search

Security-Tools-Alliance / rengine-ng

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.
GNU General Public License v3.0
70 stars 12 forks source link

refactor: improve robustness of nuclei result parsing #209

Closed psyray closed 2 months ago

psyray commented 2 months ago

Enhanced the parse_nuclei_result function to improve robustness by using safer dictionary access methods. This includes using get with default values to prevent potential KeyError exceptions and updating the handling of template paths.

Summary by Sourcery

Refactor the parse_nuclei_result function to enhance its robustness by implementing safer dictionary access methods, ensuring default values are used to avoid KeyError exceptions and updating the handling of template paths.

Enhancements:

sourcery-ai[bot] commented 2 months ago

Reviewer's Guide by Sourcery

This pull request refactors the parse_nuclei_result function in web/reNgine/tasks.py to improve its robustness. The changes focus on using safer dictionary access methods to prevent potential KeyError exceptions and updating the handling of template paths.

Sequence Diagram

No sequence diagram generated.

File-Level Changes

Change Details Files
Improved dictionary access methods for safer parsing
  • Replaced direct dictionary access with .get() method and default values
  • Added nested .get() calls for accessing nested dictionary structures
  • Updated handling of 'severity' field to use NUCLEI_SEVERITY_MAP with a default value
  • Modified 'template' field to use 'template-path' and remove NUCLEI_DEFAULT_TEMPLATES_PATH prefix
  • Added html.escape() for 'request' and 'response' fields with empty string defaults
  • Updated handling of list fields (cve_ids, cwe_ids, references, tags) to use .get() with empty list defaults
 web/reNgine/tasks.py
Tips and commands #### Interacting with Sourcery - **Trigger a new review:** Comment `@sourcery-ai review` on the pull request. - **Continue discussions:** Reply directly to Sourcery's review comments. - **Generate a GitHub issue from a review comment:** Ask Sourcery to create an issue from a review comment by replying to it. #### Customizing Your Experience Access your [dashboard](https://app.sourcery.ai) to: - Enable or disable review features such as the Sourcery-generated pull request summary, the reviewer's guide, and others. - Change the review language. - Add, remove or edit custom review instructions. - Adjust other review settings. #### Getting Help - [Contact our support team](mailto:support@sourcery.ai) for questions or feedback. - Visit our [documentation](https://docs.sourcery.ai) for detailed guides and information. - Keep in touch with the Sourcery team by following us on [X/Twitter](https://x.com/SourceryAI), [LinkedIn](https://www.linkedin.com/company/sourceryai/) or [GitHub](https://github.com/sourcery-ai).