Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 fix Bearer CLI missing Scan Type #10652 #10654

Merged
merged 1 commit into from
Aug 1, 2024
Merged

🐛 fix Bearer CLI missing Scan Type #10652 #10654

merged 1 commit into from
Aug 1, 2024

Conversation

manuel-sommer
Copy link
Contributor

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The changes in this pull request focus on improving the parsing and representation of the output from the Bearer CLI tool, a SAST scanner, by renaming the BearerParser class, enhancing the get_findings() method, implementing deduplication logic, and marking the Finding objects as static_finding=True and dynamic_finding=False, while also updating the unit tests for the BearerCLIParser class.

Expand for full summary

Summary:

The changes in this pull request are focused on improving the parsing and representation of the output from the Bearer CLI tool, which is a SAST (Static Application Security Testing) scanner. The key changes include:

  1. Renaming the BearerParser class to BearerCLIParser to better reflect its purpose of parsing the output from the Bearer CLI tool.
  2. Enhancing the get_findings() method to parse the Bearer CLI report in JSON format and create Finding objects with detailed information about the security issues, including the title, description, severity, CWE, references, file path, line number, and the source and sink objects for the vulnerability.
  3. Implementing deduplication logic to ensure that duplicate findings are not added to the list of items.
  4. Marking the Finding objects as static_finding=True and dynamic_finding=False, indicating that these are findings from a static analysis tool.

Additionally, the changes include updates to the unit tests for the BearerCLIParser class, which verify the parser's behavior when handling JSON files with one vulnerability and multiple vulnerabilities.

Overall, these changes are focused on improving the integration of the Bearer CLI tool's findings into a security management platform, which is an important step in the application security engineering process.

Files Changed:

  1. dojo/tools/bearer_cli/parser.py: This file contains the implementation of the BearerCLIParser class, which is responsible for parsing the output of the Bearer CLI tool and creating Finding objects that can be imported into a security management platform like DefectDojo.
  2. unittests/tools/test_bearer_cli_parser.py: This file contains the unit tests for the BearerCLIParser class, which verify the parser's behavior when handling JSON files with one vulnerability and multiple vulnerabilities.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Jul 30, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro
Copy link
Contributor

Interesting that its already CLI for both the parser name and hashcode:

https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/tools/bearer_cli/parser.py#L11
and
https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/settings.dist.py#L1269

Anyway, thanks for the PR 👍

@cneill cneill mentioned this pull request Jul 30, 2024
Merged
@mtesauro mtesauro merged commit 1fb5e9e into DefectDojo:bugfix Aug 1, 2024
124 checks passed
@manuel-sommer manuel-sommer deleted the fix_10652 branch August 1, 2024 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@hblankenship hblankenship hblankenship approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

Assignees
No one assigned
Labels
parser unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @mtesauro @cneill @hblankenship @Maffooch