Add Rapidfire vulnerability scanner parser

[skywalke34]

Description
Rapidfire Scan Parser

Test results
Following tests are executed against 5 .csv files in unittests/scans/rapidfire directory:

test_complex_port_formats (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_complex_port_formats)
Test parsing findings with various port formats ... ok

test_date_parsing (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_date_parsing)
Test date parsing from various formats ... ok

test_empty_rows (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_empty_rows)
Test parser handles empty rows gracefully ... ok

test_impact_formatting (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_impact_formatting)
Test impact formatting with various inputs ... ok

test_invalid_dates (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_invalid_dates)
Test parsing findings with invalid date formats ... ok

test_invalid_severity (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_invalid_severity)
Test parser handles invalid severity values ... ok

test_parse_cves (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_parse_cves)
Test CVE parsing function ... ok

test_parse_many_findings (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_parse_many_findings)
Test parsing a Rapidfire report with multiple findings ... ok

test_parse_no_findings (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_parse_no_findings)
Test parsing a RapidFire report with no findings ... ok

test_parse_one_finding (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_parse_one_finding)
Test parsing a Rapidfire report with one finding ... ok

test_parse_one_finding_impact (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_parse_one_finding_impact)
Test parsing a finding with properly formatted impact ... ok

test_port_extraction (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_port_extraction)
Test port extraction from various formats ... ok

test_reference_formatting (unittests.tools.test_rapidfire_parser.TestRapidFireParser.test_reference_formatting)
Test reference string formatting ... ok

Ran 13 tests in 0.016s
OK

Documentation
Contents of docs/content/en/connecting_your_tools/parsers/file/rapidfire.md

Rapidfire CSV Parser

CSV Field Mappings

Total Fields in CSV: 17

CSV Field	Finding Field	Parser Line #	Notes
IP Address	endpoints[].host	162-173	Used if hostname not available
Hostname	endpoints[].host	162-173	Primary choice for endpoint host
MAC Address	description	134-136	Added to description with "MAC Address:" prefix
Severity	severity	149	Capitalized and validated against SEVERITIES, defaults to Info
Issue	title	107-110	Direct mapping, stripped of whitespace
Ports	endpoints[].port	165-166	Extracted number before "/" using regex
OID	vuln_id_from_tool	152	Direct mapping
CVE	unsaved_vulnerability_ids	176-177	Split on comma, filtered to valid CVE IDs
Last Detected	date	151	Parsed to datetime using dateutil.parser
Known Exploited Vulnerability	description	131-132	Added to description with prefix
Summary	description	117-118	Added to description with "Summary:" prefix
Vulnerability Detection Result	description	119-120	Added to description with prefix
Solution	mitigation	150	Direct mapping
Vulnerability Insight	impact	82-103	Formatted with CVEs into impact field
Vulnerability Detection Method	description	121-122	Added to description with prefix
References	references	70-124	Formatted into markdown list of links
Known To Be Used In Ransomware Campaigns	description, tags	137-138, 179-180	Adds warning to description and "ransomware" tag

Summary

• Total CSV Fields: 17
• Mapped Fields: 17
• Unmapped Fields: 0

Additional Finding Field Settings

Finding Field	Value	Parser Line #	Notes
test	test parameter	153	Set from test parameter passed to get_findings
dynamic_finding	True	153	Hardcoded to True for all findings
static_finding	False	154	Hardcoded to False for all findings

Processing Notes

• Deduplication is performed using combination of title, IP address, hostname and port
• For duplicate findings, the existing finding is updated rather than creating a new one
• The parser uses csv.DictReader with comma delimiter and quote character
• Empty rows are skipped
• References are formatted into a readable markdown list with descriptive link text
• Impact field is specially formatted to combine vulnerability insight and CVE details
• Date parsing handles various formats and falls back to current time
• Port extraction handles various formats like "8080/tcp" or "443/tcp (https)"

Extra information

[dryrunsecurity]

DryRun Security Summary

A new RapidFire CSV parser implementation for DefectDojo enables multi-file vulnerability scan parsing while raising security concerns about information exposure, vulnerability risks, and sensitive data handling.

Expand for full summary

The pull request introduces a new RapidFire CSV parser for DefectDojo, adding support for parsing vulnerability scan results across multiple files and implementing comprehensive security-related parsing logic.

Security Findings:

1. Potential Information Exposure: Internal hostnames, IP addresses, and MAC addresses revealed across multiple test CSV files
2. Vulnerability Risks: Multiple high-severity Apache Tomcat vulnerabilities identified (CVE-2023-42795, CVE-2023-44487, CVE-2023-45648)
3. Network Exposure: Detailed port information and internal network topology disclosed
4. Sensitive Information: Includes references to ransomware campaigns, CVEs, and vulnerability detection methods
5. Parsing Risks: Potential for information mixing during CSV parsing and reference formatting

Code Analysis

We ran 7 analyzers against 9 files and 0 analyzers had findings. 7 analyzers had no findings.

View PR in the DryRun Dashboard.