still not works about HCL scan findings - latest version

[johnfelipe]

[furrego@localhost ~]$ cat /etc/*release

NAME="Rocky Linux"
VERSION="9.3 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.3"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.3 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.3"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.3"
Rocky Linux release 9.3 (Blue Onyx)
Rocky Linux release 9.3 (Blue Onyx)
Rocky Linux release 9.3 (Blue Onyx)

[furrego@localhost ~]$ sudo systemctl status docker

[sudo] password for furrego:
● docker.service - Docker Application Container Engine
	 Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
	 Active: active (running) since Thu 2024-05-09 12:16:39 -05; 1min 59s ago
TriggeredBy: ● docker.socket
	   Docs: https://docs.docker.com
   Main PID: 898 (dockerd)
	  Tasks: 10
	 Memory: 115.5M
		CPU: 743ms
	 CGroup: /system.slice/docker.service
			 └─898 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

May 09 12:16:38 localhost.localdomain dockerd[898]: time="2024-05-09T12:16:38.737403238-05:00" level=info msg="Loadin>
May 09 12:16:38 localhost.localdomain dockerd[898]: time="2024-05-09T12:16:38.813245035-05:00" level=info msg="Firewa>
May 09 12:16:39 localhost.localdomain dockerd[898]: time="2024-05-09T12:16:39.135978393-05:00" level=info msg="Firewa>
May 09 12:16:39 localhost.localdomain dockerd[898]: time="2024-05-09T12:16:39.317135361-05:00" level=info msg="Defaul>
May 09 12:16:39 localhost.localdomain dockerd[898]: time="2024-05-09T12:16:39.395731436-05:00" level=info msg="Firewa>
May 09 12:16:39 localhost.localdomain dockerd[898]: time="2024-05-09T12:16:39.479254464-05:00" level=info msg="Loadin>
May 09 12:16:39 localhost.localdomain dockerd[898]: time="2024-05-09T12:16:39.527925126-05:00" level=info msg="Docker>
May 09 12:16:39 localhost.localdomain dockerd[898]: time="2024-05-09T12:16:39.528743847-05:00" level=info msg="Daemon>
May 09 12:16:39 localhost.localdomain dockerd[898]: time="2024-05-09T12:16:39.592855541-05:00" level=info msg="API li>
May 09 12:16:39 localhost.localdomain systemd[1]: Started Docker Application Container Engine.

[furrego@localhost ~]$ docker compose version

Docker Compose version v2.27.0

all remaining steps here in video:

https://drive.google.com/file/d/1IYYlYHRkdi7dJpJuf-xBuqycpNjpkABT/view?usp=drivesdk

[manuel-sommer]

Please explain more detailed on what is exactly wrong? I can't see any errors here.
The title is reflected from the description.

[johnfelipe]

Tittle and description and all is wrong I upload demo XML, and tittle is not there, something happens El jue, 9 may 2024, 12:47 p. m., manuelsommer ***@***.***> escribió:

…

Please explain more detailed on what is exactly wrong? I can't see any errors here. The title is reflected from the description. — Reply to this email directly, view it on GitHub <#10175 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AADIWFGNGOTYCXU673IKOXDZBOZBVAVCNFSM6AAAAABHPGWPESVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBTGEZTQMBXGE> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[manuel-sommer]

Could you please do the following:

• Upload these files to the latest DefectDojo: https://github.com/DefectDojo/django-DefectDojo/blob/master/unittests/scans/hcl_appscan/issue_10074.xml
• https://github.com/DefectDojo/django-DefectDojo/blob/master/unittests/scans/hcl_appscan/issue_9279.xml

Then, please write down on which values you would expect, maybe also use an xml online formatter for these files to determine more specificly on what you would need. Please no video, but rather a screenshot of the part of the xml what you would like to have as a finding.

[johnfelipe]

Pls review this PDF report:

demo.testfire.net Security Report.pdf

and doing a simple comparison:

for example in xml show this:

and in report pdf show this:

but dojo is not taking good

<name>Blind SQL Injection</name>

this to

<text>It is possible to view, modify or delete database entries and tables</text>

[johnfelipe]

You need more information?
I can upload more screenshots and comparison with demo xml

[johnfelipe]

hi team, do u need something else for fix this bug or issue?