risk accepted findings are no longer mitigated (#9050)

Co-authored-by: Cody Maffucci <cmmaffucci@gmail.com>

Author: lme-nca

dojo/importers/default_reimporter.py

@@ -476,6 +476,13 @@ def process_matched_special_status_finding(
         ):
             self.unchanged_items.append(existing_finding)
             return existing_finding, True
+        # If the finding is risk accepted and inactive in Defectdojo we do not sync the status from the scanner
+        # We also need to add the finding to 'unchanged_items' as otherwise it will get mitigated by the reimporter
+        # (Risk accepted findings are not set to mitigated by Defectdojo)
+        # We however do not exit the loop as we do want to update the endpoints (in case some endpoints were fixed)
+        elif existing_finding.risk_accepted and not existing_finding.active:
+            self.unchanged_items.append(existing_finding)
+            return existing_finding, False
         # The finding was not an exact match, so we need to add more details about from the
         # new finding to the existing. Return False here to make process further
         return existing_finding, False

unittests/test_import_reimport.py

@@ -1115,7 +1115,7 @@ def test_import_reimport_keep_false_positive_and_out_of_scope(self):
         active_findings_before = self.get_test_findings_api(test_id, active=True)
         self.assert_finding_count_json(0, active_findings_before)
 
-        with assertTestImportModelsCreated(self, reimports=1, affected_findings=1, created=1):
+        with assertTestImportModelsCreated(self, reimports=1, affected_findings=1, created=1, untouched=1):
             reimport0 = self.reimport_scan_with_params(test_id, self.zap_sample0_filename)
 
         self.assertEqual(reimport0["test"], test_id)