devsecops-engine-tools 1.6.7__py3-none-any.whl

devsecops_engine_tools/engine_utilities/defect_dojo/domain/request_objects/import_scan.py

@@ -0,0 +1,125 @@
+import dataclasses
+
+
+@dataclasses.dataclass
+class ImportScanRequest:
+    scan_date: str = ""
+    minimum_severity: str = ""
+    active: str = ""
+    verified: str = ""
+    scan_type: str = ""
+    endpoint_to_add: str = ""
+    file: str = ""
+    product_type_name: str = ""
+    product_name: str = ""
+    engagement_name: str = ""
+    engagement_end_date: str = ""
+    source_code_management_uri: str = ""
+    engagement: int = 0
+    engagement_id: int = 0
+    auto_create_context: str = ""
+    deduplication_on_engagement: str = ""
+    lead: str = ""
+    tags: str = ""
+    close_old_findings: str = ""
+    close_old_findings_product_scope: str = ""
+    push_to_jira: str = ""
+    environment: str = ""
+    version: str = ""
+    build_id: str = ""
+    branch_tag: str = ""
+    commit_hash: str = ""
+    api_scan_configuration: int = 0
+    test_id: int = 0
+    service: str = ""
+    group_by: str = ""
+    create_finding_groups_for_all_findings: str = ""
+    # ****another parameter outside defect dojo*****
+    product_description: str = ""
+    tools_configuration: str = ""
+    code_app: str = ""
+    token_cmdb: str = ""
+    host_cmdb: str = ""
+    token_defect_dojo: str = ""
+    host_defect_dojo: str = ""
+    # *** config map ***
+    organization_url: str = ""
+    personal_access_token: str = ""
+    repository_id: str = ""
+    remote_config_path: str = ""
+    project_remote_config: str = ""
+    cmdb_mapping: dict = None
+    product_type_name_mapping: dict = None
+    compact_remote_config_url: str = None
+    # ** Expression
+    expression: str = ""
+    # ** Test url
+    url: str = ""
+
+    @classmethod
+    def from_dict(cls, obj):
+        obj = cls(
+            scan_date=obj.get("scan_date"),
+            minimum_severity=obj.get("minimum_severity"),
+            active=obj.get("active"),
+            verified=obj.get("verified"),
+            scan_type=obj.get("scan_type"),
+            endpoint_to_add=obj.get("endpoint_to_add"),
+            file=obj.get("file"),
+            product_type_name=obj.get("product_type_name"),
+            product_name=obj.get("product_name"),
+            engagement_name=obj.get("engagement_name"),
+            engagement_end_date=obj.get("engagement_end_date"),
+            source_code_management_uri=obj.get("source_code_management_uri"),
+            engagement=obj.get("engagement"),
+            engagement_id=obj.get("engagement_id"),
+            auto_create_context=obj.get("auto_create_context"),
+            deduplication_on_engagement=obj.get("deduplication_on_engagement"),
+            lead=obj.get("lead"),
+            tags=obj.get("tags"),
+            close_old_findings=obj.get("close_old_findings"),
+            close_old_findings_product_scope=obj.get("close_old_findings_product_scope"),
+            push_to_jira=obj.get("push_to_jira"),
+            environment=obj.get("environment"),
+            version=obj.get("version"),
+            build_id=obj.get("build_id"),
+            branch_tag=obj.get("branch_tag"),
+            commit_hash=obj.get("commit_hash"),
+            api_scan_configuration=obj.get("api_scan_configuration"),
+            test_id=obj.get("test_id"),
+            service=obj.get("service"),
+            group_by=obj.get("group_by"),
+            create_finding_groups_for_all_findings=obj.get("create_finding_groups_for_all_findings"),
+            organization_url=obj.get("organization_url"),
+            personal_access_token=obj.get("personal_access_token"),
+            repository_id=obj.get("remote_config_repo"),
+            remote_config_path=obj.get("remote_config_path"),
+            project_remote_config=obj.get("project_remote_config"),
+            cmdb_mapping=obj.get("cmdb_mapping"),
+            product_type_name_mapping=obj.get("product_type_name_mapping"),
+            expression=obj.get("expression"),
