fix(tags): improve tag handling in DefaultImporter and add tests for tag imports

Maffooch · Maffooch · commit 24eb308a7a81 · 2025-11-07T14:19:10.000-07:00
diff --git a/dojo/importers/default_importer.py b/dojo/importers/default_importer.py
@@ -226,7 +226,11 @@ def process_findings(
             # Process any endpoints on the endpoint, or added on the form
             self.process_endpoints(finding, self.endpoints_to_add)
             # Parsers must use unsaved_tags to store tags, so we can clean them
-            finding.tags = clean_tags(finding.unsaved_tags)
+            cleaned_tags = clean_tags(finding.unsaved_tags)
+            if isinstance(cleaned_tags, list):
+                finding.tags.set(cleaned_tags)
+            elif isinstance(cleaned_tags, str):
+                finding.tags.set([cleaned_tags])
             # Process any files
             self.process_files(finding)
             # Process vulnerability IDs
diff --git a/unittests/test_tags.py b/unittests/test_tags.py
@@ -15,8 +15,8 @@ class TagTests(DojoAPITestCase):
     def setUp(self, *args, **kwargs):
         super().setUp()
         self.login_as_admin()
-        self.scans_path = get_unit_tests_scans_path("zap")
-        self.zap_sample5_filename = self.scans_path / "5_zap_sample_one.xml"
+        self.zap_sample5_filename = get_unit_tests_scans_path("zap") / "5_zap_sample_one.xml"
+        self.generic_sample_with_tags_filename = get_unit_tests_scans_path("generic") / "generic_report1.json"
 
     def test_create_product_with_tags(self, expected_status_code: int = 201):
         product_id = Product.objects.all().first().id
@@ -285,6 +285,22 @@ def test_import_multipart_tags(self):
             for tag in success_tags:
                 self.assertIn(tag, response["tags"])
 
+    def test_import_report_with_tags(self):
+        def assert_tags_in_findings(findings: list[dict], expected_finding_count: int, desired_tags: list[str]) -> None:
+            self.assertEqual(expected_finding_count, len(findings))
+            for finding in findings:
+                self.assertEqual(len(desired_tags), len(finding.get("tags")))
+                for tag in desired_tags:
+                    self.assertIn(tag, finding["tags"])
+
+        # Import a report with findings that have tags
+        import0 = self.import_scan_with_params(self.generic_sample_with_tags_filename, scan_type="Generic Findings Import")
+        test_id = import0["test"]
+        response = self.get_test_findings_api(test_id)
+        findings = response["results"]
+        # Make sure we have what we are looking for
+        assert_tags_in_findings(findings, 2, ["security", "network"])
+
 
 class InheritedTagsTests(DojoAPITestCase):
     fixtures = ["dojo_testdata.json"]
