🐛 fix nessus severity (DefectDojo#9549)

* 🐛 fix nessus severity * add unittest * flake8
quirinziessler · Feb 21, 2024 · afd0bcc · afd0bcc
1 parent 64966f2
commit afd0bcc
Show file tree

Hide file tree

Showing 3 changed files with 7,740 additions and 1 deletion.
diff --git a/dojo/tools/tenable/xml_format.py b/dojo/tools/tenable/xml_format.py
@@ -27,6 +27,21 @@ def get_text_severity(self, severity_id):
             severity = "Info"
         return severity
 
+    def get_cvss_severity(self, cvss_score):
+        """Convert data of the report into severity"""
+        severity = "Info"
+        if float(cvss_score) >= 9.0:
+            severity = "Critical"
+        elif float(cvss_score) >= 7.0:
+            severity = "High"
+        elif float(cvss_score) >= 5.0:
+            severity = "Medium"
+        elif float(cvss_score) > 0.0:
+            severity = "Low"
+        else:
+            severity = "Info"
+        return severity
+
     def safely_get_element_text(self, element):
         if element is None:
             return None
@@ -203,6 +218,10 @@ def get_findings(self, filename: str, test: Test) -> list:
                     if cvssv3_score_element_text is not None:
                         cvssv3_score = cvssv3_score_element_text
 
+                    cvss = self.safely_get_element_text(item.find("cvss3_base_score"))
+                    if cvss is not None:
+                        severity = self.get_cvss_severity(cvss)
+
                     # Determine the current entry has already been parsed in
                     # this report
                     dupe_key = severity + title

diff --git a/unittests/scans/tenable/nessus/issue_6992.nessus b/unittests/scans/tenable/nessus/issue_6992.nessus
diff --git a/unittests/tools/test_tenable_parser.py b/unittests/tools/test_tenable_parser.py
@@ -53,7 +53,6 @@ def test_parse_some_findings_csv_nessus_legacy(self):
         self.assertEqual("CVE-2004-2761", finding.unsaved_vulnerability_ids[0])
         # this vuln have 'CVE-2013-2566,CVE-2015-2808' as CVE
         finding = findings[3]
-        print(f"finding.unsaved_vulnerability_ids: {finding.unsaved_vulnerability_ids} - {type(finding.unsaved_vulnerability_ids)} - {type(finding.unsaved_vulnerability_ids[0])}")
         self.assertEqual(2, len(finding.unsaved_vulnerability_ids))
         self.assertEqual("CVE-2013-2566", finding.unsaved_vulnerability_ids[0])
         self.assertEqual("CVE-2015-2808", finding.unsaved_vulnerability_ids[1])
@@ -268,3 +267,13 @@ def test_parse_many_tenable_vulns(self):
         self.assertEqual(1, len(finding.unsaved_vulnerability_ids))
         for vulnerability_id in finding.unsaved_vulnerability_ids:
             self.assertEqual('CVE-2023-32233', vulnerability_id)
+
+    def test_parse_issue_6992(self):
+        testfile = open("unittests/scans/tenable/nessus/issue_6992.nessus")
+        parser = TenableParser()
+        findings = parser.get_findings(testfile, self.create_test())
+        for finding in findings:
+            for endpoint in finding.unsaved_endpoints:
+                endpoint.clean()
+        self.assertEqual(1, len(findings))
+        self.assertEqual("High", findings[0].severity)