django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard

Published 20 hours ago verified publisher icon DefectDojo

Dependency Check parser.py update

Open security101 opened this issue 3 years ago • 2 comments

As outlined in https://owasp.slack.com/archives/C2P5BA8MN/p1653900502360699 uploading selected Dependency Check xml reports caused the program to fail. The error message was: UnboundLocalError: local variable 'vulnerability' referenced before assignment. The associated code block has been moved. Additional if else have been added to make the code more robust.

security101 avatar Jun 21 '22 07:06 security101

Hi @security101, thanks for this PR. You need to rebase your branch to the current dev revision to fix the problem with the helm linting.

StefanFl avatar Jun 21 '22 10:06 StefanFl

@security101 Reminder to rebase the PR on the dev branch instead

coheigea avatar Aug 30 '22 11:08 coheigea

@security101 your PR is good, could you add a unit test to it?

damiencarol avatar Oct 08 '22 17:10 damiencarol

Dear Damien,:-) I would like to but never did so before means I have not the skill (yet) I believe it would take to long till I can provide it. If I can make an other contribution let me know and I will be please to do my best.Cheers,AndreasAm 08.10.2022 um 19:02 schrieb Damien Carol @.***>: @security101 your PR is good, could you add a unit test to it?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

security101 avatar Oct 27 '22 10:10 security101

I also got this error. I'm not sure why, but since some days my dependency check result causes this error.

Please merge this PR.

AndreVirtimo avatar Nov 21 '22 11:11 AndreVirtimo

Hi @security101 Please see #7124 for an example of what we are looking for with unit tests.

Maffooch avatar Nov 21 '22 15:11 Maffooch

@security101 can you tell me what content in the dependency check report causes this error?

@Maffooch is there a guide how to run the tests? I have no experience with Django. I tried to run the tests but it with no luck. When I am able to run the test, then I can provide a test for this issue.

AndreVirtimo avatar Dec 08 '22 06:12 AndreVirtimo

@AndreVirtimo Here's the docs for running tests during development: https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/DOCKER.md#run-the-tests-with-docker-compose

mtesauro avatar Dec 09 '22 00:12 mtesauro

@mtesauro thank you for the link. I'm still not able to run a unit test. I have tried this one: python manage.py test unittests.tools.test_dependency_check_parser.TestDependencyCheckParser.test_parse_file_with_multiple_vulnerabilities_has_multiple_findings --keepdb

First I ran into this error: django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.

I have done a workaround with export DD_SECRET_KEY=foo

Now I got this error django.db.utils.OperationalError: (2005, "Unknown MySQL server host 'mysql' (8)")

This doesn't feel like a unit test. I really want to help but I cannot find any documentation how to setup my dev environment.

AndreVirtimo avatar Dec 13 '22 15:12 AndreVirtimo

@AndreVirtimo if you have a report that breaks without this patch, please commit it to this PR. I can write the test from there

Maffooch avatar Dec 14 '22 01:12 Maffooch

@Maffooch thank you. Here is the report. dependency-check-report.xml.zip

AndreVirtimo avatar Dec 14 '22 05:12 AndreVirtimo

Thank you for this fix. I can confirm that our import problem is now solved.

AndreVirtimo avatar Jan 12 '23 06:01 AndreVirtimo