Fix: Populate vulnerability_id field in BlackDuck Binary Analysis parser (#13973)

* Fix Tenable CSV import fails with 'Version of CPE not implemented'

- Add exception handling around CPE parsing in TenableCSVParser
- Log unsupported CPE versions at DEBUG level instead of crashing
- Allows import to continue when encountering unsupported CPE formats
- Fixes issue #11243

* Fix: Populate vulnerability_id field in BlackDuck Binary Analysis parser

- Add unsaved_vulnerability_ids assignment when CVE is present
- This ensures the vulnerability_id field is populated for de-duplication
- Fixes #12442

* Test: Add assertions for vulnerability_id field in BlackDuck Binary Analysis parser tests

- Verify unsaved_vulnerability_ids is populated with CVE value
- Add specific assertion for single vuln test case
- Add general assertion for multiple vulns test case
- Related to #12442

Author: valentijnscholten

dojo/tools/blackduck_binary_analysis/parser.py

@@ -104,6 +104,9 @@ def ingest_findings(self, sorted_findings, test):
                     finding.fix_available = True
                 else:
                     finding.fix_available = False
+                # Add vulnerability ID for de-duplication
+                if cve:
+                    finding.unsaved_vulnerability_ids = [str(cve)]
                 findings[unique_finding_key] = finding
 
         return list(findings.values())

unittests/tools/test_blackduck_binary_analysis_parser.py

@@ -38,6 +38,9 @@ def test_parse_one_vuln(self):
                 self.assertIsNotNone(finding.vuln_id_from_tool)
                 self.assertEqual("CVE-2023-45853", finding.vuln_id_from_tool)
                 self.assertIsNotNone(finding.unique_id_from_tool)
+                # Verify vulnerability_id is populated for de-duplication
+                self.assertIsNotNone(finding.unsaved_vulnerability_ids)
+                self.assertEqual(["CVE-2023-45853"], finding.unsaved_vulnerability_ids)
 
     def test_parse_many_vulns(self):
         with (get_unit_tests_scans_path("blackduck_binary_analysis") / "many_vulns.csv").open(encoding="utf-8") as testfile:
@@ -53,3 +56,6 @@ def test_parse_many_vulns(self):
                 self.assertIsNotNone(finding.file_path)
                 self.assertIsNotNone(finding.vuln_id_from_tool)
                 self.assertIsNotNone(finding.unique_id_from_tool)
+                # Verify vulnerability_id is populated for de-duplication
+                self.assertIsNotNone(finding.unsaved_vulnerability_ids)
+                self.assertGreater(len(finding.unsaved_vulnerability_ids), 0)