I am trying to install Jackhammer vulnerability tool on my Ubuntu 16.04.3 LTS. More details of the tool can be found here https://github.com/olacabs/jackhammer and the user guide is https://jch.olacabs.com/userguide/
I am running Jackhammer locally using rails method, but i am not able to login using the default credentials i.e.,
Username: jackhammer#olacabs.com
, password: j4ckh4mm3r
I have done the DB installation and configured mysql as shown below.I have also taken care of all the gems and dependencies.
default: &default
adapter: mysql2
encoding: utf8
pool: 25
port: 3306
username: root
password: pass
host: localhost
socket: /var/run/mysqld/mysqld.sock
development:
<<: *default
database: jackhammer_development
test:
<<: *default
database: jackhammer_test
production:
<<: *default
database: jackhammer_production
After doing all the required installation i ran the command
bin/rake db:migrate RAILS_ENV=production
also
bin/rake db:migrate RAILS_ENV=development
separately but still same issue.
I have created databases in mysql as well.
mysql> show databases;
+------------------------+
| Database |
+------------------------+
| information_schema |
| jackhammer_development |
| jackhammer_production |
| jackhammer_test |
| mysql |
| performance_schema |
| sys |
+------------------------+
7 rows in set (0,00 sec)
Then finally this,
rails s
=> Booting Puma
=> Rails 4.2.7.1 application starting in development on http://localhost:3000
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Puma 2.14.0 starting...
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:3000
Now when i enter the default credentials or try to register i am not able to login, below is the development.log result..
I, [2017-11-03T10:45:16.824262 #5598] INFO -- : Started POST "/users/sign_in" for 127.0.0.1 at 2017-11-03 10:45:16 +0100
I, [2017-11-03T10:45:16.831569 #5598] INFO -- : Processing by Devise::SessionsController#create as HTML
I, [2017-11-03T10:45:16.831674 #5598] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"A/7MsxMp6f32zN2sbZKlTSCH23GYoYK+Wci24Lri1/a33EYOVUGYDq14Rkx2cL25iMb/6ff1BJRLKeMycQpe5Q==", "user"=>{"email"=>"jackhammer#olacabs.com", "password"=>"[FILTERED]"}, "commit"=>"LOGIN"}
D, [2017-11-03T10:45:16.835452 #5598] DEBUG -- : [1m[36mUser Load (0.4ms)[0m [1mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'jackhammer#olacabs.com' ORDER BY `users`.`id` ASC LIMIT 1[0m
I, [2017-11-03T10:45:16.835800 #5598] INFO -- : Completed 401 Unauthorized in 4ms (ActiveRecord: 0.9ms)
I, [2017-11-03T10:45:16.836908 #5598] INFO -- : Processing by Devise::SessionsController#new as HTML
I, [2017-11-03T10:45:16.837000 #5598] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"A/7MsxMp6f32zN2sbZKlTSCH23GYoYK+Wci24Lri1/a33EYOVUGYDq14Rkx2cL25iMb/6ff1BJRLKeMycQpe5Q==", "user"=>{"email"=>"jackhammer#olacabs.com", "password"=>"[FILTERED]"}, "commit"=>"LOGIN"}
I, [2017-11-03T10:45:16.980094 #5598] INFO -- : Rendered users/sessions/new.html.erb within layouts/application (1.5ms)
I, [2017-11-03T10:45:17.477418 #5598] INFO -- : Completed 200 OK in 640ms (Views: 500.2ms | ActiveRecord: 0.0ms)
D, [2017-11-03T10:45:55.746744 #5598] DEBUG -- :
D, [2017-11-03T10:45:55.746873 #5598] DEBUG -- :
I, [2017-11-03T10:45:55.747045 #5598] INFO -- : Started GET "/users/sign_up" for 127.0.0.1 at 2017-11-03 10:45:55 +0100
I, [2017-11-03T10:45:55.780581 #5598] INFO -- : Processing by Users::RegistrationsController#new as HTML
D, [2017-11-03T10:45:55.810327 #5598] DEBUG -- : [1m[36mTeam Load (0.4ms)[0m [1mSELECT `teams`.* FROM `teams` ORDER BY `teams`.`name` ASC[0m
I, [2017-11-03T10:45:55.848704 #5598] INFO -- : Rendered users/registrations/new.html.erb within layouts/application (55.1ms)
I, [2017-11-03T10:45:56.328669 #5598] INFO -- : Completed 200 OK in 548ms (Views: 542.3ms | ActiveRecord: 2.4ms)
I am really stuck and don't no how to proceed further. Any kind of help is really appreciated.
