Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API version 2 No Longer Works with Generic Findings Import #81

Open
desebjohnston opened this issue May 24, 2023 · 0 comments
Open

API version 2 No Longer Works with Generic Findings Import #81

desebjohnston opened this issue May 24, 2023 · 0 comments

Comments

@desebjohnston
Copy link

desebjohnston commented May 24, 2023
edited
Loading

See issue initially reported here:
DefectDojo/django-DefectDojo#8154

It appears version 2.22.3 of DefectDojo no longer works for generic findings using the python API wrapper version 2. Version 2.18.0 was working with the wrapper. I manually create the product and engagement and map the IDs.

Attached file for import is here:
generic_HONGGFUZZ.REPORT.csv

Using curl I can get the file to import:

curl -X POST "http://" -H "accept: application/json" -H "Content-Type: multipart/form-data" -H "User-Agent: DefectDojo_api/1.2.0." -H "Authorization: Token <auth_token_here>" -F "minimum_severity=Info" -F "active=true" -F "scan_type=Generic Findings Import" -F "push_to_jira=false" -F "file=@generic_HONGGFUZZ.REPORT.csv" -F "product_name=Test" -F "scan_date=2023-05-24" -F "engagement=7"

Using the API as follows:

from defectdojo_api import defectdojo_apiv2

host = 'http:/dojo.url.goes.here'
api_key = '<api_key_goes_here>'
user = '<admin_name_goes_here>'
proxy = None
engagement_id = '11'
scanner = 'Generic Findings Import'
file = 'generic_HONGGFUZZ.REPORT.csv'
verified = None
close_old_findings = None
skip_duplicates = None
dojoDate = '2023-05-24'
build = None
tags = None
minimum_severity = 'Info'
        
dd = defectdojo_apiv2.DefectDojoAPIv2(host, api_key, user, verify_ssl=False, timeout=360, debug=True)

scanner = "Generic Findings Import"
print ("Uploading " + tool + " scan: " + file)
test_id = dd.upload_scan(engagement_id, scanner, file, "true", verified, close_old_findings, skip_duplicates, dojoDate, build=build,
                                 tags=tags, minimum_severity=minimum_severity)

I get the following error message:
An error occured while uploading the scan: Error occured in API.

The DefectDojo log shows the following with more information:

django-defectdojo-2223-uwsgi-1 | [pid: 37|app: -|req: -/-] 172.18.0.1 (-) {30 vars in 366 bytes} [Wed May 24 18:51:54 2023] GET / => generated 0 bytes in 28 msecs (HTTP/1.0 500) 0 headers in 0 bytes (0 switches on core 0)
django-defectdojo-2223-uwsgi-1 | [pid: 37|app: -|req: -/-] 172.18.0.1 (-) {40 vars in 657 bytes} [Wed May 24 18:53:16 2023] GET //api/v2/users/?limit=20&username=dojoadmin => generated 254 bytes in 37 msecs (HTTP/1.1 200) 8 headers in 246 bytes (1 switches on core 1)
django-defectdojo-2223-uwsgi-1 | [pid: 37|app: -|req: -/-] 172.18.0.1 (-) {42 vars in 644 bytes} [Wed May 24 18:53:17 2023] POST //api/v2/engagements/ => generated 809 bytes in 131 msecs (HTTP/1.1 201) 8 headers in 251 bytes (1 switches on core 0)
django-defectdojo-2223-uwsgi-1 | [24/May/2023 18:53:17] WARNING [dojo.importers.importer.importer:260] Expecting value: line 1 column 1 (char 0)
django-defectdojo-2223-uwsgi-1 | [24/May/2023 18:53:17] WARNING [django.request:241] Bad Request: /api/v2/import-scan/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@desebjohnston