diff --git a/dojo/tools/openvas/csv_parser.py b/dojo/tools/openvas/csv_parser.py index 02118633175..1d2eb4428a2 100644 --- a/dojo/tools/openvas/csv_parser.py +++ b/dojo/tools/openvas/csv_parser.py @@ -78,11 +78,13 @@ def __init__(self): super(CveColumnMappingStrategy, self).__init__() def map_column_value(self, finding, column_value): - if "," in column_value: - finding.description += "\n**All CVEs:** " + str(column_value) - finding.unsaved_vulnerability_ids.append(column_value.split(",")[0]) - elif column_value is not None: - finding.unsaved_vulnerability_ids.append(column_value) + if column_value != "": + if "," in column_value: + finding.description += "\n**All CVEs:** " + str(column_value) + for value in column_value.split(","): + finding.unsaved_vulnerability_ids.append(value) + else: + finding.unsaved_vulnerability_ids.append(column_value) class NVDCVEColumnMappingStrategy(ColumnMappingStrategy): @@ -92,9 +94,9 @@ def __init__(self): def map_column_value(self, finding, column_value): cve_pattern = r'CVE-\d{4}-\d{4,7}' - cve = re.findall(cve_pattern, column_value) - if cve: - finding.unsaved_vulnerability_ids.append(column_value) + cves = re.findall(cve_pattern, column_value) + for cve in cves: + finding.unsaved_vulnerability_ids.append(cve) class ProtocolColumnMappingStrategy(ColumnMappingStrategy): diff --git a/unittests/tools/test_openvas_parser.py b/unittests/tools/test_openvas_parser.py index db5abd98bd6..f31b6e7727b 100644 --- a/unittests/tools/test_openvas_parser.py +++ b/unittests/tools/test_openvas_parser.py @@ -80,7 +80,7 @@ def test_openvas_csv_report_usingOpenVAS(self): finding = findings[2] self.assertEqual("Apache HTTP Server Detection Consolidation", finding.title) self.assertEqual("Info", finding.severity) - self.assertEqual(finding.unsaved_vulnerability_ids[0], "") + self.assertEqual(finding.unsaved_vulnerability_ids, list()) def test_openvas_xml_no_vuln(self): with open("unittests/scans/openvas/no_vuln.xml") as f: