Description of problem: listing openscap results for a system causes ISE for some reason Version-Release number of selected component (if applicable): Client: spacewalk-oscap-2.8.5-4.el8+1554+5bb5792d.noarch Satellite: satellite-schema-5.8.0.48-1.el6sat.noarch spacewalk-java-2.5.14-126.el6sat.noarch How reproducible: always Steps to Reproduce: 1. Have a client and enable all remote action on it: # rhn-actions-control --enable-all 2. Install client OpenSCAP tools on it: # rpm -q spacewalk-oscap 3. Get yourself some rules definitions: https://nvd.nist.gov/ncp/checklist/811 -> scap-security-guide-0.1.41-oval-510-nist.zip -> ssg-rhel7-ds.xml 4. Schedule run once: Systems -> <system> -> Audit -> Schedule Path to XCCDF document *: /root/ssg-rhel7-ds.xml On the client, run `rhn_check` if you do not have OSAD 5. Result appears on webUI: Systems -> <system> -> Audit 6. Schedule another run, same as in step "4." 7. Check results list in webUI again: Systems -> <system> -> Audit Actual results: Internal server error when listing OpenSCAP scan results Expected results: Should work Additional info: ==> /var/log/tomcat6/catalina.out <== 2018-11-06 12:09:29,023 [TP-Processor7] ERROR com.redhat.rhn.frontend.servlets.SessionFilter - Error during transaction. Rolling back javax.el.ELException: Error reading 'diffIcon' on type com.redhat.rhn.frontend.dto.XccdfTestResultDto at javax.el.BeanELResolver.getValue(BeanELResolver.java:66) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:54) at org.apache.el.parser.AstValue.getValue(AstValue.java:118) at org.apache.el.parser.AstEqual.getValue(AstEqual.java:37) at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:913) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_c_005fwhen_005f6(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_c_005fchoose_005f5(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_c_005fwhen_005f5(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_c_005fchoose_005f4(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_rl_005fcolumn_005f1(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_rl_005flist_005f0(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_rl_005flistset_005f0(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspService(Unknown Source) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302) at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1083) at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:396) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:232) at com.redhat.rhn.frontend.struts.RhnRequestProcessor.process(RhnRequestProcessor.java:105) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.AuthFilter.doFilter(AuthFilter.java:127) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.LocalizedEnvironmentFilter.doFilter(LocalizedEnvironmentFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.EnvironmentFilter.doFilter(EnvironmentFilter.java:101) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.SessionFilter.doFilter(SessionFilter.java:57) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:97) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:299) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:811) Caused by: java.lang.IllegalArgumentException: Multiple rules with idref=xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_... at com.redhat.rhn.manager.audit.scap.RuleResultDiffer.addFirstList(RuleResultDiffer.java:47) at com.redhat.rhn.manager.audit.scap.RuleResultDiffer.<init>(RuleResultDiffer.java:39) at com.redhat.rhn.frontend.dto.XccdfTestResultDto.getDiffIcon(XccdfTestResultDto.java:181) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:508) at javax.el.BeanELResolver.getValue(BeanELResolver.java:62) ... 63 more ==> /var/log/httpd/ssl_access_log <== 192.168.122.1 - - [06/Nov/2018:12:09:28 +0100] "GET /rhn/systems/details/audit/ListScap.do?sid=1000010803& HTTP/1.1" 500 9566 192.168.122.1 - - [06/Nov/2018:12:09:29 +0100] "GET /redhat_access/config/general HTTP/1.1" 200 30 ==> /var/log/httpd/ssl_request_log <== [06/Nov/2018:12:09:28 +0100] 192.168.122.1 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /rhn/systems/details/audit/ListScap.do?sid=1000010803& HTTP/1.1" 9566 [06/Nov/2018:12:09:29 +0100] 192.168.122.1 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /redhat_access/config/general HTTP/1.1" 30
I have this issue as well, but it appears to work fine if there is only 1 result. The 2nd time a client uploads a scan result is when it starts failing for me.
