OCSInventory-ocsreports icon indicating copy to clipboard operation
OCSInventory-ocsreports copied to clipboard

Published 20 hours ago verified publisher icon OCSInventory-NG

[BUG] No CVE are being added by cron_cve.php

Open alexandremilo opened this issue 4 years ago • 12 comments

OCS Inventory versionVersion : 2.9

Describe the bug I'm running a local instance of cve search and when using the php cron_cve.php command i get the result "0 cve have been added".

To Reproduce Start the local instance of cve search Use the command php cron_cve.php

Expected behavior The cve should have been added to ocs database

Screenshots no result

Here is my ocs config for cve search config

alexandremilo avatar Jun 03 '21 13:06 alexandremilo

Hi @alexandremilo ,

We advise you to configure matching CVE regex with CVE Inventory feature. You can find the documentation here : CVE Matching expressions

This feature makes it possible to better match the names or publishers present in OCS with those of CVE Search.

Best regards, Charlene

charleneauger avatar Jul 20 '21 08:07 charleneauger

While regex pattern matching might be a solution in exceptions, it can't be the generic way to go. I've just set up a cve search server too, and OCSI doesn't even match a single CVE. Meaning that in fact there's no working integration with cvesearch as advertised. If pattern matching is the way to go, can a base file be given to import in OCSI?

liedekef avatar Aug 06 '21 07:08 liedekef

Hello,

same here. Local OCS installation, local cve-search installation. cve-search webserver is running, api is working, but "cron_cve.php" always quits with "0 CVE has been added to database"

ThomboSupergott avatar Aug 31 '21 20:08 ThomboSupergott

hello, check if the software_link table is filled otherwise run this https://ask.ocsinventory-ng.org/13117/ocs-2-9-software-total-display-0-issue and then run cron_cve.php

msx008 avatar Sep 03 '21 11:09 msx008

Hello msx008,

thanky for your answer. it really seems that i have an issue with the software_link table. However, OCS does display software in the web-Gui, but there is an error when running the "cron_all_software.php"

the package 'php-mysql' is installed. OS is debian.

root@ocsserver:/usr/share/ocsinventory-reports/ocsreports/crontab# php cron_all_software.php Please wait, software processing is in progress. It could take a few minutes ... PHP Warning: mysqli_query() expects parameter 1 to be mysqli, string given in /usr/share/ocsinventory-reports/ocsreports/require/function_commun.php on line 104 PHP Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in /usr/share/ocsinventory-reports/ocsreports/require/softwares/AllSoftware.php on line 126 PHP Warning: mysqli_query() expects parameter 1 to be mysqli, string given in /usr/share/ocsinventory-reports/ocsreports/require/function_commun.php on line 104 PHP Warning: mysqli_query() expects parameter 1 to be mysqli, string given in /usr/share/ocsinventory-reports/ocsreports/require/function_commun.php on line 104 PHP Warning: mysqli_query() expects parameter 1 to be mysqli, string given in /usr/share/ocsinventory-reports/ocsreports/require/function_commun.php on line 104 root@ocsserver:/usr/share/ocsinventory-reports/ocsreports/crontab#

Any ideas how to solve this issue ?

ThomboSupergott avatar Sep 03 '21 17:09 ThomboSupergott

mysqli_query() expects parameter 1 to be mysqli

hello no sorry, maybe php version mine = PHP 7.3.29-1~deb10u1

msx008 avatar Sep 06 '21 07:09 msx008

Hello msx008,

thank you for your answer. I have the same php version

PHP 7.3.29-1~deb10u1 (cli)

ThomboSupergott avatar Sep 06 '21 15:09 ThomboSupergott

Hello,

For me even if I have my software_link full of softwares my cron_cve.php don't process anything....

