search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.51k stars 1.48k forks source link

Uploading Synk Scan fails wiht 500 status code #1432

Closed praveendvd closed 4 years ago

praveendvd commented 4 years ago

Bug description

Uploading snyk.json throws 500 status code

Steps to reproduce

Steps to reproduce the behavior:

  1. Go to Engagement>Import_scan
  2. Import 'Snyk Scan' json result
  3. see the error

Expected behavior

status 201

Deployment method (select with an X)

Environment information

Sample scan files (optional)

snyk.zip

Screenshots (optional) image

Additional context (optional)

Retire.js results also throws 500 error

devGregA commented 4 years ago

@devEricA @praveendvd has included a sample scan file, please verify.

devEricA-zz commented 4 years ago

Worked fine on mine @devGregA under the dev branch. @praveendvd Which branch are you using?

praveendvd commented 4 years ago

Worked fine on mine @devGregA under the dev branch. @praveendvd Which branch are you using?

Hi i am using docker image,

Below are the steps i did

stop all containers (sudo docker stop $(sudo docker ps -aq) ) remove all images using ( sudo docker system prune -a ) run the dojo container ( sudo docker run -it -p 8000:8000 appsecpipeline/django-defectdojo )

created a new product under research and development created a new engagement upload synk report

i tried in another centos OS system and was able to reproduce the issue

i am logged in as non root , and i have only admin account in dojo

dr3dd589 commented 4 years ago

works fine for me too on the dev branch. @praveendvd checkout to the dev branch.


git checkout dev
docker-compose build
cp dojo/settings/settings.dist.py dojo/settings/settings.py
docker/setEnv.sh dev
docker-compose up ```

before running these commands remove all old images.
praveendvd commented 4 years ago

works fine for me too on the dev branch. @praveendvd checkout to the dev branch.

git checkout dev
docker-compose build
cp dojo/settings/settings.dist.py dojo/settings/settings.py
docker/setEnv.sh dev
docker-compose up ```

before running these commands remove all old images.

@dr3dd589 @devEricA @devGregA

Hi , I cloned the latest code from git and ran the docker. Now the upload is working from UI but not through API.

Below is the python code i used for uploading the scan results

Note: The defect dojo api package is the latest one available in the git. i pulled the code and installed through ' python setup.py develop'.

#!/usr/bin/python

#import the package
from defectdojo_api import defectdojo
import os

#setup DefectDojo connection information
host = 'http://localhost:8000'
api_key = '<Provide_API>''
user = 'admin'

#instantiate the DefectDojo api wrapper
dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=False)

print dd.upload_scan(1,"Snyk Scan", "<file_path>/snyk.json", "True", "2019-08-08")

Could you please guide me here, is it issue with pytho api

how to try this manually , what would be the payload. How to try the same using rest-client or postman.

praveendvd commented 4 years ago

works fine for me too on the dev branch. @praveendvd checkout to the dev branch.

git checkout dev
docker-compose build
cp dojo/settings/settings.dist.py dojo/settings/settings.py
docker/setEnv.sh dev
docker-compose up ```

before running these commands remove all old images.

@dr3dd589 @devEricA @devGregA

Hi , I cloned the latest code from git and ran the docker. Now the upload is working from UI but not through API.

Below is the python code i used for uploading the scan results

Note: The defect dojo api package is the latest one available in the git. i pulled the code and installed through ' python setup.py develop'.

#!/usr/bin/python

#import the package
from defectdojo_api import defectdojo
import os

#setup DefectDojo connection information
host = 'http://localhost:8000'
api_key = '<Provide_API>''
user = 'admin'

#instantiate the DefectDojo api wrapper
dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=False)

print dd.upload_scan(1,"Snyk Scan", "<file_path>/snyk.json", "True", "2019-08-08")

Could you please guide me here, is it issue with pytho api

how to try this manually , what would be the payload. How to try the same using rest-client or postman.

Hi i was able to check the same using postman, and it throws the same error, @devGregA @devEricA @dr3dd589

image

praveendvd commented 4 years ago

works fine for me too on the dev branch. @praveendvd checkout to the dev branch.

git checkout dev
docker-compose build
cp dojo/settings/settings.dist.py dojo/settings/settings.py
docker/setEnv.sh dev
docker-compose up ```

before running these commands remove all old images.

@dr3dd589 @devEricA @devGregA Hi , I cloned the latest code from git and ran the docker. Now the upload is working from UI but not through API. Below is the python code i used for uploading the scan results Note: The defect dojo api package is the latest one available in the git. i pulled the code and installed through ' python setup.py develop'.

#!/usr/bin/python

#import the package
from defectdojo_api import defectdojo
import os

#setup DefectDojo connection information
host = 'http://localhost:8000'
api_key = '<Provide_API>''
user = 'admin'

#instantiate the DefectDojo api wrapper
dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=False)

print dd.upload_scan(1,"Snyk Scan", "<file_path>/snyk.json", "True", "2019-08-08")

Could you please guide me here, is it issue with pytho api how to try this manually , what would be the payload. How to try the same using rest-client or postman.

Hi i was able to check the same using postman, and it throws the same error, @devGregA @devEricA @dr3dd589

image

Hi Team, dev branch is working , master branch had the issue. Thank you for the help @devGregA @devEricA @dr3dd589