Thanks in advance.
What you have done so far is to only create the initial empty database (rake db:migrate).
You also need to run rake db:seed to load the seed data for the database:
https://github.com/olacabs/jackhammer/blob/master/web/app/db/seeds.rb
Related
TL;DR
Why does this mysqldump rake task successfully connect to MySQL and finish executing when I run it directly in the terminal (in both development environment and with RAILS_ENV=test prefix), but not when I run it inside of an RSpec test?
Long Version
I have a Rails app with the following new rake task:
EXCLUDED_TABLES = %w(
google_oauth_tokens
intuit_oauth_tokens
oauth_access_grants
oauth_access_tokens
oauth_applications
oauth_openid_requests
qbwc_sessions
tokens
)
namespace :db do
desc "Export all tables in the DB except for ones we specify into a compressed file that can be pulled down onto a developer's local machine"
task :export_allowed_tables => :environment do
directory = File.join(Rails.root, 'db', 'dump')
FileUtils.mkdir directory unless File.exists?(directory)
db = YAML::load( File.open( File.join(Rails.root, 'config', 'database.yml') ) )[ Rails.env ]
filename_to_use = File.join( directory, "#{Rails.env}_allowlisted_#{DateTime.now.to_s}.sql" )
username_flag = "-u #{ERB.new(db['username']).result}"
password_flag = "-p#{ERB.new(db['password']).result}"
excluded_tables_flag = EXCLUDED_TABLES.map{|table| "--ignore-table=#{ERB.new(db['database']).result}.#{table}"}.join(" ")
database_param = "#{ERB.new(db['database']).result}"
command = "mysqldump -v #{username_flag} #{password_flag} #{excluded_tables_flag} #{database_param} > #{filename} | gzip > #{filename}.gz"
sh command
end
I also have the following test to ensure my rake task works as expected:
require 'spec_helper'
describe 'rake db:export_allowed_tables' do
after do
files = Dir.glob("db/dump/*allowlisted*.sql")
files.each do |file|
expect(File.delete(file)).to eq 1
end
end
it 'exports the expected data' do
test_full_name = 'Foo Bar Baz Test User'
test_user = FactoryBot.create(:user, full_name: test_full_name)
expect(Dir.glob("db/dump/*.sql")).to be_empty
MyApp::Application.load_tasks
Rake::Task['db:export_allowed_tables'].invoke
expect(Dir.glob("db/dump/*.sql")).not_to be_empty
end
end
The task works fine when I run rake db:export_allowed_tables, and it even works fine when I prefix the command with RAILS_ENV=test. My SQL file shows up as expected, with 7000+ lines of code ending in Dump completed on 2020-05-22 8:44:29, and in my terminal the script starts off with:
mysqldump: [Warning] Using a password on the command line interface can be insecure.
-- Connecting to localhost...
-- Retrieving table structure for table access_control_analytics_reports_claims...
-- Sending SELECT query...
-- Retrieving rows...
...
However, when I run my spec file, the script hangs on the following line:
mysqldump: [Warning] Using a password on the command line interface can be insecure.
-- Connecting to localhost...
And while the .sql file is created in the expected folder, it's empty when I open it (which is to be expected if a connection to localhost failed).
I'm also able to open my Rails console in the terminal (again, both with and without the RAILS_ENV=test prefix) and execute the following without any problems connecting to localhost:
MyApp::Application.load_tasks
Rake::Task['db:export_allowed_tables'].invoke
I am able to create that instance of User, so I know the test environment database is up and running. And I'm able to run the rake task even when MySQL is running, so it doesn't seem to be an issue of the MySQL port being in-use when I run the task. What could be causing my test failure?
