Appscan hangs when it attampts to start scan from Load(....) method in the plugin
156 views
Skip to first unread message
Dibyajyoti Ghosh
May 14, 2008, 12:37:11 AM5/14/08
to axf-general...@googlegroups.com
Hi everybody,
First of all many thanks Guypo for his valuable suggestion about accessing the scan feature of Appscan.
This time i'm facing a different challenge :
what i'm trying to do is listed below:
1. Appscan is started.
2. It loads the plugin lets say "MyPlugin"
3. In MyPlugin Load(IAppScan appscan, IAppScanGui appScanGui, string extensionDir)
{
StartScan(appscan); // this function starts a scan by setting scan configurations as in PrivilegeEscalationRunnerExtension
// the point is In PrivEsExtension it loaded configurations from a template
// in MyPlugin i'm setting only the StartingUrl,ServerDetection,PathLimit,LinkLimit,DepthLimit,ScanPolicy(BFS)
// JavaScript,UseAdaptiveTesting,SendTestsOnLoginAndLogoutPages,MultiPhaseLimit.Enabled
}
Now the questions are :
A. For appscan to start scan from MyPlugin do we need to specify all other config data to the scan object?
B. Will invoking the StartScan in Load () using threads help?
C. Is this due to a deadlock condition where Appscan is waiting for Load() to return and Load is waiting for Appscan to StartScan?
D. If it can't be done from Load() is there any other point from which Scan can be initiated?
Please help me out in this. This issue keeps on lingering for quite some time now.
Thanks for all your support so far.
Cheers
dibyajyoti ghosh
First of all many thanks Guypo for his valuable suggestion about accessing the scan feature of Appscan.
This time i'm facing a different challenge :
what i'm trying to do is listed below:
1. Appscan is started.
2. It loads the plugin lets say "MyPlugin"
3. In MyPlugin Load(IAppScan appscan, IAppScanGui appScanGui, string extensionDir)
{
StartScan(appscan); // this function starts a scan by setting scan configurations as in PrivilegeEscalationRunnerExtension
// the point is In PrivEsExtension it loaded configurations from a template
// in MyPlugin i'm setting only the StartingUrl,ServerDetection,PathLimit,LinkLimit,DepthLimit,ScanPolicy(BFS)
// JavaScript,UseAdaptiveTesting,SendTestsOnLoginAndLogoutPages,MultiPhaseLimit.Enabled
}
Now the questions are :
A. For appscan to start scan from MyPlugin do we need to specify all other config data to the scan object?
B. Will invoking the StartScan in Load () using threads help?
C. Is this due to a deadlock condition where Appscan is waiting for Load() to return and Load is waiting for Appscan to StartScan?
D. If it can't be done from Load() is there any other point from which Scan can be initiated?
Please help me out in this. This issue keeps on lingering for quite some time now.
Thanks for all your support so far.
Cheers
dibyajyoti ghosh
Guy Podjarny
May 15, 2008, 3:33:48 AM5/15/08
to axf-general...@googlegroups.com
Hi dibyajyoti,
What are you trying to achieve with the execution of the scan? Is the goal to run the scan automatically when AppScan loads?
It looks like this is what the code above is trying to do, and I think there are some logical and could be some deadlock or timing problems with it.
I would like to suggest several alternatives, depending on what you're looking to achieve:
- If the goal is to perform a scan automatically, it might prove easier to use the AppScanCMD.exe binary, which is installed with AppScan. This utility uses the SDK itself, and allows you to perform a scan based on a scan file holding the starting situation - including the configuration. It is documented under CLI in the user guide.
- If the goal is primarily to use a set of configuration items instead of those AppScan default's to, the most simple solution would probably be using a scan template. To do this, you can make any changes you'd like through the AppScan configuration screen, and use the "Export as template" button-link on the bottom left to save it as a scan template. When performing the next scan, you can choose to use this template.
This is also relevant to question (A) - the default values AppScan uses depend on the scan template used to start the scan from, and there's no need to re-set them, unless you want to change them programatically.
