Migration to Wappalyzer as normalizer doesn't clean old data.

[stephanie0x00]

Describe the bug Old findings are not cleaned with the move from the Wappalyzer boefje to the Webpage Analysis normalizer. This means that an old finding from January 1st 2024 would still show up as a Finding even though it hasn't been validated since March 23rd 2024 (dates are fictive). There is currently no garbage collection for invalidated findings, nor is there a warning on the page of the finding itself to make this clear. The latter is partly picked up in #3186 by changing the observation date as shown on the objects detail page. This bug was mentioned by Kennisnet.

This issue will also occur when disabling boefjes and for future migrations of boefjes, that may be removed.

To Reproduce Steps to reproduce the behavior:

1.Scan some hosts with the old Wappalyzer boefje. 2. Wait a day to make sure that there is also data for another day. 3. Upgrade to the Wappalyzer normalizer version. 4. Scan some hosts with the wappalyzer normalizer. 5. Observe that old findings on the object detail page are now not attached to a boefje/normalizer.

Expected behavior With the migration old findings should be cleaned up, also when boefjes are disabled and/or when boefjes are removed from the repository.

Screenshots Coming soon.

OpenKAT version main

Possible solution(s)

• A 'zero' boefje, in case boefjes are removed, disabled, or otherwise available.