This is an image of an installed and configured ATSPM 4.3.1 platform that can be run as a Windows container. The machine running the image needs Windows container support through the Hyper-V virtualization feature.
Vulnerability Assessment and Fixes (updated 9/10/2024)
Package vulnerabilities were assessed using Docker Scout CVES. The original ATSPM 4.3.1 package from GitHub included one "critical" vulnerability, five "high" vulnerabilities, and one "medium" vulnerability. Additionally, the base image from mcr.microsoft.com/dotnet/framework/aspnet included one "medium" vulnerability from a legacy .NET Framework package.
- System.Text.Encodings.Web (critical) fixed
CRITICAL CVE-2021-26701
Affected range: >=4.6.0, <4.7.2; Fixed version: 4.7.2 - Microsoft.Owin (high x2) fixed
HIGH CVE-2022-29117 [Uncontrolled Resource Consumption]
Affected range: <4.2.2; Fixed version: 4.2.2 - Microsoft.Owin.Security.Cookies (high) fixed
HIGH CVE-2022-29117 [Uncontrolled Resource Consumption]
Affected range: <4.2.2; Fixed version: 4.2.2 - Microsoft.AspNet.Identity.Owin (high) fixed
HIGH CVE-2023-33170 [Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')]
Affected range: <2.2.4; Fixed version: 2.2.4 - Newtonsoft.Json (high) Could not change the assembly reference from 12.0.0.0 using web.config file, reference version is possibly hard-coded.
HIGH CVE-2024-21907 [Improper Handling of Exceptional Conditions]
Affected range: <13.0.1; Fix version: 13.0.1 - System.Security.Cryptography.Xml (medium) fixed
MEDIUM CVE-2022-34716
Affected range: <=4.1.0; Fixed version: 4.7.1 - System.DirectoryServices.Protocols (medium) This is part of the original dotnet framework aspnet image.
MEDIUM CVE-2021-41355 [Exposure of Sensitive Information to an Unauthorized Actor]
Affected range: <5.0.1; Fix version: 5.0.1
Docker commands
- Fetch an image from Docker Hub
docker pull lsmanalytics/atspm:4.3.1 - Creates and runs a detached container to be named "atspm_prod" using an image (a container id will be returned on success). Maps port 8080 of the running host to port 80 of the container. Allocates 6GB of memory to the container.
docker run --name atspm_prod -d -p 8080:80 --memory=6g lsmanalytics/atspm:4.3.1 - Stops a container
docker stop <container_id> - Starts a container
docker start <container_id> - Log into a container using powershell.exe
docker exec -it <container_id> powershell.exe - Copy files from host PC to container:
docker cp <file_on_host_pc.csv> container_id:/path/to/destination/<file_on_host_pc.csv>
SQL Database Initialization
Inside the running container, you will need to run C:\ATSPMExe\ConvertDBForHistoricalConfigurations\ConvertDBForHistoricalConfigurations.exe to initialize the SQL Server database and tables required to run the application. Make sure the C:\ATSPMExe\ConvertDBForHistoricalConfigurations\ConvertDBForHistoricalConfigurations.exe.config file has the correct connectionString set before you run the application.
Text Editor
The image contains the nano command line program that can be used to view and edit flat files.
Configuration Files to Edit
You will need to configure the connection strings and parameters at the following paths using nano. Login to the container (docker exec -it <container_id> powershell.exe) while it is running and edit the files:
- C:\inetpub\wwwroot\ATSPMWebPage\web.config
- Configuration >> connectionStrings >> name="SPM" (change connectionString)
- configuration >> system.web >> customErrors (remove if you'd like to hide errors)
- C:\inetpub\wwwroot\ATSPMWebPage\Scripts\Map.js
- function GetMap() >> change credentials in the Microsoft.Maps.Map constructor
- function GetMap() >> change center in the Microsoft.Maps.Map constructor
- function GetMapWithCenter() >> change credentials in the Microsoft.Maps.Map constructor
- C:\ATSPMExe\ConvertDBForHistoricalConfigurations\ConvertDBForHistoricalConfigurations.exe.config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- C:\ATSPMExe\GenerateAddDataScript\GenerateAddDataScript.exe.config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- C:\inetpub\wwwroot\MOEWcfService\Web.config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- configuration >> system.web >> customErrors (remove if you'd like to hide errors)
- C:\ATSPMExe\ReportsApi\appsettings.Production.json
- C:\ATSPMExe\FromAllControllers\FTPfromAllControllers.exe.Config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- configuration >> appSettings >> key="DeleteFilesAfterFTP" (change to true when confirmed files are being pulled from controller)
- C:\ATSPMExe\AsyncGetMaxTimeRecords\AsyncGetMaxTimeRecords.exe.config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- C:\ATSPMExe\NewDecodeandImportASC3Logs\NewDecodeandImportASC3Logs.exe.Config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- configuration >> appSettings >> key="DeleteFile" (change to true when confirmed files are being pulled from controller)
