cisagov / cset Goto Github PK
View Code? Open in Web Editor NEWCybersecurity Evaluation Tool
License: MIT License
Cybersecurity Evaluation Tool
License: MIT License
This page is ancient and needs to be updated or "taken out behind the shed™":
Using the CSET 9.1.2 standalone installer, there's no SQL server installed anywhere. Going to localhost:46000, gives this error msg:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 50 - Local Database Runtime error occurred. Error occurred during LocalDB instance startup: SQL Server process failed to start.
)
For questions or help please see:
I have configured the CSET Enterprise version on my system with IIS and SQL manager installation.
I have configured the SMTP Host setting for sending the Emails which we get after registration.
But I am not receiving any emails which will contain a temporary password that will allow us to log in to the CSET Application.
CSET application is running but at the time of registration, I am getting an internal server Error ("Unknown Error" in the console window) also the user is created in the database.
I have attached the error screens, It would be great if anyone can check on this issue and revert me back.
CSET 8 produced DOCX and PDF reports. Please support this in version 10+.
These reports are useful to others in the organization that do not have CSET installed. It would be nice to email stakeholders a Word or PDF document. In fact, reports with a signature block require editing. Simply opening a saved HTML file in word does not pick up the network diagram.
Just as in CSET 8, the report builder would allow producing DOCX or PDF reports.
This feature would support sharing of assessment results both inside and outside organization. (e.g. to prove compliance to a customer.)
Module import on version 10.1 not working. OPtion presents a blank page. Tested in Firefox and Edge on two machines with the same result.
Is there a feature for Deleting users from the CSET database?
I know that you can add them via the GUI or the addcsetuser.exe, but I do not see any place to delete them.
I am using this for a university course, and would like to remote users at the end of the semester.
When creating an assessment in Requirements Mode, per-requirement comments added to the 'comments' field do not display on the Site Detail Report, under 'Question Comments And Marked For Review'.
Comments DO show up correctly when comments are entered in Questions Mode.
Create New Assessment, Next x 2, Select 'NIST Special Publication 800-171 Rev 1', Next, Select 'Requirements Mode', Expand first question, select 'Yes' on this question, select 'Comments', enter any text into comments field, select 'Results' tab, 'Reports', 'Site Detail Report', scroll to the bottom of the report to heading 'Question Comments And Marked For Review'. "Question: | There are no questions with comments to display." is displayed.
Comments entered while using Requirements Mode should appear in the "Site Detail Report", "Question Comments And Marked for Review" section.
Thank you.
Paste the results here:
The current question set, and controls from the 800-53A are outdated. They are not tailored to the newest revision, the 800-53Ar4.
For questions or help please see:
If an assessment is done using several computers:
You end up with several Contacts at the first screen of the assessment - listing all users who worked on it.
If you then Delete the user from Computer 2, The WHOLE assessment disappears!
There is NO warning that deleting a contact from that screen will wipe the whole assessment!
Deleting a user should just delete the user (deleting a Contact should just delete the CONTACT!)
A clear and concise description of what you expected to happen.
Paste the results here:
I have deployed the CSET SQL instance and have been able to successfully connect to the SQL instance from a remote system. When logging into the SQL instance using CSET Web interface we are presented with the gold ribbon at the top showing local instance.
Following the instructions, I am unable to find and download the DIST folder as the link points to an old link. Could you please provide any insight into why we would be receiving the local instance error when it is connected to the DB. Also, there are no webfile to be placed in the IIS for launching and not sure if this is part of the issue in the instructions\downloaded files
The ability to export CSET data in a "clean", non-attributable fashion.
If a user wants to share data with CISA or another organization, it would be useful if they could do so in a non-attributable way.
I just install CSET 10.0.0 and i getting this message:
Invalid object name 'INSTALLATION'.
Descripción: Excepción no controlada al ejecutar la solicitud Web actual. Revise el seguimiento de la pila para obtener más información acerca del error y dónde se originó en el código.
Detalles de la excepción: System.Data.SqlClient.SqlException: Invalid object name 'INSTALLATION'.
