DefectDojo
✨ add deepfence threatmapper
Hi there :wave:, @dryrunsecurity here, below is a summary of our analysis and findings.
| DryRun Security | Status | Findings |
|---|---|---|
| Server-Side Request Forgery Analyzer | :white_check_mark: | 0 findings |
| Configured Codepaths Analyzer | :white_check_mark: | 0 findings |
| IDOR Analyzer | :white_check_mark: | 0 findings |
| Sensitive Files Analyzer | :white_check_mark: | 0 findings |
| SQL Injection Analyzer | :white_check_mark: | 0 findings |
| Authn/Authz Analyzer | :white_check_mark: | 0 findings |
| Secrets Analyzer | :white_check_mark: | 0 findings |
[!Note] :green_circle: Risk threshold not exceeded.
Change Summary (click to expand)
The following is a summary of changes in this pull request made by me, your security buddy :robot:. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.
Summary:
The code changes in this pull request are focused on adding support for the Deepfence ThreatMapper tool in the DefectDojo application security platform. The changes include the implementation of a parser to process various types of reports generated by the Deepfence ThreatMapper, such as compliance, malware, secret, and vulnerability reports. The parser is designed to extract relevant information from these reports and generate corresponding security findings within the DefectDojo platform.
From an application security perspective, the key aspects of these changes are:
Secure Handling of Sensitive Information: The parser is designed to handle sensitive information, such as credentials, private keys, and other potentially compromising data, in a secure manner. This includes sanitizing and obfuscating sensitive details before including them in the generated security findings.
Comprehensive Vulnerability Reporting: The parser is able to extract and report on known vulnerabilities, including CVE details, CVSS scores, and affected components. This helps the security team identify and address security issues in a timely manner.
Malware and Compliance Detection: The parser can also process reports related to malware and compliance, enabling the DefectDojo platform to detect and report on these types of security concerns within the scanned environment.
Extensibility and Maintainability: The parser implementation is designed to be extensible and maintainable, with the use of specialized classes for each type of report and a set of utility methods to facilitate integration with other systems.
Overall, the code changes in this pull request are a valuable addition to the DefectDojo application security platform, as they enhance its ability to process and report on security findings from the Deepfence ThreatMapper tool, thereby improving the overall security posture of the organization.
Files Changed:
dojo/tools/deepfence_threatmapper/__init__.py: This file has been updated to include the author's name.dojo/settings/.settings.dist.py.sha256sum: The SHA-256 checksum for the settings file has been updated.docs/content/en/integrations/parsers/file/deepfence_threatmapper.md: New documentation has been added for the Deepfence Threatmapper integration.dojo/settings/settings.dist.py: Changes have been made to the SAML2 attribute mapping and the deduplication algorithm for the Deepfence Threatmapper report.dojo/tools/deepfence_threatmapper/compliance.py: A new class,DeepfenceThreatmapperCompliance, has been added to handle the processing of compliance-related data.dojo/tools/deepfence_threatmapper/malware.py: A new class,DeepfenceThreatmapperMalware, has been added to handle the processing of malware-related data.dojo/tools/deepfence_threatmapper/parser.py: A new parser,DeepfenceThreatmapperParser, has been implemented to handle the parsing of Deepfence Threatmapper reports.dojo/tools/deepfence_threatmapper/secret.py: A new class,DeepfenceThreatmapperSecret, has been added to handle the processing of secret-related data.unittests/scans/deepfence_threatmapper/malware_report.csv: A new malware report has been added for testing purposes.dojo/tools/deepfence_threatmapper/vulnerability.py: A new class,DeepfenceThreatmapperVulnerability, has been added to handle the processing of vulnerability-related data.unittests/scans/deepfence_threatmapper/compliance_report.csv: A new compliance report has been added for testing purposes.unittests/scans/deepfence_threatmapper/secret_report.csv: A new secret report has been added for testing purposes.unittests/scans/deepfence_threatmapper/vulnerability_report.csv: A new vulnerability report has been added for testing purposes.unittests/tools/test_deepfence_threatmapper_parser.py: New unit tests have been added to test theDeepfenceThreatmapperParserclass.
Powered by DryRun Security
![dryrunsecurity[bot] avatar](https://avatars.githubusercontent.com/in/377039?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm checking your code here, so you wrote the parser so that it can automatically identify if it's one of the 4 report types? All findings will therefore be aggregated together?
@manuel-sommer @shodanwashere Just for awareness, there's some very new parser guidelines I wrote up at https://github.com/DefectDojo/django-DefectDojo/discussions/9690
In this specific case, I think this is fine because they are from the same tool (and type of tool) and have generally the same info expressed in different file format.
Would love to have you confirm that since shodanwashere appears to be a user of this tool.
Sounds legit, thank you for the hint @mtesauro. I would be ok with both ways here: approve how it is right now or I can go with your policy and make 4 parsers out of it, depends on your review.
This pull request has conflicts, please resolve those before we can evaluate the pull request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Conflicts have been resolved. A maintainer will review the pull request shortly.
This pull request has conflicts, please resolve those before we can evaluate the pull request.
Conflicts have been resolved. A maintainer will review the pull request shortly.
Hi @mtesauro,
it would be nice if you could review this. I just rebased this PR to also include the settings.disp sha hash sum.
@manuel-sommer @shodanwashere Just for awareness, there's some very new parser guidelines I wrote up at #9690
In this specific case, I think this is fine because they are from the same tool (and type of tool) and have generally the same info expressed in different file format.
Would love to have you confirm that since shodanwashere appears to be a user of this tool.
I've read the parser guidelines and I can see where you're coming from. Thankfully, the guidelines that were written in that quarterly update make it so this multi-parser is an exception to the rule, so I don't have any comments to make on that note.
However, I'm also interested on how it would affect parsers for some other tools, like Harbor, which I use myself as well, and can encompass different scanning tools from different vendors, like AquaSec's Trivy and Quay's Clair scanners. Other than that, it seems good to me.
Looks like this one needs a rebase to update .settings.dist.py.sha256sum. The code looks good to me, so if the tests pass after a rebase I'll :+1:
This pull request has conflicts, please resolve those before we can evaluate the pull request.
Conflicts have been resolved. A maintainer will review the pull request shortly.
Would you mind recalculating the hash and resolving the merge conflict @manuel-sommer ?
@manuel-sommer Mind one more rev on the sha256 sum for settings.dist.py? Order of PR merges put this one into merge conflict.
Thanks :pray: