Skip to content

🎉 implement n0s1 scanner #13564#13580

Merged
Maffooch merged 10 commits intoDefectDojo:devfrom
manuel-sommer:implement_n0s1
Nov 4, 2025
Merged

🎉 implement n0s1 scanner #13564#13580
Maffooch merged 10 commits intoDefectDojo:devfrom
manuel-sommer:implement_n0s1

Conversation

@manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer commented Oct 31, 2025

@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR docs unittests parser labels Oct 31, 2025
@manuel-sommer manuel-sommer changed the title implement n0s1 scanner #13564 🎉 implement n0s1 scanner #13564 Oct 31, 2025
mtesauro
mtesauro approved these changes Oct 31, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

valentijnscholten
valentijnscholten reviewed Nov 1, 2025
View reviewed changes
valentijnscholten
valentijnscholten reviewed Nov 1, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comment posted

@valentijnscholten valentijnscholten added this to the 2.52.0 milestone Nov 1, 2025
valentijnscholten
valentijnscholten requested changes Nov 1, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a parser that can return different type of scans. Can you look at implementing the dynamic test_type feature similar to rusty hog?

django-DefectDojo/dojo/tools/rusty_hog/parser.py

Lines 33 to 70 in 1ba1122

def get_tests(self, scan_type, handle):
tree = json.load(handle)
tests = []
if scan_type == "Rusty Hog Scan":
parsername = "Rusty Hog"
for node in tree:
if (
"commit" in node
or "commitHash" in node
or "parent_commit_hash" in node
or "old_file_id" in node
or "new_file_id" in node
):
parsername = "Choctaw Hog"
break
if "linenum" in node or "diff" in node:
parsername = "Duroc Hog"
break
if "issue_id" in node or "location" in node:
parsername = "Gottingen Hog"
break
if "page_id" in node:
parsername = "Essex Hog"
break
else:
parsername = scan_type.replace(" Scan", "")
test = ParserTest(
name=parsername,
parser_type=parsername,
version="",
)
if parsername == "Rusty Hog": # The outputfile is empty. A subscanner can't be classified
test.description = "The exact scanner within Rusty Hog could not be determined due to missing information within the scan result."
else:
test.description = parsername
test.findings = self.__getitem(vulnerabilities=tree, scanner=parsername)
tests.append(test)
return tests

@manuel-sommer
Copy link
Contributor Author

manuel-sommer commented Nov 1, 2025

This is a parser that can return different type of scans. Can you look at implementing the dynamic test_type feature similar to rusty hog?

django-DefectDojo/dojo/tools/rusty_hog/parser.py

Lines 33 to 70 in 1ba1122

def get_tests(self, scan_type, handle):
tree = json.load(handle)
tests = []
if scan_type == "Rusty Hog Scan":
parsername = "Rusty Hog"
for node in tree:
if (
"commit" in node
or "commitHash" in node
or "parent_commit_hash" in node
or "old_file_id" in node
or "new_file_id" in node
):
parsername = "Choctaw Hog"
break
if "linenum" in node or "diff" in node:
parsername = "Duroc Hog"
break
if "issue_id" in node or "location" in node:
parsername = "Gottingen Hog"
break
if "page_id" in node:
parsername = "Essex Hog"
break
else:
parsername = scan_type.replace(" Scan", "")
test = ParserTest(
name=parsername,
parser_type=parsername,
version="",
)
if parsername == "Rusty Hog": # The outputfile is empty. A subscanner can't be classified
test.description = "The exact scanner within Rusty Hog could not be determined due to missing information within the scan result."
else:
test.description = parsername
test.findings = self.__getitem(vulnerabilities=tree, scanner=parsername)
tests.append(test)
return tests

Hi @valentijnscholten , before I implement this, I would need multiple different output files. I was just doing the PR, not using it to test different scenarios (for this I don't have time right now).
How about continuing with this and as soon as someone asks for other scenarios to cover, we can advance this PR with their provided scan results?

@valentijnscholten
Copy link
Member

valentijnscholten commented Nov 1, 2025

It's only about adding logic to set the test_type name / parser name. Bot about having all scanners supported.

@manuel-sommer manuel-sommer marked this pull request as draft November 1, 2025 14:53
@manuel-sommer manuel-sommer marked this pull request as ready for review November 1, 2025 15:30
@dryrunsecurity
Copy link

dryrunsecurity bot commented Nov 1, 2025
edited
Loading

DryRun Security

This pull request introduces an information disclosure issue: the n0s1 Scanner parser copies the raw "secret" field from scanner JSON into the Finding description (dojo/tools/n0s1/parser.py), which exposes sensitive data (keys, passwords, private keys) in the DefectDojo UI. This should be remediated by redacting or omitting secrets before storing/displaying them.

Information Disclosure in Finding Description in dojo/tools/n0s1/parser.py
Vulnerability Information Disclosure in Finding Description
Description The n0s1 Scanner parser explicitly includes the secret field from its JSON output into the description field of a Finding object. This secret field, as confirmed by the test data, contains sensitive information (e.g., AWS access keys, private keys, passwords in URLs). Since the Finding description is displayed in the DefectDojo UI without redaction, this leads to an information disclosure vulnerability where secrets discovered by the scanner are exposed to users viewing the finding details.

django-DefectDojo/dojo/tools/n0s1/parser.py

Lines 64 to 67 in 6c993e0

description += f"**Secret:** {finding_data.get('secret', 'N/A')}\n"
description += f"**Platform:** {details.get('platform', 'N/A')}\n"
description += f"**Ticket Field:** {details.get('ticket_field', 'N/A')}\n"
description += f"**Regex ID:** {merged_regex['id']}\n"

All finding details can be found in the DryRun Security Dashboard.

valentijnscholten
valentijnscholten reviewed Nov 1, 2025
View reviewed changes
valentijnscholten
valentijnscholten approved these changes Nov 3, 2025
View reviewed changes
@valentijnscholten valentijnscholten modified the milestones: 2.52.0, 2.53.0 Nov 3, 2025
@Maffooch Maffooch requested a review from Jino-T November 4, 2025 16:00
@Maffooch Maffooch merged commit 723d6ee into DefectDojo:dev Nov 4, 2025
151 checks passed
@manuel-sommer manuel-sommer deleted the implement_n0s1 branch November 4, 2025 19:20
Maffooch pushed a commit to valentijnscholten/django-DefectDojo that referenced this pull request Feb 16, 2026
@manuel-sommer
🎉 implement n0s1 scanner DefectDojo#13564 (DefectDojo#13580)
bb0eb4e 
* implement n0s1 scanner DefectDojo#13564

* update

* ruff

* update

* update

* update

* underline the correctness through comparison with rustyhog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Jino-T approved these changes

Assignees

No one assigned

Labels

docs parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR unittests

Projects

None yet

Milestone

2.53.0

Development

Successfully merging this pull request may close these issues.

5 participants

@manuel-sommer @valentijnscholten @mtesauro @Maffooch @Jino-T