Introducing our new CEO Don Johnson - Read More

lsmanalytics/atspm

By lsmanalytics

Updated 5 months ago

Utah/Georgia DOT ATSPM software on Windows Server's IIS running ASP.NET.

Image
Monitoring & Observability
Web Servers
Web Analytics
0

150

This is an image of an installed and configured ATSPM 4.3.1 platform that can be run as a Windows container. The machine running the image needs Windows container support through the Hyper-V virtualization feature.

Vulnerability Assessment and Fixes (updated 9/10/2024)

Package vulnerabilities were assessed using Docker Scout CVES. The original ATSPM 4.3.1 package from GitHub included one "critical" vulnerability, five "high" vulnerabilities, and one "medium" vulnerability. Additionally, the base image from mcr.microsoft.com/dotnet/framework/aspnet included one "medium" vulnerability from a legacy .NET Framework package.

  • System.Text.Encodings.Web (critical) fixed
    CRITICAL CVE-2021-26701
    Affected range: >=4.6.0, <4.7.2; Fixed version: 4.7.2
  • Microsoft.Owin (high x2) fixed
    HIGH CVE-2022-29117 [Uncontrolled Resource Consumption]
    Affected range: <4.2.2; Fixed version: 4.2.2
  • Microsoft.Owin.Security.Cookies (high) fixed
    HIGH CVE-2022-29117 [Uncontrolled Resource Consumption]
    Affected range: <4.2.2; Fixed version: 4.2.2
  • Microsoft.AspNet.Identity.Owin (high) fixed
    HIGH CVE-2023-33170 [Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')]
    Affected range: <2.2.4; Fixed version: 2.2.4
  • Newtonsoft.Json (high) Could not change the assembly reference from 12.0.0.0 using web.config file, reference version is possibly hard-coded.
    HIGH CVE-2024-21907 [Improper Handling of Exceptional Conditions]
    Affected range: <13.0.1; Fix version: 13.0.1
  • System.Security.Cryptography.Xml (medium) fixed
    MEDIUM CVE-2022-34716
    Affected range: <=4.1.0; Fixed version: 4.7.1
  • System.DirectoryServices.Protocols (medium) This is part of the original dotnet framework aspnet image.
    MEDIUM CVE-2021-41355 [Exposure of Sensitive Information to an Unauthorized Actor]
    Affected range: <5.0.1; Fix version: 5.0.1
Docker commands
  • Fetch an image from Docker Hub
    docker pull lsmanalytics/atspm:4.3.1
  • Creates and runs a detached container to be named "atspm_prod" using an image (a container id will be returned on success). Maps port 8080 of the running host to port 80 of the container. Allocates 6GB of memory to the container.
    docker run --name atspm_prod -d -p 8080:80 --memory=6g lsmanalytics/atspm:4.3.1
  • Stops a container
    docker stop <container_id>
  • Starts a container
    docker start <container_id>
  • Log into a container using powershell.exe
    docker exec -it <container_id> powershell.exe
  • Copy files from host PC to container:
    docker cp <file_on_host_pc.csv> container_id:/path/to/destination/<file_on_host_pc.csv>
SQL Database Initialization

Inside the running container, you will need to run C:\ATSPMExe\ConvertDBForHistoricalConfigurations\ConvertDBForHistoricalConfigurations.exe to initialize the SQL Server database and tables required to run the application. Make sure the C:\ATSPMExe\ConvertDBForHistoricalConfigurations\ConvertDBForHistoricalConfigurations.exe.config file has the correct connectionString set before you run the application.

Text Editor

The image contains the nano command line program that can be used to view and edit flat files.

Configuration Files to Edit

You will need to configure the connection strings and parameters at the following paths using nano. Login to the container (docker exec -it <container_id> powershell.exe) while it is running and edit the files:

