-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* 🎉 add openvasxml parser #8761 * flake8 * prepare unittests * 🎉 added unittests * more unittests * Bump coverage from 7.3.1 to 7.3.2 (#8782) Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.1 to 7.3.2. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.3.1...7.3.2) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump boto3 from 1.28.57 to 1.28.58 (#8780) Bumps [boto3](https://github.com/boto/boto3) from 1.28.57 to 1.28.58. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.28.57...1.28.58) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump psycopg2-binary from 2.9.8 to 2.9.9 (#8792) Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.9.8 to 2.9.9. - [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS) - [Commits](psycopg/psycopg2@2.9.8...2.9.9) --- updated-dependencies: - dependency-name: psycopg2-binary dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump boto3 from 1.28.58 to 1.28.59 (#8791) Bumps [boto3](https://github.com/boto/boto3) from 1.28.58 to 1.28.59. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.28.58...1.28.59) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update redis:7.2.1-alpine Docker digest from 7.2.1 to 7.2.1-alpine (docker-compose.yml) (#8790) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Browser tests should use the latest Chrome stable release (#8783) * Browser tests should use the latest Chrome stable release * Add dependencies for chrome binary and added to path * Don't try to add chrome to path * Added script to find chrome dependencies * Correct var name and added missing && * Hard code location of chrome binary * Remove unused import * Removed -j from unzipping of chrome binary * Giving credit to parts of the solution * Update styfle/cancel-workflow-action action from 0.11.0 to v0.12.0 (.github/workflows/cancel-outdated-workflow-runs.yml) (#8784) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * 🐛 fix unittest * revert commits * 🐛 fix unittest * removed print --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daryl Walleck <[email protected]>
- Loading branch information
4 people
authored
Oct 16, 2023
1 parent
55b193e
commit cebde8d
Showing
7 changed files
with
664 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| title: "OpenVAS XML" | ||
| toc_hide: true | ||
| --- | ||
| Import Greenbone OpenVAS Scan in XML format. Export as XML Results on OpenVAS. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| __author__ = "manuel_sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| from xml.dom import NamespaceErr | ||
| from defusedxml import ElementTree as ET | ||
| from dojo.models import Finding | ||
|
|
||
|
|
||
| class OpenVASXMLParser(object): | ||
| def get_scan_types(self): | ||
| return ["OpenVAS XML"] | ||
|
|
||
| def get_label_for_scan_types(self, scan_type): | ||
| return scan_type # no custom label for now | ||
|
|
||
| def get_description_for_scan_types(self, scan_type): | ||
| return "Import XML output of Greenbone OpenVAS XML report." | ||
|
|
||
| def convert_cvss_score(self, raw_value): | ||
| val = float(raw_value) | ||
| if val == 0.0: | ||
| return "Info" | ||
| elif val < 4.0: | ||
| return "Low" | ||
| elif val < 7.0: | ||
| return "Medium" | ||
| elif val < 9.0: | ||
| return "High" | ||
| else: | ||
| return "Critical" | ||
|
|
||
| def get_findings(self, file, test): | ||
| findings = [] | ||
| tree = ET.parse(file) | ||
| root = tree.getroot() | ||
| if "report" not in root.tag: | ||
| raise NamespaceErr( | ||
| "This doesn't seem to be a valid Greenbone OpenVAS xml file." | ||
| ) | ||
| report = root.find("report") | ||
| results = report.find("results") | ||
| for result in results: | ||
| for finding in result: | ||
| if finding.tag == "name": | ||
| title = finding.text | ||
| description = [f"**Name**: {finding.text}"] | ||
| if finding.tag == "host": | ||
| title = title + "_" + finding.text | ||
| description.append(f"**Host**: {finding.text}") | ||
| if finding.tag == "port": | ||
| title = title + "_" + finding.text | ||
| description.append(f"**Port**: {finding.text}") | ||
| if finding.tag == "nvt": | ||
| description.append(f"**NVT**: {finding.text}") | ||
| if finding.tag == "severity": | ||
| severity = self.convert_cvss_score(finding.text) | ||
| description.append(f"**Severity**: {finding.text}") | ||
| if finding.tag == "qod": | ||
| description.append(f"**QOD**: {finding.text}") | ||
| if finding.tag == "description": | ||
| description.append(f"**Description**: {finding.text}") | ||
|
|
||
| finding = Finding( | ||
| title=str(title), | ||
| description="\n".join(description), | ||
| severity=severity, | ||
| dynamic_finding=True, | ||
| static_finding=False | ||
| ) | ||
| findings.append(finding) | ||
| return findings |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| <report id="0615f30d-1f0c-4a17-bb0d-5a1015b93299" extension="xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5" content_type="text/xml"><owner><name>gps</name></owner><name>HP-scan</name><comment></comment><creation_time>2023-10-04T21:34:09.251181Z</creation_time><modification_time></modification_time><writable>0</writable><in_use>0</in_use><task id="ad0a2b65-c4b7-46ff-91df-a976b20c83c1"><name>HP-scan</name></task><report_format id="5a761305-5f42-4a37-8eaf-af8eb27df575"><name>XML</name></report_format><report id="b44c0ad2-2d97-4e07-afe5-51c5b8f3cbbe"><gmp><version>9.0</version></gmp><sort><field><order>descending</order>severity</field></sort><filters id="0"><term>apply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1</term><keywords/></filters><severity_class id="d4c74cda-89e1-11e3-9c29-406186ea4fc5"><name>nist</name><full_name>NVD Vulnerability Severity Ratings</full_name><severity_range><name>None</name><min>0.0</min><max>0.0</max></severity_range><severity_range><name>Low</name><min>0.1</min><max>3.9</max></severity_range><severity_range><name>Medium</name><min>4.0</min><max>6.9</max></severity_range><severity_range><name>High</name><min>7.0</min><max>10.0</max></severity_range></severity_class><scan_run_status>Done</scan_run_status><hosts><count>0</count></hosts><closed_cves><count>0</count></closed_cves><vulns><count>0</count></vulns><os><count>0</count></os><apps><count>0</count></apps><ssl_certs><count>0</count></ssl_certs><task id="e8e09f0b-ee94-42e9-b092-d62d2a0dc06d"><name>HP-scan</name><comment></comment><target id="d3f3f144-fa94-4f3d-84ce-4a72129f778a"><trash>0</trash><name>Target</name><comment></comment></target><progress>100.0</progress></task><scan><task><slave id=""><name></name><host></host><port>0</port></slave><preferences><preference><name>Network Source Interface</name><value/><scanner_name>source_iface</scanner_name></preference></preferences></task></scan><timestamp>2023-09-25T10:46:09Z</timestamp><scan_start>2023-09-25T10:46:09Z</scan_start><timezone>Coordinated Universal Time</timezone><timezone_abbrev>UTC</timezone_abbrev><ports max="-1" start="1"><count>0</count></ports><results start="1" max="-1"/><result_count>0<full>0</full><filtered>0</filtered><debug><full>0</full><filtered>0</filtered></debug><hole><full>0</full><filtered>0</filtered></hole><info><full>0</full><filtered>0</filtered></info><log><full>0</full><filtered>0</filtered></log><warning><full>0</full><filtered>0</filtered></warning><false_positive><full>0</full><filtered>0</filtered></false_positive></result_count><severity><full>0</full><filtered>0</filtered></severity><errors/><scan_end>2023-09-25T10:54:26Z</scan_end><report_format></report_format></report></report> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| <report