DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.69k stars 1.55k forks source link

Hadolint Error Import Scan #1741

Closed cristiano-corrado closed 4 years ago

cristiano-corrado commented 4 years ago

Bug description importing an hadolint scan will generate error 500

Steps to reproduce Steps to reproduce the behavior:

  1. import an hadolint json report

Expected behavior The application should report and process the results

Deployment method (select with an X)

Environment information

Sample scan files (optional)

hadolint-sample-report.json.zip

Screenshots (optional)

Screenshot 2020-01-07 at 14 28 59

Console logs (optional)

 172.19.0.1 - - [07/Jan/2020:14:19:36 +0000] "POST /api/v2/import-scan/ HTTP/1.1" 500 27 "-" "python-requests/2.22.0" "-"
uwsgi_1         | Internal Server Error: /api/v2/import-scan/
uwsgi_1         | Traceback (most recent call last):
uwsgi_1         |   File "./dojo/tools/hadolint/parser.py", line 17, in parse_json
uwsgi_1         |     tree = json.load(json_output)
uwsgi_1         |   File "/usr/local/lib/python3.5/json/__init__.py", line 268, in load
uwsgi_1         |     parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw)
uwsgi_1         |   File "/usr/local/lib/python3.5/json/__init__.py", line 312, in loads
uwsgi_1         |     s.__class__.__name__))
uwsgi_1         | TypeError: the JSON object must be str, not 'bytes'
uwsgi_1         |
uwsgi_1         | During handling of the above exception, another exception occurred:
uwsgi_1         |
uwsgi_1         | Traceback (most recent call last):
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/core/handlers/exception.py", line 34, in inner
uwsgi_1         |     response = get_response(request)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 115, in _get_response
uwsgi_1         |     response = self.process_exception_by_middleware(e, request)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 113, in _get_response
uwsgi_1         |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
uwsgi_1         |     return view_func(*args, **kwargs)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/rest_framework/viewsets.py", line 116, in view
uwsgi_1         |     return self.dispatch(request, *args, **kwargs)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/rest_framework/views.py", line 495, in dispatch
uwsgi_1         |     response = self.handle_exception(exc)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/rest_framework/views.py", line 455, in handle_exception
uwsgi_1         |     self.raise_uncaught_exception(exc)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/rest_framework/views.py", line 492, in dispatch
uwsgi_1         |     response = handler(request, *args, **kwargs)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/rest_framework/mixins.py", line 21, in create
uwsgi_1         |     self.perform_create(serializer)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/rest_framework/mixins.py", line 26, in perform_create
uwsgi_1         |     serializer.save()
uwsgi_1         |   File "./dojo/api_v2/serializers.py", line 554, in save
uwsgi_1         |     data['scan_type'],)
uwsgi_1         |   File "./dojo/tools/factory.py", line 200, in import_parser_factory
uwsgi_1         |     parser = HadolintParser(file, test)
uwsgi_1         |   File "./dojo/tools/hadolint/parser.py", line 8, in __init__
uwsgi_1         |     tree = self.parse_json(json_output)
uwsgi_1         |   File "./dojo/tools/hadolint/parser.py", line 19, in parse_json
uwsgi_1         |     raise Exception("Invalid format")
uwsgi_1         | Exception: Invalid format
uwsgi_1         | [pid: 1|app: 0|req: 19834/19834] 172.19.0.1 () {42 vars in 691 bytes} [Tue Jan  7 14:19:41 2020] POST /api/v2/import-scan/ => generated 27 bytes in 106 msecs (HTTP/1.1 500) 3 headers in 112 bytes (1 switches on core 0)

Additional context (optional) Tried to upload the scan both using API and manual file upload

cristiano-corrado commented 4 years ago

it seems that the below fixes it, it is the handling of the TempUploadFile @/dojo/tools/hadolint/parser.py", line 17 it's enough to change the parse_json function to the code reported below. Now the issues are imported and displayed in django with no errors.

def parse_json(self, json_output):

        json_output = json_output.read()
        try:
            tree = json.loads(json_output.decode('utf-8').strip())
        except:
            raise Exception("Invalid format")

        return tree
stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.