search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.54k stars 1.49k forks source link

Jira project Issuetype ID can't be found in Jira 9 due to lack of pagination in API call #8751

Open devsecopsale opened 10 months ago

devsecopsale commented 10 months ago

Be informative

Using v. 2.23.2 (docker) on Linux. Using Jira 9.x.x

Bug description When setting a new jira project in an engagement/product, it fails, with error: <class 'dojo.models.Finding'>: "FINDING TITLE", Failed retrieving field metadata from Jira version: (9, 4, 9), project: "JIRA_PROJECT_NAME", issue type: "ISSUE_TYPE_NAME". Issue type ID can not be matched. Misconfigured default issue type ? This also happens at any instance where an existing finding is changed and the jira ticket belongs to a project where the issuetype id can't be found.

REASON: it fails because the API call createmeta_issuetypes() is only getting the first 50 results. If the Jira project has more than 50 issuetypes, then it may fail, depending in which order the issuetype will be present at. As a result, is_jira_project_valid() function returns False because it can't validate the project.

POSSIBLE SOLUTIONS:

  1. use a different function that can get all the results. e.g. by using maxResults parameter (workaround) or by using pagination (better).
  2. allow the user to enter the issuetype id at the Jira settings (which is the required id). This seems the best option in case there's no jira library that can do number 1.

Steps to reproduce Steps to reproduce the behavior:

  1. try to change an existing project or create a new product engagement with that jira project. It can't be configured since it doesn't take it as valid.

Expected behavior The Jira project should be configured or existing jira ticket updated.

Deployment method (select with an X)

Environment information Using v. 2.23.2 (docker) on Linux. Using Jira 9.x.x

devsecopsale commented 9 months ago

One quick workaround is to set the issuetype id toghether with the DD_JIRA_EXTRA_ISSUE_TYPES variable. If the id is defined, then it can be set. I made a quick test and worked by hardcoding it

valentijnscholten commented 9 months ago

Wow, 50+ issue types. That sounds like an issue in itself ;-)

r0bag commented 5 months ago

Well, I wanted create a nice POC with the JIRA cloud version:

  "version": "1001.0.0-SNAPSHOT",
  "versionNumbers": [
    1001,
    0,
    0
  ],
  "deploymentType": "Cloud",
  "buildNumber": 100247,

but I am also receiving "Failed retrieving field metadata from Jira version: (1001, 0, 0), project: ALFA, issue type: Task. Project misconfigured or no permissions in Jira ?"

Any idea for this?

egorbeliy commented 4 months ago

hi there, who has any workarounds for jira cloud?

Failed retrieving field metadata from Jira version: (1001, 0, 0), project: ****, issue type: Task. Project misconfigured or no permissions in Jira ?

devsecopsale commented 3 months ago

Is this solution acceptable? setting the issuetype id toghether with the DD_JIRA_EXTRA_ISSUE_TYPES variable. When defined, don't look it up (which triggers the error when more than 50 issuetypes are defined in a jira project)

devsecopsale commented 4 weeks ago

@valentijnscholten , will a PR that contains this solution be accepted? a variable duch as DD_JIRA_EXTRA_ISSUE_TYPES_ID defined at settings and that variable (if exists), be used in a condition when the jira issue type is is looked up, to avoid the look up