+            compact_remote_config_url=obj.get("compact_remote_config_url"),
+        )
+        return obj
+
+    def to_dict(self):
+        r = {
+            "minimum_severity": self.minimum_severity,
+            "active": self.active,
+            "verified": self.verified,
+            "scan_type": self.scan_type,
+            "endpoint_to_add": self.endpoint_to_add,
+            "file": self.file,
+            "product_type_name": self.product_type_name,
+            "product_name": self.product_name,
+            "engagement_name": self.engagement_name,
+            "auto_create_context": self.auto_create_context,
+            "deduplication_on_engagement": self.deduplication_on_engagement,
+            "lead": self.lead,
+            "close_old_findings": self.close_old_findings,
+            "close_old_findings_product_scope": self.close_old_findings_product_scope,
+            "push_to_jira": self.push_to_jira,
+            "api_scan_configuration": self.api_scan_configuration,
+            "build_id": self.build_id,
+        }
+        return r

devsecops_engine_tools/engine_utilities/defect_dojo/domain/serializers/finding.py

@@ -0,0 +1,100 @@
+from marshmallow import Schema, fields, validate
+
+
+class FindingSerializer(Schema):
+    active = fields.Bool(requeride=False)
+    component_name = fields.Str(requeride=False)
+    component_version = fields.Str(requeride=False)
+    created = fields.Str(requeride=False)
+    cvssv3 = fields.Str(requeride=False)
+    cvssv3_score = fields.Int(requeride=False)
+    cwe = fields.List(fields.Int, requeride=False)
+    date = fields.Str(requeride=False)
+    defect_review_requested_by = fields.List(fields.Int, requerided=False)
+    description = fields.Str(requeride=False)
+    duplicate = fields.Bool(requerided=False)
+    duplicate_finding = fields.Int(requerided=False)
+    dynamic_finding = fields.Bool(requerided=False)
+    effort_for_fixing = fields.Str(requerided=False)
+    endpoints = fields.List(fields.Int, requerided=False)
+    false_p = fields.Bool(requerided=False)
+    file_path = fields.Str(requeride=False)
+    finding_group = fields.List(fields.Number, requerided=False)
+    found_by = fields.List(fields.Int, requerided=False)
+    has_jira = fields.Bool(requerided=False)
+    has_tags = fields.Bool(requerided=False)
+    hash_code = fields.Str(requeride=False)
+    id = fields.List(fields.List(fields.Field()), requerided=False)
+    impact = fields.Str(requeride=False)
+    inherited_tags = fields.List(fields.List(fields.Field()), requeride=False)
+    is_mitigated = fields.Bool(requerided=False)
+    jira_change = fields.Str(requeride=False)
+    jira_creation = fields.Str(requeride=False)
+    last_reviewed = fields.Str(requeride=False)
+    last_reviewed_by = fields.List(fields.Int, requeried=False)
+    limit = fields.Int(requerided=False)
+    mitigated = fields.Str(requeride=False)
+    mitigated_by = fields.List(fields.Int, requerided=False)
+    mitigation = fields.Str(requeride=False)
+    nb_occurences = fields.List(fields.Int, requeride=False)
+    not_tag = fields.Str(requeride=False)
+    not_tags = fields.List(fields.Str, requerided=False)
+    not_test__engagement__product__tags = fields.List(fields.Str, requerided=False)
+    not_test__engagement__tags = fields.List(fields.Str, requerided=False)
+    not_test__tags = fields.List(fields.Str, requerided=False)
+    numerical_severity = fields.Str(requeride=False)
+    offset = fields.Int(requerided=False)
+    out_of_scope = fields.Bool(requerided=False)
+    outside_of_sla = fields.Int(requerided=False)
+    param = fields.Str(requeride=False)
+    payload = fields.Str(requeride=False)
+    planned_remediation_date = fields.Str(requeride=False)
+    planned_remediation_version = fields.Str(requeride=False)
+    prefetch = fields.List(fields.Str, requerided=False)
+    product_name = fields.Str(requeride=False)
+    product_name_contains = fields.Str(requeride=False)
+    publish_date = fields.Str(requeride=False)
+    references = fields.Str(requeride=False)
+    related_fields = fields.Str(requeride=False)
