Parser docstrings (#12253)

* Created docstrings for acunetix but haven't tested

* Added OSV get_fields and get_dedupe_fields

* Added checkov get_fields and get_dedupe_fields

* Added whispers get_fields and get_dedupe_fields

* Added snyk code get_fields and get_dedupe_fields

* Added get_fields and get_dedupe_fields for sarif and updated checkov

* Updated previosly made get_fields and get_dedupe_fields

* Added Docstrings for qualys and acunetix

* Added docstrings for qualys hacker guardian

* Updated qualys hacker guardian docstring

* Added docstrings for qualys webapp

* Added docstrings for tenable parser

---------

Co-authored-by: Jino Tesauro <jinotesauro@pop-os.localdomain>

Author: Jino-T

dojo/tools/acunetix/parse_acunetix360_json.py

@@ -11,6 +11,50 @@ class AcunetixJSONParser:
 
     """This parser is written for Acunetix JSON Findings."""
 
+    def get_fields(self) -> list[str]:
+        """
+        Return the list of fields used in the Acunetix 360 Parser.
+
+        Fields:
+        - title: Set to the name outputted by the Acunetix 360 Scanner.
+        - description: Set to Description variable outputted from Acunetix 360 Scanner.
+        - severity: Set to severity from Acunetix 360 Scanner converted into Defect Dojo format.
+        - mitigation: Set to RemedialProcedure variable outputted from Acunetix 360 Scanner if it is present.
+        - impact: Set to Impact variable outputted from Acunetix 360 Scanner if it is present.
+        - date: Set to FirstSeenDate variable outputted from Acunetix 360 Scanner if present. If not, it is set to Generated variable from output.
+        - cwe: Set to converted cwe in Classification variable outputted from Acunetix 360 Scanner if it is present.
+        - static_finding: Set to True.
+        - cvssv3: Set to converted cvssv3 in Classification variable outputted from Acunetix 360 Scanner if it is present.
+        - risk_accepted: Set to True if AcceptedRisk is present in State variable outputted from Acunetix 360 Scanner. No value if variable is not present.
+        - active: Set to false.
+        """
+        return [
+            "title",
+            "description",
+            "severity",
+            "mitigation",
+            "impact",
+            "date",
+            "cwe",
+            "static_finding",
+            "cvssv3",
+            "risk_accepted",
+            "active",
+        ]
+
+    def get_dedupe_fields(self) -> list[str]:
+        """
+        Return the list of fields used for deduplication in the Acunetix 360 Parser.
+
+        Fields:
+        - title: Set to the name outputted by the Acunetix 360 Scanner.
+        - description: Set to Description variable outputted from Acunetix 360 Scanner.
+        """
+        return [
+            "title",
+            "description",
+        ]
+
     def get_findings(self, filename, test):
         dupes = {}
         data = json.load(filename)

dojo/tools/acunetix/parse_acunetix_xml.py

@@ -16,6 +16,52 @@ class AcunetixXMLParser:
 
     """This parser is written for Acunetix XML reports"""
 
+    def get_fields(self) -> list[str]:
+        """
+        Return the list of fields used in the Acunetix XML Parser.
+
+        Fields:
+        - title: Set to the name outputted by the Acunetix XML Scanner.
+        - severity: Set to severity from Acunetix XML Scanner converted into Defect Dojo format.
+        - description: Set to description, Details, and TechnivalDetails variables outputted from Acunetix XML Scanner.
+        - false_p: Set to True/False based on Defect Dojo standards.
+        - static_finding: Set to True by default and updated to False if requests are present.
+        - dynamic_finding: Set to False by default and updated to True if requests are present.
+        - nb_occurences: Set to 1 and increased based on presence of occurences.
+        - impact: Set to impact outputted from Acunetix XML Scanner if it is present.
+        - mitigation: Set to Recommendation outputted from Acunetix XML Scanner if it is present.
+        - date: Set to StartTime outputted from Acunetix XML Scanner if it is present.
+        - cwe: Set to converted cwe outputted from Acunetix XML Scanner if it is present.
+        - cvssv3: Set to converted cvssv3 values outputted from Acunetix XML Scanner if it is present.
+        """
+        return [
+            "title",
+            "severity",
+            "description",
+            "false_p",
+            "static_finding",
+            "dynamic_finding",
+            "nb_occurences",
+            "impact",
+            "mitigation",
+            "date",
+            "cwe",
+            "cvssv3",
+        ]
+
+    def get_dedupe_fields(self) -> list[str]:
+        """
+        Return the list of fields used for deduplication in the Acunetix XML Parser.
+
+        Fields:
+        - title: Set to the name outputted by the Acunetix XML Scanner.
+        - description: Set to description, Details, and TechnivalDetails variables outputted from Acunetix XML Scanner.
+        """
+        return [
+            "title",
+            "description",
+        ]
+
     def get_findings(self, filename, test):
         dupes = {}
         root = parse(filename).getroot()

