search

fortify / FortifyVulnerabilityExporter

Export Fortify vulnerability data to GitHub, GitLab, SonarQube and more
Other
24 stars 8 forks source link

fortify-vulnerability-exporter unable to generate report for GitLab #68

Closed xela-engineer closed 11 months ago

xela-engineer commented 1 year ago

I am integrating trial.fortify.com and GitLab. However, fortify-vulnerability-exporter unable to generate report for GitLab. I was using this command $docker run --rm -v ./export:/export fortifydocker/fortify-vulnerability-exporter:latest FoDToGitLab --fod.baseUrl=https://trial.fortify.com --fod.tenant="" --fod.user="" --fod.password="" --fod.release.id="215288"

Error Logs:

02:48:48.286 [main] DEBUG com.fortify.util.spring.boot.container.PopulateContainerDirs - Populate container directories enabled: true 02:48:48.292 [main] DEBUG com.fortify.util.spring.boot.container.PopulateContainerDirs - Checking whether container directories need to be initialized 02:48:48.306 [main] DEBUG com.fortify.util.spring.boot.container.PopulateContainerDirs - Target path /config is present: true

____ ()/ __ _ _/ \ '__ __ _ (_) _ _ _ ___/ _ __ _ _ __, _ __/ _ \ \ / / ___/ () () \ \ / / _ _ _ _ \ \/ / ' \ / \ '_/ ` '_ \ __ \ / _ __/ (_ _) _ _ \/ _, _ _ _ ___ _ _, _.__/ _ _ _ __ __, __ _ __/ ____ ___/ _ _ _ __ _ __ \ \/ / ' \ / \ '__ _/ \ '__ ____ > < _) (_) __/ __//_\ ./ \/ _ _____ _
_

