Wiz Parser: Add SCA parser and fortify old format

[Maffooch]

Wiz has a SCA format that does not appear to be supported yet. In order to support it best, I modified the original parser to be a bit safer in the event a new format comes along

[sc-7534]

[dryrunsecurity]

DryRun Security Summary

This pull request integrates the Wiz security tool with the DefectDojo vulnerability management platform, including updates to the configuration file integrity, deduplication algorithm, Wiz parser implementation, Wiz scan data, and Wiz parser unit tests.

Expand for full summary

Summary:

This pull request contains several changes related to the integration of the Wiz security tool with the DefectDojo vulnerability management platform. The key changes include:

1. Configuration File Integrity: The update to the dojo/settings/.settings.dist.py.sha256sum file ensures the integrity of the application's configuration file by updating the SHA-256 hash value. This is a routine change when modifications are made to the configuration.

2. Deduplication Algorithm Update: The change to the dojo/settings/settings.dist.py file updates the deduplication algorithm used for the "Wiz Scan" test type, improving the detection of duplicate findings by using both the unique_id_from_tool and the hash_code.

3. Wiz Parser Implementation: The changes to the dojo/tools/wiz/parser.py file provide a flexible and robust implementation of a parser for Wiz scan results in CSV format. The parser can handle different CSV formats, extract detailed findings information, and ensure accurate representation of finding statuses and severities in DefectDojo.

4. Wiz Scan Data Update: The changes to the unittests/scans/wiz/sca_format.csv file update the security scan results, including the addition of several new vulnerability findings from the Wiz tool, along with detailed information about the vulnerabilities and affected assets.

5. Wiz Parser Unit Tests: The changes to the unittests/tools/test_wiz_parser.py file introduce a new test case to verify the parser's handling of a specific format of Wiz security scan data, ensuring the accuracy and robustness of the parsing implementation.

Overall, these changes demonstrate the integration of the Wiz security tool with the DefectDojo vulnerability management platform, which is a common requirement for organizations that use both tools in their security workflows. The changes focus on improving the integrity, accuracy, and flexibility of the integration, which is an important aspect of an application security engineer's responsibilities.

Files Changed:

1. dojo/settings/.settings.dist.py.sha256sum: The SHA-256 hash value of the configuration file has been updated, ensuring the integrity of the application's configuration.
2. dojo/settings/settings.dist.py: The deduplication algorithm used for the "Wiz Scan" test type has been updated from DEDUPE_ALGO_HASH_CODE to DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, improving the detection of duplicate findings.
3. dojo/tools/wiz/parser.py: The implementation of the Wiz scan results parser has been updated to handle different CSV formats, extract detailed findings information, and ensure accurate representation of finding statuses and severities in DefectDojo.
4. unittests/scans/wiz/sca_format.csv: The security scan results have been updated, including the addition of several new vulnerability findings from the Wiz tool, along with detailed information about the vulnerabilities and affected assets.
5. unittests/tools/test_wiz_parser.py: A new test case has been added to verify the parser's handling of a specific format of Wiz security scan data, ensuring the accuracy and robustness of the parsing implementation.

Code Analysis

We ran 9 analyzers against 5 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[cneill]

Some minor questions, but I don't consider either one a blocker

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.