feat: added GitLab secret detection report parser (DefectDojo#4605)

natebwangsut · web-flow · commit 6d1279809668 · 2021-07-15T10:00:32.000-05:00
* feat: added GitLab secret detection report parser

* fix: Flake8 compliance

* fix: remove entry from test_type.json

* fix: change severity on parser

* fix: update findings description field for raw_source_code

* fix: add unique_id_from_tool for findings

* fix: remove autoimported module

* fix: typo

* test: added unittests for unique_id_from_tool field

* fix: Flake8 compliant

* test: add testing for findings date

* fix: datetime bug parser
diff --git a/dojo/tools/gitlab_secret_detection_report/__init__.py b/dojo/tools/gitlab_secret_detection_report/__init__.py
diff --git a/dojo/tools/gitlab_secret_detection_report/parser.py b/dojo/tools/gitlab_secret_detection_report/parser.py
@@ -0,0 +1,65 @@
+import json
+from datetime import datetime
+from dojo.models import Finding
+
+
+class GitlabSecretDetectionReportParser(object):
+    """
+    GitLab's secret detection report
+    See more: https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/secret-detection-report-format.json
+    """
+
+    def get_scan_types(self):
+        return ["GitLab Secret Detection Report"]
+
+    def get_label_for_scan_types(self, scan_type):
+        return "GitLab Secret Detection Report"
+
+    def get_description_for_scan_types(self, scan_type):
+        return "GitLab Secret Detection Report file can be imported in JSON format (option --json)."
+
+    def get_findings(self, file, test):
+        # Load JSON data from uploaded file
+        data = json.load(file)
+
+        findings = []
+
+        # This is required by schema - it won't be null / undefined
+        date = datetime.strptime(data["scan"]["end_time"], "%Y-%m-%dT%H:%M:%S")
+
+        # Vulnerabilities is stored on vulnerabilities key
+        vulnerabilities = data["vulnerabilities"]
+        for vulnerability in vulnerabilities:
+            title = vulnerability["message"]
+            description = vulnerability["description"]
+            severity = self.normalise_severity(vulnerability["severity"])
+            location = vulnerability["location"]
+            finding = Finding(
+                test=test,
+                title=title,
+                description=description,
+                date=date,
+                severity=severity,
+                static_finding=True,
+                dynamic_finding=False,
+                unique_id_from_tool=vulnerability["id"],
+            )
+
+            if "file" in location:
+                finding.file_path = location["file"]
+            if "start_line" in location:
+                finding.line = int(location["start_line"])
+            if "raw_source_code_extract" in vulnerability:
+                finding.description += "\n" + vulnerability["raw_source_code_extract"]
+
+            findings.append(finding)
+        return findings
+
+    def normalise_severity(self, severity):
+        """
+        Normalise GitLab's severity to DefectDojo's
+        (Critical, High, Medium, Low, Unknown, Info) -> (Critical, High, Medium, Low, Info)
+        """
+        if severity == "Unknown":
+            return "Info"
+        return severity
diff --git a/dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_0_vuln.json b/dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_0_vuln.json
@@ -0,0 +1,20 @@
+{
+  "version": "14.0.0",
+  "vulnerabilities": [],
+  "remediations": [],
+  "scan": {
+    "scanner": {
+      "id": "gitleaks",
+      "name": "Gitleaks",
+      "url": "https://github.com/zricethezav/gitleaks",
+      "vendor": {
+        "name": "GitLab"
+      },
+      "version": "v7.5.0"
+    },
+    "type": "secret_detection",
+    "start_time": "2021-06-02T09:13:09",
+    "end_time": "2021-06-02T09:13:09",
