workaround defectdojo expecting a non-empty scanstarttime for their e…

…ngagments
smithy-security · Oct 31, 2024 · 4e4fdb9 · 4e4fdb9
1 parent e6c1327
commit 4e4fdb9
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/components/consumers/defectdojo/main.go b/components/consumers/defectdojo/main.go
@@ -3,13 +3,16 @@ package main
 import (
 	"flag"
 	"log"
+	"log/slog"
 	"strconv"
+	"time"
 
 	v1 "github.com/smithy-security/smithy/api/proto/v1"
 	"github.com/smithy-security/smithy/components/consumers"
 	"github.com/smithy-security/smithy/components/consumers/defectdojo/client"
 	"github.com/smithy-security/smithy/pkg/enumtransformers"
 	"github.com/smithy-security/smithy/pkg/templating"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // DojoTimeFormat is the time format accepted by defect dojo.
@@ -27,6 +30,14 @@ var (
 	issueTemplate          string
 )
 
+func getEngagementTime(engagementTime *timestamppb.Timestamp, scanID string) string {
+	if time.Time.IsZero(engagementTime.AsTime()) {
+		slog.Error("sanStartTime is zero for scan", slog.String("id", scanID))
+		engagementTime = timestamppb.New(time.Now())
+	}
+	return engagementTime.AsTime().Format(DojoTimeFormat)
+}
+
 func handleRawResults(product int, dojoClient *client.Client, responses []*v1.LaunchToolResponse) error {
 	if len(responses) == 0 {
 		log.Println("No tool responses provided")
@@ -39,7 +50,7 @@ func handleRawResults(product int, dojoClient *client.Client, responses []*v1.La
 	tags := []string{"SmithyScan", "RawScan", scanUUID}
 
 	engagement, err := dojoClient.CreateEngagement( // with current architecture, all responses should have the same scaninfo
-		scanUUID, responses[0].GetScanInfo().GetScanStartTime().AsTime().Format(DojoTimeFormat), tags, int32(product))
+		scanUUID, getEngagementTime(responses[0].GetScanInfo().GetScanStartTime(), responses[0].GetScanInfo().ScanUuid), tags, int32(product))
 	if err != nil {
 		return err
 	}
@@ -91,9 +102,9 @@ func handleEnrichedResults(product int, dojoClient *client.Client, responses []*
 		log.Fatalln("Non-uuid scan", responses)
 	}
 	tags := []string{"SmithyScan", "EnrichedScan", scanUUID}
+
 	engagement, err := dojoClient.CreateEngagement( // with current architecture, all responses should have the same scaninfo
-		scanUUID,
-		responses[0].GetOriginalResults().GetScanInfo().GetScanStartTime().AsTime().Format(DojoTimeFormat), tags, int32(product))
+		scanUUID, getEngagementTime(responses[0].GetOriginalResults().GetScanInfo().GetScanStartTime(), responses[0].GetOriginalResults().GetScanInfo().ScanUuid), tags, int32(product))
 	if err != nil {
 		log.Println("could not create Engagement, err:", err)
 		return err