From 293ef5367f50e8df84f2e84bd9303b54f628a1eb Mon Sep 17 00:00:00 2001 From: Filipe Pina Date: Mon, 11 Nov 2024 00:06:55 +0000 Subject: [PATCH] fix nuclei parser: expect invalid CWEs --- dojo/tools/nuclei/parser.py | 12 ++++++++---- unittests/scans/nuclei/invalid_cwe.json | 1 + unittests/tools/test_nuclei_parser.py | 11 +++++++++++ 3 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 unittests/scans/nuclei/invalid_cwe.json diff --git a/dojo/tools/nuclei/parser.py b/dojo/tools/nuclei/parser.py index e9c5ac048cc..364eaa618b4 100644 --- a/dojo/tools/nuclei/parser.py +++ b/dojo/tools/nuclei/parser.py @@ -96,12 +96,16 @@ def get_findings(self, filename, test): cve_ids = classification["cve-id"] finding.unsaved_vulnerability_ids = [x.upper() for x in cve_ids] if ( - "cwe-id" in classification - and classification["cwe-id"] - and len(classification["cwe-id"]) > 0 + classification.get("cwe-id") ): cwe = classification["cwe-id"][0] - finding.cwe = int(cwe[4:]) + try: + finding.cwe = int(cwe[4:]) + except ValueError: + """ + ignore CWE if non-int + several older templates such as https://github.com/projectdiscovery/nuclei-templates/blob/6636c0d2dd540645cc3472822beb4b3819ff8322/http/cves/2004/CVE-2004-0519.yaml#L21 + """ if classification.get("cvss-metrics"): cvss_objects = cvss_parser.parse_cvss_from_text( classification["cvss-metrics"], diff --git a/unittests/scans/nuclei/invalid_cwe.json b/unittests/scans/nuclei/invalid_cwe.json new file mode 100644 index 00000000000..00244d852aa --- /dev/null +++ b/unittests/scans/nuclei/invalid_cwe.json @@ -0,0 +1 @@ +{"templateID":"mysql-native-password-bruteforce","info":{"name":"MySQL DB with enabled native password","author":"iamthefrogy","severity":"info","tags":"network,mysql,bruteforce,db","description":"MySQL instance with enabled native password support prone vulnerable for password brute-force attack.", "classification": {"cwe-id": ["nvd-cve-other"]}},"type":"network","host":"https://nuclei-example.com","matched":"nuclei-example.com:3306","ip":"178.21.15.56","timestamp":"2021-05-20T11:12:02.301031+03:00"} diff --git a/unittests/tools/test_nuclei_parser.py b/unittests/tools/test_nuclei_parser.py index 7cede5a5463..f3562b62be4 100644 --- a/unittests/tools/test_nuclei_parser.py +++ b/unittests/tools/test_nuclei_parser.py @@ -236,3 +236,14 @@ def test_parse_many_findings_v3(self): with self.subTest(i=0): finding = findings[0] self.assertEqual("Info", finding.severity) + + def test_parse_invalid_cwe(self): + with open("unittests/scans/nuclei/invalid_cwe.json", encoding="utf-8") as testfile: + parser = NucleiParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual("nuclei-example.com", finding.unsaved_endpoints[0].host) + self.assertEqual(0, finding.cwe)