From 04711e974313e5381d311202ccdf8bbab04a50cf Mon Sep 17 00:00:00 2001
From: GMartinez1995 <gmartinez@infobytesec.com>
Date: Mon, 14 Nov 2022 16:55:19 -0300
Subject: [PATCH 1/3] Add cvss and cwe

---
 CHANGELOG/current/add_enrichment.md           |  1 +
 .../plugins/repo/faraday_csv/plugin.py        | 22 +++++++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 CHANGELOG/current/add_enrichment.md

diff --git a/CHANGELOG/current/add_enrichment.md b/CHANGELOG/current/add_enrichment.md
new file mode 100644
index 00000000..0d44d492
--- /dev/null
+++ b/CHANGELOG/current/add_enrichment.md
@@ -0,0 +1 @@
+[ADD] Add cvss2/3 and cwe to faraday_csv plugin
diff --git a/faraday_plugins/plugins/repo/faraday_csv/plugin.py b/faraday_plugins/plugins/repo/faraday_csv/plugin.py
index b4136335..4e51ba3b 100644
--- a/faraday_plugins/plugins/repo/faraday_csv/plugin.py
+++ b/faraday_plugins/plugins/repo/faraday_csv/plugin.py
@@ -50,6 +50,11 @@ def __init__(self, csv_output, logger):
             "custom_fields",
             "website",
             "path",
+            "cwe",
+            "cvss2_base_score",
+            "cvss2_vector_string",
+            "cvss3_base_score",
+            "cvss3_vector_string",
             "request",
             "response",
             "method",
@@ -294,6 +299,14 @@ def parseOutputString(self, output):
                     tags=item['service_tags']
                 )
             if item['row_with_vuln']:
+                cvss2 = {
+                    "vector_string": item['cvss2_base_score'],
+                    "base_score": item['cvss2_vector_string'],
+                }
+                cvss3 = {
+                    "vector_string": item['cvss3_base_score'],
+                    "base_score": item['cvss3_vector_string'],
+                }
                 if not item['web_vulnerability'] and not s_id:
                     self.createAndAddVulnToHost(
                         h_id,
@@ -310,6 +323,9 @@ def parseOutputString(self, output):
                         impact=item['impact'],
                         policyviolations=item['policyviolations'],
                         cve=item['cve'],
+                        cwe=item['cwe'],
+                        cvss2=cvss2,
+                        cvss3=cvss3,
                         custom_fields=item['custom_fields'],
                         tags=item['tags']
                     )
@@ -330,6 +346,9 @@ def parseOutputString(self, output):
                         impact=item['impact'],
                         policyviolations=item['policyviolations'],
                         cve=item['cve'],
+                        cwe=item['cwe'],
+                        cvss2=cvss2,
+                        cvss3=cvss3,
                         custom_fields=item['custom_fields'],
                         tags=item['tags']
                     )
@@ -358,6 +377,9 @@ def parseOutputString(self, output):
                         impact=item['impact'],
                         policyviolations=item['policyviolations'],
                         cve=item['cve'],
+                        cwe=item['cwe'],
+                        cvss2=cvss2,
+                        cvss3=cvss3,
                         status_code=item['status_code'] or None,
                         custom_fields=item['custom_fields'],
                         tags=item['tags']

From 6f700c6aa1ecf82d34eae3fe1bb5a1489a8c7430 Mon Sep 17 00:00:00 2001
From: GMartinez1995 <gmartinez@infobytesec.com>
Date: Wed, 16 Nov 2022 15:25:00 -0300
Subject: [PATCH 2/3] check if vector_string exists

---
 faraday_plugins/plugins/repo/faraday_csv/plugin.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/faraday_plugins/plugins/repo/faraday_csv/plugin.py b/faraday_plugins/plugins/repo/faraday_csv/plugin.py
index 4e51ba3b..fb2945f6 100644
--- a/faraday_plugins/plugins/repo/faraday_csv/plugin.py
+++ b/faraday_plugins/plugins/repo/faraday_csv/plugin.py
@@ -300,13 +300,15 @@ def parseOutputString(self, output):
                 )
             if item['row_with_vuln']:
                 cvss2 = {
-                    "vector_string": item['cvss2_base_score'],
-                    "base_score": item['cvss2_vector_string'],
+                    "base_score": item['cvss2_base_score'],
                 }
+                if item['cvss2_vector_string']:
+                    cvss2["vector_string"]= item['cvss2_vector_string']
                 cvss3 = {
-                    "vector_string": item['cvss3_base_score'],
-                    "base_score": item['cvss3_vector_string'],
+                    "base_score": item['cvss3_base_score'],
                 }
+                if item['cvss3_vector_string']:
+                    cvss3["vector_string"]= item['cvss3_vector_string']
                 if not item['web_vulnerability'] and not s_id:
                     self.createAndAddVulnToHost(
                         h_id,

From a90d3f51b69ce5604fd515f9bfdd88d7a9a33278 Mon Sep 17 00:00:00 2001
From: GMartinez1995 <gmartinez@infobytesec.com>
Date: Wed, 16 Nov 2022 16:58:33 -0300
Subject: [PATCH 3/3] Return empty list if ref are empty

---
 faraday_plugins/plugins/plugin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/faraday_plugins/plugins/plugin.py b/faraday_plugins/plugins/plugin.py
index 92efd5e1..39ffc060 100644
--- a/faraday_plugins/plugins/plugin.py
+++ b/faraday_plugins/plugins/plugin.py
@@ -426,9 +426,9 @@ def modify_refs_struct(ref: List[str]) -> List[dict]:
         """
         Change reference struct from list of strings to a list of dicts with the form of {name, type}
         """
-        refs = []
         if not ref:
-            return ref
+            return []
+        refs = []
         for r in ref:
             if isinstance(r, dict):
                 refs.append(r)