DefectDojo
Finding Group Filter should only show groups from the same Test/Engagement
Bug description
When using the filter on the general "All Findings" Page (or other page where all Findings regardless of Product/Engagement are shown), all known groups are correctly shown in the List. But when using the filter while on an Engagement Test, I also get all known groups. But I would expect to only see the Groups that belong to this Engagement Test since the Findings shown can only belong to the Groups of the current Engagement Test.
Steps to reproduce Steps to reproduce the behavior:
- Create multiple Tests/Engagements
- Create groups in each Test
- Try to filter by finding group inside a Test -> all finding groups, also from other Tests, are showing up.
Expected behavior
The Finding Group filter should only show finding groups that are available in the given context:
- all if viewing all findings
- only groups of Tests belonging to the product if viewing product findings
- only groups of the current Test if viewing findings in a Test
Deployment method (select with an X)
- [x] Docker Compose
- [ ] Kubernetes
- [ ] GoDojo
Environment information
- Operating System: not relevant
- DefectDojo version: v2.34.4
Turns out the Finding Filter class doesn't know which Engagement or Test the user is looking it. Only the Product context is known. I raised to #12711 to limit the options in the dropdown to the Finding Groups inside the same Product. Hope this helps.
While this helps already, in the end the Finding Filter would need to be changed to also be aware of the engagement since it is highly possible to have groups with the same name between engagements of the same product.