Capturing enhancements to the DefectDojo API (v2) Python wrapper (#39)

* Pass tuple with file path and file content to the upload_scan function to fix issue with Nessus scan uploads.

* Adding additional optional properties for the creation of a test

* TODO -> Done

* Adding new vars to the unittest and restoring the lost work done on the the create_test function

* Remvong duplicate line

* Adding function to add metadata to a product, removing create_product function and adding the ability to add custom headers to the requests

* Since metadata can be applied to multiple objects, renaming the function to be more specific as to what object metadate is being applied

* Capturing enhancements to the DefectDojo API (v2) Python wrapper

* Adding title, description and version to the wrapper used to modify a test

* using the proper verb

* Fixing merge conflicts take #2

Author: nlandais

defectdojo_api/defectdojo_apiv2.py

@@ -312,6 +312,24 @@ def set_engagement(self, id, product_id=None, lead_id=None, name=None, status=No
         return self._request('PATCH', 'engagements/' + str(id) + '/', data=data)
 
     ###### Product API #######
+    def set_product_metadata(self, product_id, name=None, value=None):
+        """Add a custom field to a product.
+
+        :param product_id: Product ID.
+        :param meta_data: name/value array.
+
+        """
+        data = {
+            'product': product_id,
+            'name': name,
+            'value': value
+        }
+        headers = {
+            'product_id': '{}'.format(product_id)
+        }
+
+        return self._request('POST', 'metadata/', data=data, custom_headers=headers)
+
     def list_products(self, name=None, name_contains=None, limit=200, offset=0):
 
         """Retrieves all the products.
@@ -438,14 +456,20 @@ def get_test(self, test_id):
         """
         return self._request('GET', 'tests/' + str(test_id) + '/')
 
-    def create_test(self, engagement_id, test_type, environment, target_start, target_end, percent_complete=None):
+    def create_test(self, engagement_id, test_type, environment, target_start,
+                    target_end, percent_complete=None, lead=None, title=None,
+                    version=None, description=None):
         """Creates a product with the given properties.
 
         :param engagement_id: Engagement id.
         :param test_type: Test type key id.
         :param target_start: Test start date.
         :param target_end: Test end date.
         :param percent_complete: Percentage until test completion.
+        :param lead: Test lead id
+        :param title: Test title/name
+        :param version: Test version
+        :param description: Test description
 
         """
 
@@ -458,6 +482,18 @@ def create_test(self, engagement_id, test_type, environment, target_start, targe
             'percent_complete': percent_complete
         }
 
+        if lead:
+            data['lead'] = lead
+
+        if title:
+            data['title'] = title
+
+        if version:
+            data['version'] = version
+
+        if description:
+            data['description'] = description
+
         return self._request('POST', 'tests/', data=data)
 
     def set_test(self, test_id, engagement_id=None, test_type=None, environment=None,
@@ -744,7 +780,6 @@ def build_details(self, engagement_id, json):
         )
 
     ##### Upload API #####
-
     def upload_scan(self, engagement_id, scan_type, file, active, verified, close_old_findings, skip_duplicates, scan_date, tags=None, build=None, version=None, branch_tag=None, commit_hash=None, minimum_severity="Info", auto_group_by=None):
         """Uploads and processes a scan file.
 
@@ -798,7 +833,6 @@ def upload_scan(self, engagement_id, scan_type, file, active, verified, close_ol
         )
 
     ##### Re-upload API #####
-
     def reupload_scan(self, test_id, scan_type, file, active, scan_date, tags=None, build=None, version=None, branch_tag=None, commit_hash=None, minimum_severity="Info", auto_group_by=None):
         """Re-uploads and processes a scan file.
 
@@ -1150,7 +1184,7 @@ def list_jira_issues(self, finding_id=None, jira_key=None, limit=100, offset=0):
         Retrieves JIRA issues assigned to findings
 
         :param finding_id: Search for a specific finding ID
-        :param jira_key: Search a specific JIRA key
+        :param jira_key: Search a specific JIRA key
         :param limit: Number of records to return.
         :param offset: The initial index from which to return the result
         """

tests/defectdojo_api_unit_test_apiv2.py

@@ -165,8 +165,11 @@ def test_19_upload_scan(self):
         dir_path = os.path.dirname(os.path.realpath(__file__))
 
         date = datetime.now()
-        upload_scan = self.dd.upload_scan(self.__class__.engagement_id, "Burp Scan", dir_path + "/scans/Bodgeit-burp.xml",
-        "true", "false", "false", "false", date.strftime("%Y-%m-%d"), "API")
+        user_id = 1
+        upload_scan = self.dd.upload_scan(self.__class__.engagement_id,
+        "Test Burp Scan", dir_path + "/scans/Bodgeit-burp.xml",
+        "true", "false", "false", "false", user_id, "Burp Scan",
+        date.strftime("%Y-%m-%d"), "API")
 
         #upload_scan = self.dd.upload_scan(self.__class__.engagement_id, "NPM Audit Scan", dir_path + "/report.json",
         #"true", date.strftime("%Y-%m-%d"), "API")
@@ -181,8 +184,11 @@ def test_20_reupload_scan(self):
         dir_path = os.path.dirname(os.path.realpath(__file__))
 
         date = datetime.now()
-        upload_scan = self.dd.upload_scan(self.__class__.test_id, "Burp Scan", dir_path + "/scans/Bodgeit-burp.xml",
-        "true", date.strftime("%Y-%m-%d"), "API")
+        user_id = 1
+        upload_scan = self.dd.upload_scan(self.__class__.engagement_id,
+        "Test Burp Scan", dir_path + "/scans/Bodgeit-burp.xml",
+        "true", "false", "false", "false", user_id, "Burp Scan",
+        date.strftime("%Y-%m-%d"), "API")
 
         # response doesn't contain an id, so check for engagement instead
         self.assertIsNotNone(upload_scan.data["engagement"])