Keep the DT uuid in vuln_id_from_tool for backward compatibility

Author: AndreVirtimo

dojo/tools/dependency_track/parser.py

@@ -198,6 +198,7 @@ def _convert_dependency_track_finding_to_dojo_finding(self, dependency_track_fin
             vulnerability_description += "\nVulnerability Description: {description}".format(description=dependency_track_finding["vulnerability"]["description"])
         if "uuid" in dependency_track_finding["vulnerability"] and dependency_track_finding["vulnerability"]["uuid"] is not None:
             unique_id_from_tool = dependency_track_finding["vulnerability"]["uuid"]
+            vuln_id_from_tool = dependency_track_finding["vulnerability"]["uuid"]
 
         # Get severity according to Dependency Track and convert it to a severity DefectDojo understands
         dependency_track_severity = dependency_track_finding["vulnerability"]["severity"]
@@ -230,6 +231,7 @@ def _convert_dependency_track_finding_to_dojo_finding(self, dependency_track_fin
             component_version=component_version,
             file_path=file_path,
             unique_id_from_tool=unique_id_from_tool,
+            vuln_id_from_tool=vuln_id_from_tool,
             static_finding=True,
             dynamic_finding=False)
 

unittests/tools/test_dependency_track_parser.py

@@ -42,6 +42,7 @@ def test_dependency_track_parser_has_many_findings(self):
             self.assertEqual(1, len(findings[2].unsaved_vulnerability_ids))
             self.assertEqual("CVE-2016-2097", findings[2].unsaved_vulnerability_ids[0])
             self.assertEqual("900991f6-335a-49cb-9bf6-87b545f960ce", findings[2].unique_id_from_tool)
+            self.assertEqual("900991f6-335a-49cb-9bf6-87b545f960ce", findings[2].vuln_id_from_tool)
             self.assertTrue(findings[2].false_p)
             self.assertTrue(findings[2].is_mitigated)
             self.assertFalse(findings[2].active)
@@ -76,6 +77,7 @@ def test_dependency_track_parser_findings_with_alias(self):
             self.assertEqual(12, len(findings))
             self.assertTrue(all(item.file_path is not None for item in findings))
             self.assertTrue(all(item.unique_id_from_tool is not None for item in findings))
+            self.assertTrue(all(item.vuln_id_from_tool is not None for item in findings))
             self.assertIn("CVE-2022-42004", findings[0].unsaved_vulnerability_ids)
             self.assertIn("DSA-5283-1", findings[0].unsaved_vulnerability_ids)
             self.assertIn("GHSA-rgv9-q543-rqg4", findings[0].unsaved_vulnerability_ids)
@@ -97,6 +99,7 @@ def test_dependency_track_parser_findings_with_cvssV3_score(self):
         self.assertEqual(12, len(findings))
         self.assertTrue(all(item.file_path is not None for item in findings))
         self.assertTrue(all(item.unique_id_from_tool is not None for item in findings))
+        self.assertTrue(all(item.vuln_id_from_tool is not None for item in findings))
         self.assertIn("CVE-2022-42004", findings[0].unsaved_vulnerability_ids)
         self.assertEqual(8.3, findings[0].cvssv3_score)