Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing openvas parser and including script_id for openvas and nmap #11454

Open
wants to merge 1 commit into
base: bugfix
Choose a base branch
from

Conversation

LeoOMaia
Copy link

im including the script_id from tool to consider in the parser of nmapandopenvas` fixing a problem of get the id from openvas parser who get the id by the param of the tag.

Copy link

DryRun Security Summary

The pull request improves the parsing and representation of security findings from OpenVAS and Nmap by enhancing data extraction, adding more descriptive details, and ensuring proper handling of script IDs and vulnerability information.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the parsing and representation of security findings from two different security tools: OpenVAS and Nmap.

The changes to the OpenVASXMLParser class enhance the data extracted from the OpenVAS XML report and the way it is presented in the Finding object. This includes the addition of the script ID, more descriptive finding titles, and more detailed descriptions. These improvements provide security analysts with better context and information to aid in the remediation process.

The changes to the NmapParser class focus on ensuring the proper handling of the script_id variable and storing it in the Finding object. While these changes do not introduce any obvious security vulnerabilities, it is important to consider the secure handling of Nmap XML input, the sanitization of script output, the normalization of vulnerability IDs, and the accuracy of severity calculations to maintain a robust and secure application.

Files Changed:

  1. dojo/tools/openvas/xml_parser.py:

    • Adds the script ID (oid) to the vuln_id_from_tool field of the Finding object.
    • Improves the formatting of the finding titles to include host and port information.
    • Enhances the finding descriptions with additional details, such as the NVT script ID and the quality of detection (QOD) value.
  2. dojo/tools/nmap/parser.py:

    • Ensures the script_id variable is always defined before checking for the presence of a script element in the Nmap XML.
    • Stores the script_id value in the vuln_id_from_tool field of the Finding object.
    • Highlights the importance of secure XML parsing, sanitization of script output, normalization of vulnerability IDs, and accurate severity calculation to maintain the overall security of the application.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant