Bug ID 785009: Binary policy import fails with a user-defined Signature Set containing only non-existent signatures

Last Modified: Feb 20, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2

Fixed In:
15.1.0

Opened: May 22, 2019
Severity: 3-Major

Symptoms

Binary policy import fails if the policy contains a user-defined Signature Set which contains only non-existent Signatures (such as user-defined Signatures). The error in the GUI: Failed to insert to PLC.PL_POLICY_NEGSIG_SETS (DBD::mysql::db do failed: Cannot add or update a child row: a foreign key constraint fails (`PLC`.`PL_POLICY_NEGSIG_SETS`, CONSTRAINT `PL_POLICY_NEGSIG_SETS_ibfk_2` FOREIGN KEY (`set_id`) REFERENCES `NEGSIG_SETS` (`set_id`) ON DELETE CASCADE) at /usr/local/share/perl5/F5/BatchInsert.pm line 223. ) The error in /var/log/asm: crit g_server_rpc_handler_async.pl[26870]: 01310027:2: ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::log_error_and_rollback): Failed to insert to PLC.PL_POLICY_NEGSIG_SETS (DBD::mysql::db do failed: Cannot add or update a child row: a foreign key constraint fails (`PLC`.`PL_POLICY_NEGSIG_SETS`, CONSTRAINT `PL_POLICY_NEGSIG_SETS_ibfk_2` FOREIGN KEY (`set_id`) REFERENCES `NEGSIG_SETS` (`set_id`) ON DELETE CASCADE) at /usr/local/share/perl5/F5/BatchInsert.pm line 223.

Impact

Policy import fails.

Conditions

A binary policy file contains a user-defined Signature Set which contains only signatures that don't exist on the target device (such as user-defined Signatures).

Workaround

You can use either of the following Workarounds: -- Re-export the policy as XML. -- Create the missing user-defined Signatures.

Fix Information

Binary policy import succeeds even with empty user-defined Signature Sets.

Behavior Change