Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 fix AWSSecurityHub EPSS Score #10956 #10959

Merged
merged 3 commits into from
Sep 26, 2024

Conversation

manuel-sommer
Copy link
Contributor

Copy link

dryrunsecurity bot commented Sep 25, 2024

DryRun Security Summary

The pull request focuses on improving the functionality and reliability of the AwsSecurityHubParser class, including adding a new test case to verify the parsing of the epss_score field and enhancing the handling of the EPSS score, vulnerability information extraction, finding status tracking, and resource information capture in the dojo/tools/awssecurityhub/inspector.py file.

Expand for full summary

Summary:

The changes in this pull request are focused on improving the functionality and reliability of the AwsSecurityHubParser class, which is responsible for parsing and processing AWS Security Hub findings. The changes include adding a new test case to verify the parsing of the epss_score (Exploitability Prediction Score) field, as well as introducing a new JSON file containing a security finding reported by the AWS Inspector service.

The changes to the dojo/tools/awssecurityhub/inspector.py file are also noteworthy, as they enhance the handling of the EPSS score, vulnerability information extraction, finding status tracking, and resource information capture. These improvements help provide more comprehensive security insights and facilitate more effective vulnerability management.

Overall, the changes in this pull request do not directly address security vulnerabilities or concerns, but rather focus on improving the functionality and reliability of the security-related components of the application. From an application security perspective, these changes are reasonable and can contribute to a more robust and effective security posture.

Files Changed:

  1. unittests/tools/test_awssecurityhub_parser.py:

    • A new test case, test_issue_10956, has been added to the TestAwsSecurityHubParser class. This test case checks the parsing of a specific Security Hub finding, with a focus on verifying the epss_score.
  2. unittests/scans/awssecurityhub/issue_10956.json:

    • This new JSON file contains a security finding reported by the AWS Inspector service, providing details about a vulnerability identified in an Amazon Linux 2023 instance.
  3. dojo/tools/awssecurityhub/inspector.py:

    • The code has been updated to handle the case where the EpssScore field in the finding is None.
    • The code extracts various details about the vulnerabilities found, such as CVE IDs, related vulnerabilities, vulnerable packages, and vendor information.
    • The code checks the FindingStatus field of the finding to determine whether the finding is active or mitigated and sets the appropriate values for the Finding object.
    • The code extracts information about the affected resources, such as the resource type and ID, and creates Endpoint objects to represent these resources.

Code Analysis

We ran 9 analyzers against 3 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@Maffooch Maffooch merged commit ae39ad9 into DefectDojo:bugfix Sep 26, 2024
73 checks passed
@manuel-sommer manuel-sommer deleted the issue10956 branch September 26, 2024 19:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants