diff --git a/dojo/tools/neuvector/parser.py b/dojo/tools/neuvector/parser.py index 7e01169ef3..a228a33f48 100644 --- a/dojo/tools/neuvector/parser.py +++ b/dojo/tools/neuvector/parser.py @@ -182,7 +182,7 @@ def get_asset_item(vulnerability, test): description=description, severity=severity, impact="", - url=reference, + references=[reference], cvssv3=vulnerability.get("vectors_v3", ""), cvssv3_score=vulnerability.get("score_v3", ""), publish_date=published_date, @@ -194,47 +194,66 @@ def get_asset_item(vulnerability, test): nodes = vulnerability.get("nodes", []) for asset in nodes: - endpoint = endpoint_from_asset("node", asset) - finding.unsaved_endpoints.append(endpoint) + endpoints = endpoints_from_asset("node", asset) + finding.unsaved_endpoints += endpoints workloads = vulnerability.get("workloads", []) for asset in workloads: - endpoint = endpoint_from_asset("workload", asset) - finding.unsaved_endpoints.append(endpoint) + endpoints = endpoints_from_asset("workload", asset) + finding.unsaved_endpoints += endpoints images = vulnerability.get("images", []) for asset in images: - endpoint = endpoint_from_asset("image", asset) - finding.unsaved_endpoints.append(endpoint) + endpoints = endpoints_from_asset("image", asset) + finding.unsaved_endpoints += endpoints platforms = vulnerability.get("platforms", []) for asset in platforms: - endpoint = endpoint_from_asset("platform", asset) - finding.unsaved_endpoints.append(endpoint) + endpoints = endpoints_from_asset("platform", asset) + finding.unsaved_endpoints += endpoints return finding -def endpoint_from_asset(kind, asset): +def endpoints_from_asset(kind, asset): + endpoints = [] + # usually, there is only one namespace (domain, as NeuVector name it) namespaces = asset.get("domains", []) name = asset.get("display_name", "") if kind == "workload": + # only workload assets have 'service' field service = asset.get("service", "unknown_service") - image = asset.get("image", "unknown_image") - name += f"/{service}/{image}" + name += f"/{service}" - endpoint = Endpoint( + # in principle, naming follows the approach chosen for trivy parser + endpoints.append(Endpoint( # host needs to comply with domain name syntax, we just expect that # there will be only one namespace host='-'.join(namespaces), # we abuse path to have as much details as possible - path=f"{kind}/{name}" - ) + path=f"{kind}/{name}", + )) - return endpoint + # if it is a workload and it has an associated image, add image as a + # separate endpoint + if kind == "workload" and asset.get("image", "") != "": + image = asset.get("image", "unknown_image") + # image value example: + # someregistry.com/bitnami/postgresql:11.21.0-debian-11-r58 + artifact_and_tag = image.split("/")[-1] + # extracting only image name, without tag or digest + artifact_name = artifact_and_tag.split("@")[0] + artifact_name = artifact_name(":")[0] + + endpoints.append(Endpoint( + host=f"{artifact_name}", + path=f"{image}", + )) + + return endpoints # see neuvector/share/types.go def convert_severity(severity):