I've a sonarqube MS BUILD scanner that is not able to connect to a sonarqube server:
C:\ws\develop>SonarQube.Scanner.MSBuild.exe begin /k:aaaa /n:bbb /v:4.0.0.13063 /d:sonar.host.url=https://sonarqube.aaa.bbb /d:sonar.login=****** /d:sonar.cs.nunit.reportsPaths=TestResult.xml /d:sonar.cs.dotcover.reportsPaths=dotcover.html
WARNING: ------------------------------------------------------------------------
This executable is deprecated and may be removed in next major version of the SonarScanner for MSBuild. Please use 'SonarScanner.MSBuild.exe' instead.
------------------------------------------------------------------------
SonarScanner for MSBuild 4.4.2
Using the .NET Framework version of the Scanner for MSBuild
Default properties file was found at C:\Tools\SonarQubeScanner\SonarQube.Analysis.xml
Loading analysis properties from C:\Tools\SonarQubeScanner\SonarQube.Analysis.xml
Pre-processing started.
Preparing working directories...
14:40:23.762 Updating build integration targets...
14:40:23.774 Fetching analysis configuration settings...
14:40:23.855 Failed to request and parse 'https://sonarqube.aaa.bbb/api/server/version': The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
14:40:23.856 A server certificate could not be validated. Possible cause: you are using a self-signed SSL certificate but the certificate has not been installed on the client machine. Please make sure that you can access https://sonarqube.aaa.bbb without encountering certificate errors.
14:40:23.857 Pre-processing failed. Exit code: 1
script returned exit code 1
Is there a way to disable this SSL check? The certificate will not be valid(it's valid on our domain, but this agent is not in the domain due to the IT policy)
Related
When I run any maven command with specified http and https proxy address and port as below:
mvn <command> -Dhttps.proxyHost=<MY.PROXY.HOST.ADDRESS> -Dhttps.proxyPort=<MY_PROXY_PORT> -Dhttp.proxyHost...
It's running without any error.
I want to set those configurations as default for my STS network connections and select the manual Active Provider (see attached screenshot for my configurations),
I think it's not related to the STS versions because I faced the same problem with 3.8 and 4.6 version. Anyway, Here is my STS version
Now, when I try the same maven command without proxy and port arguments, the maven command fails due to a network connection error.
[ERROR] unable to read java.net.ConnectException: Connection timed out
I am new in ldap enviromnet and I am trying to set up the apache fortress with symas openldap (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md)
When I set up with ldap, all the integration tests pass succesfully but when I set the ldaps it throws an handshake error.
Does someone now where I have to set all the client and server certificates because setting up as the repository README, it is not possible.
Fixed:
Following the below answer of the creator of that project, I got the proper set up with LDAPS.
Next Problem:
But now I get an error when I run the 3rd step of Apache Fortress Rest Set Up:
mvn clean install -Dload.file=./src/main/resources/FortressRestServerPolicy.xml tomcat:deploy
error output:
[ERROR] Failed to execute goal org.codehaus.mojo:tomcat-maven-plugin:1.0-beta-1:deploy (default-cli) on project fortress-rest: Cannot invoke Tomcat manager: Error writing to server -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.codehaus.mojo:tomcat-maven-plugin:1.0-beta-1:deploy (default-cli) on project fortress-rest: Cannot invoke Tomcat manager
Caused by: org.apache.maven.plugin.MojoExecutionException: Cannot invoke Tomcat manager
Caused by: java.io.IOException: Error writing to server
I set up in tomcat the roles and users manager-gui (which I am able to access through http and https, hostname/manager/html) and manager-script
Changing tomcat maven plugin in pom.xml, I could deploy:
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
but after I get that error...
FAIL - Deployed application at context path [/fortress-rest] but context failed to start
Any ideas what it could be?
Using TLS or LDAPS for the connection to the LDAP server does not require a client-side certificate. You will need to create a server-side cert for the LDAP host, and add that to the OpenLDAP configuration. You also must add that server's CA certificate to the Java truststore on the client-side, i.e. the fortress runtime.
For a tutorial on how to accomplish this, checkout the Apache Fortress Demo. (Note that I am the author of this demo.)
This tutorial's scope goes beyond just creating and using certificates. The specific steps you're going to be interested in are:
http://shawnmckinney.github.io/apache-fortress-demo/apidocs/doc-files/keys.html
http://shawnmckinney.github.io/apache-fortress-demo/apidocs/doc-files/hosts.html
http://shawnmckinney.github.io/apache-fortress-demo/apidocs/doc-files/openldap-ssl.html
http://shawnmckinney.github.io/apache-fortress-demo/apidocs/doc-files/apache-fortress-core-ssl.html
I am currently setting up a build pipeline in Azure DevOps with a self-hosted agent. Everything is working great so far except the SonarQube build steps.
When executing the Prepare SonarQube on my self-hosted agent it fails with the following error:
2018-11-19T14:14:19.1070144Z ##[debug]organization=null
2018-11-19T14:14:19.1087901Z ##[debug]scannerMode=MSBuild
2018-11-19T14:14:19.1093031Z ##[debug]projectKey=online:kiamservices:main
2018-11-19T14:14:19.1095851Z ##[debug]projectName=Online – KIAM Services
2018-11-19T14:14:19.1098962Z ##[debug]projectVersion=1.0
2018-11-19T14:14:19.1104908Z ##[debug][SQ] API GET: '/api/server/version' with query "undefined"
2018-11-19T14:14:19.2819233Z ##[debug][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2832616Z ##[debug]task result: Failed
2018-11-19T14:14:19.2928009Z ##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2943259Z ##[debug]Processed: ##vso[task.issue type=error;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2946004Z ##[debug]Processed: ##vso[task.complete result=Failed;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.3015449Z ##[section]Finishing: Prepare SonarQube
If I run the same setup on a microsoft hosted agent it runs just fine.
