Add CVSS details extraction to AWS Inspector2 parser (#13305)

Maffooch · web-flow · commit 6f0cd3dec0a8 · 2025-10-03T23:08:27.000+02:00
* Add CVSS details extraction to AWS Inspector2 parser and update tests

* Fix ruff

* Update dojo/tools/aws_inspector2/parser.py

* Correct tests
diff --git a/dojo/tools/aws_inspector2/parser.py b/dojo/tools/aws_inspector2/parser.py
@@ -4,6 +4,7 @@
 from dateutil import parser as date_parser
 
 from dojo.models import Endpoint, Finding
+from dojo.utils import parse_cvss_data
 
 
 class AWSInspector2Parser:
@@ -40,6 +41,8 @@ def get_findings(self, file, test):
             else:
                 msg = "Incorrect Inspector2 report format"
                 raise TypeError(msg)
+            # Attempt to get CVSS details
+            finding = self.get_cvss_details(finding, raw_finding)
             # process the endpoints
             finding = self.process_endpoints(finding, raw_finding)
             findings.append(finding)
@@ -97,6 +100,16 @@ def get_base_finding(self, raw_finding: dict) -> Finding:
 
         return finding
 
+    def get_cvss_details(self, finding: Finding, raw_finding: dict) -> Finding:
+        cvss_details = raw_finding.get("inspectorScoreDetails", {}).get("adjustedCvss", {})
+        if cvss_vector := cvss_details.get("scoringVector"):
+            if cvss_data := parse_cvss_data(cvss_vector):
+                finding.cvssv2 = cvss_data.get("cvssv2")
+                finding.cvssv3 = cvss_data.get("cvssv3")
+                finding.cvssv4 = cvss_data.get("cvssv4")
+
+        return finding
+
     def get_package_vulnerability(self, finding: Finding, raw_finding: dict) -> Finding:
         vulnerability_details = raw_finding.get("packageVulnerabilityDetails", {})
         vulnerability_packages_descriptions = "\n".join(
diff --git a/unittests/tools/test_aws_inspector2_parser.py b/unittests/tools/test_aws_inspector2_parser.py
@@ -28,6 +28,8 @@ def test_aws_inspector2_parser_with_one_vuln_has_one_findings(self):
             self.assertEqual(1, len(findings))
             self.assertEqual("CVE-2021-3744 - linux", findings[0].title)
             self.assertEqual("Medium", findings[0].severity)
+            self.assertEqual("CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", findings[0].cvssv3)
+            self.assertIsNone(findings[0].cvssv3_score)  # The score will be created by the finding save method
 
     def test_aws_inspector2_parser_with_many_vuln_has_many_findings(self):
         with (get_unit_tests_scans_path("aws_inspector2") / "aws_inspector2_many_vul.json").open(encoding="utf-8") as testfile:
@@ -41,6 +43,8 @@ def test_aws_inspector2_parser_with_many_vuln_has_many_findings(self):
             self.assertEqual(True, findings[0].is_mitigated)
             # 2024-06-14T04:03:53.051000+02:00
             self.assertEqual(datetime(2024, 6, 14, 4, 3, 53, 51000, tzinfo=tzoffset(None, 7200)), findings[0].mitigated)
+            self.assertEqual("CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", findings[0].cvssv3)
+            self.assertIsNone(findings[0].cvssv3_score)  # The score will be created by the finding save method
 
     def test_aws_inspector2_parser_empty_with_error(self):
         with self.assertRaises(TypeError) as context, \