dojo/tools/acunetix/parser.py

@@ -6,6 +6,75 @@ class AcunetixParser:
 
     """Parser for Acunetix XML files and Acunetix 360 JSON files."""
 
+    def get_fields(self) -> list[str]:
+        """
+        Return the list of fields used in the Acunetix XML Parser.
+
+        Fields:
+        - title: Set to the name outputted by the Acunetix XML Scanner.
+        - severity: Set to severity from Acunetix XML Scanner converted into Defect Dojo format.
+        - description: Set to description, Details, and TechnivalDetails variables outputted from Acunetix XML Scanner.
+        - false_p: Set to True/False based on Defect Dojo standards.
+        - static_finding: Set to True by default and updated to False if requests are present.
+        - dynamic_finding: Set to False by default and updated to True if requests are present.
+        - nb_occurences: Set to 1 and increased based on presence of occurences.
+        - impact: Set to impact outputted from Acunetix XML Scanner if it is present.
+        - mitigation: Set to Recommendation outputted from Acunetix XML Scanner if it is present.
+        - date: Set to StartTime outputted from Acunetix XML Scanner if it is present.
+        - cwe: Set to converted cwe outputted from Acunetix XML Scanner if it is present.
+        - cvssv3: Set to converted cvssv3 values outputted from Acunetix XML Scanner if it is present.
+
+        Return the list of fields used in the Acunetix 360 Parser.
+
+        Fields:
+        - title: Set to the name outputted by the Acunetix 360 Scanner.
+        - description: Set to Description variable outputted from Acunetix 360 Scanner.
+        - severity: Set to severity from Acunetix 360 Scanner converted into Defect Dojo format.
+        - mitigation: Set to RemedialProcedure variable outputted from Acunetix 360 Scanner if it is present.
+        - impact: Set to Impact variable outputted from Acunetix 360 Scanner if it is present.
+        - date: Set to FirstSeenDate variable outputted from Acunetix 360 Scanner if present. If not, it is set to Generated variable from output.
+        - cwe: Set to converted cwe in Classification variable outputted from Acunetix 360 Scanner if it is present.
+        - static_finding: Set to True.
+        - cvssv3: Set to converted cvssv3 in Classification variable outputted from Acunetix 360 Scanner if it is present.
+        - risk_accepted: Set to True if AcceptedRisk is present in State variable outputted from Acunetix 360 Scanner. No value if variable is not present.
+        - active: Set to false.
+        """
+        return [
+            "title",
+            "severity",
+            "description",
+            "false_p",
+            "static_finding",
+            "dynamic_finding",
+            "nb_occurences",
+            "impact",
+            "mitigation",
+            "date",
+            "cwe",
+            "cvssv3",
+            "risk_accepted",
+            "active",
+        ]
+
+    def get_dedupe_fields(self) -> list[str]:
+        """
+        Return the list of fields used for deduplication in the Acunetix XML Parser.
+
+        Fields:
+        - title: Set to the name outputted by the Acunetix XML Scanner.
+        - description: Set to description, Details, and TechnivalDetails variables outputted from Acunetix XML Scanner.
+
+        Return the list of fields used for deduplication in the Acunetix 360 Parser.
+
+        Fields:
+        - title: Set to the name outputted by the Acunetix 360 Scanner.
+        - description: Set to Description variable outputted from Acunetix 360 Scanner.
+        """
+        return [
+            "title",
+            "description",
+        ]
+
     def get_scan_types(self):
         return ["Acunetix Scan"]
 

dojo/tools/bandit/parser.py

@@ -18,9 +18,11 @@ def get_fields(self) -> list[str]:
         - file_path: Set to filename from Bandit Scanner.
         - line: Set to line from Bandit Scanner.
         - date: Set to date from Bandit Scanner.
+        - static_finding: Set to true.
+        - dynamic_finding: Set to false.
         - vuln_id_from_tool: Made from joining test_name and test_id.
         - nb_occurences: Initially set to 1 then updated.
-        - scanner_condifence: Set to confidence value if one is returned from the Bandit Scanner.
+        - scanner_confidence: Set to confidence value if one is returned from the Bandit Scanner.
         """
         return [
             "title",
@@ -29,6 +31,8 @@ def get_fields(self) -> list[str]:
             "file_path",
             "line",
             "date",
+            "static_finding",
+            "dynamic_finding",
             "vuln_id_from_tool",
             "nb_occurences",
             "scanner_confidence",

dojo/tools/brakeman/parser.py

@@ -19,6 +19,7 @@ def get_fields(self) -> list[str]:
         - file_path: Set to file from Brakeman Scanner.
         - line: Set to line from Brakeman Scanner.
         - date: Set to end_date from Brakeman Scanner.
+        - static_finding: Set to true.
         """
         return [
             "title",
@@ -27,6 +28,7 @@ def get_fields(self) -> list[str]:
             "file_path",
             "line",
             "date",
+            "static_finding",
         ]
 
     def get_dedupe_fields(self) -> list[str]:
@@ -40,6 +42,7 @@ def get_dedupe_fields(self) -> list[str]:
         - description: Made by joining filename, line number, issue confidence, code, user input, and render path provided by Brakeman Scanner.
 
         NOTE: uses legacy dedupe: ['title', 'cwe', 'line', 'file_path', 'description']
+        NOTE: cwe is not provided by parser.
         """
         return [
             "title",

dojo/tools/burp/parser.py

@@ -31,6 +31,10 @@ def get_fields(self) -> list[str]:
         - scanner_confidence: Converted from Burp format (Certain, Firm, or Tentative) into Defect Dojo integer format.
         - description: Made by combining URL, url_host, path, and detail.
         - mitigation: Made using Remediation that was ouputted by Burp scanner
+        - false_p: Set to false.
+        - duplicate: Set to false.
+        - out_of_scope: Set to false.
+        - dynamic_finding: Set to true.
         - impact: Set to background returned by Burp Scanner.
         - unique_id_from_tool: Set to serial_number returned by Burp Scanner.
         - vuln_id_from_tool: Taken from output of Burp Scanner.
@@ -44,6 +48,10 @@ def get_fields(self) -> list[str]:
             "scanner_confidence",
             "description",
             "mitigation",
+            "false_p",
+            "duplicate",
+            "out_of_scope",
+            "dynamic_finding",
             "impact",
             "unique_id_from_tool",
             "vuln_id_from_tool",
@@ -60,6 +68,7 @@ def get_dedupe_fields(self) -> list[str]:
         - description: Made by combining URL, url_host, path, and detail.
 
         NOTE: uses legacy dedupe: ['title', 'cwe', 'line', 'file_path', 'description']
+        NOTE: line and file_path is not provided by parser
         """
         return [
             "title",

dojo/tools/cargo_audit/parser.py

@@ -44,16 +44,15 @@ def get_dedupe_fields(self) -> list[str]:
         Return the list of fields used for deduplication in the Cargo Audit Parser.
 
         Fields:
-        - vulnerability_ids:
         - severity: Set to "High" regardless of context.
         - component_name: Set to name of package provided by the Cargo Audit Scanner.
         - component_version: Set to version of package provided by the Cargo Audit Scanner.
         - vuln_id_from_tool: Set to id provided by the Cargo Audit Scanner.
 
-        NOTE: Dedupe fields in settings.dist.py list vulnerability_ids and vuln_id_from_tool
+        NOTE: vulnerability_ids is not provided by parser.
+        NOTE: vulnerability_ids appears to be stored in unsaved_vulnerability_ids.
         """
         return [
-            "vulnerability_ids",
             "severity",
             "component_name",
             "component_version",

dojo/tools/checkmarx/parser.py

@@ -27,6 +27,7 @@ def get_fields(self) -> list[str]:
         - severity: Set to severity outputted by Checkmarx Scanner.
         - file_path: Set to filename outputted by Checkmarx Scanner.
         - date: Set to date outputted by Checkmarx Scanner.
+        - static_finding: Set to true.
         - nb_occurences: Inittially set to 1 and then updated accordingly.
         - line: Set to line outputted by Checkmarx Scanner.
         - unique_id_from_tool: [If mode set to detailed] Set to the unique pathId outputted by Checkmarx Parser.
@@ -48,6 +49,7 @@ def get_fields(self) -> list[str]:
             "severity",
             "file_path",
             "date",
+            "static_finding",
             "nb_occurences",
             "line",
             "unique_id_from_tool",

dojo/tools/checkov/parser.py

@@ -4,6 +4,53 @@
 
 
 class CheckovParser:
+
+    def get_fields(self) -> list[str]:
+        """
+        Return the list of fields used in the Checkov Parser.
+        Fields:
+        - title: Set to check_name outputted from Checkov Scanner.
+        - description: Custom description made from: check type, check id, and check name.
+        - severity: Set to severity from Checkov Scanner that has been translated into Defect Dojo format.
+        - mitigation: Set to severity from Checkov Scanner that has been translated into Defect Dojo format.
+        - file_path: Set to file path from Checkov Scanner.
+        - line: Set to first line of the file line range from Checkov Scanner.
+        - component_name: Set to resource from Checkov Scanner.
+        - static_finding: Set to true.
+        - dynamic_finding: Set to false.
+        """
+        return [
+            "title",
+            "description",
+            "severity",
+            "mitigation",
+            "file_path",
+            "line",
+            "component_name",
+            "static_finding",
+            "dynamic_finding",
+        ]
+
+    def get_dedupe_fields(self) -> list[str]:
+        """
+        Return the list of dedupe fields used in the Checkov Parser
+
+        Fields:
+        - title: Set to check_name outputted from Checkov Scanner.
+        - line: Set to first line of the file line range from Checkov Scanner.
+        - file_path: Set to file path from Checkov Scanner.
+        - description: Custom description made from: check type, check id, and check name.
+
+        NOTE: uses legacy dedupe: ['title', 'cwe', 'line', 'file_path', 'description']
+        NOTE: cwe is not provided by parser
+        """
+        return [
+            "title",
+            "line",
+            "file_path",
+            "description",
+        ]
+
     def get_scan_types(self):
         return ["Checkov Scan"]
 

dojo/tools/gitleaks/parser.py

@@ -18,6 +18,8 @@ def get_fields(self) -> list[str]:
         - severity: Set to high and inccreased to critical if "Github", "AWS", or "Heroku" are in the isssue rule.
         - file_path: Set to issuel file from Gitleaks Scanner.
         - line: Set to line number from Gitleaks Scanner.
+        - dynamic_finding: Set to false.
+        - static_finding: Set to true.
         - nb_occurences: Inittially set to 1 and incremented based on number of occurences.
         """
         return [
@@ -26,6 +28,8 @@ def get_fields(self) -> list[str]:
             "severity",
             "file_path",
             "line",
+            "dynamic_finding",
+            "static_finding",
             "nb_occurences",
         ]
 
@@ -40,6 +44,7 @@ def get_dedupe_fields(self) -> list[str]:
         - description: Custom description made from commit details.
 
         NOTE: uses legacy dedupe: ['title', 'cwe', 'line', 'file_path', 'description']
+        NOTE: cwe is not provided by parser.
         """
         return [
             "title",