feat(parsers): add IriusRisk threat model CSV parser#14384
feat(parsers): add IriusRisk threat model CSV parser#14384skywalke34 wants to merge 6 commits intoDefectDojo:devfrom
Conversation
Authored by T. Walker - DefectDojo
Authored by T. Walker - DefectDojo
Authored by T. Walker - DefectDojo
Authored by T. Walker - DefectDojo
Authored by T. Walker - DefectDojo
- Update test CSVs from 12 to 14 columns (add MITRE reference, STRIDE-LM) - Parse MITRE reference: CWE-NNN extracts to cwe field, other values to references - Include STRIDE-LM in description when populated - Add Critical to severity mapping - Change static_finding to False per connector spec - Update documentation to reflect all changes - Add tests for CWE extraction, references, STRIDE-LM, and Critical severity Authored by T. Walker - DefectDojo
|
|
||
| ### Deduplication | ||
|
|
||
| The parser generates a `unique_id_from_tool` by computing a SHA-256 hash of the Component, Threat, and Risk Response fields concatenated with pipe delimiters (lines 74-77). This ensures that each distinct combination of component, threat, and mitigation state produces a unique identifier. On reimport, findings with matching unique IDs are recognized as the same finding rather than being duplicated. |
There was a problem hiding this comment.
I've been informed we must never compute this value in a parser. I think there is great value in letting the parsers calculate this value or possible a new field called unique_id_from_parser, but until now haven't been seen agreement on doing this.
There was a problem hiding this comment.
I'll have to follow-up on this... maybe a show-stopper.
Maffooch
left a comment
Maffooch
left a comment
There was a problem hiding this comment.
This is pretty close overall!
|
|
||
| | Source Field | DefectDojo Field | Parser Line # | Notes | | ||
| | ------------------------ | -------------------- | ------------- | --------------------------------------------------------------------- | | ||
| | Threat | title | 51 | Truncated to 150 characters with "..." suffix if longer | |
There was a problem hiding this comment.
In the past, we have pushed back on line numbers in the docs as drift can occur in the parser over time to make the documented line numbers inaccurate
There was a problem hiding this comment.
Greetings from the future! (I come in peace) This documentation was 99% generated by AI and validated by 99% human containing ~1% microplastic. The line numbers are a verifiable check the AI LLM can use to map data elements to code/functions within the parser - and can even help detect drift. Please let me keep the line numbers? :)
There was a problem hiding this comment.
Why would we need line numbers here? For me it just clutters the table and brings extra maintenance work for contributors, LLMs, reviewers, etc.
| # Title: truncate to 150 chars with ellipsis if needed | ||
| title = threat[:147] + "..." if len(threat) > 150 else threat |
There was a problem hiding this comment.
We have upwards of 511 characters to work with here. May want to increase the threshold that we start adding ellipses to, but I am not super opinionated here
There was a problem hiding this comment.
I can expand it to 500... I didn't check to see what the max was. I did hit errors using threat descriptions to populate the title and just wanted it to fit nicely on the page. :)
3 participants
Description
New parser for IriusRisk threat model CSV exports. IriusRisk is a threat
modeling and risk management platform. The parser:
DefectDojo severity levels
Test results
23 unit tests covering:
Documentation
Parser documentation at
docs/content/supported_tools/parsers/file/iriusrisk.mdwith export instructions, complete field mapping table, severity mapping, and
special processing notes.
Checklist
devdevbranchAuthored by T. Walker - DefectDojo