django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard

Published 20 hours ago verified publisher icon DefectDojo

API Risk Acceptance doesn't De-Activate finding

Open kareem-DA opened this issue 2 years ago • 1 comments

Bug description Calling the Risk Acceptance API point doesn't set the finding to inactivate.

Steps to reproduce Steps to reproduce the behavior: 1.Call API endpoint "/api/v2/findings/accept_risks/" with the data

[
  {
    "vulnerability_id": "CVE-2022-32792",
    "justification": "test api request",
    "accepted_by": "admin"
  }
]
  1. Finding risk accepted by this will be marked as risk accepted, but will still be active

Expected behavior Risk Accepted findings should be set as inactive

Deployment method (select with an X)

  • [X] Docker Compose
  • [ ] Kubernetes
  • [ ] GoDojo

Environment information

  • Operating System: Ubuntu 20.04
  • DefectDojo version2.13.1

Logs Use docker-compose logs (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).

Sample scan files If applicable, add sample scan files to help reproduce your problem.

Screenshots If applicable, add screenshots to help explain your problem.

Additional context (optional) From the source code: Line 110 from dojo/risk_acceptance/api.py

findings.update(risk_accepted=True)

The findings are risk accepted but active is not set to false

kareem-DA avatar Aug 31 '22 17:08 kareem-DA

same as this one https://github.com/DefectDojo/django-DefectDojo/issues/6776

tonnyhideyori avatar Aug 31 '22 18:08 tonnyhideyori

This can be closed

coheigea avatar Sep 26 '22 15:09 coheigea