[Owasp-appsensor-dev] AppSensor v2.0.0 Beta Release

John Melton jtmelton at gmail.com
Tue Sep 23 17:06:50 UTC 2014


Benjamin,
Sounds great - I can help you along the way as you have questions.

The local API should look something like
"localhost:8080/sample-appsensor-ws-rest-server/api/v1.0/responses"
(or "/events" or "/attacks" with POST requests for adding). Give that
a try and let me know what happens. If you can post the errors you're
getting, I'll try to help you walk through them.

Thanks,
John

On Tue, Sep 23, 2014 at 12:10 PM,  <Benjamin-Hugo.LeBlanc at bentley.com> wrote:
> Hi everyone,
>
> I am working this fall as an IT Product Security intern, and one of my tasks
> is to test AppSensor as a standalone engine using REST calls from a C#
> client. This will hopefully be conducted in three distinct steps:
>
> a. install the sample appsensor ws server and dashboard in an apache tomcat
> (localhost), successfully sending events and logging them;
> b. building a local C# client sending REST calls to appsensor;
> c. further testing this into the cloud, i.e. both the c# client and
> appsensor.
>
> I've managed to install the dashboard pretty quickly -- the "mvn package"
> cmd worked like a charm and the .war installed correctly. As for the
> sample-appsensor-ws-rest-server, maven couldn't locate various
> org.owasp.appsensor class files, so I copied that directory structure into
> the compiling folder (\sample-appsensor-ws-rest-server\org\owasp\appsensor)
> with all the classes into it, then Maven compiled correctly with the .war
> file.
>
> I guess my question is "what next?" Logging with
> "http://localhost:8080/sample-appsensor-ws-rest-server-2.0.0-SNAPSHOT"
> returns a 500 internal error with a stream of exceptions, and I am looking
> for the proper way/syntax to send events to that server and make it react.
> Any simple way for a less experienced coder to make this work?
>
> Any hint would be much appreciated !
>
> Thanks,
>
> Benjamin
>
> -----Original Message-----
> From: owasp-appsensor-dev-bounces at lists.owasp.org
> [mailto:owasp-appsensor-dev-bounces at lists.owasp.org] On Behalf Of John
> Melton
> Sent: Saturday, September 20, 2014 7:11 PM
> To: Chetan Karande
> Cc: owasp-appsensor-dev
> Subject: Re: [Owasp-appsensor-dev] AppSensor v2.0.0 Beta Release
>
> Chetan,
> Sure, happy to help any way I can. Please let me know in a separate email if
> you have issues troubleshooting the app, and I'll try to help. I'll take a
> look at the html pages to see what's breaking.
> Hopefully someone with better front-end/design skills than I will come along
> and fix what I'm sure are many issues on the page.
>
> Thanks,
> John
>
> On Sat, Sep 20, 2014 at 6:29 PM, Chetan Karande <chetan.karande at owasp.org>
> wrote:
>> Thank you John for considering my feedback and promptly incorporating it.
>> The instructions at sample apps parent directory are very clear now
>> :). I am still getting the same build error though, but it could be my
>> environment issue and I will troubleshoot it further.
>>
>> Not a very critical issue, but just to let you know in case you didn't
>> notice it already, there are some javascript errors on loading home
>> and user guide page, but it is not very breaking anything.
>>
>> Thanks,
>>
>> Chetan
>>
>> On Fri, Sep 19, 2014 at 10:24 PM, John Melton <jtmelton at gmail.com> wrote:
>>>
>>> Chetan,
>>> Once more, responses inline. Thanks again for the feedback.
>>> Thanks,
>>> John
>>>
>>> On Wed, Sep 17, 2014 at 11:24 PM, John Melton <jtmelton at gmail.com> wrote:
>>> > Chetan,
>>> > Thanks for the excellent feedback - responses inline.
>>> >
>>> > Thanks,
>>> > John
>>> >
>>> > On Wed, Sep 17, 2014 at 11:07 PM, Chetan Karande
>>> > <chetan.karande at owasp.org> wrote:
>>> >> Hi John,
>>> >>
>>> >> Great work on beta Release. It reflects all the hard work you have
>>> >> put in.
>>> >>
>>> >> As I am going through the website,  sharing some obeservations /
>>> >> suggestions:
>>> >>
>>> >> 1) Getting Started Page:
>>> >>
>>> >>  I think this note is misleading:
>>> >>
>>> >> If you want to try out a working application, start with one of
