Skip to content

Commit d282030

Browse files
Jino-TMaffooch
Jino-T
and
Maffooch
authored
Make SonarQube Parser use creationDate for Date (#13919)
* Sonarqube parse creationDate * added better handling of date conversions * Apply suggestions from code review * Update dojo/tools/sonarqube/sonarqube_restapi_json.py --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
1 parent 51906e6 commit d282030

2 files changed

Lines changed: 31 additions & 0 deletions

File tree

dojo/tools/sonarqube/sonarqube_restapi_json.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
import re
22

3+
import dateutil.parser
4+
from django.utils import timezone
5+
36
from dojo.models import Finding
47

58

@@ -23,6 +26,10 @@ def get_json_items(self, json_content, test, mode):
2326
scope = issue.get("scope")
2427
quickFixAvailable = str(issue.get("quickFixAvailable"))
2528
codeVariants = str(issue.get("codeVariants"))
29+
try:
30+
date = str(dateutil.parser.parse(issue.get("creationDate")).date())
31+
except (ValueError, TypeError, dateutil.parser.ParserError):
32+
date = timezone.now()
2633
description = ""
2734
description += "**key:** " + key + "\n"
2835
description += "**rule:** " + rule + "\n"
@@ -50,6 +57,7 @@ def get_json_items(self, json_content, test, mode):
5057
dynamic_finding=False,
5158
tags=["bug"],
5259
line=line,
60+
date=date,
5361
)
5462
elif issue.get("type") == "VULNERABILITY":
5563
key = issue.get("key")
@@ -61,6 +69,10 @@ def get_json_items(self, json_content, test, mode):
6169
message = issue.get("message")
6270
line = issue.get("line")
6371
cwe = None
72+
try:
73+
date = str(dateutil.parser.parse(issue.get("creationDate")).date())
74+
except (ValueError, TypeError, dateutil.parser.ParserError):
75+
date = timezone.now()
6476
if "Category: CWE-" in message:
6577
cwe_pattern = r"Category: CWE-\d{1,5}"
6678
cwes = re.findall(cwe_pattern, message)
@@ -119,6 +131,7 @@ def get_json_items(self, json_content, test, mode):
119131
file_path=component,
120132
tags=["vulnerability"],
121133
line=line,
134+
date=date,
122135
)
123136
vulnids = []
124137
if "Reference: CVE" in message:
@@ -154,6 +167,10 @@ def get_json_items(self, json_content, test, mode):
154167
scope = issue.get("scope")
155168
quickFixAvailable = str(issue.get("quickFixAvailable"))
156169
codeVariants = issue.get("codeVariants", [])
170+
try:
171+
date = str(dateutil.parser.parse(issue.get("creationDate")).date())
172+
except (ValueError, TypeError, dateutil.parser.ParserError):
173+
date = timezone.now()
157174
description = ""
158175
description += "**rule:** " + rule + "\n"
159176
description += "**component:** " + component + "\n"
@@ -185,6 +202,7 @@ def get_json_items(self, json_content, test, mode):
185202
file_path=component,
186203
tags=["code_smell"],
187204
line=line,
205+
date=date,
188206
)
189207
items.append(item)
190208
if json_content.get("hotspots"):
@@ -200,6 +218,10 @@ def get_json_items(self, json_content, test, mode):
200218
flows = hotspot.get("flows", [])
201219
ruleKey = hotspot.get("ruleKey")
202220
messageFormattings = hotspot.get("messageFormattings", [])
221+
try:
222+
date = str(dateutil.parser.parse(hotspot.get("creationDate")).date())
223+
except (ValueError, TypeError, dateutil.parser.ParserError):
224+
date = timezone.now()
203225
description = ""
204226
description += "**key:** " + key + "\n"
205227
description += "**component:** " + component + "\n"
@@ -229,6 +251,7 @@ def get_json_items(self, json_content, test, mode):
229251
file_path=component,
230252
tags=["hotspot"],
231253
line=line,
254+
date=date,
232255
)
233256
items.append(item)
234257
return items

unittests/tools/test_sonarqube_parser.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -579,20 +579,25 @@ def test_parse_json_file_from_api_with_multiple_findings_json(self):
579579
self.assertEqual("6.4", item.cvssv3_score)
580580
self.assertEqual("package", item.component_name)
581581
self.assertEqual("1.1.2", item.component_version)
582+
self.assertEqual("2023-10-16", item.date)
582583
item = findings[1]
583584
self.assertEqual("Web:TableWithoutCaptionCheck_asdfwfewfwefewf", item.title)
584585
self.assertEqual("Low", item.severity)
585586
self.assertEqual(0, item.cwe)
586587
self.assertIsNone(item.cvssv3_score)
588+
self.assertEqual("2023-07-25", item.date)
587589
item = findings[2]
588590
self.assertEqual("typescript:S1533_fjoiewfjoweifjoihugu-", item.title)
589591
self.assertEqual("Low", item.severity)
592+
self.assertEqual("2024-01-29", item.date)
590593
item = findings[3]
591594
self.assertEqual("GHSA-frr2-c345-p7c2", item.unsaved_vulnerability_ids[0])
595+
self.assertEqual("2023-10-16", item.date)
592596
item = findings[4]
593597
self.assertEqual("CVE-2023-52428", item.unsaved_vulnerability_ids[0])
594598
self.assertEqual("nimbus-jose-jwt-9.24.4.jar", item.component_name)
595599
self.assertIsNone(item.component_version)
600+
self.assertEqual("2023-10-16", item.date)
596601
my_file_handle.close()
597602

598603
def test_parse_json_file_from_api_with_multiple_findings_hotspots_json(self):
@@ -606,12 +611,15 @@ def test_parse_json_file_from_api_with_multiple_findings_hotspots_json(self):
606611
self.assertEqual(str, type(item.description))
607612
self.assertEqual("typescript:7777_fwafewef", item.title)
608613
self.assertEqual("High", item.severity)
614+
self.assertEqual("2024-02-13", item.date)
609615
item = findings[1]
610616
self.assertEqual("Web:1222_cyxcvyxcvyxv", item.title)
611617
self.assertEqual("Low", item.severity)
618+
self.assertEqual("2023-07-27", item.date)
612619
item = findings[2]
613620
self.assertEqual("Web:9876_werrwerwerwer", item.title)
614621
self.assertEqual("Low", item.severity)
622+
self.assertEqual("2023-07-27", item.date)
615623
my_file_handle.close()
616624

617625
def test_parse_json_file_from_api_with_empty_json(self):

0 commit comments

Comments
 (0)