- If you want to perform a scan with specific actions and settings easily, you can add a toolbar icon or a menu item in the Tools menu, and have that button/menu-item invoke the scan as you did in the method above. This means the user will load AppScan and click the button when he desires, running the scan and anything else you'd like to scan.
Adding a menu item or toolbar icon are done through the appScanGui object the Load method gets - you can see various examples to adding a menu-item in the extensions on AXF (including PrivilegeEscalationRunner).
If none of these solution address your needs, I would be interested in hearing the full use-case to be able to offer what I see as the best solutions for it. There are ways to make a scan run as soon as the engine loads, but they each have their pros and cons, so I prefer not to offer a solution without first considering those above.
Cheers,
Guypo
What are you trying to achieve with the execution of the scan? Is the goal to run the scan automatically when AppScan loads?
It looks like this is what the code above is trying to do, and I think there are some logical and could be some deadlock or timing problems with it.
I would like to suggest several alternatives, depending on what you're looking to achieve:
- If the goal is to perform a scan automatically, it might prove easier to use the AppScanCMD.exe binary, which is installed with AppScan. This utility uses the SDK itself, and allows you to perform a scan based on a scan file holding the starting situation - including the configuration. It is documented under CLI in the user guide.
- If the goal is primarily to use a set of configuration items instead of those AppScan default's to, the most simple solution would probably be using a scan template. To do this, you can make any changes you'd like through the AppScan configuration screen, and use the "Export as template" button-link on the bottom left to save it as a scan template. When performing the next scan, you can choose to use this template.
This is also relevant to question (A) - the default values AppScan uses depend on the scan template used to start the scan from, and there's no need to re-set them, unless you want to change them programatically.
- If you want to perform a scan with specific actions and settings easily, you can add a toolbar icon or a menu item in the Tools menu, and have that button/menu-item invoke the scan as you did in the method above. This means the user will load AppScan and click the button when he desires, running the scan and anything else you'd like to scan.
Adding a menu item or toolbar icon are done through the appScanGui object the Load method gets - you can see various examples to adding a menu-item in the extensions on AXF (including PrivilegeEscalationRunner).
If none of these solution address your needs, I would be interested in hearing the full use-case to be able to offer what I see as the best solutions for it. There are ways to make a scan run as soon as the engine loads, but they each have their pros and cons, so I prefer not to offer a solution without first considering those above.
Cheers,
Guypo
Ian
Jun 2, 2008, 7:49:07 PM6/2/08
to AXF - General Discussion
I think I may be running into the same problem as Dibyajyoti- AppScan
hangs when I call Scan().
Currently, I'm putting together an extension that automates the
following steps:
1. Create a new scan from a scan template
2. Call an external script to generate an EXD file
3. Import that EXD file into the current scan
4. Continue a full scan
5. Automatically handle any error conditions, i.e. server goes down
temporarily
6. Save the scan and report via email when a scan finishes or cannot
automatically recover
The problem that I'm having is between steps 3 and 4, where I
initially tried something like the following:
using (StreamReader sr = new StreamReader("SomeFileName.exd"))
{
_appScan.Scan.RequestRecorder.ImportRecordedRequests(sr.BaseStream);
_appScan.Scan.RequestRecorder.Analyse();
}
ScanOperationResult scanResult = _appScan.Scan.Scan(true, true);
This didn't work because the call to Analyse() appears to be
asynchronous, and if you try to call Scan() before Analyse() finishes
analyzing the recorded requests, it will throw an error.
So I did something very similar, except instead of calling Scan()
directly after Analyse(), I registered an event handler that would
call Scan() when the scan state returned to idle after the call to
Analyse(). In this case, the call to Scan() appears to work (Scan
State => Exploring), but it never makes any progress, and you can't
stop/pause the scan except by forcefully ending the appscan process
(Complains that "AppScan is busy and cannot close").
