Error importing scan via GUI

[WojTecH94]

Bug description Error when importing scan (Tenable) via GUI, API import seems fine.

Steps to reproduce Steps to reproduce the behavior:

1. Go to some product page
2. Click on 'Findings -> Import Scan Result'
3. Scroll down to 'Tenable' Scan Type
4. Choose a report file
5. Click 'Import'

Expected behavior Findings should be imported with no error.

Deployment method (select with an X)

• [ x ] Docker Compose
• [ ] Kubernetes
• [ ] GoDojo

Environment information

• Operating System: Oracle Linux 9.2
• Tested on Defect Dojo v. 2.31.2 and Defect Dojo v. 2.31.0

Logs

django-defectdojo-uwsgi-1 | [22/Feb/2024 16:54:46] INFO [django.request:241] OK: /product/42/import_scan_results django-defectdojo-uwsgi-1 | Traceback (most recent call last): django-defectdojo-uwsgi-1 | File "/usr/local/lib/python3.11/site-packages/django/core/handlers/exception.py", line 56, in inner django-defectdojo-uwsgi-1 | response = get_response(request) django-defectdojo-uwsgi-1 | ^^^^^^^^^^^^^^^^^^^^^ django-defectdojo-uwsgi-1 | File "/usr/local/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response django-defectdojo-uwsgi-1 | response = wrapped_callback(request, *callback_args, **callback_kwargs) django-defectdojo-uwsgi-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ django-defectdojo-uwsgi-1 | File "/usr/local/lib/python3.11/site-packages/django/views/generic/base.py", line 103, in view django-defectdojo-uwsgi-1 | return self.dispatch(request, *args, **kwargs) django-defectdojo-uwsgi-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ django-defectdojo-uwsgi-1 | File "/usr/local/lib/python3.11/site-packages/django/views/generic/base.py", line 142, in dispatch django-defectdojo-uwsgi-1 | return handler(request, *args, **kwargs) django-defectdojo-uwsgi-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ django-defectdojo-uwsgi-1 | File "/app/dojo/engagement/views.py", line 682, in post django-defectdojo-uwsgi-1 | create_finding_groups_for_all_findings = form.cleaned_data['create_finding_groups_for_all_findings'] django-defectdojo-uwsgi-1 | ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ django-defectdojo-uwsgi-1 | KeyError: 'create_finding_groups_for_all_findings'

[manuel-sommer]

Could you please share a sample scan?

[WojTecH94]

sure tenable_sample_scan.csv

[manuel-sommer]

For me it worked fine.

[manuel-sommer]

I uploaded it into the gui with no error.

[WojTecH94]

Do you have system settings option "Enable Finding Groups" turned on or off?

[WojTecH94]

It seems that there is some problem with "Enable Finding Groups" switch... Because I don't have below options during scan import available no matter if I enable it or disable:

I was able to switch database to some old version, then rebuild containers to the newest DefectDojo version and the options suddenly appeard on my test environment... Now I am able to import scans on test env too...

[manuel-sommer]

Anyway, I detected another bug in tenable with this retest, see PR

[WojTecH94]

It appears that it is not a problem with Tenable specific scan. I tested trivy scan and it also results with the same error. So now I suspect that it is caused by missing finding group options on import scan page.

[WojTecH94]

Ok we discoverd that system setting "Enable Finding Groups" is not correctly interpreted by DefectDojo. It does not affect import scan page untill you restart containers (the value in database is ok and it changes according to checkbox, but is not loaded in real time). That is the first issue.

Second issue is that when you switch off that option in system settings and restart DD containers you will get error which I mentioned.

[manuel-sommer]

Could you make a PR to fix this problem?

[WojTecH94]

I am afraid I am not experienced enough in DD code to fix those issues :(