fixing openvas parser and including script_id for openvas and nmap

DefectDojo · Dec 22, 2024 · d2212e9 · d2212e9
1 parent f248414
commit d2212e9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/dojo/tools/nmap/parser.py b/dojo/tools/nmap/parser.py
@@ -96,6 +96,7 @@ def get_findings(self, file, test):
                             "**Extra Info:** {}\n".format(port_element.find("service").attrib["extrainfo"])
                         )
                     description += service_info
+                script_id = None
                 if script := port_element.find("script"):
                     if script_id := script.attrib.get("id"):
                         description += f"**Script ID:** {script_id}\n"
@@ -126,6 +127,7 @@ def get_findings(self, file, test):
                         severity=severity,
                         mitigation="N/A",
                         impact="No impact provided",
+                        vuln_id_from_tool=script_id,
                     )
                     find.unsaved_endpoints = []
                     dupes[dupe_key] = find

diff --git a/dojo/tools/openvas/xml_parser.py b/dojo/tools/openvas/xml_parser.py
@@ -16,6 +16,7 @@ def get_findings(self, filename, test):
         report = root.find("report")
         results = report.find("results")
         for result in results:
+            script_id = None
             for finding in result:
                 if finding.tag == "name":
                     title = finding.text
@@ -27,7 +28,8 @@ def get_findings(self, filename, test):
                     title = title + "_" + finding.text
                     description.append(f"**Port**: {finding.text}")
                 if finding.tag == "nvt":
-                    description.append(f"**NVT**: {finding.text}")
+                    script_id = finding.get("oid")
+                    description.append(f"**NVT**: {script_id}")
                 if finding.tag == "severity":
                     severity = self.convert_cvss_score(finding.text)
                     description.append(f"**Severity**: {finding.text}")
@@ -38,10 +40,12 @@ def get_findings(self, filename, test):
 
             finding = Finding(
                 title=str(title),
+                test=test,
                 description="\n".join(description),
                 severity=severity,
                 dynamic_finding=True,
                 static_finding=False,
+                vuln_id_from_tool=script_id,
             )
             findings.append(finding)
         return findings