Good day!
Recently, our rapid7.log output has been showing errors upon working with the .CSV files being made by Nexpose's API. We caught this, because our logs were filling with big base64 encoded blurbs on a daily basis (each time the Rapid7 app ran). The logs informed me that nexpose_cim_data_generator.py was having issues decoding the report.csv being made by Nexpose.
Some manual poking using the API shows that the .CSV files were just fine. The Python script however was being thrown off by the fact that there are trailing characters at the bottom of the data that its fed.
The format of the output received from the API is as follows:
--characterstring
xml header
reportadhocgenerate response success
--characterstring
csv header
base64 header
base64 data
--characterstring--
The leading 230 characters (all the char strings and headers) are stripped off correctly, but the trailing characterstring is still being left on. That leads to errors with the base64 decode. In my case, an example of the charstring would be: "--AxB9sl3299asdjvbA--".
On my own host I've kludged nexpose_cim_data_generator.py to now read as follows (near the bottom):
try:
response_data = response_data[230:]
response_data = response_data[:(len(response_data)-22)]
decoded_data = base64.b64decode(response_data)
return decoded_data
except:
...
↧