+    reporter = fields.List(fields.Int, requerided=False)
+    review_request_by = fields.List(fields.Int, requerided=False)
+    reviewers = fields.List(fields.Int, requerided=False)
+    risk_accetance = fields.Int(requerided=False)
+    risk_status = fields.Str(
+        required=False, validate=validate.OneOf(["Risk Pending", "Risk Rejected", "Risk Accepted", "Risk Active"])
+    )
+    risk_accepted = fields.Bool(requerided=False)
+    sast_sink_object = fields.Str(requeride=False)
+    sast_source_object = fields.Str(requeride=False)
+    scanner_confidence = fields.List(fields.Int, requerided=False)
+    service = fields.Str(requeride=False)
+    severity = fields.Str(requeride=False)
+    severity_justification = fields.Str(requeride=False)
+    sla_start_date = fields.Str(requeride=False)
+    sonarqube_issue = fields.List(fields.Int, requerided=False)
+    static_finding = fields.Bool(requerided=False)
+    steps_to_reproduce = fields.Str(requeride=False)
+    tag = fields.Str(requeride=False)
+    tags = fields.Str(requeride=False)
+    test = fields.Int(requerided=False)
+    test__engagement = fields.List(fields.Int, requerided=False)
+    test__engagement__product = fields.List(fields.Int, requerided=False)
+    test__engagement__product__prod_type = fields.List(fields.Int, requerided=False)
+    test__engagement__product__tags = fields.List(fields.Int, requerided=False)
+    test__engagement__tags = fields.List(fields.Str, requerided=False)
+    test__tags = fields.List(fields.Str, requerided=False)
+    test__test_type = fields.List(fields.Int, requerided=False)
+    title = fields.Str(requeride=False)
+    under_defect_review = fields.Bool(requerided=False)
+    under_review = fields.Bool(requerided=False)
+    unique_id_from_tool = fields.Str(requeride=False)
+    verified = fields.Bool(requerided=False)
+    vuln_id_from_tool = fields.Str(requeride=False)
+    vulnerability_id = fields.Str(requeride=False)
+
+
+class FindingCloseSerializer(Schema):
+    is_mitigated = fields.Bool(default=True, requerided=False)
+    mitigated = fields.Bool(requerided=False)
+    detail = fields.Str(required=False)
+    message = fields.Str(required=False)

devsecops_engine_tools/engine_utilities/defect_dojo/domain/serializers/import_scan.py

@@ -0,0 +1,223 @@
+from marshmallow import Schema, fields, post_load, validate
+from devsecops_engine_tools.engine_utilities.defect_dojo.domain.request_objects.import_scan import ImportScanRequest
+
+list_scan_type = [
+    "Acunetix Scan",
+    "Acunetix360 Scan",
+    "Anchore Engine Scan",
+    "Anchore Enterprise Policy Check",
+    "Anchore Grype",
+    "AnchoreCTL Policies Report",
+    "AnchoreCTL Vuln Report",
+    "AppSpider Scan",
+    "Aqua Scan",
+    "Arachni Scan",
+    "AuditJS Scan",
+    "AWS Prowler Scan",
+    "AWS Scout2 Scan",
+    "AWS Security Finding Format (ASFF) Scan",
+    "AWS Security Hub Scan",
+    "Azure Security Center Recommendations Scan",
+    "Bandit Scan",
+    "BlackDuck API",
+    "Blackduck Component Risk",
+    "Blackduck Hub Scan",
+    "Brakeman Scan",
+    "Bugcrowd API Import",
+    "BugCrowd Scan",
+    "Bundler-Audit Scan",
+    "Burp Enterprise Scan",
+    "Burp GraphQL API",
+    "Burp REST API",
+    "Burp Scan",
+    "CargoAudit Scan",
+    "Checkmarx OSA",
+    "Checkmarx Scan",
+    "Checkmarx Scan detailed",
+    "Checkov Scan",
+    "Clair Klar Scan",
+    "Clair Scan",
+    "Cloudsploit Scan",
+    "Cobalt.io API Import",
+    "Cobalt.io Scan",
+    "Codechecker Report native",
+    "Contrast Scan",
+    "Coverity API",
+    "Crashtest Security JSON File",
+    "Crashtest Security XML File",
+    "CredScan Scan",
+    "CycloneDX Scan",
+    "DawnScanner Scan",
+    "Dependency Check Scan",
+    "Dependency Track Finding Packaging Format (FPF) Export",
+    "Detect-secrets Scan",
+    "docker-bench-security Scan",
+    "Dockle Scan",
+    "DrHeader JSON Importer",
+    "DSOP Scan",
+    "Edgescan Scan",
+    "ESLint Scan",
+    "Fortify Scan",
+    "Generic Findings Import",
+    "Ggshield Scan",
+    "Github Vulnerability Scan",
