DefectDojo
docs: add field info Rapidfire vulnerability scanner
Description Rapidfire Scan Parser
Rapidfire CSV Parser
CSV Field Mappings
| CSV Field | Finding Field | Parser Line # | Notes |
|---|---|---|---|
| IP Address | endpoints[].host | 162-173 | Used if hostname not available |
| Hostname | endpoints[].host | 162-173 | Primary choice for endpoint host |
| MAC Address | description | 134-136 | Added to description with "MAC Address:" prefix |
| Severity | severity | 149 | Capitalized and validated against SEVERITIES, defaults to Info |
| Issue | title | 107-110 | Direct mapping, stripped of whitespace |
| Ports | endpoints[].port | 165-166 | Extracted number before "/" using regex |
| OID | vuln_id_from_tool | 152 | Direct mapping |
| CVE | unsaved_vulnerability_ids | 176-177 | Split on comma, filtered to valid CVE IDs |
| Last Detected | date | 151 | Parsed to datetime using dateutil.parser |
| Known Exploited Vulnerability | description | 131-132 | Added to description with prefix |
| Summary | description | 117-118 | Added to description with "Summary:" prefix |
| Vulnerability Detection Result | description | 119-120 | Added to description with prefix |
| Solution | mitigation | 150 | Direct mapping |
| Vulnerability Insight | impact | 82-103 | Formatted with CVEs into impact field |
| Vulnerability Detection Method | description | 121-122 | Added to description with prefix |
| References | references | 70-124 | Formatted into markdown list of links |
| Known To Be Used In Ransomware Campaigns | description, tags | 137-138, 179-180 | Adds warning to description and "ransomware" tag |
Additional Finding Field Settings
| Finding Field | Value | Parser Line # | Notes |
|---|---|---|---|
| test | test parameter | 153 | Set from test parameter passed to get_findings |
| dynamic_finding | True | 153 | Hardcoded to True for all findings |
| static_finding | False | 154 | Hardcoded to False for all findings |
Processing Notes
- Deduplication is performed using combination of title, IP address, hostname and port
- For duplicate findings, the existing finding is updated rather than creating a new one
- The parser uses csv.DictReader with comma delimiter and quote character
- Empty rows are skipped
- References are formatted into a readable markdown list with descriptive link text
- Impact field is specially formatted to combine vulnerability insight and CVE details
- Date parsing handles various formats and falls back to current time
- Port extraction handles various formats like "8080/tcp" or "443/tcp (https)"
Test results
- 13 unit tests successfully executed against example .csv files in unittests/scans/rapidfire directory:
DryRun Security Summary
The pull request integrates Rapidfire vulnerability scanner support into DefectDojo, adding documentation, configuration, and parser capabilities while revealing several potential security findings in the process.
Expand for full summary
The pull request adds documentation, configuration, and parser support for the Rapidfire vulnerability scanner in DefectDojo, including unit tests and sample scan data.
Security findings include:
- External URL exposure (Rapidfire vendor website)
- Potential information leakage through detailed CSV field mappings
- Sensitive network information exposure in test scan files (internal IP addresses, hostnames, MAC addresses)
- Multiple Apache Tomcat vulnerabilities discovered in test scan data
- Detailed vulnerability information that could aid potential attackers
- Exposure of internal network infrastructure details through test files
- Potential reconnaissance information from hostname and port disclosures
View PR in the DryRun Dashboard.
![dryrunsecurity[bot] avatar](https://avatars.githubusercontent.com/in/377039?v=4 "Published by a pub.dev verified publisher"){kind=small}
:red_circle: Risk threshold exceeded.
This pull request contains multiple security concerns, including a sensitive file edit in dojo/finding/views.py, a potential hardcoded encryption key exposure, and vulnerabilities related to access control and information disclosure that could compromise system security if left unaddressed.
:warning: Configured Codepaths Edit in dojo/finding/views.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
:thought_balloon: Unconfirmed Findings (5)
| Vulnerability | Hardcoded Encryption Key Exposure |
|---|---|
| Description | Critical vulnerability involving a hardcoded AES256 encryption key in the production installation documentation. The exposed key could potentially allow unauthorized access to encrypted API keys and credentials. |
| Vulnerability | Access Control Weakness in Image Access |
|---|---|
| Description | Vulnerability in finding views with simplified token validation logic that could enable unauthorized image access by bypassing size verification mechanisms. |
| Vulnerability | Potential Information Disclosure |
|---|---|
| Description | Multiple files contain external URLs and sample scan paths that could provide insights into system configuration and tooling, potentially aiding potential attackers. |
| Vulnerability | Email Address Exposure |
|---|---|
| Description | Minor information disclosure of an email address ([email protected]) found in a GitHub PR reminder script. |
| Vulnerability | Webhook Testing Considerations |
|---|---|
| Description | Recommendation to use public webhook testing services poses a risk of exposing sensitive webhook payloads to third-party services. |
We've notified @mtesauro.
All finding details can be found in the DryRun Security Dashboard.
This pull request has conflicts, please resolve those before we can evaluate the pull request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}