... | ... | @@ -104,14 +104,17 @@ Currently there is no recommendet setting on how to place the app behind (anothe |
|
|
|
|
|
### ignore_pluginoutput is being lost
|
|
|
|
|
|
Fixed in [release-2022-10-17](https://gitlab.fi.muni.cz/cybersec/tns/pwndocimportautomator/-/releases/release-2022-10-17).
|
|
|
|
|
|
### Uploads of big audits can fail inside `pwndoc-backend`
|
|
|
|
|
|
Currently PwnDoc doesn't expect big audits. Some actions can silently - in API it looks like:
|
|
|
PwnDoc doesn't support extremly big audits. Some actions can silently - in API it looks like:
|
|
|
|
|
|
- `http.client.RemoteDisconnected: Remote end closed connection without response`
|
|
|
- `urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))`
|
|
|
|
|
|
There is a [supposedly solved issue](https://github.com/pwndoc/pwndoc/issues/222) on the main repo, though I can't find the actual fix. I've done [partialy fix](https://github.com/BorysekOndrej/pwndoc/commit/b0b5d4d8eb63743b027a31cdf8a0be6fc0c681e0), though this is only for Finding creation, I haven't done the rest.
|
|
|
There were some [attemps](https://github.com/pwndoc/pwndoc/issues/222) to fix it upstream, . I've done [partial workaround](https://github.com/BorysekOndrej/pwndoc/commit/a4f356480c01584c2676c218a18048c5270e75ac) inside PwnDoc itself and bigger workaround in the Importer. Bellow you can find some limits listed.
|
|
|
|
|
|
|
|
|
<details>
|
|
|
<summary>PwnDoc Backend error log</summary>
|
... | ... | @@ -146,6 +149,24 @@ MongoError: Sort exceeded memory limit of 104857600 bytes, but did not opt in to |
|
|
|
|
|
</details>
|
|
|
|
|
|
|
|
|
#### Single finding can't be more than 10 MB
|
|
|
|
|
|
Nginx in Pwndoc-Frontend has a limit for max upload size set to 10 MB in `pwndoc/frontend/.docker/nginx.conf`. Upload of findings which have bigger size will be skipped with a error message detailing that it's due to the size.
|
|
|
|
|
|
#### Audit content can't be more than 16 MB
|
|
|
|
|
|
Mongo has an internal limit on the size of single document. The following message in `pwndoc-logs/pwndoc.json` means the limit got breached, most likely during upsert of findings.
|
|
|
|
|
|
```log
|
|
|
RangeError [ERR_OUT_OF_RANGE]: The value of "offset" is out of range. It must be >= 0 && <= 17825792. Received 17825795
|
|
|
```
|
|
|
|
|
|
Technically this is true for every model inside folder `pwndoc/backend/src/models`, however it's likely Audit is going to be the only problematic one.
|
|
|
|
|
|
Images are not stored inside audit itself, they have their own document each and are only referenced (I.e. audit can contain arbitrary amount of images, each can be at most 16 MB).
|
|
|
|
|
|
|
|
|
### PwnDoc parsing problems
|
|
|
|
|
|
PwnDoc supports only subset of HTML. Importer does preprocessing to transform the HTML, but clearly there are more problems. I don't have reproducers for the following problems, that TNS encountered in their testing.
|
... | ... | @@ -170,20 +191,4 @@ For regular tasks, everything takes at most couple seconds. There are two except |
|
|
- report generation (can take up-to couple minutes)
|
|
|
- findings import (takes up-to couple minutes, but can be slightly slowed down to allow for concurent operations)
|
|
|
|
|
|
### Single finding can't be more than 10 MB
|
|
|
|
|
|
Nginx in Pwndoc-Frontend has a limit for max upload size set to 10 MB in `pwndoc/frontend/.docker/nginx.conf`. Upload of findings which have bigger size will be skipped with a error message detailing that it's due to the size.
|
|
|
|
|
|
### Audit content can't be more than 16 MB
|
|
|
|
|
|
Mongo has an internal limit on the size of single document. The following message in `pwndoc-logs/pwndoc.json` means the limit got breached, most likely during upsert of findings.
|
|
|
|
|
|
```log
|
|
|
RangeError [ERR_OUT_OF_RANGE]: The value of "offset" is out of range. It must be >= 0 && <= 17825792. Received 17825795
|
|
|
```
|
|
|
|
|
|
Technically this is true for every model inside folder `pwndoc/backend/src/models`, however it's likely Audit is going to be the only problematic one.
|
|
|
|
|
|
Images are not stored inside audit itself, they have their own document each and are only referenced (I.e. audit can contain arbitrary amount of images, each can be at most 16 MB).
|
|
|
|
|
|
|