Error de código fuente:
Se ha generado una excepción no controlada durante la ejecución de la solicitud Web actual. La información sobre el origen y la ubicación de la excepción pueden identificarse utilizando la excepción del seguimiento de la pila siguiente.
Seguimiento de la pila:
[SqlException (0x80131904): Invalid object name 'INSTALLATION'.]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) +212 System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action
1 wrapCloseInAction) +81
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +631
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) +4233
System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() +58
System.Data.SqlClient.SqlDataReader.get_MetaData() +89
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption, Boolean shouldCacheForAlwaysEncrypted) +437
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest) +2616
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry) +1700 System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +64 System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +243 System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +37 System.Data.Common.DbCommand.ExecuteReader() +12 Microsoft.EntityFrameworkCore.Storage.Internal.RelationalCommand.Execute(IRelationalConnection connection, DbCommandMethod executeMethod, IReadOnlyDictionary
2 parameterValues) +871
Microsoft.EntityFrameworkCore.Storage.Internal.RelationalCommand.ExecuteReader(IRelationalConnection connection, IReadOnlyDictionary2 parameterValues) +40 Microsoft.EntityFrameworkCore.Query.Internal.Enumerator.BufferlessMoveNext(DbContext _, Boolean buffer) +182 Microsoft.EntityFrameworkCore.SqlServer.Storage.Internal.SqlServerExecutionStrategy.Execute(TState state, Func
3 operation, Func3 verifySucceeded) +57 Microsoft.EntityFrameworkCore.Query.Internal.Enumerator.MoveNext() +100 System.Linq.Enumerable.FirstOrDefault(IEnumerable
1 source) +183
lambda_method(Closure ) +244
Microsoft.EntityFrameworkCore.Query.Internal.ResultEnumerable1.GetEnumerator() +14 Microsoft.EntityFrameworkCore.Query.Internal.<_TrackEntities>d__17
2.MoveNext() +109
Microsoft.EntityFrameworkCore.Query.Internal.EnumeratorExceptionInterceptor.MoveNext() +172
System.Linq.Enumerable.First(IEnumerable1 source) +183 Microsoft.EntityFrameworkCore.Query.Internal.<>c__DisplayClass15_1
1.b__0(QueryContext qc) +111
Microsoft.EntityFrameworkCore.Query.Internal.QueryCompiler.Execute(Expression query) +262
Microsoft.EntityFrameworkCore.Query.Internal.EntityQueryProvider.Execute(Expression expression) +60
System.Linq.Queryable.FirstOrDefault(IQueryable`1 source) +212
CSETWeb_Api.Helpers.TransactionSecurity.GetSecret() +190
CSETWeb_Api.Helpers.TransactionSecurity.GenerateSecret() +29
CSETWeb_Api.Startup.Configuration(IAppBuilder app) +55
[TargetInvocationException: Se produjo una excepción en el destino de la invocación.]
System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) +0
System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) +168
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +105
Owin.Loader.<>c__DisplayClass18_1.b__0(IAppBuilder builder) +66
Owin.Loader.<>c__DisplayClass9_0.b__0(IAppBuilder builder) +123
Microsoft.Owin.Host.SystemWeb.<>c__DisplayClass5_0.b__0(IAppBuilder builder) +81
Microsoft.Owin.Host.SystemWeb.OwinAppContext.Initialize(Action1 startup) +462 Microsoft.Owin.Host.SystemWeb.OwinBuilder.Build(Action
1 startup) +40
Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() +70
System.Threading.LazyInitializer.EnsureInitializedCore(T& target, Boolean& initialized, Object& syncLock, Func`1 valueFactory) +119
Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init(HttpApplication context) +106
System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +523
System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +176
System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +220
System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +303
[HttpException (0x80004005): Se produjo una excepción en el destino de la invocación.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +659
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +89
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +188
Información de versión: Versión de Microsoft .NET Framework:4.0.30319; Versión ASP.NET:4.8.4250.0
Unable to start a new assessment in version 10.1.1.0.
