Merge branch 'dependency-track-parser' into blackduck-parser

smithy-security · Mar 17, 2024 · c4d336b · c4d336b
2 parents 9090110 + 9b4a22a
commit c4d336b
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 10 deletions.
diff --git a/components/consumers/defectdojo/client/client.go b/components/consumers/defectdojo/client/client.go
@@ -62,17 +62,21 @@ func (client *Client) CreateFinding(
 	title, description, severity, target, date, numericalSeverity string,
 	tags []string,
 	testID, line, cwe, foundBy int32,
-	falseP, duplicate, active bool,
+	falseP, duplicate bool,
 	cvssScore float64,
 ) (types.FindingCreateResponse, error) {
 	url := fmt.Sprintf("%s/findings", client.host)
+	active := true
+	if duplicate {
+		active = false
+	}
 	body := types.FindingCreateRequest{
 		Tags:              tags,
 		Date:              date,
 		Cwe:               cwe,
 		Line:              line,
 		FilePath:          target,
-		Duplicate:         false,
+		Duplicate:         duplicate,
 		FalseP:            falseP,
 		Active:            active,
 		Verified:          false,

diff --git a/components/consumers/defectdojo/client/client_test.go b/components/consumers/defectdojo/client/client_test.go
@@ -44,7 +44,7 @@ func TestCreateFinding(t *testing.T) {
 			FalseP:            false,
 			Severity:          "High",
 			Description:       "description",
-			Active:            false,
+			Active:            true,
 			Verified:          false,
 			Line:              1,
 			NumericalSeverity: "C:I",
@@ -66,7 +66,7 @@ func TestCreateFinding(t *testing.T) {
 		[]string{"tests"},
 		1,
 		1,
-		0, 0, false, false, false, 3.9)
+		0, 0, false, false, 3.9)
 	assert.Nil(t, err)
 	assert.True(t, called)
 }

diff --git a/components/consumers/defectdojo/main.go b/components/consumers/defectdojo/main.go
@@ -84,7 +84,6 @@ func handleRawResults(product int, dojoClient *client.Client, responses []*v1.La
 				dojoClient.UserID,
 				false,
 				false,
-				true,
 				iss.GetCvss())
 			if err != nil {
 				log.Fatalf("Could not create raw finding error: %v\n", err)
@@ -143,7 +142,6 @@ func handleEnrichedResults(product int, dojoClient *client.Client, responses []*
 				test.ID, 0, 0, dojoClient.UserID,
 				iss.GetFalsePositive(),
 				duplicate,
-				true,
 				rawIss.GetCvss())
 			if err != nil {
 				log.Fatalf("Could not create enriched finding error: %v\n", err)

diff --git a/components/consumers/defectdojo/main_test.go b/components/consumers/defectdojo/main_test.go
@@ -61,6 +61,9 @@ func createObjects(product int, scanType string) ([]*v1.LaunchToolResponse, []*t
 		var issues []*v1.Issue
 		var enrichedIssues []*v1.EnrichedIssue
 		for j := 0; j <= 3%(i+1); j++ {
+			duplicateTimes, _ := time.Parse(time.RFC3339, "2000-01-19T18:09:06.370037788Z")
+			duplicateTimestamp := timestamppb.New(duplicateTimes)
+
 			x := v1.Issue{
 				Target:     fmt.Sprintf("myTarget %d-%d", i, j),
 				Type:       fmt.Sprintf("type %d-%d", i, j),
@@ -71,7 +74,7 @@ func createObjects(product int, scanType string) ([]*v1.LaunchToolResponse, []*t
 			y := v1.EnrichedIssue{
 				RawIssue:      &x,
 				FirstSeen:     response.ScanInfo.ScanStartTime,
-				Count:         uint64(i),
+				Count:         1,
 				FalsePositive: false,
 				UpdatedAt:     response.ScanInfo.ScanStartTime,
 				Hash:          "d41d8cd98f00b204e9800998ecf8427e",
@@ -80,6 +83,10 @@ func createObjects(product int, scanType string) ([]*v1.LaunchToolResponse, []*t
 					"Policy.Blah.Decision": "failed",
 				},
 			}
+			if j%2 == 0 {
+				y.FirstSeen = duplicateTimestamp
+				y.Count = uint64(j)
+			}
 			issues = append(issues, &x)
 			enrichedIssues = append(enrichedIssues, &y)
 
@@ -97,7 +104,7 @@ func createObjects(product int, scanType string) ([]*v1.LaunchToolResponse, []*t
 				}
 				d = desc
 			}
-			findingsRequests = append(findingsRequests, &types.FindingCreateRequest{
+			findingsReq := &types.FindingCreateRequest{
 				Tags:              []string{"DraconScan", scanType + "Finding", scanID, toolName},
 				Title:             x.Title,
 				Date:              times.Format(DojoTimeFormat),
@@ -107,7 +114,13 @@ func createObjects(product int, scanType string) ([]*v1.LaunchToolResponse, []*t
 				FoundBy:           []int32{1},
 				Description:       *d,
 				Active:            true,
-			})
+				Duplicate:         false,
+			}
+			if j%2 == 0 && scanType != "Raw" {
+				findingsReq.Active = false
+				findingsReq.Duplicate = true
+			}
+			findingsRequests = append(findingsRequests, findingsReq)
 		}
 		response.Issues = issues
 		enrichedResponse.OriginalResults = response // duplication here is important since we use this enrichedResponse in getEnrichedIssues above
@@ -258,7 +271,8 @@ func TestHandleEnrichedResults(t *testing.T) {
 
 		case "/findings":
 			findingRequest := &types.FindingCreateRequest{}
-			json.Unmarshal(body, &findingRequest)
+			err := json.Unmarshal(body, &findingRequest)
+			assert.Nil(t, err)
 			assert.Contains(t, findingsRequests, findingRequest)
 			assert.Contains(t, string(body), "Policy.Blah.Decision")
 			foundFindings = append(foundFindings, findingRequest) // ensure each finding is only registered once