|
9 | 9 |
|
10 | 10 | from dateutil.parser import parse |
11 | 11 | from faraday_plugins.plugins.plugin import PluginXMLFormat |
| 12 | +from faraday_plugins.plugins.plugins_utils import CVE_regex |
| 13 | +from faraday_plugins.plugins.plugins_utils import get_severity_from_cvss |
12 | 14 |
|
13 | 15 | __author__ = "Blas" |
14 | 16 | __copyright__ = "Copyright (c) 2019, Infobyte LLC" |
|
20 | 22 | __status__ = "Development" |
21 | 23 |
|
22 | 24 | from faraday_plugins.plugins.repo.nessus.DTO import ReportHost, Report, ReportItem |
23 | | -from faraday_plugins.plugins.plugins_utils import get_severity_from_cvss |
24 | 25 |
|
25 | 26 | class NessusParser: |
26 | 27 | """ |
@@ -183,21 +184,52 @@ def parseOutputString(self, output): |
183 | 184 | def map_add_ref(main_data, item: ReportItem): |
184 | 185 | main_data["cvss2"] = {} |
185 | 186 | main_data["cvss3"] = {} |
| 187 | + |
| 188 | + found_cves = set() |
| 189 | + |
| 190 | + if item.cve: |
| 191 | + if isinstance(item.cve, str): |
| 192 | + cves_in_item_cve_field = CVE_regex.findall(item.cve) |
| 193 | + found_cves.update(cves_in_item_cve_field) |
| 194 | + elif isinstance(item.cve, list): |
| 195 | + for c_val in item.cve: |
| 196 | + if isinstance(c_val, str): |
| 197 | + found_cves.add(c_val) |
| 198 | + |
186 | 199 | if item.see_also: |
187 | 200 | main_data["ref"].append(item.see_also) |
| 201 | + # Extract CVEs from see_also string |
| 202 | + cves_from_see_also = CVE_regex.findall(item.see_also) |
| 203 | + found_cves.update(cves_from_see_also) |
| 204 | + |
| 205 | + if found_cves: |
| 206 | + main_data["cve"] = sorted(list(found_cves)) |
| 207 | + |
188 | 208 | if item.cpe: |
189 | 209 | main_data["ref"].append(item.cpe) |
190 | | - if item.cve: |
191 | | - main_data["cve"] = item.cve |
192 | 210 | if item.cwe: |
193 | 211 | main_data["cwe"] = item.cwe |
| 212 | + |
194 | 213 | if item.cvss3_vector: |
195 | | - main_data["cvss3"]["vector_string"] = item.cvss3_vector |
196 | | - #if item has cvss3.base_score use it for severity |
| 214 | + cvss3_vector_string = item.cvss3_vector |
| 215 | + # Prepend "CVSS:3.0/" if no "CVSS:3.x" prefix exists, similar to Nessus SC plugin |
| 216 | + if not cvss3_vector_string.startswith("CVSS:3."): |
| 217 | + cvss3_vector_string = "CVSS:3.0/" + cvss3_vector_string |
| 218 | + main_data["cvss3"]["vector_string"] = cvss3_vector_string |
| 219 | + |
197 | 220 | if item.cvss3_base_score: |
| 221 | + main_data["cvss3"]["base_score"] = item.cvss3_base_score |
198 | 222 | main_data["severity"] = get_severity_from_cvss(item.cvss3_base_score) |
| 223 | + |
199 | 224 | if item.cvss_vector: |
200 | 225 | main_data["cvss2"]["vector_string"] = item.cvss_vector |
| 226 | + |
| 227 | + if item.cvss2_base_score: |
| 228 | + main_data["cvss2"]["base_score"] = item.cvss2_base_score |
| 229 | + # If CVSSv3 score is not present, use CVSSv2 score for severity |
| 230 | + if not item.cvss3_base_score: |
| 231 | + main_data["severity"] = get_severity_from_cvss(item.cvss2_base_score) |
| 232 | + |
201 | 233 | return main_data |
202 | 234 |
|
203 | 235 |
|
|
0 commit comments