secureCodeBox · rfelber · Aug 11, 2021 · Aug 10, 2021 · Aug 10, 2021 · Aug 11, 2021
diff --git a/hooks/persistence-defectdojo/hook/build.gradle b/hooks/persistence-defectdojo/hook/build.gradle
@@ -22,7 +22,7 @@ repositories {
 dependencies {
   implementation 'io.kubernetes:client-java:12.0.0'
 
-  implementation 'io.securecodebox:defectdojo-client:0.0.18-SNAPSHOT'
+  implementation 'io.securecodebox:defectdojo-client:0.0.19-SNAPSHOT'
 
   implementation group: 'org.springframework', name: 'spring-web', version: '5.3.9'
   implementation 'com.fasterxml.jackson.core:jackson-core:2.12.4'

diff --git a/...in/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java b/...in/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java
@@ -25,7 +25,7 @@
 public class SecureCodeBoxFindingsToDefectDojoMapper {
   private static final Logger LOG = LoggerFactory.getLogger(SecureCodeBoxFindingsToDefectDojoMapper.class);
   private static final DateTimeFormatter dtf = DateTimeFormatter.ofPattern("yyyy-MM-dd");
-  private static final ObjectWriter prettyJSONPrinter = new ObjectMapper().writerWithDefaultPrettyPrinter();
+  private static final ObjectWriter prettyJSONPrinter = new ObjectMapper().findAndRegisterModules().writerWithDefaultPrettyPrinter();
 
   /**
    * Converts a SecureCodeBox Findings JSON String to a DefectDojo Findings JSON String.
@@ -36,7 +36,9 @@ public class SecureCodeBoxFindingsToDefectDojoMapper {
    */
   public static String fromSecureCodeboxFindingsJson(String scbFindingsJson) throws IOException {
     LOG.debug("Converting SecureCodeBox Findings to DefectDojo Findings");
-    ObjectMapper mapper = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+    ObjectMapper mapper = new ObjectMapper()
+      .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
+      .findAndRegisterModules();
     List<DefectDojoImportFinding> DefectDojoImportFindings = new ArrayList<>();
     List<SecureCodeBoxFinding> secureCodeBoxFindings = mapper.readValue(scbFindingsJson, new TypeReference<>() {
     });
@@ -50,6 +52,25 @@ public static String fromSecureCodeboxFindingsJson(String scbFindingsJson) throw
     return ddFindingJson.toString();
   }
 
+  protected static String convertToDefectDojoSeverity(SecureCodeBoxFinding.Severities severity) {
+    if (severity == null) {
+      return "Info";
+    }
+
+    switch (severity) {
+      case HIGH:
+        return "High";
+      case MEDIUM:
+        return "Medium";
+      case LOW:
+        return "Low";
+      case INFORMATIONAL:
+        return "Info";
+    }
+
+    return "Info";
+  }
+
   /**
    * Converts a SecureCodeBox Finding to a DefectDojo Finding,
    * that can be imported by the DefectDojo Generic JSON Parser.
@@ -62,8 +83,7 @@ protected static DefectDojoImportFinding fromSecureCodeBoxFinding(SecureCodeBoxF
     //set basic Finding info
     DefectDojoImportFinding result = new DefectDojoImportFinding();
     result.setTitle(secureCodeBoxFinding.getName());
-    if (secureCodeBoxFinding.getSeverity() != null)
-      result.setSeverity(capitalize(secureCodeBoxFinding.getSeverity().toString()));
+    result.setSeverity(convertToDefectDojoSeverity(secureCodeBoxFinding.getSeverity()));
     result.setUniqueIdFromTool(secureCodeBoxFinding.getId());
     // set DefectDojo description as combination of SecureCodeBox Finding description and Finding attributes
     String description = secureCodeBoxFinding.getDescription();

diff --git a/...istence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/S3Service.java b/...istence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/S3Service.java
@@ -19,7 +19,7 @@ public class S3Service {
   private static final Logger LOG = LoggerFactory.getLogger(S3Service.class);
 
   public void overwriteFindings(String url, List<SecureCodeBoxFinding> secureCodeBoxFindings) throws IOException, InterruptedException {
-    ObjectMapper mapper = new ObjectMapper();
+    ObjectMapper mapper = new ObjectMapper().findAndRegisterModules();
     var findingJson = mapper.writeValueAsString(secureCodeBoxFindings);
 
