MaibornWolff · StefanFl · Feb 13, 2022 · Feb 13, 2022 · Feb 13, 2022 · Feb 13, 2022
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,19 +1,19 @@
 
 variables:
-  DOCKER_ARTIFACT_URL: "maibornwolff/dd-import:1.0.4"
+  DOCKER_ARTIFACT_URL: "maibornwolff/dd-import:1.0.5"
   DD_PRODUCT_TYPE_NAME: "Showcase"
   DD_PRODUCT_NAME: "DefectDojo Importer"
   DD_ENGAGEMENT_NAME: "GitLab"
 
-include:
-  - template: Security/SAST.gitlab-ci.yml
+# include:
+#   - template: Security/SAST.gitlab-ci.yml
 
-bandit-sast:
-  artifacts:
-    paths:
-    - gl-sast-report.json
-    when: always
-    expire_in: 1 day
+# bandit-sast:
+#   artifacts:
+#     paths:
+#     - gl-sast-report.json
+#     when: always
+#     expire_in: 1 day
 
 stages:
   - test
@@ -31,7 +31,7 @@ trivy:
     - wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
   allow_failure: true
   script:
-    - ./trivy --exit-code 0 --no-progress -f json -o trivy.json "$DOCKER_ARTIFACT_URL"
+    - ./trivy image --no-progress -f json -o trivy.json "$DOCKER_ARTIFACT_URL"
   artifacts:
     paths:
     - trivy.json
@@ -77,19 +77,19 @@ cloc:
     when: always
     expire_in: 1 day
 
-upload_bandit:
-  stage: upload
-  image: ${DOCKER_ARTIFACT_URL}
-  needs:
-    - job: bandit-sast
-      artifacts: true  
-  variables:
-    GIT_STRATEGY: none
-    DD_TEST_NAME: "Bandit"
-    DD_TEST_TYPE_NAME: "GitLab SAST Report"
-    DD_FILE_NAME: "gl-sast-report.json"
-  script:
-    - dd-reimport-findings.sh
+# upload_bandit:
+#   stage: upload
+#   image: ${DOCKER_ARTIFACT_URL}
+#   needs:
+#     - job: bandit-sast
+#       artifacts: true  
+#   variables:
+#     GIT_STRATEGY: none
+#     DD_TEST_NAME: "Bandit"
+#     DD_TEST_TYPE_NAME: "GitLab SAST Report"
+#     DD_FILE_NAME: "gl-sast-report.json"
+#   script:
+#     - dd-reimport-findings.sh
 
 upload_trivy:
   stage: upload

diff --git a/dd_import/dd_api.py b/dd_import/dd_api.py
@@ -28,13 +28,12 @@ def get_product_type(self):
                          params=payload)
         r.raise_for_status()
         product_type_data = json.loads(r.text)
-        if product_type_data['count'] > 0:
-            product_type_id = product_type_data['results'][0]['id']
-            print('Product type found, id: ', product_type_id)
-            return product_type_id
-        else:
-            raise Exception('Product type {} not found'.
-                            format(self.environment.product_type_name))
+        for product_type in product_type_data.get('results', []):
+            if product_type.get('name', '') == self.environment.product_type_name:
+                product_type_id = product_type['id']
+                print('Product type found, id: ', product_type_id)
+                return product_type_id
+        raise Exception(f'Product type {self.environment.product_type_name} not found')
 
     def get_product(self, product_type):
         payload = {'name': self.environment.product_name,
@@ -44,12 +43,12 @@ def get_product(self, product_type):
                          params=payload)
         r.raise_for_status()
         product_data = json.loads(r.text)
-        if product_data['count'] > 0:
-            product_id = product_data['results'][0]['id']
-            print('Product found,      id: ', product_id)
-            return product_id
-        else:
-            return self.new_product(product_type)
+        for product in product_data.get('results', []):
+            if product.get('name', '') == self.environment.product_name:
+                product_id = product['id']
+                print('Product found,      id: ', product_id)
+                return product_id
+        return self.new_product(product_type)
 
     def new_product(self, product_type):
         payload = {'name': self.environment.product_name,
@@ -71,12 +70,12 @@ def get_engagement(self, product):
                          params=payload)
         r.raise_for_status()
         engagement_data = json.loads(r.text)
-        if engagement_data['count'] > 0:
-            engagement_id = engagement_data['results'][0]['id']
-            print('Engagement found,   id: ', engagement_id)
-            return engagement_id
-        else:
-            return self.new_engagement(product)
+        for engagement in engagement_data.get('results', []):
+            if engagement.get('name', '') == self.environment.engagement_name:
+                engagement_id = engagement['id']
+                print('Engagement found,   id: ', engagement_id)
+                return engagement_id
+        return self.new_engagement(product)
 
     def new_engagement(self, product):
         payload = {'name': self.environment.engagement_name,
@@ -113,12 +112,12 @@ def get_test(self, engagement):
                          params=payload)
         r.raise_for_status()
         test_data = json.loads(r.text)
-        if test_data['count'] > 0:
-            test_id = test_data['results'][0]['id']
-            print('Test found,         id: ', test_id)
-            return test_id
-        else:
-            return self.new_test(engagement)
+        for test in test_data.get('results', []):
+            if test.get('title', '') == self.environment.test_name:
+                test_id = test['id']
+                print('Test found,         id: ', test_id)
+                return test_id
+        return self.new_test(engagement)
 
