Jira Module (Cloud)
butsh opened this issue · 3 comments
The following error appears during running jira section:
ERROR:root:main:'float' object has no attribute 'replace'
ERROR: 'float' object has no attribute 'replace'
The nessus section ran perfectly
Ubuntu server 18.04.03 LTS
Python 2.7.15
Hi @butsh :)
I understand that the error appears as in "main", but that is because the function crashed and went backwards with the error that caused the issue to the main function. It doesn't seem to be a part of the jira module code on first sight though, as the only place where the replace
function is used, is in a piece of code that is not yet used in lines 312/313 from the jira module.
Could you run VulnWhisperer again with the "-d" debug flag to see the rest of the execution trail?
Glad you are testing the module!
Cheers!
Edit: Didn't notice the (Cloud) part, it could bring up some untested issues that I didn't see in local but we'll see once we understand this specific issue.
Hi @qmontal
Thank you for your fast and prompt reply
the output from the debug flag is as follows:
~$ vuln_whisperer -c /home/ubuntu/VulnWhisperer/configs/frameworks.ini -s jira -d
INFO:root:main:Running vulnwhisperer for section jira
DEBUG:vwConfig:get:Calling get for jira:enabled
DEBUG:vwConfig:get:Calling get for jira:hostname
DEBUG:vwConfig:get:Calling get for jira:username
DEBUG:vwConfig:get:Calling get for jira:password
DEBUG:vwConfig:get:Calling get for jira:write_path
DEBUG:vwConfig:get:Calling get for jira:db_path
DEBUG:vwConfig:getbool:Calling getbool for jira:verbose
INFO:vulnWhispererBase:init:Connected to database at /home/ubuntu/data/database/report_tracker.db
INFO:vulnWhispererJira:directory_check:Directory already exist for /home/ubuntu/data/jira/ - Skipping creation
INFO:vulnWhispererJira:init:Attempting to connect to jira...
DEBUG:vwConfig:get:Calling get for jira:write_path
DEBUG:urllib3.connectionpool:_new_conn:Starting new HTTPS connection (1): xxxxx.atlassian.net:443
DEBUG:urllib3.connectionpool:_make_request:https://xxxxx.atlassian.net:443 "GET /rest/api/2/serverInfo HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:_make_request:https://xxxxxx.atlassian.net:443 "GET /rest/api/2/field HTTP/1.1" 200 None
INFO:JiraAPI:init:Created vjira service for https://xxxxxx.atlassian.net
INFO:JiraAPI:download_tickets:Saving locally tickets from the last 12 months
DEBUG:urllib3.connectionpool:_make_request:https://xxxxx.atlassian.net:443 "GET /rest/api/2/search?jql=labels%3Dvulnerability_management+AND+created+%3E%3DstartOfMonth%28-12%29&validateQuery=True&startAt=0 HTTP/1.1" 200 None
INFO:JiraAPI:download_tickets:Tickets saved succesfully.
INFO:JiraAPI:close_obsolete_tickets:Closing obsolete tickets older than 12 months
DEBUG:urllib3.connectionpool:_make_request:https://xxxxx.atlassian.net:443 "GET /rest/api/2/search?jql=labels%3Dvulnerability_management+AND+created+%3CstartOfMonth%28-12%29+and+resolution%3DUnresolved&validateQuery=True&startAt=0 HTTP/1.1" 200 None
INFO:JiraAPI:decommission_cleanup:Deleting 'server_decommission' tag from tickets closed more than 3 months ago
DEBUG:urllib3.connectionpool:_make_request:https://xxxxx.atlassian.net:443 "GET /rest/api/2/search?jql=labels%3Dvulnerability_management+AND+labels%3Dserver_decommission+and+resolutiondate+%3C%3DstartOfMonth%28-3%29&validateQuery=True&startAt=0 HTTP/1.1" 200 None
INFO:vulnWhispererJira:init:Connected to jira on xxxxx.atlassian.net
DEBUG:vwConfig:normalize_section:Normalized profile as: jira.nessus.xxxxx
DEBUG:vwConfig:normalize_section:Normalized profile as: jira.nessus.xxxxx
.
.
.
DEBUG:vwConfig:normalize_section:Normalized profile as: jira.nessus.xxxxx
DEBUG:vwConfig:normalize_section:Normalized profile as: jira.nessus.xxxxx
INFO:vulnWhisperer:whisper_vulnerabilities:No source/scan_name selected, all enabled scans will be synced
DEBUG:vwConfig:get:Calling get for nessus:autoreport
WARNING:vwConfig:get_sections_with_attribute:Section nessus has no option 'autoreport'
DEBUG:vwConfig:get:Calling get for tenable:autoreport
WARNING:vwConfig:get_sections_with_attribute:Section tenable has no option 'autoreport'
DEBUG:vwConfig:get:Calling get for qualys_web:autoreport
WARNING:vwConfig:get_sections_with_attribute:Section qualys_web has no option 'autoreport'
DEBUG:vwConfig:get:Calling get for qualys_vuln:autoreport
WARNING:vwConfig:get_sections_with_attribute:Section qualys_vuln has no option 'autoreport'
DEBUG:vwConfig:get:Calling get for detectify:autoreport
WARNING:vwConfig:get_sections_with_attribute:Section detectify has no option 'autoreport'
DEBUG:vwConfig:get:Calling get for openvas:autoreport
WARNING:vwConfig:get_sections_with_attribute:Section openvas has no option 'autoreport'
DEBUG:vwConfig:get:Calling get for jira:autoreport
WARNING:vwConfig:get_sections_with_attribute:Section jira has no option 'autoreport'
DEBUG:vwConfig:get:Calling get for jira.nessus.xxxxx:autoreport
DEBUG:vwConfig:get:Calling get for jira.nessus.xxxxx:autoreport
.
.
.
DEBUG:vwConfig:get:Calling get for jira.nessus.xxxxx:source
DEBUG:vwConfig:get:Calling get for jira.nessus.xxxxx:scan_name
INFO:vulnWhispererJira:jira_sync:Jira Sync triggered for source 'nessus' and scan 'xxxxx'
DEBUG:vwConfig:normalize_section:Normalized profile as: jira.nessus.xxxxx
DEBUG:vwConfig:get:Calling get for jira.nessus.xxxxx:jira_project
DEBUG:urllib3.connectionpool:_make_request:https://xxxxx.atlassian.net:443 "GET /rest/api/2/project/IDDFT HTTP/1.1" 200 None
DEBUG:vwConfig:get:Calling get for jira.nessus.xxxxx:components
DEBUG:vwConfig:get:Calling get for jira.nessus.xxxxx:min_critical_to_report
DEBUG:vwConfig:get:Calling get for nessus:write_path
DEBUG:vwConfig:get:Calling get for jira:dns_resolv
ERROR:root:main:'float' object has no attribute 'replace'
ERROR: 'float' object has no attribute 'replace'
Hi @butsh!
The problem is that, I don't know which value is in your config file in the jira:dns_resolv variable, but it should be either "True" or "False", but the content is caught as float for Python, and when trying to operate and parse it to normalize the values, it breaks because a float can't be treated as a string. The issue is in this line of code.
You will have to review the value of the variable and change it to whatever fits you; I don't know if it is well documented, but what that variable does is enabling host resolution (from the vulnwhisperer server) of the assets with vulnerabilities comming from the scanners that DON'T have any hostname.
Cheers!