n/10.95 1\OML/cmm/m/it/10.95 p\OT1/cmr/m/n/10.95 (\OML/cmm/m/it/10.95 Affected
\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.9
5 :\OT1/cmr/m/n/10.95 1 \OMS/cmsy/m/n/10.95 ^^@
! Missing $ inserted.
<inserted text>
                $
l.457           In addition to the c_
                             rehash shell command injection identified in CV...

! Missing $ inserted.
<inserted text>
                $
l.458


Overfull \hbox (0.96875pt too wide) in paragraph at lines 457--458
\OT1/phv/m/n/10.95 In ad-di-tion to the c$[]\OML/cmm/m/it/10.95 ehashshellcomma
ndinjectionidentifiedinCVE \OMS/cmsy/m/n/10.95 ^^@ \OT1/cmr/m/n/10.95 2022 \OMS
/cmsy/m/n/10.95 ^^@

Overfull \hbox (445.14111pt too wide) in paragraph at lines 457--458
\OT1/cmr/m/n/10.95 1292\OML/cmm/m/it/10.95 ; furthercircumstanceswherethec[]eha
shscriptdoesnotproperlysanitiseshellmetacharacterstopreventcommandinjectionwere
foundbycodereview:WhentheCVE \OMS/cmsy/m/n/10.95 ^^@

Overfull \hbox (2424.72763pt too wide) in paragraph at lines 457--458
\OT1/cmr/m/n/10.95 2022 \OMS/cmsy/m/n/10.95 ^^@ \OT1/cmr/m/n/10.95 1292\OML/cmm
/m/it/10.95 wasfixeditwasnotdiscoveredthatthereareotherplacesinthescriptwhereth
efilenamesofcertificatesbeinghashedwerepossiblypassedtoacommandexecutedthrought
heshell:Thisscriptisdistributedbysomeoperatingsystemsinamannerwhereitisautomati
callyexecuted:Onsuchoperatingsystems; anattackercouldexecutearbitrarycommandswi
ththeprivilegesofthescript:Useofthec[]ehashscriptisconsideredobsoleteandshouldb
ereplacedbytheOpenSSLrehashcommandlinetool:FixedinOpenSSL\OT1/cmr/m/n/10.95 3\O
ML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95
4(\OML/cmm/m/it/10.95 Affected\OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr
/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 ; \OT1
/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\
OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.9
5 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 2\OML/cmm/m/it/1
0.95 ; \OT1/cmr/m/n/10.95 3\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 0\OML/cmm/m/
it/10.95 :\OT1/cmr/m/n/10.95 3)\OML/cmm/m/it/10.95 :FixedinOpenSSL\OT1/cmr/m/n/
10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m
/n/10.95 1\OML/cmm/m/it/10.95 p\OT1/cmr/m/n/10.95 (\OML/cmm/m/it/10.95 Affected
\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 1\OML/cmm/m/it/10.9
5 :\OT1/cmr/m/n/10.95 1 \OMS/cmsy/m/n/10.95 ^^@
! Missing $ inserted.
<inserted text>
                $
l.469 ...Request Smuggling') vulnerability in mod_
                                                  proxy_ajp of Apache HTTP S...

! Missing $ inserted.
<inserted text>
                $
l.470


Underfull \hbox (badness 10000) in paragraph at lines 469--470
[]|\OT1/phv/m/n/10.95 Inconsistent In-ter-pre-ta-tion of HTTP Re-quests

Underfull \hbox (badness 10000) in paragraph at lines 469--470
\OT1/phv/m/n/10.95 ('HTTP Re-quest Smug-gling') vul-ne-ra-bi-lity in

Overfull \hbox (734.31311pt too wide) in paragraph at lines 469--470
\OT1/phv/m/n/10.95 mod$[]\OML/cmm/m/it/10.95 roxy[]jpofApacheHTTPServerallowsan
attackertosmugglerequeststotheAJPserveritforwardsrequeststo:ThisissueaffectsApa
cheHTTPServerApacheHTTPServer\OT1/cmr/m/n/10.95 2\OML/cmm/m/it/10.95 :\OT1/cmr/
m/n/10.95 4\OML/cmm/m/it/10.95 version\OT1/cmr/m/n/10.95 2\OML/cmm/m/it/10.95 :
\OT1/cmr/m/n/10.95 4\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 54\OML/cmm/m/it/10.
95 andpriorversions:|$

Underfull \hbox (badness 10000) in paragraph at lines 479--479
[]|\OT1/phv/m/n/10.95 Informatie laatst

Overfull \hbox (24.0pt too wide) in alignment at lines 463--481
 [] []

Package fancyhdr Warning: \headheight is too small (12.0pt):
(fancyhdr)                Make it at least 13.59999pt, for example:
(fancyhdr)                \setlength{\headheight}{13.59999pt}.
(fancyhdr)                You might also make \topmargin smaller to compensate:

(fancyhdr)                \addtolength{\topmargin}{-1.59999pt}.