Here's my database.yml file, for reference:
default: &default
adapter: <%= ENV["MYAPP_DB_ADAPTER"] || "mysql2_annotator" %>
username: <%= ENV["DATABASE_USERNAME"] || ENV["MYSQL_USER"] || ENV['MYAPP_USER'] || [*FILTERED*] %>
password: <%= ENV["DATABASE_PASSWORD"] || ENV["MYSQL_PASSWORD"] || ENV['MYAPP_PASSWORD'] || [*FILTERED*] %>
database: <%= ENV['MYAPP_DB'] || ENV["DATABASE"] || ENV["MYSQL_DATABASE"] || "myapp_dev#{ENV['MYAPP_ENV_NUMBER']}" %>
host: <%= ENV["MYSQL_HOST"] || ENV['DATABASE_HOST'] || 'localhost' %>
port: <%= ENV['MYAPP_DB_PORT'] || ENV['DATABASE_PORT'] || ENV["MYSQL_PORT"] || 3306 %>
encoding: utf8mb4
collation: utf8mb4_unicode_ci
strict: true
reconnect: true
variables:
sql_mode: "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION"
pool: 20
timeout: 20000
checkout_timeout: 20
development:
<<: *default
test:
<<: *default
database: <%= ENV['MYAPP_TEST_DB'] || "myapp_test" %><%= ENV['TEST_ENV_NUMBER'] %>
I am relatively new to Ruby on Rails and I am trying to build a robust system with plenty of wonderful tests. I am currently trying to run a test on my database queries but I am having an error when I run the query.
Disclaimer -> I know that this query is a bit messy, but I am more familiar with SQL queries and this was the best method for me.
def setup
#parts = Part.find_by_sql("SELECT DISTINCT num AS Part_Number,description AS Description, QTYONHAND as On_Hand, QTYONORDER as On_Order,
QTYALLOCATED as Allocated, QTYNOTAVAILABLETOPICK as Not_Avail_Pick FROM (part JOIN qtyinventorytotals ON part.id = qtyinventorytotals.PARTID) WHERE part.id in
(SELECT PARTID FROM qtyinventorytotals);").to_a
end
This is just the setup function for the test case and the error is:
Run options: --seed 34672
# Running:
E
Error:
PartTest#test_parts_pull_from_db:
ActiveRecord::NotNullViolation: Mysql2::Error: Field 'activeFlag' doesn't have a default value: INSERT INTO `part` (`id`) VALUES (980190962)
bin/rails test test/models/part_test.rb:11
Finished in 7.505619s, 0.1332 runs/s, 0.0000 assertions/s.
1 runs, 0 assertions, 0 failures, 1 errors, 0 skips
Here is my database.yml file with the database. I am running a local MySql and querying from the localhost.
# MySQL. Versions 5.1.10 and up are supported.
#
# Install the MySQL driver
# gem install mysql2
#
# Ensure the MySQL gem is defined in your Gemfile
# gem 'mysql2'
#
# And be sure to use new-style password hashing:
# http://dev.mysql.com/doc/refman/5.7/en/old-client.html
#
default: &default
adapter: mysql2
encoding: utf8
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
username: root
password: root
host: localhost
development:
<<: *default
database: xxxxxxxx
# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
test:
<<: *default
database: xxxxxxxx
username: root
password: root
# As with config/secrets.yml, you never want to store sensitive information,
# like your database password, in your source code. If your source code is
# ever seen by anyone, they now have access to your database.
#
# Instead, provide the password as a unix environment variable when you boot
# the app. Read http://guides.rubyonrails.org/configuring.html#configuring-a-database
# for a full rundown on how to provide these environment variables in a
# production deployment.
#
# On Heroku and other platform providers, you may have a full connection URL
# available as an environment variable. For example:
#
# DATABASE_URL="mysql2://myuser:mypass#localhost/somedatabase"
#
# You can use this database configuration with:
#
# production:
# url: <%= ENV['DATABASE_URL'] %>
#
production:
<<: *default
database: xxxxxxxx
username: root
password: root
Again, I am new to Ruby on Rails and all of the wonderful Ruby Magic that happens. I have a feeling that the error is in the database.yml file but I haven't found any resources to steer my in the right direction. Any assistance would be greatly appreciated so that I can really get testing.
Also, I am only reading from this database and there will be no writing, updating or deleting.
