New Parser: Qualys Hacker Guardian

[Maffooch]

New Parser: Qualys Hacker Guardian

[sc-7587]

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the application's security scanning capabilities by integrating with the Qualys Hacker Guardian security scanner, including adding sample scan data, implementing a parser module, and introducing unit tests to ensure the reliability and robustness of the Qualys Hacker Guardian parser.

Expand for full summary

Summary:

The code changes in this pull request are focused on improving the application's security scanning capabilities by integrating with the Qualys Hacker Guardian security scanner. The changes include:

1. Addition of sample Qualys scan data in CSV format, which contains details about potential vulnerabilities found during the scans.
2. Introduction of a parser module (QualysHackerGuardianParser) to process the Qualys CSV data and extract relevant security findings, including vulnerability details, severity levels, and associated endpoints.
3. Implementation of unit tests to ensure the reliability and robustness of the Qualys Hacker Guardian parser.

From an application security perspective, the key points to consider are:

1. Proper handling and protection of the sensitive vulnerability data contained in the Qualys scan reports, ensuring that access is restricted to authorized personnel only.
2. Thorough review of the parser implementation to ensure that it correctly processes the CSV data, accurately maps the findings to the corresponding endpoints, and handles potential edge cases or malformed input.
3. Ongoing monitoring and testing of the Qualys Hacker Guardian integration to detect and address any security issues or vulnerabilities that may be introduced through the integration.

Overall, the changes in this pull request appear to be a positive step towards improving the application's security posture by integrating with a reputable security scanning tool and implementing robust parsing and testing mechanisms.

Files Changed:

1. unittests/scans/qualys_hacker_guardian/one_finding.csv and unittests/scans/qualys_hacker_guardian/many_finding.csv:
   • These files contain sample Qualys scan data, including details about potential vulnerabilities found during the scans.
   • The changes highlight the need to properly secure and restrict access to this sensitive information.
2. docs/content/en/integrations/parsers/file/qualys_hacker_guardian.md:
   • This is a new documentation file that provides information about the Qualys Hacker Guardian scan integration.
   • The changes do not introduce any direct security concerns, but it's important to ensure that any external links or references to sample data are properly vetted.
3. dojo/tools/qualys_hacker_guardian/parser.py:
   • This file contains the implementation of the QualysHackerGuardianParser class, which is responsible for parsing and processing the Qualys Hacker Guardian scan reports.
   • The changes demonstrate a well-designed and secure implementation, with a focus on input validation, endpoint mapping, and duplicate finding handling.
4. unittests/tools/test_qualys_hacker_guardian_parser.py:
   • This file adds unit tests to ensure the reliability and robustness of the QualysHackerGuardianParser implementation.
   • The tests cover various scenarios, including handling of CSV files with no findings, one finding, and multiple findings.
5. unittests/scans/qualys_hacker_guardian/zero_finding.csv:
   • This file is a new CSV file containing the header row for the Qualys Hacker Guardian scan data.
   • The changes highlight the importance of proper data validation and protection when processing this type of sensitive information.

Code Analysis

We ran 9 analyzers against 7 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[cneill]

Small typo, looks good otherwise