defectdojo_api icon indicating copy to clipboard operation
defectdojo_api copied to clipboard

Published 20 hours ago verified publisher icon DefectDojo

API version 2 No Longer Works with Generic Findings Import

Open desebjohnston opened this issue 1 year ago • 0 comments

See issue initially reported here: https://github.com/DefectDojo/django-DefectDojo/issues/8154

It appears version 2.22.3 of DefectDojo no longer works for generic findings using the python API wrapper version 2. Version 2.18.0 was working with the wrapper. I manually create the product and engagement and map the IDs.

Attached file for import is here: generic_HONGGFUZZ.REPORT.csv

Using curl I can get the file to import:

curl -X POST "http://" -H "accept: application/json" -H "Content-Type: multipart/form-data" -H "User-Agent: DefectDojo_api/1.2.0." -H "Authorization: Token <auth_token_here>" -F "minimum_severity=Info" -F "active=true" -F "scan_type=Generic Findings Import" -F "push_to_jira=false" -F "file=@generic_HONGGFUZZ.REPORT.csv" -F "product_name=Test" -F "scan_date=2023-05-24" -F "engagement=7"

Using the API as follows:

from defectdojo_api import defectdojo_apiv2

host = 'http:/dojo.url.goes.here'
api_key = '<api_key_goes_here>'
user = '<admin_name_goes_here>'
proxy = None
engagement_id = '11'
scanner = 'Generic Findings Import'
file = 'generic_HONGGFUZZ.REPORT.csv'
verified = None
close_old_findings = None
skip_duplicates = None
dojoDate = '2023-05-24'
build = None
tags = None
minimum_severity = 'Info'
        
dd = defectdojo_apiv2.DefectDojoAPIv2(host, api_key, user, verify_ssl=False, timeout=360, debug=True)

scanner = "Generic Findings Import"
print ("Uploading " + tool + " scan: " + file)
test_id = dd.upload_scan(engagement_id, scanner, file, "true", verified, close_old_findings, skip_duplicates, dojoDate, build=build,
                                 tags=tags, minimum_severity=minimum_severity)

I get the following error message: An error occured while uploading the scan: Error occured in API.

The DefectDojo log shows the following with more information:

django-defectdojo-2223-uwsgi-1 | [pid: 37|app: -|req: -/-] 172.18.0.1 (-) {30 vars in 366 bytes} [Wed May 24 18:51:54 2023] GET / => generated 0 bytes in 28 msecs (HTTP/1.0 500) 0 headers in 0 bytes (0 switches on core 0) django-defectdojo-2223-uwsgi-1 | [pid: 37|app: -|req: -/-] 172.18.0.1 (-) {40 vars in 657 bytes} [Wed May 24 18:53:16 2023] GET //api/v2/users/?limit=20&username=dojoadmin => generated 254 bytes in 37 msecs (HTTP/1.1 200) 8 headers in 246 bytes (1 switches on core 1) django-defectdojo-2223-uwsgi-1 | [pid: 37|app: -|req: -/-] 172.18.0.1 (-) {42 vars in 644 bytes} [Wed May 24 18:53:17 2023] POST //api/v2/engagements/ => generated 809 bytes in 131 msecs (HTTP/1.1 201) 8 headers in 251 bytes (1 switches on core 0) django-defectdojo-2223-uwsgi-1 | [24/May/2023 18:53:17] WARNING [dojo.importers.importer.importer:260] Expecting value: line 1 column 1 (char 0) django-defectdojo-2223-uwsgi-1 | [24/May/2023 18:53:17] WARNING [django.request:241] Bad Request: /api/v2/import-scan/

desebjohnston avatar May 24 '23 19:05 desebjohnston