     def new_test(self, engagement):
         today = datetime.date.today()
@@ -144,11 +143,10 @@ def get_test_type(self):
                          params=payload)
         r.raise_for_status()
         test_type_data = json.loads(r.text)
-        if test_type_data['count'] > 0:
-            return test_type_data['results'][0]['id']
-        else:
-            raise Exception('Test type {} not found'.
-                            format(self.environment.test_type_name))
+        for test_type in test_type_data.get('results', []):
+            if test_type.get('name', '') == self.environment.test_type_name:
+                return test_type['id']
+        raise Exception(f'Test type {self.environment.test_type_name} not found')
 
     def reimport_scan(self, test):
         payload = {'scan_date': datetime.date.today().isoformat(),

diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = dd-import
-version = 1.0.4
+version = 1.0.5
 author = Stefan Fleckenstein
 author_email = [email protected]
 description = A utility to (re-)import findings and language data into DefectDojo

diff --git a/unittests/test_api.py b/unittests/test_api.py
@@ -29,7 +29,7 @@ def setUp(self):
     def test_get_product_type_found(self, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 1, \"results\": [{\"id\": 1}]}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 0, \"name\": \"product_type_dev\"}, {\"id\": 1, \"name\": \"product_type\"}]}'
         mockGet.return_value = response
 
         api = Api()
@@ -49,7 +49,7 @@ def test_get_product_type_found(self, mockGet, mockEnv):
     def test_get_product_type_not_found(self, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 0}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 0, \"name\": \"product_type_dev\"}, {\"id\": 1, \"name\": \"product_type_prod\"}]}'
         mockGet.return_value = response
 
         with self.assertRaises(Exception) as cm:
@@ -70,7 +70,7 @@ def test_get_product_type_not_found(self, mockGet, mockEnv):
     def test_get_product_found(self, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 1, \"results\": [{\"id\": 2}]}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 1, \"name\": \"product_dev\"}, {\"id\": 2, \"name\": \"product\"}]}'
         mockGet.return_value = response
 
         api = Api()
@@ -91,7 +91,7 @@ def test_get_product_found(self, mockGet, mockEnv):
     def test_get_product_not_found(self, mockNewProduct, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 0}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 1, \"name\": \"product_dev\"}, {\"id\": 2, \"name\": \"product_prod\"}]}'
         mockGet.return_value = response
         mockNewProduct.return_value = self.product_id
 
@@ -133,7 +133,7 @@ def test_new_product(self, mockPost, mockEnv):
     def test_get_engagement_found(self, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 1, \"results\": [{\"id\": 3}]}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 2, \"name\": \"engagement_dev\"}, {\"id\": 3, \"name\": \"engagement\"}]}'
         mockGet.return_value = response
 
         api = Api()
@@ -154,7 +154,7 @@ def test_get_engagement_found(self, mockGet, mockEnv):
     def test_get_engagement_not_found(self, mockNewEngagement, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 0}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 2, \"name\": \"engagement_dev\"}, {\"id\": 3, \"name\": \"engagement_prod\"}]}'
         mockGet.return_value = response
         mockNewEngagement.return_value = self.engagement_id
 
@@ -234,7 +234,7 @@ def test_update_engagement(self, mockPatch, mockEnv):
     def test_get_test_found(self, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 1, \"results\": [{\"id\": 4}]}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 2}, {\"id\": 3, \"title\": \"test_dev\"}, {\"id\": 4, \"title\": \"test\"}]}'
         mockGet.return_value = response
 
         api = Api()
@@ -255,7 +255,7 @@ def test_get_test_found(self, mockGet, mockEnv):
     def test_get_test_not_found(self, mockNewTest, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 0}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 2}, {\"id\": 3, \"title\": \"test_dev\"}, {\"id\": 4, \"title\": \"test_prod\"}]}'
         mockGet.return_value = response
         mockNewTest.return_value = self.test_id
 
@@ -307,7 +307,7 @@ def test_new_test(self, mockTestType, mockPost, mockEnv):
     def test_get_test_type_found(self, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 1, \"results\": [{\"id\": 5}]}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 4, \"name\": \"test_type_dev\"}, {\"id\": 5, \"name\": \"test_type\"}]}'
         mockGet.return_value = response
 
         api = Api()
@@ -327,7 +327,7 @@ def test_get_test_type_found(self, mockGet, mockEnv):
     def test_get_test_type_not_found(self, mockGet, mockEnv):
         response = Mock(spec=Response)
         response.status_code = 200
-        response.text = '{\"count\": 0}'
+        response.text = '{\"count\": 2, \"results\": [{\"id\": 4, \"name\": \"test_type_dev\"}, {\"id\": 5, \"name\": \"test_type_prod\"}]}'
         mockGet.return_value = response
 
         with self.assertRaises(Exception) as cm: