Skip to content

Commit

Permalink
🐛 Fix Defender broken Endpoint #11217 (#11212)
Browse files Browse the repository at this point in the history 
* 🐛 fix MSDefender computerDNSName to match modelregex

* 🐛 fix DefendercomputerDNSName is mostly a userinfo

* ruff

* fix according to review

* add unittest
  • Loading branch information
@manuel-sommer
manuel-sommer authored Nov 11, 2024
1 parent ca96f34 commit e365c49
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 1 deletion.
2 changes: 1 addition & 1 deletion dojo/tools/ms_defender/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ def process_zip(self, vulnerability, machine):
self.findings.append(finding)
finding.unsaved_endpoints = []
if machine["computerDnsName"] is not None:
finding.unsaved_endpoints.append(Endpoint(host=str(machine["computerDnsName"])))
finding.unsaved_endpoints.append(Endpoint(host=str(machine["computerDnsName"]).replace(" ", "").replace("(", "_").replace(")", "_")))
if machine["lastIpAddress"] is not None:
finding.unsaved_endpoints.append(Endpoint(host=str(machine["lastIpAddress"])))
if machine["lastExternalIpAddress"] is not None:
Expand Down
Binary file added unittests/scans/ms_defender/issue_11217.zip
View file
Binary file not shown.
12 changes: 12 additions & 0 deletions unittests/tools/test_ms_defender_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,15 @@ def test_parser_defender_multiple_files_zip(self):
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertEqual("1.1.1.1", finding.unsaved_endpoints[0].host)

def test_parser_defender_issue_11217(self):
testfile = open("unittests/scans/ms_defender/issue_11217.zip", encoding="utf-8")
parser = MSDefenderParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(1, len(findings))
finding = findings[0]
self.assertEqual("Medium", finding.severity)
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertEqual("Max_Mustermann_iPadAir_17zoll__2ndgeneration_", finding.unsaved_endpoints[0].host)

0 comments on commit e365c49

Please sign in to comment.