+    "GitLab API Fuzzing Report Scan",
+    "GitLab Container Scan",
+    "GitLab DAST Report",
+    "GitLab Dependency Scanning Report",
+    "GitLab SAST Report",
+    "GitLab Secret Detection Report",
+    "Gitleaks Scan",
+    "Gosec Scanner",
+    "HackerOne Cases",
+    "Hadolint Dockerfile check",
+    "Harbor Vulnerability Scan",
+    "Horusec Scan",
+    "HuskyCI Report",
+    "Hydra Scan",
+    "IBM AppScan DAST",
+    "Immuniweb Scan",
+    "IntSights Report",
+    "JFrog Xray API Summary Artifact Scan",
+    "JFrog Xray On Demand Binary Scan",
+    "JFrog Xray Scan",
+    "JFrog Xray Unified Scan",
+    "KICS Scan",
+    "Kiuwan Scan",
+    "kube-bench Scan",
+    "Meterian Scan",
+    "Microfocus Webinspect Scan",
+    "MobSF Scan",
+    "Mobsfscan Scan",
+    "Mozilla Observatory Scan",
+    "Nessus Scan",
+    "Nessus WAS Scan",
+    "Netsparker Scan",
+    "NeuVector (compliance)",
+    "NeuVector (REST)",
+    "Nexpose Scan",
+    "Nikto Scan",
+    "Nmap Scan",
+    "Node Security Platform Scan",
+    "NPM Audit Scan",
+    "Nuclei Scan",
+    "Openscap Vulnerability Scan",
+    "OpenVAS CSV",
+    "ORT evaluated model Importer",
+    "OssIndex Devaudit SCA Scan Importer",
+    "Outpost24 Scan",
+    "PHP Security Audit v2",
+    "PHP Symfony Security Check",
+    "pip-audit Scan",
+    "PMD Scan",
+    "PWN SAST",
+    "Qualys Infrastructure Scan (WebGUI XML)",
+    "Qualys Scan",
+    "Qualys Webapp Scan",
+    "Retire.js Scan",
+    "Risk Recon API Importer",
+    "Rubocop Scan",
+    "Rusty Hog Scan",
+    "SARIF",
+    "Scantist Scan",
+    "Scout Suite Scan",
+    "Semgrep JSON Report",
+    "SKF Scan",
+    "Snyk Scan",
+    "Solar Appscreener Scan",
+    "SonarQube API Import",
+    "SonarQube Scan",
+    "SonarQube Scan detailed",
+    "Sonatype Application Scan",
+    "SpotBugs Scan",
+    "SSL Labs Scan",
+    "Sslscan",
+    "Sslyze Scan",
+    "SSLyze Scan (JSON)",
+    "StackHawk HawkScan",
+    "Talisman Scan",
+    "Terrascan Scan",
+    "Testssl Scan",
+    "TFSec Scan",
+    "Trivy Operator Scan",
+    "Trivy Scan",
+    "Trufflehog Scan",
+    "Trufflehog3 Scan",
+    "Trustwave Fusion API Scan",
+    "Trustwave Scan (CSV)",
+    "Twistlock Image Scan",
+    "VCG Scan",
+    "Veracode Scan",
+    "Veracode SourceClear Scan",
+    "Vulners",
+    "Wapiti Scan",
+    "Wazuh",
+    "WFuzz JSON report",
+    "Whispers Scan",
+    "WhiteHat Sentinel",
+    "Whitesource Scan",
+    "Wpscan",
+    "Xanitizer Scan",
+    "Yarn Audit Scan",
+    "ZAP Scan",
+]
+group_by_list = ["component_name", "component_name+component_version", "file_path", "finding_title"]
+
+
+class ImportScanSerializer(Schema):
+    scan_date = fields.Str(required=False)
+    minimum_severity = fields.Str(required=False)
+    active = fields.Str(required=False, load_default="true")
+    verified = fields.Str(required=False, load_default="true")
+    scan_type = fields.Str(required=True, validate=validate.OneOf(list_scan_type))
+    endpoint_to_add = fields.Str(required=False)
+    file = fields.Str(required=False)
+    product_type_name = fields.Str(required=False)
+    product_name = fields.Str(required=False)
+    engagement_name = fields.Str(required=True)
+    engagement_end_date = fields.Str(required=False)
+    source_code_management_uri = fields.Str(required=False)
+    engagement = fields.Int(required=False)
+    auto_create_context = fields.Str(required=False, load_default="true")
+    deduplication_on_engagement = fields.Str(required=False)
+    lead = fields.Str(required=False)
+    tags = fields.Str(required=True, validate=validate.OneOf(["cde", "evc"]))
+    close_old_findings = fields.Str(required=False, load_default=True)
+    close_old_findings_product_scope = fields.Str(required=False)
+    push_to_jira = fields.Str(required=False)
+    environment = fields.Str(
+        required=False,
+        validate=validate.OneOf(["Development", "Production", "Default", "Staging", "Test", "Pre-prod", "Lab"]),
+    )
+    version = fields.Str(required=False)
+    build_id = fields.Str(required=False)