Tried using multiple browsers and all had same results. Screen would flicker but would return to the selection screen with Start New Assessment or Import Assessment. Import Assessment button does open the import dialog.
Steps to reproduce the behavior:
Expect new assessment dialog to open.
Paste the results here:
When trying to access the Results tab in an assessment, the site produces the access denied error and kicks you back to the login screen.
When changing an assessment from Questions Mode to Requirements Mode, the same issue occurs and same error in the browser is printed.
Build latest 9.2.1 master branch with clean database. Create a new assessment, add any SAL and standard. Click on Results Tab - it will kick you back to login. Relogin, select assessment again, click on Questions, and then then change to Requirements Mode. It will kick you out again.
Access to results and requirements mode.
Edge DevTools:
Attempt to view Results:
HTTP500: SERVER ERROR - The server encountered an unexpected condition that prevented it from fulfilling the request.
(XHR)GET - http://localhost/api/analysis/Dashboard
The database-principal 'dbo' does not exist or user is not a member.
The database-principal 'dbo' does not exist or user is not a member.
main.js (13871,21)
JWT Invalid. logging out.
main.js (13872,21)
Attempt to view Requirements Mode:
HTTP500: SERVER ERROR - The server encountered an unexpected condition that prevented it from fulfilling the request.
(XHR)POST - http://localhost/api/questionlist
The database-principal 'dbo' does not exist or user is not a member.
The database-principal 'dbo' does not exist or user is not a member.
The database-principal 'dbo' does not exist or user is not a member.
The database-principal 'dbo' does not exist or user is not a member.
There are some errors in the initial Enterprise installation instructions for 9.2.2 that will be handled separately.
However, it would be nice to provide upgrade instructions for Enterprise.
I assumed you just replace the wwwroot contents with the new ones. However, what do you do with the database files?
Sign-up restrictions would be useful for restricting the domains/emails that are allowed to create accounts.
Some organizations need to use CSET as a public-facing site, but don't want to allow unauthorized users to create accounts. There is no "admin approval" process, but sign-up restrictions are a great alternative.
GitLab uses sign-up restrictions where the admin can whitelist domains. Since GitLab's implementation uses an admin console, CSET could either: develop an admin console or read the whitelist from a txt file.
CSET may contain sensitive or confidential information. Restricting domains to whitelist-only would prevent unauthorized users from creating accounts.
Unless I am missing something in the Web.config file, the SMTP configuration does not support authentication. Are the additional hidden keys that exist but are not defined in the sample file.
Please provide capability to authenticate to an SMTP server.
Using the Standalone version, Attempting to import a new module always gets DB input error.
I have tried a variety of approaches (all XML). Importing another module and replace name and shortname just to see if I could get it to work. I was successful in creating a new module but not one that contained requirements. Including requirements fails.
A clear and concise description of what you expected to happen.
Paste the results here:
Using 9.2.0 windows installer, when accessing the questions screen for a NIST CSF v1.1 assessment, it fails to load screen and redirects back to assessments screen.
Install 9.2.0 Windows installer. Select NIST CSF as assessment type. Navigate thru screens until you reach questions.
The NIST CSF questions are available to access and answer.
Paste the results here:
What standard similar with IEC62443?
Hi there!
I am facing a problem when I try to access the assessment results (I am using CSET Enterprise 9.2.2).
When I click on RESULTS, my session is disconnected and CSET presents a pop-up with an "Access Denied" error with the following message:
"
Your session has expired, a connection error has occurred, or you are no longer authorized to access that assessment.
Please log in again.
"
Same behaviour repeats for all assessments and for two different users.
Any ideas about this and how to fix?
Thanks in advance!
Best regards,
Fabio.
Prior to CSET 9.x, it was possible to export reports in .docx format for customization. Would like this feature added back to the CSET, especially with the Site Cybersecurity Plan.
Feature was used extensively in prior releases.
