From 4e4fdb9821031228499ce13529e300247aa3f041 Mon Sep 17 00:00:00 2001 From: sg Date: Thu, 31 Oct 2024 11:02:12 +0000 Subject: [PATCH] workaround defectdojo expecting a non-empty scanstarttime for their engagments --- components/consumers/defectdojo/main.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/components/consumers/defectdojo/main.go b/components/consumers/defectdojo/main.go index bedc07a78..18727fe70 100644 --- a/components/consumers/defectdojo/main.go +++ b/components/consumers/defectdojo/main.go @@ -3,13 +3,16 @@ package main import ( "flag" "log" + "log/slog" "strconv" + "time" v1 "github.com/smithy-security/smithy/api/proto/v1" "github.com/smithy-security/smithy/components/consumers" "github.com/smithy-security/smithy/components/consumers/defectdojo/client" "github.com/smithy-security/smithy/pkg/enumtransformers" "github.com/smithy-security/smithy/pkg/templating" + "google.golang.org/protobuf/types/known/timestamppb" ) // DojoTimeFormat is the time format accepted by defect dojo. @@ -27,6 +30,14 @@ var ( issueTemplate string ) +func getEngagementTime(engagementTime *timestamppb.Timestamp, scanID string) string { + if time.Time.IsZero(engagementTime.AsTime()) { + slog.Error("sanStartTime is zero for scan", slog.String("id", scanID)) + engagementTime = timestamppb.New(time.Now()) + } + return engagementTime.AsTime().Format(DojoTimeFormat) +} + func handleRawResults(product int, dojoClient *client.Client, responses []*v1.LaunchToolResponse) error { if len(responses) == 0 { log.Println("No tool responses provided") @@ -39,7 +50,7 @@ func handleRawResults(product int, dojoClient *client.Client, responses []*v1.La tags := []string{"SmithyScan", "RawScan", scanUUID} engagement, err := dojoClient.CreateEngagement( // with current architecture, all responses should have the same scaninfo - scanUUID, responses[0].GetScanInfo().GetScanStartTime().AsTime().Format(DojoTimeFormat), tags, int32(product)) + scanUUID, getEngagementTime(responses[0].GetScanInfo().GetScanStartTime(), responses[0].GetScanInfo().ScanUuid), tags, int32(product)) if err != nil { return err } @@ -91,9 +102,9 @@ func handleEnrichedResults(product int, dojoClient *client.Client, responses []* log.Fatalln("Non-uuid scan", responses) } tags := []string{"SmithyScan", "EnrichedScan", scanUUID} + engagement, err := dojoClient.CreateEngagement( // with current architecture, all responses should have the same scaninfo - scanUUID, - responses[0].GetOriginalResults().GetScanInfo().GetScanStartTime().AsTime().Format(DojoTimeFormat), tags, int32(product)) + scanUUID, getEngagementTime(responses[0].GetOriginalResults().GetScanInfo().GetScanStartTime(), responses[0].GetOriginalResults().GetScanInfo().ScanUuid), tags, int32(product)) if err != nil { log.Println("could not create Engagement, err:", err) return err