🐛 fix AWSSecurityHub EPSS Score #10956 (#10959)

* 🐛 fix AWSSecurityHub EPSS Score #10956

* fix

* fix

Author: manuel-sommer

dojo/tools/awssecurityhub/inspector.py

@@ -12,7 +12,10 @@ def get_item(self, finding: dict, test):
         impact = []
         references = []
         unsaved_vulnerability_ids = []
-        epss_score = None
+        if finding.get("EpssScore") is not None:
+            epss_score = finding.get("EpssScore")
+        else:
+            epss_score = None
         description = f"This is an Inspector Finding\n{finding.get('Description', '')}" + "\n"
         description += f"**AWS Finding ARN:** {finding_id}\n"
         description += f"**AwsAccountId:** {finding.get('AwsAccountId', '')}\n"

unittests/scans/awssecurityhub/issue_10956.json

@@ -0,0 +1,113 @@
+{
+    "findings": [
+      {
+        "EpssScore": "0.00239",
+        "SchemaVersion": "2018-10-08",
+        "Id": "arn:aws:inspector2:us-east-1:1234567:finding/12344bc",
+        "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
+        "ProductName": "Inspector",
+        "CompanyName": "Amazon",
+        "Region": "us-east-1",
+        "GeneratorId": "AWSInspector",
+        "AwsAccountId": "1234567",
+        "Types": [
+          "Software and Configuration Checks/Vulnerabilities/CVE"
+        ],
+        "FirstObservedAt": "2024-07-30T12:17:32.646Z",
+        "LastObservedAt": "2024-09-18T05:16:44.106Z",
+        "CreatedAt": "2024-07-30T12:17:32.646Z",
+        "UpdatedAt": "2024-09-18T05:16:44.106Z",
+        "Severity": {
+          "Label": "MEDIUM",
+          "Normalized": 50
+        },
+        "Title": "CVE-2024-123 - fdd",
+        "Description": "A vulnerability was found in sdd.",
+        "Remediation": {
+          "Recommendation": {
+            "Text": "None Provided"
+          }
+        },
+        "ProductFields": {
+          "aws/inspector/FindingStatus": "ACTIVE",
+          "aws/inspector/inspectorScore": "5.1",
+          "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2023",
+          "aws/inspector/ProductVersion": "1",
+          "aws/inspector/instanceId": "i-1234xxyy",
+          "aws/securityhub/FindingId": "arn:aws:inspector2:us-east-1:1234567:finding/addfss",
+          "aws/securityhub/ProductName": "Inspector",
+          "aws/securityhub/CompanyName": "Amazon"
+        },
+        "Resources": [
+          {
+            "Type": "AwsEc2Instance",
+            "Id": "i-1234xxyy",
+            "Partition": "aws",
+            "Region": "us-east-1",
+            "Tags": {
+              "Name": "Name:xx-123-yy"
+            },
+            "Details": {
+              "AwsEc2Instance": {
+                "Type": "tt",
+                "ImageId": "ami-1234",
+                "IpV4Addresses": [
+                  "0.0.0.0"
+                ],
+                "IamInstanceProfileArn": "arn:aws:iam::1234567:instance-profile/something",
+                "VpcId": "vpc-1234",
+                "SubnetId": "subnet-xxxxxxx",
+                "LaunchedAt": "2024-09-18T05:16:44.106Z"
+              }
+            }
+          }
+        ],
+        "WorkflowState": "NEW",
+        "Workflow": {
+          "Status": "NEW"
+        },
+        "RecordState": "ACTIVE",
+        "Vulnerabilities": [
+          {
+            "Id": "CVE-2024-1234",
+            "VulnerablePackages": [
+              {
+                "Name": "aa",
+                "Version": "1.2.0",
+                "Architecture": "X86_64]",
+                "PackageManager": "OS",
+                "FixedInVersion": "abc[2.0]"
+              }
+            ],
+            "Cvss": [
+              {
+                "Version": "3.1",
+                "BaseScore": "7.5",
+                "BaseVector": "CVSS:9.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+                "Source": "NVD"
+              }
+            ],
+            "Vendor": {
+              "Name": "AMAZON_CVE",
+              "Url": "https://alas.aws.amazon.com/cve/json/v1/CVE-2024-1234.json",
+              "VendorSeverity": "Medium",
+              "VendorCreatedAt": "2024-01-16T00:00:00Z",
+              "VendorUpdatedAt": "2024-09-18T05:16:44.106Z"
+            },
+            "ReferenceUrls": [
+              "https://alas.aws.amazon.com"
+            ],
+            "FixAvailable": "YES"
+          }
+        ],
+        "FindingProviderFields": {
+          "Severity": {
+            "Label": "MEDIUM"
+          },
+          "Types": [
+            "Software and Configuration Checks/Vulnerabilities/CVE"
+          ]
+        }
+      }
+    ]
+  }

unittests/tools/test_awssecurityhub_parser.py

@@ -126,3 +126,11 @@ def test_guardduty(self):
             endpoint = findings[0].unsaved_endpoints[0]
             self.assertEqual("AwsEc2Instance arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890", endpoint.host)
             self.assertEqual("This is a GuardDuty Finding\nAPIs commonly used in Discovery tactics were invoked by user AssumedRole : 123123123, under anomalous circumstances. Such activity is not typically seen from this user.\n**AWS Finding ARN:** arn:aws:guardduty:us-east-1:123456789012:detector/123456789/finding/2123123123123\n**SourceURL:** [https://us-east-1.console.aws.amazon.com/guardduty/home?region=us-east-1#/findings?macros=current&fId=2123123123123](https://us-east-1.console.aws.amazon.com/guardduty/home?region=us-east-1#/findings?macros=current&fId=2123123123123)\n**AwsAccountId:** 123456789012\n**Region:** us-east-1\n**Generator ID:** arn:aws:guardduty:us-east-1:123456789012:detector/123456789\n", finding.description)
+
+    def test_issue_10956(self):
+        with open(get_unit_tests_path() + sample_path("issue_10956.json"), encoding="utf-8") as test_file:
+            parser = AwsSecurityHubParser()
+            findings = parser.get_findings(test_file, Test())
+            self.assertEqual(1, len(findings))
+            finding = findings[0]
+            self.assertEqual("0.00239", finding.epss_score)