CSET 9.2.1
If I leave an assessment while in progress and come back, I have been loosing progress. I am in "Requirements Mode" with CNSSI 1253 V2 requirements selected. I completed all of the Access Control requirements. I left the page and when I came back only a few of the requirements were showing as completed.
CSET 9.2.1
Win 10 Pro
Chrome 79.0
CMMC Model v1.0 Assessment Template
To be able to assess against the newly released CMMC Cybersecurity Maturity Model Certification standard.
https://www.acq.osd.mil/cmmc/draft.html
This newly released framework is now the standard for DIB contractors.
Unable to view or create assessments after building and installing enterprise version 9.2.
It looks like the database image is not updated to version 9.2 in the master or development branches, and the update is not compatible with v9.0.1's database image.
Using build version 9.2, connect to the database image committed in April (dbo.CSET_VERSION.Cset_Version = 9.0.1), and then try to view or create an assessment.
Ability to create new assessments.
I can't seem to create custom reports off assessment questions that would break out POAM. The doc i looked at says there should be a "Report Builder" within the tool but it is not there. I really really could use this as it is the main thing I need.
Consider adding a CONTRIBUTING.md
file. This file should contain a lot of what is in the README.md
now. But it should also help people contribute back to our project.
Here is the file that we use in our generic skeleton project:
https://github.com/cisagov/skeleton-generic/blob/develop/CONTRIBUTING.md
Ability to add custom Question Group Headings to align with other standards that do not match those provided. If custom is not possible, need addition of:
Would like functionality similar to custom Subcategories.
I am building a custom profile to align with DoD CMMC.
CSET should align with both USG documents. Need to group questions by "Domain" and subcategory aligned to "Capability" for CMMC.
CSET 9.2.1
Is it possible to export the Custom Module and the associated Custom Questions?
Need is high to develop customization that can be shared with others.
CSET 9.2.1
I'm trying to run the build.sh script to get the application installed for the Enterprise and the script returns many errors.
Here are a list of issues I've found executing the build.sh file:
Unless I'm missing something, this project needs to be fixed so these missing files and other issues are resolved.
QUESTION - what is the difference between the build.sh script and the standalone.exe? Can I install the standalone.exe and make some modifications to the produced application to use it for the enterprise? Is it as simple as just changing a database connection string or something more?
This is the api-build.log output. The build fails, and the last line shows one of the reasons, the build.bat file which has pointers in the script to files that don't exist. (see my missing files bullet point).
(snipped the beginning of the file since it was too large for this submission.)
BUILD: (ResolveAssemblyReferences target) ->
BUILD: C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\MSBuild\15.0\Bin\Microsoft.Common.CurrentVersion.targets(2110,5): warning MSB3245: Could not resolve this reference. Could not locate the assembly "Microsoft.EntityFrameworkCore.Design". Check to make sure the assembly exists on disk. If this reference is required by your code, you may get compilation errors. [C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\ExportCSV.csproj]
BUILD: C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\MSBuild\15.0\Bin\Microsoft.Common.CurrentVersion.targets(2110,5): warning MSB3245: Could not resolve this reference. Could not locate the assembly "Microsoft.EntityFrameworkCore.Relational". Check to make sure the assembly exists on disk. If this reference is required by your code, you may get compilation errors. [C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\ExportCSV.csproj]
BUILD:
BUILD:
BUILD: "C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api.sln" (Build target) (1) ->
BUILD: "C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj" (default target) (2) ->
BUILD: "C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\ExportCSV.csproj" (default target) (5:2) ->
BUILD: (CoreCompile target) ->
BUILD: oldReportEngine\DataHandling.cs(16,33): warning CS0436: The type 'IDataHandling' in 'C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\oldReportEngine\IDataHandling.cs' conflicts with the imported type 'IDataHandling' in 'BusinessLogic, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'. Using the type defined in 'C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\oldReportEngine\IDataHandling.cs'. [C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\ExportCSV.csproj]
BUILD: CSETtoExcelDataMappings.cs(159,13): warning CS0436: The type 'IDataHandling' in 'C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\oldReportEngine\IDataHandling.cs' conflicts with the imported type 'IDataHandling' in 'BusinessLogic, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'. Using the type defined in 'C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\oldReportEngine\IDataHandling.cs'. [C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\ExportCSV.csproj]
