Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A string literal cannot contain NUL (0x00) characters #9939

Closed
1 of 3 tasks
quyen66 opened this issue Apr 17, 2024 · 1 comment
Closed
1 of 3 tasks

A string literal cannot contain NUL (0x00) characters #9939

quyen66 opened this issue Apr 17, 2024 · 1 comment
Labels
bug

Comments

@quyen66
Copy link

quyen66 commented Apr 17, 2024
edited
Loading

While import Horusec scan result I got some error A string literal cannot contain NUL (0x00) characters., Maybe it's about the value in json report file.

Deployment method (select with an X)

  • Docker Compose
  • Kubernetes
  • GoDojo

Environment information

  • Operating System: Ubuntu 22.04
  • DefectDojo version v. 2.30.2 ( release mode )

Logs
Logs in uwsgi show

[pid: 35|app: -|req: -/-] 172.16.251.9 (admin_soc) {52 vars in 856 bytes} [Wed Apr 17 02:08:24 2024] GET /alerts/count => generated 12 bytes in 37 msecs (HTTP/1.1 200) 7 headers in 212 bytes (1 switches on core 3)
[pid: 31|app: -|req: -/-] 172.16.251.9 (admin_soc) {52 vars in 856 bytes} [Wed Apr 17 02:08:35 2024] GET /alerts/count => generated 12 bytes in 38 msecs (HTTP/1.1 200) 7 headers in 212 bytes (1 switches on core 0)
[17/Apr/2024 02:08:40] ERROR [dojo.engagement.views:751] A string literal cannot contain NUL (0x00) characters.
Traceback (most recent call last):
File "/app/dojo/engagement/views.py", line 735, in post
test, finding_count, closed_finding_count, _ = importer.import_scan(scan, scan_type, engagement, user, environment, active=active, verified=verified, tags=tags,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/dojo/importers/importer/importer.py", line 345, in import_scan
new_findings = self.process_parsed_findings(test, parsed_findings, scan_type, user, active=active,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/dojo/decorators.py", line 48, in wrapper
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/celery/local.py", line 182, in call
return self._get_current_object()(*a, **kw)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/celery/app/task.py", line 411, in call
return self.run(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/dojo/importers/importer/importer.py", line 111, in process_parsed_findings
item.save(dedupe_option=False)
File "/app/dojo/models.py", line 2926, in save
super(Finding, self).save(*args, **kwargs)
File "/usr/local/lib/python3.11/site-packages/django/db/models/base.py", line 812, in save
self.save_base(
File "/usr/local/lib/python3.11/site-packages/django/db/models/base.py", line 863, in save_base
updated = self._save_table(
^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/base.py", line 1006, in _save_table
results = self._do_insert(
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/base.py", line 1047, in _do_insert
return manager._insert(
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/manager.py", line 85, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/query.py", line 1791, in _insert
return query.get_compiler(using=using).execute_sql(returning_fields)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/sql/compiler.py", line 1660, in execute_sql
cursor.execute(sql, params)
File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 67, in execute
return self._execute_with_wrappers(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 80, in _execute_with_wrappers
return executor(sql, params, many, context)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 89, in _execute
return self.cursor.execute(sql, params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: A string literal cannot contain NUL (0x00) characters.

Sample scan files
I import this file (https://drive.google.com/file/d/1tGj2nBqauUDEtll36jbyPGIrdxHfWaLv/view?usp=sharing) and it return error string null after import some findings.
@quyen66 quyen66 added the bug label Apr 17, 2024
manuel-sommer added a commit to manuel-sommer/django-DefectDojo that referenced this issue Apr 17, 2024
@manuel-sommer
fix horusec null characters issue, DefectDojo#9939
f7a022e
@manuel-sommer manuel-sommer mentioned this issue Apr 17, 2024
Merged
@corvusmod corvusmod mentioned this issue Apr 17, 2024
Closed
3 tasks
Maffooch pushed a commit that referenced this issue Apr 17, 2024
@manuel-sommer
fix horusec null characters issue, #9939 (#9941)
b7bf15c
@manuel-sommer
Copy link
Contributor

This can be closed

@quyen66 quyen66 closed this as completed Apr 19, 2024
hblankenship pushed a commit to hblankenship/django-DefectDojo that referenced this issue Apr 26, 2024
@manuel-sommer @hblankenship
fix horusec null characters issue, DefectDojo#9939 (DefectDojo#9941)
c22ae77
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manuel-sommer @quyen66