Fix Qualys parser to prevent merging findings on different ports#14269
Open
ArnaavSinghSandhu wants to merge 2 commits intoDefectDojo:masterfrom
Open
Fix Qualys parser to prevent merging findings on different ports#14269ArnaavSinghSandhu wants to merge 2 commits intoDefectDojo:masterfrom
ArnaavSinghSandhu wants to merge 2 commits intoDefectDojo:masterfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fix: Qualys Infrastructure Scan merging findings on different ports.
Currently, the Qualys parser collapses multiple findings of the same QID into a single finding if they occur on the same host, even if they are on different ports (e.g., a vulnerability found on both port 80 and port 443). This results in data loss during the import process.
This PR implements the following:
Updated parse_finding in dojo/tools/qualys/parser.py to correctly extract the tag from the Qualys XML.
Correctly maps these ports to the unsaved_endpoints and unsaved_locations attributes of the Finding object.
Ensures that findings remain distinct in DefectDojo by recognizing the unique port/endpoint combination.
Test results
I have verified this fix using the following steps:
New Unit Test: Added test_parse_file_with_multiple_ports_for_same_qid to unittests/tools/test_qualys_parser.py.
Sample Data: Created unittests/scans/qualys/test_qualys.xml which contains a single QID assigned to two different ports on the same host.
Execution: Ran the unit test suite inside the Docker environment.
Result: Ran 1 test in 0.009s. OK. The parser now correctly identifies 2 distinct findings instead of 1.
Documentation
No documentation changes are required as this is a bug fix for existing parser logic to bring it in line with expected DefectDojo behavior.
Checklist
[x] Bugfixes should be submitted against the bugfix branch.
[x] Give a meaningful name to your PR.
[x] Your code is flake8 compliant.
[x] Add applicable tests to the unit tests.