JFrog Xray Unified Scan issue

[mykhailo-sindieiev]

Bug description
JFrog Xray Unified Scan requires missing field. The "references" field is not in the report.

Steps to reproduce
Steps to reproduce the behavior:

1. Go to JFrog Xray reports
2. Click on "Reports"
3. Select the report and click on "Export" button. Choose JSON format.
4. Try to upload the report to DefectDojo with "JFrog Xray Unified Scan" parser.
5. Get the error from the screenshot

Expected behavior
The report uploaded to the DefectDojo

Deployment method (select with an X)

• Docker Compose
• Kubernetes
• GoDojo

Environment information

• DefectDojo version 2.50.5
• JFrog Cloud Platform

Logs

Traceback (most recent call last):                                                                                                                                                                                                                                         
File "/app/dojo/engagement/views.py", line 936, in import_findings                                                                                                                                                                                                       
    context["test"], _, finding_count, closed_finding_count, _, _, _ = importer_client.process_scan(                                                                                                                                                                       
                                                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                       
File "/app/dojo/importers/default_importer.py", line 109, in process_scan                                                                                                                                                                                                
    parsed_findings = self.parse_findings(scan, parser)                                                                                                                                                                                                                    
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                    
File "/app/dojo/importers/base_importer.py", line 244, in parse_findings                                                                                                                                                                                                 
    return self.parse_findings_static_test_type(scan, parser)                                                                                                                                                                                                              
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                              
File "/app/dojo/importers/default_importer.py", line 342, in parse_findings_static_test_type                                                                                                                                                                             
    return super().parse_findings_static_test_type(scan, parser)                                                                                                                                                                                                           
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                           
File "/app/dojo/importers/base_importer.py", line 165, in parse_findings_static_test_type                                                                                                                                                                                
    return parser.get_findings(scan, self.test)                                                                                                                                                                                                                            
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                            
File "/app/dojo/tools/jfrog_xray_unified/parser.py", line 23, in get_findings                                                                                                                                                                                            
    return self.get_items(tree, test)                                                                                                                                                                                                                                      
        ^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                                      
File "/app/dojo/tools/jfrog_xray_unified/parser.py", line 31, in get_items                                                                                                                                                                                               
    item = get_item(node, test)                                                                                                                                                                                                                                            
        ^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                                            
File "/app/dojo/tools/jfrog_xray_unified/parser.py", line 107, in get_item                                                                                                                                                                                               
    references = "\n".join(vulnerability["references"])                                                                                                                                                                                                                    
                        ~~~~~~~~~~~~~^^^^^^^^^^^^^^

Sample scan files

samplefile.json

Screenshots

Additional context
The "references" field is required by parser

[mykhailo-sindieiev]

I was able to upload the report after adding following fields: "references", "package_type", and "description" to every entry in "rows" list

Here is the simple code for that

import json

filename = "report.json"
filename_fixed = "report_fixed.json"

with open(filename, 'r') as file:
    data = json.load(file)

items = data.get("rows", [])

fixed_items = []

for one_item in items:
    one_item["references"] = []
    one_item["package_type"] = "unknown"
    one_item["description"] = one_item.get("summary", "")
    fixed_items.append(one_item)

data["rows"] = fixed_items

with open(filename_fixed, 'w') as file:
    json.dump(data, file, indent=4)

[manuel-sommer]

I was able to upload the report after adding following fields: "references", "package_type", and "description" to every entry in "rows" list

Here is the simple code for that

import json

filename = "report.json"
filename_fixed = "report_fixed.json"

with open(filename, 'r') as file:
data = json.load(file)

items = data.get("rows", [])

fixed_items = []

for one_item in items:
one_item["references"] = []
one_item["package_type"] = "unknown"
one_item["description"] = one_item.get("summary", "")
fixed_items.append(one_item)

data["rows"] = fixed_items

with open(filename_fixed, 'w') as file:
json.dump(data, file, indent=4)

I already made a PR, don't worry. Did you also check backwardscompatibility and run the unittests?

[manuel-sommer]

can we close this @valentijnscholten ?