BUILD: CSETtoExcelDataMappings.cs(159,36): warning CS0436: The type 'DataHandling' in 'C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\oldReportEngine\DataHandling.cs' conflicts with the imported type 'DataHandling' in 'BusinessLogic, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'. Using the type defined in 'C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\oldReportEngine\DataHandling.cs'. [C:\cset-deploy\CSETWebApi\CSETWeb_Api\ExportCSV\ExportCSV.csproj]
BUILD:
BUILD:
BUILD: "C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api.sln" (Build target) (1) ->
BUILD: "C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj" (default target) (2) ->
BUILD: Version\VersionHandler.cs(76,30): warning CS0168: The variable 'ex' is declared but never used [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\ACETFilterController.cs(41,34): warning CS0168: The variable 'e' is declared but never used [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\FileUploadController.cs(56,20): warning CS0168: The variable 'fileHash' is declared but never used [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\DiagramController.cs(274,30): warning CS0168: The variable 'ex' is declared but never used [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\DiagramController.cs(302,30): warning CS0168: The variable 'ex' is declared but never used [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\DiagramController.cs(330,30): warning CS0168: The variable 'ex' is declared but never used [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\DiagramController.cs(358,30): warning CS0168: The variable 'ex' is declared but never used [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\DiagramController.cs(386,30): warning CS0168: The variable 'ex' is declared but never used [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\ResetPasswordController.cs(125,48): warning CS1998: This async method lacks 'await' operators and will run synchronously. Consider using the 'await' operator to await non-blocking API calls, or 'await Task.Run(...)' to do CPU-bound work on a background thread. [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\DiagramController.cs(399,26): warning CS1572: XML comment has a param tag for 'token', but there is no parameter by that name [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\QuestionsController.cs(162,90): warning CS1573: Parameter 'IsComponent' has no matching param tag in the XML comment for 'QuestionsController.GetDetails(int, bool)' (but other parameters do) [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: App_Start\RouteConfig.cs(24,13): warning CS1587: XML comment is not placed on a valid language element [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\AnalysisController.cs(537,13): warning CS1587: XML comment is not placed on a valid language element [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD: Controllers\AnalysisController.cs(852,54): warning CS1587: XML comment is not placed on a valid language element [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD:
BUILD:
BUILD: "C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api.sln" (Build target) (1) ->
BUILD: "C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj" (default target) (2) ->
BUILD: (PostBuildEvent target) ->
BUILD: C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\MSBuild\15.0\Bin\Microsoft.Common.CurrentVersion.targets(5165,5): error MSB3073: The command "call C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\Diagram\etc\build\build.bat" exited with code 9009. [C:\cset-deploy\CSETWebApi\CSETWeb_Api\CSETWeb_Api\CSETWeb_Api.csproj]
BUILD:
BUILD: 52 Warning(s)
BUILD: 1 Error(s)
BUILD:
BUILD: Time Elapsed 00:00:16.39
I tried to submit the C2M2 as well as a custom module into the import module editor with the standalone install of CSET as well as the Enterprise Installation.
There is a processing error and nothing will upload to the database.
Steps to reproduce the behavior: Load the C2M2 Module or any other module into the CSET editor and submit.
CSET is a great tool, but it is not scalable for the masses as it can not be customized for organizational specific needs? Like disabling features not needed or simplifying interface. Ie will never use the maturity model, so I'd like to remove it, or the ability to disable standards not used in my vertical. Let us customize the product for our own organizational needs?
The link for the ISA 62443 2013 reference under "Resource Library / General Control Systems Standards / Industrial Automation and CS Security 2013" is not valid and is not present in the Website/Documents directory.
Click reference link and error page is displayed.
A PDF document similar to Industrial Automation and CS Security 2009 should be displayed.
Hi,
Since this is not a bug in the application I add my comments here.
Server Error in '/' Application.
