search

DefectDojo / defectdojo_api

Python API library for DefectDojo
MIT License
40 stars 79 forks source link

Attribute Error "NoneType" object has no attribute success #14

Open raghunath24 opened 6 years ago

raghunath24 commented 6 years ago

I am trying to run the dojo_ci_cd.py file in my local environment and it is prompting with the below error. Please could you check? ( or probably it could be a defectdojo bug)

Defectdojo=lastest master Defectdojo_api 1.1.4

Command & Output: 

python dojo_ci_cd.py --product=1 --file "~/Dev/misc/defectdojo_api/tests/scans/Bodgeit-burp.xml" --scanner="Burp Scan" --high=0 --host=http://192.168.13.37:8000 —api_key=xxxx --user=admin

Traceback (most recent call last):
  File "dojo_ci_cd.py", line 241, in <module>
    class Main:
  File "dojo_ci_cd.py", line 282, in Main
    test_ids = processFiles(dd, engagement_id, file, scanner=scanner)
  File "dojo_ci_cd.py", line 144, in processFiles
    if test_id.success == False:
AttributeError: 'NoneType' object has no attribute 'success'

Output of defectdojo logs:


[11/Jul/2018 05:29:06] "GET /api/v1/users/?username=admin&limit=20 HTTP/1.1" 200 246
Internal Server Error: /api/v1/engagements/
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 227, in wrapper
    response = callback(request, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 467, in dispatch_list
    return self.dispatch('list', request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 499, in dispatch
    response = method(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 1408, in post_list
    updated_bundle = self.obj_create(bundle, **self.remove_api_resource_names(kwargs))
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 2245, in obj_create
    return self.save(bundle)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 2380, in save
    self.is_valid(bundle)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 1320, in is_valid
    errors = self._meta.validation.is_valid(bundle, bundle.request)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/validation.py", line 73, in is_valid
    form = self.form_class(**self.form_args(bundle))
  File "/vagrant/dojo/api.py", line 85, in form_args
    pk = self._get_pk_from_resource_uri(rel_field, resource_uri)
  File "/vagrant/dojo/api.py", line 70, in _get_pk_from_resource_uri
    resource_uri, base_resource_uri))
Exception: Couldn't match resource_uri //api/v1/users/1/ with /api/v1/users/
Internal Server Error: /api/v1/engagements/
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 227, in wrapper
    response = callback(request, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 467, in dispatch_list
    return self.dispatch('list', request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 499, in dispatch
    response = method(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 1408, in post_list
    updated_bundle = self.obj_create(bundle, **self.remove_api_resource_names(kwargs))
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 2245, in obj_create
    return self.save(bundle)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 2380, in save
    self.is_valid(bundle)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/resources.py", line 1320, in is_valid
    errors = self._meta.validation.is_valid(bundle, bundle.request)
  File "/usr/local/lib/python2.7/dist-packages/tastypie/validation.py", line 73, in is_valid
    form = self.form_class(**self.form_args(bundle))
  File "/vagrant/dojo/api.py", line 85, in form_args
    pk = self._get_pk_from_resource_uri(rel_field, resource_uri)
  File "/vagrant/dojo/api.py", line 70, in _get_pk_from_resource_uri
    resource_uri, base_resource_uri))
Exception: Couldn't match resource_uri //api/v1/users/1/ with /api/v1/users/
ghost commented 6 years ago

I'm facing the same issue.. From what I see, I think it's referring to the API-v1. That might be the problem. However, I'm not sure.. Have you found a fix? If not, I'll be waiting for someone's response!

sirferl commented 6 years ago

Hi, I was facing a similar problem. I documented it in this issue. There I also proposed a solution. regards sirferl

heepspray commented 6 years ago

I am about to lose my mind

I am on master defectdojo, and master defectdojo-api. I have somehow managed to overcome the double slash issue that @sirferl has a workaround for. (My file looks nothing like https://github.com/aaronweaver/defectdojo_api/issues/18 by the way, but I will leave that for now)

I am left with the stack that is posted on the top of this issue by @raghunath24 . In the console I can see defectdojo logging and working like normal with no error messages. When I check the engagement in the user interface, there are ZERO findings from the engagement. However if I import the file manually, the findings are registered.

Has anyone managed to find a workaround for the AttributeError ? are the other reasons beside the AttributeError that make the import of the vulnerabilities fail ?

Output:

python dojo_ci_cd.py --product=9 --file "/dependency-check/xxx/dependency-check-report.json" --scanner="Dependency Check" --critical=0 --host=http://localhost:8000 --api_key=xxx --user=xxx
Traceback (most recent call last):
  File "dojo_ci_cd.py", line 242, in <module>
    class Main:
  File "dojo_ci_cd.py", line 283, in Main
    test_ids = processFiles(dd, engagement_id, file, scanner=scanner)
  File "dojo_ci_cd.py", line 145, in processFiles
    if test_id.success == False:
AttributeError: 'NoneType' object has no attribute 'success'

-----------

[18/Oct/2018 06:46:51] "GET /alerts/count HTTP/1.1" 200 13
[18/Oct/2018 06:47:01] "GET /alerts/count HTTP/1.1" 200 13
[18/Oct/2018 06:47:11] "GET /alerts/count HTTP/1.1" 200 13
[18/Oct/2018 06:47:17] "GET /api/v1/users/?username=xxx&limit=20 HTTP/1.1" 200 253
[18/Oct/2018 06:47:17] "POST /api/v1/engagements/ HTTP/1.1" 201 0
[18/Oct/2018 06:47:21] "GET /alerts/count HTTP/1.1" 200 13
heepspray commented 6 years ago

Ok.. I just hardcoded scannerName = "Dependency Check Scan" on line 85 and that seems to work

Now if I can find away to hack my way around the TypeErrors :|