Add Cyberwatch Galeax Parser #12105
Add Cyberwatch Galeax Parser #12105
Conversation
Cyberwatch parser : Fixed CVEs and Security issues handling, added components and mitigated findings Changed Setting for Dedup algorithm removed shashum Fixed parser bug with filters Added Epss score as %, added CAPEC and ATTACKS Fix linter and code format Co-authored-by: Amine <amine@galeax.com>
github-actions
bot
added
settings_changes
DryRun Security SummaryA comprehensive patch for Cyberwatch Parser in DefectDojo introduces potential security risks through information exposure, logging vulnerabilities, and inadequate input validation across parser implementation, configuration, and test files. Expand for full summarySummary: A comprehensive patch adding Cyberwatch Parser documentation and integration to DefectDojo, including parser implementation, configuration updates, and unit test files for security finding parsing. Security Findings:
|
|
Thank you @AmineHazi . To make it clear that this parser is parsing an "extended" Cyberwatch report, could you look at changing the name of the parser to something like "Cyberwatch Galeax Scan" or "Cyberwatch Scan (Galeax)" or some suggestion from your side? |
| self.assertEqual("Security Issue - Fingerprint Web Application Framework", finding.title) | ||
| self.assertEqual("Info", finding.severity) | ||
| # Expect both endpoints to have the same host as per new JSON | ||
| endpoint_hosts = [e.host for e in finding.unsaved_endpoints] |
There was a problem hiding this comment.
Could you add a .clean() for all endpoints? This validates if they are in valid format.
|
|
||
| finding = findings[0] | ||
| self.assertEqual("Security Issue - Fingerprint Web Application Framework", finding.title) | ||
| self.assertEqual("Info", finding.severity) |
There was a problem hiding this comment.
Could you ad an assert on cwe?
| self.assertIn("CVSS Base vector:", finding.description) | ||
| self.assertIn("CVE Published At: 2023-11-27T23:15:07.420+01:00", finding.description) | ||
| self.assertIn("Exploit Code Maturity: proof_of_concept", finding.description) | ||
| self.assertIn("EPSS: 0.00044", finding.description) |
There was a problem hiding this comment.
Could you assert the actual value of the epss field?
Thank you for your reply, @valentijnscholten. I have just changed the parser name to "Cyberwatch Scan (Galeax)". Would you like me to update the folder and file names as well, or is the new name sufficient? (For example, change the folder 'dojo\tools\cyberwatch' to 'dojo\tools\cyberwatch_galeax'.) |
|
Good idea, so yes 😀 |
Hi @valentijnscholten, I changed the file and folder names too. I also added assertions on the CWE and EPSS fields and cleaned up the endpoints. Let me know if there's anything else to change! |
| @@ -0,0 +1,14 @@ | |||
| --- | |||
| title: "Cyberwatch" | |||
There was a problem hiding this comment.
| title: "Cyberwatch" | |
| title: "Cyberwatch (Galeax)" |
| title: "Cyberwatch" | ||
| toc_hide: true | ||
| --- | ||
| The Cyberwatch Parser is used to import Cyberwatch scan results into DefectDojo. It accepts a JSON input that can be generated by the [Cyberwatch-API-DefectDojo](https://github.com/Galeax/Cyberwatch-API-DefectDojo) tool. |
There was a problem hiding this comment.
| The Cyberwatch Parser is used to import Cyberwatch scan results into DefectDojo. It accepts a JSON input that can be generated by the [Cyberwatch-API-DefectDojo](https://github.com/Galeax/Cyberwatch-API-DefectDojo) tool. | |
| The Cyberwatch (Galeax) Parser is used to import Cyberwatch scan results into DefectDojo. It accepts a JSON input that can be generated by the [Cyberwatch-API-DefectDojo](https://github.com/Galeax/Cyberwatch-API-DefectDojo) tool created by Galeax. |
| For each CVE and security issue found in the JSON input, the parser creates a corresponding finding in DefectDojo. | ||
|
|
||
| ### Sample Scan Data | ||
| Sample Cybwerwatch Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/cyberwatch). |
There was a problem hiding this comment.
| Sample Cybwerwatch Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/cyberwatch). | |
| Sample Cybwerwatch Galeax Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/cyberwatch). |
As discussed with @valentijnscholten , the default CSV and JSON reports from Cyberwatch do not include all the necessary data. Therefore, to use this parser, please utilize this tool : https://github.com/Galeax/Cyberwatch-API-DefectDojo to generate the required JSON input.