feat(parsers): add IriusRisk threat model CSV parser#14384
Open
skywalke34 wants to merge 6 commits intoDefectDojo:devfrom
Open
feat(parsers): add IriusRisk threat model CSV parser#14384skywalke34 wants to merge 6 commits intoDefectDojo:devfrom
skywalke34 wants to merge 6 commits intoDefectDojo:devfrom
Conversation
Authored by T. Walker - DefectDojo
Authored by T. Walker - DefectDojo
Authored by T. Walker - DefectDojo
Authored by T. Walker - DefectDojo
Authored by T. Walker - DefectDojo
- Update test CSVs from 12 to 14 columns (add MITRE reference, STRIDE-LM) - Parse MITRE reference: CWE-NNN extracts to cwe field, other values to references - Include STRIDE-LM in description when populated - Add Critical to severity mapping - Change static_finding to False per connector spec - Update documentation to reflect all changes - Add tests for CWE extraction, references, STRIDE-LM, and Critical severity Authored by T. Walker - DefectDojo
|
|
||
| ### Deduplication | ||
|
|
||
| The parser generates a `unique_id_from_tool` by computing a SHA-256 hash of the Component, Threat, and Risk Response fields concatenated with pipe delimiters (lines 74-77). This ensures that each distinct combination of component, threat, and mitigation state produces a unique identifier. On reimport, findings with matching unique IDs are recognized as the same finding rather than being duplicated. |
Member
There was a problem hiding this comment.
I've been informed we must never compute this value in a parser. I think there is great value in letting the parsers calculate this value or possible a new field called unique_id_from_parser, but until now haven't been seen agreement on doing this.
Maffooch
requested changes
Feb 26, 2026
Contributor
Maffooch
left a comment
Maffooch
left a comment
There was a problem hiding this comment.
This is pretty close overall!
|
|
||
| | Source Field | DefectDojo Field | Parser Line # | Notes | | ||
| | ------------------------ | -------------------- | ------------- | --------------------------------------------------------------------- | | ||
| | Threat | title | 51 | Truncated to 150 characters with "..." suffix if longer | |
Contributor
There was a problem hiding this comment.
In the past, we have pushed back on line numbers in the docs as drift can occur in the parser over time to make the documented line numbers inaccurate
Comment on lines
+50
to
+51
| # Title: truncate to 150 chars with ellipsis if needed | ||
| title = threat[:147] + "..." if len(threat) > 150 else threat |
Contributor
There was a problem hiding this comment.
We have upwards of 511 characters to work with here. May want to increase the threshold that we start adding ellipses to, but I am not super opinionated here
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
New parser for IriusRisk threat model CSV exports. IriusRisk is a threat
modeling and risk management platform. The parser:
DefectDojo severity levels
Test results
23 unit tests covering:
Documentation
Parser documentation at
docs/content/supported_tools/parsers/file/iriusrisk.mdwith export instructions, complete field mapping table, severity mapping, and
special processing notes.
Checklist
devdevbranchAuthored by T. Walker - DefectDojo