Invalid object name 'dbo.INSTALLATION'.
Description: An unhandled exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Data.SqlClient.SqlException: Invalid object name 'dbo.INSTALLATION'.
Source Error:
I wonder if the CSETstandalone.exe 10.1 is just the version described below "CSET Enterprise Installation Instructions"
If the standalone desktop version is not maintained any longer the read.me file should be updated.
#1 There's no mentioning on what OS version CSET support. the document often refers to Desktop, however it seems the evolution of CSET have gone towards a multiuser solution which is best suited for installation on a Windows server. The readme should describe the alternatives available.
For instance the line "A CSET dialogue will open asking if you want to install the CSET Desktop (Fig.2). Select "Yes"."
#2 The pre-requisite comes far down in the document. The installation requirement (OS and pre req) should be listed first.
#3 The statement " If the user doesn't have IIS 10.0 Express, CSET will install it. " Sounds very good. However, it would be nice to have a way to verify if this component is installed properly. In my Windows Features I don't see anything installed under IIS. I can't find the IIS Express as an installation i the control panel either. But the fact that my browser shows the error message under the URL "http://localhost:46000/index.html?v=10.1.7607" indicates that that at least I have a web server running locally.
#4 There is no file called "CSET_10.1-Binary.zip on the CSET® releases page
"Click "CSET_10.1-Binary.zip" file to download it."
#5 There's a broken link "Again, this can be downloaded directly from Microsoft" (https://www.microsoft.com/en-us/download/details.aspx?id=47337)
#6 The IIS installation is a bit different on Windows 10 vs Server 2016.
#7 The SQL installation procedure was very long. Could this be scripted? Is it possible to run it on Windows 10?
I would think many like me are not that keen on putting all this on my windows 10 workstation. If it has to be like this it would be nice to have a procedure how to run the CSET on a VM (VMware workstatation or VirtualBox) and then use the Chrome browser only on the company PC (Windows 10).
Best regards,
Tolleif Onarheim
After installation CSET 10.1 a presentation error "Invalid object name 'dbo.INSTALLATION'.".
Detalhes da Exceção: Microsoft.Data.SqlClient.SqlException: Invalid object name 'dbo.INSTALLATION'.
Erro de Origem:
Exceção sem tratamento foi gerada durante a execução da atual solicitação da Web. As informações relacionadas à origem e ao local da exceção podem ser identificadas usando-se o rastreamento de pilha de exceção abaixo.
Rastreamento de Pilha:
[SqlException (0x80131904): Invalid object name 'dbo.INSTALLATION'.]
Microsoft.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) +220 Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action
1 wrapCloseInAction) +81
Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +614
Microsoft.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) +4452
Microsoft.Data.SqlClient.SqlDataReader.TryConsumeMetaData() +60
Microsoft.Data.SqlClient.SqlDataReader.get_MetaData() +89
Microsoft.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption, Boolean shouldCacheForAlwaysEncrypted) +396
Microsoft.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest) +2597
Microsoft.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry) +1557 Microsoft.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +64 Microsoft.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +228 Microsoft.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +60 System.Data.Common.DbCommand.ExecuteReader() +12 Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReader(RelationalCommandParameterObject parameterObject) +947 Microsoft.EntityFrameworkCore.Query.Internal.Enumerator.InitializeReader(DbContext _, Boolean result) +204 Microsoft.EntityFrameworkCore.SqlServer.Storage.Internal.SqlServerExecutionStrategy.Execute(TState state, Func
3 operation, Func3 verifySucceeded) +57 Microsoft.EntityFrameworkCore.Query.Internal.Enumerator.MoveNext() +550 System.Linq.Enumerable.SingleOrDefault(IEnumerable
1 source) +198
lambda_method(Closure , QueryContext ) +264
Microsoft.EntityFrameworkCore.Query.Internal.QueryCompiler.Execute(Expression query) +263
Microsoft.EntityFrameworkCore.Query.Internal.EntityQueryProvider.Execute(Expression expression) +60
System.Linq.Queryable.FirstOrDefault(IQueryable`1 source) +212
CSETWeb_Api.Helpers.TransactionSecurity.GetSecret() +191
CSETWeb_Api.Helpers.TransactionSecurity.GenerateSecret() +29
CSETWeb_Api.Startup.Configuration(IAppBuilder app) +55
[TargetInvocationException: Uma exceção foi acionada pelo destino de uma chamada.]