[8]
! Missing $ inserted.
<inserted text>
                $
l.486 ...Request Smuggling') vulnerability in mod_
                                                  proxy_ajp of Apache HTTP S...

! Missing $ inserted.
<inserted text>
                $
l.487


Overfull \hbox (715.16972pt too wide) in paragraph at lines 486--487
\OT1/phv/m/n/10.95 vul-ne-ra-bi-lity in mod$[]\OML/cmm/m/it/10.95 roxy[]jpofApa
cheHTTPServerallowsanattackertosmugglerequeststotheAJPserveritforwardsrequestst
o:ThisissueaffectsApacheHTTPServerApacheHTTPServer\OT1/cmr/m/n/10.95 2\OML/cmm/
m/it/10.95 :\OT1/cmr/m/n/10.95 4\OML/cmm/m/it/10.95 version\OT1/cmr/m/n/10.95 2
\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.95 4\OML/cmm/m/it/10.95 :\OT1/cmr/m/n/10.9
5 54\OML/cmm/m/it/10.95 andpriorversions:$
! Missing $ inserted.
@tobiasBDO tobiasBDO added the bug Something isn't working label Apr 18, 2023
@underdarknl underdarknl added the keiko Issues related to keiko label Apr 18, 2023
@tobiasBDO
Copy link
Contributor Author

Seems like the _ characters get treated as math characters, for example in CVE-2022-1292 the description includes the word c_rehash on which it seems to trip.

@tobiasBDO
Copy link
Contributor Author

tobiasBDO commented Apr 18, 2023
edited
Loading

Seems like the _ characters get treated as math characters, for example in CVE-2022-1292 the description includes the word c_rehash on which it seems to trip.

The _, ^, $ and # characters in the finding descriptions pulled from the CVE database are preventing Keiko from generating a report. I tried a quick and dirty way to replace them with dots in order to do some testing. By adding a couple of replace statements in my template.tex like this I am able to generate the report. Though there are some other issues such as overflowing textboxes.

@@{finding.description|replace("_", "\_")|replace("^","\^")|replace("$","\$")|replace("#","\#")}@@

@praseodym
Copy link
Contributor

Errors for underscore characters were fixed in #678. Do we actually see these other characters in real reports?

@tobiasBDO
Copy link
Contributor Author

Errors for underscore characters were fixed in #678. Do we actually see these other characters in real reports?

They are rare, but I encountered them. In very technical CVE explanations these characters can be common. For example CVE's with regards to certificates and rewrite rules.

These three CVE's were troublemakers in my case:

@praseodym praseodym self-assigned this May 1, 2023
@praseodym praseodym added this to KAT May 2, 2023
@github-project-automation github-project-automation bot moved this to Incoming features / Need assessment in KAT May 2, 2023
@praseodym praseodym moved this from Incoming features / Need assessment to Todo (In this sprint) in KAT May 2, 2023
@praseodym praseodym changed the title Keiko error generating organization report Keiko error generating organization report due to _, ^, $, and # characters May 2, 2023
@praseodym praseodym moved this from Todo (In this sprint) to In Progress in KAT May 2, 2023
@praseodym praseodym mentioned this issue May 2, 2023
Merged
7 tasks
@praseodym praseodym moved this from In Progress to Review in KAT May 2, 2023
@dekkers dekkers moved this from Review to QA review / functional testing in KAT May 5, 2023
@Darwinkel Darwinkel moved this from QA review / functional testing to Ready for merge in KAT May 8, 2023
@github-project-automation github-project-automation bot moved this from Ready for merge to Done in KAT May 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@praseodym praseodym

Labels
bug Something isn't working keiko Issues related to keiko
Projects
KAT
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Keiko: Use XeLaTeX and escape special characters minvws/nl-kat-coordination
3 participants
@praseodym @underdarknl @tobiasBDO