Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing openvas parser and including script_id for openvas and nmap #11454

Merged
merged 3 commits into from
Jan 23, 2025
Merged

Fixing openvas parser and including script_id for openvas and nmap #11454

merged 3 commits into from
Jan 23, 2025

Conversation

LeoOMaia
Copy link
Contributor

@LeoOMaia LeoOMaia commented Dec 22, 2024
edited
Loading

i'm including the script_id from tool to consider in the parser of nmap and openvas fixing a problem of get the id from openvas parser who get the id by the param of the tag.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Dec 22, 2024
edited
Loading

DryRun Security Summary

The pull request enhances the OpenVAS and Nmap parsers in the Dojo application security platform by adding new attributes to improve vulnerability data traceability, correlation, and reporting.

Expand for full summary

Summary:

The code changes in this pull request focus on enhancing the functionality of the OpenVAS and Nmap parsers within the Dojo application security platform. These changes improve the traceability and usability of the vulnerability data extracted from the respective security tool reports.

For the OpenVAS XML parser, the key change is the addition of the vuln_id_from_tool attribute in the Finding object, which stores the NVT (Network Vulnerability Test) ID or OID (Object Identifier) from the XML report. This allows for better correlation and mapping of the identified vulnerabilities, improved vulnerability tracking, and more detailed reporting and analysis.

The Nmap parser changes include the addition of a script_id variable to capture the script ID associated with the port element, and the proper handling of the "vulners" script output to extract vulnerability details like CVE ID and CVSS score. These enhancements ensure comprehensive vulnerability reporting, effective deduplication of findings, and improved CVSS score normalization within the Dojo platform.

Overall, these code changes demonstrate a well-designed approach to parsing and processing security tool reports, with a focus on enhancing the application security functionality and providing security teams with more accurate and actionable vulnerability data.

Files Changed:

  1. dojo/tools/openvas/xml_parser.py:

    • Added a new variable script_id to store the NVT (Network Vulnerability Test) ID or OID (Object Identifier) from the XML report.
    • The script_id is then added to the Finding object as the vuln_id_from_tool attribute.
    • This change improves the traceability and mapping of the identified vulnerabilities, enabling better correlation, vulnerability tracking, and reporting.

  2. dojo/tools/nmap/parser.py:

    • Added a new variable script_id to capture the script ID associated with the port element.
    • The script_id is then added to the vuln_id_from_tool field of the Finding object.
    • The code already had a mechanism to handle the "vulners" script output, which extracts vulnerability information like CVE ID and CVSS score, and this change ensures that these details are properly captured in the Finding object.
    • These enhancements improve the comprehensive vulnerability reporting, effective deduplication of findings, and CVSS score normalization within the Dojo platform.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@LeoOMaia LeoOMaia mentioned this pull request Dec 22, 2024
Closed
cunha
cunha suggested changes Dec 23, 2024
View reviewed changes
Copy link

@cunha cunha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Suggestions:

  • Check whether we should print finding.text when tag == "nvt"
  • Move the test=test bugfix to a separate PR

dojo/tools/openvas/xml_parser.py Outdated Show resolved Hide resolved
dojo/tools/openvas/xml_parser.py Outdated Show resolved Hide resolved
@LeoOMaia LeoOMaia requested a review from cunha December 23, 2024 20:23
@LeoOMaia LeoOMaia requested a review from Maffooch January 8, 2025 14:03
mtesauro
mtesauro approved these changes Jan 23, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 321d580 into DefectDojo:bugfix Jan 23, 2025
73 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@dogboat dogboat dogboat approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cunha cunha cunha approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@LeoOMaia @grendel513 @cunha @mtesauro @dogboat @Maffooch