Acunetix Scan import : 'NoneType' object has no attribute 'replace'

[ptitkosmos]

Bug description
This error occurs each time html2text.HTML2Text() is used with a property get with default value but the property exists and is null

item = { "XXX" : null }
text_maker = html2text.HTML2Text()
text_maker.handle(item.get("XXX", ""))

The html2Text handle calls feed that use replace function on given data (None).

Steps to reproduce
Steps to reproduce the behavior:
Try to integrate an Acunetix 360 json report with field RemedialProcedure set to null or any other property using html2Text converter

Expected behavior
Check that the value exists and is not None before calling html2Text handler.

Deployment method (select with an X)

• Docker Compose
• Kubernetes
• GoDojo

Logs

[20/Jun/2024 06:16:33] ERROR [dojo.api_v2.exception_handler:43] 'NoneType' object has no attribute 'replace'
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/mixins.py", line 19, in create
    self.perform_create(serializer)
  File "/app/dojo/api_v2/views.py", line 2801, in perform_create
    serializer.save(push_to_jira=push_to_jira)
  File "/app/dojo/api_v2/serializers.py", line 2590, in save
    self.process_scan(auto_create_manager, data, context)
  File "/app/dojo/api_v2/serializers.py", line 2542, in process_scan
    ).process_scan(
      ^^^^^^^^^^^^^
  File "/app/dojo/importers/default_reimporter.py", line 93, in process_scan
    self.parsed_findings = self.parse_findings(scan, parser)
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/importers/base_importer.py", line 222, in parse_findings
    self.parsed_findings = self.parse_findings_static_test_type(scan, parser)
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/importers/default_reimporter.py", line 291, in parse_findings_static_test_type
    return super().parse_findings_static_test_type(scan, parser)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/importers/base_importer.py", line 160, in parse_findings_static_test_type
    return parser.get_findings(scan, self.test)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/tools/acunetix/parser.py", line 21, in get_findings
    return AcunetixJSONParser().get_findings(filename, test)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/tools/acunetix/parse_acunetix360_json.py", line 32, in get_findings
    mitigation = text_maker.handle(item.get("RemedialProcedure", ""))
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/html2text/__init__.py", line 145, in handle
    self.feed(data)
  File "/usr/local/lib/python3.11/site-packages/html2text/__init__.py", line 140, in feed
    data = data.replace("</' + 'script>", "</ignore>")
           ^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'replace'

Sample scan files

{
  "Generated": "19/06/2024 04:48 PM",
  "Target": {
    "Duration": "00:00:58.0662477",
    "Initiated": "23/02/2023 02:30 PM",
    "ScanId": "cb10809365d246d0881eafb202e63e55",
    "Url": "XXXX"
  },
  "Vulnerabilities": [
    {
      "Certainty": 90,
      "Classification": null,
      "Confirmed": false,
      "Description": "This vulnerability is removed or expired.",
      "ExploitationSkills": null,
      "ExternalReferences": null,
      "ExtraInformation": [],
      "FirstSeenDate": "02/06/2022 05:25 PM",
      "HttpRequest": {
        "Content": "GET /cgi-bin/ HTTP/1.1\r\nHost: XXXX\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nCache-Control: no-cache\r\nCookie: PHPSESSID=1adegrqlm9oebggs8mghcs78gt\r\nReferer: https://ics-monitoring.amersports.int/cgi-bin/\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.62 Safari/537.36\r\nX-Scanner: Acunetix 360\r\n\r\n",
        "Method": "GET",
        "Parameters": []
      },
      "HttpResponse": {
        "Content": "HTTP/1.1 403 Forbidden\r\nServer: Apache\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\nContent-Length: 199\r\nContent-Type: text/html; charset=iso-8859-1\r\nDate: Thu, 23 Feb 2023 09:45:56 GMT\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access this resource.</p>\n</body></html>\n",
        "Duration": 668.4901,
        "StatusCode": 403
      },
      "LookupId": "7ce8d15a-e5f0-4dd5-1f83-aea8034f4105",
      "Impact": null,
      "KnownVulnerabilities": [],
      "LastSeenDate": "23/02/2023 10:46 AM",
      "Name": "MissingXFrameOptionsHeader",
      "ProofOfConcept": null,
      "RemedialActions": null,
      "RemedialProcedure": null,
      "RemedyReferences": null,
      "Severity": "Low",
      "State": "Present",
      "Type": "MissingXFrameOptionsHeader",
      "Url": "XXXX",
      "Tags": []
    }
  ]
}

[manuel-sommer]

Could you please close this issue @ptitkosmos ?

[ptitkosmos]

Thank you for your quick fix