🐛 Fix Defender broken Endpoint #11217 (#11212)

manuel-sommer · web-flow · commit 9e33bced2c0d · 2024-11-11T12:19:55.000-06:00
* 🐛 fix MSDefender computerDNSName to match modelregex

* 🐛 fix DefendercomputerDNSName is mostly a userinfo

* ruff

* fix according to review

* add unittest
diff --git a/dojo/tools/ms_defender/parser.py b/dojo/tools/ms_defender/parser.py
@@ -131,7 +131,7 @@ def process_zip(self, vulnerability, machine):
         self.findings.append(finding)
         finding.unsaved_endpoints = []
         if machine["computerDnsName"] is not None:
-            finding.unsaved_endpoints.append(Endpoint(host=str(machine["computerDnsName"])))
+            finding.unsaved_endpoints.append(Endpoint(host=str(machine["computerDnsName"]).replace(" ", "").replace("(", "_").replace(")", "_")))
         if machine["lastIpAddress"] is not None:
             finding.unsaved_endpoints.append(Endpoint(host=str(machine["lastIpAddress"])))
         if machine["lastExternalIpAddress"] is not None:
diff --git a/unittests/scans/ms_defender/issue_11217.zip b/unittests/scans/ms_defender/issue_11217.zip
diff --git a/unittests/tools/test_ms_defender_parser.py b/unittests/tools/test_ms_defender_parser.py
@@ -68,3 +68,15 @@ def test_parser_defender_multiple_files_zip(self):
         for endpoint in finding.unsaved_endpoints:
             endpoint.clean()
         self.assertEqual("1.1.1.1", finding.unsaved_endpoints[0].host)
+
+    def test_parser_defender_issue_11217(self):
+        testfile = open("unittests/scans/ms_defender/issue_11217.zip", encoding="utf-8")
+        parser = MSDefenderParser()
+        findings = parser.get_findings(testfile, Test())
+        testfile.close()
+        self.assertEqual(1, len(findings))
+        finding = findings[0]
+        self.assertEqual("Medium", finding.severity)
+        for endpoint in finding.unsaved_endpoints:
+            endpoint.clean()
+        self.assertEqual("Max_Mustermann_iPadAir_17zoll__2ndgeneration_", finding.unsaved_endpoints[0].host)
