Generic JSON: Explicitly process tags like other tools (#12056)

* Generic JSON: Explicitly process tags like other tools

* Update tests

* Remove extra cruft

Author: Maffooch

dojo/tools/generic/json_parser.py

@@ -17,22 +17,26 @@ def _get_test_json(self, data):
         )
         test_internal.findings = []
         for item in data.get("findings", []):
-            # remove endpoints of the dictionnary
+            # remove endpoints from the dictionary
             unsaved_endpoints = None
             if "endpoints" in item:
                 unsaved_endpoints = item["endpoints"]
                 del item["endpoints"]
-            # remove files of the dictionnary
+            # remove files from the dictionary
             unsaved_files = None
             if "files" in item:
                 unsaved_files = item["files"]
                 del item["files"]
-            # remove vulnerability_ids of the dictionnary
+            # remove tags from the dictionary
+            unsaved_tags = None
+            if "tags" in item:
+                unsaved_tags = item["tags"]
+                del item["tags"]
+            # remove vulnerability_ids from the dictionary
             unsaved_vulnerability_ids = None
             if "vulnerability_ids" in item:
                 unsaved_vulnerability_ids = item["vulnerability_ids"]
                 del item["vulnerability_ids"]
-
             # check for required keys
             required = {"title", "severity", "description"}
             missing = sorted(required.difference(item))
@@ -115,6 +119,8 @@ def _get_test_json(self, data):
                     FileUpload(title=title, file=ContentFile(data)).clean()
 
                 finding.unsaved_files = unsaved_files
+            if unsaved_tags:
+                finding.unsaved_tags = unsaved_tags
             if finding.cve:
                 finding.unsaved_vulnerability_ids = [finding.cve]
             if unsaved_vulnerability_ids:

unittests/tools/test_generic_parser.py

@@ -452,8 +452,8 @@ def test_parse_json(self):
                 self.assertEqual("CVE-2020-36234", finding.unsaved_vulnerability_ids[0])
                 self.assertEqual(261, finding.cwe)
                 self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", finding.cvssv3)
-                self.assertIn("security", finding.tags)
-                self.assertIn("network", finding.tags)
+                self.assertIn("security", finding.unsaved_tags)
+                self.assertIn("network", finding.unsaved_tags)
                 self.assertEqual("3287f2d0-554f-491b-8516-3c349ead8ee5", finding.unique_id_from_tool)
                 self.assertEqual("TEST1", finding.vuln_id_from_tool)
             with self.subTest(i=1):
@@ -631,8 +631,8 @@ def test_parse_json_custom_test(self):
                 self.assertEqual("CVE-2020-36234", finding.cve)
                 self.assertEqual(261, finding.cwe)
                 self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", finding.cvssv3)
-                self.assertIn("security", finding.tags)
-                self.assertIn("network", finding.tags)
+                self.assertIn("security", finding.unsaved_tags)
+                self.assertIn("network", finding.unsaved_tags)
                 self.assertEqual("3287f2d0-554f-491b-8516-3c349ead8ee5", finding.unique_id_from_tool)
                 self.assertEqual("TEST1", finding.vuln_id_from_tool)