Any ideas why this all might be happening? What I really wish I could
do is something like the following:
public void ScanButton_Click()
{
//Generate EXD File
//Import EXD File, call Analyse()
while((result = _appScan.Scan.Scan(true, true)) !=
ScanOperationResult.Succeeded)
{
//Handle any abnormal scan results
}
//Do scan post-processing
}
But I can't see a way to make it work this way.
Anyone have any thoughts or ideas? I very much appreciate it :)
On a somewhat-related note:
One other thing that confuses me is that under certain circumstances
Analyse() appears to start a scan automatically after it's done. For
example, in PyScan with a default template:
>>> appScan.Scan.RequestRecorder.Start() # Scan State => RecordingRequests
>>> appScan.Scan.RequestRecorder.Analyse() # Scan State => Exploring => Idle => ScanExpert
And stays in the ScanExpert state until otherwise instructed. Why does
Analyse() automatically start the ScanExpert? Am I not understanding
what the Analyse() method does, or does it implicitly begin a scan
after it's done Analyzing?
Thanks Again!
--Ian
> On Wed, May 14, 2008 at 7:37 AM, Dibyajyoti Ghosh <dibyajyotigh...@gmail.com>
hangs when I call Scan().
Currently, I'm putting together an extension that automates the
following steps:
1. Create a new scan from a scan template
2. Call an external script to generate an EXD file
3. Import that EXD file into the current scan
4. Continue a full scan
5. Automatically handle any error conditions, i.e. server goes down
temporarily
6. Save the scan and report via email when a scan finishes or cannot
automatically recover
The problem that I'm having is between steps 3 and 4, where I
initially tried something like the following:
using (StreamReader sr = new StreamReader("SomeFileName.exd"))
{
_appScan.Scan.RequestRecorder.ImportRecordedRequests(sr.BaseStream);
_appScan.Scan.RequestRecorder.Analyse();
}
ScanOperationResult scanResult = _appScan.Scan.Scan(true, true);
This didn't work because the call to Analyse() appears to be
asynchronous, and if you try to call Scan() before Analyse() finishes
analyzing the recorded requests, it will throw an error.
So I did something very similar, except instead of calling Scan()
directly after Analyse(), I registered an event handler that would
call Scan() when the scan state returned to idle after the call to
Analyse(). In this case, the call to Scan() appears to work (Scan
State => Exploring), but it never makes any progress, and you can't
stop/pause the scan except by forcefully ending the appscan process
(Complains that "AppScan is busy and cannot close").
Any ideas why this all might be happening? What I really wish I could
do is something like the following:
public void ScanButton_Click()
{
//Generate EXD File
//Import EXD File, call Analyse()
while((result = _appScan.Scan.Scan(true, true)) !=
ScanOperationResult.Succeeded)
{
//Handle any abnormal scan results
}
//Do scan post-processing
}
But I can't see a way to make it work this way.
Anyone have any thoughts or ideas? I very much appreciate it :)
On a somewhat-related note:
One other thing that confuses me is that under certain circumstances
Analyse() appears to start a scan automatically after it's done. For
example, in PyScan with a default template:
>>> appScan.Scan.RequestRecorder.Start() # Scan State => RecordingRequests
>>> appScan.Scan.RequestRecorder.Analyse() # Scan State => Exploring => Idle => ScanExpert
And stays in the ScanExpert state until otherwise instructed. Why does
Analyse() automatically start the ScanExpert? Am I not understanding
what the Analyse() method does, or does it implicitly begin a scan
after it's done Analyzing?
Thanks Again!
--Ian
Ian
Jun 4, 2008, 2:02:55 PM6/4/08
to AXF - General Discussion
Update:
After a day or so of fooling around with this, I found out that in
order to work properly, Scan() needs to be called in its own thread.
i.e. if you try to call Scan() directly from the appscan UI, an event
handler, or as in Dibyajyoti's case, the Load() method, it will hang.
This also seems to apply to the SaveScanData() method- If you try to
call SaveScanData() directly from a UI element or an event handler,
appscan will hang when saving the scan.
