Thanks to visit codestin.com
Credit goes to github.com

Skip to content

wiz scan: handle more fields and unique_id_from_tool #12198

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 9, 2025
Merged

wiz scan: handle more fields and unique_id_from_tool #12198

merged 2 commits into from
Apr 9, 2025

Conversation

valentijnscholten
Copy link
Member

Handle more fields from Wiz Scan CSV report:

  • "Created At"
  • "Issue Id" -> this is the unique_id_from_tool
  • "Resolution"

Added to description:

  • "Provider ID"
  • "Risks"
  • "Threats"
  • "Created At"
  • "Status Changed At"
  • "Updated At"

@valentijnscholten valentijnscholten marked this pull request as ready for review April 8, 2025 19:03
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 8, 2025

DryRun Security Summary

The analysis reveals security vulnerabilities in a Wiz parser, including datetime parsing risks, CSV parsing considerations, sensitive information exposure, network configuration weaknesses, identity management concerns, and potential identifier generation issues.

Expand for full summary

Summary: The summaries cover security analysis and modifications for a Wiz parser, a CSV file of resolved findings, and a corresponding unit test file, focusing on parsing enhancements and security considerations.

Security Findings:

  1. Datetime Parsing Vulnerability

    • Located in: dojo/tools/wiz/parser.py
    • Risk: Potential unexpected behavior if datetime parsing fails
    • Explanation: Uses contextlib.suppress() which could mask parsing errors

  2. CSV Parsing Considerations

    • Located in: dojo/tools/wiz/parser.py
    • Risk: Increased memory consumption
    • Explanation: Increases CSV field size limit using csv.field_size_limit(), potentially exploitable with extremely large CSVs

  3. Sensitive Information Exposure

    • Located in: unittests/scans/wiz/resolved_findings.csv
    • Risk: Exposure of sensitive Azure-related details
    • Explanation: Contains SSH public keys, client IDs, object IDs, and subscription IDs

  4. Network Configuration Risks

    • Located in: unittests/scans/wiz/resolved_findings.csv
    • Risk: Potential network security weaknesses
    • Explanation: Uses kubenet network plugin, has public IP addresses, no explicit network policy

  5. Identity and Access Management Concerns

    • Located in: unittests/scans/wiz/resolved_findings.csv
    • Risk: Potential access control vulnerabilities
    • Explanation: System-assigned identity, local accounts not disabled, no pod security policy

  6. Unique Identifier Generation

    • Located in: unittests/tools/test_wiz_parser.py
    • Risk: Potential predictability of identifiers
    • Explanation: Introduces specific unique identifiers for findings that should be generated securely

View PR in the DryRun Dashboard.

@valentijnscholten valentijnscholten added this to the 2.45.1 milestone Apr 8, 2025
@Maffooch Maffooch requested review from dogboat and hblankenship April 8, 2025 19:26
mtesauro
mtesauro approved these changes Apr 8, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 84c6da3 into DefectDojo:bugfix Apr 9, 2025
77 checks passed
Maffooch pushed a commit that referenced this pull request Apr 21, 2025
@valentijnscholten @Maffooch
wiz scan: handle more fields and unique_id_from_tool (#12198)
331e69b 
* wiz scan: handle more fields

* wiz scan: handle more fields
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
parser unittests
Projects
None yet
Milestone
2.45.1
Development

Successfully merging this pull request may close these issues.
5 participants
@valentijnscholten @mtesauro @dogboat @hblankenship @Maffooch