System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) +0
System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) +168
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +105
Owin.Loader.<>c__DisplayClass19_1.b__0(IAppBuilder builder) +66
Owin.Loader.<>c__DisplayClass9_0.b__0(IAppBuilder builder) +123
Microsoft.Owin.Host.SystemWeb.<>c__DisplayClass5_0.b__0(IAppBuilder builder) +81
Microsoft.Owin.Host.SystemWeb.OwinAppContext.Initialize(Action1 startup) +462 Microsoft.Owin.Host.SystemWeb.OwinBuilder.Build(Action
1 startup) +40
Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() +70
System.Threading.LazyInitializer.EnsureInitializedCore(T& target, Boolean& initialized, Object& syncLock, Func`1 valueFactory) +119
Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init(HttpApplication context) +106
System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +523
System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +176
System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +220
System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +303
[HttpException (0x80004005): Uma exceção foi acionada pelo destino de uma chamada.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +659
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +89
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +188
I am trying to run the WebApi project in debug mode, and I would like to modify the API code to use my own SMTP settings (to start with) - do you have any guidance on running the software in an interactive debugging environment?
I have the database installed, and have successfully built the enterprise 9.2.2 version in VS 2017.
When I try to debug the WebApi project, I get the "CSET Web Starting Configuration Page" - then when I click the "CSET Angular Site" link, I get a runtime error saying assets/config.json is not found:
An exception of type 'System.Web.HttpException' occurred in CSETWeb_Api.dll but was not handled in user code Additional information: assets/config.json file not found
I assume I am missing some step - maybe building the angular project?
I am trying to add a new module (new Standard) using the Import Module. I have this new standard in JSON and trying to import. The questions from the first object in the Requirements section gets added in the module and rest of them are skipped.
I have tried again and again in various ways to make it work but the result is same. Could you please help me with this? Also, please check if the Enterprise version has the same issue.
Create a json with custom requirements and questions which are not already in the database, and try importing from Import Module.
All the custom questions should be added to the newly created module.
Paste the results here:
When on the results page, the Reports tab doesnt show up sometimes.
If I click back to requirements and back to results and wait a few seconds, it sometimes comes back.
Steps to reproduce the behavior:
Go to the results tab and look for the Reports option.
It should open the Report choices
Paste the results here:
After upgrading from CSET version 9.0.1 to version 9.2.0 (stand alone) the system would not allow me to open my assessments that I had done on version 9.0.1, neither would it allow me to start a new assessment.
When I click on the old assessments to open them the system just "blinks", and then nothing happens. Likewise when I click on the "New Assessment", it blinks and does nothing.
A clear and concise description of what the regression is.
I am not able to export any of the assessments. A file is generated but its only 2 or 4 k.
Worked up to version: 9.1
I have a number of exports from 9.1 that I imported into 9.2. They imported properly but now when I export the file size is only 2 K. Exporter from 9.1 the files sizes averaged 450K.
Stopped working in version: 9.2.0
Steps to reproduce the behavior: Export an assessment
A clear and concise description of what you expected to happen.
Create an export file of the assessment that can be used as a backup or re-imported.
There are no errors produced during the operation and you just assume it exported correctly. Its not until you try to re-import it that you know it isn't working. I also looked at the
Paste the results here:
CSET 9.2.1: NIST SP 800-171 Rev 1 as of 06 07 2018 - This guidance is listed under Prepare>Cybersecurity Standards>NIST Framework>"NIST SP 800-171 Rev 1 Updates 06-07-2018" but when this is selected nothing populates the requirements section - instead it notes "There are no applicable questions/requirements to display. Check the assessment's SAL level and Standards selection."
