Merge branch 'tkt_286_import_enrichment' into 'dev'

Add cvss and cwe Closes #286 See merge request faradaysec/faraday-plugins!213
infobyte · Nov 23, 2022 · 23ff516 · 23ff516
2 parents b6082ac + 9f3562b
commit 23ff516
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/CHANGELOG/current/add_enrichment.md b/CHANGELOG/current/add_enrichment.md
@@ -0,0 +1 @@
+[ADD] Add cvss2/3 and cwe to faraday_csv plugin
diff --git a/faraday_plugins/plugins/plugin.py b/faraday_plugins/plugins/plugin.py
@@ -426,9 +426,9 @@ def modify_refs_struct(ref: List[str]) -> List[dict]:
         """
         Change reference struct from list of strings to a list of dicts with the form of {name, type}
         """
-        refs = []
         if not ref:
-            return ref
+            return []
+        refs = []
         for r in ref:
             if isinstance(r, dict):
                 refs.append(r)

diff --git a/faraday_plugins/plugins/repo/faraday_csv/plugin.py b/faraday_plugins/plugins/repo/faraday_csv/plugin.py
@@ -50,6 +50,11 @@ def __init__(self, csv_output, logger):
             "custom_fields",
             "website",
             "path",
+            "cwe",
+            "cvss2_base_score",
+            "cvss2_vector_string",
+            "cvss3_base_score",
+            "cvss3_vector_string",
             "request",
             "response",
             "method",
@@ -294,6 +299,16 @@ def parseOutputString(self, output):
                     tags=item['service_tags']
                 )
             if item['row_with_vuln']:
+                cvss2 = {
+                    "base_score": item['cvss2_base_score'],
+                }
+                if item['cvss2_vector_string']:
+                    cvss2["vector_string"]= item['cvss2_vector_string']
+                cvss3 = {
+                    "base_score": item['cvss3_base_score'],
+                }
+                if item['cvss3_vector_string']:
+                    cvss3["vector_string"]= item['cvss3_vector_string']
                 if not item['web_vulnerability'] and not s_id:
                     self.createAndAddVulnToHost(
                         h_id,
@@ -310,6 +325,9 @@ def parseOutputString(self, output):
                         impact=item['impact'],
                         policyviolations=item['policyviolations'],
                         cve=item['cve'],
+                        cwe=item['cwe'],
+                        cvss2=cvss2,
+                        cvss3=cvss3,
                         custom_fields=item['custom_fields'],
                         tags=item['tags']
                     )
@@ -330,6 +348,9 @@ def parseOutputString(self, output):
                         impact=item['impact'],
                         policyviolations=item['policyviolations'],
                         cve=item['cve'],
+                        cwe=item['cwe'],
+                        cvss2=cvss2,
+                        cvss3=cvss3,
                         custom_fields=item['custom_fields'],
                         tags=item['tags']
                     )
@@ -358,6 +379,9 @@ def parseOutputString(self, output):
                         impact=item['impact'],
                         policyviolations=item['policyviolations'],
                         cve=item['cve'],
+                        cwe=item['cwe'],
+                        cvss2=cvss2,
+                        cvss3=cvss3,
                         status_code=item['status_code'] or None,
                         custom_fields=item['custom_fields'],
                         tags=item['tags']
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		[ADD] Add cvss2/3 and cwe to faraday_csv plugin