2023-08-11 02:48:50.789 INFO 1 --- [ main] e.p.PluginConfigEnvironmentPostProcessor : Loaded 14 plugin configuration files 2023-08-11 02:48:50.811 INFO 1 --- [ main] c.f.v.FortifyVulnerabilityExporter : Starting FortifyVulnerabilityExporter v2.0.3 using Java 11.0.19 on 1f7a2ed7f237 with PID 1 (/app/classpath/FortifyVulnerabilityExporter-2.0.3-plain.jar started by root in /) 2023-08-11 02:48:50.813 INFO 1 --- [ main] c.f.v.FortifyVulnerabilityExporter : The following 1 profile is active: "default" 2023-08-11 02:48:53.459 INFO 1 --- [ main] c.f.v.FortifyVulnerabilityExporter : Using configuration file /config/FoDToGitLab.yml 2023-08-11 02:48:53.470 INFO 1 --- [ main] c.f.v.FortifyVulnerabilityExporter : Started FortifyVulnerabilityExporter in 4.394 seconds (JVM running for 5.791) 2023-08-11 02:48:57.862 INFO 1 --- [ main] c.f.c.fod.connection.FoDTokenFactory : [FoD] Obtained access token, expiring at Fri Aug 11 08:48:52 UTC 2023 2023-08-11 02:48:58.810 INFO 1 --- [ main] c.f.v.f.fod.FromFoDVulnerabilityLoader : Processing Application Release: springboot:production-2 2023-08-11 02:49:01.718 INFO 1 --- [ main] c.f.v.f.fod.FromFoDVulnerabilityLoader : Processed 3 of 3 vulnerabilities 2023-08-11 02:49:01.719 INFO 1 --- [ main] bstractToFileStreamVulnerabilityConsumer : Opening output: JsonOutputConfig(super=FileOutputConfig(mkdir=true, stdout=false, stderr=false, file=/export/gl-fortify-sast.json), encoding=UTF8, pretty=true) java.lang.RuntimeException: Error closing vulnerability consumer at com.fortify.vulnexport.spi.target.vuln.consumer.AbstractVulnerabilityConsumer.handleCloseException(AbstractVulnerabilityConsumer.java:98) at com.fortify.vulnexport.spi.target.vuln.consumer.AbstractVulnerabilityConsumer.close(AbstractVulnerabilityConsumer.java:82) at java.base/java.util.ArrayList.forEach(Unknown Source) at com.fortify.vulnexport.api.vuln.consumer.CompositeVulnerabilityConsumer.close(CompositeVulnerabilityConsumer.java:55) at java.base/java.util.ArrayList.forEach(Unknown Source) at com.fortify.vulnexport.api.vuln.consumer.CompositeVulnerabilityConsumer.close(CompositeVulnerabilityConsumer.java:55) at com.fortify.vulnexport.from.fod.FromFoDVulnerabilityLoader$_FromFoDVulnerabilityLoader.processVulnerabilities(FromFoDVulnerabilityLoader.java:160) at com.fortify.util.rest.query.AbstractRestConnectionQuery$1.process(AbstractRestConnectionQuery.java:99) at com.fortify.util.rest.query.JSONMapProcessorWithPreProcessorsAndPagingSupport.process(JSONMapProcessorWithPreProcessorsAndPagingSupport.java:79) at com.fortify.util.rest.query.AbstractRestConnectionQuery.processSingleRequest(AbstractRestConnectionQuery.java:218) at com.fortify.util.rest.query.AbstractRestConnectionQuery.processAll(AbstractRestConnectionQuery.java:200) at com.fortify.util.rest.query.AbstractRestConnectionQuery.processAll(AbstractRestConnectionQuery.java:90) at com.fortify.util.rest.query.AbstractRestConnectionQuery.processAll(AbstractRestConnectionQuery.java:95) at com.fortify.vulnexport.from.fod.FromFoDVulnerabilityLoader$_FromFoDVulnerabilityLoader.run(FromFoDVulnerabilityLoader.java:106) at com.fortify.vulnexport.from.fod.FromFoDVulnerabilityLoader.run(FromFoDVulnerabilityLoader.java:82) at com.fortify.vulnexport.FortifyVulnerabilityExporterRunnerFactory.runActiveVulnerabilityLoader(FortifyVulnerabilityExporterRunnerFactory.java:91) at com.fortify.util.spring.boot.scheduler.RunOrSchedule.runOnce(RunOrSchedule.java:76) at com.fortify.util.spring.boot.scheduler.RunOrSchedule.run(RunOrSchedule.java:48) at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:768) at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:752) at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) at com.fortify.vulnexport.FortifyVulnerabilityExporter.main(FortifyVulnerabilityExporter.java:61) Caused by: java.lang.RuntimeException: Error closing vulnerability consumer at com.fortify.vulnexport.spi.target.vuln.consumer.AbstractVulnerabilityConsumer.handleCloseException(AbstractVulnerabilityConsumer.java:98) at com.fortify.vulnexport.spi.target.vuln.consumer.AbstractVulnerabilityConsumer.close(AbstractVulnerabilityConsumer.java:82) at com.fortify.vulnexport.spi.target.vuln.consumer.FilteringConsumer._close(FilteringConsumer.java:71) at com.fortify.vulnexport.spi.target.vuln.consumer.AbstractVulnerabilityConsumer.close(AbstractVulnerabilityConsumer.java:80) ... 