Merge branch 'tkt_298_fix_invicti' into 'dev'

fix invicti plugin Closes #298 See merge request faradaysec/faraday-plugins!226
infobyte · Mar 15, 2023 · 8c0b727 · 8c0b727
2 parents c9aa168 + 82084ff
commit 8c0b727
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/CHANGELOG/current/298.md b/CHANGELOG/current/298.md
@@ -0,0 +1 @@
+[FIX] Fix inviti's plugin, check remedial procedures before parsing it with b4f. #298
diff --git a/faraday_plugins/plugins/repo/invicti/DTO.py b/faraday_plugins/plugins/repo/invicti/DTO.py
@@ -87,7 +87,10 @@ def name(self) -> str:
 
     @property
     def severity(self) -> str:
-        return self.node.find('severity').text
+        sv = self.node.find('severity').text
+        if sv == "BestPractice":
+            sv = "Information"
+        return sv
 
     @property
     def confirmed(self) -> str:

diff --git a/faraday_plugins/plugins/repo/invicti/plugin.py b/faraday_plugins/plugins/repo/invicti/plugin.py
@@ -85,12 +85,16 @@ def parseOutputString(self, output):
         h_id = self.createAndAddHost(ip)
         s_id = self.createAndAddServiceToHost(h_id, url.scheme, ports=433)
         for vulnerability in parser.invicti.vulnerabilities:
-            vuln = {"name": vulnerability.name, "severity": vulnerability.severity,
-                    "confirmed": vulnerability.confirmed,
-                    "desc": BeautifulSoup(vulnerability.description, features="lxml").text,
-                    "path": vulnerability.url.replace(parser.invicti.target.url, ""),
-                    "external_id": vulnerability.look_id,
-                    "resolution": BeautifulSoup(vulnerability.remedial_procedure, features="lxml").text}
+            vuln = {
+                "name": vulnerability.name,
+                "severity": vulnerability.severity,
+                "confirmed": vulnerability.confirmed,
+                "desc": BeautifulSoup(vulnerability.description, features="lxml").text,
+                "path": vulnerability.url.replace(parser.invicti.target.url, ""),
+                "external_id": vulnerability.look_id
+            }
+            if vulnerability.remedial_procedure:
+                vuln["resolution"] = BeautifulSoup(vulnerability.remedial_procedure, features="lxml").text
             if vulnerability.classification:
                 references = []
                 if vulnerability.classification.owasp:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		[FIX] Fix inviti's plugin, check remedial procedures before parsing it with b4f. #298