Bug #12073

Openscap EL6 Version 1.2.6-01 from isimluk Repo throw Error

Added by Christian Ehart over 2 years ago. Updated almost 2 years ago.

Status:ClosedSpent time:-
Priority:Normal
Assigned To:Šimon Lukašík
Category:-
Target version:-
Difficulty: Bugzilla link:
Found in release:1.9.1 Pull request:
Triaged:No
Story points-
Velocity based estimate-

Description

Hi Simon,

It looks like there is a problem with your Openscap EL6 Version 1.2.6-01 on your repo, see below:

CENTOS-6:
https://copr.fedoraproject.org/coprs/isimluk/OpenSCAP/repo/epel-6/isimluk-OpenSCAP-epel-6.repo
=> This installs Version 1.2.6-0.1.el6, but it looks like it has a problem due to the following error:
OpenSCAP Error: Extra content at the end of the document [oscap_source.c:230]
Entity: line 1: parser error : StartTag: invalid element name
Entity: line 1: parser error : Extra content at the end of the document

Workaround:
Version 1.2.5-0.1.el6 from the same Repo works well...

CENTOS-7:
https://copr.fedoraproject.org/coprs/isimluk/OpenSCAP/repo/epel-7/isimluk-OpenSCAP-epel-7.repo
=> This installs Version 1.2.6-1.el7, everything works fine...

History

#1 Updated by Šimon Lukašík over 2 years ago

Hello Christian,

I see the error message. But what was the reproducer?

Thanks!

#2 Updated by Christian Ehart over 2 years ago

Hi Simon,

the error is popping up on the client by running oscap or foreman_scap_client, below some examples:

*Client:*++
CentOS release 6.7 (Final)
Linux test6.cesystems.at 2.6.32-573.3.1.el6.x86_64 #1 SMP Thu Aug 13 22:55:16 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

*Version 1.2.6-0.1.el6*++

[root@test6 yum.repos.d]# rpm -qa | grep openscap
openscap-1.2.6-0.1.el6.x86_64
openscap-scanner-1.2.6-0.1.el6.x86_64
openscap-utils-1.2.6-0.1.el6.x86_64

[root@test6 yum.repos.d]# oscap info /var/lib/openscap/content/242bd9721153604fb704b763b4ac6aa0e24f813b5527c7a4ad323f06166aa0e8.xml
Could not determine document type
OpenSCAP Error: Start tag expected, '<' not found [oscap_source.c:230]
Entity: line 1: parser error : Start tag expected, '<' not found
prise Linux 7</ns3:platform>
^
Unable to parse XML at: '/var/lib/openscap/content/242bd9721153604fb704b763b4ac6aa0e24f813b5527c7a4ad323f06166aa0e8.xml' [oscap_source.c:232]

[root@test6 yum.repos.d]# /usr/bin/foreman_scap_client 1
DEBUG: running: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss --results-arf /tmp/d20151007-1436-2popdy/results.xml /var/lib/openscap/content/242bd9721153604fb704b763b4ac6aa0e24f813b5527c7a4ad323f06166aa0e8.xml
OpenSCAP Error: Start tag expected, '<' not found [oscap_source.c:230]
Entity: line 1: parser error : Start tag expected, '<' not found
prise Linux 7</ns3:platform>
^
Unable to parse XML at: '/var/lib/openscap/content/242bd9721153604fb704b763b4ac6aa0e24f813b5527c7a4ad323f06166aa0e8.xml' [oscap_source.c:232]
Scan failed

*Version 1.2.5-1.el6*++

[root@test6 yum.repos.d]# rpm -qa | grep openscap
openscap-1.2.5-1.el6.x86_64
openscap-utils-1.2.5-1.el6.x86_64
openscap-scanner-1.2.5-1.el6.x86_64

[root@test6 yum.repos.d]# oscap info /var/lib/openscap/content/242bd9721153604fb704b763b4ac6aa0e24f813b5527c7a4ad323f06166aa0e8.xml
Document type: Source Data Stream
Imported: 2015-10-06T21:38:48
Stream: scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml
...

[root@test6 yum.repos.d]# /usr/bin/foreman_scap_client 1
DEBUG: running: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss --results-arf /tmp/d20151007-54545-1pvv0yv/results.xml /var/lib/openscap/content/242bd9721153604fb704b763b4ac6aa0e24f813b5527c7a4ad323f06166aa0e8.xml
DEBUG: running: /usr/bin/bzip2 /tmp/d20151007-54545-1pvv0yv/results.xml
Uploading results to https://katello.cesystems.at:9090/compliance/arf/1

#3 Updated by Šimon Lukašík over 2 years ago

  • Status changed from New to Assigned

Christian, thank you, I can confirm the bug now.

#4 Updated by Šimon Lukašík over 2 years ago

  • Status changed from Assigned to Ready For Testing

This has been fixed in upstream ( https://github.com/OpenSCAP/openscap/commit/b7bf6635189af80b05d3460257e4d92d3a86db7f )

Additionally, we have made a change to a release process (ensure test passes on all jenkins slaves) and we plan to amend our testing infrastructure to avoid similar issues in future (install bzip2-devel on the rhel6 node).

Upstream does not have immediate plan to release 1.2.7 to fix this.

#5 Updated by Marek Hulán over 2 years ago

  • Status changed from Ready For Testing to Closed

Moving to closed as it was merged and the fix should be in 1.2.7 which hopefully will be released soon.

#6 Updated by Kal McFate over 2 years ago

This is still occurring on:

openscap-utils-1.2.7-0.2.el6.x86_64
openscap-1.2.7-0.2.el6.x86_64
openscap-scanner-1.2.7-0.2.el6.x86_64

#7 Updated by Šimon Lukašík about 2 years ago

Kal McFate wrote:

This is still occurring on:

openscap-utils-1.2.7-0.2.el6.x86_64
openscap-1.2.7-0.2.el6.x86_64
openscap-scanner-1.2.7-0.2.el6.x86_64

That is really weird Kal. Does it also occurs with https://copr.fedorainfracloud.org/coprs/isimluk/OpenSCAP/build/154222/ ?

Have you restarted foreman or proxy after applying the update?

Is the error the same?

#8 Updated by Šimon Lukašík about 2 years ago

I cannot confirm there is a bug.

I'have just took rhel6 system. Installed openscap-1.2.8 and all the ruby193 stuff. And then I have run test suite of ruby193-rubygem-openscap. That test suite contains check for this bug (https://github.com/OpenSCAP/ruby-openscap/blob/master/test/ds/arf_test.rb#L76). The test suite has passed.

#9 Updated by Kal McFate almost 2 years ago

Still happening. Scap content is being distributed encoded, not in text format. Completely up to date here and scap content was re-uploaded. Not sure what else to try. This may have originated as a slightly different but. The problem here looks like an encoding issue ( base64?? decode failed... ), not a garbage issue.

This is from foreman-proxy/proxy.log:

D, [2016-06-21T00:08:03.355592 #19090] DEBUG -- : Rack::Handler::WEBrick is invoked.
E, [2016-06-21T00:08:03.773085 #19090] ERROR -- : Error occurred: Start tag expected, '<' not found [oscap_source.c:210]
Entity: line 1: parser error : Start tag expected, '<' not found
x3c6e73303a646174612d73747265616d2d636f6c6c656374696f6e20786d6c6e733a68746d6c3d2
^
Unable to parse XML from user memory buffer [oscap_source.c:212]
Could not create Source DataStream session: File is not Source DataStream. [ds_sds_session.c:60]

D, [2016-06-21T00:08:03.773211 #19090] DEBUG -- : Error occurred: Start tag expected, '<' not found [oscap_source.c:210]
Entity: line 1: parser error : Start tag expected, '<' not found
x3c6e73303a646174612d73747265616d2d636f6c6c656374696f6e20786d6c6e733a68746d6c3d2
^
Unable to parse XML from user memory buffer [oscap_source.c:212]
Could not create Source DataStream session: File is not Source DataStream. [ds_sds_session.c:60]

I, [2016-06-21T00:08:03.773506 #19090] INFO -- : 10.147.0.12 - - [21/Jun/2016 00:08:03] "POST /scap_content/guide/xccdf_org.ssgproject.content_profile_pci-dss HTTP/1.1" 500 381 0.0440

Also available in: Atom PDF