  • C:\inetpub\wwwroot\ATSPMWebPage\web.config
    • Configuration >> connectionStrings >> name="SPM" (change connectionString)
    • configuration >> system.web >> customErrors (remove if you'd like to hide errors)
  • C:\inetpub\wwwroot\ATSPMWebPage\Scripts\Map.js
    • function GetMap() >> change credentials in the Microsoft.Maps.Map constructor
    • function GetMap() >> change center in the Microsoft.Maps.Map constructor
    • function GetMapWithCenter() >> change credentials in the Microsoft.Maps.Map constructor
  • C:\ATSPMExe\ConvertDBForHistoricalConfigurations\ConvertDBForHistoricalConfigurations.exe.config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
  • C:\ATSPMExe\GenerateAddDataScript\GenerateAddDataScript.exe.config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
  • C:\inetpub\wwwroot\MOEWcfService\Web.config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
    • configuration >> system.web >> customErrors (remove if you'd like to hide errors)
  • C:\ATSPMExe\ReportsApi\appsettings.Production.json
    • ConnectionStrings >> SPM
  • C:\ATSPMExe\FromAllControllers\FTPfromAllControllers.exe.Config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
    • configuration >> appSettings >> key="DeleteFilesAfterFTP" (change to true when confirmed files are being pulled from controller)
  • C:\ATSPMExe\AsyncGetMaxTimeRecords\AsyncGetMaxTimeRecords.exe.config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
  • C:\ATSPMExe\NewDecodeandImportASC3Logs\NewDecodeandImportASC3Logs.exe.Config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
    • configuration >> appSettings >> key="DeleteFile" (change to true when confirmed files are being pulled from controller)
  • C:\ATSPMExe\DecodePeekLogs\DecodePeekLogs.exe.config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
    • configuration >> applicationSettings >> DecodePeekLogs.Properties.Settings >> name="DeleteFiles" (change to true when confirmed files are being pulled from controller)
  • C:\ATSPMExe\DecodeSiemensLogs\DecodeSiemensLogs.exe.Config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
    • configuration >> applicationSettings >> DecodeSiemensLogs.Properties.Settings >> name="DeleteFiles" (change to true when confirmed files are being pulled from controller)
    • configuration >> applicationSettings >> DecodeSiemensLogs.Properties.Settings >> name="DeleteFile" (change to true when confirmed files are being pulled from controller)
  • C:\ATSPMExe\DecodeTrafficwareLogs\DecodeTrafficwareLogs.exe.config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
    • configuration >> applicationSettings >> DecodeTrafficwareLogs.Properties.Settings >> name="DeleteFiles" (change to true when confirmed files are being pulled from controller)
    • configuration >> applicationSettings >> DecodeSiemensLogs.Properties.Settings >> name="DeleteFile" (change to true when confirmed files are being pulled from controller)
  • C:\ATSPMExe\WavetronicsSpeedListener\WavetronicsSpeedListener.exe.config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
  • C:\ATSPMExe\SPMWatchDogNew\SPMWatchDogNew.exe.config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
    • EmailServer (this is specified in the manual but missing in the configuration file from the 4.3.1 package
    • ToAddress (this is specified in the manual but missing in the configuration file from the 4.3.1 package
  • C:\ATSPMExe\ImportChecker\ImportChecker.exe.config
    • configuration >> connectionStrings >> name="SPM" (change connectionString)
    • configuration >> appSettings >> key="ListenerServer"
    • configuration >> appSettings >> key="ListenerServiceName"
    • configuration >> appSettings >> key="ToAddress"
    • configuration >> appSettings >> key="FromAddress"
    • configuration >> appSettings >> key="EmailServer"
Updating Agency Logo and Link

Edit the file in the container at C:\inetpub\wwwroot\ATSPMWebPage\Views\Shared\_Layout.cshtml at line 49 for the link and line 50 for the logo. Upload a new logo from the host PC to the container via:
docker cp <agency_logo.png> container_id:/inetpub/wwwroot/ATSPMWebPage/Images/<agency_logo.png>

Checking Services and Scheduled Tasks

Within the container, while running Powershell (from the host: docker exec -it <container_id> powershell.exe) you can execute the following commands to check the status of services and scheduled tasks that support the ATSPM application.

  • Get-WebApplication
    Checks ATSPM, ATSPMImages, and MOEWcfService applications registered and deployed in IIS.
  • Get-IISAppPool
    Checks the App Pools that IIS is using to run your web applications.
  • Get-Service | Where-Object { $_.Status -eq 'Running' }
    Checks ATSPMApplicationReportsService and SpeedListener (if Wavetronix SpeedListener is installed)
  • Get-ScheduledTask
    Checks AsyncGetMaxTimeRecordsTask, DecodePeekLogsTask (if installed), DecodeSiemensLogsTask, DecodeTrafficwareLogsTask, FTPfromAllControllersTask, GenerateAddDataScriptTask, ImportCheckerTask, NewDecodeandImportASC3LogsTask, and SPMWatchDogNewTask scheduled tasks.
Note on the Vendor-Specific Decoders

The image does not include the decoder programs cuLogDecode.exe (Peek), SiemensDecoder.exe (Siemens), and the Trafficware decoder. Please consult with your vendor to acquire the decoders.

Once acquired, copy the .exe file(s) into the running container's C:\spmtools folder using the docker cp command from the host running the container:
docker cp cuLogDecode.exe container_id:/spmtools/cuLogDecode.exe.

Ensure that for each decoder application, config files under C:\ATSPMExe\Decode<vendor>Logs\Decode<vendor>Logs.exe.config's DecoderPath settings are set correctly.

Left Turn Gap Report Issues

The Left Turn Gap Report service runs independently without issue, but when triggered from the website, queries are submitted without the approachId parameter which causes an error to be returned by the service to the ATSPM client-side GUI: Object reference not set to an instance of an object.

Wavetronix Speed Listener Issues

Due to the Wavetronics SpeedListener program requiring GUI user prompt during the installutil.exe process, it is currently not functional.

Additional Tests to Verify Functionality in Production

Import Controller Logs (FTPfromAllControllers) and Decode and Import (DecodeYYYLogs) services need to have connections to logging-enabled controllers to verify.

Watchdog Component and Import Checker services require SMTP server and Email testing to verify functionality.

Docker Pull Command

docker pull lsmanalytics/atspm