Hope this is helpful :)
--Ian
After a day or so of fooling around with this, I found out that in
order to work properly, Scan() needs to be called in its own thread.
i.e. if you try to call Scan() directly from the appscan UI, an event
handler, or as in Dibyajyoti's case, the Load() method, it will hang.
This also seems to apply to the SaveScanData() method- If you try to
call SaveScanData() directly from a UI element or an event handler,
appscan will hang when saving the scan.
Hope this is helpful :)
--Ian
Guy Podjarny
Jun 8, 2008, 6:41:03 PM6/8/08
to axf-general...@googlegroups.com
Hi Ian,
I'm happy to hear you found a way to make it work. There are various .NET constraints we need to work with, so starting your extension's thread on a separate thread is usually a good idea, as it keeps the main GUI thread to its own rendering and such. You'll find that most extensions in the AXF portal do that, and also set that thread to be in COM's Single-Thread Appartment (STA), using which is required to invoke some AppScan actions too.
This can be done using the following lines:
Thread t = new Thread(new ThreadStart(StartNewStaThread));
t.SetApartmentState(ApartmentState.STA);
t.Start();
I wasn't sure if you also resolved your initial problem of waiting for the Analyse() method, so I did some quick experimenting and found out that this code worked for me:
private static object _analysisHandle = new object();
void Scan_ScanEnded(object sender, Watchfire.AppScan.Scan.Events.ScanEndedEventArgs e)
{
lock (_analysisHandle)
{
Monitor.Pulse(_analysisHandle);
}
}
public void MainAction()
{
IAppScan appScan = AppScanFactory.CreateInstance();
FileStream fs = new FileStream(@"C:\temp\a.exd", FileMode.Open);
lock (_analysisHandle)
{
bool conflicts = appScan.Scan.RequestRecorder.ImportRecordedRequests(fs);
appScan.Scan.ScanEnded += new EventHandler<Watchfire.AppScan.Scan.Events.ScanEndedEventArgs>(Scan_ScanEnded);
appScan.Scan.RequestRecorder.Analyse();
Monitor.Wait(_analysisHandle);
}
ScanOperationResult res = appScan.Scan.Scan(false, true);
}
You can use the same technique to streamline other asynchronous events.
Cheers,
Guypo
I'm happy to hear you found a way to make it work. There are various .NET constraints we need to work with, so starting your extension's thread on a separate thread is usually a good idea, as it keeps the main GUI thread to its own rendering and such. You'll find that most extensions in the AXF portal do that, and also set that thread to be in COM's Single-Thread Appartment (STA), using which is required to invoke some AppScan actions too.
This can be done using the following lines:
Thread t = new Thread(new ThreadStart(StartNewStaThread));
t.SetApartmentState(ApartmentState.STA);
t.Start();
I wasn't sure if you also resolved your initial problem of waiting for the Analyse() method, so I did some quick experimenting and found out that this code worked for me:
private static object _analysisHandle = new object();
void Scan_ScanEnded(object sender, Watchfire.AppScan.Scan.Events.ScanEndedEventArgs e)
{
lock (_analysisHandle)
{
Monitor.Pulse(_analysisHandle);
}
}
public void MainAction()
{
IAppScan appScan = AppScanFactory.CreateInstance();
FileStream fs = new FileStream(@"C:\temp\a.exd", FileMode.Open);
lock (_analysisHandle)
{
bool conflicts = appScan.Scan.RequestRecorder.ImportRecordedRequests(fs);
appScan.Scan.ScanEnded += new EventHandler<Watchfire.AppScan.Scan.Events.ScanEndedEventArgs>(Scan_ScanEnded);
appScan.Scan.RequestRecorder.Analyse();
Monitor.Wait(_analysisHandle);
}
ScanOperationResult res = appScan.Scan.Scan(false, true);
}
You can use the same technique to streamline other asynchronous events.
Cheers,
Guypo
Reply all
Reply to author
Forward
0 new messages