From 09eb1ed58b75ae142496681ea88ef2de373e2299 Mon Sep 17 00:00:00 2001 From: Lars Meijers Date: Mon, 27 Nov 2023 16:55:47 +0100 Subject: [PATCH] risk accepted findings are no longer mitigated --- dojo/importers/default_reimporter.py | 7 +++++++ unittests/test_import_reimport.py | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/dojo/importers/default_reimporter.py b/dojo/importers/default_reimporter.py index cdbe6a0671c..0d40d2c0296 100644 --- a/dojo/importers/default_reimporter.py +++ b/dojo/importers/default_reimporter.py @@ -469,6 +469,13 @@ def process_matched_special_status_finding( ): self.unchanged_items.append(existing_finding) return existing_finding, True + # If the finding is risk accepted and inactive in Defectdojo we do not sync the status from the scanner + # We also need to add the finding to 'unchanged_items' as otherwise it will get mitigated by the reimporter + # (Risk accepted findings are not set to mitigated by Defectdojo) + # We however do not exit the loop as we do want to update the endpoints (in case some endpoints were fixed) + elif existing_finding.risk_accepted and not existing_finding.active: + unchanged_items.append(existing_finding) + return existing_finding, False # The finding was not an exact match, so we need to add more details about from the # new finding to the existing. Return False here to make process further return existing_finding, False diff --git a/unittests/test_import_reimport.py b/unittests/test_import_reimport.py index bb193e8fbf3..8a9840a19ee 100644 --- a/unittests/test_import_reimport.py +++ b/unittests/test_import_reimport.py @@ -1115,7 +1115,7 @@ def test_import_reimport_keep_false_positive_and_out_of_scope(self): active_findings_before = self.get_test_findings_api(test_id, active=True) self.assert_finding_count_json(0, active_findings_before) - with assertTestImportModelsCreated(self, reimports=1, affected_findings=1, created=1): + with assertTestImportModelsCreated(self, reimports=1, affected_findings=1, created=1, untouched=1): reimport0 = self.reimport_scan_with_params(test_id, self.zap_sample0_filename) self.assertEqual(reimport0["test"], test_id)