Importers: Force tags to lowercase

[Maffooch]

When adding tags on a model object through the UI or API, the tag is forced to lowercase. Here is an example of the finding model with this requirement:

django-DefectDojo/dojo/models.py

Line 2571 in fafe5c3

tags = TagField(blank=True, force_lowercase=True, help_text=_("Add tags that help describe this finding. Choose from the list or add new tags. Press Enter key to add."))

The issue is that when doing imports, something is bypassed in the way that tags are being added to the model. They are being added like any other many to may relationship, but the force_lowercase flag is not being respected for some reason. Instead, we can just force the tags to be lowercased ourselves when the importer processes the tags

[sc-8280]

[dryrunsecurity]

DryRun Security Summary

The code change in the dojo/importers/options.py file focuses on the validate_tags function, which now converts all tags to lowercase before returning the validated list, a positive improvement for application security by ensuring consistent and case-insensitive handling of findings.

Expand for full summary

Summary:

The code change in the dojo/importers/options.py file is focused on the validate_tags function, which is responsible for validating the tags field in the ImporterOptions class. The primary change is the addition of a new line that forces all tags to be converted to lowercase before returning the validated list of tags.

This change is a positive improvement from an application security perspective, as it ensures that the tags are standardized and consistent, which can help with the organization and management of findings. Ensuring that all tags are in lowercase can help prevent issues related to case-sensitivity, such as duplicate tags or difficulty in searching and filtering findings. Additionally, the conversion to lowercase can help mitigate potential security issues related to case-sensitive input handling, making the application more robust against potential attacks that attempt to exploit case-sensitive vulnerabilities.

Files Changed:

• dojo/importers/options.py: The changes in this file are related to the validate_tags function, which is responsible for validating the tags field in the ImporterOptions class. The main change is the addition of a new line that forces all tags to be converted to lowercase before returning the validated list of tags. This change is a positive improvement from an application security perspective, as it enhances the consistency and reliability of the data handling within the application.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved