Textbox breaks document generation #61
Comments
|
Thanks for the detailed report. |
|
Thanks for your response! Sure can, I've shared my reproduction code with you via draft PR. |
|
I'm working on getting a release before my DEFCON presentation and this issue will get resolved in that release. Expect it to be mitigated in the main branch in about 2 weeks. |
|
@summitt can you open the resulting document? The code now passes the unittest, however I think the resulting document is corrupt or invalid. |
|
Yes. The documents worked fine for me. |
|
I just tested on both the report tester and generated an assessment report. No issues with either. Did you get any errors in the console? |
|
@moerketh I was a little too quick to respond. I had created my own template instead of using yours which was checked in as part of the unit test. When I used your template I did get the corrupted file. Digging into this today. Thanks for reporting it! |
|
@moerketh which version of Word did you edit the doc with or did you use something like Google Docs to edit the docx file? |
|
@summitt, thanks for your efforts! Not sure why my test would be any different than yours. To create the document, I took the default document from https://github.com/factionsecurity/report_templates and added a textbox to it. I'm using what I think is the latest version of the Microsoft Word desktop application (Microsoft® Word for Microsoft 365 MSO (Version 2406) on Windows 11. Lastly, I used the properties > details dialog on the document to remove document properties before committing. |
|
Thanks. A while ago I encountered this problem but it was because I was using an older version of Word. When I took your doc and resaved it the problem went away on my end which made me think that might be the case again. This helps narrow down what might have caused it. |
|
@moerketh I just updated the docx4j libs and removed some old dependencies and that seemed to fix it on my end but I'm not totally convinced. Would mind trying it on your end using the july24-updates branch? One thing to note: the TOC should be on its own page. Having the textbox (or any other text or variables) on that page may cause it to be removed by the insertion of the TOC. You can use the textbox on another page w/o issue though. Hopefully, this mitigates the issue. 🤞🏼 |
|
@summitt awesome, thanks for your time and effort on this! I verified tests and runtime, it's fixed 🎉 |
|
Awesome! glad it worked on your end. Going to leave the issue open until I push the next release in case anyone else has a similar issue. |
* adding new vuln would copy text from last vuln * replacing the text editor * adding editors to overview * fix undo bug in toast * adding toast to engagement * updating struts * fixing char encoding issue * fixing charset issues * updating default vuln text editor * updating templates with toastui * replace editor and fix bugs in multi page table * save should be based on id * save should be based on id * fix issue #61 * reproduction with unit test for issue 61 (#62) * fix compilation error * getVulns() uses GetType() so type must be set before * add reproduction unittest for textbox issue --------- Co-authored-by: Josh <ascetik@gmail.com> * update text editors and ui bugs in remeditaiton * updating text editor on retests and verification edit * fix possible vuln XXE * fix possible vuln XXE * remove deprecated code * update docx4j and remove unneeded libs * remove unneeded code * Remove unneeded code * cleanup * cleanup * cleanup * cleanup * fix possible xss * random js errors * javascript and css cleanup * remedition updates * fixing remediation sorting * fixing editors and prevent closing verification when 'in retest' * fixing editors and prevent closing verification when 'in retest' * fix bad config that hides the app store * adding indicators on verifications * fix issue with saveing and loading custom fields in vulns * fix broken history in assessment * fixing select2 * adding vuln search * add multiple notes to an assessment * wip-getting multiple notes working * fix issue with cvss and test reports * organize locks and add note locks * almost finished backend and javascript for note edit blocking * prerelease files * fix struts convention errors on boot * remove example code * upgrade convention plugin * wip - getting retest reports back * Remove Report code from this action * Ensure default values that could break report generation * Move Report functions to a single class * update reporting url * wip - generating retest reports * adding report tables to ux in remediation flows * update verification edit to gen retest reports * wip - downloading all reports * downloading retest reports * adding retest report generation to vulns * fix css issue on smaller screens * adding reports to retests * Generate Retest Report in Notifications * code clean up * wip - new Remediation workflow * integration of new workflow * remediation integration bugs * finish integrating new remediation workflow * update notes pages * updating retest report templates --------- Co-authored-by: Thomas Moerkerken <1309462+moerketh@users.noreply.github.com>
Hi, thanks for building Faction! I've been trying it out and tried to get a modified template in, but can't get it past:
faction/src/com/fuse/docx/DocxUtils.java
Line 1131 in 4267f94
Actual result
Generation completes with an error, after which the download fails. Here is the log:
Expected result
Ignoring the presence of textboxes would work for my use case. I don't have any templating placeholders in the textbox.
Reproduction
Reproduction is faily easy, put a textbox with the text "Just a text box" in the default-report-template.docx document and upload it via Templates > Report Designer > Edit Sample Template. Then generate a new report and (attempt to) download it.
Additional information
Running Faction 1.2.6
I changed the error to:
Preconditions.checkState(index > -1, "could not located the paragraph " + paragraph + " in the specified list! at " + index);and got:
java.lang.IllegalStateException: could not located the paragraph Just a text box in the specified list! at -1I'm not sure what would be the proper fix in the code.
The text was updated successfully, but these errors were encountered: