Title: Error defectdojo hook and amass scan · Issue #602 · secureCodeBox/secureCodeBox · GitHub
Open Graph Title: Error defectdojo hook and amass scan · Issue #602 · secureCodeBox/secureCodeBox
X Title: Error defectdojo hook and amass scan · Issue #602 · secureCodeBox/secureCodeBox
Description: 🐞 Bug report Describe the bug Defectdojo Hook not working using the generic findings import. For example, with the amass scan. Steps To Reproduce Have an instance of defectdojo running and install securecodebox's defectdojo hook, then tr...
Open Graph Description: 🐞 Bug report Describe the bug Defectdojo Hook not working using the generic findings import. For example, with the amass scan. Steps To Reproduce Have an instance of defectdojo running and install ...
X Description: 🐞 Bug report Describe the bug Defectdojo Hook not working using the generic findings import. For example, with the amass scan. Steps To Reproduce Have an instance of defectdojo running and install ...
Opengraph URL: https://github.com/secureCodeBox/secureCodeBox/issues/602
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Error defectdojo hook and amass scan","articleBody":"## 🐞 Bug report\r\n\u003c!--\r\nThank you for reporting an issue in our project 🙌\r\n\r\nBefore opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.\r\n--\u003e\r\n\r\n### Describe the bug\r\n\u003c!-- A clear and concise description of what the bug is. --\u003e\r\nDefectdojo Hook not working using the generic findings import. For example, with the amass scan.\r\n### Steps To Reproduce\r\n\u003c!--\r\nSteps to reproduce the behavior:\r\n1. Go to '...'\r\n2. Click on '....'\r\n3. Scroll down to '....'\r\n4. See error\r\n--\u003e\r\n\r\nHave an instance of defectdojo running and install securecodebox's defectdojo hook, then try to run an amass scan or any scan that will use the generic findings import and you'll get an error on the hook pod\r\n\r\n### Expected behavior\r\n\u003c!-- A clear and concise description of what you expected to happen. --\u003e\r\n\r\nThe hook would work and the findings would be imported into defectdojo.\r\n\r\n### System (please complete the following information):\r\n\u003c!--\r\n - secureCodeBox Version/Release\r\n - OS: [e.g. iOS]\r\n - Kubernetes Version [command: `kubectl version`]\r\n - Docker Version [command: `docker -v`]\r\n - Browser [e.g. chrome, safari, firefox,...]\r\n--\u003e\r\n - secureCodeBox v3.0.0\r\n - persistence-defectdojo docker.io/securecodebox/hook-persistence-defectdojo:3.0.0\r\n - defectdojo v2.1.0\r\n\r\n\r\n### Screenshots / Logs\r\n\u003c!-- If applicable, add screenshots to help explain your problem. --\u003e\r\nLogs from the hook:\r\n```\r\n2021-08-18 22:03:55 INFO DefectDojoPersistenceProvider:24 - Starting DefectDojo persistence provider\r\n2021-08-18 22:03:59 INFO DefectDojoPersistenceProvider:35 - Downloading Scan Result\r\n2021-08-18 22:04:02 INFO ScanService:33 - Finished Downloading Scan Result\r\n2021-08-18 22:04:02 INFO DefectDojoPersistenceProvider:39 - Uploading Findings to DefectDojo at: [REDACTED]\r\n2021-08-18 22:04:03 INFO VersionedEngagementsStrategy:74 - Running with DefectDojo User Id: 1\r\n2021-08-18 22:04:03 INFO VersionedEngagementsStrategy:178 - Using default ProductType as no 'defectdojo.securecodebox.io/product-type-name' annotation was found on the scan\r\nException in thread \"main\" org.springframework.web.client.HttpServerErrorException$InternalServerError: 500 Internal Server Error: [\r\n\u003c!doctype html\u003e\r\n\u003chtml lang=\"en\"\u003e\r\n\u003chead\u003e\r\n \u003ctitle\u003eServer Error (500)\u003c/title\u003e\r\n\u003c/head\u003e\r\n\u003cbody\u003e\r\n \u003ch1\u003eServer Error (500)\u003c/h1\u003e\u003cp\u003e\u003c/p\u003e\r\n\u003c/body\u003e\r\n\u003c/html\u003e\r\n]\r\n\tat org.springframework.web.client.HttpServerErrorException.create(HttpServerErrorException.java:100)\r\n\tat org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:188)\r\n\tat org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:125)\r\n\tat org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)\r\n\tat org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:819)\r\n\tat org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:777)\r\n\tat org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)\r\n\tat org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)\r\n\tat io.securecodebox.persistence.defectdojo.service.ImportScanService.createFindings(ImportScanService.java:100)\r\n\tat io.securecodebox.persistence.defectdojo.service.ImportScanService.reimportScan(ImportScanService.java:117)\r\n\tat io.securecodebox.persistence.strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:90)\r\n\tat io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42)\r\n```\r\nLogs from defectdojo:\r\n```\r\n[18/Aug/2021 22:04:05] ERROR [django.request:224] Internal Server Error: /api/v2/reimport-scan/\r\nTraceback (most recent call last):\r\n File \"/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py\", line 47, in inner\r\n response = get_response(request)\r\n File \"/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py\", line 181, in _get_response\r\n response = wrapped_callback(request, *callback_args, **callback_kwargs)\r\n File \"/usr/local/lib/python3.8/site-packages/django/views/decorators/csrf.py\", line 54, in wrapped_view\r\n return view_func(*args, **kwargs)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/viewsets.py\", line 125, in view\r\n return self.dispatch(request, *args, **kwargs)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/views.py\", line 509, in dispatch\r\n response = self.handle_exception(exc)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/views.py\", line 469, in handle_exception\r\n self.raise_uncaught_exception(exc)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/views.py\", line 480, in raise_uncaught_exception\r\n raise exc\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/views.py\", line 506, in dispatch\r\n response = handler(request, *args, **kwargs)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py\", line 19, in create\r\n self.perform_create(serializer)\r\n File \"/app/./dojo/api_v2/views.py\", line 1957, in perform_create\r\n serializer.save(push_to_jira=push_to_jira)\r\n File \"/app/./dojo/api_v2/serializers.py\", line 1306, in save\r\n reimporter.reimport_scan(scan, scan_type, test, active=active, verified=verified,\r\n File \"/app/./dojo/importers/reimporter/reimporter.py\", line 303, in reimport_scan\r\n self.process_parsed_findings(test, parsed_findings, scan_type, user, active, verified,\r\n File \"/app/./dojo/importers/reimporter/reimporter.py\", line 56, in process_parsed_findings\r\n if (Finding.SEVERITIES[sev] \u003e\r\nKeyError: 'INFORMATIONAL'\r\nERROR:django.request:Internal Server Error: /api/v2/reimport-scan/\r\nTraceback (most recent call last):\r\n File \"/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py\", line 47, in inner\r\n response = get_response(request)\r\n File \"/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py\", line 181, in _get_response\r\n response = wrapped_callback(request, *callback_args, **callback_kwargs)\r\n File \"/usr/local/lib/python3.8/site-packages/django/views/decorators/csrf.py\", line 54, in wrapped_view\r\n return view_func(*args, **kwargs)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/viewsets.py\", line 125, in view\r\n return self.dispatch(request, *args, **kwargs)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/views.py\", line 509, in dispatch\r\n response = self.handle_exception(exc)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/views.py\", line 469, in handle_exception\r\n self.raise_uncaught_exception(exc)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/views.py\", line 480, in raise_uncaught_exception\r\n raise exc\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/views.py\", line 506, in dispatch\r\n response = handler(request, *args, **kwargs)\r\n File \"/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py\", line 19, in create\r\n self.perform_create(serializer)\r\n File \"/app/./dojo/api_v2/views.py\", line 1957, in perform_create\r\n serializer.save(push_to_jira=push_to_jira)\r\n File \"/app/./dojo/api_v2/serializers.py\", line 1306, in save\r\n reimporter.reimport_scan(scan, scan_type, test, active=active, verified=verified,\r\n File \"/app/./dojo/importers/reimporter/reimporter.py\", line 303, in reimport_scan\r\n self.process_parsed_findings(test, parsed_findings, scan_type, user, active, verified,\r\n File \"/app/./dojo/importers/reimporter/reimporter.py\", line 56, in process_parsed_findings\r\n if (Finding.SEVERITIES[sev] \u003e\r\nKeyError: 'INFORMATIONAL'\r\n```\r\n### Additional context\r\n\u003c!-- Add any other context about the problem here. --\u003e\r\nI believe this has to do with bad parsing when converting the securecodebox finding (where severity is in upper case) to the defectdojo finding (where severity is in capital case or lowercase)","author":{"url":"https://github.com/luliz","@type":"Person","name":"luliz"},"datePublished":"2021-08-18T22:37:36.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":3},"url":"https://github.com/602/secureCodeBox/issues/602"}| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:9fc40bbf-7d86-d8c3-7ba8-e12384ab5e51 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 8AAC:18DE62:49E7F87:5EE82D0:697622BE |
| html-safe-nonce | 482baa4dccb3dfd5c72bae0490c90f1f9d58936291827e32aae33384be091323 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4QUFDOjE4REU2Mjo0OUU3Rjg3OjVFRTgyRDA6Njk3NjIyQkUiLCJ2aXNpdG9yX2lkIjoiMjgyMTI2Mzc5OTc0NDg2NDk1OCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 06be32057dcacd222ef6f8f6d35e380105784052acc62b0f455df6d77ed6d0c7 |
| hovercard-subject-tag | issue:974108030 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/secureCodeBox/secureCodeBox/602/issue_layout |
| twitter:image | https://opengraph.githubassets.com/294b20d3f285c3204bf630a45c07f44b79a487e3bb6ffe3b6e4065bb8d2843c7/secureCodeBox/secureCodeBox/issues/602 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/294b20d3f285c3204bf630a45c07f44b79a487e3bb6ffe3b6e4065bb8d2843c7/secureCodeBox/secureCodeBox/issues/602 |
| og:image:alt | 🐞 Bug report Describe the bug Defectdojo Hook not working using the generic findings import. For example, with the amass scan. Steps To Reproduce Have an instance of defectdojo running and install ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | luliz |
| hostname | github.com |
| expected-hostname | github.com |
| None | c6814b4cc7afd45cd6e64525d0cff0e76dd802f315a5b0e55a7abda1d1d070d0 |
| turbo-cache-control | no-preview |
| go-import | github.com/secureCodeBox/secureCodeBox git https://github.com/secureCodeBox/secureCodeBox.git |
| octolytics-dimension-user_id | 34573705 |
| octolytics-dimension-user_login | secureCodeBox |
| octolytics-dimension-repository_id | 80711933 |
| octolytics-dimension-repository_nwo | secureCodeBox/secureCodeBox |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 80711933 |
| octolytics-dimension-repository_network_root_nwo | secureCodeBox/secureCodeBox |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 4ea235bfed58ef16c8a5642b3ac64b74f10c9f52 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width