It is correct that my organization uses it's own Certificate Authority but the certificates are present on the self hosted agent as far as I know.
Is there a way to tell SonarQube to just ignore certificate errors?
I have looked high and low and have sadly not found any information on this error that was even remotely helpful.
Thank you in advance!
Sonar uses the Java Keystore for its certificate checks. It doesn't look at windows' keystore at all. You'll likely be able to solve this by importing the correct certificates in the JVM's keystore using the keytool utility.
See also:
https://sylvainleroy.com/2018/07/30/sonarqube-scanner-and-invalid-ssl-certificates/
root#kali:~# sqlmap --tor --tor-type=SOCKS5 -u http://www.target.com/abc.php?cat=50
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 14:18:00
[14:18:00] [WARNING] increasing default value for option '--time-sec' to 10 because switch '--tor' was provided
[14:18:00] [INFO] setting Tor SOCKS proxy settings
[14:18:00] [INFO] testing connection to the target URL
[14:18:00] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[14:18:00] [WARNING] please make sure that you have Tor installed and running so you could successfully use switch '--tor' (e.g. 'https://help.ubuntu.com/community/Tor')
[14:18:01] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[14:18:02] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[14:18:03] [CRITICAL] unable to connect to the target URL or proxy
[*] shutting down at 14:18:03
how to fix this ???
You have to install tor apt-get install tor and then run tor in a terminal, after that you can do sqlmap --tor --tor-type socks5 --tor-port=9050 --check-tor -u http://www.target.com/abc.php?cat=50 to execute with tor.
I had a very similar issue the way that I solved it was to use proxychains and edit the proxychains conf file to route requests through tor. It is easy enough to do
I do not have kali open but you can find the file by opening the terminal and typing
locate proxychains.conf
I am trying web-deploy.
Because I wanted to be able to reproduce this, i used a test system
Windows 2008 RC, IIs 7.5 + Deployment package
I configured deployment using
http://learn.iis.net/page.aspx/516/configure-the-web-deployment-handler/
Enabled tracing
http://technet.microsoft.com/en-us/library/ff729439(v=ws.10).aspx
I created a new WCF Service Application, (changed nothing) compiled it and tried to deploy
I get the following response(after a few min)
------ Build started: Project: WcfService1, Configuration: Debug Any CPU ------
WcfService1 -> C:\Development\BrandShield\Services\WcfService1\bin\WcfService1.dll
------ Publish started: Project: WcfService1, Configuration: Debug Any CPU ------
Transformed Web.config using Web.Debug.config into obj\Debug\TransformWebConfig\transformed\Web.config.
Auto ConnectionString Transformed obj\Debug\TransformWebConfig\transformed\Web.config into obj\Debug\CSAutoParameterize\transformed\Web.config.
Copying all files to temporary location below for package/publish:
obj\Debug\Package\PackageTmp.
Start Web Deploy Publish the Application/package to http://dev1:8172/msdeploy.axd/MSDEPLOYAGENTSERVICE ...
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.targets(3847,5): Error : Web deployment task failed.(Could not complete the request to remote agent URL 'http://dev1:8172/msdeploy.axd/MSDEPLOYAGENTSERVICE'.)
This error indicates that you cannot connect to the server. Make sure the service URL is correct, firewall and network settings on this computer and on the server computer are configured properly, and the appropriate services have been started on the server.
Error details:
Could not complete the request to remote agent URL 'http://dev1:8172/msdeploy.axd/MSDEPLOYAGENTSERVICE'.
The underlying connection was closed: An unexpected error occurred on a receive.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
Publish failed to deploy.
========== Build: 1 succeeded or up-to-date, 0 failed, 0 skipped ==========
========== Publish: 0 succeeded, 1 failed, 0 skipped ==========
and no logs (at all) on the dev1 server side.
I have tried many variations, but this is the simplest, easiest thing to reproduce. and it is failing.
any ideas?
I found the issue.
instead of "http://" dev1:8172/msdeploy.axd I used dev1:8172/msdeploy.axd
this is actaully the same as "https://" dev1:8172/msdeploy.axd, which for some reason is where the deployment agent listens.
From here, you will get a new error:
Could not complete the request to remote agent URL 'https://dev1:8172/msdeploy.axd?site=Default web site'.
The underlying connection was closed:
Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.
This is because you don't have a certificate for SSL.
In the publish profile window, You need to check the
"Allow untrusted certificate" checkbox
and the publish should succceed. good luck
by pass the certificate:
Step 1:
System.Net.HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Url);
ServicePointManager.ServerCertificateValidationCallback = AcceptAllCertifications;
step 2:
public Boolean AcceptAllCertifications(Object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true;
}
In my case I had this problem in an Azure DevOps build pipeline and it was a SSL/TLS version mismatch between build agent (on-prem machine) and Azure DevOps. I am not sure why it happened but I followed this guide detailing the use of SCH_USE_STRONG_CRYPTO flag in registry to force the use of "strong cryptography" (TLS 1.2, TLS 1.1, and TLS 1.0).
On the build agent machine I updated the registry with the following keys for .NET Framework 4 (x86/x64):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
What I still do not understand is why I was not using "strong cryptography" from the start and what I actually was using? (SSL v.X? Why?)