search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.62k stars 1.52k forks source link

OpenVas Import Scan Error #1575

Closed gogo02 closed 4 years ago

gogo02 commented 4 years ago

Bug description When i am trying to import a scan result (CSV-Results), it failed

Steps to reproduce Steps to reproduce the behavior: git clone --branche master https://github.com/DefectDojo/django-DefectDojo && cd django-DefectDojo docker-compose build docker-compose up

Expected behavior The scan result should be accepted

Deployment method (select with an X)

Environment information

Console logs uwsgi_1 | Internal Server Error: /product/1/import_scan_results uwsgi_1 | Traceback (most recent call last): uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/core/handlers/exception.py", line 34, in inner uwsgi_1 | response = get_response(request) uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 115, in _get_response uwsgi_1 | response = self.process_exception_by_middleware(e, request) uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 113, in _get_response uwsgi_1 | response = wrapped_callback(request, *callback_args, callback_kwargs) uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view uwsgi_1 | return view_func(request, *args, *kwargs) uwsgi_1 | File "./dojo/product/views.py", line 413, in import_scan_results_prod uwsgi_1 | return import_scan_results(request, pid=pid) uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view uwsgi_1 | return view_func(request, args, kwargs) uwsgi_1 | File "./dojo/engagement/views.py", line 525, in import_scan_results uwsgi_1 | parser = import_parser_factory(file, t, active, verified) uwsgi_1 | File "./dojo/tools/factory.py", line 125, in import_parser_factory uwsgi_1 | parser = OpenVASUploadCsvParser(file, test) uwsgi_1 | File "./dojo/tools/openvas_csv/parser.py", line 316, in init uwsgi_1 | reader = csv.reader(io.StringIO(content), delimiter=',', quotechar='"') uwsgi_1 | TypeError: initial_value must be str or None, not bytes uwsgi_1 | Internal Server Error: /product/1/import_scan_results uwsgi_1 | Traceback (most recent call last): uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/core/handlers/exception.py", line 34, in inner uwsgi_1 | response = get_response(request) uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 115, in _get_response uwsgi_1 | response = self.process_exception_by_middleware(e, request) uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 113, in _get_response uwsgi_1 | response = wrapped_callback(request, *callback_args, callback_kwargs) uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view uwsgi_1 | return view_func(request, *args, *kwargs) uwsgi_1 | File "./dojo/product/views.py", line 413, in import_scan_results_prod uwsgi_1 | return import_scan_results(request, pid=pid) uwsgi_1 | File "/usr/local/lib/python3.5/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view uwsgi_1 | return view_func(request, args, kwargs) uwsgi_1 | File "./dojo/engagement/views.py", line 525, in import_scan_results uwsgi_1 | parser = import_parser_factory(file, t, active, verified) uwsgi_1 | File "./dojo/tools/factory.py", line 125, in import_parser_factory uwsgi_1 | parser = OpenVASUploadCsvParser(file, test) uwsgi_1 | File "./dojo/tools/openvas_csv/parser.py", line 316, in init uwsgi_1 | reader = csv.reader(io.StringIO(content), delimiter=',', quotechar='"') uwsgi_1 | TypeError: initial_value must be str or None, not bytes

gogo02 commented 4 years ago

The import issues was fixed by editing the parser.py Change: Line 316

Add the import

from io import TextIOWrapper

Change [reader = csv.reader(io.StringIO(content),delimiter=',',quotechar='"')] by:

    reportCSV = TextIOWrapper(filename, encoding='utf-8 ', errors='replace')
    reader = csv.reader(reportCSV, delimiter=',',quotechar='"')

That have fix the error 500 when Importing a Scan.

BUT now when i am importing a scan result it has 0 Findings.. Any idea on this?

madchap commented 4 years ago

Please try on the dev branch, and let us know if this happens there too. Cheers.

gogo02 commented 4 years ago

Hello so i have try with the dev bran i had the error at import. cd /opt/ git clone --branch dev https://github.com/DefectDojo/django-DefectDojo && cd django-DefectDojo

docker-compose build docker-compose up

Create the product. Import a scan report X Error (same as the first one)

I have try by editing the parser.py and same issues the findings are 0

Edit /dojo/tools/openvas_csv/parser.py

from io import TextIOWrapper reportCSV = TextIOWrapper(filename, encoding='utf-8 ', errors='replace') reader = csv.reader(reportCSV, delimiter=',',quotechar='"')

docker-compose build docker-compose up

Create the product. Import a scan report. And no finding..

devGregA commented 4 years ago

@gogo02 would you please provide a sample file or submit a PR?

gogo02 commented 4 years ago

Hello @devGregA what do you mean by a PR/sample file ? :)

Maffooch commented 4 years ago

He is asking for either the file you had attempted to import or your solution to the issue in the form of a pull request so that others will not have the same problems.

gogo02 commented 4 years ago

Hello, i can not post here a sample of a scan result.. But those are from an OpenVas Scanner V9.

tvtongerloo commented 4 years ago

** Note to self, change TextIOWrapper buffer to a binary reference by opening $filename with r+b @gogo02 : let's review internally and then submit a Pull Request

gogo02 commented 4 years ago

Pull Request has been created :) https://github.com/DefectDojo/django-DefectDojo/pull/1585