Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tenable import fails with "Version of CPE not implemented" #11243

Open
WojTecH94 opened this issue Nov 12, 2024 · 1 comment
Open

Tenable import fails with "Version of CPE not implemented" #11243

WojTecH94 opened this issue Nov 12, 2024 · 1 comment
Labels
bug

Comments

@WojTecH94
Copy link
Contributor

WojTecH94 commented Nov 12, 2024
edited
Loading

Be informative
Tenable csv import fails if it has records with CPE field included

Steps to reproduce
Steps to reproduce the behavior:

  1. Import tenable report csv file with finding that have CPE field defined (example added as attachment)

Expected behavior
CPE handling is properly implemented, import works with no errors.

Deployment method (select with an X)

  • Docker Compose

Environment information

  • Checked on DefectDojo version 2.40.0 and 2.35.2

Logs
Stacktrace included cpe_error.log

Sample scan files
cpe_raport.csv
@WojTecH94 WojTecH94 added the bug label Nov 12, 2024
@mtesauro
Copy link
Contributor

Adding error inline so it's easier to review this:

[12/Nov/2024 14:38:49] ERROR [dojo.engagement.views:933] Version of CPE not implemented
Traceback (most recent call last):
  File "/app/dojo/engagement/views.py", line 924, in import_findings
    context["test"], _, finding_count, closed_finding_count, _, _, _ = importer_client.process_scan(
                                                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/importers/default_importer.py", line 107, in process_scan
    self.parsed_findings = self.parse_findings(scan, parser)
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/importers/default_importer.py", line 313, in parse_findings
    self.parsed_findings = self.parse_findings_static_test_type(scan, parser)
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/importers/default_importer.py", line 330, in parse_findings_static_test_type
    return super().parse_findings_static_test_type(scan, parser)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/importers/base_importer.py", line 161, in parse_findings_static_test_type
    return parser.get_findings(scan, self.test)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/tools/tenable/parser.py", line 23, in get_findings
    return TenableCSVParser().get_findings(filename, test)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/tools/tenable/csv_format.py", line 163, in get_findings
    cpe_decoded = CPE(detected_cpe[0])
                  ^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/cpe/cpe.py", line 311, in __new__
    raise NotImplementedError(errmsg)
NotImplementedError: Version of CPE not implemented

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mtesauro @WojTecH94