Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix aqua parser #10585 #10725

Merged
merged 5 commits into from
Aug 12, 2024
Merged

fix aqua parser #10585 #10725

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
54cd074
fix aqua parser #10585
manuel-sommer Aug 9, 2024
71be81e
unittest and ruff
manuel-sommer Aug 9, 2024
0e5506e
more ruff
manuel-sommer Aug 9, 2024
98a33e4
fix according to review
manuel-sommer Aug 9, 2024
2d2c91f
fix according to review
manuel-sommer Aug 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 36 additions & 1 deletion dojo/tools/aqua/parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,20 +38,29 @@ def vulnerability_tree(self, vulnerabilitytree, test):
for node in vulnerabilitytree:
resource = node.get("resource")
vulnerabilities = node.get("vulnerabilities", [])
sensitive_items = resource.get("sensitive_items", [])
if vulnerabilities is None:
vulnerabilities = []
for vuln in vulnerabilities:
item = get_item(resource, vuln, test)
unique_key = resource.get("cpe") + vuln.get("name", "None") + resource.get("path", "None")
self.items[unique_key] = item
if sensitive_items is None:
sensitive_items = []
for sensitive_item in sensitive_items:
item = get_item_sensitive_data(resource, sensitive_item, test)
unique_key = resource.get("cpe") + resource.get("path", "None") + str(sensitive_item)
self.items[unique_key] = item


def get_item(resource, vuln, test):
resource_name = resource.get("name", resource.get("path"))
resource_version = resource.get("version", "No version")
vulnerability_id = vuln.get("name", "No CVE")
fix_version = vuln.get("fix_version", "None")
description = vuln.get("description", "No description.")
description = vuln.get("description", "No description.") + "\n"
if resource.get("path"):
description += "**Path:** " + resource.get("path") + "\n"
cvssv3 = None

url = ""
Expand Down Expand Up @@ -161,6 +170,32 @@ def get_item_v2(item, test):
return finding


def get_item_sensitive_data(resource, sensitive_item, test):
resource_name = resource.get("name", "None")
resource_path = resource.get("path", "None")
vulnerability_id = resource_name
description = "**Senstive Item:** " + sensitive_item + "\n"
description += "**Layer:** " + resource.get("layer", "None") + "\n"
description += "**Layer_Digest:** " + resource.get("layer_digest", "None") + "\n"
description += "**Path:** " + resource.get("path", "None") + "\n"
finding = Finding(
title=vulnerability_id
+ " - "
+ resource_name
+ " ("
+ resource_path
+ ") ",
test=test,
severity="Info",
description=description.strip(),
component_name=resource.get("name"),
)
if vulnerability_id != "No CVE":
finding.unsaved_vulnerability_ids = [vulnerability_id]

return finding


def aqua_severity_of(score):
if score == "high":
return "High"
Expand Down
3 changes: 2 additions & 1 deletion unittests/tools/test_aqua_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,8 @@ def test_aqua_parser_aqua_devops_issue_10611(self):
with open("unittests/scans/aqua/aqua_devops_issue_10611.json") as testfile:
parser = AquaParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(98, len(findings))
self.assertEqual(101, len(findings))
self.assertEqual("server.key - server.key (/juice-shop/node_modules/node-gyp/test/fixtures/server.key) ", findings[83].title)

def test_aqua_parser_aqua_devops_empty(self):
with open("unittests/scans/aqua/empty_aquadevops.json") as testfile:
Expand Down
Loading