🐛 fix

dojo/tools/openvas/csv_parser.py

@@ -78,11 +78,13 @@ def __init__(self):
         super(CveColumnMappingStrategy, self).__init__()
 
     def map_column_value(self, finding, column_value):
-        if "," in column_value:
-            finding.description += "\n**All CVEs:** " + str(column_value)
-            finding.unsaved_vulnerability_ids.append(column_value.split(",")[0])
-        elif column_value is not None:
-            finding.unsaved_vulnerability_ids.append(column_value)
+        if column_value != "":
+            if "," in column_value:
+                finding.description += "\n**All CVEs:** " + str(column_value)
+                for value in column_value.split(","):
+                    finding.unsaved_vulnerability_ids.append(value)
+            else:
+                finding.unsaved_vulnerability_ids.append(column_value)
 
 
 class NVDCVEColumnMappingStrategy(ColumnMappingStrategy):
@@ -92,9 +94,9 @@ def __init__(self):
 
     def map_column_value(self, finding, column_value):
         cve_pattern = r'CVE-\d{4}-\d{4,7}'
-        cve = re.findall(cve_pattern, column_value)
-        if cve:
-            finding.unsaved_vulnerability_ids.append(column_value)
+        cves = re.findall(cve_pattern, column_value)
+        for cve in cves:
+            finding.unsaved_vulnerability_ids.append(cve)
 
 
 class ProtocolColumnMappingStrategy(ColumnMappingStrategy):

unittests/tools/test_openvas_parser.py

@@ -80,7 +80,7 @@ def test_openvas_csv_report_usingOpenVAS(self):
             finding = findings[2]
             self.assertEqual("Apache HTTP Server Detection Consolidation", finding.title)
             self.assertEqual("Info", finding.severity)
-            self.assertEqual(finding.unsaved_vulnerability_ids[0], "")
+            self.assertEqual(finding.unsaved_vulnerability_ids, list())
 
     def test_openvas_xml_no_vuln(self):
         with open("unittests/scans/openvas/no_vuln.xml") as f: