search

bmarsh9 / gapps

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
Other
437 stars 99 forks source link

Problem when adding framework with uppercase in the .json filename #75

Closed GBues closed 1 year ago

GBues commented 1 year ago

I Bmarsh9,

When trying to add a framework I had an error

gapps-worker | DEBUG:procrastinate.worker.worker:Waiting for new jobs on all queues gapps | [2023-06-16 08:25:22,258] ERROR in app: Exception on /api/v1/tenants/1/load-frameworks [PUT] gapps | Traceback (most recent call last): gapps | File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 2073, in wsgi_app gapps | response = self.full_dispatch_request() gapps | File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1519, in full_dispatch_request gapps | rv = self.handle_user_exception(e) gapps | File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1517, in full_dispatch_request gapps | rv = self.dispatch_request() gapps | File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1503, in dispatch_request gapps | return self.ensure_sync(self.view_functions[rule.endpoint])(*req.view_args) gapps | File "/app/app/utils/decorators.py", line 212, in decorator gapps | return view_function(args, **kwargs) gapps | File "/app/app/api_v1/views.py", line 528, in reload_tenant_frameworks gapps | result["extra"]["tenant"].create_base_frameworks() gapps | File "/app/app/models.py", line 132, in create_base_frameworks gapps | self.create_base_controls_for_framework(name) gapps | File "/app/app/models.py", line 121, in create_base_controls_for_framework gapps | with open(os.path.join(current_app.config["FRAMEWORK_FOLDER"], f"{name}.json")) as f: gapps | FileNotFoundError: [Errno 2] No such file or directory: '/app/app/files/base_controls/pgssi_s3.json'

The filename was actually PGSSI_S3.json. After a rename in lowercase it was loaded without issue.

I would suggest File "/app/app/models.py", line 121, in create_base_controls_for_framework

def create_base_controls_for_framework(self, name):
    with open(os.path.join(current_app.config["FRAMEWORK_FOLDER"], f"{name}.json")) as f:
        controls=json.load(f)
        name = name.lower()
        Control.create({"controls":controls,"framework":name}, self.id)
    return True
bmarsh9 commented 1 year ago

I believe you are working off a older code base. Here is the specific line

GBues commented 1 year ago

Yes, but the specific line you give works wrong. It tries to open the file with name lowercase which doesn't exist on the filesystem (I'm on debian).

If you correct it as i wrote it should work better.