django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Broken report generator

Open jakealbasan opened this issue 3 years ago • 0 comments

The report builder doesn't work properly when multiple severities are selected for filtration.

During a report generation, if multiple severity selected, the report builder only generates a report for single severity items. For example, if critical and high vulnerability findings are filtered, the report builder generates the report with only "High" vulnerability findings.

However, If no severity is selected at all, the generated report works as expected and includes all findings.

Steps to reproduce

  1. Click on reports
  2. Enter a name for report options and leave the rest with defaults
  3. Drag the findings widget to the center. Under filters, select critical and high severity
  4. Select a product to limit the finding counts
  5. Apply filters
  6. Click "RUN"
  7. Findings report has only high severity items

Expected behavior The generated report should list both critical and high severity findings

Deployment method (select with an X)

  • [x] Docker Compose
  • [ ] Kubernetes
  • [ ] GoDojo

Environment information

  • Operating System: [CentOS 7.9]
  • DefectDojo version: [2.14.1]

Logs There are no error logs during this process. However, the below logs are generated during the filtering and RUN button clicked. Logs are from uwsgi container.

"[pid: 1|app: -|req: -/-] 10.1.x.102 (admin) {58 vars in 1081 bytes} [Tue Sep 20 14:20:41 2022] GET /alerts/count => generated 14 bytes in 11 msecs (HTTP/1.1 200) 6 headers in 171 bytes (1 switches on core 3) [pid: 1|app: -|req: -/-] 10.1.x.102 (admin) {68 vars in 1434 bytes} [Tue Sep 20 14:20:41 2022] POST /reports/custom => generated 46635 bytes in 557 msecs (HTTP/1.1 200) 6 headers in 182 bytes (1 switches on core 1) [pid: 36|app: -|req: -/-] 10.1.x.102 (admin) {58 vars in 1081 bytes} [Tue Sep 20 14:22:53 2022] GET /alerts/count => generated 14 bytes in 13 msecs (HTTP/1.1 200) 6 headers in 171 bytes (1 switches on core 3) [pid: 36|app: -|req: -/-] 10.1.x.102 (admin) {58 vars in 2952 bytes} [Tue Sep 20 14:22:55 2022] GET /reports/findings?title=&sla_start_date=&cve=&cvssv3=&cvssv3_score=&severity=High&severity=Critical&steps_to_reproduce=&severity_justification=&active=&verified=&false_p=&duplicate=&duplicate_finding=&out_of_scope=&risk_accepted=unknown&under_review=unknown&last_status_update=&review_requested_by=&under_defect_review=unknown&defect_review_requested_by=&is_mitigated=&mitigated=&mitigated_by=&last_reviewed_by=&param=&payload=&hash_code=&line=&file_path=&component_name=&component_version=&static_finding=unknown&dynamic_finding=unknown&created=&scanner_confidence=&unique_id_from_tool=&vuln_id_from_tool=&sast_source_object=&sast_sink_object=&sast_source_line=&sast_source_file_path=&nb_occurences=&publish_date=&service=&tags=&test__tags=&test__engagement__tags=&test__engagement__product__tags=&tag=&not_tags=&not_test__tags=&not_test__engagement__tags=&not_test__engagement__product__tags=&not_tag=&test__engagement__product=14&risk_acceptance= => generated 57514 bytes in 235 msecs (HTTP/1.1 200) 6 headers in 182 bytes (1 switches on core 1) [pid: 36|app: -|req: -/-] 10.1.x.102 (admin) {68 vars in 1434 bytes} [Tue Sep 20 14:22:59 2022] POST /reports/custom => generated 46635 bytes in 555 msecs (HTTP/1.1 200) 6 headers in 182 bytes (1 switches on core 2)"

jakealbasan avatar Sep 20 '22 14:09 jakealbasan