From 777c39c3198266e5af10d2e704249d9a133c216c Mon Sep 17 00:00:00 2001
From: GMartinez1995 <gmartinez@infobytesec.com>
Date: Fri, 10 Mar 2023 16:43:16 -0300
Subject: [PATCH] fix plugin

---
 CHANGELOG/current/298.md                       |  1 +
 faraday_plugins/plugins/repo/invicti/DTO.py    |  5 ++++-
 faraday_plugins/plugins/repo/invicti/plugin.py | 16 ++++++++++------
 3 files changed, 15 insertions(+), 7 deletions(-)
 create mode 100644 CHANGELOG/current/298.md

diff --git a/CHANGELOG/current/298.md b/CHANGELOG/current/298.md
new file mode 100644
index 00000000..1ad37b3d
--- /dev/null
+++ b/CHANGELOG/current/298.md
@@ -0,0 +1 @@
+[FIX] Fix inviti's plugin, check remedial procedures before parsing it with b4f. #298
diff --git a/faraday_plugins/plugins/repo/invicti/DTO.py b/faraday_plugins/plugins/repo/invicti/DTO.py
index 450f7ba3..5a0c95cd 100644
--- a/faraday_plugins/plugins/repo/invicti/DTO.py
+++ b/faraday_plugins/plugins/repo/invicti/DTO.py
@@ -87,7 +87,10 @@ def name(self) -> str:
 
     @property
     def severity(self) -> str:
-        return self.node.find('severity').text
+        sv = self.node.find('severity').text
+        if sv == "BestPractice":
+            sv = "Information"
+        return sv
 
     @property
     def confirmed(self) -> str:
diff --git a/faraday_plugins/plugins/repo/invicti/plugin.py b/faraday_plugins/plugins/repo/invicti/plugin.py
index e88a2617..5405330c 100644
--- a/faraday_plugins/plugins/repo/invicti/plugin.py
+++ b/faraday_plugins/plugins/repo/invicti/plugin.py
@@ -85,12 +85,16 @@ def parseOutputString(self, output):
         h_id = self.createAndAddHost(ip)
         s_id = self.createAndAddServiceToHost(h_id, url.scheme, ports=433)
         for vulnerability in parser.invicti.vulnerabilities:
-            vuln = {"name": vulnerability.name, "severity": vulnerability.severity,
-                    "confirmed": vulnerability.confirmed,
-                    "desc": BeautifulSoup(vulnerability.description, features="lxml").text,
-                    "path": vulnerability.url.replace(parser.invicti.target.url, ""),
-                    "external_id": vulnerability.look_id,
-                    "resolution": BeautifulSoup(vulnerability.remedial_procedure, features="lxml").text}
+            vuln = {
+                "name": vulnerability.name,
+                "severity": vulnerability.severity,
+                "confirmed": vulnerability.confirmed,
+                "desc": BeautifulSoup(vulnerability.description, features="lxml").text,
+                "path": vulnerability.url.replace(parser.invicti.target.url, ""),
+                "external_id": vulnerability.look_id
+            }
+            if vulnerability.remedial_procedure:
+                vuln["resolution"] = BeautifulSoup(vulnerability.remedial_procedure, features="lxml").text
             if vulnerability.classification:
                 references = []
                 if vulnerability.classification.owasp: