search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.72k stars 1.56k forks source link

Error 500 when viewing finding if deduplication broke it (?) #2146

Closed madchap closed 4 years ago

madchap commented 4 years ago

Bug description On some findings, old or newer, we sometimes get

AttributeError at /finding/14520
'NoneType' object has no attribute 'id'
./dojo/models.py in duplicate_finding_set, line 1530

As it turns out, if we manually navigate to /edit on said finding, it works. There what we see depends, but usually, unchecking Duplicate and saving makes it work again.

In some cases, it is marked Duplicate but the relationship is gone... :scream:

Steps to reproduce Go view a broken finding, but you won't know which one, if any!

Expected behavior One can always view the finding, because the finding always has an id...

Deployment method (select with an X)

Environment information 8278b1bd: Merge remote-tracking branch 'refs/remotes/origin/dev' into dev [2020-03-25 16:04:57 +0000]

Additional context (optional)

Environment:

Request Method: GET
Request URL: https://defectdojo.xxx.com/finding/14520

Django Version: 2.2.11
Python Version: 3.5.9
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'polymorphic',
 'overextends',
 'django.contrib.admin',
 'django.contrib.humanize',
 'gunicorn',
 'tastypie',
 'auditlog',
 'defectDojo_engagement_survey',
 'dojo',
 'tastypie_swagger',
 'watson',
 'tagging',
 'custom_field',
 'imagekit',
 'multiselectfield',
 'rest_framework',
 'rest_framework.authtoken',
 'rest_framework_swagger',
 'dbbackup',
 'taggit_serializer',
 'django_celery_results',
 'social_django',
 'drf_yasg')
Installed Middleware:
['django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'dojo.middleware.LoginRequiredMiddleware',
 'dojo.middleware.TimezoneMiddleware',
 'social_django.middleware.SocialAuthExceptionMiddleware',
 'watson.middleware.SearchContextMiddleware',
 'auditlog.middleware.AuditlogMiddleware']

Template error:
In template /app/dojo/templates/base.html, error at line 0
   'NoneType' object has no attribute 'id'
   1 : {% load navigation_tags %}
   2 : {% load display_tags %}
   3 : {% load static from staticfiles %}
   4 : <!DOCTYPE html>
   5 : <html lang="en">
   6 : 
   7 : <head>
   8 : 
   9 :     <meta charset="utf-8">
   10 :     <meta http-equiv="X-UA-Compatible" content="IE=edge">

Traceback:

File "/usr/local/lib/python3.5/site-packages/django/core/handlers/exception.py" in inner
  34.             response = get_response(request)

File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py" in _get_response
  115.                 response = self.process_exception_by_middleware(e, request)

File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py" in _get_response
  113.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "./dojo/finding/views.py" in view_finding
  772.             'next_finding': next_finding

File "/usr/local/lib/python3.5/site-packages/django/shortcuts.py" in render
  36.     content = loader.render_to_string(template_name, context, request, using=using)

File "/usr/local/lib/python3.5/site-packages/django/template/loader.py" in render_to_string
  62.     return template.render(context, request)

File "/usr/local/lib/python3.5/site-packages/django/template/backends/django.py" in render
  61.             return self.template.render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in render
  171.                     return self._render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in _render
  163.         return self.nodelist.render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in render
  937.                 bit = node.render_annotated(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in render_annotated
  904.             return self.render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/loader_tags.py" in render
  150.             return compiled_parent._render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in _render
  163.         return self.nodelist.render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in render
  937.                 bit = node.render_annotated(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in render_annotated
  904.             return self.render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/loader_tags.py" in render
  150.             return compiled_parent._render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in _render
  163.         return self.nodelist.render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in render
  937.                 bit = node.render_annotated(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in render_annotated
  904.             return self.render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/loader_tags.py" in render
  62.                 result = block.nodelist.render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in render
  937.                 bit = node.render_annotated(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in render_annotated
  904.             return self.render(context)

File "/usr/local/lib/python3.5/site-packages/django/template/defaulttags.py" in render
  302.                     match = condition.eval(context)

File "/usr/local/lib/python3.5/site-packages/django/template/defaulttags.py" in eval
  876.         return self.value.resolve(context, ignore_failures=True)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in resolve
  671.                 obj = self.var.resolve(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in resolve
  796.             value = self._resolve_lookup(context)

File "/usr/local/lib/python3.5/site-packages/django/template/base.py" in _resolve_lookup
  858.                             current = current()

File "./dojo/models.py" in duplicate_finding_set
  1530.             return Finding.objects.get(id=self.duplicate_finding.id).original_finding.all().order_by('title')

Exception Type: AttributeError at /finding/14520
Exception Value: 'NoneType' object has no attribute 'id'
madchap commented 4 years ago

Certainly fixed by running python manage.py fix_loop_duplicates. I will know for sure tomorrow, and ascertain here.

For installs past a certain commit, https://github.com/DefectDojo/django-DefectDojo/pull/2248 is required for it to run.

madchap commented 4 years ago

Confirmation that the script fixes it.