Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🎉 added component_name to AWSSecurityHub #9161

Merged
merged 1 commit into from
Dec 22, 2023
Merged

🎉 added component_name to AWSSecurityHub #9161

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 3 additions & 1 deletion dojo/tools/awssecurityhub/parser.py
View file
Open in desktop
@@ -1,4 +1,4 @@
import json

Check warning on line 1 in dojo/tools/awssecurityhub/parser.py

View check run for this annotation

DryRunSecurity / AI-powered Sensitive Files Check

Possible Sensitive File 


                    Our AI-Powered Sensitive File checker believes it has discovered
                    a sensitive file being modified in this PR. Extra care must be taken
                    when modifying a file that is potentially security-sensitive.
                    
                    The following reason was provided: File contains security-related code for parsing AWS Security Hub findings.
from datetime import datetime
from dojo.models import Finding

Expand Down Expand Up @@ -103,7 +103,8 @@

title_suffix = ""
for resource in finding.get("Resources", []):
if resource.get("Type") == "AwsEcrContainerImage":
component_name = resource.get("Type")
if component_name == "AwsEcrContainerImage":
details = resource.get("Details", {}).get("AwsEcrContainerImage")
arn = resource.get("Id")
if details:
Expand Down Expand Up @@ -137,6 +138,7 @@
is_mitigated=is_Mitigated,
static_finding=True,
dynamic_finding=False,
component_name=component_name,
)
# Add the unsaved vulnerability ids
result.unsaved_vulnerability_ids = unsaved_vulnerability_ids
Expand Down
4 changes: 4 additions & 0 deletions unittests/tools/test_awssecurityhub_parser.py
View file
Open in desktop
Expand Up @@ -37,6 +37,8 @@ def test_many_findings(self):
parser = AwsSecurityHubParser()
findings = parser.get_findings(test_file, Test())
self.assertEqual(3, len(findings))
finding = findings[0]
self.assertEqual(finding.component_name, "AwsAccount")

def test_repeated_findings(self):
with open(get_unit_tests_path() + sample_path("config_repeated_findings.json")) as test_file:
Expand Down Expand Up @@ -70,6 +72,8 @@ def test_inspector_ec2_with_no_vulnerabilities(self):
parser = AwsSecurityHubParser()
findings = parser.get_findings(test_file, Test())
self.assertEqual(1, len(findings))
finding = findings[0]
self.assertEqual(finding.component_name, "AwsEc2Instance")

def test_inspector_ec2_ghsa(self):
with open(get_unit_tests_path() + sample_path("inspector_ec2_ghsa.json")) as test_file:
Expand Down