add unittests and grype

Author: manuel-sommer

dojo/tools/anchore_grype/parser.py

@@ -121,7 +121,9 @@ def get_findings(self, file, test):
                 finding_description += f"\n**Package URL:** {artifact_purl}"
 
             finding_mitigation = None
+            fix_available = False
             if vuln_fix_versions:
+                fix_available = True
                 finding_mitigation = "Upgrade to version:"
                 if len(vuln_fix_versions) == 1:
                     finding_mitigation += f" {vuln_fix_versions[0]}"
@@ -200,6 +202,7 @@ def get_findings(self, file, test):
                     dynamic_finding=False,
                     nb_occurences=1,
                     file_path=file_path,
+                    fix_available=fix_available,
                 )
                 dupes[dupe_key].unsaved_vulnerability_ids = vulnerability_ids
 

unittests/scans/anchore_grype/fix_available.json

@@ -102,6 +102,8 @@ def __init__(self, *args, **kwargs):
         self.scan_type_gitlab_dast = "GitLab DAST Report"
 
         self.anchore_grype_file_name = get_unit_tests_scans_path("anchore_grype") / "check_all_fields.json"
+        self.anchore_grype_file_name_fix_not_available = get_unit_tests_scans_path("anchore_grype") / "fix_not_available.json"
+        self.anchore_grype_file_name_fix_available = get_unit_tests_scans_path("anchore_grype") / "fix_available.json"
         self.anchore_grype_scan_type = "Anchore Grype"
 
         self.checkmarx_one_open_and_false_positive = get_unit_tests_scans_path("checkmarx_one") / "one-open-one-false-positive.json"
@@ -1692,6 +1694,27 @@ def test_import_reimport_vulnerability_ids(self):
         self.assertEqual("GHSA-v6rh-hp5x-86rv", findings[3].vulnerability_ids[0])
         self.assertEqual("CVE-2021-44420", findings[3].vulnerability_ids[1])
 
+    def test_import_reimport_fix_available(self):
+        import0 = self.import_scan_with_params(self.anchore_grype_file_name_fix_not_available, scan_type=self.anchore_grype_scan_type)
+        test_id = import0["test"]
+        test = Test.objects.get(id=test_id)
+        findings = Finding.objects.filter(test=test)
+        self.assertEqual(1, len(findings))
+        self.assertEqual(False, findings[0].fix_available)
+        test_type = Test_Type.objects.get(name=self.anchore_grype_scan_type)
+        reimport_test = Test(
+            engagement=test.engagement,
+            test_type=test_type,
+            scan_type=self.anchore_grype_scan_type,
+            target_start=datetime.now(timezone.get_current_timezone()),
+            target_end=datetime.now(timezone.get_current_timezone()),
+        )
+        reimport_test.save()
+        self.reimport_scan_with_params(reimport_test.id, self.anchore_grype_file_name_fix_available, scan_type=self.anchore_grype_scan_type)
+        findings = Finding.objects.filter(test=reimport_test)
+        self.assertEqual(1, len(findings))
+        self.assertEqual(True, findings[0].fix_available)
+
     def test_import_history_reactivated_and_untouched_findings_do_not_mix(self):
         import0 = self.import_scan_with_params(self.generic_import_1, scan_type=self.scan_type_generic)
         test_id = import0["test"]

unittests/scans/anchore_grype/fix_not_available.json

@@ -265,6 +265,7 @@ def test_grype_issue_9618(self):
             parser = AnchoreGrypeParser()
             findings = parser.get_findings(testfile, Test())
             self.assertEqual(35, len(findings))
+            self.assertEqual(findings[0].fix_available, True)
 
     def test_grype_issue_9942(self):
         with (get_unit_tests_scans_path("anchore_grype") / "issue_9942.json").open(encoding="utf-8") as testfile: