DefectDojo
diff --git a/‎docs/content/en/integrations/parsers/file/legitify.md‎
Lines changed: 9 additions & 0 deletions b/‎docs/content/en/integrations/parsers/file/legitify.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎dojo/settings/.settings.dist.py.sha256sum‎
Lines changed: 1 addition & 1 deletion b/‎dojo/settings/.settings.dist.py.sha256sum‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dojo/settings/settings.dist.py‎
Lines changed: 2 additions & 0 deletions b/‎dojo/settings/settings.dist.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎dojo/tools/legitify/__init__.py‎ b/‎dojo/tools/legitify/__init__.py‎
diff --git a/‎dojo/tools/legitify/parser.py‎
Lines changed: 69 additions & 0 deletions b/‎dojo/tools/legitify/parser.py‎
Lines changed: 69 additions & 0 deletions
@@ -0,0 +1,9 @@
+---
+title: "Legitify"
+toc_hide: true
+---
+### File Types
+This DefectDojo parser accepts JSON files (in flattened format) from Legitify. For further details regarding the results, please consult the relevant [documentation](https://github.com/Legit-Labs/legitify?tab=readme-ov-file#output-options).
+
+### Sample Scan Data
+Sample scan data for testing purposes can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/legitify).
@@ -1 +1 @@
-38096a82c7cdeec6ca9c663c1ec3d6a5692a0e7bbfdea8fd2f05c58f753430d4
+71285f56a01869df55a802d79343f43c2e6a42ed52c4bb3591202e62b8569c64
@@ -1277,6 +1277,7 @@ def saml2_attrib_map_format(dict):
     "Kiuwan SCA Scan": ["description", "severity", "component_name", "component_version", "cwe"],
     "Rapplex Scan": ["title", "endpoints", "severity"],
     "AppCheck Web Application Scanner": ["title", "severity"],
+    "Legitify Scan": ["title", "endpoints", "severity"],
 }
 
 # Override the hardcoded settings here via the env var
@@ -1499,6 +1500,7 @@ def saml2_attrib_map_format(dict):
     "Kiuwan SCA Scan": DEDUPE_ALGO_HASH_CODE,
     "Rapplex Scan": DEDUPE_ALGO_HASH_CODE,
     "AppCheck Web Application Scanner": DEDUPE_ALGO_HASH_CODE,
+    "Legitify Scan": DEDUPE_ALGO_HASH_CODE,
 }
 
 # Override the hardcoded settings here via the env var
 
@@ -0,0 +1,69 @@
+import json
+
+from dojo.models import Endpoint, Finding
+
+
+class LegitifyParser:
+
+    def get_scan_types(self):
+        return ["Legitify Scan"]
+
+    def get_label_for_scan_types(self, scan_type):
+        return scan_type  # no custom label for now
+
+    def get_description_for_scan_types(self, scan_type):
+        return "Legitify output file can be imported in JSON format."
+
+    def severity_mapper(self, severity):
+        mapping = {
+            "LOW": "Low",
+            "MEDIUM": "Medium",
+            "HIGH": "High",
+            "CRITICAL": "Critical",
+        }
+        return mapping.get(severity, "Low")
+
+    def parse_json(self, file):
+        try:
+            data = file.read()
+            try:
+                tree = json.loads(str(data, "utf-8"))
+            except Exception:
+                tree = json.loads(data)
+        except Exception:
+            msg = "Invalid format"
+            raise ValueError(msg)
+        return tree
+
+    def get_findings(self, file, test):
+        report_tree = self.parse_json(file)
+
+        findings = []
+        for content_key, content_value in report_tree.get("content", {}).items():
+            policy_info = content_value.get("policyInfo", {})
+            is_finding = False
+            endpoints = set()
+            references = set()
+            for violation in content_value.get("violations", []):
+                if violation.get("status", None) == "FAILED":
+                    is_finding = True
+                    url = violation.get("canonicalLink", None)
+                    if url:
+                        references.add(url)
+                        endpoints.add(Endpoint.from_uri(url))
+
+            if is_finding:
+                finding = Finding(
+                    description=policy_info.get("description", ""),
+                    dynamic_finding=False,
+                    impact="\n".join(policy_info.get("threat", [])),
+                    mitigation="\n".join(policy_info.get("remediationSteps", [])),
+                    references="\n".join(references),
+                    severity=self.severity_mapper(policy_info.get("severity", "LOW")),
+                    static_finding=True,
+                    title=f'{policy_info.get("namespace", "").capitalize()} | {policy_info.get("title", "")}',
+                    vuln_id_from_tool=policy_info.get("policyName", None),
+                )
+                finding.unsaved_endpoints = list(endpoints)
+                findings.append(finding)
+        return findings
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-38096a82c7cdeec6ca9c663c1ec3d6a5692a0e7bbfdea8fd2f05c58f753430d4`
	`1`	`+71285f56a01869df55a802d79343f43c2e6a42ed52c4bb3591202e62b8569c64`
Original file line number	Diff line number	Diff line change
`@@ -1277,6 +1277,7 @@ def saml2_attrib_map_format(dict):`
`1277`	`1277`	`"Kiuwan SCA Scan": ["description", "severity", "component_name", "component_version", "cwe"],`
`1278`	`1278`	`"Rapplex Scan": ["title", "endpoints", "severity"],`
`1279`	`1279`	`"AppCheck Web Application Scanner": ["title", "severity"],`
	`1280`	`+ "Legitify Scan": ["title", "endpoints", "severity"],`
`1280`	`1281`	`}`
`1281`	`1282`
`1282`	`1283`	`# Override the hardcoded settings here via the env var`
`@@ -1499,6 +1500,7 @@ def saml2_attrib_map_format(dict):`
`1499`	`1500`	`"Kiuwan SCA Scan": DEDUPE_ALGO_HASH_CODE,`
`1500`	`1501`	`"Rapplex Scan": DEDUPE_ALGO_HASH_CODE,`
`1501`	`1502`	`"AppCheck Web Application Scanner": DEDUPE_ALGO_HASH_CODE,`
	`1503`	`+ "Legitify Scan": DEDUPE_ALGO_HASH_CODE,`
`1502`	`1504`	`}`
`1503`	`1505`
`1504`	`1506`	`# Override the hardcoded settings here via the env var`