id="0b63ae21-1a37-474a-b436-2f6561d36990" extension="xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5" content_type="text/xml"><owner><name>gps</name></owner><name>dc01-testlab-scan</name><comment></comment><creation_time>2023-10-04T21:40:07.211438Z</creation_time><modification_time></modification_time><writable>0</writable><in_use>0</in_use><task id="15a4590b-8163-4b6b-91c0-86cf351320f9"><name>dc01-testlab-scan</name></task><report_format id="27915b4c-2514-4a86-a4d9-f917a824a77d"><name>XML</name></report_format><report id="27748e67-fa00-462d-8a05-8479a07988a0"><gmp><version>9.0</version></gmp><sort><field><order>descending</order>severity</field></sort><filters id="0"><term>apply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1</term><keywords/></filters><severity_class id="d4c74cda-89e1-11e3-9c29-406186ea4fc5"><name>nist</name><full_name>NVD Vulnerability Severity Ratings</full_name><severity_range><name>None</name><min>0.0</min><max>0.0</max></severity_range><severity_range><name>Low</name><min>0.1</min><max>3.9</max></severity_range><severity_range><name>Medium</name><min>4.0</min><max>6.9</max></severity_range><severity_range><name>High</name><min>7.0</min><max>10.0</max></severity_range></severity_class><scan_run_status>Done</scan_run_status><hosts><count>1</count></hosts><closed_cves><count>0</count></closed_cves><vulns><count>1</count></vulns><os><count>0</count></os><apps><count>0</count></apps><ssl_certs><count>0</count></ssl_certs><task id="37b2f52d-0105-45d0-9b1a-dec124b05deb"><name>dc01-testlab-scan</name><comment></comment><target id="889b953c-3ca7-490e-ba89-d49448106e18"><trash>0</trash><name>Target</name><comment></comment></target><progress>100.0</progress></task><scan><task><slave id=""><name></name><host></host><port>0</port></slave><preferences><preference><name>Network Source Interface</name><value/><scanner_name>source_iface</scanner_name></preference></preferences></task></scan><timestamp>2023-09-28T14:48:02Z</timestamp><scan_start>2023-09-28T14:48:02Z</scan_start><timezone>Coordinated Universal Time</timezone><timezone_abbrev>UTC</timezone_abbrev><ports max="-1" start="1"><count>1</count><port>general/tcp<host>10.0.101.2</host><severity>10.0</severity><threat>High</threat></port></ports><results start="1" max="-1"><result id="b87d3a32-8ff8-4010-aada-4b4f578b084d"><name>Mozilla Firefox Security Update (mfsa_2023-32_2023-36) - Windows</name><owner><name>gps</name></owner><modification_time></modification_time><creation_time>2023-10-04T21:40:07.211472Z</creation_time><host>10.0.101.2<asset/><hostname></hostname></host><port>general/tcp</port><nvt oid="1.3.6.1.4.1.25623.1.0.832260"><type>nvt</type><name>Mozilla Firefox Security Update (mfsa_2023-32_2023-36) - Windows</name><family>General</family><cvss_base>10.0</cvss_base><tags>summary=Mozilla Firefox is prone to multiple vulnerabilities.|insight=Multiple flaws exist due to, | ||
|
|
||
| - Memory corruption in IPC CanvasTranslator. | ||
|
|
||
| - Memory corruption in IPC ColorPickerShownCallback. | ||
|
|
||
| - Memory corruption in IPC FilePickerShownCallback. | ||
|
|
||
| - Integer Overflow in RecordedSourceSurfaceCreation. | ||
|
|
||
| - Memory corruption in JIT UpdateRegExpStatics. | ||
|
|
||
| - Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception. | ||
|
|
||
| - Persisted search terms were formatted as URLs. | ||
|
|
||
| - Push notifications saved to disk unencrypted. | ||
|
|
||
| - XLL file extensions were downloadable without warnings. | ||
|
|
||
| - Browsing Context potentially not cleared when closing Private Window. | ||
|
|
||
| - Memory safety bugs.|qodType=registry|solution=Upgrade to version 117 or later, | ||
| Please see the references for more information.|solution_type=VendorFix|impact=Successful exploitation will allow | ||
