Merge pull request #14107 from DefectDojo/import-push-to-jira-when-not-grouped

Import/Reimport: Push to jira when findings is not grouped

Author: rossops

dojo/importers/base_importer.py

@@ -767,11 +767,13 @@ def process_finding_groups(
         self,
         finding: Finding,
         group_names_to_findings_dict: dict,
-    ) -> None:
+    ) -> bool:
         """
         Determines how to handle an incoming finding with respect to grouping
         if finding groups are enabled, use the supplied grouping mechanism to
-        store a reference of how the finding should be grouped
+        store a reference of how the finding should be grouped.
+
+        Returns True if the finding was added to a group, False otherwise.
         """
         if self.findings_groups_enabled and self.group_by:
             # If finding groups are enabled, group all findings by group name
@@ -781,6 +783,8 @@ def process_finding_groups(
                     group_names_to_findings_dict[name].append(finding)
                 else:
                     group_names_to_findings_dict[name] = [finding]
+                return True
+        return False
 
     def process_request_response_pairs(
         self,

dojo/importers/default_importer.py

@@ -222,7 +222,7 @@ def process_findings(
             unsaved_finding.save_no_options()
 
             # Determine how the finding should be grouped
-            self.process_finding_groups(
+            finding_will_be_grouped = self.process_finding_groups(
                 finding,
                 group_names_to_findings_dict,
             )
@@ -245,7 +245,7 @@ def process_findings(
             # all data is already saved on the finding, we only need to trigger post processing in batches
             logger.debug("process_findings: self.push_to_jira=%s, self.findings_groups_enabled=%s, self.group_by=%s",
                          self.push_to_jira, self.findings_groups_enabled, self.group_by)
-            push_to_jira = self.push_to_jira and (not self.findings_groups_enabled or not self.group_by)
+            push_to_jira = self.push_to_jira and ((not self.findings_groups_enabled or not self.group_by) or not finding_will_be_grouped)
             logger.debug("process_findings: computed push_to_jira=%s", push_to_jira)
             batch_finding_ids.append(finding.id)
 

dojo/importers/default_reimporter.py

@@ -359,6 +359,8 @@ def process_findings(
                         unsaved_finding,
                         existing_finding,
                     )
+                    # Findings that have already exist cannot be moved to into a group
+                    finding_will_be_grouped = False
                     # Determine if we should skip the rest of the loop
                     if force_continue:
                         continue
@@ -374,7 +376,7 @@ def process_findings(
                             self.user,
                         )
                 else:
-                    finding = self.process_finding_that_was_not_matched(unsaved_finding)
+                    finding, finding_will_be_grouped = self.process_finding_that_was_not_matched(unsaved_finding)
 
                     # Add newly created finding to candidates for subsequent findings in this batch
                     self.add_new_finding_to_candidates(
@@ -392,7 +394,7 @@ def process_findings(
                         unsaved_finding,
                     )
                     # all data is already saved on the finding, we only need to trigger post processing in batches
-                    push_to_jira = self.push_to_jira and (not self.findings_groups_enabled or not self.group_by)
+                    push_to_jira = self.push_to_jira and ((not self.findings_groups_enabled or not self.group_by) or not finding_will_be_grouped)
                     batch_finding_ids.append(finding.id)
 
                     # Post-processing batches (deduplication, rules, etc.) are separate from matching batches.
@@ -827,7 +829,7 @@ def process_matched_active_finding(
     def process_finding_that_was_not_matched(
         self,
         unsaved_finding: Finding,
-    ) -> Finding:
+    ) -> tuple[Finding, bool]:
         """Create a new finding from the one parsed from the report"""
         # Set some explicit settings
         unsaved_finding.reporter = self.user
@@ -855,15 +857,15 @@ def process_finding_that_was_not_matched(
             f"({finding.component_name} - {finding.component_version})",
         )
         # Manage the finding grouping selection
-        self.process_finding_groups(
+        finding_will_be_grouped = self.process_finding_groups(
             unsaved_finding,
             self.group_names_to_findings_dict,
         )
         # Add the new finding to the list
         self.new_items.append(unsaved_finding)
         # Process any request/response pairs
         self.process_request_response_pairs(unsaved_finding)
-        return unsaved_finding
+        return unsaved_finding, finding_will_be_grouped
 
     def reconcile_vulnerability_ids(
         self,

unittests/test_jira_import_and_pushing_api.py

@@ -185,6 +185,15 @@ def test_import_with_groups_with_push_to_jira_is_false_but_push_all(self):
         # by asserting full cassette is played we know issues have been updated in JIRA
         self.assert_cassette_played()
 
+    def test_import_with_group_by_with_push_all_but_no_groups_created(self):
+        self.set_jira_push_all_issues(self.get_engagement(1))
+        import0 = self.import_scan_with_params(self.zap_sample5_filename, group_by="component_name+component_version", verified=True)
+        test_id = import0["test"]
+        self.assert_jira_issue_count_in_test(test_id, 2)
+        self.assert_jira_group_issue_count_in_test(test_id, 0)
+        # by asserting full cassette is played we know issues have been updated in JIRA
+        self.assert_cassette_played()
+
     def test_import_no_push_to_jira_reimport_no_push_to_jira(self):
         import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True)
         test_id = import0["test"]