Skip to content

Refactor API parsers #7002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 77 commits into from
Jan 13, 2023
Merged

Refactor API parsers #7002

merged 77 commits into from
Jan 13, 2023

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Oct 17, 2022
edited
Loading

PR is based on my question in Slack: https://owasp.slack.com/archives/C014H3ZV9U6/p1661299601825669

Summary

The number of tools/parsers which do not only parse uploaded files but communicate with API is increasing. This PR does some small clean-up and defines a set of rules to keep it maintainable and improve UX for using API parsers (simplified way to add Tool Type, Tool Config and ApiScanConfig).

  • a parser which supports API is placed in the directory dojo/tools/api_<tool> - yes, this means renames like sonarqube_api to api_sonarqube
  • in documentation, in a list of parsers, a subsection/subheader only for these parsers was created. At the beginning of this section is a manual “how to set ToolType, ToolConfig, ApiScanConfig” to avoid repetition in all parsers. Each parser defines only which values and how should be filled
  • add function to parsers api_scan_configuration_hint which returns string with a hint, which service_key and how should be set up
  • add function which collects hints from api_scan_configuration_hint and print it in add and edit view
  • Add to documentation: “how to write a parser which communicates with API”. Some rules:
    Required parts: api_client, importer, parser
    Write tests
    Optional but recommened functions for api_client: test_connection, test_product_connection
  • Update template for “Template Generator”: Add support for API parsers cookiecutter-scanner-parser#8
  • In almost all api_clients is used Tool_Type.objects.get_or_create(name='XYZ'). Parsers should be stateless (they shouldn't create these entries).
  • Integration test for creation of ToolType, ToolConfig and ApiScanConfig

Example of UI changes

  1. Dynamic hints. Tool Type for BlackDuck, Cobalt.io and Vulners exist. There is no Toll Type for Bugcrowd, Edgescan and SonarQube - I removed them only because of this test. They are by default there with a new or upgraded instance.

Screenshot 2023-01-11 at 20 48 52

  1. Description Parser XXX requires created tool type XXX. is <a>, it is referencing to page where the user can create missing Tool Type

Screenshot 2023-01-11 at 20 53 08

  1. After clicking on the link, a user is redirected to the page with the prefield form

image

  1. Updated description after creating Tool Type. The link is now pointing to the page for the Tool Config creation

Screenshot 2023-01-11 at 21 01 07

  1. Tool Type is automatically fielded

Screenshot 2023-01-11 at 21 02 28

  1. New Tool Config is ready. The description is updated to hint from api_scan_configuration_hint

Screenshot 2023-01-11 at 21 04 35

@github-actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

dependabot bot and others added 8 commits October 21, 2022 20:15
@dependabot @kiblik
Bump packageurl-python from 0.10.3 to 0.10.4 (DefectDojo#6997)
6cd56f0 
Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.3 to 0.10.4.
- [Release notes](https://github.com/package-url/packageurl-python/releases)
- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst)
- [Commits](package-url/packageurl-python@v0.10.3...v0.10.4)

---
updated-dependencies:
- dependency-name: packageurl-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @kiblik
Bump sqlalchemy from 1.4.41 to 1.4.42 (DefectDojo#6996)
7bf9f69 
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.41 to 1.4.42.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@renovate @kiblik
Update rabbitmq:3.11.1-alpine Docker digest from 3.11.1 to 3.11.1-alp…
ea481e8 
…ine (docker-compose.yml) (DefectDojo#6993)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @kiblik
Update release-drafter/release-drafter action from v5.21.0 to v5.21.1…
868ac25 
… (.github/workflows/release-drafter.yml) (DefectDojo#7000)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@coheigea @kiblik
Parse Veracode library_id for SCA to get the maven component name (De…
0abbd1f 
…fectDojo#6995)
@CharlieSears @kiblik
Enable filtering Findings on steps_to_reproduce (DefectDojo#6970)
5b65e65
@dependabot @kiblik
Bump python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye (Defect…
27107ff 
…Dojo#6998)

Bumps python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@kiblik
Update asset and findings retrieval for Cobalt API parser (DefectDojo…
2ef1ed0 
…#7005)

Update the Cobalt API parser's `CobaltAPI` client to fetch the maximum
allowed number of findings and assets.
@github-actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

renovate bot and others added 3 commits October 26, 2022 12:11
@renovate @kiblik
Update tj-actions/changed-files action from v32 to v33 (.github/workf…
122d313 
…lows/submodule-update.yml) (DefectDojo#7014)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @kiblik
Update rabbitmq Docker tag from 3.11.1 to v3.11.2 (docker-compose.yml) (
64db9a2 
DefectDojo#7008)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@X0x1RG9f @kiblik
[FIX] Issues on disconnection and connection using Social Auth (Defec…
3bcf9c0 
…tDojo#6066)

* [FIX] Issues on disconnection and connection using OAuth

Fix two issues:
    - When disconnecting using OAuth and "SHOW_LOGIN_FORM = False", as return URL is not /login and does not contains next parameter, an error 500 is trigerred.
    - When connecing using OAuth and "SHOW_LOGIN_FORM = False", message "You have logged out" is displayed after logging in.

* Fixing Flake8 issues

* Update package.json

* Update __init__.py

* Update views.py

* Update pipeline.py

* Update Chart.yaml

* Update __init__.py

* Update views.py

* Update pipeline.py

* Update pipeline.py

* Update pipeline.py
@github-actions
Copy link
Contributor

github-actions bot commented Dec 5, 2022

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 7, 2022

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 6, 2023

Conflicts have been resolved. A maintainer will review the pull request shortly.

@kiblik kiblik mentioned this pull request Jan 10, 2023
Merged
@kiblik kiblik force-pushed the refactor_api_parsers branch from 1368f28 to d548a75 Compare January 10, 2023 22:28
@kiblik kiblik force-pushed the refactor_api_parsers branch from d548a75 to 6cd86d8 Compare January 10, 2023 22:44
@kiblik kiblik marked this pull request as ready for review January 11, 2023 21:11
@kiblik
Copy link
Contributor Author

kiblik commented Jan 12, 2023
edited
Loading

Hi, I would like to ask about your opinion about this PR (and testing if it is possible).

Thanks in advance.

@kiblik kiblik closed this Jan 13, 2023
@kiblik kiblik reopened this Jan 13, 2023
@damiencarol
Copy link
Contributor

This is good. @kiblik

ericcornelissen
ericcornelissen approved these changes Jan 13, 2023
View reviewed changes
Copy link
Contributor

@ericcornelissen ericcornelissen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything looks good and works correctly from Cobalt's side, thanks @kiblik

Maffooch
Maffooch approved these changes Jan 13, 2023
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent work as always 🤙🏼

@Maffooch Maffooch merged commit ae08e12 into DefectDojo:dev Jan 13, 2023
@kiblik kiblik deleted the refactor_api_parsers branch January 13, 2023 19:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@damiencarol damiencarol damiencarol approved these changes

@ericcornelissen ericcornelissen ericcornelissen approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
docker docs integration_tests parser ui unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@kiblik @Gby56 @damiencarol @ericcornelissen @Maffooch @coheigea @CharlieSears @X0x1RG9f @malexmave