| attackers to run arbitrary code, cause denial of service and disclose | ||
| sensitive information on affected systems.|affected=Mozilla Firefox version before | ||
| 117 on Windows.</tags><refs><ref id="CVE-2023-4573" type="cve"/><ref id="CVE-2023-4574" type="cve"/><ref id="CVE-2023-4575" type="cve"/><ref id="CVE-2023-4576" type="cve"/><ref id="CVE-2023-4577" type="cve"/><ref id="CVE-2023-4578" type="cve"/><ref id="CVE-2023-4579" type="cve"/><ref id="CVE-2023-4580" type="cve"/><ref id="CVE-2023-4581" type="cve"/><ref id="CVE-2023-4585" type="cve"/><ref id="CVE-2023-4583" type="cve"/><ref id="CVE-2023-4584" type="cve"/><ref id="https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/" type="url"/></refs></nvt><scan_nvt_version></scan_nvt_version><threat>High</threat><severity>10.0</severity><qod><value>97</value><type>registry</type></qod><description>Installed version: 116.0.3 | ||
| Fixed version: 117 | ||
| Installation | ||
| path / port: C:\Program Files\Mozilla Firefox | ||
|
|
||
| </description><original_threat>High</original_threat><original_severity>5</original_severity></result> | ||
|
|
||
| </results><result_count>0<full>0</full><filtered>0</filtered><debug><full>0</full><filtered>0</filtered></debug><hole><full>0</full><filtered>0</filtered></hole><info><full>0</full><filtered>0</filtered></info><log><full>0</full><filtered>0</filtered></log><warning><full>0</full><filtered>0</filtered></warning><false_positive><full>0</full><filtered>0</filtered></false_positive></result_count><severity><full>0</full><filtered>0</filtered></severity><host><ip>10.0.101.2</ip><asset asset_id=""/><start>2023-09-28T14:48:02Z</start><end>2023-09-28T16:12:15Z</end><port_count><page>1</page></port_count><result_count><page>1</page><hole><page>0</page></hole><warning><page>0</page></warning><info><page>0</page></info><log><page>0</page></log><false_positive><page>0</page></false_positive></result_count><detail/></host><errors/><scan_end>2023-09-28T16:12:15Z</scan_end><report_format></report_format></report></report> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| from ..dojo_test_case import DojoTestCase | ||
| from dojo.tools.openvas_xml.parser import OpenVASXMLParser | ||
| from dojo.models import Test, Engagement, Product | ||
|
|
||
|
|
||
| class TestOpenVASUploadXMLParser(DojoTestCase): | ||
|
|
||
| def test_openvas_xml_no_vuln(self): | ||
| with open("unittests/scans/openvas_xml/no_vuln.xml") as f: | ||
| test = Test() | ||
| test.engagement = Engagement() | ||
| test.engagement.product = Product() | ||
| parser = OpenVASXMLParser() | ||
| findings = parser.get_findings(f, test) | ||
| self.assertEqual(0, len(findings)) | ||
|
|
||
| def test_openvas_xml_one_vuln(self): | ||
| with open("unittests/scans/openvas_xml/one_vuln.xml") as f: | ||
| test = Test() | ||
| test.engagement = Engagement() | ||
| test.engagement.product = Product() | ||
| parser = OpenVASXMLParser() | ||
| findings = parser.get_findings(f, test) | ||
| for finding in findings: | ||
| for endpoint in finding.unsaved_endpoints: | ||
| endpoint.clean() | ||
| self.assertEqual(1, len(findings)) | ||
| with self.subTest(i=0): | ||
| finding = findings[0] | ||
| self.assertEqual("Mozilla Firefox Security Update (mfsa_2023-32_2023-36) - Windows_10.0.101.2_general/tcp", finding.title) | ||
| self.assertEqual("Critical", finding.severity) | ||
|
|
||
| def test_openvas_xml_many_vuln(self): | ||
| with open("unittests/scans/openvas_xml/many_vuln.xml") as f: | ||
| test = Test() | ||
| test.engagement = Engagement() | ||
| test.engagement.product = Product() | ||
| parser = OpenVASXMLParser() | ||
| findings = parser.get_findings(f, test) | ||
| for finding in findings: | ||
| for endpoint in finding.unsaved_endpoints: | ||
| endpoint.clean() | ||
| self.assertEqual(44, len(findings)) |