Add Rapidfire vulnerability scanner parser

[skywalke34]

Description
Rapidfire Scan Parser

Rapidfire CSV Parser

CSV Field Mappings

CSV Field	Finding Field	Parser Line #	Notes
IP Address	endpoints[].host	162-173	Used if hostname not available
Hostname	endpoints[].host	162-173	Primary choice for endpoint host
MAC Address	description	134-136	Added to description with "MAC Address:" prefix
Severity	severity	149	Capitalized and validated against SEVERITIES, defaults to Info
Issue	title	107-110	Direct mapping, stripped of whitespace
Ports	endpoints[].port	165-166	Extracted number before "/" using regex
OID	vuln_id_from_tool	152	Direct mapping
CVE	unsaved_vulnerability_ids	176-177	Split on comma, filtered to valid CVE IDs
Last Detected	date	151	Parsed to datetime using dateutil.parser
Known Exploited Vulnerability	description	131-132	Added to description with prefix
Summary	description	117-118	Added to description with "Summary:" prefix
Vulnerability Detection Result	description	119-120	Added to description with prefix
Solution	mitigation	150	Direct mapping
Vulnerability Insight	impact	82-103	Formatted with CVEs into impact field
Vulnerability Detection Method	description	121-122	Added to description with prefix
References	references	70-124	Formatted into markdown list of links
Known To Be Used In Ransomware Campaigns	description, tags	137-138, 179-180	Adds warning to description and "ransomware" tag

Additional Finding Field Settings

Finding Field	Value	Parser Line #	Notes
test	test parameter	153	Set from test parameter passed to get_findings
dynamic_finding	True	153	Hardcoded to True for all findings
static_finding	False	154	Hardcoded to False for all findings

Processing Notes

• Deduplication is performed using combination of title, IP address, hostname and port
• For duplicate findings, the existing finding is updated rather than creating a new one
• The parser uses csv.DictReader with comma delimiter and quote character
• Empty rows are skipped
• References are formatted into a readable markdown list with descriptive link text
• Impact field is specially formatted to combine vulnerability insight and CVE details
• Date parsing handles various formats and falls back to current time
• Port extraction handles various formats like "8080/tcp" or "443/tcp (https)"

Test results

• 13 unit tests successfully executed against example .csv files in unittests/scans/rapidfire directory:

---

[dryrunsecurity]

DryRun Security Summary

A new RapidFire CSV parser for DefectDojo is introduced with comprehensive security parsing capabilities, revealing multiple vulnerabilities across different severity levels and potential network information exposures.

Expand for full summary

The pull request introduces a new RapidFire CSV parser for DefectDojo, adding support for parsing vulnerability scan results with comprehensive security considerations and validation mechanisms.

Security findings include:

1. Sensitive network information exposure in test CSV files (internal IP addresses, hostnames, MAC addresses)
2. Multiple Apache Tomcat vulnerabilities discovered (CVE-2023-42795, CVE-2023-44487, CVE-2023-45648)
3. Potential information disclosure through detailed vulnerability scan results
4. Exposed internal network topology in unit test files
5. Vulnerabilities ranging from low to critical severity (CVSS scores 2.1 to 10)
6. Risks including request smuggling, information leakage, and potential unauthorized access

View PR in the DryRun Dashboard.