Add imageTags to AWS SecurityHub and Inspector2 parsers

[hblankenship]

In the impact section of both parsers, the ImageTags (and imageTags respectively) portion was not being captured. This now captures the imageTags as a comma-separated string for the Impact section of the Finding.

[sc-9381]

[dryrunsecurity]

DryRun Security Summary

The pull request enhances the parsing and processing of AWS security findings by adding container image tag information, improving the context and effectiveness of security analysis across AWS Inspector2, Security Hub, and GuardDuty services.

Expand for full summary

Summary:

The code changes in this pull request focus on enhancing the parsing and processing of security findings from various AWS security services, including AWS Inspector2, AWS Security Hub, and AWS GuardDuty. The key changes across these files are the addition of container image tag information to the processed findings, providing more detailed context about the affected resources.

From an application security perspective, these changes are positive as they improve the security teams' ability to investigate and remediate the identified issues. The inclusion of image tag information can help security analysts better understand the context of the findings, identify potential vulnerabilities or misconfigurations related to the container images, and track the affected resources more effectively.

Additionally, the changes to handle different date/time formats for the LastObservedAt field and the creation of Endpoint objects for affected resources further improve the reliability and usefulness of the data provided by the Dojo application security tool.

Overall, these code changes demonstrate a security-focused approach to enhancing the security finding processing functionality, which can ultimately lead to more effective security analysis and remediation efforts.

Files Changed:

1. dojo/tools/aws_inspector2/parser.py:

   • Added a new field, "Image tags", to the list of details extracted for AWS_ECR_CONTAINER_IMAGE resources. This provides more detailed information about the ECR container image associated with the findings.

2. dojo/tools/awssecurityhub/inspector.py:

   • Added a new line to the impact list, which includes the image tags associated with the finding. This enhances the information available about the container image.

3. dojo/tools/awssecurityhub/compliance.py:

   • Added a new line to the impact list, including the "Image tags" information for the affected AWS ECR container image. This provides more context about the affected resources.

4. dojo/tools/awssecurityhub/guardduty.py:

   • Included the image tags in the impact section of the Finding object, providing more detailed information about the container image associated with the GuardDuty finding.
   • Improved the handling of the LastObservedAt field to support different date/time formats.
   • Created Endpoint objects for the affected resources, such as AWS ECR container images and EC2 instances.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved