ThreatMapper icon indicating copy to clipboard operation
ThreatMapper copied to clipboard

Published 20 hours ago verified publisher icon deepfence

PDF report always shows "No vulnerabilities found for the applied filters"

Open mustajarvi opened this issue 2 years ago • 3 comments

Thanks for providing this tool!

Describe the bug When trying to generate a PDF report with vulnerabilities a PDF with the text "No vulnerabilities found for the applied filters" is always generated. Switching to the XLSX format returns thousands.

To Reproduce Steps to reproduce the behavior:

  1. Go to 'Integrations > Reports / PDF/XLSX'
  2. Select 'Vulnerabilities', 'container image', 'last 1 day' and PDF format.
  3. Click Download.
  4. Wait until report is generated and download it (a file without vulnerabilities is generated).
  5. Switch to XLSX download type and click Download.
  6. A XLSX file with thousand of vulnerabilities is shown.

Expected behavior I expected that the only difference would be the file format. The list of vulnerabilities should be the same.

Screenshots Filter settings and "Filters used" - Note the differences here. image

Extract from XLSX: image

PDF file downloaded: image

Components/Services affected

Making a best effort guess here.

  • [X] UI/Frontend
  • [X] API/Backend
  • [ ] Agent
  • [ ] Deployment/YAMLs
  • [ ] CI/CD Integration
  • [ ] Other (specify)

I hope the above helps with tracking down the issue. Since the Filters Used are different depending on file format, I suspect the issue might lay there.

Thanks

mustajarvi avatar Aug 16 '22 12:08 mustajarvi

Hi @mustajarvi , can you please post the diagnosis logs ? If you have scanned the image from the agent in this case please post the logs of the agents as well

Diagnosis logs can be found at Settings -> Diagnosis

mukuldeepfence avatar Aug 22 '22 12:08 mukuldeepfence

Sure. Attaching the diagnosis logs. Note that the logs are from today, while the screenshots above are from a week ago.

deepfence-logs.tar.gz

(Had to rename the file ending from .tgz to .tar.gz )

The scan was done by the deepfence package scanner.

mustajarvi avatar Aug 22 '22 13:08 mustajarvi

@mukuldeepfence did find any issues here ?

ibreakthecloud avatar Sep 13 '22 04:09 ibreakthecloud

Just confirmed with @mukuldeepfence , the issue was with XLSX reporting. The pdf report for the applied filter was correct. This issue has been resolved in master and will be available on next releases or patch.

ibreakthecloud avatar Sep 26 '22 17:09 ibreakthecloud

Hello @mustajarvi - There was an issue with applying filters, which has been fixed in the recently released 1.4.1 version of Threatmapper. Request you to please check if you still see the issue. Thank you

shyam-dev avatar Sep 29 '22 18:09 shyam-dev

Hello @shyam-dev - I am able to download the report I needed now. Thank you!

mustajarvi avatar Sep 30 '22 09:09 mustajarvi