From 094c350a78b8bf2f8f1955cb023c7684abcaf7a7 Mon Sep 17 00:00:00 2001 From: Valentijn Scholten Date: Tue, 17 Dec 2024 12:54:18 +0100 Subject: [PATCH] RustyHog: improve description and file_path --- dojo/tools/rusty_hog/parser.py | 26 ++++++++++++++++-------- unittests/tools/test_rusty_hog_parser.py | 3 +++ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/dojo/tools/rusty_hog/parser.py b/dojo/tools/rusty_hog/parser.py index a4582106f0d..2faced43ee8 100644 --- a/dojo/tools/rusty_hog/parser.py +++ b/dojo/tools/rusty_hog/parser.py @@ -76,12 +76,17 @@ def __getitem(self, vulnerabilities, scanner): found_secret_string = "" cwe = 200 for vulnerability in vulnerabilities: + description = "" + if vulnerability.get("reason") is not None: + description += "\n**Reason:** {}".format( + vulnerability.get("reason"), + ) if scanner == "Rusty Hog": break if scanner == "Choctaw Hog": """Choctaw Hog""" - found_secret_string = vulnerability.get("stringsFound") - description = f"**This string was found:** {found_secret_string}" + found_secret_string = str(vulnerability.get("stringsFound") or "") + description += f"**This string was found:** {found_secret_string}" if vulnerability.get("commit") is not None: description += "\n**Commit message:** {}".format( vulnerability.get("commit"), @@ -116,8 +121,8 @@ def __getitem(self, vulnerabilities, scanner): ) elif scanner == "Duroc Hog": """Duroc Hog""" - found_secret_string = vulnerability.get("stringsFound") - description = f"**This string was found:** {found_secret_string}" + found_secret_string = str(vulnerability.get("stringsFound") or "") + description += f"**This string was found:** {found_secret_string}" if vulnerability.get("path") is not None: description += "\n**Path of Issue:** {}".format( vulnerability.get("path"), @@ -132,8 +137,8 @@ def __getitem(self, vulnerabilities, scanner): ) elif scanner == "Gottingen Hog": """Gottingen Hog""" - found_secret_string = vulnerability.get("stringsFound") - description = f"**This string was found:** {found_secret_string}" + found_secret_string = str(vulnerability.get("stringsFound") or "") + description += f"**This string was found:** {found_secret_string}" if vulnerability.get("issue_id") is not None: description += "\n**JIRA Issue ID:** {}".format( vulnerability.get("issue_id"), @@ -147,8 +152,8 @@ def __getitem(self, vulnerabilities, scanner): vulnerability.get("url"), vulnerability.get("url"), ) elif scanner == "Essex Hog": - found_secret_string = vulnerability.get("stringsFound") - description = f"**This string was found:** {found_secret_string}" + found_secret_string = str(vulnerability.get("stringsFound") or "") + description += f"**This string was found:** {found_secret_string}" if vulnerability.get("page_id") is not None: description += "\n**Confluence URL:** [{}]({})".format( vulnerability.get("url"), vulnerability.get("url"), @@ -179,10 +184,15 @@ def __getitem(self, vulnerabilities, scanner): vulnerability.get("issue_id"), vulnerability.get("location"), ) + if not file_path: + file_path = vulnerability.get("url") elif scanner == "Essex Hog": title = "{} found in Confluence Page ID {}".format( vulnerability.get("reason"), vulnerability.get("page_id"), ) + if not file_path: + file_path = vulnerability.get("url") + # create the finding object finding = Finding( title=title, diff --git a/unittests/tools/test_rusty_hog_parser.py b/unittests/tools/test_rusty_hog_parser.py index 3d7df04ea0f..ff2420d00ed 100644 --- a/unittests/tools/test_rusty_hog_parser.py +++ b/unittests/tools/test_rusty_hog_parser.py @@ -110,6 +110,9 @@ def test_parse_file_with_multiple_vuln_has_multiple_finding_essexhog(self): parser = RustyhogParser() findings = parser.get_items(testfile, "Essex Hog", Test()) self.assertEqual(3, len(findings)) + self.assertEqual("https://confluence.com/pages/viewpage.action?pageId=12345", findings[0].file_path) + self.assertEqual("['-----BEGIN EC PRIVATE KEY-----']", findings[0].payload) + self.assertEqual("**Reason:** SSH (EC) private key", findings[0].description[:32]) def test_parse_file_with_multiple_vuln_has_multiple_finding_essexhog_content(self): with open("unittests/scans/rusty_hog/essexhog_many_vulns.json", encoding="utf-8") as testfile: