Skip to content

feat(parsers): add IriusRisk threat model CSV parser#14384

Open
skywalke34 wants to merge 10 commits intoDefectDojo:devfrom
skywalke34:iriusrisk-parser
Open

feat(parsers): add IriusRisk threat model CSV parser#14384
skywalke34 wants to merge 10 commits intoDefectDojo:devfrom
skywalke34:iriusrisk-parser

Conversation

@skywalke34
Copy link
Contributor

@skywalke34 skywalke34 commented Feb 25, 2026

Description

New parser for IriusRisk threat model CSV exports. IriusRisk is a threat
modeling and risk management platform. The parser:

  • Parses CSV exports from IriusRisk threat model views
  • Maps all 14 CSV fields to DefectDojo Finding fields
  • Maps IriusRisk risk levels (Critical/High/Medium/Low/Very low) to
    DefectDojo severity levels
  • Extracts CWE numbers from MITRE references when present
  • Generates SHA-256 unique IDs for deduplication across reimports
  • Sets findings inactive when Current Risk is "Very low" (fully mitigated)

Test results

23 unit tests covering:

  • Empty file, single finding, and multiple findings parsing
  • All 5 severity levels (Critical, High, Medium, Low, Info)
  • Title truncation, component name extraction, description construction
  • Mitigation field mapping, active/inactive status logic
  • Unique ID generation and consistency
  • CWE extraction from MITRE references
  • STRIDE-LM and owner field handling

Documentation

Parser documentation at docs/content/supported_tools/parsers/file/iriusrisk.md
with export instructions, complete field mapping table, severity mapping, and
special processing notes.

Checklist

  • Rebased against the very latest dev
  • Submitted against dev branch
  • Meaningful PR name
  • Code is flake8/ruff compliant
  • Code is Python 3.13 compliant
  • Documentation included
  • No model changes, no migrations needed
  • Unit tests included (23 tests)
  • Label: Import Scans

Authored by T. Walker - DefectDojo

valentijnscholten
valentijnscholten reviewed Feb 25, 2026
View reviewed changes
@valentijnscholten valentijnscholten added this to the 2.56.0 milestone Feb 25, 2026
Maffooch
Maffooch requested changes Feb 26, 2026
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is pretty close overall!

@Maffooch Maffooch modified the milestones: 2.56.0, 2.57.0 Feb 27, 2026
@skywalke34 skywalke34 requested a review from Maffooch March 4, 2026 19:54
skywalke34 added 10 commits March 4, 2026 13:19
@skywalke34
test: add IriusRisk parser sample scan files
0242877 
Authored by T. Walker - DefectDojo
@skywalke34
feat: add IriusRisk parser stub for auto-discovery
8bf9a19 
Authored by T. Walker - DefectDojo
@skywalke34
test: add IriusRisk parser unit tests (failing, TDD)
11130e7 
Authored by T. Walker - DefectDojo
@skywalke34
feat: implement IriusRisk CSV threat parser
b3d23c6 
Authored by T. Walker - DefectDojo
@skywalke34
docs: add IriusRisk parser documentation
0eabae6 
Authored by T. Walker - DefectDojo
@skywalke34
fix: address gap analysis findings for IriusRisk parser
adfdb99 
- Update test CSVs from 12 to 14 columns (add MITRE reference, STRIDE-LM)
- Parse MITRE reference: CWE-NNN extracts to cwe field, other values to references
- Include STRIDE-LM in description when populated
- Add Critical to severity mapping
- Change static_finding to False per connector spec
- Update documentation to reflect all changes
- Add tests for CWE extraction, references, STRIDE-LM, and Critical severity

Authored by T. Walker - DefectDojo
@skywalke34
fix: remove computed unique_id_from_tool from IriusRisk parser
27bde60 
Per PR review feedback, parsers must not compute unique_id_from_tool.
Removed SHA-256 hash generation and related tests. Deduplication now
relies on DefectDojo's default hashcode algorithm. Updated docs
to reflect the change.

Authored by T. Walker - DefectDojo
@skywalke34
docs: remove parser line numbers from IriusRisk documentation
4485382 
Per PR review feedback, removed line number references from field
mapping tables and prose sections to reduce maintenance burden
when parser code changes.

Authored by T. Walker - DefectDojo
@skywalke34
fix: increase title truncation threshold from 150 to 500 characters
c5e158a 
Per PR review feedback, expanded title field to use more of the
available 511 characters. Added test data with 627-char threat
to verify truncation behavior. Updated docs accordingly.

Authored by T. Walker - DefectDojo
@skywalke34
feat: add hashcode deduplication config for IriusRisk parser
d694f35 
Register IriusRisk Threats Scan in HASHCODE_FIELDS_PER_SCANNER and
DEDUPLICATION_ALGORITHM_PER_PARSER so deduplication uses title and
component_name rather than the legacy algorithm. These stable fields
ensure reimports match existing findings even when risk levels or
countermeasure progress change between scans. Update docs to match.

Authored by T. Walker - DefectDojo
@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Mar 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valentijnscholten valentijnscholten valentijnscholten left review comments

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

docs parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR unittests

Projects

None yet

Milestone

2.57.0

Development

Successfully merging this pull request may close these issues.

3 participants

@skywalke34 @valentijnscholten @Maffooch