TypeError: 'Endpoint' object is not subscriptable

[AlexanderTyutin]

After importing ZAP Scan and trying to view findings I see error 500. This error returns not for all findings but for the most findings in the report.

# docker-compose logs uwsgi
...
 Internal Server Error: /finding/13
...
 TypeError: 'Endpoint' object is not subscriptable

Then I got this finding via APIv2. This is the "endpoints" property:

  "endpoints": [
    1,
    21,
    10,
    3,
    2
  ],

[AlexanderTyutin]

Debugging further...

The target was set by url. I see two endpoints: the site name and the IP address of this site. When I'm trying to open the IP endpoint - then I see the report, findings, etc. When I'm trying to open the hostname endpoint - I'm receiving error 500:

uwsgi_1         | Internal Server Error: /endpoint/21
uwsgi_1         | Traceback (most recent call last):
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/core/handlers/exception.py", line 34, in inner
uwsgi_1         |     response = get_response(request)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 115, in _get_response
uwsgi_1         |     response = self.process_exception_by_middleware(e, request)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 113, in _get_response
uwsgi_1         |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
uwsgi_1         |   File "./dojo/endpoint/views.py", line 180, in view_endpoint
uwsgi_1         |     'vulnerable': vulnerable,
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/shortcuts.py", line 36, in render
uwsgi_1         |     content = loader.render_to_string(template_name, context, request, using=using)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/loader.py", line 62, in render_to_string
uwsgi_1         |     return template.render(context, request)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/backends/django.py", line 61, in render
uwsgi_1         |     return self.template.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 171, in render
uwsgi_1         |     return self._render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 163, in _render
uwsgi_1         |     return self.nodelist.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 937, in render
uwsgi_1         |     bit = node.render_annotated(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 904, in render_annotated
uwsgi_1         |     return self.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/loader_tags.py", line 150, in render
uwsgi_1         |     return compiled_parent._render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 163, in _render
uwsgi_1         |     return self.nodelist.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 937, in render
uwsgi_1         |     bit = node.render_annotated(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 904, in render_annotated
uwsgi_1         |     return self.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/loader_tags.py", line 150, in render
uwsgi_1         |     return compiled_parent._render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 163, in _render
uwsgi_1         |     return self.nodelist.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 937, in render
uwsgi_1         |     bit = node.render_annotated(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 904, in render_annotated
uwsgi_1         |     return self.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/loader_tags.py", line 62, in render
uwsgi_1         |     result = block.nodelist.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 937, in render
uwsgi_1         |     bit = node.render_annotated(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 904, in render_annotated
uwsgi_1         |     return self.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/defaulttags.py", line 309, in render
uwsgi_1         |     return nodelist.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 937, in render
uwsgi_1         |     bit = node.render_annotated(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 904, in render_annotated
uwsgi_1         |     return self.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/defaulttags.py", line 209, in render
uwsgi_1         |     nodelist.append(node.render_annotated(context))
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 904, in render_annotated
uwsgi_1         |     return self.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/defaulttags.py", line 209, in render
uwsgi_1         |     nodelist.append(node.render_annotated(context))
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 904, in render_annotated
uwsgi_1         |     return self.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/defaulttags.py", line 309, in render
uwsgi_1         |     return nodelist.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 937, in render
uwsgi_1         |     bit = node.render_annotated(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 904, in render_annotated
uwsgi_1         |     return self.render(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 987, in render
uwsgi_1         |     output = self.filter_expression.resolve(context)
uwsgi_1         |   File "/usr/local/lib/python3.5/site-packages/django/template/base.py", line 698, in resolve
uwsgi_1         |     new_obj = func(obj, *arg_vals)
uwsgi_1         |   File "./dojo/templatetags/display_tags.py", line 80, in url_shortner
uwsgi_1         |     return_value = "..." + return_value[50:]
uwsgi_1         | TypeError: 'Endpoint' object is not subscriptable

[AlexanderTyutin]

I got the point. There is an error in ZAP Scan import (or in ZAP XML report): the problem link (where finding was found) was imported as endpoint. I opened the finding for edit and removed the link from endpoint. After that I'm able to open the finding.

[AlexanderTyutin]

All links from Description field (the links where finding was discovered) became the endpoints. That is the problem.

[AlexanderTyutin]

Also, there are created a lot of endpoints like: https://example.com/page_1 https://example.com/page_2 https://example.com/page_3 ... https://example.com/page_N

But when I go to the menu and select item "Endpoints" I see only one - "https://example.com" and if I choose "Delete endpoint" it is there again and is not removed.

[devGregA]

Hi @AlexanderTyutin, I think we'd need a sample scan to reproduce this.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[valentijnscholten]

Too much going on in this issue :-) Current dev has some changes to ZAP parser and to endpoint handling. Can you try again and explain a bit more in detail what you are doing and what is going wrong. Screenshots maybe?