django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Incorrect deduplication when reimporting with endpoint

Open zakrush opened this issue 3 years ago • 4 comments

Be informative When dd is using endpoint for deduplication it incorrect calculate hascode for reimport scan. I see it from 2.4.1 of defectdojo. Now I upgrade it to 2.9.1 and see the same behavior. If import cargo-audit.json and setup endpoint for dedupe hash code

'CargoAudit Scan': ['cve', 'component_name', 'component_version', 'vuln_id_from_tool', 'endpoints'],

It calculate correct hashcode. If reimport the same report with the same endpoint it calculate incorrect hashcode.

Also I see that I have different results for findings when reimported throught UI and api. Reimport thought UI don't setup endpoint for findings. Reimport throught API setup endpoint but has incorrect hashcode.

Bug description Incorrect deduplication for reimport with endpoints.

Steps to reproduce Steps to reproduce the behavior:

  1. Create some endpoint for product
  2. Create engagment
  3. Import cargo-audit.json with 11 findings (setup Active Verified) setup endpoint from step 1.
  4. Go to created test.
  5. In UI doing reimport of the same report. Setup endpoint (step.1). Setup Active findings, close old findings is false.
  6. See that u have 22 findings now, new findings without endpoints.
  7. Delete all findings from reimport.
  8. Doing step 5 thought API call (for me it's
curl -X POST "https://defect-dojo.local/api/v2/reimport-scan/" -H  "accept: application/json" -H  "Content-Type: multipart/form-data" -H  "X-CSRFToken: token" -F "minimum_severity=Info" -F "active=true" -F "verified=false" -F "scan_type=CargoAudit Scan" -F "endpoint_to_add=9" -F "file=@cargo-audit (1).json;type=application/json" -F "test=232" -F "push_to_jira=false" -F "close_old_findings=false"
  1. See that we have 22 findings again, but all findings have endpoins now
  2. U can recalculate hashcodes and deduplication thought manage.py and see that reimport findings have changed hashcode field.

Expected behavior When reimporting the same report with endpoint as first import it shoult will not create new findings.

Deployment method (select with an X)

  • [ X ] Docker Compose
  • [ ] Kubernetes
  • [ ] GoDojo

Environment information

  • DefectDojo version 2.4.1, 2.9.1

Sample scan files cargo-audit (1).txt

zakrush avatar May 09 '22 16:05 zakrush

Can somebody to check this bug?

zakrush avatar May 20 '22 14:05 zakrush

the same issue with service field.

zakrush avatar May 20 '22 14:05 zakrush

@alles-klar does your PR cover this use case?

damiencarol avatar May 21 '22 19:05 damiencarol

No, bug is will be still there. Not sure if we want to support endpoints in hashcode after my PR #6101 but if yes we have to fix this bug.

alles-klar avatar May 23 '22 06:05 alles-klar