Burp Enterprise renamed to Burp DAST (#12604)

* Burp Enterprise renamed to Burp DAST

* Burp Enterprise renamed to Burp DAST

* Burp Enterprise renamed to Burp DAST

Author: valentijnscholten

docs/content/en/connecting_your_tools/parsers/file/burp.md

@@ -4,7 +4,7 @@ toc_hide: true
 ---
 ### File Types
 DefectDojo parser accepts Burp Issue data as an .xml file.
-To parse an HTML file instead, use this method: https://documentation.defectdojo.com/integrations/parsers/file/burp_enterprise/
+To parse an HTML file instead, use this method: https://documentation.defectdojo.com/integrations/parsers/file/burp_suite_dast/
 
 When the Burp report is generated, **the recommended option is Base64
 encoding both the request and response fields** - e.g. check the box

docs/content/en/connecting_your_tools/parsers/file/burp_graphql.md

@@ -1,8 +1,8 @@
 ---
-title: "Burp GraphQL"
+title: "Burp Suite DAST GraphQL"
 toc_hide: true
 ---
-Import the JSON data returned from the BurpSuite Enterprise GraphQL API. Append all the
+Import the JSON data returned from the BurpSuite DAST GraphQL API. Append all the
 issues returned to a list and save it as the value for the key "Issues". There is no need
 to filter duplicates, the parser will automatically combine issues with the same name.
 

docs/content/en/connecting_your_tools/parsers/file/burp_enterprise.md renamed to docs/content/en/connecting_your_tools/parsers/file/burp_suite_dast.md

@@ -1,26 +1,26 @@
 ---
-title: "Burp Enterprise Scan"
+title: "Burp Suite DAST Scan (formerly known as Burp Enterprise)"
 toc_hide: true
 ---
 
 ## Overview
-The Burp Enterprise Scan parser processes HTML reports from Burp Enterprise Edition and imports the findings into DefectDojo. The parser extracts vulnerability details, severity ratings, descriptions, remediation steps, and other metadata from the HTML report.
+The Burp Suite DAST Scan parser processes HTML reports from Burp Suite DAST and imports the findings into DefectDojo. The parser extracts vulnerability details, severity ratings, descriptions, remediation steps, and other metadata from the HTML report.
 
 ## Supported File Types
 The parser accepts a Standard Report as an HTML file. To parse an XML file instead, use the [Burp XML parser](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/burp/).
 
-See the Burp documentation for information on how to export a Standard Report: [PortSwigger Enterprise Edition Downloading reports](https://portswigger.net/burp/documentation/enterprise/work-with-scan-results/generate-reports)
+See the Burp documentation for information on how to export a Standard Report: [Burp Suite DAST Downloading reports](https://portswigger.net/burp/documentation/dast/user-guide/work-with-scan-results/generate-reports)
 
 ## Standard Format HTML (Main Format)
 
 ### Total Fields in HTML
-- Total data fields in Burp Enterprise Scan HTML output: 15
+- Total data fields in Burp Suite DAST Scan HTML output: 15
 - Total data fields parsed into DefectDojo finding: 13
 - Total data fields NOT parsed: 2
 
 ### Standard Format Field Mapping Details
 
-| Data Field # | Burp Enterprise Scan Data Field | DefectDojo Finding Field | Parser Line # | Notes |
+| Data Field # | Burp Suite DAST Scan Data Field | DefectDojo Finding Field | Parser Line # | Notes |
 |-------------|--------------------------------|--------------------------|--------------|-------|
 | 1 | Title | title | 101, 165 | Extracted from issue container h2 element and table rows with "issue-type-row" class |
 | 2 | Severity | severity | 101, 168 | Extracted from table rows, mapped directly (High/Medium/Low/Info) |
@@ -39,7 +39,7 @@ See the Burp documentation for information on how to export a Standard Report: [
 | 15 | Issue ID/Anchor | Not Parsed | - | HTML anchor tags like "#7459896704422157312" are not extracted |
 
 ### Field Mapping Details
-The parser has different handling logic for various sections of the Burp Enterprise report:
+The parser has different handling logic for various sections of the Burp Suite DAST report:
 
 - For table content sections (using `table_contents_xpath`), the parser extracts:
   - Base endpoint from h1 elements (e.g., "https://instance.example.com")
@@ -101,7 +101,7 @@ This parser has special handling for different section types within the HTML rep
 - It extracts CWE numbers and vulnerability classifications from reference sections
 
 ### Sample Scan Data
-Sample Burp Enterprise Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp_enterprise).
+Sample Burp Suite DAST Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp_suite_dast).
 
