Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add Cyberwatch Galeax Parser #12105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 25, 2025
Merged

Add Cyberwatch Galeax Parser #12105

merged 3 commits into from
Apr 25, 2025

Conversation

AmineHazi
Copy link
Contributor

As discussed with @valentijnscholten , the default CSV and JSON reports from Cyberwatch do not include all the necessary data. Therefore, to use this parser, please utilize this tool : https://github.com/Galeax/Cyberwatch-API-DefectDojo to generate the required JSON input.

@AmineHazi
Added Cyberwatch Parser (#7)
da491fb 
Cyberwatch parser : Fixed CVEs and Security issues handling, added components and mitigated findings

Changed Setting for Dedup algorithm

removed shashum

Fixed parser bug with filters

Added Epss score as %, added CAPEC and ATTACKS

Fix linter and code format

Co-authored-by: Amine <[email protected]>
@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR docs unittests parser labels Mar 25, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Mar 25, 2025
edited
Loading

DryRun Security Summary

A comprehensive patch for Cyberwatch Parser in DefectDojo introduces potential security risks through information exposure, logging vulnerabilities, and inadequate input validation across parser implementation, configuration, and test files.

Expand for full summary

Summary: A comprehensive patch adding Cyberwatch Parser documentation and integration to DefectDojo, including parser implementation, configuration updates, and unit test files for security finding parsing.

Security Findings:

  1. External Reference Exposure

    • GitHub repository URL directly exposed in parser code
    • Potential information leakage about tooling

  2. Logging Considerations

    • Extensive logging that could potentially leak sensitive information
    • Sensitive data like server names and vulnerability details logged

  3. Datetime Parsing Vulnerabilities

    • Fallback mechanisms in datetime parsing could mask data integrity issues
    • Potential for timezone-related problems

  4. Input Validation Concerns

    • Extensive use of .get() method with default values
    • Potential for handling unexpected input structures

  5. Information Disclosure Risks

    • Detailed system information exposure
      • Computer names
      • Product versions
      • Server status
      • Detected and fixed timestamps

  6. Hostname and System Information Exposure

    • Revealed in test JSON files
      • Specific computer names
      • Operating system details
      • Computer IDs
      • IP addresses

  7. Potential Reconnaissance Information

    • Web application framework fingerprinting details
    • Detailed CVE and security issue metadata that could aid attackers

View PR in the DryRun Dashboard.

@valentijnscholten
Copy link
Member

Thank you @AmineHazi . To make it clear that this parser is parsing an "extended" Cyberwatch report, could you look at changing the name of the parser to something like "Cyberwatch Galeax Scan" or "Cyberwatch Scan (Galeax)" or some suggestion from your side?

valentijnscholten
valentijnscholten requested changes Mar 25, 2025
View reviewed changes
@valentijnscholten valentijnscholten changed the title Add Cyberwatch Parser Add Cyberwatch Galeax Parser Mar 25, 2025
@AmineHazi AmineHazi requested a review from Maffooch as a code owner April 2, 2025 09:42
@AmineHazi
Copy link
Contributor Author

Thank you @AmineHazi . To make it clear that this parser is parsing an "extended" Cyberwatch report, could you look at changing the name of the parser to something like "Cyberwatch Galeax Scan" or "Cyberwatch Scan (Galeax)" or some suggestion from your side?

Thank you for your reply, @valentijnscholten. I have just changed the parser name to "Cyberwatch Scan (Galeax)". Would you like me to update the folder and file names as well, or is the new name sufficient? (For example, change the folder 'dojo\tools\cyberwatch' to 'dojo\tools\cyberwatch_galeax'.)

@valentijnscholten
Copy link
Member

Good idea, so yes 😀

@AmineHazi
Copy link
Contributor Author

Good idea, so yes 😀

Hi @valentijnscholten, I changed the file and folder names too. I also added assertions on the CWE and EPSS fields and cleaned up the endpoints. Let me know if there's anything else to change!

valentijnscholten
valentijnscholten requested changes Apr 4, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

found some more references to change

@Maffooch Maffooch added this to the 2.46.0 milestone Apr 11, 2025
@Maffooch Maffooch requested a review from mtesauro as a code owner April 22, 2025 02:13
@valentijnscholten
Copy link
Member

@AmineHazi We have scheduled this for the 2.46.0 / May 5th release. Could you look at the small final suggestions made?

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security

This pull request contains multiple security concerns including potential information disclosure through test data, a GitHub URL reference that might leak internal tool information, and a medium-severity CVE vulnerability related to memory corruption and buffer overflow risks.

💭 Unconfirmed Findings (5)
Vulnerability External URL Exposure
Description In the Cyberwatch parser file, a direct GitHub repository URL reference was found that could potentially leak internal tool information, posing a potential security risk.
Vulnerability Potential Information Disclosure
Description Test data contains detailed server information including computer names, IDs, and precise timestamps, which could reveal sensitive infrastructure details.
Vulnerability Web Application Framework Fingerprinting Risk
Description Test data includes a security issue type WSTG-INFO-08, indicating potential risks related to gathering information about web application infrastructure.
Vulnerability CVE Vulnerability Details
Description CVE-2023-42366 identified with medium severity (5.5), suggesting potential memory corruption and buffer overflow risks. Local attack vector with user interaction, high denial of service potential.
Vulnerability Anonymized Host/IP Information
Description Test data contains anonymized hostnames and IP addresses that could potentially reveal testing or scanning methodologies.

All finding details can be found in the DryRun Security Dashboard.

@AmineHazi
Copy link
Contributor Author

@AmineHazi We have scheduled this for the 2.46.0 / May 5th release. Could you look at the small final suggestions made?

Hello @valentijnscholten ! i just made the small final suggestions you made, everything should be fine now, thank you !

mtesauro
mtesauro approved these changes Apr 22, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 205692e into DefectDojo:dev Apr 25, 2025
78 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
docs parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR unittests
Projects
None yet
Milestone
2.46.0
Development

Successfully merging this pull request may close these issues.
5 participants
@AmineHazi @valentijnscholten @mtesauro @hblankenship @Maffooch