Fortify FPR Parser - Audits Not Considered

[manochinnachamy]

Hi,
This bug has been reported separately as discussed in #11901

Issue Description:
When a security engineer audits the FPR file using Fortify Audit Workbench to mark false positives or adjust severities, these audits do not appear when importing into DefectDojo.

Where to find the audit information ?
Within the FPR file (unzip the FPR), the audit details are stored in a file named audit.xml, which references the audit.fvdl using instanceId values.

For example, in the attached FPR file, if a finding is marked as a false positive, the corresponding instanceId will be updated with the attribute suppressed=true

<ns2:Issue instanceId="87E3EC5CC8154C006783CC461A6DDEEB" suppressed="true" revision="0"/>

FPR File: Fortify_HelloWorld.zip

Note: Unfortunately, I couldn't attach the file with the .fpr extension, so I changed the file extension to zip and attached it here.
Please modify the file extension back to .fpr if necessary.

[valentijnscholten]

@manochinnachamy Can you take a look at #12293? This should handle the suppressed findings as requested.

[valentijnscholten]

Released in 2.45.3