fix(tags): enhance tag handling in DefaultReImporter and add tests for additional tags

Author: Maffooch

dojo/importers/default_reimporter.py

@@ -693,8 +693,12 @@ def finding_post_processing(
         if len(self.endpoints_to_add) > 0:
             self.endpoint_manager.chunk_endpoints_and_disperse(finding, self.endpoints_to_add)
         # Parsers must use unsaved_tags to store tags, so we can clean them
-        if finding.unsaved_tags:
-            finding.tags = clean_tags(finding.unsaved_tags)
+        if finding_from_report.unsaved_tags:
+            cleaned_tags = clean_tags(finding_from_report.unsaved_tags)
+            if isinstance(cleaned_tags, list):
+                finding.tags.set(cleaned_tags)
+            elif isinstance(cleaned_tags, str):
+                finding.tags.set([cleaned_tags])
         # Process any files
         if finding_from_report.unsaved_files:
             finding.unsaved_files = finding_from_report.unsaved_files

unittests/scans/generic/generic_report1_more_tags.json

@@ -0,0 +1,34 @@
+{
+    "findings": [
+        {
+            "title": "test title",
+            "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau",
+            "active": true,
+            "verified": true,
+            "severity": "Medium",
+            "impact": "Some impact",
+            "date": "2021-01-06",
+            "cve": "CVE-2020-36234",
+            "cwe": 261,
+            "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+            "tags": ["security", "network", "hardened"],
+            "unique_id_from_tool": "3287f2d0-554f-491b-8516-3c349ead8ee5",
+            "vuln_id_from_tool": "TEST1"
+        },
+        {
+            "title": "test title2",
+            "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau2",
+            "active": true,
+            "verified": false,
+            "severity": "Medium",
+            "impact": "Some impact",
+            "date": "2021-01-06",
+            "cve": "CVE-2020-36235",
+            "cwe": 287,
+            "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+            "tags": ["security", "network", "hardened"],
+            "unique_id_from_tool": "42500af3-68c5-4dc3-8022-191d93c2f1f7",
+            "vuln_id_from_tool": "TEST2"
+        }
+    ]
+}

unittests/test_tags.py

@@ -17,6 +17,7 @@ def setUp(self, *args, **kwargs):
         self.login_as_admin()
         self.zap_sample5_filename = get_unit_tests_scans_path("zap") / "5_zap_sample_one.xml"
         self.generic_sample_with_tags_filename = get_unit_tests_scans_path("generic") / "generic_report1.json"
+        self.generic_sample_with_more_tags_filename = get_unit_tests_scans_path("generic") / "generic_report1_more_tags.json"
 
     def test_create_product_with_tags(self, expected_status_code: int = 201):
         product_id = Product.objects.all().first().id
@@ -300,6 +301,12 @@ def assert_tags_in_findings(findings: list[dict], expected_finding_count: int, d
         findings = response["results"]
         # Make sure we have what we are looking for
         assert_tags_in_findings(findings, 2, ["security", "network"])
+        # Reimport with a different report that has more tags
+        self.reimport_scan_with_params(test_id, self.generic_sample_with_more_tags_filename, scan_type="Generic Findings Import")
+        response = self.get_test_findings_api(test_id)
+        findings = response["results"]
+        # Make sure we have what we are looking for
+        assert_tags_in_findings(findings, 2, ["security", "network", "hardened"])
 
 
 class InheritedTagsTests(DojoAPITestCase):