django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

BlackDuck API report import issue.

Open barucijah opened this issue 1 year ago • 1 comments

Slack us first! I was writing in the Slack channel but no response. https://owasp.slack.com/archives/C2P5BA8MN/p1727869238459629

Be informative Please enter as much information as possible, otherwise we can't provide support. If possible upgrade to the latest release or dev version and try again. I am using latest version of the DefectDojo

Bug description Recently, we faced an issue with importing a report from Blackduck via the BlackDuckAPI config. I am unable to import this report, and I get the error' An exception error occurred during the report import: 'vulnerabilityWithRemediation'. I have noticed that after upgrading the BlackDuck instance to the version v2024.7.0 we started getting this error. Before everything was working. Also, I am using latest version of the defectdojo

Steps to reproduce Steps to reproduce the behavior:

  1. re-upload report for the test with BlackDuckAPI

Expected behavior I expect that the import will finish successfully.

Deployment method (select with an X)

  • [ ] Docker Compose
  • [x] Kubernetes
  • [ ] GoDojo

Environment information

  • DefectDojo version v. 2.38.4 Logs [09/Oct/2024 13:51:55] ERROR [dojo.api_v2.exception_handler:48] 'vulnerabilityWithRemediation' Traceback (most recent call last): File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 506, in dispatch response = handler(request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/rest_framework/mixins.py", line 19, in create self.perform_create(serializer) File "/app/dojo/api_v2/views.py", line 2576, in perform_create serializer.save(push_to_jira=push_to_jira) File "/app/dojo/api_v2/serializers.py", line 2608, in save self.process_scan(auto_create_manager, data, context) File "/app/dojo/api_v2/serializers.py", line 2560, in process_scan ).process_scan( ^^^^^^^^^^^^^ File "/app/dojo/importers/default_reimporter.py", line 93, in process_scan self.parsed_findings = self.parse_findings(scan, parser) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/importers/default_reimporter.py", line 302, in parse_findings self.parsed_findings = self.parse_findings_static_test_type(scan, parser) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/importers/default_reimporter.py", line 316, in parse_findings_static_test_type return super().parse_findings_static_test_type(scan, parser) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/importers/base_importer.py", line 159, in parse_findings_static_test_type return parser.get_findings(scan, self.test) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/tools/api_blackduck/parser.py", line 46, in get_findings vulnerability_id = entry["vulnerabilityWithRemediation"][ ~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ KeyError: 'vulnerabilityWithRemediation' [09/Oct/2024 13:51:55] ERROR [django.request:241] Internal Server Error: /api/v2/reimport-scan/ Sample scan files If applicable, add sample scan files to help reproduce your problem.

Screenshots Screenshot 2024-10-09 at 15 47 44

Additional context (optional) Add any other context about the problem here.

barucijah avatar Oct 09 '24 13:10 barucijah

@barucijah Unfortunately with the API integrations, there's not much the project can do to assist with this as we don't have a license or install of Blackduck which we can test this error.

Have you tried the 3 different Blackduck file parsers we have - see https://documentation.defectdojo.com/integrations/parsers/file/

Perhaps one of those will work for you.

Without access to the API, I'm not sure how we reproduce this issue to be able to figure out a fix. :frowning_face:

mtesauro avatar Oct 10 '24 01:10 mtesauro

Closing as discussion has moved to #11301

mtesauro avatar Nov 20 '24 23:11 mtesauro