RustyHog: improve description and file_path

dojo/tools/rusty_hog/parser.py

@@ -76,6 +76,11 @@ def __getitem(self, vulnerabilities, scanner):
         found_secret_string = ""
         cwe = 200
         for vulnerability in vulnerabilities:
+            description =""
+            if vulnerability.get("Reason") is not None:
+                description += "\n**Reason:** {}".format(
+                    vulnerability.get("reason"),
+                )
             if scanner == "Rusty Hog":
                 break
             if scanner == "Choctaw Hog":
@@ -179,10 +184,15 @@ def __getitem(self, vulnerabilities, scanner):
                     vulnerability.get("issue_id"),
                     vulnerability.get("location"),
                 )
+                if not file_path:
+                    file_path = vulnerability.get("url")
             elif scanner == "Essex Hog":
                 title = "{} found in Confluence Page ID {}".format(
                     vulnerability.get("reason"), vulnerability.get("page_id"),
                 )
+                if not file_path:
+                    file_path = vulnerability.get("url")
+
             # create the finding object
             finding = Finding(
                 title=title,

unittests/tools/test_rusty_hog_parser.py

@@ -110,6 +110,9 @@ def test_parse_file_with_multiple_vuln_has_multiple_finding_essexhog(self):
             parser = RustyhogParser()
             findings = parser.get_items(testfile, "Essex Hog", Test())
             self.assertEqual(3, len(findings))
+            self.assertEqual("https://confluence.com/pages/viewpage.action?pageId=12345", findings[0]['file_path'])
+            self.assertEqual("-----BEGIN EC PRIVATE KEY-----", findings[0]['payload'])
+            self.assertEqual("*Reason:**SSH (EC) private key", findings[0]['description'][:30])
 
     def test_parse_file_with_multiple_vuln_has_multiple_finding_essexhog_content(self):
         with open("unittests/scans/rusty_hog/essexhog_many_vulns.json", encoding="utf-8") as testfile: