Skip to content

Commit

Permalink
Add USE_FIRST_SEEN to Nexpose
Browse files Browse the repository at this point in the history
  • Loading branch information
@kiblik
kiblik committed Jan 19, 2024
1 parent 7c3d999 commit 6a8f818
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 4 deletions.
14 changes: 12 additions & 2 deletions dojo/tools/nexpose/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
import re
from defusedxml import ElementTree
from hyperlink._url import SCHEME_PORT_MAP
from datetime import datetime
from django.conf import settings

from dojo.models import Finding, Endpoint

Expand Down Expand Up @@ -124,6 +126,15 @@ def parse_tests_type(self, node, vulnsDefinitions):
] += "\n\n" + self.parse_html_type(desc)
else:
vuln["pluginOutput"] = self.parse_html_type(desc)
if settings.USE_FIRST_SEEN and (date := test.get("vulnerable-since")):
date = datetime.fromisoformat(date)
# It would be nice to be able to define it per Endpoint_Status but for now, we use the oldest known information
if not vuln.get("vulnerableSince") or (date < vuln["vulnerableSince"]):
vuln["vulnerableSince"] = date
else:
vuln["vulnerableSince"] = None
else:
vuln["vulnerableSince"] = None
vulns.append(vuln)

return vulns
Expand Down Expand Up @@ -324,12 +335,11 @@ def findings(dupe_key, dupes, test, vuln):
if vuln.get("resolution")
else None,
impact=vuln.get("vector") if vuln.get("vector") else None,
test=test,
false_p=False,
duplicate=False,
out_of_scope=False,
mitigated=None,
dynamic_finding=True,
date=vuln.get("vulnerableSince"),
)
# build references
refs = ""
Expand Down
4 changes: 2 additions & 2 deletions unittests/scans/nexpose/dns.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
</test>

<test id="dns-processes-recursive-queries" key="" status="vulnerable-exploited"
scan-id="28959" vulnerable-since="20210211T164506081"
scan-id="28959" vulnerable-since="20210212T164506081"
pci-compliance-status="pass">

<Paragraph>
Expand All @@ -56,7 +56,7 @@
</fingerprints>
<tests>
<test id="dns-allows-cache-snooping" key="" status="vulnerable-exploited"
scan-id="28959" vulnerable-since="20210211T164506081"
scan-id="28959" vulnerable-since="20210212T164506081"
pci-compliance-status="fail">

<Paragraph>
Expand Down
19 changes: 19 additions & 0 deletions unittests/tools/test_nexpose_parser.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
import datetime
from django.test import override_settings

from ..dojo_test_case import DojoTestCase
from dojo.tools.nexpose.parser import NexposeParser
from dojo.models import Test, Engagement, Product
Expand Down Expand Up @@ -202,3 +205,19 @@ def test_nexpose_parser_dns(self):
self.assertEqual('dns', str(finding.unsaved_endpoints[0].protocol))
self.assertEqual('udp', str(finding.unsaved_endpoints[0].fragment))
self.assertEqual('dns://192.168.1.1#udp', str(finding.unsaved_endpoints[0]))

@override_settings(USE_FIRST_SEEN=True)
def test_nexpose_parser_use_first_seen(self):
testfile = open("unittests/scans/nexpose/dns.xml")
parser = NexposeParser()
findings = parser.get_findings(testfile, Test())

for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()

self.assertEqual(6, len(findings))
finding = findings[2]
self.assertEqual(datetime.datetime(2021, 2, 11, 16, 45, 6, 81000), finding.date, finding.title)
finding = findings[4]
self.assertEqual(datetime.datetime(2021, 2, 11, 16, 45, 6, 81000), finding.date, finding.title)

0 comments on commit 6a8f818

Please sign in to comment.