Generic parser update (#13139)

mykhailo-sindieiev · web-flow · commit a998a9bd2afc · 2025-09-12T18:38:20.000+02:00
* add new fields to generic parser

* add test file

* fix missing trailing comma

* modify csv parser and add csv test file

* remove spaces from blank lines

* update parser documentation
diff --git a/docs/content/en/connecting_your_tools/parsers/file/generic.md b/docs/content/en/connecting_your_tools/parsers/file/generic.md
@@ -1,10 +1,12 @@
 ---
-title: "Generic Findings Import"
+title: 'Generic Findings Import'
 toc_hide: true
 ---
+
 Import Generic findings in CSV or JSON format.
 
 Attributes supported for CSV:
+
 - Date: Date of the finding in mm/dd/yyyy format.
 - Title: Title of the finding
 - CweId: Cwe identifier, must be an integer value.
@@ -18,13 +20,79 @@ Attributes supported for CSV:
 - Verified: Indicator if the finding has been verified. Must be empty, TRUE, or FALSE
 - FalsePositive: Indicator if the finding is a false positive. Must be TRUE, or FALSE.
 - Duplicate:Indicator if the finding is a duplicate. Must be TRUE, or FALSE
-- IsMitigated: Indicator if the finding is mitigated.  Must be TRUE, or FALSE
+- IsMitigated: Indicator if the finding is mitigated. Must be TRUE, or FALSE
 - MitigatedDate: Date the finding was mitigated in mm/dd/yyyy format or ISO format
+- epss_score: Finding [EPSS score](https://www.first.org/epss/)
+- epss_percentile: Finding [EPSS percentile](https://www.first.org/epss/articles/prob_percentile_bins)
+- CVSSV3: CVSSv3 verctor of the finding
+- CVSSV3_score: CVSSv3 score of the finding
+- CVSSV4: CVSSv4 vector of the finding
+- CVSSV4_score: CVSSv4 score of the finding
+- known_exploited: Indicator if the finding is listed in Known Exploited List. Must be TRUE, or FALSE
+- ransomware_used: Indicator if the finding is used in Ransomware. Must be TRUE, or FALSE
+- fix_available: Indicator if fix available for the finding. Must be TRUE, or FALSE
+- kev_date: Date the finding was added to Known Exploited Vulnerabilities list in mm/dd/yyyy format or ISO format.
 
 The CSV expects a header row with the names of the attributes.
 
 Date fields are parsed using [dateutil.parse](https://dateutil.readthedocs.io/en/stable/parser.html) supporting a variety of formats such a YYYY-MM-DD or ISO-8601.
 
+The list of supported fields in JSON format:
+
+- title: **Required.** String
+- severity: **Required.** One of the "Critical", "High", "Medium", "Low", "Info"
+- description: **Required.** String
+- date: Date
+- cwe: Int
+- cve: String
+- epss_score: Float
+- epss_percentile: Float
+- cvssv3: String
+- cvssv3_score: Float
+- cvssv4: String
+- cvssv4_score: Float
+- mitigation: String
+- impact: String
+- steps_to_reproduce: String
+- severity_justification: String
+- references: String
+- active: Bool
+- verified: Bool
+- false_p: Bool
+- out_of_scope: Bool
+- risk_accepted: Bool
+- under_review: Bool
+- is_mitigated: Bool
+- thread_id: String
+- mitigated: Bool
+- numerical_severity: Int
+- param: String
+- payload: String
+- line: Int
+- file_path: String
+- component_name: String
+- component_version: String
+- static_finding: Bool
+- dynamic_finding: Bool
+- scanner_confidence: Int
+- unique_id_from_tool: String
+- vuln_id_from_tool: String
+- sast_source_object: String
+- sast_sink_object: String
+- sast_source_line: Int
+- sast_source_file_path: String
+- nb_occurences: Int
+- publish_date: Date
+- service: String
+- planned_remediation_date: Date
+- planned_remediation_version: String
+- effort_for_fixing: One of the "High", "Medium", "Low"
+- tags: List of Strings
+- kev_date: Date
+- known_exploited: Bool
+- ransomware_used: Bool
+- fix_available: Bool
+
 Example of JSON format:
 
 ```JSON
@@ -39,13 +107,23 @@ Example of JSON format:
             "cve": "CVE-2020-36234",
             "cwe": 261,
             "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+            "cvssv4": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
+            "cvssv4_score": 7.3,
+            "known_exploited": true,
+            "ransomware_used": true,
+            "fix_available": true,
+            "kev_date": "2024-05-01",
             "file_path": "src/first.cpp",
             "line": 13,
             "endpoints": [
                 {
                     "host": "exemple.com"
                 }
-            ]
+            ],
+            "tags": [
+                "security",
+                "myTag"
+            ],
         },
         {
             "title": "test title with endpoints as strings",
@@ -144,9 +222,11 @@ Example:
 ```
 
