New Parser: Kiuwan SCA (#10522)

* Update kiuwan docs

* Add Kiuwan SCA test files

* Add Kiuwan SCA Parser Unittest

* Add Kiuwan SCA parser implementation

* Add more fields to the Kiuwan SCA parser

* Update parser docs

* Add test case for "muted" findings

* Update finding title

* Minor cleanupo

* Update hashing logic

* Remove print statement

* Add optional epss support

* Add epss unit test

* Add custom deduplication logic as default static is not enough for SCA

* Remove cve as it is not allowed for deduplication

* Set finding title to component name as this makes more sense within the UI display

* Fix lint warnings

* Fix another lint warning

* Fix lint error

* fix lint errors

* fix lint errors

* fix lint errors

* Fix lint

* Fix lint

* Refactor: minor cleanup

* chore: add sha256sum of settings.dist.py

* chore: add sha256sum of settings.dist.py

Author: mwager

docs/content/en/integrations/parsers/file/kiuwan-sca.md

@@ -0,0 +1,26 @@
+---
+title: Kiuwan Scanner (SCA i.e. "Insights")
+toc_hide: true
+---
+Import Kiuwan Insights Scan in JSON format. Export via API endpoint `insights/analysis/security` as json and create a file for importing to DefectDojo.
+
+### Example Code
+
+Data can be fetched from the [Kiuwan REST API](https://static.kiuwan.com/rest-api/kiuwan-rest-api.html) like this:
+
+```
+import requests, json
+headers = {'Authorization': 'Basic $KIUWAN_TOKEN', 'Accept' : 'application/json'}
+
+appName = "Test"
+analysisCode = "A-111-1111111111"
+
+URL = "https://api.kiuwan.com/insights/analysis/security?analysisCode=" + analysisCode + "&application=" + appName
+response = requests.get(url = URL, headers = headers)
+jsonResponse = r.json()
+data = jsonResponse["data"]
+saveFile("result.json", json.dumps(data, indent=2))
+```
+
+### Sample Scan Data
+Sample Kiuwan Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/kiuwan-sca).

docs/content/en/integrations/parsers/file/kiuwan.md

@@ -1,8 +1,8 @@
 ---
-title: "Kiuwan Scanner"
+title: "Kiuwan Scanner (SAST)"
 toc_hide: true
 ---
-Import Kiuwan Scan in CSV format. Export as CSV Results on Kiuwan.
+Import Kiuwan SAST Scan in CSV format. Export as CSV Results on Kiuwan, or via the [Kiuwan REST API](https://static.kiuwan.com/rest-api/kiuwan-rest-api.html) endpoint `vulnerabilities/export` (type=csv).
 
 ### Sample Scan Data
-Sample Kiuwan Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/kiuwan).
+Sample Kiuwan Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/kiuwan).

dojo/settings/.settings.dist.py.sha256sum

@@ -1 +1 @@
-a955e77c0c9e292e3d80eec500a586e2c0b43efded3ba74a7fc1801862150e51
+2938ce5637b436fb25afc49dbc5eb68e3b640b87e311d052810ca82ad9c641a1

dojo/settings/settings.dist.py

@@ -1270,6 +1270,7 @@ def saml2_attrib_map_format(dict):
     "Nancy Scan": ["title", "vuln_id_from_tool"],
     "Wiz Scan": ["title", "description", "severity"],
     "Kubescape JSON Importer": ["title", "component_name"],
+    "Kiuwan SCA Scan": ["description", "severity", "component_name", "component_version", "cwe"],
 }
 
 # Override the hardcoded settings here via the env var
@@ -1489,6 +1490,7 @@ def saml2_attrib_map_format(dict):
     "Wiz Scan": DEDUPE_ALGO_HASH_CODE,
     "Deepfence Threatmapper Report": DEDUPE_ALGO_HASH_CODE,
     "Kubescape JSON Importer": DEDUPE_ALGO_HASH_CODE,
+    "Kiuwan SCA Scan": DEDUPE_ALGO_HASH_CODE,
 }
 
 # Override the hardcoded settings here via the env var

dojo/tools/kiuwan_sca/__init__.py

@@ -0,0 +1,86 @@
+import hashlib
+import json
+
+from dojo.models import Finding
+
+__author__ = "mwager"
+
+
+class KiuwanSCAParser:
+    SEVERITY = {
+        "-": "Low",
+        "LOW": "Low",
+        "MEDIUM": "Medium",
+        "HIGH": "High",
+        "CRITICAL": "Critical",
+        "Low": "Low",
+        "Medium": "Medium",
+        "High": "High",
+        "Critical": "Critical",
+    }
+
+    def get_scan_types(self):
+        return ["Kiuwan SCA Scan"]
+
+    def get_label_for_scan_types(self, scan_type):
+        return scan_type
+
+    def get_description_for_scan_types(self, scan_type):
+        return "Import Kiuwan Insights Scan in JSON format. Export as JSON using Kiuwan REST API."
+
+    def get_findings(self, filename, test):
+        data = json.load(filename)
+        dupes = {}
+
+        for row in data:
+            # if a finding was "muted" in the Kiuwan UI, we ignore it (e.g. marked as false positive)
+            if row["muted"] is True:
+                continue
+
+            finding = Finding(test=test)
+            finding.unique_id_from_tool = row["id"]
+            finding.cve = row["cve"]
+            finding.description = row["description"]
+            finding.severity = self.SEVERITY[row["securityRisk"]]
+
+            if "components" in row and len(row["components"]) > 0:
+                finding.component_name = row["components"][0]["artifact"]
+                finding.component_version = row["components"][0]["version"]
+                finding.title = finding.component_name + " v" + str(finding.component_version)
+
+            if not finding.title:
+                finding.title = row["cve"]
+
+            if "cwe" in row and "CWE-" in row["cwe"]:
+                finding.cwe = int(row["cwe"].replace("CWE-", ""))
+
+            if "epss_score" in row:
+                finding.epss_score = row["epss_score"]
+            if "epss_percentile" in row:
+                finding.epss_percentile = row["epss_percentile"]
+
+            if "cVSSv3BaseScore" in row:
+                finding.cvssv3_score = float(row["cVSSv3BaseScore"])
+
+            finding.references = "See Kiuwan Web UI"
+            finding.mitigation = "See Kiuwan Web UI"
+            finding.static_finding = True
+
+            key = hashlib.sha256(
+                (
+                    finding.description
+                    + "|"
+                    + finding.severity
+                    + "|"
+                    + finding.component_name
+                    + "|"
+                    + finding.component_version
+                    + "|"
+                    + str(finding.cwe)
+                ).encode("utf-8"),
+            ).hexdigest()
+
+            if key not in dupes:
+                dupes[key] = finding
+
+        return list(dupes.values())