django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Broken UI and request for sorting findings via "Risk accepted" field

Open cherez0ff opened this issue 3 years ago • 0 comments

Bug description Part 1: there are two parameters in menu for sorting findings called "Risk accepted", but one is responsible for "risk_accepted" parameter of request and other for "risk_acceptance" Part 2: when I try to sort findings via "wrong" "Risk accepted" field - I get 500 error from server

Steps to reproduce Steps to reproduce the behavior:

  1. Go to http://defectdojo/test/$any
  2. Click on button to open menu for sorting options
  3. Select "Risk accepted" as anything but "Either" (for example "No")
  4. Click "Apply filters"

Expected behavior Only one"Risk accepted" filed for sorting and no 500 errors on legitimate request

Deployment method (select with an X)

  • [X] Docker Compose

Logs django-defectdojo-uwsgi-1 | File "/app/./dojo/filters.py", line 469, in filter django-defectdojo-uwsgi-1 | return self.options[value][1](self, qs, self.field_name) django-defectdojo-uwsgi-1 | File "/app/./dojo/filters.py", line 445, in not_accepted django-defectdojo-uwsgi-1 | from dojo.finding.views import NOT_ACCEPTED_FINDINGS_QUERY django-defectdojo-uwsgi-1 | ImportError: cannot import name 'NOT_ACCEPTED_FINDINGS_QUERY' from 'dojo.finding.views' (/app/./dojo/finding/views.py) django-defectdojo-uwsgi-1 | [pid: 59|app: -|req: -/-] 172.28.0.1 (admin) {52 vars in 2429 bytes} [Sat Jul 16 11:42:19 2022] GET /test/18?test_import_finding_action__test_import=&title=&component_name=&component_version=&date=&last_reviewed=&last_status_update=&mitigated=&test__engagement__version=&test__version=&status=&active=unknown&verified=unknown&duplicate=&is_mitigated=&out_of_scope=unknown&false_p=unknown&risk_accepted=false&has_component=unknown&has_notes=unknown&file_path=&unique_id_from_tool=&vuln_id_from_tool=&service=&param=&payload=&risk_acceptance=2&has_finding_group=unknown&tags=&test__tags=&test__engagement__tags=&test__engagement__product__tags=&tag=&not_tags=&not_test__tags=&not_test__engagement__tags=&not_test__engagement__product__tags=&not_tag=&vulnerability_id=&endpoints__host=&o= => generated 145 bytes in 75 msecs (HTTP/1.1 500) 6 headers in 184 bytes (1 switches on core 1)

Screenshots image

cherez0ff avatar Jul 16 '22 11:07 cherez0ff