Skip to content

Issue with multiple tables inside port's script #77

New issue
New issue
Open
Open
Issue with multiple tables inside port's script#77
@cactusFriday

Description

@cactusFriday
cactusFriday
opened on Apr 18, 2022

PR
#76

Hello there :)

Issue:
I have ran into situation where nmap scanner return results where inside <script>
tag was more than 1 <table> tag. So while parsing raised Exception loke this:

Traceback (most recent call last):
 File "/output_report.py", line 81, in <module>
   main(*sys.argv[1:4], report_type=report_format)
 File "/output_report.py", line 71, in main
   parser.parse(data)
 File "/contrib/parsers/flan_xml_parser.py", line 55, in parse
   self.parse_host(hosts)
 File "/contrib/parsers/flan_xml_parser.py", line 123, in parse_host
   self.parse_port(ip_addr, p)
 File "/contrib/parsers/flan_xml_parser.py", line 104, in parse_port
   self.parse_script(ip_addr, port_num, app_name, scripts)
 File "/contrib/parsers/flan_xml_parser.py", line 77, in parse_script
   script_table = script['table']['table']
TypeError: list indices must be integers or slices, not str

On some port were 2 cpes:
ISC BIND 9.9.4 (cpe:/a:isc:bind:9.9.4) (cpe:/o:redhat:enterprise_linux:7)

XML fil after nmap scanning looks like this:

<port>
    <script>
        <table>
            ...
        </table>
        <table>
            ...
        </table>
    </script>
</port>

I've decided to bring few fixes and handle this problem.

JsonReportBuilder class:

builder._buffer changes

Example of actual parsing results:

_buffer = {
    "ips": [],
    "vulnerable": {
        "OpenSSH (cpe:\a:openbsd..)": {
            "vulnerabilities": {
                "cpe:\a:openbsd..": [],
            },
            "locations": {addr: [ports]},
        }
        "ISC BIND 9.9.4 (cpe:/a:isc:bind:9.9.4) (cpe:/o:redhat:enterprise_linux:7)": {
            "vulnerabilities": {
                "(cpe:/a:isc:bind:9.9.4)": [],
                "(cpe:/o:redhat:enterprise_linux:7)": [],
            }
            "locations": {"addr": [ports]},
        }
    },
    "not_vulnerable": [],
}

ScanResult class:

flan_types.py changes:

class ScanResult:
    self.vulns = defaultdict(list)  # type: Dict[str, List[Vuln]]

FlanXmlParser class:

parser.results:
{
    'OpenSSH 7.4 (cpe:/a:openbsd:openssh:7.4) ': ScanResult,
    ...
}
Core change

Core change is in the dict structure. Now parser.results dict items consists of ScanResult objects, which attribute vulns is dict (defaultdict(list)). So if there are two or more cpes in the same port, it won't break anymore.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions