Import: leverage the minimum severity flag

[Maffooch]

The minimum_seveirty flag was parsed and managed by the ImporterOptions class, but was never actually used by the Importers. This PR corrects that and adds a unit test to ensure the flag is working as expected.

[sc-6837]

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the functionality and security-related capabilities of the DefectDojo application, particularly in the areas of security finding import, reimport, and management, with changes to filtering findings by severity, ensuring minimum severity thresholds, and introducing extensive unit tests to ensure the accuracy and reliability of the import/reimport functionality.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the functionality and security-related capabilities of the DefectDojo application, particularly in the areas of security finding import, reimport, and management.

The key changes include:

1. Addition of a severity parameter to the get_test_findings_api method, which allows filtering findings by severity. This can improve prioritization, reporting, and monitoring of security issues.

2. Modifications to the DefaultReImporter class to ensure that the minimum severity threshold is always applied and to support different deduplication algorithms. These changes help to make the reimport process more robust and reliable.

3. Changes to the DefaultImporter class to use the self.minimum_severity attribute instead of the kwargs parameter for filtering findings. This improves the consistency and maintainability of the code.

4. Extensive unit tests in the test_import_reimport.py file that cover a wide range of scenarios related to importing and reimporting security scan reports. These tests help to ensure the accuracy and reliability of the import/reimport functionality.

From an application security perspective, these changes are generally positive, as they focus on improving the security-related functionality and robustness of the DefectDojo application. However, it's important to continue reviewing the code changes and the overall security posture of the application to ensure that no unintended security vulnerabilities or issues are introduced.

Files Changed:

1. unittests/dojo_test_case.py: The changes introduce a new severity parameter to the get_test_findings_api method, which allows filtering findings by severity. This can improve security-related tasks such as prioritizing findings, reporting, and monitoring.

2. dojo/importers/default_reimporter.py: The changes ensure that the minimum severity threshold is always applied and support different deduplication algorithms, improving the reliability and consistency of the reimport process.

3. dojo/importers/default_importer.py: The changes modify the condition that filters findings based on the minimum severity, ensuring that the minimum severity is always taken from the self.minimum_severity attribute.

4. unittests/test_import_reimport.py: The changes introduce a comprehensive set of unit tests that cover various scenarios related to importing and reimporting security scan reports. These tests help to ensure the accuracy and reliability of the import/reimport functionality.

Code Analysis

We ran 7 analyzers against 4 files and 0 analyzers had findings. 7 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved