Udated Anchorectl_vuln parser to also parse Anchore Enterprise Vulnerability report

[Sopuru]

I have added codes to update the current Anchorectl_vuln parser to also parse Anchore Enterprise Vulnerability report. This is the default json structure download via Anchore UI

Results

`(venv) josh@harbor:~/ANCHORE/defectDojo/django-DefectDojo-master$ python3 manage.py test unittests.tools.test_anchorectl_vulns_parser

System check identified no issues (0 silenced).
...

Ran 3 tests in 0.006s

OK
Destroying test database for alias 'default'...`

[dryrunsecurity]

DryRun Security Summary

The code changes enhance security scanning functionality through improved unit test coverage, support for new JSON formats, comprehensive vulnerability data handling, and better deduplication mechanisms in the vulnerability parsing system.

Expand for full summary

Summary:

The provided code changes cover several updates to the unit tests and the vulnerability parsing functionality in the application. The key highlights from a security perspective are:

1. Improved Unit Test Coverage: The changes include updates to existing unit tests and the addition of a new test case for the AnchoreCTLVulnsParser class. These tests ensure the parser can handle different input formats and correctly extract vulnerability data, which is crucial for maintaining the reliability and accuracy of the security scanning functionality.

2. Handling New JSON Format: The new unit test case specifically targets the parsing of a new JSON format for the anchorectl vulnerability output. This indicates that the parser has been updated to support evolving data formats, which is a positive change as it ensures the application can adapt to changes in the underlying tools and data sources.

3. Comprehensive Vulnerability Data: The updates to the parser.py file show that the application can now handle different data formats, including NVD and vendor-specific data, to extract more comprehensive vulnerability information. This allows the application to provide security teams with a broader range of vulnerability details, which can help in better understanding and addressing potential security risks.

4. Improved Deduplication and Finding Details: The changes in the parser.py file include a deduplication mechanism based on a unique key, as well as more detailed finding descriptions. These improvements help to ensure the vulnerability reports are more accurate and provide security teams with more contextual information to address the identified vulnerabilities.

Files Changed:

1. unittests/tools/test_anchorectl_vulns_parser.py: This file contains a unit test for the AnchoreCTLVulnsParser class, which has been updated to ensure the expected output of the parser is correctly parsed.

2. unittests/tools/test_anchorectl_vulns_new_parser.py: This is a new unit test file that targets the parsing of a new JSON format for the anchorectl vulnerability output, ensuring the parser can handle changes in the data format.

3. unittests/scans/anchorectl_vulns/newformat.json: This file appears to be a sample JSON file containing vulnerability data, which is likely used for testing the AnchoreCTLVulnsParser.

4. dojo/tools/anchorectl_vulns/parser.py: The changes in this file focus on improving the parsing and processing of vulnerability data from the AnchoreCTL vulnerability report, including handling different data formats, deduplicating findings, and providing more detailed finding descriptions.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[Maffooch]

Hi @Sopuru is this a replacement for #11618 ?

[Sopuru]

@Maffooch Yes, it is a replacement for it. I see some checks were not successful. I will work on it and update this

[dogboat]

Good work! The linter issues and failing tests need to be addressed, but otherwise good job integrating the new format while keeping the old format viable.

[dogboat]

Seems the old format has a list at the top level, and the .get() here is causing (the old) tests to fail. The data.get() two lines below will cause the same issue.

[dogboat]

Not a problem per se, but wondering if the mitigation string "Upgrade to None" (in the case where no fix is available) is ideal.

[Sopuru]

@dogboat Thank you for the review. I will fix the linter issues and failing tests.