Make SonarQube Parser use creationDate for Date

dojo/tools/sonarqube/sonarqube_restapi_json.py

@@ -1,4 +1,8 @@
 import re
+from datetime import datetime
+
+import dateutil.parser
+from django.utils import timezone
 
 from dojo.models import Finding
 
@@ -23,6 +27,10 @@
                     scope = issue.get("scope")
                     quickFixAvailable = str(issue.get("quickFixAvailable"))
                     codeVariants = str(issue.get("codeVariants"))
+                    try:
+                        date = str(dateutil.parser.parse(issue.get("creationDate")).date())
+                    except (ValueError, TypeError, dateutil.parser.ParserError):
+                        date = timezone.now()
                     description = ""
                     description += "**key:** " + key + "\n"
                     description += "**rule:** " + rule + "\n"
@@ -50,6 +58,7 @@
                         dynamic_finding=False,
                         tags=["bug"],
                         line=line,
+                        date=date,
                     )
                 elif issue.get("type") == "VULNERABILITY":
                     key = issue.get("key")
@@ -61,6 +70,10 @@
                     message = issue.get("message")
                     line = issue.get("line")
                     cwe = None
+                    try:
+                        date = str(dateutil.parser.parse(issue.get("creationDate")).date())
+                    except (ValueError, TypeError, dateutil.parser.ParserError):
+                        date = timezone.now()
                     if "Category: CWE-" in message:
                         cwe_pattern = r"Category: CWE-\d{1,5}"
                         cwes = re.findall(cwe_pattern, message)
@@ -119,6 +132,7 @@
                         file_path=component,
                         tags=["vulnerability"],
                         line=line,
+                        date=date,
                     )
                     vulnids = []
                     if "Reference: CVE" in message:
@@ -154,6 +168,10 @@
                     scope = issue.get("scope")
                     quickFixAvailable = str(issue.get("quickFixAvailable"))
                     codeVariants = issue.get("codeVariants", [])
+                    try:
+                        date = str(dateutil.parser.parse(issue.get("creationDate")).date())
+                    except (ValueError, TypeError, dateutil.parser.ParserError):
+                        date = timezone.now()
                     description = ""
                     description += "**rule:** " + rule + "\n"
                     description += "**component:** " + component + "\n"
@@ -185,6 +203,7 @@
                         file_path=component,
                         tags=["code_smell"],
                         line=line,
+                        date=date,
                     )
                 items.append(item)
         if json_content.get("hotspots"):
@@ -200,6 +219,10 @@
                 flows = hotspot.get("flows", [])
                 ruleKey = hotspot.get("ruleKey")
                 messageFormattings = hotspot.get("messageFormattings", [])
+                try:
+                    date = str(dateutil.parser.parse(hotspot.get("creationDate")).date())
+                except (ValueError, TypeError, dateutil.parser.ParserError):
+                    date = timezone.now()
                 description = ""
                 description += "**key:** " + key + "\n"
                 description += "**component:** " + component + "\n"
@@ -229,6 +252,7 @@
                     file_path=component,
                     tags=["hotspot"],
                     line=line,
+                    date=date,
                 )
                 items.append(item)
         return items

unittests/tools/test_sonarqube_parser.py

@@ -579,20 +579,25 @@ def test_parse_json_file_from_api_with_multiple_findings_json(self):
         self.assertEqual("6.4", item.cvssv3_score)
         self.assertEqual("package", item.component_name)
         self.assertEqual("1.1.2", item.component_version)
+        self.assertEqual("2023-10-16", item.date)
         item = findings[1]
         self.assertEqual("Web:TableWithoutCaptionCheck_asdfwfewfwefewf", item.title)
         self.assertEqual("Low", item.severity)
         self.assertEqual(0, item.cwe)
         self.assertIsNone(item.cvssv3_score)
+        self.assertEqual("2023-07-25", item.date)
         item = findings[2]
         self.assertEqual("typescript:S1533_fjoiewfjoweifjoihugu-", item.title)
         self.assertEqual("Low", item.severity)
+        self.assertEqual("2024-01-29", item.date)
         item = findings[3]
         self.assertEqual("GHSA-frr2-c345-p7c2", item.unsaved_vulnerability_ids[0])
+        self.assertEqual("2023-10-16", item.date)
         item = findings[4]
         self.assertEqual("CVE-2023-52428", item.unsaved_vulnerability_ids[0])
         self.assertEqual("nimbus-jose-jwt-9.24.4.jar", item.component_name)
         self.assertIsNone(item.component_version)
+        self.assertEqual("2023-10-16", item.date)
         my_file_handle.close()
 
     def test_parse_json_file_from_api_with_multiple_findings_hotspots_json(self):
@@ -606,12 +611,15 @@ def test_parse_json_file_from_api_with_multiple_findings_hotspots_json(self):
         self.assertEqual(str, type(item.description))
         self.assertEqual("typescript:7777_fwafewef", item.title)
         self.assertEqual("High", item.severity)
+        self.assertEqual("2024-02-13", item.date)
         item = findings[1]
         self.assertEqual("Web:1222_cyxcvyxcvyxv", item.title)
         self.assertEqual("Low", item.severity)
+        self.assertEqual("2023-07-27", item.date)
         item = findings[2]
         self.assertEqual("Web:9876_werrwerwerwer", item.title)
         self.assertEqual("Low", item.severity)
+        self.assertEqual("2023-07-27", item.date)
         my_file_handle.close()
 
     def test_parse_json_file_from_api_with_empty_json(self):