Thank you for taking the time to let us know about the issue you found. The basic rule for bug reporting is that
something isn't working the way one would expect it to work. Please provide us with the information requested
below and we will look at it as soon as we are able.
Description
The nightly scan findings are not being saved in DAC and the post-processing task at the end of the workflow results in the following traceback in the backend logs:
8:28:50.809: [CELL.0] Cell <redacted> successfully created container for instance da08ca50-293d-4331-8ecc-039cc02c43e6
08:29:00.742: [APP/TASK/nightly-owasp-scan.0] Invoking pre-start scripts.
08:29:00.844: [APP/TASK/nightly-owasp-scan.0] Invoking start command.
08:29:02.453: [APP/TASK/nightly-owasp-scan.0] Traceback (most recent call last):
08:29:02.453: [APP/TASK/nightly-owasp-scan.0] File "/home/vcap/app/manage.py", line 31, in <module>
08:29:02.453: [APP/TASK/nightly-owasp-scan.0] main()
08:29:02.453: [APP/TASK/nightly-owasp-scan.0] File "/home/vcap/app/manage.py", line 27, in main
08:29:02.453: [APP/TASK/nightly-owasp-scan.0] execute_from_command_line(sys.argv)
08:29:02.453: [APP/TASK/nightly-owasp-scan.0] File "/home/vcap/deps/1/python/lib/python3.10/site-packages/django/core/management/__init__.py", line 419, in execute_from_command_line
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] utility.execute()
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] File "/home/vcap/deps/1/python/lib/python3.10/site-packages/django/core/management/__init__.py", line 413, in execute
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] self.fetch_command(subcommand).run_from_argv(self.argv)
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] File "/home/vcap/deps/1/python/lib/python3.10/site-packages/django/core/management/base.py", line 354, in run_from_argv
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] self.execute(*args, **cmd_options)
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] File "/home/vcap/deps/1/python/lib/python3.10/site-packages/django/core/management/base.py", line 398, in execute
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] output = self.handle(*args, **options)
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] File "/home/vcap/app/tdpservice/security/management/commands/process_owasp_scan.py", line 74, in handle
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] raise Exception("CircleCI API returned an unexpected error.")
08:29:02.454: [APP/TASK/nightly-owasp-scan.0] Exception: CircleCI API returned an unexpected error.
In what way were you interacting with the application when you discovered the issue? Please be specific. Did it happen after you made a selection or clicked a button? Which page and which button? This information really helps us get to the bottom of an issue more quickly
logged in to DAC to check for saved zap artifacts
navigated to the latest nightly scan job in CircleCI to check for failures (none were found)
re-ran the workflow from circleci and monitored the backend logs
after finding the exception, queried the cloud.gov historical logs for the exception and found that the exception was present as early as 5/16/2024 (in tdp-backend-develop)
also manually navigated to artifacts endpoint while logged into circleci and can confirm that the endpoint returns a 200 response.
What I expected to see
frontend and backend zap scan artifacts saved for most recent scan
What I did see
no artifacts saved
the abovementioned exception in the backend logs
Other Helpful Information
Is the issue repeatable?: ( yes | no | don't know ) yes
Thank you for taking the time to let us know about the issue you found. The basic rule for bug reporting is that something isn't working the way one would expect it to work. Please provide us with the information requested below and we will look at it as soon as we are able.
Description
The nightly scan findings are not being saved in DAC and the post-processing task at the end of the workflow results in the following traceback in the backend logs:
this exception stems from here: https://github.com/raft-tech/TANF-app/blob/develop/tdrs-backend/tdpservice/security/management/commands/process_owasp_scan.py#L73L74
Action Taken
In what way were you interacting with the application when you discovered the issue? Please be specific. Did it happen after you made a selection or clicked a button? Which page and which button? This information really helps us get to the bottom of an issue more quickly
logged in to DAC to check for saved zap artifacts
navigated to the latest nightly scan job in CircleCI to check for failures (none were found)
re-ran the workflow from circleci and monitored the backend logs
after finding the exception, queried the cloud.gov historical logs for the exception and found that the exception was present as early as 5/16/2024 (in tdp-backend-develop)
also manually navigated to artifacts endpoint while logged into circleci and can confirm that the endpoint returns a 200 response.
What I expected to see
frontend and backend zap scan artifacts saved for most recent scan
What I did see
Other Helpful Information