Skip to content

docs: add field info Rapidfire vulnerability scanner #11909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 17 commits into
base: dev
Choose a base branch
from
Open

docs: add field info Rapidfire vulnerability scanner #11909

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
8d3ae9e
Add Rapidfire vulnerability scanner parser
Feb 27, 2025
b913018
Fix formatting in Rapidfire parser's impact section and ruff lint errors
Feb 27, 2025
5060283
Fix Rapidfire parser's ruff lint errors again
Feb 27, 2025
643f8e3
Fix Rapidfire parser's ruff lint errors yet again
Feb 27, 2025
2fdad40
Fix Rapidfire parser's ruff lint errors 3rd time a charm
Feb 27, 2025
e395078
Fix Rapidfire parser's ruff lint errors 4th time
Feb 27, 2025
4d8ab42
Fix Rapidfire parser's ruff lint errors 1 missing line!
Feb 27, 2025
5f229c6
Missing title in doc
Feb 27, 2025
0735e2a
Merge remote-tracking branch 'upstream/dev' into rapidfire-clean
Mar 3, 2025
ab37194
Merge remote-tracking branch 'upstream/dev' into rapidfire-clean
Mar 5, 2025
b6b1c96
Update documentation details within parser code, unit tests and unitt…
Mar 7, 2025
d4311d1
Clean Ruff lint errors
Mar 7, 2025
5faea6e
Broke unit tests with missing spaces.
Mar 7, 2025
48650de
Ruff Lint Errors
Mar 7, 2025
514c3b4
Update rapidfire.md
Maffooch Mar 7, 2025
bf43cab
Update rapidfire.md to include missing sections
skywalke34 Mar 11, 2025
067ca30
Merge branch 'DefectDojo:master' into rapidfire-clean
skywalke34 Apr 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions docs/content/en/connecting_your_tools/parsers/file/rapidfire.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
---
title: Rapidfire CSV Parser
toc_hide: true
---

# Rapidfire CSV Parser

## CSV Field Mappings

Total Fields in CSV: 17

| CSV Field | Finding Field | Parser Line # | Notes |
|-----------|---------------|---------------|-------|
| IP Address | endpoints[].host | 162-173 | Used if hostname not available |
| Hostname | endpoints[].host | 162-173 | Primary choice for endpoint host |
| MAC Address | description | 134-136 | Added to description with "MAC Address:" prefix |
| Severity | severity | 149 | Capitalized and validated against SEVERITIES, defaults to Info |
| Issue | title | 107-110 | Direct mapping, stripped of whitespace |
| Ports | endpoints[].port | 165-166 | Extracted number before "/" using regex |
| OID | vuln_id_from_tool | 152 | Direct mapping |
| CVE | unsaved_vulnerability_ids | 176-177 | Split on comma, filtered to valid CVE IDs |
| Last Detected | date | 151 | Parsed to datetime using dateutil.parser |
| Known Exploited Vulnerability | description | 131-132 | Added to description with prefix |
| Summary | description | 117-118 | Added to description with "Summary:" prefix |
| Vulnerability Detection Result | description | 119-120 | Added to description with prefix |
| Solution | mitigation | 150 | Direct mapping |
| Vulnerability Insight | impact | 82-103 | Formatted with CVEs into impact field |
| Vulnerability Detection Method | description | 121-122 | Added to description with prefix |
| References | references | 70-124 | Formatted into markdown list of links |
| Known To Be Used In Ransomware Campaigns | description, tags | 137-138, 179-180 | Adds warning to description and "ransomware" tag |

## Summary

* Total CSV Fields: 17
* Mapped Fields: 17
* Unmapped Fields: 0

## Additional Finding Field Settings

| Finding Field | Value | Parser Line # | Notes |
|---------------|-------|---------------|-------|
| test | test parameter | 153 | Set from test parameter passed to get_findings |
| dynamic_finding | True | 153 | Hardcoded to True for all findings |
| static_finding | False | 154 | Hardcoded to False for all findings |

## Processing Notes

* Deduplication is performed using combination of title, IP address, hostname and port
* For duplicate findings, the existing finding is updated rather than creating a new one
* The parser uses csv.DictReader with comma delimiter and quote character
* Empty rows are skipped
* References are formatted into a readable markdown list with descriptive link text
* Impact field is specially formatted to combine vulnerability insight and CVE details
* Date parsing handles various formats and falls back to current time
* Port extraction handles various formats like "8080/tcp" or "443/tcp (https)"

### File Types
The Rapidfire parser accepts CSV files exported from Rapidfire vulnerability scanner. The CSV should contain vulnerability findings with fields including IP address, hostname, severity, issue details, CVEs, and other metadata.

### Sample Scan Data
Sample scan data for the Rapidfire CSV parser can be found in the [unittests/scans/rapidfire](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/rapidfire) directory.
There are samples for:
* `one_vuln.csv` - A file containing a single vulnerability finding
* `many_vulns.csv` - A file containing multiple vulnerability findings
* `no_vuln.csv` - An empty scan with no vulnerabilities
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't leave out invalid_date.csv and complex_ports.csv! Those are awesome too!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I may have created more issues by creating the invalid_date.csv and complex_ports.csv early when encountering errors. I have access an original rapidfire .csv output with more than 2 examples, so I will review the accuracy of these unit test .csv files...


### Link To Tool
Rapidfire is a commercial vulnerability scanning tool used for network and application security assessments. For more information, visit the vendor's website [www.rapidfire.com](https://www.rapidfire.com/).
2 changes: 2 additions & 0 deletions dojo/settings/settings.dist.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1347,6 +1347,7 @@ def saml2_attrib_map_format(din):
"KrakenD Audit Scan": ["description", "mitigation", "severity"],
"Red Hat Satellite": ["description", "severity"],
"Qualys Hacker Guardian Scan": ["title", "severity", "description"],
"Rapidfire Scan": ["title", "severity", "vuln_id_from_tool"],
}

# Override the hardcoded settings here via the env var
Expand Down Expand Up @@ -1598,6 +1599,7 @@ def saml2_attrib_map_format(din):
"PTART Report": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
"Red Hat Satellite": DEDUPE_ALGO_HASH_CODE,
"Qualys Hacker Guardian Scan": DEDUPE_ALGO_HASH_CODE,
"Rapidfire Scan": DEDUPE_ALGO_HASH_CODE,
}

# Override the hardcoded settings here via the env var
Expand Down
Empty file added dojo/tools/rapidfire/__init__.py
View file
Open in desktop
Empty file.
Loading
Loading