Skip to content

Commit c9f35d5

Browse files
valentijnscholtenvalentijnscholten
authored
OpenVAS endpoint and severity improvements (#11955)
* openvas: trim/strip hostname * openvas: trim/strip hostname * openvas: parse endpoints from xml * openvas: use string based severity in xml parser * openvas: add ip to description * cleanup * cleanup
1 parent dcbb8a5 commit c9f35d5

4 files changed

Lines changed: 2558 additions & 538 deletions

File tree

dojo/tools/openvas/csv_parser.py

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -118,8 +118,9 @@ def __init__(self):
118118
def map_column_value(self, finding, column_value):
119119
if not finding.unsaved_endpoints[
120120
0
121-
].host: # process only if host is not already defined (by field hostname)
122-
finding.unsaved_endpoints[0].host = column_value
121+
].host and column_value is not None: # process only if host is not already defined (by field hostname)
122+
# strip due to https://github.com/greenbone/gvmd/issues/2378
123+
finding.unsaved_endpoints[0].host = column_value.strip()
123124

124125

125126
class HostnameColumnMappingStrategy(ColumnMappingStrategy):
@@ -129,7 +130,8 @@ def __init__(self):
129130

130131
def map_column_value(self, finding, column_value):
131132
if column_value: # do not override IP if hostname is empty
132-
finding.unsaved_endpoints[0].host = column_value
133+
# strip due to https://github.com/greenbone/gvmd/issues/2378
134+
finding.unsaved_endpoints[0].host = column_value.strip()
133135

134136

135137
class SeverityColumnMappingStrategy(ColumnMappingStrategy):
@@ -278,13 +280,21 @@ def get_findings(self, filename, test):
278280
finding = Finding(test=test)
279281
finding.unsaved_vulnerability_ids = []
280282
finding.unsaved_endpoints = [Endpoint()]
283+
ip = None
281284
if row_number == 0:
282285
column_names = self.read_column_names(row)
283286
continue
284287
for column_number, column in enumerate(row):
285288
chain.process_column(
286289
column_names[column_number], column, finding,
287290
)
291+
# due to the way this parser is implemented we have to do this stuff to retrieve a value for later use
292+
if column_names[column_number].lower() == "ip":
293+
ip = column
294+
295+
if ip:
296+
finding.description += f"\n**IP**: {ip}"
297+
288298
if finding is not None and row_number > 0:
289299
if finding.title is None:
290300
finding.title = ""

dojo/tools/openvas/xml_parser.py

Lines changed: 38 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,9 @@
1+
import contextlib
12
from xml.dom import NamespaceErr
23

34
from defusedxml import ElementTree as ET
45

5-
from dojo.models import Finding
6+
from dojo.models import Endpoint, Finding
67

78

89
class OpenVASXMLParser:
@@ -17,26 +18,41 @@ def get_findings(self, filename, test):
1718
results = report.find("results")
1819
for result in results:
1920
script_id = None
20-
for finding in result:
21-
if finding.tag == "name":
22-
title = finding.text
23-
description = [f"**Name**: {finding.text}"]
24-
if finding.tag == "host":
25-
title = title + "_" + finding.text
26-
description.append(f"**Host**: {finding.text}")
27-
if finding.tag == "port":
28-
title = title + "_" + finding.text
29-
description.append(f"**Port**: {finding.text}")
30-
if finding.tag == "nvt":
31-
description.append(f"**NVT**: {finding.text}")
32-
script_id = finding.get("oid") or finding.text
33-
if finding.tag == "severity":
34-
severity = self.convert_cvss_score(finding.text)
35-
description.append(f"**Severity**: {finding.text}")
36-
if finding.tag == "qod":
37-
description.append(f"**QOD**: {finding.text}")
38-
if finding.tag == "description":
39-
description.append(f"**Description**: {finding.text}")
21+
unsaved_endpoint = Endpoint()
22+
for field in result:
23+
if field.tag == "name":
24+
title = field.text
25+
description = [f"**Name**: {field.text}"]
26+
if field.tag == "hostname":
27+
title = title + "_" + field.text
28+
description.append(f"**Hostname**: {field.text}")
29+
if field.text:
30+
unsaved_endpoint.host = field.text.strip() # strip due to https://github.com/greenbone/gvmd/issues/2378
31+
if field.tag == "host":
32+
title = title + "_" + field.text
33+
description.append(f"**Host**: {field.text}")
34+
if not unsaved_endpoint.host and field.text:
35+
unsaved_endpoint.host = field.text.strip() # strip due to https://github.com/greenbone/gvmd/issues/2378
36+
if field.tag == "port":
37+
title = title + "_" + field.text
38+
description.append(f"**Port**: {field.text}")
39+
if field.text:
40+
port_str, protocol = field.text.split("/")
41+
with contextlib.suppress(ValueError):
42+
unsaved_endpoint.port = int(port_str)
43+
unsaved_endpoint.protocol = protocol
44+
if field.tag == "nvt":
45+
description.append(f"**NVT**: {field.text}")
46+
script_id = field.get("oid") or field.text
47+
if field.tag == "severity":
48+
description.append(f"**Severity**: {field.text}")
49+
if field.tag == "threat":
50+
description.append(f"**Threat**: {field.text}")
51+
severity = field.text if field.text in {"Info", "Low", "Medium", "High", "Critical"} else "Info"
52+
if field.tag == "qod":
53+
description.append(f"**QOD**: {field.text}")
54+
if field.tag == "description":
55+
description.append(f"**Description**: {field.text}")
4056

4157
finding = Finding(
4258
title=str(title),
@@ -47,6 +63,7 @@ def get_findings(self, filename, test):
4763
static_finding=False,
4864
vuln_id_from_tool=script_id,
4965
)
66+
finding.unsaved_endpoints = [unsaved_endpoint]
5067
findings.append(finding)
5168
return findings
5269

0 commit comments

Comments
 (0)