I am using Threadfix as a vulnerability aggregation tool and I'm quite impressed with it.Good job guys!
Currently I'm trying to manually log previous pen-test findings in Threadfix, I'm attempting to do that by creating a SSVL file for each report and importing them into the associated application as a 'scan'.
However, a IncorrectResultSizeDataAccessException gets raised when I upload two SSVL to one application.
Stacktrace below:
---------------------
org.springframework.dao.IncorrectResultSizeDataAccessException: query did not return a unique result: 2; nested exception is org.hibernate.NonUniqueResultException: query did not return a unique result: 2
at org.springframework.orm.hibernate3.SessionFactoryUtils.convertHibernateAccessException(SessionFactoryUtils.java:659)
at org.springframework.orm.hibernate3.HibernateExceptionTranslator.convertHibernateAccessException(HibernateExceptionTranslator.java:89)
....
Steps to replicate:
--
1. Create a new team, with a new application.
2. Download the example SSVL file from https://github.com/OWASP/SSVL/blob/master/example.ssvl
3. Upload the example SSVL twice to new app.
Appreciated if anyone can help, or tell me that I'm doing something terribly terribly wrong. :)
Cheers,
Felix