Skip to content

Commit

Permalink
reimporter: update existing finding properties like component in sepa…
Browse files Browse the repository at this point in the history
…rate method, make sure it happens in all applicable cases
  • Loading branch information
pna-nca committed Oct 15, 2024
1 parent 6d73725 commit 192a33f
Showing 1 changed file with 31 additions and 12 deletions.
43 changes: 31 additions & 12 deletions dojo/importers/default_reimporter.py
Original file line number Diff line number Diff line change
Expand Up @@ -501,6 +501,9 @@ def process_matched_special_status_finding(
# (Risk accepted findings are not set to mitigated by Defectdojo)
# We however do not exit the loop as we do want to update the endpoints (in case some endpoints were fixed)
if existing_finding.risk_accepted and not existing_finding.active:
# some properties of the remaining active finding (existing) should be
# updated from the newly arrived one
self.update_finding_mutable_properties(existing_finding, unsaved_finding)
self.unchanged_items.append(existing_finding)
return existing_finding, False
# The finding was not an exact match, so we need to add more details about from the
Expand Down Expand Up @@ -580,13 +583,9 @@ def process_matched_mitigated_finding(
if self.verified is not None:
existing_finding.verified = self.verified

component_name = getattr(unsaved_finding, "component_name", None)
component_version = getattr(unsaved_finding, "component_version", None)
existing_finding.component_name = existing_finding.component_name or component_name
existing_finding.component_version = existing_finding.component_version or component_version
existing_finding.save(dedupe_option=False)
# don't dedupe before endpoints are added
existing_finding.save(dedupe_option=False)
# some properties of the remaining active finding (existing) should be
# updated from the newly arrived one
self.update_finding_mutable_properties(existing_finding, unsaved_finding)
note = Notes(entry=f"Re-activated by {self.scan_type} re-upload.", author=self.user)
note.save()
endpoint_statuses = existing_finding.status_finding.exclude(
Expand Down Expand Up @@ -649,18 +648,38 @@ def process_matched_active_finding(
else:
# if finding is the same but list of affected was changed, finding is marked as unchanged. This is a known issue
self.unchanged_items.append(existing_finding)
# some properties of the remaining active finding (existing) should be
# updated from the newly arrived one
self.update_finding_mutable_properties(existing_finding, unsaved_finding)
# Return False here to make sure further processing happens
return existing_finding, False

def update_finding_mutable_properties(
self,
existing_finding: Finding,
new_finding: Finding,
) -> None:
"""
This updates "static" properties of the existing finding from the new one.
Example: component, description. These should be properties which are not
used to "hashcode" calculation.
"""
# Set the component name and version on the existing finding if it is present
# on the old finding, but not present on the existing finding (do not override)
component_name = getattr(unsaved_finding, "component_name", None)
component_version = getattr(unsaved_finding, "component_version", None)
component_name = getattr(new_finding, "component_name", None)
component_version = getattr(new_finding, "component_version", None)
if (component_name is not None and not existing_finding.component_name) or (
component_version is not None and not existing_finding.component_version
):
existing_finding.component_name = existing_finding.component_name or component_name
existing_finding.component_version = existing_finding.component_version or component_version
existing_finding.save(dedupe_option=False)
# Return False here to make sure further processing happens
return existing_finding, False
# set description of the existing finding to be the same of the new
# finding. this way we make sure that there is no discrepancy
# introduced for the test cases which make description dynamic, from
# the affected endpoints. whereas the list of affected endpoints can
# differ if the finding is in process of remediation.
existing_finding.description = getattr(new_finding, "description", None)
existing_finding.save(dedupe_option=False)

def process_finding_that_was_not_matched(
self,
Expand Down

0 comments on commit 192a33f

Please sign in to comment.