diff --git a/dojo/tools/nmap/parser.py b/dojo/tools/nmap/parser.py index 27e505cfa12..70ed4691d78 100644 --- a/dojo/tools/nmap/parser.py +++ b/dojo/tools/nmap/parser.py @@ -96,6 +96,7 @@ def get_findings(self, file, test): "**Extra Info:** {}\n".format(port_element.find("service").attrib["extrainfo"]) ) description += service_info + script_id = None if script := port_element.find("script"): if script_id := script.attrib.get("id"): description += f"**Script ID:** {script_id}\n" @@ -126,6 +127,7 @@ def get_findings(self, file, test): severity=severity, mitigation="N/A", impact="No impact provided", + vuln_id_from_tool=script_id, ) find.unsaved_endpoints = [] dupes[dupe_key] = find diff --git a/dojo/tools/openvas/xml_parser.py b/dojo/tools/openvas/xml_parser.py index 32b7d001ca9..d5495a20354 100644 --- a/dojo/tools/openvas/xml_parser.py +++ b/dojo/tools/openvas/xml_parser.py @@ -16,6 +16,7 @@ def get_findings(self, filename, test): report = root.find("report") results = report.find("results") for result in results: + script_id = None for finding in result: if finding.tag == "name": title = finding.text @@ -27,7 +28,9 @@ def get_findings(self, filename, test): title = title + "_" + finding.text description.append(f"**Port**: {finding.text}") if finding.tag == "nvt": - description.append(f"**NVT**: {finding.text}") + script_id = finding.get("oid") or finding.text + text = f"{script_id}\n{finding.text}" if finding.get("oid") and finding.text else script_id + description.append(f"**NVT**: {text}") if finding.tag == "severity": severity = self.convert_cvss_score(finding.text) description.append(f"**Severity**: {finding.text}") @@ -42,6 +45,7 @@ def get_findings(self, filename, test): severity=severity, dynamic_finding=True, static_finding=False, + vuln_id_from_tool=script_id, ) findings.append(finding) return findings