 ### Sample Scan Data
+
 Sample Generic Findings Import scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/generic).
 
 ### Default Deduplication Hashcode Fields
+
 By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
 
 - title
diff --git a/dojo/tools/generic/csv_parser.py b/dojo/tools/generic/csv_parser.py
@@ -81,6 +81,26 @@ def _get_findings_csv(self, filename):
                 if len(cvss_objects) > 0:
                     finding.cvssv3 = cvss_objects[0].clean_vector()
 
+            if "CVSSV4" in row:
+                cvss4_objects = cvss_parser.parse_cvss_from_text(row["CVSSV4"])
+                if len(cvss4_objects) > 0:
+                    finding.cvssv4 = cvss4_objects[0].clean_vector()
+
+            if "CVSSV4_score" in row:
+                finding.cvssv4_score = float(row["CVSSV4_score"])
+
+            if "kev_date" in row:
+                finding.kev_date = parse(row["kev_date"])
+
+            if "known_exploited" in row:
+                finding.known_exploited = bool(row["known_exploited"])
+
+            if "ransomware_used" in row:
+                finding.ransomware_used = bool(row["ransomware_used"])
+
+            if "fix_available" in row:
+                finding.fix_available = bool(row["fix_available"])
+
             # manage endpoints
             if "Url" in row:
                 finding.unsaved_endpoints = [
diff --git a/dojo/tools/generic/json_parser.py b/dojo/tools/generic/json_parser.py
@@ -65,6 +65,8 @@ def _get_test_json(self, data):
                 "epss_percentile",
                 "cvssv3",
                 "cvssv3_score",
+                "cvssv4",
+                "cvssv4_score",
                 "mitigation",
                 "impact",
                 "steps_to_reproduce",
@@ -102,6 +104,10 @@ def _get_test_json(self, data):
                 "planned_remediation_version",
                 "effort_for_fixing",
                 "tags",
+                "kev_date",
+                "known_exploited",
+                "ransomware_used",
+                "fix_available",
             }.union(required)
             not_allowed = sorted(set(item).difference(allowed))
             if not_allowed:
diff --git a/unittests/scans/generic/generic_report_kev_cvssv4.csv b/unittests/scans/generic/generic_report_kev_cvssv4.csv
@@ -0,0 +1,2 @@
+Date,Title,CweId,epss_score,epss_percentile,Url,Severity,Description,Mitigation,Impact,References,Active,Verified,FalsePositive,Duplicate,CVSSV4,CVSSV4_score,known_exploited,ransomware_used,fix_available,kev_date,CVSSV3
+01/30/2018,"Test finding",0,.00042,.23474,https://192.168.1.1/,Low,"Test finding description",,,,False,False,False,False,"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","7.3",True,True,True,"09/11/2025","CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N""
diff --git a/unittests/scans/generic/generic_report_kev_cvssv4.json b/unittests/scans/generic/generic_report_kev_cvssv4.json
@@ -0,0 +1,46 @@
+{
+    "findings": [
+        {
+            "title": "test title",
+            "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau",
+            "active": true,
+            "verified": true,
+            "severity": "Medium",
+            "impact": "Some impact",
+            "date": "2021-01-06",
+            "cve": "CVE-2020-36234",
+            "cwe": 261,
+            "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+            "tags": [
+                "security",
+                "network"
+            ],
+            "unique_id_from_tool": "3287f2d0-554f-491b-8516-3c349ead8ee5",
+            "vuln_id_from_tool": "TEST1",
+            "known_exploited": true,
+            "ransomware_used": true,
+            "fix_available": true,
+            "kev_date": "2024-05-01",
+            "cvssv4": "CVSS:4.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+            "cvssv4_score": 7.3
+        },
+        {
+            "title": "test title2",
+            "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau2",
+            "active": true,
+            "verified": false,
+            "severity": "Medium",
+            "impact": "Some impact",
+            "date": "2021-01-06",
+            "cve": "CVE-2020-36235",
+            "cwe": 287,
+            "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+            "tags": [
+                "security",
+                "network"
+            ],
+            "unique_id_from_tool": "42500af3-68c5-4dc3-8022-191d93c2f1f7",
+            "vuln_id_from_tool": "TEST2"
+        }
+    ]
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+Date,Title,CweId,epss_score,epss_percentile,Url,Severity,Description,Mitigation,Impact,References,Active,Verified,FalsePositive,Duplicate,CVSSV4,CVSSV4_score,known_exploited,ransomware_used,fix_available,kev_date,CVSSV3`
	`2`	`+01/30/2018,"Test finding",0,.00042,.23474,https://192.168.1.1/,Low,"Test finding description",,,,False,False,False,False,"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","7.3",True,True,True,"09/11/2025","CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N""`