Skip to content

nessus: parse more fields #12247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 30, 2025
Merged

nessus: parse more fields #12247

merged 1 commit into from
Apr 30, 2025

Conversation

valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Apr 15, 2025
edited
Loading

Users reported on Slack that the Nessus CSV report can contain fields that are currently not parsed by DefectDojo:

image (5)
Reference: https://owasp.slack.com/archives/C2P5BA8MN/p1743609798217049

This PR parses some more fields in the csv parse:

  • epss_score
  • more references
  • vpr score
  • stig score
  • canvas
  • metasploit exploitable
  • core impact
  • canvas
  • plugin information

To me it's not clear what some of these fields, but probably anyone using Nessus will understand. So it's good to have these values in the description, references or severity_justification field.

We decided for now not to parse the CWE field that is present in the XREF fields as it would influence the hash code calculation which we would not be able to get aligned with older findings that did not have the cwe field parsed and stored.

Ruff required me to update all test cases.

@valentijnscholten valentijnscholten changed the title nessus csv: parse more fields nessus: parse more fields Apr 15, 2025
@valentijnscholten valentijnscholten marked this pull request as ready for review April 18, 2025 07:19
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 18, 2025
edited
Loading

DryRun Security

This pull request involves potential information exposure in reference expansion, modifications to EPSS score processing, and the presence of multiple vulnerabilities in a Nessus scan template, which could impact system security and data handling.

💭 Unconfirmed Findings (3)
Vulnerability Potential Information Exposure in References Expansion
Description Located in dojo/tools/tenable/csv_format.py, this finding involves adding multiple new reference sources that could expose additional system or vulnerability metadata, potentially increasing the risk of sensitive information disclosure.
Vulnerability EPSS Score Processing Modification
Description Found in dojo/tools/tenable/csv_format.py, this modification introduces logic for handling EPSS scores that might cause unexpected behavior, particularly in transforming scores without decimal points which could lead to inconsistent processing.
Vulnerability Multiple Vulnerabilities in Nessus Scan Template
Description Identified in unittests/scans/tenable/nessus/nessus-template.csv, this finding includes several specific vulnerabilities: SSL Medium Strength Cipher Suites (SWEET32), HTTP TRACE/TRACK Methods Enabled, SSH Terrapin Prefix Truncation Weakness, Multiple PHP Vulnerabilities, and Kibana Osquery Pack Availability Exploit.

All finding details can be found in the DryRun Security Dashboard.

@valentijnscholten valentijnscholten added this to the 2.45.3 milestone Apr 18, 2025
Maffooch
Maffooch requested changes Apr 21, 2025
View reviewed changes
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@valentijnscholten valentijnscholten force-pushed the nessus-all-fields-april-2025 branch from d470a88 to 303a23e Compare April 21, 2025 17:28
@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@valentijnscholten valentijnscholten force-pushed the nessus-all-fields-april-2025 branch from e56437a to 08320cd Compare April 21, 2025 19:19
@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@valentijnscholten valentijnscholten modified the milestones: 2.45.3, 2.46.0 Apr 28, 2025
@valentijnscholten valentijnscholten changed the base branch from bugfix to dev April 29, 2025 19:25
@valentijnscholten valentijnscholten changed the base branch from dev to bugfix April 29, 2025 19:27
@valentijnscholten valentijnscholten force-pushed the nessus-all-fields-april-2025 branch from 2a6d0df to 65cb49c Compare April 29, 2025 19:33
@Maffooch Maffooch requested a review from dogboat April 29, 2025 19:57
@Maffooch Maffooch requested a review from hblankenship April 29, 2025 19:57
mtesauro
mtesauro approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 600e574 into DefectDojo:bugfix Apr 30, 2025
77 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
integration_tests parser unittests
Projects
None yet
Milestone
2.46.0
Development

Successfully merging this pull request may close these issues.
5 participants
@valentijnscholten @mtesauro @dogboat @hblankenship @Maffooch