+    "status": "success"
+  }
+}
diff --git a/dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln.json b/dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln.json
@@ -0,0 +1,52 @@
+{
+  "version": "14.0.0",
+  "vulnerabilities": [
+    {
+      "id": "714ed3e4e289ad35a089e0a888e8d0120b6a6083b1090a189cbc6a3227396240",
+      "category": "secret_detection",
+      "name": "AWS",
+      "message": "AWS detected; please remove and revoke it if this is a leak.",
+      "description": "AWS",
+      "cve": "README.md:1a5d44a2dca19669d72edf4c4f1c27c4c1ca4b4408fbb17f6ce4ad452d78ddb3:AWS",
+      "severity": "Critical",
+      "confidence": "Unknown",
+      "raw_source_code_extract": "AKIAIOSFODNN7EXAMPLE",
+      "scanner": {
+        "id": "gitleaks",
+        "name": "Gitleaks"
+      },
+      "location": {
+        "file": "README.md",
+        "commit": {
+          "date": "0001-01-01T00:00:00Z",
+          "sha": "0000000"
+        },
+        "start_line": 5,
+        "end_line": 5
+      },
+      "identifiers": [
+        {
+          "type": "gitleaks_rule_id",
+          "name": "Gitleaks rule ID AWS",
+          "value": "AWS"
+        }
+      ]
+    }
+  ],
+  "remediations": [],
+  "scan": {
+    "scanner": {
+      "id": "gitleaks",
+      "name": "Gitleaks",
+      "url": "https://github.com/zricethezav/gitleaks",
+      "vendor": {
+        "name": "GitLab"
+      },
+      "version": "v7.5.0"
+    },
+    "type": "secret_detection",
+    "start_time": "2021-06-02T09:13:09",
+    "end_time": "2021-06-02T09:13:09",
+    "status": "success"
+  }
+}
diff --git a/dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln.json b/dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln.json
@@ -0,0 +1,114 @@
+{
+  "version": "14.0.0",
+  "vulnerabilities": [
+    {
+      "id": "918e2cdfda408c352ee1f9b1fd148926578a8cfec32a82cd0cd21d4aded6e85e",
+      "category": "secret_detection",
+      "name": "SSH private key",
+      "message": "SSH private key detected; please remove and revoke it if this is a leak.",
+      "description": "SSH private key",
+      "cve": "README.md:03d104c669e3c7b6be7f989db8b12c8b910d3be8c1e2a73c9369d3cc0ba803b5:SSH private key",
+      "severity": "Critical",
+      "confidence": "Unknown",
+      "raw_source_code_extract": "-----BEGIN OPENSSH PRIVATE KEY-----",
+      "scanner": {
+        "id": "gitleaks",
+        "name": "Gitleaks"
+      },
+      "location": {
+        "file": "README.md",
+        "commit": {
+          "date": "0001-01-01T00:00:00Z",
+          "sha": "0000000"
+        },
+        "start_line": 20,
+        "end_line": 20
+      },
+      "identifiers": [
+        {
+          "type": "gitleaks_rule_id",
+          "name": "Gitleaks rule ID SSH private key",
+          "value": "SSH private key"
+        }
+      ]
+    },
+    {
+      "id": "5f2fe26d5029737fcd2d131b5f881ddb32edf7ebc003dfab8b5bcd4f05640f98",
+      "category": "secret_detection",
+      "name": "AWS",
+      "message": "AWS detected; please remove and revoke it if this is a leak.",
+      "description": "AWS",
+      "cve": "README.md:1a5d44a2dca19669d72edf4c4f1c27c4c1ca4b4408fbb17f6ce4ad452d78ddb3:AWS",
+      "severity": "Critical",
+      "confidence": "Unknown",
+      "raw_source_code_extract": "AKIAIOSFODNN7EXAMPLE",
+      "scanner": {
+        "id": "gitleaks",
+        "name": "Gitleaks"
+      },
+      "location": {
+        "file": "README.md",
+        "commit": {
+          "date": "0001-01-01T00:00:00Z",
+          "sha": "0000000"
+        },
+        "start_line": 7,
+        "end_line": 7
+      },
+      "identifiers": [
+        {
+          "type": "gitleaks_rule_id",
+          "name": "Gitleaks rule ID AWS",
+          "value": "AWS"
+        }
+      ]
+    },
+    {
