DefectDojo · grendel513 · Mar 18, 2024 · Mar 14, 2024 · Mar 14, 2024
diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py
@@ -2162,6 +2162,10 @@ class ImportScanSerializer(serializers.Serializer):
         help_text="If set to True, the tags will be applied to the findings",
         required=False,
     )
+    apply_tags_to_endpoints = serializers.BooleanField(
+        help_text="If set to True, the tags will be applied to the endpoints",
+        required=False,
+    )
 
     def save(self, push_to_jira=False):
         data = self.validated_data
@@ -2181,6 +2185,7 @@ def save(self, push_to_jira=False):
         api_scan_configuration = data.get("api_scan_configuration", None)
         service = data.get("service", None)
         apply_tags_to_findings = data.get("apply_tags_to_findings", False)
+        apply_tags_to_endpoints = data.get("apply_tags_to_endpoints", False)
         source_code_management_uri = data.get(
             "source_code_management_uri", None
         )
@@ -2274,6 +2279,7 @@ def save(self, push_to_jira=False):
                 title=test_title,
                 create_finding_groups_for_all_findings=create_finding_groups_for_all_findings,
                 apply_tags_to_findings=apply_tags_to_findings,
+                apply_tags_to_endpoints=apply_tags_to_endpoints,
             )
 
             if test:
@@ -2446,6 +2452,10 @@ class ReImportScanSerializer(TaggitSerializer, serializers.Serializer):
         help_text="If set to True, the tags will be applied to the findings",
         required=False
     )
+    apply_tags_to_endpoints = serializers.BooleanField(
+        help_text="If set to True, the tags will be applied to the endpoints",
+        required=False,
+    )
 
     def save(self, push_to_jira=False):
         logger.debug("push_to_jira: %s", push_to_jira)
@@ -2459,6 +2469,7 @@ def save(self, push_to_jira=False):
             "close_old_findings_product_scope"
         )
         apply_tags_to_findings = data.get("apply_tags_to_findings", False)
+        apply_tags_to_endpoints = data.get("apply_tags_to_endpoints", False)
         do_not_reactivate = data.get("do_not_reactivate", False)
         version = data.get("version", None)
         build_id = data.get("build_id", None)
@@ -2560,6 +2571,7 @@ def save(self, push_to_jira=False):
                     do_not_reactivate=do_not_reactivate,
                     create_finding_groups_for_all_findings=create_finding_groups_for_all_findings,
                     apply_tags_to_findings=apply_tags_to_findings,
+                    apply_tags_to_endpoints=apply_tags_to_endpoints,
                 )
 
                 if test_import:

diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py
@@ -738,6 +738,7 @@ def post(self, request, eid=None, pid=None):
             service = form.cleaned_data.get('service', None)
             close_old_findings = form.cleaned_data.get('close_old_findings', None)
             apply_tags_to_findings = form.cleaned_data.get('apply_tags_to_findings', False)
+            apply_tags_to_endpoints = form.cleaned_data.get('apply_tags_to_endpoints', False)
             # close_old_findings_prodct_scope is a modifier of close_old_findings.
             # If it is selected, close_old_findings should also be selected.
             close_old_findings_product_scope = form.cleaned_data.get('close_old_findings_product_scope', None)
@@ -804,7 +805,7 @@ def post(self, request, eid=None, pid=None):
                             minimum_severity=minimum_severity, endpoints_to_add=list(form.cleaned_data['endpoints']) + added_endpoints, scan_date=scan_date,
                             version=version, branch_tag=branch_tag, build_id=build_id, commit_hash=commit_hash, push_to_jira=push_to_jira,
                             close_old_findings=close_old_findings, close_old_findings_product_scope=close_old_findings_product_scope, group_by=group_by, api_scan_configuration=api_scan_configuration, service=service,
-                            create_finding_groups_for_all_findings=create_finding_groups_for_all_findings, apply_tags_to_findings=apply_tags_to_findings)
+                            create_finding_groups_for_all_findings=create_finding_groups_for_all_findings, apply_tags_to_findings=apply_tags_to_findings, apply_tags_to_endpoints=apply_tags_to_endpoints)
 
                 message = f'{scan_type} processed a total of {finding_count} findings'
 

diff --git a/dojo/forms.py b/dojo/forms.py
@@ -485,6 +485,12 @@ class ImportScanForm(forms.Form):
         required=False,
         initial=False
     )
+    apply_tags_to_endpoints = forms.BooleanField(
+        help_text="If set to True, the tags will be applied to the endpoints",
+        label="Apply Tags to Endpoints",
+        required=False,
+        initial=False
+    )
 
     if is_finding_groups_enabled():
         group_by = forms.ChoiceField(required=False, choices=Finding_Group.GROUP_BY_OPTIONS, help_text='Choose an option to automatically group new findings by the chosen option.')
@@ -577,6 +583,12 @@ class ReImportScanForm(forms.Form):
         required=False,
         initial=False
     )
+    apply_tags_to_endpoints = forms.BooleanField(
+        help_text="If set to True, the tags will be applied to the endpoints",
+        label="Apply Tags to Endpoints",
+        required=False,
+        initial=False
+    )
 
     if is_finding_groups_enabled():
         group_by = forms.ChoiceField(required=False, choices=Finding_Group.GROUP_BY_OPTIONS, help_text='Choose an option to automatically group new findings by the chosen option')

diff --git a/dojo/importers/importer/importer.py b/dojo/importers/importer/importer.py
@@ -265,7 +265,8 @@ def close_old_findings(self, test, scan_date_time, user, push_to_jira=None, serv
     def import_scan(self, scan, scan_type, engagement, lead, environment, active=None, verified=None, tags=None, minimum_severity=None,
                     user=None, endpoints_to_add=None, scan_date=None, version=None, branch_tag=None, build_id=None,
                     commit_hash=None, push_to_jira=None, close_old_findings=False, close_old_findings_product_scope=False,
-                    group_by=None, api_scan_configuration=None, service=None, title=None, create_finding_groups_for_all_findings=True, apply_tags_to_findings=False):
+                    group_by=None, api_scan_configuration=None, service=None, title=None, create_finding_groups_for_all_findings=True,
+                    apply_tags_to_findings=False, apply_tags_to_endpoints=False):
 
         logger.debug(f'IMPORT_SCAN: parameters: {locals()}')
 
@@ -389,6 +390,12 @@ def import_scan(self, scan, scan_type, engagement, lead, environment, active=Non
                     for tag in tags:
                         finding.tags.add(tag)
 
+            if apply_tags_to_endpoints and tags:
+                for finding in test_import.findings_affected.all():
+                    for endpoint in finding.endpoints.all():
+                        for tag in tags:
+                            endpoint.tags.add(tag)
+
         logger.debug('IMPORT_SCAN: Generating notifications')
         notifications_helper.notify_test_created(test)
         updated_count = len(new_findings) + len(closed_findings)

diff --git a/dojo/importers/reimporter/reimporter.py b/dojo/importers/reimporter/reimporter.py
@@ -42,7 +42,6 @@ def process_parsed_findings(
         scan_date=None,
         do_not_reactivate=False,
         create_finding_groups_for_all_findings=True,
-        apply_tags_to_findings=False,
         **kwargs,
     ):
 
@@ -576,6 +575,7 @@ def reimport_scan(
         do_not_reactivate=False,
         create_finding_groups_for_all_findings=True,
         apply_tags_to_findings=False,
+        apply_tags_to_endpoints=False,
     ):
 
         logger.debug(f"REIMPORT_SCAN: parameters: {locals()}")
@@ -746,10 +746,18 @@ def reimport_scan(
                 reactivated_findings,
                 untouched_findings,
             )
-        if apply_tags_to_findings and tags:
-            for finding in test_import.findings_affected.all():
-                for tag in tags:
-                    finding.tags.add(tag)
+
+            if apply_tags_to_findings and tags:
+                for finding in test_import.findings_affected.all():
+                    for tag in tags:
+                        finding.tags.add(tag)
+
+            if apply_tags_to_endpoints and tags:
+                for finding in test_import.findings_affected.all():
+                    for endpoint in finding.endpoints.all():
+                        for tag in tags:
+                            endpoint.tags.add(tag)
+
         logger.debug("REIMPORT_SCAN: Generating notifications")
 
         updated_count = (

diff --git a/dojo/test/views.py b/dojo/test/views.py
@@ -829,6 +829,8 @@ def re_import_scan_results(request, tid):
 
             group_by = form.cleaned_data.get('group_by', None)
             create_finding_groups_for_all_findings = form.cleaned_data.get('create_finding_groups_for_all_findings')
+            apply_tags_to_findings = form.cleaned_data.get('apply_tags_to_findings', False)
+            apply_tags_to_endpoints = form.cleaned_data.get('apply_tags_to_endpoints', False)
 
             active = None
             if activeChoice:
@@ -860,13 +862,14 @@ def re_import_scan_results(request, tid):
             try:
                 test, finding_count, new_finding_count, closed_finding_count, reactivated_finding_count, untouched_finding_count, test_import = \
                     reimporter.reimport_scan(scan, scan_type, test, active=active, verified=verified,
-                                                tags=None, minimum_severity=minimum_severity,
+                                                tags=tags, minimum_severity=minimum_severity,
                                                 endpoints_to_add=endpoints_to_add, scan_date=scan_date,
                                                 version=version, branch_tag=branch_tag, build_id=build_id,
                                                 commit_hash=commit_hash, push_to_jira=push_to_jira,
                                                 close_old_findings=close_old_findings, group_by=group_by,
                                                 api_scan_configuration=api_scan_configuration, service=service, do_not_reactivate=do_not_reactivate,
-                                                create_finding_groups_for_all_findings=create_finding_groups_for_all_findings)
+                                                create_finding_groups_for_all_findings=create_finding_groups_for_all_findings,
+                                                apply_tags_to_findings=apply_tags_to_findings, apply_tags_to_endpoints=apply_tags_to_endpoints)
             except Exception as e:
                 logger.exception(e)
                 add_error_message_to_response('An exception error occurred during the report import:%s' % str(e))