Skip to content

DefectDojo persistence provider error handling #618

New issue
New issue
Closed
Closed
DefectDojo persistence provider error handling#618
Assignees
Weltraumschaf
Labels
bugBugsdefectdojoAll issues regarding the DefectDojo IntegrationpersistenceImplement or update a persistence store
@EndPositive

Description

@EndPositive
EndPositive
opened on Aug 31, 2021

🐞 Bug report

Describe the bug

Running a large-scale Amass scan, we noticed that the DefectDojo persistence provider was failing. With closer inspection, we found that DefectDojo crashes on importing some endpoints which it regards as invalid. These domain names generally include underscores.

The persistence provider then restarts and tries again (failing), and again, etc.. Each time it restarts, it creates a new duplicate DefectDojo test object.

On another note, since amass is officially supported by SCB, but not by the DefectDojo persistence provider (uses generic), is this issue something that SCB actively supports?

Steps To Reproduce

Run the DefectDojo persistence provider and import list of findings with an invalid domain name.

Expected behavior

  1. The persistence provider should not crash.
  2. The persistence provider should be as atomic as possible (preventing duplicate imports).
  3. Discussion: how should DefectDojo and the persistence provider handle an improperly formatted generic findings?

System (please complete the following information):

  • secureCodeBox Version: 3.0.1
  • DefectDojo version 2.1.0

Screenshots / Logs

[30/Aug/2021 20:17:01] ERROR [django.request:224] Internal Server Error: /api/v2/reimport-scan/
Traceback (most recent call last):
  File "/app/./dojo/importers/reimporter/reimporter.py", line 162, in process_parsed_findings
    endpoint.clean()
  File "/app/./dojo/models.py", line 1218, in clean
    raise ValidationError(errors)
django.core.exceptions.ValidationError: ['Host "_invalid._host.com" has invalid format']
[...]

2021-08-30 20:14:21 INFO  VersionedEngagementsStrategy:191 - Using ProductType Id: 1
Exception in thread "main" org.springframework.web.client.HttpServerErrorException$InternalServerError: 500 Internal Server Error: [
<!doctype html>
<html lang="en">
<head>
  <title>Server Error (500)</title>
</head>
<body>
  <h1>Server Error (500)</h1><p></p>
</body>
</html>
]
	at org.springframework.web.client.HttpServerErrorException.create(HttpServerErrorException.java:100)
	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:188)
	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:125)
	at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
	at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:819)
	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:777)
	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
	at io.securecodebox.persistence.defectdojo.service.ImportScanService.createFindings(ImportScanService.java:100)
	at io.securecodebox.persistence.defectdojo.service.ImportScanService.reimportScan(ImportScanService.java:117)
	at io.securecodebox.persistence.strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:90)
	at io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42)

Metadata

Metadata

Assignees

Labels

bugBugsdefectdojoAll issues regarding the DefectDojo IntegrationpersistenceImplement or update a persistence store

Type

No type

Projects

secureCodeBox

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions