Add support for version and deduplication #1
Conversation
| @@ -59,6 +59,8 @@ All parameters need to be provided as environment variables: | |||
| | DD_PRODUCT_TYPE_NAME | Mandatory | Mandatory | If a product type with this name does not exist, it will be created | | |||
| | DD_PRODUCT_NAME | Mandatory | Mandatory | If a product with this name does not exist, it will be created | | |||
| | DD_ENGAGEMENT_NAME | Mandatory | - | If an engagement with this name does not exist for the given product, it will be created | | |||
| | DD_ENGAGEMENT_VERSION | Optional | - | If provided, the version is used as an additional filter to the name to find the matching engagement | | |||
| | DD_ENGAGEMENT_DEDUPLICATION | Optional | - | Default: false | | |||
There was a problem hiding this comment.
What did you need a deduplication flag?
There was a problem hiding this comment.
Different version of a "product" (redact-pipeline, redact-infer) will be tracked as different engaements. I don't want defect dojo to count identical finding across engagements as duplicates. Or otherway around each engagementt representing a differentt version should have it's independent findings.
There was a problem hiding this comment.
We are still only setting a portion of all possible fields.
For reference, these are all the field of an engagement:
{
"id": 15,
"tags": [],
"name": "Trivy Cron Audit",
"description": null,
"version": null,
"first_contacted": null,
"target_start": "2023-11-01",
"target_end": "2999-12-31",
"reason": null,
"updated": "2024-08-27T23:46:28.803182Z",
"created": "2023-11-01T10:42:19.375365Z",
"active": true,
"tracker": null,
"test_strategy": null,
"threat_model": true,
"api_test": true,
"pen_test": true,
"check_list": true,
"status": "In Progress",
"progress": "threat_model",
"tmodel_path": "none",
"done_testing": false,
"engagement_type": "CI/CD",
"build_id": null,
"commit_hash": null,
"branch_tag": null,
"source_code_management_uri": null,
"deduplication_on_engagement": false,
"lead": null,
"requester": null,
"preset": null,
"report_type": null,
"product": 3,
"build_server": null,
"source_code_management_server": null,
"orchestration_engine": null,
"notes": [],
"files": [],
"risk_acceptance": []
},
unittests/test_api.py
Outdated
| @@ -156,7 +156,7 @@ def test_new_product(self, mockPost, mockEnv): | |||
| def test_get_engagement_found(self, mockGet, mockEnv): | |||
| response = Mock(spec=Response) | |||
| response.status_code = 200 | |||
| response.text = '{\"count\": 2, \"results\": [{\"id\": 2, \"name\": \"engagement_dev\"}, {\"id\": 3, \"name\": \"engagement\"}]}' | |||
| response.text = '{\"count\": 2, \"results\": [{\"id\": 2, \"name\": \"engagement_dev\", \"version\": \"null\"}, {\"id\": 3, \"name\": \"engagement\", \"version\": \"null\"}, {\"id\": 4, \"name\": \"engagement\", \"version\": \"1.0.1\"}]}' | |||
There was a problem hiding this comment.
Why do you have \"count\": 2 but there are 3 results?
There was a problem hiding this comment.
right. Adjusted. In any case, doesn't seem to matter for the test. It passed before and still passes
| mockGet.return_value = response | ||
|
|
||
| api = Api() | ||
| id = api.get_engagement(self.product_id) |
There was a problem hiding this comment.
Why does this function return the first result?
There was a problem hiding this comment.
I guess you need to select someway. Taking the first is a reasonable option. In the end there is no clear way what to select if there are more than one matches. The only other reasonable way would be to fail the script if more than one entry is found. However this was already like this from the original author,
| self.assertEqual(id, self.engagement_id) | ||
| today = datetime.date.today().isoformat() | ||
| url = 'https://example.com/api/v2/engagements/' | ||
| payload = f'{{"name": "engagement", "product": 2, "target_start": "{today}", "target_end": "2999-12-31", "engagement_type": "CI/CD", "deduplication_on_engagement": false, "status": "In Progress", "version": "1.0.1"}}' |
There was a problem hiding this comment.
Does deduplication_on_engagement influence the version?
There was a problem hiding this comment.
I am not sure what payload does, but there is here "version": "1.0.1" and line 255, there is no version
There was a problem hiding this comment.
payload is the expected body of the internal rest request. This tool is "configured" using env vars and creates rest requests accordingly. In line 220 you see that the DD_ENGAGEMENT_VERSION is set. That's why the tool includes version in the rest request. DD_ENGAGEMENT_DEDUPLICATION is not set so the request includes the default value. For Version there is no default. If it isn't defined it will not be in the body.
No description provided.