Enhancement parsing. Issue with multiple tables in port's script

contrib/internal_types/flan_types.py

@@ -55,4 +55,4 @@ class ScanResult:
     """
     def __init__(self):
         self.locations = defaultdict(list)  # type: Dict[str, List[str]]
-        self.vulns = []  # type: List[Vuln]
+        self.vulns = defaultdict(list)  # type: Dict[str, List[Vuln]]

contrib/parsers/flan_xml_parser.py

@@ -1,5 +1,5 @@
 from collections import defaultdict
-from typing import Dict, Any, List, Set
+from typing import Dict, OrderedDict, Any, List, Set
 
 import xmltodict
 
@@ -54,7 +54,7 @@ def parse(self, data: Dict[str, Any]):
         else:
             self.parse_host(hosts)
 
-    def parse_vuln(self, app_name: str, vuln: List[Dict[str, Any]]):
+    def parse_vuln(self, app_name: str, cpe: str, vuln: List[Dict[str, Any]]):
         vuln_name = ''
         severity = ''
         vuln_type = ''
@@ -66,20 +66,32 @@ def parse_vuln(self, app_name: str, vuln: List[Dict[str, Any]]):
             elif field['@key'] == 'type':
                 vuln_type = field['#text']
 
-        self.results[app_name].vulns.append(Vuln(vuln_name, vuln_type, severity))
+        if cpe:
+            self.results[app_name].vulns[cpe].append(Vuln(vuln_name, vuln_type, severity))
+        else:
+            self.results[app_name].vulns[app_name].append(Vuln(vuln_name, vuln_type, severity))
 
     def parse_script(self, ip_addr: str, port: str, app_name: str, script: Dict[str, Any]):
         if 'table' not in script:
             print('ERROR in script: ' + script['@output'] + " at location: " + ip_addr + " port: " + port + " app: " +
                   app_name)
             return
         self.vulnerable_services.append(app_name)
-        script_table = script['table']['table']
+        script_table = script['table']
         if isinstance(script_table, list):
-            for vuln in script_table:
-                self.parse_vuln(app_name, vuln['elem'])
-        else:
-            self.parse_vuln(app_name, script_table['elem'])
+            for table in script_table:
+                cpe = table.get("@key")
+                for vuln in table['table']:
+                    self.parse_vuln(app_name, cpe, vuln['elem'])
+        elif (isinstance(script_table, OrderedDict) 
+              and isinstance(script_table['table'], list)):
+            cpe = script_table.get("@key")
+            for vuln in script_table['table']:
+                self.parse_vuln(app_name, cpe, vuln['elem'])
+        elif (isinstance(script_table, OrderedDict) 
+              and isinstance(script_table['table'], OrderedDict)):
+              cpe = script_table.get("@key")
+              self.parse_vuln(app_name, cpe, script_table['table']['elem'])
 
     def parse_port(self, ip_addr: str, port: Dict[str, Any]):
         if port['state']['@state'] == 'closed':

contrib/report_builders/json_report_builder.py

@@ -1,4 +1,5 @@
 import json
+from collections import defaultdict
 from typing import Any, Dict, List
 
 from contrib.descriptions import VulnDescriptionProvider
@@ -21,15 +22,16 @@ def build(self) -> Any:
     def add_vulnerable_services(self, scan_results: Dict[str, ScanResult]):
         for app_name, result in scan_results.items():
             self._buffer['vulnerable'][app_name] = {
-                'vulnerabilities': [],
+                'vulnerabilities': defaultdict(list),
                 'locations': self._serialize_locations(result.locations)
             }
 
-            for v in result.vulns:
-                data = v.to_dict()
-                description = self.description_provider.get_description(v.name, v.vuln_type)
-                data['description'], data['url'] = description.text, description.url
-                self._buffer['vulnerable'][app_name]['vulnerabilities'].append(data)
+            for vuln_cpe, vuln in result.vulns.items():
+                for v in vuln:
+                    data = v.to_dict()
+                    description = self.description_provider.get_description(v.name, v.vuln_type)
+                    data['description'], data['url'] = description.text, description.url
+                    self._buffer['vulnerable'][app_name]['vulnerabilities'][vuln_cpe].append(data)
 
     def add_non_vulnerable_services(self, scan_results: Dict[str, ScanResult]):
         for app_name, result in scan_results.items():

contrib/report_builders/latex_report_builder.py

@@ -38,25 +38,27 @@ def header(self) -> str:
     def add_vulnerable_services(self, scan_results: Dict[str, ScanResult]):
         for s, report in scan_results.items():
             self._append('\\item \\textbf{\\large ' + s + ' \\large}')
-            vulns = report.vulns
+            vulns = report.vulns.items()
             locations = report.locations
-            num_vulns = len(vulns)
-
-            for v in vulns:
-                description = self.description_provider.get_description(v.name, v.vuln_type)
-                severity_name = v.severity_str
-                self._append('\\begin{figure}[h!]\n')
-                self._append('\\begin{tabular}{|p{16cm}|}\\rowcolor[HTML]{'
-                             + self.colors[severity_name]
-                             + '} \\begin{tabular}{@{}p{15cm}>{\\raggedleft\\arraybackslash} p{0.5cm}@{}}\\textbf{'
-                             + v.name + ' ' + severity_name + ' ('
-                             + str(v.severity)
-                             + ')} & \\href{' + description.url
-                             + '}{\\large \\faicon{link}}'
-                             + '\\end{tabular}\\\\\n Summary:'
-                             + description.text
-                             + '\\\\ \\hline \\end{tabular}  ')
-                self._append('\\end{figure}\n')
+            num_vulns = sum([len(report.vulns[v]) for v in report.vulns])
+
+            for cpe, vuln in vulns:
+                self._append('\\item \\textbf{\\large ' + cpe + ' \\large}')
+                for v in vuln:
+                    description = self.description_provider.get_description(v.name, v.vuln_type)
+                    severity_name = v.severity_str
+                    self._append('\\begin{figure}[h!]\n')
+                    self._append('\\begin{tabular}{|p{16cm}|}\\rowcolor[HTML]{'
+                                 + self.colors[severity_name]
+                                 + '} \\begin{tabular}{@{}p{15cm}>{\\raggedleft\\arraybackslash} p{0.5cm}@{}}\\textbf{'
+                                 + v.name + ' ' + severity_name + ' ('
+                                 + str(v.severity)
+                                 + ')} & \\href{' + description.url
+                                 + '}{\\large \\faicon{link}}'
+                                 + '\\end{tabular}\\\\\n Summary:'
+                                 + description.text
+                                 + '\\\\ \\hline \\end{tabular}  ')
+                    self._append('\\end{figure}\n')
 
             self._append('\\FloatBarrier\n\\textbf{The above '
                          + str(num_vulns)

contrib/report_builders/markdown_report_builder.py

@@ -34,16 +34,18 @@ def add_vulnerable_services(self, scan_results: Dict[str, ScanResult]):
         for i, pair in enumerate(scan_results.items(), start=1):
             app_name, report = pair  # type: str, ScanResult
             self._append_service(i, app_name)
-            num_vulns = len(report.vulns)
-
-            for v in report.vulns:
-                description = self.description_provider.get_description(v.name, v.vuln_type)
-                self._append_line('- [**{name}** {severity} ({severity_num})]({link} "{title}")'
-                                  .format(name=v.name, severity=v.severity_str, severity_num=v.severity,
-                                          link=description.url, title=v.name), spaces=4)
-                self._append_line('```text', separators=1, spaces=6)
-                self._append_line(description.text, separators=1, spaces=6)
-                self._append_line('```', spaces=6)
+            num_vulns = sum([len(report.vulns[v]) for v in report.vulns])
+
+            for cpe, vuln in report.vulns.items():
+                self._append_line('- **{0}**'.format(cpe))
+                for v in vuln:
+                    description = self.description_provider.get_description(v.name, v.vuln_type)
+                    self._append_line('- [**{name}** {severity} ({severity_num})]({link} "{title}")'
+                                      .format(name=v.name, severity=v.severity_str, severity_num=v.severity,
+                                              link=description.url, title=v.name), spaces=4)
+                    self._append_line('```text', separators=1, spaces=6)
+                    self._append_line(description.text, separators=1, spaces=6)
+                    self._append_line('```', spaces=6)
 
             self._append_line('The above {num} vulnerabilities apply to these network locations'.format(num=num_vulns),
                               spaces=4)

contrib/report_builders/templates/jinja2_report.html

@@ -71,6 +71,19 @@
       border: 1px solid black;
     }
 
+    .sub_vuln {
+        font-size: 20px;
+        padding: 20px 0 15px 0;
+        font-family: 'helvetica', serif;
+        font-weight: bold;
+        position: relative;
+        left: -100px;
+    }
+
+    .sub_vuln:before {
+        content: "\2014 ";
+    }
+
     .vuln_desc {
       padding-top: 7px;
     }
@@ -135,24 +148,32 @@ <h2>Summary</h2>
 <div id="vulnerable_services">
     <h4 class="section_head">Services with vulnerabilities:</h4>
     <ol class="services_list">
+        {% set ns = namespace(vulns_count=0) %}
         {% for service, report in data.vulnerable.items() %}
+        {% set ns.vulns_count = 0 %}
             <li>
                 <div class="service_cpe">{{ service }}</div>
                 <div class="service_vulns">
                     <ul class="vulns_list">
-                        {% for vuln in report.vulnerabilities %}
-                            <li>
-                                <div class="vuln_short {{ vuln.severity_str.lower() }}">
-                                    <a class="vuln_link"
-                                       href="{{ vuln.url }}">{{ vuln.name }}</a> {{ vuln.severity_str }}
-                                    ({{ vuln.severity }})
-                                </div>
-                                <div class="vuln_desc">{{ vuln.description }}</div>
-                            </li>
+                        {% for vuln_cpe, vuln in report.vulnerabilities.items() %}
+                        {% set ns.vulns_count = ns.vulns_count + vuln|length %}
+                            <ul class="vulns_list"> 
+                                <div class="sub_vuln">{{vuln_cpe}}</div>
+                                {% for v in vuln %}
+                                    <li>
+                                        <div class="vuln_short {{ v.severity_str.lower() }}">
+                                            <a class="vuln_link"
+                                              href="{{ v.url }}">{{ v.name }}</a> {{ v.severity_str }}
+                                            ({{ v.severity }})
+                                        </div>
+                                        <div class="vuln_desc">{{ v.description }}</div>
+                                    </li>
+                                {% endfor %}
+                            </ul>
                         {% endfor %}
                     </ul>
                     <div class="locations_container">
-                        <div class="locations_head">The above {{ report.vulnerabilities|length }} vulnerabilities apply
+                        <div class="locations_head">The above {{ ns.vulns_count }} vulnerabilities apply
                             to these network locations:
                         </div>
                         <ul class="locations_list">
@@ -191,4 +212,4 @@ <h4 class="section_head">Services with no known vulnerabilities:</h4>
     </ol>
 </div>
 </body>
-</html>
+</html>