 ### Link to Tool
-[Burp Enterprise Edition](https://portswigger.net/burp/enterprise)
+[Burp Suite DAST](https://portswigger.net/burp/dast)

dojo/settings/settings.dist.py

@@ -1249,6 +1249,7 @@ def saml2_attrib_map_format(din):
     "Aqua Scan": ["severity", "vulnerability_ids", "component_name", "component_version"],
     "Bandit Scan": ["file_path", "line", "vuln_id_from_tool"],
     "Burp Enterprise Scan": ["title", "severity", "cwe"],
+    "Burp Suite DAST": ["title", "severity", "cwe"],
     "Burp Scan": ["title", "severity", "vuln_id_from_tool"],
     "CargoAudit Scan": ["vulnerability_ids", "severity", "component_name", "component_version", "vuln_id_from_tool"],
     "Checkmarx Scan": ["cwe", "severity", "file_path"],
@@ -1474,9 +1475,10 @@ def saml2_attrib_map_format(din):
     "AWS Prowler Scan": DEDUPE_ALGO_HASH_CODE,
     "AWS Prowler V3": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
     "AWS Security Finding Format (ASFF) Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
-    "Burp REST API": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
     "Bandit Scan": DEDUPE_ALGO_HASH_CODE,
+    "Burp REST API": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
     "Burp Enterprise Scan": DEDUPE_ALGO_HASH_CODE,
+    "Burp Suite DAST Scan": DEDUPE_ALGO_HASH_CODE,
     "Burp Scan": DEDUPE_ALGO_HASH_CODE,
     "CargoAudit Scan": DEDUPE_ALGO_HASH_CODE,
     "Checkmarx Scan detailed": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,

dojo/tools/burp_graphql/parser.py

@@ -14,10 +14,10 @@ def get_scan_types(self):
         return ["Burp GraphQL API"]
 
     def get_label_for_scan_types(self, scan_type):
-        return scan_type  # no custom label for now
+        return "Burp Suite DAST GraphQL API"
 
     def get_description_for_scan_types(self, scan_type):
-        return "Import Burp Enterprise Edition findings from the GraphQL API"
+        return "Import Burp Suite DAST findings from the GraphQL API"
 
     def get_findings(self, filename, test):
         data = json.load(filename)

dojo/tools/burp_enterprise/__init__.py renamed to dojo/tools/burp_suite_dast/__init__.py

@@ -8,7 +8,7 @@
 logger = logging.getLogger(__name__)
 
 
-class BurpEnterpriseParser:
+class BurpSuiteDASTParser:
     vulnerability_list_xpath = (
         "/html/body/div/div[contains(@class, 'section details')]/div[contains(@class, 'issue-container')]"
     )
@@ -20,13 +20,15 @@ class BurpEnterpriseParser:
     references_headers = ["vulnerability classifications", "references"]
 
     def get_scan_types(self):
-        return ["Burp Enterprise Scan"]
+        return ["Burp Suite DAST Scan", "Burp Enterprise Scan"]
 
     def get_label_for_scan_types(self, scan_type):
-        return scan_type  # no custom label for now
+        return scan_type if scan_type == "Burp Suite DAST Scan" else "Burp Enterprise Scan (RENAMED to Burp Suite DAST Scan)"
 
     def get_description_for_scan_types(self, scan_type):
-        return "Import Burp Enterprise Edition findings in HTML format"
+        if scan_type == "Burp Suite DAST Scan":
+            return "Import Burp Suite DAST findings in HTML format"
+        return "Import Burp Enterprise Edition findings in HTML format (RENAMED to Burp Suite DAST Scan)"
 
     def get_findings(self, filename, test):
         tree = html.parse(filename)

dojo/tools/burp_enterprise/parser.py renamed to dojo/tools/burp_suite_dast/parser.py

@@ -64,7 +64,7 @@ def get_scan_types_sorted():
 
 def get_choices_sorted():
     inactive_test_types = get_inactive_test_types()
-    res = [(key, key) for key in PARSERS if key not in inactive_test_types]
+    res = [(key, PARSERS[key].get_label_for_scan_types(key)) for key in PARSERS if key not in inactive_test_types]
     return sorted(res, key=lambda x: x[1].lower())