Problem/Motivation

Hey all... upgraded from 2.0 to 3.0. On first security scan, it freezes at file permissions (4 of 18), and I get this guzzle error.

GuzzleHttp\Exception\ClientException: Client error: `GET https://sitename.com` resulted in a `401 Unauthorized` response in GuzzleHttp\Exception\RequestException::create() (line 113 of /home/public_html/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php).

Tried reinstalling, a new composer require with-dependencies, etc. No help. Any suggestions? Am i missing something simple?

Issue fork security_review-3426944

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

chucksimply created an issue. See original summary.

eelkeblok’s picture

eelkeblok
he/him
Primary language Dutch
Location Netherlands 🇳🇱
commented

Presumably, sitename.com is the site you are scanning? Is there anything in the logs? I'd be especially interested in the stack trace. I'm guessing this might in fact be the next scan, because the file permissions do not involve an HTTP request (other than that from your browser to run the batch iteration). Just not sure which one that would be. Maybe the Headers one.

smustgrave’s picture

smustgrave commented

Wonder if it's the headers check.

smustgrave’s picture

smustgrave commented
Status: Active » Postponed (maintainer needs more info)

@chucksimply if you disable that one check does it run now?

Also know of any firewall that may be blocking your site from hitting itself to check headers?

eelkeblok’s picture

eelkeblok
he/him
Primary language Dutch
Location Netherlands 🇳🇱
commented

I was thinking the same thing. I had a peek at the code in the Headers scan and I believe it should pass an option to Guzzle to not throw exceptions for "error" codes (it's in the documentation, don't remember the details). Or, alternatively, catch any exceptions Guzzle might throw (but IIRC that can be a little tricky; you'd need to catch a base exception that all other exceptions derive from, for our purposes).

smustgrave’s picture

smustgrave commented
Component: Miscellaneous » Code
Category: Support request » Task
Status: Postponed (maintainer needs more info) » Needs work

Lets do that

smustgrave opened merge request !64

smustgrave’s picture

smustgrave commented
Status: Needs work » Needs review

Thoughts?

eelkeblok’s picture

eelkeblok
he/him
Primary language Dutch
Location Netherlands 🇳🇱
commented

Looks good. If @chucksimply could do a functional test, that would be swell.

smustgrave’s picture

smustgrave commented
Status: Needs review » Fixed

If we need to reopen we can no problem. Lets get that 3.0.0 release out :)

chucksimply’s picture

chucksimply commented

Thanks all for the quick work. New release tested and works great!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.