@johnmod3 sent an email in with a couple of attachments concerning vulnerabilities scanned in this repository.
I've take a quick look and these seem to be a subset of our dependabot and CodeQL findings. I believe that most of these dependency bumps are going to be addressed in the next release. Some have been captured in the current crop of dependabot PRs.
I'm attaching for further review by the CSET development team.
Thank you @johnmod3 for your contribution. Having extra sets of eyes is why we're here! 👀
Attachments:
The application throws a message
Access Denied
Your session has expired, a connection error has occurred, or you are no longer authorized to access that assessment.
Please log in again.
OK
In both versions 9.2.2 and 10.0.0
Create a new assessment.
Proceed to Questions
(Questions show correctly)
Click on Requirements Mode button
or
Create a new assessment.
Proceed to Questions
(Questions show correctly)
Answer a question
Click on Results button
I expect to stay logged into the application.
Chrome developer tools show:
POST https://myorg/api/questionlist 500
The database-principal 'dbo' does not exist or user is not a member
JWT Invalid. logging out.
it references main.f4409f2ea3c52be23d63.js
StackTrace: " at CSETWeb_Api.BusinessManagers.RequirementsManager.BuildResponse(List1 requirements, List
1 answers, List1 domains) ↵ at CSETWeb_Api.BusinessManagers.RequirementsManager.GetRequirementsList() ↵ at CSETWeb_Api.Controllers.QuestionsController.GetList(String group) ↵ at lambda_method(Closure , Object , Object[] ) ↵ at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass6_2.<GetExecutor>b__2(Object instance, Object[] methodParameters) ↵ at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary
2 arguments, CancellationToken cancellationToken)
↵--- End of stack trace from previous location where exception was thrown ---
↵ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
↵ at System.Web.Http.Controllers.ApiControllerActionInvoker.d__1.MoveNext()
↵--- End of stack trace from previous location where exception was thrown ---
↵ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
↵ at System.Web.Http.Controllers.ActionFilterResult.d__5.MoveNext()
↵--- End of stack trace from previous location where exception was thrown ---
↵ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
↵ at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__15.MoveNext()"
LGTM is unable to build CSET using its default strategies. It needs some hints about how to go about it.
Steps to reproduce the behavior:
LGTM should be able to identify the correct way to extract and build the code.
We should add a lgtm.yml
file to the repository with some hints how to build CSET. See the documentation for information about this file:
When I create a new assessment, I am able to select the report "Observation Tear Out Sheets" but when I open an existing database, the PDF opens for a split second and then closes. I am trying to create a NIST 800-171 Observation Tear Out Sheet.
Open an existing assessment and try running the Observation Tear Out Sheets report
I expected the PDF to open.
Paste the results here:
I have CSET v6.2 installed on a Windows 10 virtual machine.
When I attempt to uninstall it, it fails with the following popup message:
Error 1606. Could not access network location \vmware-host\Shared Folders\Documents
However the path is accessible via File Explorer
I've been testing some styling changes in the front end part of the app but I can't seem to run the build. Whenever I do ng serve -o i get this error:
[error] C:\Users\User\Desktop\cset-master\CSETWebNg\node_modules\lodash\lodash.js:3980
if ((key === 'proto' || key === 'constructor' || key === 'prototype')) {
^^
SyntaxError: Unexpected token 'if'
at wrapSafe (internal/modules/cjs/loader.js:979:16)
at Module._compile (internal/modules/cjs/loader.js:1027:27)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
at Module.load (internal/modules/cjs/loader.js:928:32)
at Function.Module._load (internal/modules/cjs/loader.js:769:14)
at Module.require (internal/modules/cjs/loader.js:952:19)
at require (internal/modules/cjs/helpers.js:88:18)
at Object. (C:\Users\User\Desktop\cset-master\CSETWebNg\node_modules\http-proxy-middleware\lib\index.js:1:9)
at Module._compile (internal/modules/cjs/loader.js:1063:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
I have Node v14.15.3 and @angular/[email protected] installed so i don't know if it has to do with the version?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.