Error defectdojo hook and amass scan

🐞 Bug report

Describe the bug

Defectdojo Hook not working using the generic findings import. For example, with the amass scan.

Steps To Reproduce

Have an instance of defectdojo running and install securecodebox's defectdojo hook, then try to run an amass scan or any scan that will use the generic findings import and you'll get an error on the hook pod

Expected behavior

The hook would work and the findings would be imported into defectdojo.

System (please complete the following information):

secureCodeBox v3.0.0
persistence-defectdojo docker.io/securecodebox/hook-persistence-defectdojo:3.0.0
defectdojo v2.1.0

Screenshots / Logs

Logs from the hook:

2021-08-18 22:03:55 INFO  DefectDojoPersistenceProvider:24 - Starting DefectDojo persistence provider
2021-08-18 22:03:59 INFO  DefectDojoPersistenceProvider:35 - Downloading Scan Result
2021-08-18 22:04:02 INFO  ScanService:33 - Finished Downloading Scan Result
2021-08-18 22:04:02 INFO  DefectDojoPersistenceProvider:39 - Uploading Findings to DefectDojo at: [REDACTED]
2021-08-18 22:04:03 INFO  VersionedEngagementsStrategy:74 - Running with DefectDojo User Id: 1
2021-08-18 22:04:03 INFO  VersionedEngagementsStrategy:178 - Using default ProductType as no 'defectdojo.securecodebox.io/product-type-name' annotation was found on the scan
Exception in thread "main" org.springframework.web.client.HttpServerErrorException$InternalServerError: 500 Internal Server Error: [
<!doctype html>
<html lang="en">
<head>
  <title>Server Error (500)</title>
</head>
<body>
  <h1>Server Error (500)</h1><p></p>
</body>
</html>
]
	at org.springframework.web.client.HttpServerErrorException.create(HttpServerErrorException.java:100)
	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:188)
	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:125)
	at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
	at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:819)
	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:777)
	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
	at io.securecodebox.persistence.defectdojo.service.ImportScanService.createFindings(ImportScanService.java:100)
	at io.securecodebox.persistence.defectdojo.service.ImportScanService.reimportScan(ImportScanService.java:117)
	at io.securecodebox.persistence.strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:90)
	at io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42)

Logs from defectdojo:

[18/Aug/2021 22:04:05] ERROR [django.request:224] Internal Server Error: /api/v2/reimport-scan/
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/viewsets.py", line 125, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py", line 19, in create
    self.perform_create(serializer)
  File "/app/./dojo/api_v2/views.py", line 1957, in perform_create
    serializer.save(push_to_jira=push_to_jira)
  File "/app/./dojo/api_v2/serializers.py", line 1306, in save
    reimporter.reimport_scan(scan, scan_type, test, active=active, verified=verified,
  File "/app/./dojo/importers/reimporter/reimporter.py", line 303, in reimport_scan
    self.process_parsed_findings(test, parsed_findings, scan_type, user, active, verified,
  File "/app/./dojo/importers/reimporter/reimporter.py", line 56, in process_parsed_findings
    if (Finding.SEVERITIES[sev] >
KeyError: 'INFORMATIONAL'
ERROR:django.request:Internal Server Error: /api/v2/reimport-scan/
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/viewsets.py", line 125, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py", line 19, in create
    self.perform_create(serializer)
  File "/app/./dojo/api_v2/views.py", line 1957, in perform_create
    serializer.save(push_to_jira=push_to_jira)
  File "/app/./dojo/api_v2/serializers.py", line 1306, in save
    reimporter.reimport_scan(scan, scan_type, test, active=active, verified=verified,
  File "/app/./dojo/importers/reimporter/reimporter.py", line 303, in reimport_scan
    self.process_parsed_findings(test, parsed_findings, scan_type, user, active, verified,
  File "/app/./dojo/importers/reimporter/reimporter.py", line 56, in process_parsed_findings
    if (Finding.SEVERITIES[sev] >
KeyError: 'INFORMATIONAL'

Additional context

I believe this has to do with bad parsing when converting the securecodebox finding (where severity is in upper case) to the defectdojo finding (where severity is in capital case or lowercase)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error defectdojo hook and amass scan #602

🐞 Bug report

Describe the bug

Steps To Reproduce

Expected behavior

System (please complete the following information):

Screenshots / Logs

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Error defectdojo hook and amass scan #602

Description

🐞 Bug report

Describe the bug

Steps To Reproduce

Expected behavior

System (please complete the following information):

Screenshots / Logs

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions