Update Burp Scan to use Hashcode Dedupe (#11419)

hblankenship · Maffooch · web-flow · commit 8e1ae6e183be · 2025-02-06T12:12:36.000-06:00
* add burp scan to hashcode dedupe

* remove file_path

* Add release notes

---------

Co-authored-by: Cody Maffucci &lt;46459665+Maffooch@users.noreply.github.com&gt;
diff --git a/docs/content/en/open_source/upgrading/2.44.md b/docs/content/en/open_source/upgrading/2.44.md
@@ -4,4 +4,16 @@ toc_hide: true
 weight: -20250203
 description: No special instructions.
 ---
-There are no special instructions for upgrading to 2.44.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.44.0) for the contents of the release.
+
+### Hash Code changes
+
+The Burp parser now has a custom deduplication configuration to make deduplication more accurate. To recalculate the hash code and deduplicate existing Burp findings, please execute the following command:
+
+    `docker compose exec uwsgi /bin/bash -c "python manage.py dedupe.py --parser "Burp Scan" --hash_code_only`
+
+This command has various command line arguments to tweak its behavior, for example to trigger a run of the deduplication process.
+See [dedupe.py](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/management/commands/dedupe.py) for more information.
+
+--- 
+
+Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.44.0) for the contents of the release.
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
@@ -1202,6 +1202,7 @@ def saml2_attrib_map_format(dict):
     "Aqua Scan": ["severity", "vulnerability_ids", "component_name", "component_version"],
     "Bandit Scan": ["file_path", "line", "vuln_id_from_tool"],
     "Burp Enterprise Scan": ["title", "severity", "cwe"],
+    "Burp Scan": ["title", "severity", "vuln_id_from_tool"],
     "CargoAudit Scan": ["vulnerability_ids", "severity", "component_name", "component_version", "vuln_id_from_tool"],
     "Checkmarx Scan": ["cwe", "severity", "file_path"],
     "Checkmarx OSA": ["vulnerability_ids", "component_name"],
@@ -1425,6 +1426,7 @@ def saml2_attrib_map_format(dict):
     "Burp REST API": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
     "Bandit Scan": DEDUPE_ALGO_HASH_CODE,
     "Burp Enterprise Scan": DEDUPE_ALGO_HASH_CODE,
+    "Burp Scan": DEDUPE_ALGO_HASH_CODE,
     "CargoAudit Scan": DEDUPE_ALGO_HASH_CODE,
     "Checkmarx Scan detailed": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
     "Checkmarx Scan": DEDUPE_ALGO_HASH_CODE,
