Skip to content

Comments

feat(parsers): add IriusRisk threat model CSV parser#14384

Open
skywalke34 wants to merge 6 commits intoDefectDojo:devfrom
skywalke34:iriusrisk-parser
Open

feat(parsers): add IriusRisk threat model CSV parser#14384
skywalke34 wants to merge 6 commits intoDefectDojo:devfrom
skywalke34:iriusrisk-parser

Conversation

@skywalke34
Copy link
Contributor

@skywalke34 skywalke34 commented Feb 25, 2026

Description

New parser for IriusRisk threat model CSV exports. IriusRisk is a threat
modeling and risk management platform. The parser:

  • Parses CSV exports from IriusRisk threat model views
  • Maps all 14 CSV fields to DefectDojo Finding fields
  • Maps IriusRisk risk levels (Critical/High/Medium/Low/Very low) to
    DefectDojo severity levels
  • Extracts CWE numbers from MITRE references when present
  • Generates SHA-256 unique IDs for deduplication across reimports
  • Sets findings inactive when Current Risk is "Very low" (fully mitigated)

Test results

23 unit tests covering:

  • Empty file, single finding, and multiple findings parsing
  • All 5 severity levels (Critical, High, Medium, Low, Info)
  • Title truncation, component name extraction, description construction
  • Mitigation field mapping, active/inactive status logic
  • Unique ID generation and consistency
  • CWE extraction from MITRE references
  • STRIDE-LM and owner field handling

Documentation

Parser documentation at docs/content/supported_tools/parsers/file/iriusrisk.md
with export instructions, complete field mapping table, severity mapping, and
special processing notes.

Checklist

  • Rebased against the very latest dev
  • Submitted against dev branch
  • Meaningful PR name
  • Code is flake8/ruff compliant
  • Code is Python 3.13 compliant
  • Documentation included
  • No model changes, no migrations needed
  • Unit tests included (23 tests)
  • Label: Import Scans

Authored by T. Walker - DefectDojo

@skywalke34
test: add IriusRisk parser sample scan files
8bf84b9 
Authored by T. Walker - DefectDojo
@skywalke34
feat: add IriusRisk parser stub for auto-discovery
ba1e086 
Authored by T. Walker - DefectDojo
@skywalke34
test: add IriusRisk parser unit tests (failing, TDD)
5ee94af 
Authored by T. Walker - DefectDojo
@skywalke34
feat: implement IriusRisk CSV threat parser
f275535 
Authored by T. Walker - DefectDojo
@skywalke34
docs: add IriusRisk parser documentation
c5143eb 
Authored by T. Walker - DefectDojo
@skywalke34
fix: address gap analysis findings for IriusRisk parser
82fbe14 
- Update test CSVs from 12 to 14 columns (add MITRE reference, STRIDE-LM)
- Parse MITRE reference: CWE-NNN extracts to cwe field, other values to references
- Include STRIDE-LM in description when populated
- Add Critical to severity mapping
- Change static_finding to False per connector spec
- Update documentation to reflect all changes
- Add tests for CWE extraction, references, STRIDE-LM, and Critical severity

Authored by T. Walker - DefectDojo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

docs parser unittests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skywalke34