fix: update Qualys parser to support port-based findings#14288
fix: update Qualys parser to support port-based findings#14288ArnaavSinghSandhu wants to merge 1 commit intoDefectDojo:devfrom
Conversation
ArnaavSinghSandhu
requested review from
Maffooch and
mtesauro
as code owners
|
@ArnaavSinghSandhu something I had not considered sooner is that what happens to existing qualys findings after this parser change? Would the endpoint from previous imports still continue to be matched, or would they be marked as mitigated, and new endpoints with ports be created? |
|
That's a good point, @Maffooch. Since the endpoint string is changing from just the IP to IP:Port, DefectDojo will indeed treat them as new EndPoint objects. On the next import: The old Endpoints (IP only) will likely be marked as mitigated because they are no longer present in the scan file in that exact format. The new Endpoints (IP:Port) will be created. However, because we removed endpoints from the get_dedupe_fields (as per your request), the Findings themselves will not duplicate. They will simply point to the new, more accurate endpoints. |
ArnaavSinghSandhu
force-pushed
the
fix-qualys-port-deduplication-V2
branch
from
06fb3c8 to
61604ad
Compare
ArnaavSinghSandhu
force-pushed
the
fix-qualys-port-deduplication-V2
branch
from
61604ad to
34512a6
Compare
2 participants
This PR replaces #14269
Changes:
Rebased: The branch is now fully up to date with the latest dev branch.
Parser Update: Improved port extraction logic in the Qualys parser.
Deduplication: As requested by @Maffooch, I have removed endpoints and port from the get_dedupe_fields list to maintain the existing deduplication behavior while still improving the data extraction.
Formatting: Ran ruff to ensure all linting and formatting follow the project's style guide.