EDIT:
Here is the full test class:
require 'test_helper'
class PartTest < ActiveSupport::TestCase
def setup
#parts = Part.find_by_sql("SELECT DISTINCT num AS Part_Number,description AS Description, QTYONHAND as On_Hand, QTYONORDER as On_Order,
QTYALLOCATED as Allocated, QTYNOTAVAILABLETOPICK as Not_Avail_Pick FROM (part JOIN qtyinventorytotals ON part.id = qtyinventorytotals.PARTID) WHERE part.id in
(SELECT PARTID FROM qtyinventorytotals);").to_a
end
# ActiveRecord will return a nil object if there is an error with the DB pull.
test "parts_pull_from_db" do
assert_not #parts.nil?
end
end
New
When I run this query in the console, the result is
Part Load (21549.0ms) SELECT DISTINCT num AS Part_Number,description AS Description, QTYONHAND as On_Hand, QTYONORDER as On_Order,
QTYALLOCATED as Allocated, QTYNOTAVAILABLETOPICK as Not_Avail_Pick FROM (part JOIN qtyinventorytotals ON part.id = qtyinventorytotals.PARTID) WHERE part.id in
(SELECT PARTID FROM qtyinventorytotals);
=> [#<Part id: nil>, #<Part id: nil>, #<Part id: nil>, #<Part id: nil>, #<Part id: nil>, #<Part id: nil>, #<Part id: nil>, #<Part id: nil>, #<Part id: nil>, #<Part id: nil>, #<Part id: nil
>, #<Part id: nil>, #<Part id: nil>, ...]
When I run the rails server, the application successfully pulls the data from the database and renders the data nicely. Why am I getting these results when running from the rails console or the testing environment and not from running the application?
I have a rails application (ruby 2.0.0, Rails 4.0.1) that connects to several MySQL database.
The connection to the local database always work properly, this is my configuration:
production:
adapter: mysql
encoding: utf8
database: xxx
username: yyy
password: zzz
host: x.x.x.x
port: 3306
reconnect: true
But connections to remote databases often return an error, such as connecting to my radius external database returns the following error:
Mysql :: Error:: SELECT 1 AS one FROM WHERE `` radacct` radacct`.`username` =? LIMIT 1
Updating the page several times, the connection is restored and I can see the data properly. This is my configuration:
radius:
port: 3306
adapter: mysql
encoding: utf8
database: xxx
username: yyy
password: zzz
host: x.x.x.x
reconnect: true
connect_timeout: 60
read_timeout: 90
write_timeout: 90
checkout_timeout: 10
reaping_frequency: 30
dead_connection_timeout: 30
I tried to change the configuration of the timers in different ways, but the problem persists.
to connect to the radius server I created the following model common to all:
class RadActiveRecord <ActiveRecord :: Base
self.abstract_class = true
establish_connection "radius"
end
for example for the table radacct use the following model:
class RadAcctDetail <RadActiveRecord
self.table_name = "radacct"
end
the error in question is with any queries, such as:
def index
#rad_acct_details = RadAcctDetail.all.paginate = (
: order => "radacctid DESC"
: page => params [: page] || 1
: per_page => params [: per_page] || 25)
end
Does anyone have any suggestions?
my rails app generates the following server queries
Processing by ResponsesController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"WJBM8CJQaLxkRfC3/cGimaEytM3EvqCWhOmfX1WBRQA=", "response"=>{"q_id"=>"4", "taker_id"=>"10", "value"=>"4", "text"=>"fsfsf"}, "commit"=>"Create Response", "locale"=>"en"}
Question Load (0.1ms) SELECT "questions".* FROM "questions" WHERE "questions"."id" = ? LIMIT 1 [["id", "4"]]
(0.1ms)
begin transaction
SQL (0.4ms) INSERT INTO "responses" ("created_at", "q_id", "taker_id", "text", "updated_at", "value") VALUES (?, ?, ?, ?, ?, ?) [["created_at", Fri, 11 Oct 2013 18:54:10 UTC +00:00], ["q_id", 4], ["taker_id", 10], ["text", "fsfsf"], ["updated_at", Fri, 11 Oct 2013 18:54:10 UTC +00:00], ["value", 4]]
(2.3ms) commit transaction
default_url_options is passed options: {}
However, there is no actual change I can see in my local mysql db (on macos)
mysql> use medisupply
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select * from responses
-> ;
Empty set (0,00 sec)
Any ideas what could be the reason for that? Its driving me insane.
