Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add EPSS score and percentile to generic csv parser #11449

Open
wants to merge 3 commits into
base: bugfix
Choose a base branch
from

Conversation

hblankenship
Copy link
Collaborator

epss_score and epss_percentile have been added to the generic parser for csv files
test created to validate that the new headers are read in correctly
documentation on generic parser updated to include the new fields

[sc-9384]

Copy link

dryrunsecurity bot commented Dec 20, 2024

DryRun Security Summary

The pull request enhances DefectDojo's security data handling by adding EPSS support, updating CSV parsing, improving vulnerability ID handling, and implementing deduplication in the Generic Findings Import feature.

Expand for full summary

Summary:

The changes in this pull request are focused on improving the handling of security-related data in the DefectDojo application, specifically related to the "Generic Findings Import" feature. The key changes include:

  1. EPSS Support: The addition of a new test case in the TestGenericParser class ensures that the GenericParser can correctly parse CSV files that include EPSS (Exploitability Prediction Score System) data. This is an important security metric that estimates the likelihood of a vulnerability being exploited, and it can help security teams prioritize remediation efforts.

  2. CSV Format Updates: The documentation has been updated to include two new attributes for the supported CSV format: epss_score and epss_percentile. These attributes provide additional security-relevant information about the imported findings, which can enhance the application's vulnerability management capabilities.

  3. Vulnerability ID Handling: The CSV parser in the dojo/tools/generic/csv_parser.py file has been updated to handle both CVE (Common Vulnerabilities and Exposures) IDs and custom "Vulnerability Id" fields. This allows the tool to associate findings with known vulnerabilities, which can be useful for tracking and addressing them.

  4. Deduplication: The CSV parser now implements an internal deduplication mechanism based on a hash of the finding's severity, title, and description. This helps to avoid creating duplicate findings, which can improve the accuracy and usability of the data.

Overall, these changes demonstrate a commitment to enhancing the security capabilities of the DefectDojo application by improving the handling of security-related data, such as EPSS scores and CVSS information. This can help security teams better prioritize and address vulnerabilities, leading to a more secure application landscape.

Files Changed:

  1. unittests/tools/test_generic_parser.py: This file adds a new test case to the TestGenericParser class, which verifies that the GenericParser can correctly parse a CSV file that includes EPSS data.
  2. docs/content/en/connecting_your_tools/parsers/generic_findings_import.md: This file updates the documentation to include the new epss_score and epss_percentile attributes for the supported CSV format.
  3. unittests/scans/generic/generic_csv_with_epss.csv: This file adds a new row to the CSV file, which contains information about a security vulnerability, including the EPSS score and percentile.
  4. dojo/tools/generic/csv_parser.py: This file updates the _get_findings_csv function to handle the new epss_score and epss_percentile fields, as well as improve the handling of vulnerability IDs and deduplication.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

Copy link
Contributor

@cneill cneill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small docs tweak to make clear that the range for epss_percentile is the same as epss_score, otherwise this looks good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants