forked from DefectDojo/django-DefectDojo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathparser.py
110 lines (89 loc) · 3.54 KB
/
parser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
"""Parser for pip-audit."""
import json
from dojo.models import Finding
class PipAuditParser:
"""Represents a file parser capable of ingesting pip-audit results."""
def get_scan_types(self):
"""Return the type of scan this parser ingests."""
return ["pip-audit Scan"]
def get_label_for_scan_types(self, scan_type):
"""Return the friendly name for this parser."""
return "pip-audit Scan"
def get_description_for_scan_types(self, scan_type):
"""Return the description for this parser."""
return "Import pip-audit JSON scan report."
def requires_file(self, scan_type):
"""Return boolean indicating if parser requires a file to process."""
return True
def get_findings(self, scan_file, test):
"""Return the collection of Findings ingested."""
data = json.load(scan_file)
findings = None
# this parser can handle two distinct formats see sample scan files
if "dependencies" in data:
# new format of report
findings = get_file_findings(data, test)
else:
# legacy format of report
findings = get_legacy_findings(data, test)
return findings
def get_file_findings(data, test):
"""Return the findings in the vluns array inside the dependencies key."""
findings = list()
for dependency in data["dependencies"]:
item_findings = get_item_findings(dependency, test)
if item_findings is not None:
findings.extend(item_findings)
return findings
def get_legacy_findings(data, test):
"""Return the findings gathered from the vulns element."""
findings = list()
for item in data:
item_findings = get_item_findings(item, test)
if item_findings is not None:
findings.extend(item_findings)
return findings
def get_item_findings(item, test):
"""Return list of Findings."""
findings = list()
vulnerabilities = item.get("vulns", [])
if vulnerabilities:
component_name = item["name"]
component_version = item.get("version")
for vulnerability in vulnerabilities:
vuln_id = vulnerability.get("id")
vuln_fix_versions = vulnerability.get("fix_versions")
vuln_description = vulnerability.get("description")
title = (
f"{vuln_id} in {component_name}:{component_version}"
)
description = ""
description += vuln_description
mitigation = None
if vuln_fix_versions:
mitigation = "Upgrade to version:"
if len(vuln_fix_versions) == 1:
mitigation += f" {vuln_fix_versions[0]}"
else:
for fix_version in vuln_fix_versions:
mitigation += f"\n- {fix_version}"
finding = Finding(
test=test,
title=title,
cwe=1395,
severity="Medium",
description=description,
mitigation=mitigation,
component_name=component_name,
component_version=component_version,
vuln_id_from_tool=vuln_id,
static_finding=True,
dynamic_finding=False,
)
vulnerability_ids = list()
if vuln_id:
vulnerability_ids.append(vuln_id)
if vulnerability_ids:
finding.unsaved_vulnerability_ids = vulnerability_ids
findings.append(finding)
return findings