add component to blackduckimporter #9145 (#9148)

* add component to blackduckimporter #9145 * added unittests * 🐛 fix unittest
DefectDojo · Dec 22, 2023 · df04f24 · df04f24
1 parent 9aac429
commit df04f24
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/dojo/tools/blackduck/importer.py b/dojo/tools/blackduck/importer.py
@@ -106,8 +106,8 @@ def _process_project_findings(
                     security_issue_dict.get("Description"),
                     security_issue_dict.get("Security Risk"),
                     security_issue_dict.get("Impact"),
-                    security_issue_dict.get("Project name"),
-                    security_issue_dict.get("Version"),
+                    security_issue_dict.get("Component name") or security_issue_dict.get("Project name"),
+                    security_issue_dict.get("Component version name") or security_issue_dict.get("Version"),
                     security_issue_dict.get("Vulnerability source"),
                     security_issue_dict.get("URL"),
                     security_issue_dict.get("Channel version origin id"),

diff --git a/unittests/tools/test_blackduck_parser.py b/unittests/tools/test_blackduck_parser.py
@@ -25,12 +25,21 @@ def test_blackduck_csv_parser_has_many_findings(self):
         findings = list(findings)
         self.assertEqual(1, len(findings[10].unsaved_vulnerability_ids))
         self.assertEqual("CVE-2007-3386", findings[10].unsaved_vulnerability_ids[0])
+        self.assertEqual(findings[4].component_name, "Apache Tomcat")
+        self.assertEqual(findings[2].component_name, "Apache HttpComponents Client")
+        self.assertEqual(findings[4].component_version, "5.5.23")
+        self.assertEqual(findings[2].component_version, "4.5.2")
 
     def test_blackduck_csv_parser_new_format_has_many_findings(self):
         testfile = Path(get_unit_tests_path() + "/scans/blackduck/many_vulns_new_format.csv")
         parser = BlackduckParser()
         findings = parser.get_findings(testfile, Test())
+        findings = list(findings)
         self.assertEqual(9, len(findings))
+        self.assertEqual(findings[0].component_name, "kryo")
+        self.assertEqual(findings[2].component_name, "jackson-databind")
+        self.assertEqual(findings[0].component_version, "3.0.3")
+        self.assertEqual(findings[2].component_version, "2.9.9.3")
 
     def test_blackduck_enhanced_has_many_findings(self):
         testfile = Path(