my database.yml config:
development:
adapter: mysql
encoding: utf8
reconnect: false
host: localhost
database: medisupply
pool: 5
username: root
password:
socket: /tmp/mysql.sock
thanks heaps
I have model to store database connection parameters (host, database name, username, password) and filling it by form. Before create or update I need to check if connection be good with entered parameters. I create validate :check_connection validator:
# don`t change primary connection
class Remote < ActiveRecord::Base; end
def check_connection
return if errors.any? || (!new_record? && password.empty?)
begin
Remote.establish_connection(
adapter: 'mysql2',
host: host,
username: username,
password: password,
database: database,
connect_timeout: 5,
reconnect: false
)
# maybe need to make some sql request? did try it
rescue Exception => e
errors.add :connection, 'Could not connect to database'
end
end
When I try enter accessible host (localhost), code like above works good. But if host like 192.168.1.1 (unaccessible) page freezing after submit form. I see attempts to connect every second and it did not stop after ESC (stop loading page) at browser (I see attempts at tcpdump on network interface). And attempts did not stop..
So, how can I validate connection to database? And if connection can not be established page must will not be load long time.
I did use gem 'mysql2' and bundle install 0.3.11 version. This version ignore connect_timeout and bug fixed at newer version. After I try 0.3.12b4 (gem 'mysql2', '~> 0.3.12b4') all works fine.
Variable connect_timeout is a global variable. Therefore, mysql2 maybe ignore it.
on mysql5.6:
mysql[(none)]> set connect_timeout = 123;
ERROR 1229 (HY000): Variable 'connect_timeout' is a GLOBAL variable and should be set with SET GLOBAL
I set timeout variables when initializing mysql2 but it's not reflected. A README of mysql2 says that you can set the *timeout options, but I think the README is outdated or broken.
on mysql2 0.3.14(gem):
client = Mysql2::Client.new(
host: 'localhost',
database: 'test',
username: 'root',
password: '',
connect_timeout: 3,
read_timeout: 3,
write_timeout: 3,
wait_timeout: 3);
client.query('show variables like "%timeout%"').map{|r| [r["Variable_name"], r["Value"]] }
=> [["connect_timeout", "10"],
["delayed_insert_timeout", "300"],
["innodb_lock_wait_timeout", "50"],
["innodb_rollback_on_timeout", "OFF"],
["interactive_timeout", "28800"],
["lock_wait_timeout", "31536000"],
["net_read_timeout", "30"], # Maybe older mysql has read_timeout?
["net_write_timeout", "60"], # Maybe older mysql has write_timeout?
["slave_net_timeout", "3600"],
["wait_timeout", "28800"]]
If you use ActiveRecord, you can set only wait_timeout variable by database.yml.
in database.yml:
development:
adapter: mysql2
encoding: utf8
charset: utf8
database: test
pool: 5
username: root
password:
host: localhost
connect_timeout: 3
read_timeout: 3
write_timeout: 3
wait_timeout: 3
A result of ActiveRecord 4.0.1:
> ActiveRecord::Base.connection.execute('show variables like "%timeout%"').to_a
=> [["connect_timeout", "10"],
["delayed_insert_timeout", "300"],
["innodb_flush_log_at_timeout", "1"],
["innodb_lock_wait_timeout", "50"],
["innodb_rollback_on_timeout", "OFF"],
["interactive_timeout", "28800"],
["lock_wait_timeout", "31536000"],
["net_read_timeout", "30"],
["net_write_timeout", "60"],
["rpl_stop_slave_timeout", "31536000"],
["slave_net_timeout", "3600"],
["wait_timeout", "3"]]
ActiveRecord set wait_timeout variable in abstract_mysql_adapter.rb.
see:
abstract_mysql_adapter.rb
https://github.com/rails/rails/blob/master/activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
mysql2_adapter.rb
https://github.com/rails/rails/blob/master/activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb