Skip to content

Commit e5d4083

Browse files
author
Diego Nadares
committed
Merge branch 'tkt_367_fix_nessus_cvss' into 'dev'
Fix nessus plugin See merge request faradaysec/faraday-plugins!278
2 parents 0534871 + 81432d5 commit e5d4083

3 files changed

Lines changed: 41 additions & 5 deletions

File tree

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,3 +133,6 @@ dmypy.json
133133

134134
# extras for testing
135135
report-collection
136+
137+
#vscode
138+
.vscode/

CHANGELOG/current/367.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
[FIX] CVSS values in nessus plugin. #367

faraday_plugins/plugins/repo/nessus/plugin.py

Lines changed: 37 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@
99

1010
from dateutil.parser import parse
1111
from faraday_plugins.plugins.plugin import PluginXMLFormat
12+
from faraday_plugins.plugins.plugins_utils import CVE_regex
13+
from faraday_plugins.plugins.plugins_utils import get_severity_from_cvss
1214

1315
__author__ = "Blas"
1416
__copyright__ = "Copyright (c) 2019, Infobyte LLC"
@@ -20,7 +22,6 @@
2022
__status__ = "Development"
2123

2224
from faraday_plugins.plugins.repo.nessus.DTO import ReportHost, Report, ReportItem
23-
from faraday_plugins.plugins.plugins_utils import get_severity_from_cvss
2425

2526
class NessusParser:
2627
"""
@@ -183,21 +184,52 @@ def parseOutputString(self, output):
183184
def map_add_ref(main_data, item: ReportItem):
184185
main_data["cvss2"] = {}
185186
main_data["cvss3"] = {}
187+
188+
found_cves = set()
189+
190+
if item.cve:
191+
if isinstance(item.cve, str):
192+
cves_in_item_cve_field = CVE_regex.findall(item.cve)
193+
found_cves.update(cves_in_item_cve_field)
194+
elif isinstance(item.cve, list):
195+
for c_val in item.cve:
196+
if isinstance(c_val, str):
197+
found_cves.add(c_val)
198+
186199
if item.see_also:
187200
main_data["ref"].append(item.see_also)
201+
# Extract CVEs from see_also string
202+
cves_from_see_also = CVE_regex.findall(item.see_also)
203+
found_cves.update(cves_from_see_also)
204+
205+
if found_cves:
206+
main_data["cve"] = sorted(list(found_cves))
207+
188208
if item.cpe:
189209
main_data["ref"].append(item.cpe)
190-
if item.cve:
191-
main_data["cve"] = item.cve
192210
if item.cwe:
193211
main_data["cwe"] = item.cwe
212+
194213
if item.cvss3_vector:
195-
main_data["cvss3"]["vector_string"] = item.cvss3_vector
196-
#if item has cvss3.base_score use it for severity
214+
cvss3_vector_string = item.cvss3_vector
215+
# Prepend "CVSS:3.0/" if no "CVSS:3.x" prefix exists, similar to Nessus SC plugin
216+
if not cvss3_vector_string.startswith("CVSS:3."):
217+
cvss3_vector_string = "CVSS:3.0/" + cvss3_vector_string
218+
main_data["cvss3"]["vector_string"] = cvss3_vector_string
219+
197220
if item.cvss3_base_score:
221+
main_data["cvss3"]["base_score"] = item.cvss3_base_score
198222
main_data["severity"] = get_severity_from_cvss(item.cvss3_base_score)
223+
199224
if item.cvss_vector:
200225
main_data["cvss2"]["vector_string"] = item.cvss_vector
226+
227+
if item.cvss2_base_score:
228+
main_data["cvss2"]["base_score"] = item.cvss2_base_score
229+
# If CVSSv3 score is not present, use CVSSv2 score for severity
230+
if not item.cvss3_base_score:
231+
main_data["severity"] = get_severity_from_cvss(item.cvss2_base_score)
232+
201233
return main_data
202234

203235

0 commit comments

Comments
 (0)