Exception on invalid environment

[kiblik]

Be informative
DD raises an exception (HTTP-500 - internal server error) if a user uses a name of an non-existing environment in (re)imports

Bug description

ImportScanSerializer.set_context and ReImportScanSerializer.set_context uses

        context["environment"] = Development_Environment.objects.get(
            name=data.get("environment", "Development")
        )

which is able to handle not defined environment but does not handle non-existenting one

Steps to reproduce

curl -X 'POST' \
  'http://xxx:8080/api/v2/reimport-scan/' \
...
  -F 'environment=non_existing_enviro' \
...

Expected behavior
There are 2 options

• HTTP-400 validation error
• Create environment - but set_context is happening outside of AutoCreate context

Deployment method (select with an X)

• Docker Compose
• Kubernetes
• GoDojo

Environment information

• DefectDojo version (see footer) or commit message: [2024-05-14 12:04:46 -0500] 1b86b66: Optionally Enforce SLA Remediation Days (Optionally Enforce SLA Remediation Days #10179) [ (HEAD, upstream/dev)]

Logs

uwsgi-1         | [14/May/2024 19:26:39] ERROR [dojo.api_v2.exception_handler:43] Development_Environment matching query does not exist.
uwsgi-1         | Traceback (most recent call last):
uwsgi-1         |   File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 506, in dispatch
uwsgi-1         |     response = handler(request, *args, **kwargs)
uwsgi-1         |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.11/site-packages/rest_framework/mixins.py", line 19, in create
uwsgi-1         |     self.perform_create(serializer)
uwsgi-1         |   File "/app/dojo/api_v2/views.py", line 2792, in perform_create
uwsgi-1         |     serializer.save(push_to_jira=push_to_jira)
uwsgi-1         |   File "/app/dojo/api_v2/serializers.py", line 2538, in save
uwsgi-1         |     context = self.set_context(data)
uwsgi-1         |               ^^^^^^^^^^^^^^^^^^^^^^
uwsgi-1         |   File "/app/dojo/api_v2/serializers.py", line 2415, in set_context
uwsgi-1         |     context["environment"] = Development_Environment.objects.get(
uwsgi-1         |                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.11/site-packages/django/db/models/manager.py", line 85, in manager_method
uwsgi-1         |     return getattr(self.get_queryset(), name)(*args, **kwargs)
uwsgi-1         |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.11/site-packages/django/db/models/query.py", line 650, in get
uwsgi-1         |     raise self.model.DoesNotExist(
uwsgi-1         | dojo.models.Development_Environment.DoesNotExist: Development_Environment matching query does not exist.
uwsgi-1         | [14/May/2024 19:26:39] ERROR [django.request:241] Internal Server Error: /api/v2/reimport-scan/

[nelsonleblanc-rl]

im actually seeing this error on import with undefined environment in 2.33.7

edit: looks like this dd instance did not get the default environments created, somehow

[Jon-the-2nd]

I had the same issue on 2.37.0 and 2.38.1 when no environment is provided in an import-scan call and no environment with the name 'Development' exists. Hence, renaming the default list of environments effectively breaks any API calls to import-scan without the environment parameter. As I found out the hard way, this includes the Dependency Track integration.

I'd expect the environment parameter to be mandatory, or else it should be possible to set a 'default' environment which would then be used if no environment is set in the API call. If a non-existing environment is provided, an HTTP 400 would be ok imho. I wouldn't go auto-creating environments as this is an admin responsibility.