/usr/share/ocsinventory-reports/ocsreports/crontab# php7.3 cron_cve.php Get software publisher ... Software publisher OK ... CVE treatment started ... Please wait, CVE processing is in progress. It could take a few hours 0 CVE has been added to database

Math2222 avatar Dec 27 '21 15:12 Math2222

Hello again, I managed to fix my problem, (VULN_CVE_EXPIRE_TIME with wrong value)

Math2222 avatar Dec 29 '21 10:12 Math2222

Hello,

meanwhile on OCS 2.10.0 and cve-search v4.2.1 but always:

Get software publisher ... Software publisher OK ... CVE treatment started ... Please wait, CVE processing is in progress. It could take a few hours 0 CVE has been added to database

also if I reset the value of VULN_CVE_EXPIRE_TIME to 1 hour it makes times 1 - 5 software provider but also with 0 Result (although there are very well CVE here):

Get software publisher ... Software publisher OK ... CVE treatment started ... Please wait, CVE processing is in progress. It could take a few hours Processing Adobe softwares ... Processing Adobe Systems Incorporated softwares ... Processing Citrix Systems, Inc softwares ... Processing Citrix Systems, Inc. softwares ... Processing Fortinet Technologies Inc softwares ... Processing Mobatek softwares ... Processing SAP softwares ... Processing SAP AG softwares ... Processing SAP SE softwares ... Processing SoftMaker Software GmbH softwares ... Processing VMware, Inc. softwares ... Processing Wondershare softwares ... 0 CVE has been added to database

Currently, the CVE feature is more or less useless. Unfortunately, nowhere is a log written about what the problem actually is.

When i access the CVE server local --> Showing 1 to 50 of 1,247 entries for SAP AG and Showing 1 to 50 of 2,165 entries for SAP SE

Or EXACTLY one software that we use " Citrix Workspace" --> Showing 1 to 50 of 465 entries

means the CVE server works without problems, only OCS can not access it cleanly.

LMS235 avatar Jul 21 '22 08:07 LMS235

@gillesdubois can you please take a look?

LMS235 avatar Jul 21 '22 09:07 LMS235

Ping @gillesdubois @damienbelliard @RudyLaurent @charleneauger

LMS235 avatar Aug 05 '22 06:08 LMS235

Exactly the same problem like Florian LMS235 OCS 2.11.1 CVE-Search 4.2.1dev31 (one online + one offline : disconnected environment) I'll try the fix #1519 now... (@charleneauger).

decoudam2 avatar Jul 31 '23 07:07 decoudam2

After installing version 2.12, the problem remains the same :

Get software publisher ... Software publisher OK ... CVE treatment started ... Please wait, CVE processing is in progress. It could take a few hours Processing Adobe softwares ... Processing Adobe Systems Incorporated softwares ... ... ... Processing Wondershare softwares ... 0 CVE has been added to database

Was the fix integrated in version 2.12 ?

decoudam2 avatar Jul 31 '23 13:07 decoudam2

Unfortunately the 2.12.0 is full of bugs, see my messages. I hope here comes as soon as possible a 2.12.1 to fix all this.

But if you're also already on 2.12.0, can you reproduce this? https://github.com/OCSInventory-NG/OCSInventory-ocsreports/issues/1544

LMS235 avatar Aug 01 '23 06:08 LMS235

Hello !

Yes, I'm already on 2.12.0 since yesterday (but still have 2.11.1 in a snapshot). I'll first try #1519 on 2.12.0 (or 2.11.1) : I need this working.

Then I'll try #1544 and let you know... Cheers, Damien

Le 1 août 2023 à 08:51:37 +02:00, Florian @.***> a écrit :

Unfortunately the 2.12.0 is full of bugs, see my messages. I hope here comes as soon as possible a 2.12.1 to fix all this. But if you're also already on 2.12.0, can you reproduce this? #1544 https://github.com/OCSInventory-NG/OCSInventory-ocsreports/issues/1544

— Reply to this email directly, view it on GitHub https://github.com/OCSInventory-NG/OCSInventory-ocsreports/issues/1195#issuecomment-1659675745, or unsubscribe https://github.com/notifications/unsubscribe-auth/AU7Z6JQAFHVEH5GPEFHDQWLXTCRPTANCNFSM46AZOVEA. You are receiving this because you commented.Message ID: @.***>

decoudam2 avatar Aug 01 '23 07:08 decoudam2