🎉 implement zora vulnerabilty parser (#13744)

manuel-sommer · web-flow · commit 7e7ecd3927d6 · 2025-11-20T21:18:41.000-06:00
* 🎉 implement zora vulnerabilty parser

* udpate

* update

* update

* fix

* fix
diff --git a/docs/content/supported_tools/parsers/file/zora.md b/docs/content/supported_tools/parsers/file/zora.md
@@ -0,0 +1,9 @@
+
+---
+title: "Zora Parser"
+toc_hide: true
+---
+Zora scan results can be exported from the [Zora platform](https://github.com/undistro/zora)
+
+### Sample Scan Data
+Zora scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/zora).
diff --git a/dojo/tools/zora/__init__.py b/dojo/tools/zora/__init__.py
@@ -0,0 +1 @@
+__author__ = "manuel-sommer"
diff --git a/dojo/tools/zora/parser.py b/dojo/tools/zora/parser.py
@@ -0,0 +1,67 @@
+
+import csv
+import io
+
+from dojo.models import Finding, Test
+
+
+class ZoraParser:
+
+    """Parser for Zora combined CSV export."""
+
+    def get_scan_types(self):
+        return ["Zora Parser"]
+
+    def get_label_for_scan_types(self, scan_type):
+        return "Zora Parser"
+
+    def get_description_for_scan_types(self, scan_type):
+        return "Zora Parser scan results in csv file format."
+
+    def get_findings(self, content, test: Test) -> list[Finding]:
+        findings = []
+        if hasattr(content, "read"):
+            content = content.read()
+        if isinstance(content, bytes):
+            content = content.decode("utf-8")
+        csv_reader = csv.DictReader(io.StringIO(content), delimiter=",", quotechar='"')
+        for row in csv_reader:
+            title = row.get("title")
+            raw_severity = (row.get("severity") or "").strip().lower()
+            severity_map = {
+                "info": "Info",
+                "informational": "Info",
+                "low": "Low",
+                "medium": "Medium",
+                "med": "Medium",
+                "high": "High",
+                "critical": "Critical",
+                "crit": "Critical",
+            }
+            severity = severity_map.get(raw_severity, "Info")
+            description = f"**Source**: {row.get('source')}\n"
+            description += f"**Image**: {row.get('image')}\n"
+            description += f"**ID**: {row.get('id')}\n"
+            description += f"**Details**: {row.get('description')}\n"
+            if row.get("fixVersion"):
+                description += f"**Fix Version**: {row.get('fixVersion')}\n"
+            mitigation = row.get("description", "")
+            unique_id = f"{row.get('source')}-{row.get('image')}-{row.get('id')}"
+            status = row.get("status", "").upper()
+            is_mitigated = status in {"PASS", "OK", "FIXED"}
+            finding = Finding(
+                title=title,
+                description=description,
+                severity=severity,
+                mitigation=mitigation,
+                static_finding=False,
+                dynamic_finding=True,
+                unique_id_from_tool=unique_id,
+                test=test,
+                is_mitigated=is_mitigated,
+            )
+            vuln_id = row.get("id")
+            if vuln_id:
+                finding.unsaved_vulnerability_ids = [vuln_id]
+            findings.append(finding)
+        return findings
diff --git a/unittests/scans/zora/scan_empty.csv b/unittests/scans/zora/scan_empty.csv
@@ -0,0 +1 @@
+source,checkID,title,severity,status,remediation
diff --git a/unittests/scans/zora/scan_many.csv b/unittests/scans/zora/scan_many.csv
diff --git a/unittests/tools/test_zora_parser.py b/unittests/tools/test_zora_parser.py

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+source,checkID,title,severity,status,remediation`