Giters

1modm / petereport

PeTeReport is an open-source application vulnerability reporting tool.

Home Page:https://1modm.github.io/petereport/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Error when importing from DefectDojo

luminescence69 opened this issue · comments

commented

I'm seeing "filter" error when trying to import findings from DefectDojo

Environment:

Request Method: GET
Request URL: http://127.0.0.1/findings/defectdojo/products/2

Django Version: 3.2.5
Python Version: 3.8.10
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'martor',
'django_bleach',
'preport']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']

Template error:
In template /opt/petereport/app/preport/templates/findings/defectdojo_products.html, error at line 20
Invalid filter: 'bleach'
10 :
11 :


12 :

13 :

14 :

15 :

Import DefectDojo Findings into {{DB_report_query.title}}


16 :

17 :
24 :

25 :
DefectDojo: {{DefectDojoURL}}

26 :

27 :
28 :

29 :
30 :

Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.8/dist-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/opt/petereport/app/preport/decorators.py", line 15, in wrapper_func
return view_func(request, *args, **kwargs)
File "/opt/petereport/app/preport/views.py", line 1324, in defectdojo_products
return render(request, 'findings/defectdojo_products.html', {'DB_report_query': DB_report_query, 'DDproducts_count': DDproducts_count, 'DDproducts': DDproducts, 'DefectDojoURL': DefectDojoURL})
File "/usr/local/lib/python3.8/dist-packages/django/shortcuts.py", line 19, in render
content = loader.render_to_string(template_name, context, request, using=using)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 61, in render_to_string
template = get_template(template_name, using=using)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 15, in get_template
return engine.get_template(template_name)
File "/usr/local/lib/python3.8/dist-packages/django/template/backends/django.py", line 34, in get_template
return Template(self.engine.get_template(template_name), self)
File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 143, in get_template
template, origin = self.find_template(template_name)
File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 125, in find_template
template = loader.get_template(name, skip=skip)
File "/usr/local/lib/python3.8/dist-packages/django/template/loaders/base.py", line 29, in get_template
return Template(
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 155, in init
self.nodelist = self.compile_nodelist()
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 193, in compile_nodelist
return parser.parse()
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 278, in do_extends
nodelist = parser.parse()
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 216, in do_block
nodelist = parser.parse(('endblock',))
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 449, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 447, in parse
filter_expression = self.compile_filter(token.contents)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 563, in compile_filter
return FilterExpression(token, self)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 657, in init
filter_func = parser.find_filter(filter_name)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 569, in find_filter
raise TemplateSyntaxError("Invalid filter: '%s'" % filter_name)

Exception Type: TemplateSyntaxError at /findings/defectdojo/products/2
Exception Value: Invalid filter: 'bleach'

commented

Hi @luminescence69,

Should be fixed, try to update git pull and fetch data from Defectdojo.

Thanks

commented

I'm seeing "filter" error when trying to import findings from DefectDojo

Environment:

Request Method: GET Request URL: http://127.0.0.1/findings/defectdojo/products/2

Django Version: 3.2.5 Python Version: 3.8.10 Installed Applications: ['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'martor', 'django_bleach', 'preport'] Installed Middleware: ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware']

Template error: In template /opt/petereport/app/preport/templates/findings/defectdojo_products.html, error at line 20 Invalid filter: 'bleach' 10 : 11 :

12 :

13 :

14 :

15 :

Import DefectDojo Findings into {{DB_report_query.title}}

16 :

17 :

18 :

19 :
2. Home

20 :
4. [ {{ DB_report_query.product.name | bleach}} ](/product/view/{{ DB_report_query.product.pk}})

21 :
6. [{{ DB_report_query.title | bleach}}](/report/view/{{ DB_report_query.pk}})

22 :

23 :

24 :

25 :

DefectDojo: {{DefectDojoURL}}

26 :

27 :
28 :

29 :
30 :
Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/exception.py", line 47, in inner response = get_response(request) File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/base.py", line 181, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/local/lib/python3.8/dist-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view return view_func(request, *args, **kwargs) File "/opt/petereport/app/preport/decorators.py", line 15, in wrapper_func return view_func(request, *args, **kwargs) File "/opt/petereport/app/preport/views.py", line 1324, in defectdojo_products return render(request, 'findings/defectdojo_products.html', {'DB_report_query': DB_report_query, 'DDproducts_count': DDproducts_count, 'DDproducts': DDproducts, 'DefectDojoURL': DefectDojoURL}) File "/usr/local/lib/python3.8/dist-packages/django/shortcuts.py", line 19, in render content = loader.render_to_string(template_name, context, request, using=using) File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 61, in render_to_string template = get_template(template_name, using=using) File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 15, in get_template return engine.get_template(template_name) File "/usr/local/lib/python3.8/dist-packages/django/template/backends/django.py", line 34, in get_template return Template(self.engine.get_template(template_name), self) File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 143, in get_template template, origin = self.find_template(template_name) File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 125, in find_template template = loader.get_template(name, skip=skip) File "/usr/local/lib/python3.8/dist-packages/django/template/loaders/base.py", line 29, in get_template return Template( File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 155, in init self.nodelist = self.compile_nodelist() File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 193, in compile_nodelist return parser.parse() File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse raise self.error(token, e) File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse compiled_result = compile_func(self, token) File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 278, in do_extends nodelist = parser.parse() File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse raise self.error(token, e) File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse compiled_result = compile_func(self, token) File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 216, in do_block nodelist = parser.parse(('endblock',)) File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 449, in parse raise self.error(token, e) File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 447, in parse filter_expression = self.compile_filter(token.contents) File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 563, in compile_filter return FilterExpression(token, self) File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 657, in init filter_func = parser.find_filter(filter_name) File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 569, in find_filter raise TemplateSyntaxError("Invalid filter: '%s'" % filter_name)

Exception Type: TemplateSyntaxError at /findings/defectdojo/products/2 Exception Value: Invalid filter: 'bleach'

Were you able to import data from DefectDojo through API ?
I am getting data not found error.. Can you help me with the configuration changes ehich you have done ?

commented

@surajanuja you can check the changes here: 04b160a

But we can try to check with a Defectdojo demo server, try to configure in petereport_config.py:

DEFECTDOJO_CONFIG = {
	'DefectDojoURL': 'https://demo.defectdojo.org',
	'apiKey': 'Token 548afd6fab3bea9794a41b31da0e9404f733e222' # Format: Token <api_key>
}

Then check if you can import those findings:

image

Check that the API key is correct, it seems to change everyday: https://demo.defectdojo.org/api/key-v2

image

commented

@surajanuja you can check the changes here: 04b160a

But we can try to check with a Defectdojo demo server, try to configure in petereport_config.py:

DEFECTDOJO_CONFIG = {
	'DefectDojoURL': 'https://demo.defectdojo.org',
	'apiKey': 'Token 548afd6fab3bea9794a41b31da0e9404f733e222' # Format: Token <api_key>
}

Then check if you can import those findings:

image

Check that the API key is correct, it seems to change everyday: https://demo.defectdojo.org/api/key-v2

image

@1modm - After doing the above mentioned configuration it loads the entire product list from defectdojo but when I click on import findings, it imports all the findings. Is there a way to select specific findings only from a product?

commented

@surajanuja thank you for the comment, nope, at the moment is only possible to pull all the findings from the DefectDojo products. I have opened a request to implement this functionality: #64

Thanks