Bug description
SSLyze JSON file imports sometimes appear to send a None type node value in the get_heartbeat function.
def get_heartbleed(node, test, endpoint):
if "heartbleed" in node:
heartbleed = node["heartbleed"]
if heartbleed.get("status") == "NOT_SCHEDULED":
The problem appears to be that node has a "None" type which throws an unhandled error.
Recommend either a try/except addition or adding "if node is None -> return None"
Steps to reproduce
Steps to reproduce the behavior:
Import SSLyze JSON file
Observe error
Expected behavior
SSLyze JSON import should handle errors gracefully.
Deployment method(select with an X)
[X] Docker Compose
[ ] Kubernetes
[ ] GoDojo
Environment information
Operating System: Ubuntu 22.04
DefectDojo version (see footer) or commit message :v. 2.32.1
Logs
[pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {46 vars in 812 bytes} [Sun Mar 31 18:32:44 2024] GET /alerts/count => generated 14 bytes in 17 msecs (HTTP/1.1 200) 7 headers in 212 bytes (1 switches on core 0)
[31/Mar/2024 18:32:50] ERROR [dojo.engagement.views:819] argument of type 'NoneType' is not iterable
Traceback (most recent call last):
File "/app/dojo/engagement/views.py", line 803, in post
test, finding_count, closed_findingcount, = importer.import_scan(scan, scan_type, engagement, user, environment, active=active, verified=verified, tags=tags,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/dojo/importers/importer/importer.py", line 336, in import_scan
parsed_findings = parser.get_findings(scan, test)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/dojo/tools/sslyze/parser.py", line 26, in get_findings
return SSLyzeJSONParser().get_findings(filename, test)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/dojo/tools/sslyze/parser_json.py", line 79, in get_findings
return self.get_items(tree, test)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/dojo/tools/sslyze/parser_json.py", line 171, in get_items
item = get_heartbleed(scr_node, test, endpoint)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/dojo/tools/sslyze/parser_json.py", line 244, in get_heartbleed
if "heartbleed" in node:
^^^^^^^^^^^^^^^^^^^^
TypeError: argument of type 'NoneType' is not iterable
[pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {54 vars in 1243 bytes} [Sun Mar 31 18:32:49 2024] POST /product/133/import_scan_results => generated 0 bytes in 123 msecs (HTTP/1.1 302) 9 headers in 543 bytes (1 switches on core 1)
[pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {48 vars in 1243 bytes} [Sun Mar 31 18:32:50 2024] GET /engagement/38/import_scan_results => generated 121254 bytes in 62 msecs (HTTP/1.1 200) 9 headers in 468 bytes (1 switches on core 0)
[pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {46 vars in 791 bytes} [Sun Mar 31 18:32:51 2024] GET /alerts/count => generated 14 bytes in 18 msecs (HTTP/1.1 200) 7 headers in 212 bytes (1 switches on core 1)
Bug description SSLyze JSON file imports sometimes appear to send a None type node value in the get_heartbeat function.
def get_heartbleed(node, test, endpoint): if "heartbleed" in node: heartbleed = node["heartbleed"] if heartbleed.get("status") == "NOT_SCHEDULED":
The problem appears to be that node has a "None" type which throws an unhandled error.
Recommend either a try/except addition or adding "if node is None -> return None"
Steps to reproduce Steps to reproduce the behavior: Import SSLyze JSON file Observe error
Expected behavior SSLyze JSON import should handle errors gracefully.
Deployment method (select with an
X
)Environment information
Logs [pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {46 vars in 812 bytes} [Sun Mar 31 18:32:44 2024] GET /alerts/count => generated 14 bytes in 17 msecs (HTTP/1.1 200) 7 headers in 212 bytes (1 switches on core 0) [31/Mar/2024 18:32:50] ERROR [dojo.engagement.views:819] argument of type 'NoneType' is not iterable Traceback (most recent call last): File "/app/dojo/engagement/views.py", line 803, in post test, finding_count, closed_findingcount, = importer.import_scan(scan, scan_type, engagement, user, environment, active=active, verified=verified, tags=tags, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/importers/importer/importer.py", line 336, in import_scan parsed_findings = parser.get_findings(scan, test) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/tools/sslyze/parser.py", line 26, in get_findings return SSLyzeJSONParser().get_findings(filename, test) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/tools/sslyze/parser_json.py", line 79, in get_findings return self.get_items(tree, test) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/tools/sslyze/parser_json.py", line 171, in get_items item = get_heartbleed(scr_node, test, endpoint) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/tools/sslyze/parser_json.py", line 244, in get_heartbleed if "heartbleed" in node: ^^^^^^^^^^^^^^^^^^^^ TypeError: argument of type 'NoneType' is not iterable [pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {54 vars in 1243 bytes} [Sun Mar 31 18:32:49 2024] POST /product/133/import_scan_results => generated 0 bytes in 123 msecs (HTTP/1.1 302) 9 headers in 543 bytes (1 switches on core 1) [pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {48 vars in 1243 bytes} [Sun Mar 31 18:32:50 2024] GET /engagement/38/import_scan_results => generated 121254 bytes in 62 msecs (HTTP/1.1 200) 9 headers in 468 bytes (1 switches on core 0) [pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {46 vars in 791 bytes} [Sun Mar 31 18:32:51 2024] GET /alerts/count => generated 14 bytes in 18 msecs (HTTP/1.1 200) 7 headers in 212 bytes (1 switches on core 1)
Sample scan files Currently unable to share