fix: ui must not overwrite service field from parser (#13517)

* fix: ui must not overwrite service field from parser

* docs: add upgrade note

Author: valentijnscholten

docs/content/en/open_source/upgrading/2.52.md

@@ -5,6 +5,20 @@ weight: -20251006
 description: MobSF parsers & Helm chart changes.
 ---
 
+## Fix UI overwriting service field from parsers
+
+The web form in the UI by default sends an empty string, which ended up overwriting the service value provided by parsers.
+
+Only a few parsers do this, so the impact of this fix is low:
+
+- Trivy Scan
+- Trivy Operator Scan
+- Hydra Scan
+- JFrog Xray API Summary Artifact Scan
+- StackHawk HawkScan
+
+See [PR 13517](https://github.com/DefectDojo/django-DefectDojo/pull/13517) for more details.
+
 ## Deduplication fix of `UNIQUE_ID_OR_HASH_CODE`
 A bug was fixed in the `UNIQUE_ID_OR_HASH_CODE` algorithm where it stopped processing candidate findings with equal `unique_id_from_tool` or `hash_code` value.
 Strictly speaking this is not a breaking change, but we wanted to make you aware that you can see more (better) more deduplicatation for parsers using this algorithm.

dojo/engagement/views.py

@@ -962,19 +962,19 @@ def process_form(
             "active": None,
             "verified": None,
             "scan_type": request.POST.get("scan_type"),
-            "test_title": form.cleaned_data.get("test_title"),
+            "test_title": form.cleaned_data.get("test_title") or None,
             "tags": form.cleaned_data.get("tags"),
-            "version": form.cleaned_data.get("version"),
-            "branch_tag": form.cleaned_data.get("branch_tag", None),
-            "build_id": form.cleaned_data.get("build_id", None),
-            "commit_hash": form.cleaned_data.get("commit_hash", None),
-            "api_scan_configuration": form.cleaned_data.get("api_scan_configuration", None),
-            "service": form.cleaned_data.get("service", None),
+            "version": form.cleaned_data.get("version") or None,
+            "branch_tag": form.cleaned_data.get("branch_tag") or None,
+            "build_id": form.cleaned_data.get("build_id") or None,
+            "commit_hash": form.cleaned_data.get("commit_hash") or None,
+            "api_scan_configuration": form.cleaned_data.get("api_scan_configuration") or None,
+            "service": form.cleaned_data.get("service") or None,
             "close_old_findings": form.cleaned_data.get("close_old_findings", None),
             "apply_tags_to_findings": form.cleaned_data.get("apply_tags_to_findings", False),
             "apply_tags_to_endpoints": form.cleaned_data.get("apply_tags_to_endpoints", False),
             "close_old_findings_product_scope": form.cleaned_data.get("close_old_findings_product_scope", None),
-            "group_by": form.cleaned_data.get("group_by", None),
+            "group_by": form.cleaned_data.get("group_by") or None,
             "create_finding_groups_for_all_findings": form.cleaned_data.get("create_finding_groups_for_all_findings", None),
             "environment": self.get_development_environment(environment_name=form.cleaned_data.get("environment")),
         })

dojo/importers/default_reimporter.py

@@ -170,7 +170,11 @@ def process_findings(
         # we need to make sure there are no side effects such as closing findings
         # for findings with a different service value
         # https://github.com/DefectDojo/django-DefectDojo/issues/12754
-        original_findings = self.test.finding_set.all().filter(service=self.service)
+        if self.service is not None:
+            original_findings = self.test.finding_set.all().filter(service=self.service)
+        else:
+            original_findings = self.test.finding_set.all().filter(Q(service__isnull=True) | Q(service__exact=""))
+
         logger.debug(f"original_findings_qyer: {original_findings.query}")
         self.original_items = list(original_findings)
         logger.debug(f"original_items: {[(item.id, item.hash_code) for item in self.original_items]}")

dojo/models.py

@@ -3010,6 +3010,7 @@ def hash_fields(self, fields_to_hash):
         if hasattr(settings, "HASH_CODE_FIELDS_ALWAYS"):
             for field in settings.HASH_CODE_FIELDS_ALWAYS:
                 if getattr(self, field):
+                    deduplicationLogger.debug("adding HASH_CODE_FIELDS_ALWAYSfield %s to hash_fields: %s", field, getattr(self, field))
                     fields_to_hash += str(getattr(self, field))
 
         logger.debug("fields_to_hash      : %s", fields_to_hash)

dojo/templates/dojo/view_finding.html

@@ -538,9 +538,7 @@ <h3 class="pull-left finding-title">
     <div class="panel panel-default">
         <table id="error_notes" class="table-striped table table-condensed table-hover centered">
             <tr>
-                {% if finding.service %}
                 <th>Service</th>
-                {% endif %}
                 {% if finding.file_path %}
                 <th>Location</th>
                 {% endif %}
@@ -571,13 +569,11 @@ <h3 class="pull-left finding-title">
                 {% endif %}
             </tr>
             <tr>
-                {% if finding.service %}
                 <td>
                     <span>
                         {{ finding.service }}
                     </span>
                 </td>
-                {% endif %}
                 {% if finding.file_path %}
                 <td>
                     <span>

dojo/test/views.py

@@ -905,15 +905,15 @@ def process_form(
             "minimum_severity": form.cleaned_data.get("minimum_severity"),
             "do_not_reactivate": form.cleaned_data.get("do_not_reactivate"),
             "tags": form.cleaned_data.get("tags"),
-            "version": form.cleaned_data.get("version"),
-            "branch_tag": form.cleaned_data.get("branch_tag", None),
-            "build_id": form.cleaned_data.get("build_id", None),
-            "commit_hash": form.cleaned_data.get("commit_hash", None),
-            "api_scan_configuration": form.cleaned_data.get("api_scan_configuration", None),
-            "service": form.cleaned_data.get("service", None),
+            "version": form.cleaned_data.get("version") or None,
+            "branch_tag": form.cleaned_data.get("branch_tag") or None,
+            "build_id": form.cleaned_data.get("build_id") or None,
+            "commit_hash": form.cleaned_data.get("commit_hash") or None,
+            "api_scan_configuration": form.cleaned_data.get("api_scan_configuration") or None,
+            "service": form.cleaned_data.get("service") or None,
             "apply_tags_to_findings": form.cleaned_data.get("apply_tags_to_findings", False),
             "apply_tags_to_endpoints": form.cleaned_data.get("apply_tags_to_endpoints", False),
-            "group_by": form.cleaned_data.get("group_by", None),
+            "group_by": form.cleaned_data.get("group_by") or None,
             "close_old_findings": form.cleaned_data.get("close_old_findings", None),
             "create_finding_groups_for_all_findings": form.cleaned_data.get("create_finding_groups_for_all_findings", None),
         })