Bugcrowd API parser fixes #7163
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
damiencarol
approved these changes
Nov 18, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I noticed that my implementation did a duplicate detection in the wrong way, since Bugcrowd itself marks submissions as duplicates, but they mean something else: another researcher made a submission about the same thing.
Since my API client is not returning the duplicate submissions, but only the "first come, first served" submission, there is no reason to use the duplicate field, and it was throwing a lot of issues.
So I ripped out the line
duplicate=bugcrowd_duplicate,I'm also fixing the links in the defectdojo findings in markdown, I had to propagate the api scan configuration object back to the parser so it can get the service key 1, which is the program name required in the url link.
I also have removed the "Informational" state from the active issues. It is considered to be a closed subject when Informational is used, so a lot of issues were shown active for no reason.
Lastly, I have added an inclusion of fields in the API call, to try to get the external Jira issues linked (but it's not implemented by the API yet apparently) and also getting the program, but it's not giving the name of it yet.