The issue was caused by truncating rule identifiers which broke uniqueness. Fixed in upstream spacewalk git by commit 05553d6aabfac886f8d375a9717392015d207e8d 1646942 - openscap rule identifiers can exceed 100 chars
Backported to SATELLITE-5.8 as commit bddd518a20f5a5fbcacaba9bf274a3b8bd55b97a 1646942 - added satellite-schema upgrade scripts commit 0544c6a66d9a8ff9b9fb8ea7bc0e43f4ebf4e9a9 1646942 - openscap rule identifiers can exceed 100 chars
Reproduced with spacewalk-backend-2.5.3-172-sat, spacewalk-schema-2.5.1-61 and satellite-schema-5.8.0.48-1 using the reproducer from the initial report. Updated to spacewalk-backend-2.5.3-173, spacewalk-schema-2.5.1-62.el6sat.noarch and satellite-schema-5.8.0.49-1. New multiple OSCAP scans now work and can be listed. Problem is with scans performed BEFORE the update. When trying to access list of scans in System->Audit->List Scans, I still get ISE with those, and following message in the catalina.out: 2019-03-01 09:29:10,384 [TP-Processor7] ERROR com.redhat.rhn.frontend.servlets.SessionFilter - Error during transaction. Rolling back javax.el.ELException: Error reading 'diffIcon' on type com.redhat.rhn.frontend.dto.XccdfTestResultDto at javax.el.BeanELResolver.getValue(BeanELResolver.java:66) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:54) at org.apache.el.parser.AstValue.getValue(AstValue.java:118) at org.apache.el.parser.AstEqual.getValue(AstEqual.java:37) at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:913) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_c_005fwhen_005f6(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_c_005fchoose_005f5(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_c_005fwhen_005f5(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_c_005fchoose_005f4(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_rl_005fcolumn_005f1(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_rl_005flist_005f0(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspx_meth_rl_005flistset_005f0(Unknown Source) at org.apache.jsp.WEB_002dINF.pages.systems.details.audit.listscap_jsp._jspService(Unknown Source) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302) at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1083) at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:396) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:232) at com.redhat.rhn.frontend.struts.RhnRequestProcessor.process(RhnRequestProcessor.java:105) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.AuthFilter.doFilter(AuthFilter.java:127) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.LocalizedEnvironmentFilter.doFilter(LocalizedEnvironmentFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.EnvironmentFilter.doFilter(EnvironmentFilter.java:101) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.SessionFilter.doFilter(SessionFilter.java:57) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:97) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:299) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:812) Caused by: java.lang.IllegalArgumentException: Multiple rules with idref=xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_... at com.redhat.rhn.manager.audit.scap.RuleResultDiffer.addFirstList(RuleResultDiffer.java:47) at com.redhat.rhn.manager.audit.scap.RuleResultDiffer.<init>(RuleResultDiffer.java:39) at com.redhat.rhn.frontend.dto.XccdfTestResultDto.getDiffIcon(XccdfTestResultDto.java:181) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:508) at javax.el.BeanELResolver.getValue(BeanELResolver.java:62) ... 63 more Michal, can we do something to fix list of scans performed before the fix was applied?
We have talked about the issue with mmraka offline. There will be some work required to resolve the issue with old scan data with truncated IDs. Failing the BZ for now.
Data upgrade in upstream spacewalk git commit 487a450cfd55f60d1adc3e56afdfddb4de0f64d9 1646942 - update existing data
Backported to SATELLITE-5.8 as commit 35e1f3b40a670de70e040adb1785d25baca5a9b1 1646942 - updated satellite schema scripts commit 69bdcb698d971ebfca4a236d1e149490407d6f58 1646942 - update existing data
Reproduced on spacewalk-backend-2.5.3-172, satellite-schema-5.8.0.48-1 and spacewalk-schema-2.5.1-61 using the reproducer from the initial report. Verified on spacewalk-backend-2.5.3-173, satellite-schema-5.8.0.50-1 and spacewalk-schema-2.5.1-63. I was able to successfully schedule and perform multiple OpenSCAP scans, and later display a list of these scan for separate systems.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0609
*** Bug 1750537 has been marked as a duplicate of this bug. ***