Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ implement google cloud artifact scan #9338

Merged
merged 3 commits into from
Jan 19, 2024
Merged

✨ implement google cloud artifact scan #9338

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
68c6c9b
:sparkles: implement google cloud artifact scan, #8552
manuel-sommer Jan 16, 2024
a33f390
fix unittest
manuel-sommer Jan 16, 2024
388bb46
docs update
manuel-sommer Jan 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions docs/content/en/integrations/parsers/file/gcloud_artifact_scan.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---

Check warning on line 1 in docs/content/en/integrations/parsers/file/gcloud_artifact_scan.md

View check run for this annotation

DryRunSecurity / AI-powered Sensitive Function Check

Possible Sensitive Function 


                        Our AI-Powered Sensitive Function checker believes it has discovered
                        a sensitive function being modified in this PR. The name of the function
                        is `none`. Extra care must be taken when modifying a 
                        function that is potentially security-sensitive. The following reason was
                        provided for why this function was flagged as sensitive:
    
                        The size of the files being changed in this pull request is too large. We are working on increasing that limit. Stay tuned for more...
title: "Google Cloud Artifact Vulnerability Scan"
toc_hide: true
---
Import Findings from JSON file format.
1 change: 1 addition & 0 deletions dojo/tools/gcloud_artifact_scan/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
__author__ = "manuel_sommer"
55 changes: 55 additions & 0 deletions dojo/tools/gcloud_artifact_scan/parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
import json
from dojo.models import Finding


class GCloudArtifactScanParser(object):
def get_scan_types(self):
return ["Google Cloud Artifact Vulnerability Scan"]

def get_label_for_scan_types(self, scan_type):
return scan_type # no custom label for now

def get_description_for_scan_types(self, scan_type):
return "Import Google Cloud Artifact Vulnerability scans in JSON format."

def parse_json(self, json_output):
try:
data = json_output.read()
try:
tree = json.loads(str(data, "utf-8"))
except Exception:
tree = json.loads(data)
except Exception:
raise ValueError("Invalid format")
return tree

def get_findings(self, json_output, test):
findings = []
if json_output is None:
return findings
tree = self.parse_json(json_output)
if tree:
for severity in tree["package_vulnerability_summary"]["vulnerabilities"]:
for vuln in tree["package_vulnerability_summary"]["vulnerabilities"][severity]:
description = "name: " + str(vuln["name"]) + "\n\n"
description += "resourceUri: " + str(vuln["resourceUri"]) + "\n"
description += "fixAvailable: " + str(vuln["vulnerability"]["fixAvailable"]) + "\n"
description += "packageIssue: " + str(vuln["vulnerability"]["packageIssue"]) + "\n"
description += "CVE: " + str(vuln["vulnerability"]["shortDescription"]) + "\n"
reference = ""
for ref in vuln["vulnerability"]["relatedUrls"]:
reference += ref["url"] + "\n"
finding = Finding(
title=vuln["noteName"],
test=test,
description=description,
severity=severity.lower().capitalize(),
references=reference,
component_name="affectedCPEUri: " + vuln["vulnerability"]["packageIssue"][0]["affectedCpeUri"] + " affectedPackage: " + vuln["vulnerability"]["packageIssue"][0]["affectedPackage"],
component_version=vuln["vulnerability"]["packageIssue"][0]["affectedVersion"]["fullName"],
static_finding=True,
dynamic_finding=False,
cvssv3_score=vuln["vulnerability"]["cvssScore"]
)
findings.append(finding)
return findings
Loading