SSLyze JSON parser TypeError: argument of type 'NoneType' is not iterable

[tylerwhardy]

Bug description SSLyze JSON file imports sometimes appear to send a None type node value in the get_heartbeat function.

def get_heartbleed(node, test, endpoint): if "heartbleed" in node: heartbleed = node["heartbleed"] if heartbleed.get("status") == "NOT_SCHEDULED":

The problem appears to be that node has a "None" type which throws an unhandled error.

Recommend either a try/except addition or adding "if node is None -> return None"

Steps to reproduce Steps to reproduce the behavior: Import SSLyze JSON file Observe error

Expected behavior SSLyze JSON import should handle errors gracefully.

Deployment method (select with an X)

• [X] Docker Compose
• [ ] Kubernetes
• [ ] GoDojo

Environment information

• Operating System: Ubuntu 22.04
• DefectDojo version (see footer) or commit message :v. 2.32.1

Logs [pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {46 vars in 812 bytes} [Sun Mar 31 18:32:44 2024] GET /alerts/count => generated 14 bytes in 17 msecs (HTTP/1.1 200) 7 headers in 212 bytes (1 switches on core 0) [31/Mar/2024 18:32:50] ERROR [dojo.engagement.views:819] argument of type 'NoneType' is not iterable Traceback (most recent call last): File "/app/dojo/engagement/views.py", line 803, in post test, finding_count, closed_findingcount, = importer.import_scan(scan, scan_type, engagement, user, environment, active=active, verified=verified, tags=tags, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/importers/importer/importer.py", line 336, in import_scan parsed_findings = parser.get_findings(scan, test) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/tools/sslyze/parser.py", line 26, in get_findings return SSLyzeJSONParser().get_findings(filename, test) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/tools/sslyze/parser_json.py", line 79, in get_findings return self.get_items(tree, test) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/tools/sslyze/parser_json.py", line 171, in get_items item = get_heartbleed(scr_node, test, endpoint) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/dojo/tools/sslyze/parser_json.py", line 244, in get_heartbleed if "heartbleed" in node: ^^^^^^^^^^^^^^^^^^^^ TypeError: argument of type 'NoneType' is not iterable [pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {54 vars in 1243 bytes} [Sun Mar 31 18:32:49 2024] POST /product/133/import_scan_results => generated 0 bytes in 123 msecs (HTTP/1.1 302) 9 headers in 543 bytes (1 switches on core 1) [pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {48 vars in 1243 bytes} [Sun Mar 31 18:32:50 2024] GET /engagement/38/import_scan_results => generated 121254 bytes in 62 msecs (HTTP/1.1 200) 9 headers in 468 bytes (1 switches on core 0) [pid: 31|app: -|req: -/-] 192.168.1.27 (admin) {46 vars in 791 bytes} [Sun Mar 31 18:32:51 2024] GET /alerts/count => generated 14 bytes in 18 msecs (HTTP/1.1 200) 7 headers in 212 bytes (1 switches on core 1)

Sample scan files Currently unable to share

[manuel-sommer]

@tylerwhardy , see PR.

[manuel-sommer]

The PR was merged yesterday @mtesauro. It would be nice if the linked issue is closed as soon as the PR is merged or released. 😄