HCL AppScan on Cloud parser (with merged changes)

[xpert98]

⚠️ Note on feature completeness ⚠️

We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here:
https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md

Description

New parser for HCL AppScan on Cloud SAST results.

Test results

Unit tests (and samples) added. Tests pass.

Documentation

Documentation file added

Checklist

This checklist is for your information.

• Make sure to rebase your PR against the very latest dev.
• Features/Changes should be submitted against the dev.
• Bugfixes should be submitted against the bugfix branch.
• Give a meaningful name to your PR, as it may end up being used in the release notes.
• Your code is flake8 compliant.
• Your code is python 3.11 compliant.
• If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
• Model changes must include the necessary migrations in the dojo/db_migrations folder.
• Add applicable tests to the unit tests.
• Add the proper label to categorize your PR.

Extra information

Please clear everything below when submitting your pull request, it's here purely for your information.

[dryrunsecurity]

DryRun Security Summary

The provided code changes focus on improving the security, reliability, and maintainability of the DefectDojo application, including updates to Django settings, the addition of a new HCL AppScan on Cloud SAST parser, and the introduction of unit tests for the parser.

Expand for full summary

Summary:

The provided code changes cover various aspects of the DefectDojo application, including updates to the Django settings, the addition of a new HCL AppScan on Cloud SAST parser, and the introduction of unit tests for the parser. From an application security perspective, these changes focus on improving the security, reliability, and maintainability of the DefectDojo application.

The key security-related changes include:

1. Improved Django Security Settings: The updates to the Django settings file introduce several security-related directives, such as SECURE_SSL_REDIRECT, SECURE_CONTENT_TYPE_NOSNIFF, SESSION_COOKIE_HTTPONLY, and CSRF_COOKIE_HTTPONLY, which help enhance the overall security of the application.
2. Enhanced Authentication Configuration: The code changes include the configuration of various authentication methods, including SAML2, Remote User, and social authentication providers, which can improve the security of user authentication.
3. Rate Limiting and File Size Restrictions: The introduction of rate limiting settings and the ability to configure the maximum file size for scans added via the API can help mitigate potential denial-of-service attacks.
4. Improved Logging and Monitoring: The changes to the logging settings, including the ability to use JSON-formatted logs, can be beneficial for centralized logging and monitoring, which is essential for security incident detection and response.
5. HCL AppScan on Cloud SAST Parser: The new parser for the HCL AppScan on Cloud SAST tool is designed with security in mind, using the defusedxml library to mitigate potential XML-related vulnerabilities, and extracting relevant security information from the scan reports.
6. Unit Tests for the HCL AppScan on Cloud SAST Parser: The introduction of unit tests for the parser ensures that the parser can accurately extract and represent the security findings reported by the HCL ASOC SAST tool, which is crucial for effectively integrating and utilizing the tool within the application security ecosystem.

Overall, the provided code changes demonstrate a proactive approach to enhancing the security and reliability of the DefectDojo application, with a focus on improving security configurations, authentication mechanisms, logging and monitoring, and the integration of third-party security tools.

Files Changed:

1. dojo/settings/.settings.dist.py.sha256sum: The SHA-256 hash value of the dojo/settings/.settings.dist.py file has been updated, indicating that the configuration file has been modified.
2. docs/content/en/integrations/parsers/file/hcl_asoc_sast.md: A new documentation file has been added to provide information about the HCL AppScan on Cloud SAST integration in the DefectDojo project.
3. dojo/settings/settings.dist.py: The Django settings file has been updated with various security-related configurations, authentication methods, rate limiting settings, and logging improvements.
4. dojo/tools/hcl_asoc_sast/__init__.py: A simple change has been made to add the author attribution to this file.
5. dojo/tools/hcl_asoc_sast/parser.py: A new parser for the HCL AppScan on Cloud SAST tool has been introduced, with a focus on security-conscious XML parsing and the extraction of relevant security information.
6. unittests/tools/test_hcl_asoc_sast_parser.py: Unit tests have been added to ensure the accuracy and reliability of the HCL AppScan on Cloud SAST parser.

Code Analysis

We ran 9 analyzers against 9 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[Maffooch]

@xpert98 you may need to merge the current dev branch into your PR to get rid of the changes that are unrelated to this PR

[xpert98]

@Maffooch I did yesterday in order to get past unit test failures unrelated to my changes. The current conflict is due to the .settings.dist.py.sha265sum not matching because i had to change settings.dist.py to accommodate the new parser.