OpenVAS CSV Parser. Findings not linked to endpoints and CVE not displayed in the vulnerability ID #9780

GilFernandes2000 · 2024-03-18T22:58:51Z

GilFernandes2000
Mar 18, 2024

Hello, I hope everybody is doing great.

I'm integrating OpenVAS scan results into DefectDojo using the CSV format.
It imports the results as expected, but I noticed that the data is not processed as some other scan imports.
What I mean is the data about the vulnerability is all there, but it misses some things such as linking the finding to the proper endpoint and the vulnerability ID (CVE) not applied on the finding preview.
I'll give some examples

In these images, we can see the same finding originated from different scanners. Nmap and OpenVAS respectively. As you can see, in the Nmap scan, the cve is displayed on the Vulnerability ID with a direct link to the CVE on the NVD. The same finding originated from an OpenVAS scan, this does not show.

Another thing.

Here, we see the same finding from above. As you can see the link on the endpoint from the Nmap Scan is rightly linked and it forwards to the endpoint where we can see more findings associated with it. In the OpenVAS scan doesn't link to the correct endpoint(missing the port which is found in the description), and we can't access these findings from the endpoint's panel.

Can these features be implemented? I would appreciate it very much.

Thank you all in advance.

Answered by manuel-sommer

Mar 20, 2024

Hi @GilFernandes2000,

first of all, thank you for raising this issue. You could have opened up an issue / bug report to fix this issue rather than a discussion, but no worries. I made a PR for this: #9791
Regarding the first mentioned problem: The CVE column, I adapted the code and it fixes the reported issue. In case there are multiple CVEs, the rest of the cves are included in the description.
Regarding the endpoint port problem, the functionality is already given, as the code considers the "port column" (see unittests). I can try to advance the code in a way that it uses the description in case the port column is empty. For that, I would need more csv examples and I can't guarantee tha…

View full answer

manuel-sommer · 2024-03-20T07:59:14Z

manuel-sommer
Mar 20, 2024

Hi @GilFernandes2000,

first of all, thank you for raising this issue. You could have opened up an issue / bug report to fix this issue rather than a discussion, but no worries. I made a PR for this: #9791
Regarding the first mentioned problem: The CVE column, I adapted the code and it fixes the reported issue. In case there are multiple CVEs, the rest of the cves are included in the description.
Regarding the endpoint port problem, the functionality is already given, as the code considers the "port column" (see unittests). I can try to advance the code in a way that it uses the description in case the port column is empty. For that, I would need more csv examples and I can't guarantee that this is actually duable as it is not a straight forward fix, because the description contains a lot of variable content. This is kind of an edgecase as it looks like.

Best,

Manuel

1 reply

GilFernandes2000 Mar 20, 2024
Author

Sure, here are the csv reports from both types of openVAS scanners (openVAS and CVE)
report_openvas.zip

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenVAS CSV Parser. Findings not linked to endpoints and CVE not displayed in the vulnerability ID #9780

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

OpenVAS CSV Parser. Findings not linked to endpoints and CVE not displayed in the vulnerability ID #9780

GilFernandes2000 Mar 18, 2024

Replies: 1 comment · 1 reply

manuel-sommer Mar 20, 2024

GilFernandes2000 Mar 20, 2024 Author

GilFernandes2000
Mar 18, 2024

Replies: 1 comment 1 reply

manuel-sommer
Mar 20, 2024

GilFernandes2000 Mar 20, 2024
Author