Skip to content

🐛 Nikto: Support v2.5.0 format#9275

Merged
blakeaowens merged 4 commits into
DefectDojo:devfrom
manuel-sommer:fix_nikto_issue9274
Jan 10, 2024
Merged

🐛 Nikto: Support v2.5.0 format#9275
blakeaowens merged 4 commits into
DefectDojo:devfrom
manuel-sommer:fix_nikto_issue9274

Conversation

@manuel-sommer
Copy link
Copy Markdown
Contributor

@manuel-sommer manuel-sommer commented Jan 4, 2024

see issue #9274

@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Jan 4, 2024
edited
Loading

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.

Status DryRun Security Check
AI-powered Sensitive Function Check
Configured Sensitive Files Check
AI-powered Sensitive Files Check

Chat with your AI-powered Security Buddy by typing @dryrunsecurity followed by your question into a comment.
Example: @dryrunsecurity What are common security issues with web application cookies?

Install and configure more repositories at DryRun Security

@manuel-sommer manuel-sommer changed the title Fix nikto issue 9274 🐛 Fix nikto issue 9274 Jan 4, 2024
@manuel-sommer
Copy link
Copy Markdown
Contributor Author

manuel-sommer commented Jan 4, 2024

@mtesauro: The new Nikto findings are all "info" findings by default. Should we keep those or raise the severity if the vulnerability scanner does not support any severity / criticality classification?

@mtesauro
Copy link
Copy Markdown
Contributor

mtesauro commented Jan 4, 2024

@manuel-sommer Hmm. I think it's better to report at info and let people move it up to Low (or whatever) based on how they rate issues internally. That's probably better then potentially inflating the severity of a finding.

mtesauro
mtesauro approved these changes Jan 4, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

I'm a fan of making the parser smarter so it handles multiple formats from a tool so thanks for doing that. Much better than YASTP (Yet Another Same Tool Parser)

@manuel-sommer
Copy link
Copy Markdown
Contributor Author

manuel-sommer commented Jan 4, 2024
edited
Loading

@manuel-sommer Hmm. I think it's better to report at info and let people move it up to Low (or whatever) based on how they rate issues internally. That's probably better then potentially inflating the severity of a finding.

This could also be a usecase for this: #9250
If you give me a hint on how to advance the api and parse the value there to the finding parser, I could make a PR and advance nikto in a way to have:

  • default setting == severity Info
  • api setting == severity is adaptable through a meta field in the api while import or reimport.

But I would do this in an extra PR.

cneill
cneill suggested changes Jan 4, 2024
View reviewed changes
Comment thread dojo/tools/nikto/parser.py Outdated
@manuel-sommer @cneill
Update dojo/tools/nikto/parser.py
c609fdf 
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
@manuel-sommer manuel-sommer requested a review from cneill January 4, 2024 19:11
@Maffooch Maffooch changed the title 🐛 Fix nikto issue 9274 🐛 Nikto: Support v2.5.0 format Jan 4, 2024
Maffooch
Maffooch requested changes Jan 4, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reducing duplicated code

Comment thread dojo/tools/nikto/parser.py Outdated
@manuel-sommer @Maffooch
Update dojo/tools/nikto/parser.py
848bbbd 
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
Maffooch
Maffooch approved these changes Jan 4, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @manuel-sommer :)

@blakeaowens blakeaowens merged commit 3fe9954 into DefectDojo:dev Jan 10, 2024
@manuel-sommer manuel-sommer deleted the fix_nikto_issue9274 branch January 10, 2024 20:01
blakeaowens pushed a commit to blakeaowens/django-DefectDojo that referenced this pull request Jan 10, 2024
@manuel-sommer @cneill
@Maffooch @blakeaowens
🐛 Nikto: Support v2.5.0 format (DefectDojo#9275)
ed2b48d 
* 🐛 fix nikto new parser format DefectDojo#9274

* 🐛 fix according to comment

* Update dojo/tools/nikto/parser.py

Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>

* Update dojo/tools/nikto/parser.py

Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>

---------

Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
@manuel-sommer manuel-sommer mentioned this pull request Jan 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

+1 more reviewer

@cneill cneill cneill approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

parser unittests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@manuel-sommer @mtesauro @cneill @Maffooch @blakeaowens