@@ -52,33 +52,25 @@ final class DefaultImportScanService implements ImportScanService {
5252
5353 @ Override
5454 public ImportScanResponse importScan (ScanFile scanFile , long engagementId , long lead , String currentDate , ScanType scanType , long testType ) {
55- final var options = new LinkedMultiValueMap <String , String >();
56- options .add ("engagement" , Long .toString (engagementId )); // FIXME Seems to be duplicated bc it is done again in the overloaded method.
57-
58- return this .importScan (scanFile , engagementId , lead , currentDate , scanType , testType , options );
55+ return this .importScan (scanFile , engagementId , lead , currentDate , scanType , testType , new LinkedMultiValueMap <>());
5956 }
6057
6158 @ Override
6259 public ImportScanResponse importScan (ScanFile scanFile , long engagementId , long lead , String currentDate , ScanType scanType , long testType , MultiValueMap <String , String > options ) {
6360 options .add ("engagement" , Long .toString (engagementId ));
6461
65- // FIXME: Why is engagementId hardcoded overwritten with "import-scan"
6662 return this .createFindings (scanFile , "import-scan" , lead , currentDate , scanType , testType , options );
6763 }
6864
6965 @ Override
7066 public ImportScanResponse reimportScan (ScanFile scanFile , long testId , long lead , String currentDate , ScanType scanType , long testType ) {
71- final var options = new LinkedMultiValueMap <String , String >();
72- options .add ("test" , Long .toString (testId )); // FIXME Seems to be duplicated bc it is done again in the overloaded method.
73-
74- return this .reimportScan (scanFile , testId , lead , currentDate , scanType , testType , options );
67+ return this .reimportScan (scanFile , testId , lead , currentDate , scanType , testType , new LinkedMultiValueMap <>());
7568 }
7669
7770 @ Override
7871 public ImportScanResponse reimportScan (ScanFile scanFile , long testId , long lead , String currentDate , ScanType scanType , long testType , MultiValueMap <String , String > options ) {
7972 options .add ("test" , Long .toString (testId ));
8073
81- // FIXME: Why is engagementId hardcoded overwritten with "reimport-scan"
8274 return this .createFindings (scanFile , "reimport-scan" , lead , currentDate , scanType , testType , options );
8375 }
8476
@@ -88,6 +80,9 @@ public ImportScanResponse reimportScan(ScanFile scanFile, long testId, long lead
8880 private ImportScanResponse createFindings (ScanFile scanFile , String endpoint , long lead , String currentDate , ScanType scanType , long testType , MultiValueMap <String , String > options ) {
8981 final var restTemplate = this .createRestTemplate ();
9082 final var headers = createDefectDojoAuthorizationHeaders ();
83+ // We use multipart because we send two "parts" in the request body:
84+ // 1. generic info as key=value&key=value...
85+ // 2. the raw scan result as file
9186 headers .setContentType (MediaType .MULTIPART_FORM_DATA );
9287 restTemplate .setMessageConverters (List .of (
9388 new FormHttpMessageConverter (),
@@ -116,6 +111,7 @@ private ImportScanResponse createFindings(ScanFile scanFile, String endpoint, lo
116111 }
117112
118113 try {
114+ // scanFile is the raw result from lurker.
119115 final var contentsAsResource = new ByteArrayResource (scanFile .getContent ().getBytes (StandardCharsets .UTF_8 )) {
120116 @ Override
121117 public String getFilename () {
@@ -124,6 +120,7 @@ public String getFilename() {
124120 };
125121
126122 // FIXME: Why do we add the whole byte array resiurce here as object? Is not simply the file name sufficient here? Then we could use <String, String>
123+ // We send the whole file content, so DefectDojo can parse the finding by itself.
127124 body .add ("file" , contentsAsResource );
128125
129126 // FIXME: We do not define the the type T of the body here!
0 commit comments