>>> >> the sample applications available on GitHub. You should be able to
>>> >> drop them into a servlet container and start them up.
>>> >
>>> > The note _should_ be accurate - the fact that they don't run is an
>>> > oversight. You _should_ be able to drop them in a container and
>>> > have them run.
>>>
>>> I cleaned up this note on the site and made it more clear that the
>>> user should read the github docs (see below) to get the sample apps
>>> deployed.
>>>
>>> >
>>> >>
>>> >> Unless I am missing something, starting these sample apps was not
>>> >> as easy dropping them in servlet container. On first attempt the
>>> >> 'maven clean install' command failed on all sample projects, until
>>> >> I realized the repository tag and appsensor-core dependency needs
>>> >> to be fixed for these apps as well. The section immediately below
>>> >> this note does specify that, but it was not very clear that it
>>> >> applies to sample apps. I think it would be helpful to have
>>> >> README.md in each of the sample apps with clear steps on how to
>>> >> build these projects (especially helpful for those like me who are
>>> >> not very familiar with maven based project structure)
>>> >>
>>> >
>>> > I need to clean these up - they didn't get updated when I made
>>> > changes so they are broken as of now. This is not terrible since
>>> > they are demos, but I'll absolutely correct it.
>>>
>>> I cleaned up dependencies here, and then added documentation to the
>>> sample apps parent directory
>>> (https://github.com/jtmelton/appsensor/tree/master/sample-apps)
>>> describing how to deploy the applications locally.
>>>
>>> >
>>> >> Next, even after setting repository and appsensor-core dependency,
>>> >> I couldn't get  sample-appsensor-ws-rest-server and
>>> >> simple-websocket-dashboard to build successfully due to this
>>> >> error:
>>> >>
>>> >> [ERROR] Failed to execute goal
>>> >> org.apache.maven.plugins:maven-compiler-plugin:3.1:compile
>>> >> (default-compile)
>>> >> on project sample-appsensor-ws-rest-server: Fatal error compiling:
>>> >> invalid
>>> >> target release: 1.7 -> [Help 1]
>>> >>
>>> >> I just ran 'maven clean install'  command  at root of these projects.
>>> >> Please
>>> >> suggest if I am missing anything.
>>> >
>>> > I'll look at this one, but not sure what's going on here. Assuming
>>> > I messed something up with the maven version update and deployment
>>> > as these ran just fine recently.
>>>
>>> After cleanup I compiled all of these from a clean clone and
>>> everything worked fine for me. This might be environmental if it
>>> still occurs for you. Let me know if this is still happening and we
>>> can work together offline.
>>>
>>> >
>>> >>
>>> >>
>>> >> 2) JavaScript errors:
>>> >>
>>> >> I noticed a javscript error is thrown while loading each page:
>>> >> Uncaught
>>> >> ReferenceError: $ is not defined. This is due to script tag inside
>>> >> <head> tag for each page. It uses jquery before loading it at
>>> >> bottom of the page. I didn't find any elements with #tabs id in
>>> >> these html files. So thought this script tag has no functional
>>> >> value and can be removed, unless you want to move it at bottom of
>>> >> the page after loading jquery.
>>> >>
>>> >> <script>
>>> >>
>>> >>       $(function() {
>>> >>
>>> >>         $( "#tabs" ).tabs();
>>> >>
>>> >>       });
>>> >>
>>> >>     </script>
>>> >
>>> > Good catch - this was being used for something, but I removed it.
>>> > I'll clean this up.
>>>
>>> Removed this and re-deployed the site.
>>>
>>> >
>>> >>
>>> >> 3) Are you planning to provide sample client app code as well as
>>> >> part of this or future release?
>>> >
>>> > Client app code will come in the future - my goal for pushing
>>> > forward with a release is to get just the existing components
>>> > solidified. I still have some work to do around looking at the
>>> > client applications before putting them out there to be used.
>>
>>
> _______________________________________________
> Owasp-appsensor-dev mailing list
> Owasp-appsensor-dev at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-dev


More information about the Owasp-appsensor-dev mailing list