Fix parser name, Add assert on epss score and cwe

Author: AmineHazi

…ng_your_tools/parsers/file/cyberwatch.md …_tools/parsers/file/cyberwatch_galeax.mddocs/content/en/connecting_your_tools/parsers/file/cyberwatch.md renamed to docs/content/en/connecting_your_tools/parsers/file/cyberwatch_galeax.md docs/content/en/connecting_your_tools/parsers/file/cyberwatch.md renamed to docs/content/en/connecting_your_tools/parsers/file/cyberwatch_galeax.md

@@ -1346,7 +1346,7 @@ def saml2_attrib_map_format(din):
     "KrakenD Audit Scan": ["description", "mitigation", "severity"],
     "Red Hat Satellite": ["description", "severity"],
     "Qualys Hacker Guardian Scan": ["title", "severity", "description"],
-    "Cyberwatch scan": ["title", "description", "severity"],
+    "Cyberwatch scan (Galeax)": ["title", "description", "severity"],
 }
 
 # Override the hardcoded settings here via the env var
@@ -1417,7 +1417,7 @@ def saml2_attrib_map_format(din):
     "Threagile risks report": True,
     "HCL AppScan on Cloud SAST XML": True,
     "AWS Inspector2 Scan": True,
-    "Cyberwatch scan": True,
+    "Cyberwatch scan (Galeax)": True,
 }
 
 # List of fields that are known to be usable in hash_code computation)
@@ -1599,7 +1599,7 @@ def saml2_attrib_map_format(din):
     "PTART Report": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
     "Red Hat Satellite": DEDUPE_ALGO_HASH_CODE,
     "Qualys Hacker Guardian Scan": DEDUPE_ALGO_HASH_CODE,
-    "Cyberwatch scan": DEDUPE_ALGO_HASH_CODE,
+    "Cyberwatch scan (Galeax)": DEDUPE_ALGO_HASH_CODE,
 }
 
 # Override the hardcoded settings here via the env var

dojo/settings/settings.dist.py

@@ -13,13 +13,13 @@
 
 class CyberwatchParser:
     def get_scan_types(self):
-        return ["Cyberwatch scan"]
+        return ["Cyberwatch scan (Galeax)"]
 
     def get_label_for_scan_types(self, scan_type):
-        return "Cyberwatch scan"
+        return "Cyberwatch scan (Galeax)"
 
     def get_description_for_scan_types(self, scan_type):
-        return "Import Cyberwatch scan results in JSON format."
+        return "Import Cyberwatch Cve and Security Issue data in JSON format, you can get the json from this tool : https://github.com/Galeax/Cyberwatch-API-DefectDojo"
 
     def get_findings(self, filename, test):
         logger.debug(f"Starting get_findings with filename: {filename}")

dojo/tools/cyberwatch/__init__.py dojo/tools/cyberwatch_galeax/__init__.pydojo/tools/cyberwatch/__init__.py renamed to dojo/tools/cyberwatch_galeax/__init__.py

@@ -2,7 +2,7 @@
 from pathlib import Path
 
 from dojo.models import Test
-from dojo.tools.cyberwatch.parser import CyberwatchParser
+from dojo.tools.cyberwatch_galeax.parser import CyberwatchParser
 
 
 class TestCyberwatchParser(unittest.TestCase):
@@ -12,76 +12,85 @@ def setUp(self):
         self.test = Test()
 
     def test_no_findings(self):
-        testfile = Path("unittests/scans/cyberwatch/no_findings.json")
+        testfile = Path("unittests/scans/cyberwatch_galeax/no_findings.json")
         with testfile.open("rb") as file:
             findings = self.parser.get_findings(file, self.test)
             self.assertEqual(0, len(findings))
 
     def test_one_security_issue(self):
-        testfile = Path("unittests/scans/cyberwatch/one_security_issue.json")
+        testfile = Path("unittests/scans/cyberwatch_galeax/one_security_issue.json")
         with testfile.open("rb") as file:
             findings = self.parser.get_findings(file, self.test)
             self.assertEqual(1, len(findings))
 