- C:\ATSPMExe\DecodePeekLogs\DecodePeekLogs.exe.config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- configuration >> applicationSettings >> DecodePeekLogs.Properties.Settings >> name="DeleteFiles" (change to true when confirmed files are being pulled from controller)
- C:\ATSPMExe\DecodeSiemensLogs\DecodeSiemensLogs.exe.Config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- configuration >> applicationSettings >> DecodeSiemensLogs.Properties.Settings >> name="DeleteFiles" (change to true when confirmed files are being pulled from controller)
- configuration >> applicationSettings >> DecodeSiemensLogs.Properties.Settings >> name="DeleteFile" (change to true when confirmed files are being pulled from controller)
- C:\ATSPMExe\DecodeTrafficwareLogs\DecodeTrafficwareLogs.exe.config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- configuration >> applicationSettings >> DecodeTrafficwareLogs.Properties.Settings >> name="DeleteFiles" (change to true when confirmed files are being pulled from controller)
- configuration >> applicationSettings >> DecodeSiemensLogs.Properties.Settings >> name="DeleteFile" (change to true when confirmed files are being pulled from controller)
- C:\ATSPMExe\WavetronicsSpeedListener\WavetronicsSpeedListener.exe.config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- C:\ATSPMExe\SPMWatchDogNew\SPMWatchDogNew.exe.config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- EmailServer (this is specified in the manual but missing in the configuration file from the 4.3.1 package
- ToAddress (this is specified in the manual but missing in the configuration file from the 4.3.1 package
- C:\ATSPMExe\ImportChecker\ImportChecker.exe.config
- configuration >> connectionStrings >> name="SPM" (change connectionString)
- configuration >> appSettings >> key="ListenerServer"
- configuration >> appSettings >> key="ListenerServiceName"
- configuration >> appSettings >> key="ToAddress"
- configuration >> appSettings >> key="FromAddress"
- configuration >> appSettings >> key="EmailServer"
Updating Agency Logo and Link
Edit the file in the container at C:\inetpub\wwwroot\ATSPMWebPage\Views\Shared\_Layout.cshtml at line 49 for the link and line 50 for the logo. Upload a new logo from the host PC to the container via:
docker cp <agency_logo.png> container_id:/inetpub/wwwroot/ATSPMWebPage/Images/<agency_logo.png>
Checking Services and Scheduled Tasks
Within the container, while running Powershell (from the host: docker exec -it <container_id> powershell.exe) you can execute the following commands to check the status of services and scheduled tasks that support the ATSPM application.
- Get-WebApplication
Checks ATSPM, ATSPMImages, and MOEWcfService applications registered and deployed in IIS. - Get-IISAppPool
Checks the App Pools that IIS is using to run your web applications. - Get-Service | Where-Object { $_.Status -eq 'Running' }
Checks ATSPMApplicationReportsService and SpeedListener (if Wavetronix SpeedListener is installed) - Get-ScheduledTask
Checks AsyncGetMaxTimeRecordsTask, DecodePeekLogsTask (if installed), DecodeSiemensLogsTask, DecodeTrafficwareLogsTask, FTPfromAllControllersTask, GenerateAddDataScriptTask, ImportCheckerTask, NewDecodeandImportASC3LogsTask, and SPMWatchDogNewTask scheduled tasks.
Note on the Vendor-Specific Decoders
The image does not include the decoder programs cuLogDecode.exe (Peek), SiemensDecoder.exe (Siemens), and the Trafficware decoder. Please consult with your vendor to acquire the decoders.
Once acquired, copy the .exe file(s) into the running container's C:\spmtools folder using the docker cp command from the host running the container:
docker cp cuLogDecode.exe container_id:/spmtools/cuLogDecode.exe.
Ensure that for each decoder application, config files under C:\ATSPMExe\Decode<vendor>Logs\Decode<vendor>Logs.exe.config's DecoderPath settings are set correctly.
Left Turn Gap Report Issues
The Left Turn Gap Report service runs independently without issue, but when triggered from the website, queries are submitted without the approachId parameter which causes an error to be returned by the service to the ATSPM client-side GUI: Object reference not set to an instance of an object.
Wavetronix Speed Listener Issues
Due to the Wavetronics SpeedListener program requiring GUI user prompt during the installutil.exe process, it is currently not functional.
Additional Tests to Verify Functionality in Production
Import Controller Logs (FTPfromAllControllers) and Decode and Import (DecodeYYYLogs) services need to have connections to logging-enabled controllers to verify.
Watchdog Component and Import Checker services require SMTP server and Email testing to verify functionality.