From d2212e941dd678c2fe52596f9432b323a2abdcec Mon Sep 17 00:00:00 2001 From: Leonardo de Oliveira Maia <101437950+LeoOMaia@users.noreply.github.com> Date: Sat, 21 Dec 2024 21:41:45 -0300 Subject: [PATCH 1/2] fixing openvas parser and including script_id for openvas and nmap --- dojo/tools/nmap/parser.py | 2 ++ dojo/tools/openvas/xml_parser.py | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/dojo/tools/nmap/parser.py b/dojo/tools/nmap/parser.py index 27e505cfa12..70ed4691d78 100644 --- a/dojo/tools/nmap/parser.py +++ b/dojo/tools/nmap/parser.py @@ -96,6 +96,7 @@ def get_findings(self, file, test): "**Extra Info:** {}\n".format(port_element.find("service").attrib["extrainfo"]) ) description += service_info + script_id = None if script := port_element.find("script"): if script_id := script.attrib.get("id"): description += f"**Script ID:** {script_id}\n" @@ -126,6 +127,7 @@ def get_findings(self, file, test): severity=severity, mitigation="N/A", impact="No impact provided", + vuln_id_from_tool=script_id, ) find.unsaved_endpoints = [] dupes[dupe_key] = find diff --git a/dojo/tools/openvas/xml_parser.py b/dojo/tools/openvas/xml_parser.py index 32b7d001ca9..d765de9541f 100644 --- a/dojo/tools/openvas/xml_parser.py +++ b/dojo/tools/openvas/xml_parser.py @@ -16,6 +16,7 @@ def get_findings(self, filename, test): report = root.find("report") results = report.find("results") for result in results: + script_id = None for finding in result: if finding.tag == "name": title = finding.text @@ -27,7 +28,8 @@ def get_findings(self, filename, test): title = title + "_" + finding.text description.append(f"**Port**: {finding.text}") if finding.tag == "nvt": - description.append(f"**NVT**: {finding.text}") + script_id = finding.get("oid") + description.append(f"**NVT**: {script_id}") if finding.tag == "severity": severity = self.convert_cvss_score(finding.text) description.append(f"**Severity**: {finding.text}") @@ -38,10 +40,12 @@ def get_findings(self, filename, test): finding = Finding( title=str(title), + test=test, description="\n".join(description), severity=severity, dynamic_finding=True, static_finding=False, + vuln_id_from_tool=script_id, ) findings.append(finding) return findings From d06163caf5fe22b545305b9c5f975fb7a8ccbd94 Mon Sep 17 00:00:00 2001 From: Leonardo de Oliveira Maia <101437950+LeoOMaia@users.noreply.github.com> Date: Mon, 23 Dec 2024 17:01:45 -0300 Subject: [PATCH 2/2] updating xml openvas parser --- dojo/tools/openvas/xml_parser.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dojo/tools/openvas/xml_parser.py b/dojo/tools/openvas/xml_parser.py index d765de9541f..d5495a20354 100644 --- a/dojo/tools/openvas/xml_parser.py +++ b/dojo/tools/openvas/xml_parser.py @@ -28,8 +28,9 @@ def get_findings(self, filename, test): title = title + "_" + finding.text description.append(f"**Port**: {finding.text}") if finding.tag == "nvt": - script_id = finding.get("oid") - description.append(f"**NVT**: {script_id}") + script_id = finding.get("oid") or finding.text + text = f"{script_id}\n{finding.text}" if finding.get("oid") and finding.text else script_id + description.append(f"**NVT**: {text}") if finding.tag == "severity": severity = self.convert_cvss_score(finding.text) description.append(f"**Severity**: {finding.text}") @@ -40,7 +41,6 @@ def get_findings(self, filename, test): finding = Finding( title=str(title), - test=test, description="\n".join(description), severity=severity, dynamic_finding=True,