FileNotFoundError at /engagement/46/threatmodel/upload

[bcncarlesc]

Bug description I've created an engagement and I want add a Threat Modeling document. When I tried it a receive this error

FileNotFoundError at /engagement/46/threatmodel/upload

Steps to reproduce Steps to reproduce the behavior:

1. Go to 'Product'-->'Engagement-->Upload Threat Modeling
2. Upload any doc

*Expected behavior

Deployment method (select with an X)

• [ ] Kubernetes
• [X] Docker
• [ ] setup.bash / legacy-setup.bash

Environment information

• Operating System: [e.g. Ubuntu 18.04] uname -a Linux ubuntu 5.3.0-28-generic #30~18.04.1-Ubuntu SMP Fri Jan 17 06:14:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

• DefectDojo Commit Message: [use git show -s --format="%h: %s [%ci]"] 0d64c07d: Merge pull request #1698 from madchap/fix-1653 [2020-01-14 16:15:14 -0600]

Sample scan files (optional) If applicable, add sample scan files to help reproduce your problem.

Screenshots (optional) If applicable, add screenshots to help explain your problem.

Console logs (optional) If applicable, add console logs to help explain your problem.

Additional context (optional) Add any other context about the problem here. I would like debug with vscode but I don't know how I need configure de projects to do it. If you have any guide to config it I will try to debug imself

[bcncarles]

I found what is the problem

I'm working with docker version and when I tried tu upload file the file is upload into docker image django-defectdojo_uwsgi_1 that it doesn't have permition to copy

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[valentijnscholten]

This is the same issue as with the finding images not working in docker-compose (release) mode.

[valentijnscholten]

we need to at least update the docs for 1.7.0

[madchap]

Actually, I don't think it is.

If you exec into uwsgi and do a mkdir /app/media/threat, then you can upload your model. The file appears on the server well and good (scp'ing it and all, file is OK).. yet if you then -- through dojo -- download it, you have a 0 byte file.. :man_shrugging:

To upload images in finding, it seems to be it's looking into the nginx and not uwsgi?

[madchap]

Or not even getting uploaded to the right place? Just dumping stuff here for later.

$ ls -l media/
1f71805a-c000-4860-b138-453b7056e69b.JPG  finding_images/
42553918-725c-4711-83b8-f15c74b26b3a.JPG  threat/
CACHE/                                    

[mtesauro]

Seems to me like there's several ways to get this resolved: (1) Make DefectDojo serve uploaded files. The simplest but likely not as performant having Django serve static files vs nginx (2) Bind mount a directory on the host into both nginx and uwsgi containers - provides shared storage but could be tricky depending on how persistent storage is done esp for things like Kubernetes.
(3) Use a Docker volume to provide storage that is shared between nginx and uwsgi containers.

I can confirm with a bind mount that has a threat sub-directory manually created inside the DefectDojo media works fine for uploading but does have the 0 byte download issue mentioned above.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.