Steps to reproduce
Steps to reproduce the behavior:
Try to import/re-import Prowler v4 report via API or UI
Expected behavior
Report is imported
Deployment method(select with an X)
[ ] Docker Compose
[x] Kubernetes
[ ] GoDojo
Logs
{"message": "'NoneType' object is not subscriptable", "time": "2024-11-07T10:00:17.343595+00:00", "exc_info": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.11/site-packages/rest_framework/views.py\", line 506, in dispatch\n response = handler(request, *args, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/rest_framework/mixins.py\", line 19, in create\n self.perform_create(serializer)\n File \"/app/dojo/api_v2/views.py\", line 2576, in perform_create\n serializer.save(push_to_jira=push_to_jira)\n File \"/app/dojo/api_v2/serializers.py\", line 2484, in save\n self.process_scan(auto_create_manager, data, context)\n File \"/app/dojo/api_v2/serializers.py\", line 2436, in process_scan\n ).process_scan(\n ^^^^^^^^^^^^^\n File \"/app/dojo/importers/default_reimporter.py\", line 94, in process_scan\n self.parsed_findings = self.parse_findings(scan, parser)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/app/dojo/importers/default_reimporter.py\", line 302, in parse_findings\n self.parsed_findings = self.parse_findings_static_test_type(scan, parser)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/app/dojo/importers/default_reimporter.py\", line 316, in parse_findings_static_test_type\n return super().parse_findings_static_test_type(scan, parser)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/app/dojo/importers/base_importer.py\", line 161, in parse_findings_static_test_type\n return parser.get_findings(scan, self.test)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/app/dojo/tools/aws_prowler_v3plus/parser.py\", line 19, in get_findings\n return AWSProwlerV4Parser().process_ocsf_json(file, test)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/app/dojo/tools/aws_prowler_v3plus/prowler_v4.py\", line 75, in process_ocsf_json\n date=date.fromisoformat(timestamp[:10]),\n ~~~~~~~~~^^^^^\nTypeError: 'NoneType' object is not subscriptable"}
Sample scan files
Example of report
[{
"message": "EC2 AMI ami-xxxxxxx is not public.",
"metadata": {
"event_code": "ec2_ami_public",
"product": {
"name": "Prowler",
"uid": "prowler",
"vendor_name": "Prowler",
"version": "4.5.0"
},
"profiles": [
"cloud",
"datetime"
],
"tenant_uid": "arn:aws:organizations::xxxxxxxx:organization/o-l8a6bwph6s",
"version": "1.3.0"
},
"severity_id": 5,
"severity": "Critical",
"status": "New",
"status_code": "PASS",
"status_detail": "EC2 AMI ami-xxxxxxxxxxx is not public.",
"status_id": 1,
"unmapped": {
"related_url": "",
"categories": [
"internet-exposed"
],
"depends_on": [],
"related_to": [],
"notes": "",
"compliance": {
"ISO27001-2013": [
"A.12.6"
],
"KISA-ISMS-P-2023": [
"2.6.1",
"2.9.3"
],
"KISA-ISMS-P-2023-korean": [
"2.6.1",
"2.9.3"
],
"AWS-Well-Architected-Framework-Security-Pillar": [
"SEC03-BP07"
],
"AWS-Account-Security-Onboarding": [
"Disable AMI public sharing"
],
"AWS-Foundational-Technical-Review": [
"NETSEC-001"
]
}
},
"activity_name": "Create",
"activity_id": 1,
"finding_info": {
"created_time": 1730968745,
"created_time_dt": "2024-11-07T11:39:05.010426",
"desc": "Ensure there are no EC2 AMIs set as Public.",
"product_uid": "prowler",
"title": "Ensure there are no EC2 AMIs set as Public.",
"types": [
"Infrastructure Security"
],
"uid": "prowler-aws-ec2_ami_public-xxxxxxxxx-us-west-1-ami-xxxxxxxxxx"
},
"resources": [
{
"cloud_partition": "aws",
"region": "us-west-1",
"data": {
"details": ""
},
"group": {
"name": "ec2"
},
"labels": [
],
"name": "ami-xxxxxxxxxxx",
"type": "Other",
"uid": "arn:aws:ec2:us-west-1:xxxxxxxx:image/ami-xxxxxxxxxxx"
}
],
"category_name": "Findings",
"category_uid": 2,
"class_name": "Detection Finding",
"class_uid": 2004,
"cloud": {
"account": {
"name": "Test",
"type": "AWS Account",
"type_id": 10,
"uid": "xxxxxxxxxxx",
"labels": [
"terraform:true",
"account_id:xxxxxxxxxx",
"author:ivan.morgun@xxxxxxxx.com",
"git_repo:xxxx-xxxxx",
"account_name:test"
]
},
"org": {
"name": "o-xxxxxxxx",
"uid": "arn:aws:organizations::xxxxxxxxxxx:organization/o-xxxxxxxx"
},
"provider": "aws",
"region": "us-west-1"
},
"remediation": {
"desc": "We recommend your EC2 AMIs are not publicly accessible, or generally available in the Community AMIs.",
"references": [
"https://docs.prowler.com/checks/aws/public-policies/public_8#cli-command",
"https://docs.prowler.com/checks/aws/public-policies/public_8#aws-console",
"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cancel-sharing-an-AMI.html"
]
},
"risk_details": "When your AMIs are publicly accessible, they are available in the Community AMIs where everyone with an AWS account can use them to launch EC2 instances. Your AMIs could contain snapshots of your applications (including their data), therefore exposing your snapshots in this manner is not advised.",
"time": 1730968745,
"time_dt": "2024-11-07T11:39:05.010426",
"type_uid": 200401,
"type_name": "Detection Finding: Create"
}]
serhii-ciq
commented
2 weeks ago
Bug description During Prowler v4 report importing/re-importing, there is an issue with parsing the finding datetime key. If I'm not mistaken this line https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/tools/aws_prowler_v3plus/prowler_v4.py#L40 tries to get "event_time" key from the finding dict, but Prowler v4 report doesn't have such key, there is
timekey instead. The next step causes an issue when trying to convert ISO timestamp https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/tools/aws_prowler_v3plus/prowler_v4.py#L75Steps to reproduce Steps to reproduce the behavior:
Expected behavior Report is imported
Deployment method (select with an
X)Logs
Sample scan files Example of report
Screenshots