search

infobyte / faraday

Open Source Vulnerability Management Platform
https://www.faradaysec.com
GNU General Public License v3.0
4.78k stars 885 forks source link

Netsparker parser chooses wrong field for vulnerability title. #413

Closed gister9000 closed 3 years ago

gister9000 commented 3 years ago

Issue Type

Faraday version

Tested in: Release v3.11.1 (docker version) Release v3.12 (.deb)

Component Name

faraday_plugins/plugins/repo/netsparker/plugin.py Line 115: self.name = self.get_text_from_subnode("type") It should be: self.name = self.get_text_from_subnode("title")

Netsparker XML holds title with spaces in "title" field, however you are fetching "type" field which has no spaces.

Steps to reproduce

  1. Import netsparker scan
  2. See that vulnerability titles have no spaces: "HSTSNotEnabled" instead of "HSTS Not Enabled".

OS

$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=20.04 DISTRIB_CODENAME=focal DISTRIB_DESCRIPTION="Ubuntu 20.04.1 LTS"

gister9000 commented 3 years ago

Note: Netsparker has 2 types of XML outputs, one of which is more detailed. I think (verify this please) the less detailed one does not always contain title with spaces so I recommend you to instruct people to always use the more detailed one for faraday (small icon with with no text next to other report type buttons which have text).

aenima-x commented 3 years ago

@gister9000 This issue is fixed in the last release. Thanks