0

I've got a problem with a Windows service I just simply can't get to the bottom of. What I'm trying to do is execute the HP WebInspect 9.0 application from a TeamCity build agent which runs as a Windows service. The ultimate objective is to automate security scans after the application is published to the target environment.

I have a command which executes beautifully from the command window when I'm remoted into the server:

"C:\Program Files\HP\HP WebInspect\wi.exe" -u http://mysite.com -r "Vulnerability (Classic)" -y Standard -f c:\Temp\Report.pdf -gp -v

This command returns verbose output to the terminal on a regular basis (every few minutes) and eventually drops a report in PDF format after about 13 minutes (fairly consistent duration). However, once I run it from TeamCity, I can see the the command appear in the build output on the TeamCity server but absolutely nothing after that. Even after 8 hours, it just hangs and I have no idea why.

Some more info:

  1. The TeamCity build agent service is running under my identity so it should have the same rights as when I execute it manually from the command line.
  2. If I change one of the parameters to something invalid, WebInspect returns an "invalid parameter" message so I know it's definitely being called.
  3. Watching processes in the task manager, I can see WI.exe start up when I begin the build so again, it's definitely executing.
  4. I'm not getting anything in the event logs of any use.
  5. I can't find any logs from WebInspect generated as a result of using the command line (although there are logs accessible from scans executed in the GUI).
  6. There is nothing else in the WebInspect command line switches beyond the verbose output setting which would appear to provide any more information.

My suspicion is that for some reason it's sitting there waiting for input but I have no idea why. I'm making an assumption that a service running a command under my identity should behave the same as when I'm logged onto the box and executing the same command - is this assumption wrong? Is there anything else I can look at to try and get to the bottom of this?

Troy Hunt
  • 193
  • 2
  • 12

1 Answers1

1

As a first step I would recommend saving your long command line into a batch file (e.g. LaunchWI.cmd) and calling this batch file from the TeamCity build agent.

When you launch an app from a windows service the current working directory will be set to c:\windows\system32 - this can potentially cause some issues. Try adding

C:

CD "\Program Files\HP\HP WebInspect"

into your batch file before launching webinspect.

DmitryK
  • 256
  • 1
  • 7
  • No joy. TeamCity allows you to configure a working directory for the command line runner and that was already the WebInspect path. I've also run the tool via command line from all sorts of different directories without a problem. I gave the bat file a run anyway but we're back at the same result. – Troy Hunt Apr 06 '11 at 02:43
  • As a first line in that cmd (not bat!) file add "echo Starting >>c:\temp\WI.log – DmitryK Apr 06 '11 at 03:00
  • Fairly predictable result unfortunately - the first line gets written to the log file successfully but if I add another statement to do the same after the WebInspect execution it never appears. – Troy Hunt Apr 06 '11 at 03:28
  • A few more things to try: 1. Does your real website have any hyphens in the url? 2. Try adding "-e c:\temp\scan.xml -ld" to the wi.exe's command line – DmitryK Apr 06 '11 at 05:30
  • The real website does have a hyphen in it and I am aware of the WebInspect guidance to wrap it in quotes. I'm also running this against sites with no hyphen and getting the same result. I think you mean "-ea" to export the scan in XML (at least according to the docs), but this isn't helping (no output). What's the "-ld" switch for? I can't find any reference to it. – Troy Hunt Apr 06 '11 at 05:57
  • Launch the GUI and check the license mode. Is it trying to connect to LIM every time to obtain the license? Also where/how do you specify for WI to run under your credentials? – DmitryK Apr 07 '11 at 00:49
  • Also let's try one more thing. Start services.msc, right-click on the Windows service that launches our CMD file/WI.exe, select "Logon" tab, tick "Allow Services to interact with desktop", Apply. Let's see if we can get WI.exe interface to appear on your screen. Also while you see that Logon tab - verify that the service is actually configured to run under your credentials. – DmitryK Apr 07 '11 at 01:00
  • I suspect the GUI is phoning home on launch as there's some messaging around product maintenance. My credentials are set on the Windows service which is the TeamCity build agent. I'm confident it's running under these as any time it's not, WI spits back a license error (seems to be tied to user account). Because the Windows service isn't running under the local system account the "interact with desktop" option is disabled. – Troy Hunt Apr 07 '11 at 01:21