+    branch_tag = fields.Str(required=False)
+    commit_hash = fields.Str(required=False)
+    api_scan_configuration = fields.Int(required=False)
+    service = fields.Str(required=False)
+    group_by = fields.Str(required=False)
+    test_title = fields.Str(required=False)
+    description_product = fields.Str(required=False)
+    create_finding_groups_for_all_findings = fields.Str(required=False)
+    tools_configuration = fields.Int(required=False, load_default=1)
+    code_app = fields.Str(required=False)
+    # defect-dojo credential
+    token_cmdb = fields.Str(required=True)
+    host_cmdb = fields.Url(required=True)
+    token_defect_dojo = fields.Str(required=True)
+    host_defect_dojo = fields.Str(required=True)
+    cmdb_mapping = fields.Dict(required=True)
+    product_type_name_mapping = fields.Dict(required=False)
+    # Config remote credential
+    compact_remote_config_url = fields.Str(required=False)
+    organization_url = fields.Str(required=False)
+    personal_access_token = fields.Str(required=False)
+    repository_id = fields.Str(required=False)
+    remote_config_path = fields.Str(required=False)
+    project_remote_config = fields.Str(required=False)
+    # regulare expression
+    expression = fields.Str(required=True)
+
+    @post_load
+    def make_cmdb(self, data, **kwargs):
+        return ImportScanRequest(**data)

devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/cmdb.py

@@ -0,0 +1,59 @@
+import re
+from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.cmdb import CmdbRestConsumer
+from devsecops_engine_tools.engine_utilities.defect_dojo.domain.request_objects.import_scan import ImportScanRequest
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities.azuredevops.infrastructure.azure_devops_api import AzureDevopsApi
+from devsecops_engine_tools.engine_utilities.settings import SETTING_LOGGER
+
+logger = MyLogger.__call__(**SETTING_LOGGER).get_logger()
+
+
+class CmdbUserCase:
+    def __init__(self, rest_consumer_cmdb: CmdbRestConsumer, utils_azure: AzureDevopsApi, expression) -> None:
+        self.__rc_cmdb = rest_consumer_cmdb
+        self.__utils_azure = utils_azure
+        self.__expression = expression
+
+    def execute(self, request: ImportScanRequest) -> ImportScanRequest:
+        # Connection config map
+        connection = self.__utils_azure.get_azure_connection()
+        remote_config = self.__utils_azure.get_remote_json_config(connection=connection)
+
+        # regular exprecion
+        request.code_app = self.get_code_app(request.engagement_name)
+
+        # connect cmdb
+        product_data = self.__rc_cmdb.get_product_info(request)
+        search_type_product = next(
+            (
+                key
+                for key, list in remote_config.get("products_sync_with_other_productype", {}).items()
+                if request.code_app in list
+            ),
+            None,
+        )
+        if search_type_product:
+            request.product_type_name = search_type_product
+        else:
+            request.product_type_name = (
+                remote_config["types_product"].get(product_data.product_type_name, product_data.product_type_name)
+                if product_data.product_type_name
+                else remote_config["types_product"].get("ORPHAN_PRODUCT_TYPE", "ORPHAN_PRODUCT_TYPE")
+            )
+
+        request.product_name = product_data.product_name
+        request.tags = product_data.tag_product if product_data.tag_product else "ORPHAN"
+        request.product_description = product_data.product_description
+
+        return request
+
+    def get_code_app(self, engagement_name: str):
+        m = re.search(r"" + self.__expression, engagement_name, re.IGNORECASE)
+        if m is None:
+            e = f"Engagement name {engagement_name} not match whit expression: {self.__expression}"
+            logger.error(e)
+            raise ApiError(e)
+        code_app = m.group(1)
+        logger.debug(code_app)
+        return code_app.lower()

devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/finding.py