+      "id": "b472ce0c4949cc5e22fc0193978b8eab4a7bafe5cd3d23c8de217d11a59431c5",
+      "category": "secret_detection",
+      "name": "Password in URL",
+      "message": "Password in URL detected; please remove and revoke it if this is a leak.",
+      "description": "Password in URL",
+      "cve": "README.md:9aa1da8f23a3e99f2b894638b0d6c584b1613075eca0f74d79de0c7bd07e150b:Password in URL",
+      "severity": "Critical",
+      "confidence": "Unknown",
+      "raw_source_code_extract": "https://random:password@endpoint.com/path",
+      "scanner": {
+        "id": "gitleaks",
+        "name": "Gitleaks"
+      },
+      "location": {
+        "file": "README.md",
+        "commit": {
+          "date": "0001-01-01T00:00:00Z",
+          "sha": "0000000"
+        },
+        "start_line": 14,
+        "end_line": 14
+      },
+      "identifiers": [
+        {
+          "type": "gitleaks_rule_id",
+          "name": "Gitleaks rule ID Password in URL",
+          "value": "Password in URL"
+        }
+      ]
+    }
+  ],
+  "remediations": [],
+  "scan": {
+    "scanner": {
+      "id": "gitleaks",
+      "name": "Gitleaks",
+      "url": "https://github.com/zricethezav/gitleaks",
+      "vendor": {
+        "name": "GitLab"
+      },
+      "version": "v7.5.0"
+    },
+    "type": "secret_detection",
+    "start_time": "2021-06-02T09:25:50",
+    "end_time": "2021-06-02T09:25:50",
+    "status": "success"
+  }
+}
diff --git a/dojo/unittests/tools/test_gitlab_secret_detection_report_parser.py b/dojo/unittests/tools/test_gitlab_secret_detection_report_parser.py
@@ -0,0 +1,55 @@
+from datetime import datetime
+from django.test import TestCase
+from dojo.tools.gitlab_secret_detection_report.parser import (
+    GitlabSecretDetectionReportParser,
+)
+from dojo.models import Test
+
+
+class TestGitlabSecretDetectionReportParser(TestCase):
+    def test_gitlab_secret_detection_report_parser_with_no_vuln_has_no_findings(self):
+        testfile = open(
+            "dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_0_vuln.json"
+        )
+        parser = GitlabSecretDetectionReportParser()
+        findings = parser.get_findings(testfile, Test())
+        testfile.close()
+        self.assertEqual(0, len(findings))
+
+    def test_gitlab_secret_detection_report_parser_with_one_vuln_has_one_findings(
+        self,
+    ):
+        testfile = open(
+            "dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln.json"
+        )
+        parser = GitlabSecretDetectionReportParser()
+        findings = parser.get_findings(testfile, Test())
+        testfile.close()
+        for finding in findings:
+            for endpoint in finding.unsaved_endpoints:
+                endpoint.clean()
+        first_finding = findings[0]
+        self.assertEqual(1, len(findings))
+        self.assertEqual(datetime(2021, 6, 2, 9, 13, 9), first_finding.date)
+        self.assertEqual(5, first_finding.line)
+        self.assertEqual("Critical", first_finding.severity)
+        self.assertEqual("README.md", first_finding.file_path)
+        self.assertEqual("AWS\nAKIAIOSFODNN7EXAMPLE", first_finding.description)
+        self.assertEqual(
+            "714ed3e4e289ad35a089e0a888e8d0120b6a6083b1090a189cbc6a3227396240",
+            first_finding.unique_id_from_tool,
+        )
+
+    def test_gitlab_secret_detection_report_parser_with_many_vuln_has_many_findings(
+        self,
+    ):
+        testfile = open(
+            "dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln.json"
+        )
+        parser = GitlabSecretDetectionReportParser()
+        findings = parser.get_findings(testfile, Test())
+        testfile.close()
+        for finding in findings:
+            for endpoint in finding.unsaved_endpoints:
+                endpoint.clean()
+        self.assertEqual(3, len(findings))