             finding = findings[0]
             self.assertEqual("Security Issue - Fingerprint Web Application Framework", finding.title)
             self.assertEqual("Info", finding.severity)
-            # Expect both endpoints to have the same host as per new JSON
+            # Validate endpoints
+            for endpoint in finding.unsaved_endpoints:
+                endpoint.clean()
             endpoint_hosts = [e.host for e in finding.unsaved_endpoints]
             self.assertEqual(2, len(endpoint_hosts))
             self.assertTrue(all(host == "host" for host in endpoint_hosts))
             self.assertEqual("No mitigation provided.", finding.mitigation)
             self.assertEqual("", finding.references)
 
     def test_one_cve(self):
-        testfile = Path("unittests/scans/cyberwatch/one_cve.json")
+        testfile = Path("unittests/scans/cyberwatch_galeax/one_cve.json")
         with testfile.open("rb") as file:
             findings = self.parser.get_findings(file, self.test)
             self.assertEqual(1, len(findings))
 
             finding = findings[0]
-            # When there are no products, title equals the CVE code
             self.assertEqual("CVE-2023-42366", finding.title)
             self.assertEqual("Medium", finding.severity)
             self.assertIn("CVSS Base vector:", finding.description)
             self.assertIn("CVE Published At: 2023-11-27T23:15:07.420+01:00", finding.description)
             self.assertIn("Exploit Code Maturity: proof_of_concept", finding.description)
-            self.assertIn("EPSS: 0.00044", finding.description)
-            # Since there are no updates_assets, mitigation is set to a string starting with "Fixed At:"
             self.assertTrue(finding.mitigation.startswith("Fixed At:"))
+            self.assertEqual(0.00044, finding.epss_score)
             self.assertEqual("Updated At: 2024-12-06T14:15:19.530+01:00", finding.references)
             self.assertEqual(1, len(finding.unsaved_endpoints))
+            self.assertEqual(787, finding.cwe)
+            # Validate endpoints
+            for endpoint in finding.unsaved_endpoints:
+                endpoint.clean()
             endpoint_hosts = [e.host for e in finding.unsaved_endpoints]
             self.assertIn("computer_name", endpoint_hosts)
 
     def test_mixed_findings(self):
-        testfile = Path("unittests/scans/cyberwatch/mixed_findings.json")
+        testfile = Path("unittests/scans/cyberwatch_galeax/mixed_findings.json")
         with testfile.open("rb") as file:
             findings = self.parser.get_findings(file, self.test)
 
             self.assertEqual(3, len(findings))
 
-            # Separate CVEs and Security Issues by title
             cve_findings = [f for f in findings if f.title.startswith("CVE-")]
             security_issues = [f for f in findings if f.title.startswith("Security Issue")]
 
             self.assertEqual(1, len(cve_findings))
             self.assertEqual(2, len(security_issues))
 
-            # For the CVE finding, check expected properties
             cve_finding = cve_findings[0]
             self.assertEqual("CVE-2023-42366", cve_finding.title)
             self.assertEqual("Medium", cve_finding.severity)
             self.assertIn("CVE Published At:", cve_finding.description)
             self.assertIn("Updated At: 2024-12-06T14:15:19.530+01:00", cve_finding.references)
             self.assertEqual(1, len(cve_finding.unsaved_endpoints))
+            self.assertEqual(0.00044, cve_finding.epss_score)
+            self.assertEqual(787, cve_finding.cwe)
+            # Validate endpoints
+            for endpoint in cve_finding.unsaved_endpoints:
+                endpoint.clean()
             self.assertIsNone(cve_finding.component_name)
 
-            # For each security issue, check that title and severity are valid and endpoints exist
             for sec_issue in security_issues:
                 self.assertTrue(sec_issue.title.startswith("Security Issue - "))
                 self.assertIn(sec_issue.severity, ["Critical", "High", "Medium", "Low", "Info"])
                 self.assertTrue(len(sec_issue.unsaved_endpoints) > 0)
+                # Validate endpoints
+                for endpoint in sec_issue.unsaved_endpoints:
+                    endpoint.clean()
                 self.assertIsNotNone(sec_issue.description)
                 self.assertIsNotNone(sec_issue.mitigation)
                 self.assertIsNotNone(sec_issue.impact)