@@ -0,0 +1,38 @@
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.finding import FindingRestConsumer
+from devsecops_engine_tools.engine_utilities.defect_dojo.domain.serializers.finding import FindingCloseSerializer
+from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities.settings import SETTING_LOGGER
+import datetime
+import pytz
+
+logger = MyLogger.__call__(**SETTING_LOGGER).get_logger()
+
+
+class FindingUserCase:
+    def __init__(self, rest_finding: FindingRestConsumer):
+        self.__rest_finding = rest_finding
+
+    def execute(self, request):
+        findings = self.__rest_finding.get(request)
+        if findings.results == []:
+            logger.error("Finding con Id_from_tool {request.get('unique_id_from_tool')} not found")
+            raise ApiError(f"Finding con Id_from_tool {request.get('unique_id_from_tool')} not found")
+        tz = pytz.timezone("America/Bogota")
+        date = datetime.datetime.now(tz=tz).strftime("%Y-%m-%dT%H:%M:%S.%fZ")
+        logger.debug(f"date: {date}")
+        response = None
+        for finding in findings.results:
+            request_close = {"is_mitigated": "True", "mitigated": date}
+            response = self.__rest_finding.close(request_close, finding.id)
+        return response
+
+
+class FindingGetUserCase:
+    def __init__(self, rest_finding: FindingRestConsumer):
+        self.__rest_finding = rest_finding
+
+    def execute(self, request):
+        response = self.__rest_finding.get(request)
+        logger.debug(f"finding: {response}")
+        return response

devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/import_scan.py

@@ -0,0 +1,133 @@
+import re
+import os
+from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError
+from devsecops_engine_tools.engine_utilities.settings import SETTING_LOGGER
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.import_scan import ImportScanRestConsumer
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product_type import ProductTypeRestConsumer
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product import ProductRestConsumer
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.scan_configurations import (
+    ScanConfigrationRestConsumer,
+)
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.engagement import EngagementRestConsumer
+from devsecops_engine_tools.engine_utilities.defect_dojo.domain.request_objects.import_scan import ImportScanRequest
+import urllib3
+
+logger = MyLogger.__call__(**SETTING_LOGGER).get_logger()
+
+urllib3.disable_warnings()
+
+
+class ImportScanUserCase:
+    def __init__(
+        self,
+        rest_import_scan: ImportScanRestConsumer,
+        rest_product_type: ProductTypeRestConsumer,
+        rest_product: ProductRestConsumer,
+        rest_scan_configuration: ScanConfigrationRestConsumer,
+        rest_engagement: EngagementRestConsumer,
+    ):
+        self.__rest_import_scan = rest_import_scan
+        self.__rest_product_type = rest_product_type
+        self.__rest_product = rest_product
+        self.__rest_scan_configurations = rest_scan_configuration
+        self.__rest_engagement = rest_engagement
+
+    def execute(self, request: ImportScanRequest) -> ImportScanRequest:
+        response = None
+        product_id = None
+
+        if (request.product_name or request.product_type_name) == "":
+            log = f"Name product {request.product_name} or product type {request.product_type_name} is empty"
+            logger.error(log)
+            raise ApiError(log)
+        
+        logger.info(f"Match {request.scan_type}")
+        products = self.__rest_product.get_products(request)
+        if len(products.results) > 0:
+            product_id = products.results[0].id
+            request.product_name = products.results[0].name
+            request.product_type_name = self.__rest_product_type.get_product_type_id(products.results[0].prod_type).name
+            logger.info(f"product found: {request.product_name} with id: {product_id}")
+        else:
+            product_type_id = None
