bugfix: fixed dryrun findings

Author: jostaub

dojo/tools/openvas/parser_v2/common.py

@@ -41,6 +41,8 @@ def escape_restructured_text(text: str) -> str:
     """Changes text so that restructured text symbols are not interpreted"""
     # OpenVAS likes to include markdown like tables in some fields
     # Defectdojo uses reStructuredText which causes them to be rendered wrong
+    text = text.replace("```", "")
+    text = text.replace("```", "")
     return f"```\n{text}\n```"
 
 

dojo/tools/openvas/parser_v2/csv_parser.py

@@ -1,5 +1,6 @@
 import csv
 import io
+import logging
 
 from dateutil.parser import parse as parse_date
 
@@ -13,15 +14,14 @@
     setup_finding,
 )
 
+logger = logging.getLogger(__name__)
+
 
 def get_findings_from_csv(file, test) -> list[Finding]:
     """Returns list of findings as defectdojo factory contract expects"""
     dupes = {}
-    content = file.read()
-    if isinstance(content, bytes):
-        content = content.decode("utf-8")
-
-    csv_reader = csv.reader(io.StringIO(content), delimiter=",", quotechar='"')
+    file = io.TextIOWrapper(file, encoding="utf-8")
+    csv_reader = csv.reader(file, delimiter=",", quotechar='"')
     column_names = [column_name.lower() for column_name in next(csv_reader) if column_name]
 
     if "nvt name" not in column_names:
@@ -85,8 +85,11 @@ def process_column(
         self.aux_info = aux_info
 
         handler = self.column_handlers.get(column_name)
-        if handler:
-            handler(column_value)
+        try:
+            if handler:
+                handler(column_value)
+        except ValueError as e:
+            logger.debug("openvas parser v2: error parsing column %s: %s", column_name, e)
 
     def _handle_nvt_name(self, column_value: str):
         self.finding.title = column_value

dojo/tools/openvas/parser_v2/xml_parser.py

@@ -1,4 +1,5 @@
 import contextlib
+import logging
 from xml.dom import NamespaceErr
 
 from defusedxml import ElementTree
@@ -14,6 +15,8 @@
 )
 from dojo.utils import parse_cvss_data
 
+logger = logging.getLogger(__name__)
+
 
 def get_findings_from_xml(file, test) -> list[Finding]:
     """Returns list of findings as defectdojo factory contract expects"""
@@ -59,8 +62,11 @@ def process_element(self, field, finding: Finding, aux_info: OpenVASFindingAuxDa
         self.aux_info = aux_info
 
         handler = self.tag_handlers.get(field.tag)
-        if handler:
-            handler(field)
+        try:
+            if handler:
+                handler(field)
+        except ValueError as e:
+            logger.debug("openvas parser v2: error parsing field %s: %s", field.tag, e)
 
     def _handle_nvt(self, field):
         self.finding.vuln_id_from_tool = field.get("oid")