Importers: Small corrections

[Maffooch]

• Updating validation a bit to make more robust
• Add some blocks to a few templates

[sc-2909]

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖.
Note that this summary is auto-generated and not meant to be a definitive list of security issues
but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request are focused on improving the functionality and robustness of the DefectDojo
application, particularly in the areas of scan report processing, test metadata management, and the display of
test information. While these changes do not directly address any security vulnerabilities, it's important to
review them from an application security perspective to ensure that the overall security posture of the
application is maintained.

The key areas of focus include:

1. Scan Report Processing: The changes in the default_importer.py file aim to improve the handling of
   scan reports, ensuring that the process_scan() function can properly handle cases where no findings are
   parsed or the test parameter is not provided.

2. Test Metadata Management: The changes in the base_importer.py file focus on updating the metadata of
   Test objects, such as version, branch tag, build ID, and commit hash. The changes ensure that these fields are
   only updated if the corresponding values are not None, improving the robustness of the metadata management.

3. Test Information Display: The changes in the view_eng.html and view_test.html templates provide more
   flexibility in customizing the display of test-related information, including the table header and body. This
   can be beneficial for improving the user experience and aligning the application's UI with specific security
   requirements.

4. Reimport Process: The changes in the default_reimporter.py file focus on improving the reimport process,
   including the handling of deduplication, mitigated findings, endpoint management, and finding groups. These
   changes are crucial for maintaining an accurate and up-to-date view of the application's security posture.

While these changes do not directly address any security vulnerabilities, it's important to review them in the
context of the overall application to ensure that the security posture is maintained. This includes verifying
that access controls, input validation, data exposure, and logging and monitoring mechanisms are properly
implemented and aligned with the application's security requirements.

Files Changed:

1. dojo/importers/default_importer.py: The changes focus on improving the handling of scan report processing in
   the process_scan() function, ensuring that it can properly handle cases where no findings are parsed or the
   test parameter is not provided.

2. dojo/importers/base_importer.py: The changes focus on updating the metadata of Test objects, such as version,
   branch tag, build ID, and commit hash, ensuring that these fields are only updated if the corresponding values
   are not None.

3. dojo/templates/dojo/view_eng.html: The changes provide more flexibility in customizing the display of test-
   related information in the "View Engagement" page, including the table header and body.

4. dojo/importers/default_reimporter.py: The changes focus on improving the reimport process, including the
   handling of deduplication, mitigated findings, endpoint management, and finding groups.

5. dojo/templates/dojo/view_test.html: The changes provide more flexibility in customizing the display of test
   information in the "View Test" page, including the table header and body.

Powered by DryRun Security

[mtesauro]

Approved