+            product_types = self.__rest_product_type.get_product_types(request.product_type_name)
+            if product_types.results == []:
+                product_type = self.__rest_product_type.post_product_type(request.product_type_name)
+                product_type_id = product_type.id
+                logger.info(f"product_type created: {product_type.name} with id {product_type.id}")
+            else:
+                if len(product_types.results) != 1:
+                    logger.warning(f"there is more than one product type with the name: {product_types.results}")
+
+                product_type_id = product_types.results[0].id
+                logger.info(
+                    f"product_type found: {product_types.results[0].name}\
+                        with id {product_type_id}"
+                )
+
+                product = self.__rest_product.post_product(request, product_type_id)
+                product_id = product.id
+                logger.info(
+                    f"product created: {product.name}\
+                        found with id: {product.id}"
+                )
+
+        api_scan_bool = re.search(" API ", request.scan_type)
+        if api_scan_bool:
+            scan_configuration_list = self.__rest_scan_configurations.get_api_scan_configuration(request)
+            if scan_configuration_list.results == []:
+                scan_configuration = self.__rest_scan_configurations.post_api_scan_configuration(
+                    request, product_id, request.tools_configuration
+                )
+                request.api_scan_configuration = scan_configuration.id
+                logger.debug(f"Scan configuration create service_key_1 : {scan_configuration.service_key_1}")
+            else:
+                logger.debug(
+                    f"Scan configuration found service_key: {scan_configuration_list.results[0].service_key_1}"
+                )
+                request.api_scan_configuration = scan_configuration_list.results[0].id
+
+        logger.debug(f"search Engagement name: {request.engagement_name}")
+        engagement = self.__rest_engagement.get_engagements(request.engagement_name)
+        if engagement.results == []:
+            engagement = self.__rest_engagement.post_engagement(request.engagement_name, product_id)
+            logger.debug(f"Egagement created: {engagement.name}")
+        else:
+            engagement = [engagement for engagement in engagement.results if engagement.product == product_id]
+            if engagement:
+                logger.debug(f"Engagement found: {engagement[0].name} whit product id: {engagement[0].product}")
+            else:
+                engagement = self.__rest_engagement.post_engagement(request.engagement_name, product_id)
+                logger.debug(f"Egagement created: {engagement.name} whit product id {engagement.product}")
+
+        if api_scan_bool:
+            response = self.__rest_import_scan.import_scan_api(request)
+            logger.info(f"End process Succesfull!!!: {response}")
+        else:
+            try:
+                file_type = self.get_file_type(request.file)
+                if file_type is None:
+                    raise ApiError("File format not allowed")
+
+                with open(request.file, "rb") as file:
+                    logger.info(f"read {file_type} file successful !!!")
+                    files = [("file", (request.file, file, file_type))]
+                    response = self.__rest_import_scan.import_scan(request, files)
+
+            except Exception as e:
+                raise ApiError(e)
+
+        response.url = f"{request.host_defect_dojo}/engagement/{str(response.engagement_id)}/finding/open"
+        return response
+
+    def get_file_type(self, path_file):
+        __, extension = os.path.splitext(path_file)
+        dict_rule_type_file = {
+            ".csv": "text/csv",
+            ".json": "apllication/json",
+            ".xml": "aplication/xml",
+            ".sarif": "aplication/json",
+        }
+        file_type = dict_rule_type_file.get(extension)
+        return file_type