diff --git a/boefjes/boefjes/plugins/kat_kat_finding_types/kat_finding_types.json b/boefjes/boefjes/plugins/kat_kat_finding_types/kat_finding_types.json index 23ec1b70da7..00fbbba47a4 100644 --- a/boefjes/boefjes/plugins/kat_kat_finding_types/kat_finding_types.json +++ b/boefjes/boefjes/plugins/kat_kat_finding_types/kat_finding_types.json @@ -486,5 +486,10 @@ "source": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers", "impact": "Nonstandard headers may not be supported by all browsers and may not provide the security that is expected.", "recommendation": "Remove the nonstandard headers from the response." + }, + "KAT-SOFTWARE-VERSION-NOT-FOUND": { + "description": "The version of the software is not found.", + "risk": "recommendation", + "recommendation": "There was no version found for this software but there are known vulnerabilities for this software." } } diff --git a/boefjes/boefjes/plugins/kat_snyk/normalize.py b/boefjes/boefjes/plugins/kat_snyk/normalize.py index cd8b5746234..240cc580e0f 100755 --- a/boefjes/boefjes/plugins/kat_snyk/normalize.py +++ b/boefjes/boefjes/plugins/kat_snyk/normalize.py @@ -23,7 +23,7 @@ def run(input_ooi: dict, raw: bytes) -> Iterable[NormalizerOutput]: elif not results["table_vulnerabilities"] and not results["cve_vulnerabilities"]: # no vulnerabilities found return - else: + if software_version: for vuln in results["table_vulnerabilities"]: snyk_ft = SnykFindingType(id=vuln.get("Vuln_href")) yield snyk_ft @@ -40,6 +40,15 @@ def run(input_ooi: dict, raw: bytes) -> Iterable[NormalizerOutput]: ooi=pk_ooi, description=vuln.get("Vuln_text"), ) + if not software_version and (results["table_vulnerabilities"] or results["cve_vulnerabilities"]): + kat_ooi = KATFindingType(id="KAT-SOFTWARE-VERSION-NOT-FOUND") + yield kat_ooi + yield Finding( + finding_type=kat_ooi.reference, + ooi=pk_ooi, + description="There was no version found for this software. " + "But there are known vulnerabilities for some versions.", + ) # Check for latest version latest_version = ""