search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.51k stars 1.48k forks source link

Unicode error while importing snyk report #993

Closed madchap closed 5 years ago

madchap commented 5 years ago

Please use the following template when submitting issues: (If this is a security issue, then review the disclosure policy and submit via our security reporting program.

Issue Template

Issue Type

Description

When importing a snyk report, there is the following error:

'ascii' codec can't encode character u'\u2019' in position 324: ordinal not in range(128)

./dojo/models.py in compute_hash_code, line 1081

Environment:

Request Method: POST
Request URL: http://localhost:8080/product/1/import_scan_results

Django Version: 1.11.20
Python Version: 2.7.16
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'polymorphic',
 'overextends',
 'django.contrib.admin',
 'django.contrib.humanize',
 'gunicorn',
 'tastypie',
 'auditlog',
 'dojo',
 'tastypie_swagger',
 'watson',
 'tagging',
 'custom_field',
 'imagekit',
 'multiselectfield',
 'rest_framework',
 'rest_framework.authtoken',
 'rest_framework_swagger',
 'dbbackup',
 'taggit_serializer',
 'django_celery_results')
Installed Middleware:
['django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'dojo.middleware.LoginRequiredMiddleware',
 'dojo.middleware.TimezoneMiddleware']

Traceback:

File "/usr/local/lib/python2.7/site-packages/django/core/handlers/exception.py" in inner
  41.             response = get_response(request)
File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py" in _legacy_get_response
  249.             response = self._get_response(request)
File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
  23.                 return view_func(request, *args, **kwargs)
File "./dojo/product/views.py" in import_scan_results_prod
  382.     return import_scan_results(request, pid=pid)
File "/usr/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
  23.                 return view_func(request, *args, **kwargs)
File "./dojo/engagement/views.py" in import_scan_results
  539.                     item.save(dedupe_option=False, false_history=True)
File "./dojo/models.py" in save
  1226.             self.hash_code = self.compute_hash_code()
File "./dojo/models.py" in compute_hash_code
  1081.         hash_string = self.title + str(self.cwe) + str(self.line) + str(self.file_path) + str(self.description)

Exception Type: UnicodeEncodeError at /product/1/import_scan_results
Exception Value: 'ascii' codec can't encode character u'\u2019' in position 324: ordinal not in range(128)

dojo model.py


apply_cwe_to_template | <function apply_cwe_to_template at 0x7f04bbaaa230>
-- | --
args | ()
dedupe_option | False
false_history | True
kwargs | {}
new_finding | False
rules_option | True
self | <Finding: org.jenkins-ci.main:jenkins-parent@2.170-SNAPSHOT: Cross-site Scripting (XSS) - (org.springframework:spring-webmvc, 2.5.6.SEC03)>

If the issue is a bug, please also include the following:

Operating System

Please include the version number (ex: Ubuntu 16.04)

Install

DefectDojo Version

Steps to Reproduce

Import a (working) snyk json report (attached).

Sample Scan File (if applicable)

snyk_test.json.gz

Screenshots (optional)

Console Logs (optional)

madchap commented 5 years ago

Mixed it with PR https://github.com/DefectDojo/django-DefectDojo/pull/992 (not on purpose, sorry).