🎉 Add fix_available information to wpscan #12633 (#13153)

manuel-sommer · web-flow · commit 3ab9c062a696 · 2025-09-12T18:05:34.000+02:00
diff --git a/dojo/tools/wpscan/parser.py b/dojo/tools/wpscan/parser.py
@@ -62,8 +62,10 @@ def get_vulnerabilities(
             if report_date:
                 finding.date = report_date
             # if there is a fixed version fill mitigation
+            finding.fix_available = False
             if vul.get("fixed_in"):
                 finding.mitigation = "fixed in : " + vul["fixed_in"]
+                finding.fix_available = True
             # manage CVE
             if "cve" in vul["references"]:
                 finding.unsaved_vulnerability_ids = []
diff --git a/unittests/tools/test_wpscan_parser.py b/unittests/tools/test_wpscan_parser.py
@@ -107,6 +107,7 @@ def test_parse_file_with_multiple_vuln_in_version(self):
                 self.assertNotEqual("Info", finding.severity)  # it is a vulnerability so not 'Info'
                 self.assertEqual("WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation", finding.title)
                 self.assertEqual("fixed in : 4.6.4", finding.mitigation)
+                self.assertEqual(True, finding.fix_available)
                 self.assertEqual("", finding.get_scanner_confidence_text())  # data are => 100%
 
     def test_parse_file_issue5774(self):
@@ -123,6 +124,7 @@ def test_parse_file_issue5774(self):
                 self.assertNotEqual("Info", finding.severity)
                 self.assertEqual("All in One SEO Pack <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting (XSS)", finding.title)
                 self.assertEqual("fixed in : 2.10", finding.mitigation)
+                self.assertEqual(True, finding.fix_available)
                 self.assertEqual(7, finding.scanner_confidence)
                 self.assertEqual("Tentative", finding.get_scanner_confidence_text())  # data are at 30%
             with self.subTest(i=19):
@@ -137,6 +139,7 @@ def test_parse_file_issue5774(self):
                 self.assertNotEqual("Info", finding.severity)
                 self.assertEqual("All in One SEO Pack <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting (XSS)", finding.title)
                 self.assertEqual("fixed in : 2.10", finding.mitigation)
+                self.assertEqual(True, finding.fix_available)
                 self.assertEqual("Tentative", finding.get_scanner_confidence_text())  # data are at 30%
 
             with self.subTest(i=50):