     LOG.info("Uploading Findings to S3");

diff --git a/...ava/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java b/...ava/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java
@@ -44,7 +44,7 @@ public void yieldsCorrectResult() throws IOException {
   public void correctlyParsesFindings() throws IOException {
     var name = "Name";
     var description = "Description";
-    var severity = "HIGH";
+    var severity = "High";
     var id = "123";
     var parsedAt = "2020-04-15T12:27:28.153Z";
     var location = "ldap://[2001:db8::7]/c=GB?objectClass?one";

diff --git a/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-dd-findings.json b/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-dd-findings.json
@@ -3,7 +3,7 @@
     {
       "title": "Read access to pod's service account token",
       "description": " Accessing the pod service account token gives an attacker the option to use the server API \n {\n  \"evidence\" : \"eyJhbGciOiJSUzI1NiIsImtpZCI6IkxuOE9ZaGt1SFFabmwzN3ZEYlg1R2ZqX25VVWtnWUlnU0VOdExBbWE4VFEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Imx1cmNoZXItdG9rZW4tdjI4cWIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibHVyY2hlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjIzMTg2YTI5LTY0NDQtNGI3Ny1hZjA1LTY5YzcyYWViZWYwZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0Omx1cmNoZXIifQ.IeiByhB-g3W6Zzr4_cEU2sdfyAHVwgnKn-apu8YVkS9886zSeg_BB4F-KsljFApt8gZA4gzLEMuDTEubURkD-omaWw6_eHkV_SfIiD69rvLFC-wTtLLxQijrfBa1ZJ6PxI1kVnykaWMnmBUbkqaK-xsnhw8_pk536qWjwEFUyf6PUUg1wzk_IpEQAY8paDzB1Od2eoE18NbXUFZYllsqKZly59jvsjwPRRHk8yYr3eQW6AyxBezOhpY9qI3kooKY2_mzMXAiyrcmb-apucQabMuDfVaFF7zR0OQ-1wR_hwH-ZfLZXjf9S0Im8_Hf0WLPw60iWp5d9g_kdKuysPlJGg\",\n  \"kubeHunterRule\" : \"Access Secrets\"\n}",
-      "severity": "LOW",
+      "severity": "Low",
       "date": "2020-04-15",
       "unique_id_from_tool": "df9afbb5-f0c4-475b-a0e5-e3635c55917a",
       "endpoints": [
@@ -13,7 +13,7 @@
     {
       "title": "CAP_NET_RAW Enabled",
       "description": "CAP_NET_RAW is enabled by default for pods.\n    If an attacker manages to compromise a pod,\n    they could potentially take advantage of this capability to perform network\n    attacks on other pods running on the same node\n {\n  \"evidence\" : \"\",\n  \"kubeHunterRule\" : \"Pod Capabilities Hunter\"\n}",
-      "severity": "LOW",
+      "severity": "Low",
       "date": "2020-04-16",
       "unique_id_from_tool": "341ad0c8-0f3b-47ff-9b89-83d4a7e121f7",
       "endpoints": [
@@ -23,7 +23,7 @@
     {
       "title": "Access to pod's secrets",
       "description": " Accessing the pod's secrets within a compromised pod might disclose valuable data to a potential attacker\n {\n  \"evidence\" : \"['/var/run/secrets/kubernetes.io/serviceaccount/token', '/var/run/secrets/kubernetes.io/serviceaccount/namespace', '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', '/var/run/secrets/kubernetes.io/serviceaccount/..2021_05_17_21_58_54.448582170/token', '/var/run/secrets/kubernetes.io/serviceaccount/..2021_05_17_21_58_54.448582170/namespace', '/var/run/secrets/kubernetes.io/serviceaccount/..2021_05_17_21_58_54.448582170/ca.crt']\",\n  \"kubeHunterRule\" : \"Access Secrets\"\n}",
-      "severity": "LOW",
+      "severity": "Low",
       "date": "2020-04-17",
       "unique_id_from_tool": "eb0c75cf-beef-4fd8-b2ed-6e46a5afa1bc",
       "endpoints": [