Add SecureCodeBox parser by JohannesZahn · Pull Request #4431 · DefectDojo/django-DefectDojo

JohannesZahn · 2021-05-03T09:29:13Z

Implemented a secureCodeBox Findings Import.

It is used in a secureCodeBox Hook to automatically import scans into DefectDojo (for scans that have no dedicated parser yet).

The Findings format is described here

See this issue for more information.

…sure impact and mitigation are not null

github-actions · 2021-05-03T09:40:08Z

This pull request has conflicts, please resolve those before we can evaluate the pull request.

github-actions · 2021-05-03T09:52:11Z

Conflicts have been resolved. A maintainer will review the pull request shortly.

damiencarol

Made a lot of comments, one is blocking (urlparse/hyperlink)

github-actions · 2021-05-03T11:27:43Z

This pull request has conflicts, please resolve those before we can evaluate the pull request.

Co-authored-by: Damien Carol <damien.carol@gmail.com>

github-actions · 2021-05-03T15:17:25Z

Conflicts have been resolved. A maintainer will review the pull request shortly.

madchap

You can completely remove the test_type.json file changes, it's all dynamic now.

JohannesZahn · 2021-05-11T08:33:34Z

@madchap when I remove the test type json I can not find a SecureCodeBox Findings Import Test Type

damiencarol · 2021-05-11T08:42:38Z

@JohannesZahn it could means that the autoloading of your parser don't works. something is maybe missing

Co-authored-by: Damien Carol <damien.carol@gmail.com>

github-actions · 2021-06-06T16:46:26Z

This pull request has conflicts, please resolve those before we can evaluate the pull request.

JohannesZahn · 2021-06-10T15:57:49Z

I am putting this on hold since we are currently experimenting with your new generic json parser

JohannesZahn · 2021-06-15T05:20:55Z

We will probably not need this as we are now using the new generic JSON parser. So I will close the PR for now.

JohannesZahn added 7 commits April 20, 2021 11:08

base parser

1ee7bd1

improved error handling

68803e5

refactored scb parser to securecodebox parser

8e76c09

fixed bug where null description lead to internal server error, made …

ebfe697

…sure impact and mitigation are not null

fixed bug where description and name could be None

afa4036

refactored tests and testfiles

f36c943

document the parser

f63b791

github-actions Bot added the conflicts-detected label May 3, 2021

Merge remote-tracking branch 'upstream/dev' into parser-SCB

fe28c71

github-actions Bot removed the conflicts-detected label May 3, 2021

flake8 conformity

a8a03f0

madchap added the Import Scans label May 3, 2021

valentijnscholten changed the title ~~Parser scb~~ Add SecureCodeBox parser May 3, 2021

damiencarol suggested changes May 3, 2021

View reviewed changes

github-actions Bot added the conflicts-detected label May 3, 2021

JohannesZahn and others added 5 commits May 3, 2021 13:59

Update dojo/tools/securecodebox/parser.py

ce8ec74

Co-authored-by: Damien Carol <damien.carol@gmail.com>

Update dojo/tools/securecodebox/parser.py

89f0bc8

Co-authored-by: Damien Carol <damien.carol@gmail.com>

Update dojo/tools/securecodebox/parser.py

341562f

Co-authored-by: Damien Carol <damien.carol@gmail.com>

implemented some PR comments

18b7ff6

revert test_type

2e4a08d

github-actions Bot removed the conflicts-detected label May 3, 2021

JohannesZahn added 3 commits May 3, 2021 17:18

Merge remote-tracking branch 'upstream/dev' into parser-SCB

a0418ac

add unique id from tool

1b1ea65

migrate from urllib to hyperlink package

4520581

damiencarol reviewed May 9, 2021

View reviewed changes

Comment thread dojo/tools/securecodebox/parser.py Outdated

use unique id from tool as dupe key

4907763

JohannesZahn added 3 commits May 11, 2021 08:12

readded the test type

90f4dcd

remove hashlib as unused

38c062b

flake8 conformity

b74c47f

madchap suggested changes May 11, 2021

View reviewed changes

fixed typo

a2d9282

remove test_type

56070d8

JohannesZahn added 2 commits May 11, 2021 11:56

Merge remote-tracking branch 'upstream/dev' into parser-SCB

700dd67

fixed bug where endpoint parser returned tuple as path instead str

488d4cd

damiencarol reviewed May 13, 2021

View reviewed changes

Comment thread dojo/unittests/tools/test_securecodebox_parser.py Outdated

JohannesZahn and others added 4 commits May 18, 2021 02:53

added additional test for kubehunter findings

0a2b6af

Update dojo/unittests/tools/test_securecodebox_parser.py

dc68df7

Co-authored-by: Damien Carol <damien.carol@gmail.com>

replace assertEquals by assertIsNone

238f4a1

Merge remote-tracking branch 'upstream/dev' into parser-SCB

8d030f0

JohannesZahn force-pushed the parser-SCB branch from 526a396 to 8d030f0 Compare May 26, 2021 10:07

github-actions Bot added the conflicts-detected label Jun 6, 2021

This was referenced Jun 10, 2021

ImportScanService not up to date with DefectDojo serializers secureCodeBox/defectdojo-client-java#6

Open

DefectDojo persistence provider unable to use new SecureCodeBox Findings Importer secureCodeBox/secureCodeBox#490

Closed

JohannesZahn closed this Jun 15, 2021

Conversation

JohannesZahn commented May 3, 2021

Uh oh!

github-actions Bot commented May 3, 2021

Uh oh!

github-actions Bot commented May 3, 2021

Uh oh!

damiencarol left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented May 3, 2021

Uh oh!

github-actions Bot commented May 3, 2021

Uh oh!

Uh oh!

madchap left a comment

Choose a reason for hiding this comment

Uh oh!

JohannesZahn commented May 11, 2021

Uh oh!

damiencarol commented May 11, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented Jun 6, 2021

Uh oh!

JohannesZahn commented Jun 10, 2021

Uh oh!

JohannesZahn commented Jun 15, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

damiencarol commented May 11, 2021 •

edited

Loading