All Apps and Add-ons

Splunk Add-on for Nessus: No nessus_scan input with "TypeError: 'NoneType' object is not iterable"

katherine_garro
Engager

Hi,

We're having trouble getting the nessus_scan input working, while nessus_plugin does work.

Splunkd.log contains the following:

12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py" Traceback (most recent call last):
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"   File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py", line 266, in <module>
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"     main()
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"   File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py", line 261, in main
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"     run()
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"   File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py", line 173, in run
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"     collector.collect_scan_data()
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"   File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_data_collector.py", line 266, in collect_scan_data
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"     sid_set = list(set([str(scan.get("id")) for scan in scans]))
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py" TypeError: 'NoneType' object is not iterable

Has anyone else seen this before, and know how to fix or further debug?

Thanks!

1 Solution

jkat54
SplunkTrust
SplunkTrust

The error suggests that this code snippet is failing:

in nessus.py:
sid_set = list(set([str(scan.get("id")) for scan in scans]))

with error of "TypeError: 'NoneType' object is not iterable.

Which means "scans" is not an array... but instead its null / empty.

So i'm guess scans is populated by something else in the code, and it's blank because it's not able to populate itself. So i'd bet something is wrong with your configuration. Either a bad nessus host/server ip/name OR bad user/pass.

After reviewing the code, it appears the app is pulling any data from nessus. Can you please post your nessus.conf with sensitive changed to protect the innocent?

View solution in original post

jkat54
SplunkTrust
SplunkTrust

The error suggests that this code snippet is failing:

in nessus.py:
sid_set = list(set([str(scan.get("id")) for scan in scans]))

with error of "TypeError: 'NoneType' object is not iterable.

Which means "scans" is not an array... but instead its null / empty.

So i'm guess scans is populated by something else in the code, and it's blank because it's not able to populate itself. So i'd bet something is wrong with your configuration. Either a bad nessus host/server ip/name OR bad user/pass.

After reviewing the code, it appears the app is pulling any data from nessus. Can you please post your nessus.conf with sensitive changed to protect the innocent?

jkat54
SplunkTrust
SplunkTrust

im reviewing nessus.py now to see how the array named scans is populated

0 Karma

jkat54
SplunkTrust
SplunkTrust

nessus.py calls collector.collect_scan_data() in your NessusScanCollector specified in your nessus.conf. By default NessusScanCollector is nessus_data_collector.py. nessus_data_collector.py contains the following code that is throwing your error:

        is_hosts_empty = True
        for (sid, ascan) in ckpt_scans.items():
            if len(ascan.get("hosts", {})) > 0:
                is_hosts_empty = False
                break

        if is_hosts_empty:
            scans = self._collect_scans()
            sid_set = list(set([str(scan.get("id")) for scan in scans]))

Last line is where the error occurs. scans is empty , but it shouldnt even try this bit of code unless is_hosts_empty = True... So why is is_hosts_empty = True? Looks like the length of ascan.get("hosts",{})) is not greater than 0. So still looking into what ascan.get does... almost there.

0 Karma

katherine_garro
Engager

Hi,

Thanks for the quick response. I got to the same result as you, the account we were logging in with had no scan results. I would consider this a bug (the script should handle no results without throwing an exception and filling the error log), but glad it now works.

Regards,

0 Karma

jkat54
SplunkTrust
SplunkTrust

Glad I could help! Thanks for marking the answer. Look forward to seeing you around!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...