20 more Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1021E: A problem occurred whilst attempting to access the property 'staticScanSummary': 'Error loading data for property staticScanSummary' at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:209) at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:104) at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:91) at org.springframework.expression.spel.ast.CompoundExpression.getValueRef(CompoundExpression.java:61) at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:91) at org.springframework.expression.spel.ast.Elvis.getValueInternal(Elvis.java:54) at org.springframework.expression.spel.ast.FunctionReference.getArguments(FunctionReference.java:158) at org.springframework.expression.spel.ast.FunctionReference.executeFunctionJLRMethod(FunctionReference.java:96) at org.springframework.expression.spel.ast.FunctionReference.getValueInternal(FunctionReference.java:80) at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:117) at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:376) at com.fortify.util.spring.expression.WrappedExpression.getValue(WrappedExpression.java:131) at com.fortify.util.spring.expression.helper.AbstractExpressionHelper.evaluateExpression(AbstractExpressionHelper.java:156) at com.fortify.util.spring.expression.helper.AbstractExpressionHelper.evaluateTemplateExpression(AbstractExpressionHelper.java:166) at com.fortify.util.spring.expression.TemplateExpressionMap.evaluateExpression(TemplateExpressionMap.java:44) at com.fortify.util.spring.expression.AbstractExpressionMapEvaluator.lambda$evaluate$0(AbstractExpressionMapEvaluator.java:47) at com.fortify.util.spring.expression.AbstractExpressionMapEvaluator.evaluate(AbstractExpressionMapEvaluator.java:52) at com.fortify.vulnexport.to.json.vuln.formatter.JsonFormatter.write(JsonFormatter.java:131) at com.fortify.vulnexport.to.json.vuln.formatter.JsonFormatter.write(JsonFormatter.java:105) at com.fortify.vulnexport.to.json.ToJsonVulnerabilityConsumer.beforeClose(ToJsonVulnerabilityConsumer.java:65) at com.fortify.vulnexport.spi.target.vuln.consumer.to.output.AbstractToOutputVulnerabilityConsumer._close(AbstractToOutputVulnerabilityConsumer.java:74) at com.fortify.vulnexport.spi.target.vuln.consumer.AbstractVulnerabilityConsumer.close(AbstractVulnerabilityConsumer.java:80) ... 22 more Caused by: java.lang.RuntimeException: Error loading data for property staticScanSummary at com.fortify.util.rest.json.embed.StandardEmbedDefinition$OnErrorAction.fail(StandardEmbedDefinition.java:111) at com.fortify.util.rest.json.embed.StandardEmbedDefinition$OnErrorAction.handle(StandardEmbedDefinition.java:106) at com.fortify.util.rest.json.embed.StandardEmbedDefinition.getResultOnError(StandardEmbedDefinition.java:86) at com.fortify.util.rest.json.preprocessor.enrich.JSONMapEnrichWithOnDemandRestData$JSONMapOnDemandLoaderRestData.getResult(JSONMapEnrichWithOnDemandRestData.java:61) at com.fortify.util.rest.json.preprocessor.enrich.JSONMapEnrichWithOnDemandRestData$JSONMapOnDemandLoaderRestData.getOnDemand(JSONMapEnrichWithOnDemandRestData.java:53) at com.fortify.util.rest.json.ondemand.AbstractJSONMapOnDemandLoaderWithConnection.getOnDemand(AbstractJSONMapOnDemandLoaderWithConnection.java:51) at com.fortify.util.rest.json.ondemand.AbstractJSONMapOnDemandLoader.getAndStoreOnDemand(AbstractJSONMapOnDemandLoader.java:46) at com.fortify.util.rest.json.JSONMap.getOnDemandValue(JSONMap.java:285) at com.fortify.util.rest.json.JSONMap.get(JSONMap.java:130) at com.fortify.util.spring.context.expression.MapAccessorIgnoreNonExistingProperties.read(MapAccessorIgnoreNonExistingProperties.java:50) at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:204) ... 43 more Caused by: java.lang.RuntimeException: Error accessing remote system https://api.trial.fortify.com: Not Found at com.fortify.util.rest.connection.AbstractRestConnection.getUnsuccesfulResponseException(AbstractRestConnection.java:358) at com.fortify.util.rest.connection.AbstractRestConnection.checkResponseAndGetOutput(AbstractRestConnection.java:322) at com.fortify.util.rest.connection.AbstractRestConnection.executeRequest(AbstractRestConnection.java:224) at com.fortify.util.rest.connection.AbstractRestConnection.executeRequestWithFinalizedWebTarget(AbstractRestConnection.java:186) at com.fortify.client.fod.connection.FoDBasicRestConnection.executeRequestWithFinalizedWebTarget(FoDBasicRestConnection.java:76) at com.fortify.util.rest.connection.AbstractRestConnection.executeRequest(AbstractRestConnection.java:167) at com.fortify.util.rest.connection.AbstractRestConnection.executeRequest(AbstractRestConnection.java:152) at com.fortify.util.rest.json.preprocessor.enrich.JSONMapEnrichWithOnDemandRestData$JSONMapOnDemandLoaderRestData.getResult(JSONMapEnrichWithOnDemandRestData.java:59) ... 50 more Caused by: java.lang.Exception: Error accessing remote system https://api.trial.fortify.com: Not Found, response contents:

    ... 58 more
rsenden commented 1 year ago

Sorry for the delay. Are you still experiencing this issue? It could have been a temporary errors, or potentially the FoD trial doesn't provide the necessary API endpoints.

rsenden commented 11 months ago

Closing this issue as user didn't confirm whether issue is still present, and we cannot reproduce this on regular FoD instances.