From a75d562aeb26fd719f8a316b5c0505367581ee6d Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Sun, 27 Oct 2024 00:55:34 +0200 Subject: [PATCH] :bug: fix tenable #11102 (#11103) * :bug: fix tenable #11102 * add unittest --- dojo/tools/tenable/csv_format.py | 2 +- unittests/scans/tenable/issue_11102.csv | 61 +++++++++++++++++++++++++ unittests/tools/test_tenable_parser.py | 10 ++++ 3 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 unittests/scans/tenable/issue_11102.csv diff --git a/dojo/tools/tenable/csv_format.py b/dojo/tools/tenable/csv_format.py index c1ea9fc2c8..2c2e013446 100644 --- a/dojo/tools/tenable/csv_format.py +++ b/dojo/tools/tenable/csv_format.py @@ -100,7 +100,7 @@ def get_findings(self, filename: str, test: Test): severity = self._convert_severity(raw_severity) # Other text fields description = row.get("Synopsis", row.get("definition.synopsis", "N/A")) - mitigation = str(row.get("Solution", row.get("definition.solution", "N/A"))) + mitigation = str(row.get("Solution", row.get("definition.solution", row.get("Steps to Remediate", "N/A")))) impact = row.get("Description", row.get("definition.description", "N/A")) references = row.get("See Also", row.get("definition.see_also", "N/A")) # Determine if the current row has already been processed diff --git a/unittests/scans/tenable/issue_11102.csv b/unittests/scans/tenable/issue_11102.csv new file mode 100644 index 0000000000..4c901ff864 --- /dev/null +++ b/unittests/scans/tenable/issue_11102.csv @@ -0,0 +1,61 @@ +"Plugin","Plugin Name","Family","Severity","IP Address","Protocol","Port","Exploit?","Repository","MAC Address","DNS Name","NetBIOS Name","Plugin Output","Synopsis","Description","Steps to Remediate","See Also","Risk Factor","STIG Severity","Vulnerability Priority Rating","CVSS V2 Base Score","CVSS V3 Base Score","CVSS V2 Temporal Score","CVSS V3 Temporal Score","CVSS V2 Vector","CVSS V3 Vector","CPE","CVE","BID","Cross References","First Discovered","Last Observed","Vuln Publication Date","Patch Publication Date","Plugin Publication Date","Plugin Modification Date","Exploit Ease","Exploit Frameworks","Check Type","Version","Recast Risk Comment","Accept Risk Comment","Agent ID","Host ID" +"42873","SSL Medium Strength Cipher Suites Supported (SWEET32)","General","High","1.2.3.4","TCP","443","No","Individual Scan","fa:16:3e:e6:0b:98","","","Plugin Output: + Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES) + + Name Code KEX Auth Encryption MAC + ---------------------- ---------- --- ---- --------------------- --- + ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1 + DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1 + +The fields above are : + + {Tenable ciphername} + {Cipher ID code} + Kex={key exchange} + Auth={authentication} + Encrypt={symmetric encryption method} + MAC={message authentication code} + {export flag}","The remote service supports the use of medium strength SSL ciphers.","The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite. + +Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.","Reconfigure the affected application if possible to avoid use of medium strength ciphers.","https://www.openssl.org/blog/blog/2016/08/24/sweet32/ +https://sweet32.info","Medium","","5.1","5.0","7.5","","","AV:N/AC:L/Au:N/C:P/I:N/A:N","AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","","CVE-2016-2183","","","Feb 9, 2024 10:48:42 UTC","Oct 17, 2024 17:24:54 UTC","Aug 24, 2016 12:00:00 UTC","N/A","Nov 23, 2009 12:00:00 UTC","Feb 3, 2021 12:00:00 UTC","","","remote","1.21","","","","" +"42873","SSL Medium Strength Cipher Suites Supported (SWEET32)","General","High","2.3.4.5","TCP","443","No","Individual Scan","fa:16:3e:e6:0b:98","","","Plugin Output: + Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES) + + Name Code KEX Auth Encryption MAC + ---------------------- ---------- --- ---- --------------------- --- + ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1 + DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1 + +The fields above are : + + {Tenable ciphername} + {Cipher ID code} + Kex={key exchange} + Auth={authentication} + Encrypt={symmetric encryption method} + MAC={message authentication code} + {export flag}","The remote service supports the use of medium strength SSL ciphers.","The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite. + +Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.","Reconfigure the affected application if possible to avoid use of medium strength ciphers.","https://www.openssl.org/blog/blog/2016/08/24/sweet32/ +https://sweet32.info","Medium","","5.1","5.0","7.5","","","AV:N/AC:L/Au:N/C:P/I:N/A:N","AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","","CVE-2016-2183","","","Feb 9, 2024 10:48:42 UTC","Oct 17, 2024 17:24:54 UTC","Aug 24, 2016 12:00:00 UTC","N/A","Nov 23, 2009 12:00:00 UTC","Feb 3, 2021 12:00:00 UTC","","","remote","1.21","","","","" +"42873","SSL Medium Strength Cipher Suites Supported (SWEET32)","General","High","1.2.3.4","TCP","8443","No","Individual Scan","fa:16:3e:e6:0b:98","","","Plugin Output: + Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES) + + Name Code KEX Auth Encryption MAC + ---------------------- ---------- --- ---- --------------------- --- + ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1 + DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1 + +The fields above are : + + {Tenable ciphername} + {Cipher ID code} + Kex={key exchange} + Auth={authentication} + Encrypt={symmetric encryption method} + MAC={message authentication code} + {export flag}","The remote service supports the use of medium strength SSL ciphers.","The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite. + +Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.","Reconfigure the affected application if possible to avoid use of medium strength ciphers.","https://www.openssl.org/blog/blog/2016/08/24/sweet32/ +https://sweet32.info","Medium","","5.1","5.0","7.5","","","AV:N/AC:L/Au:N/C:P/I:N/A:N","AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","","CVE-2016-2183","","","Feb 9, 2024 10:48:42 UTC","Oct 17, 2024 17:24:54 UTC","Aug 24, 2016 12:00:00 UTC","N/A","Nov 23, 2009 12:00:00 UTC","Feb 3, 2021 12:00:00 UTC","","","remote","1.21","","","","" \ No newline at end of file diff --git a/unittests/tools/test_tenable_parser.py b/unittests/tools/test_tenable_parser.py index e80c3e4462..7be782c49e 100644 --- a/unittests/tools/test_tenable_parser.py +++ b/unittests/tools/test_tenable_parser.py @@ -299,3 +299,13 @@ def test_parse_issue_9612(self): endpoint.clean() self.assertEqual(2, len(findings)) self.assertEqual("Critical", findings[0].severity) + + def test_parse_issue_11102(self): + with open("unittests/scans/tenable/issue_11102.csv", encoding="utf-8") as testfile: + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(2, len(findings)) + self.assertEqual("Reconfigure the affected application if possible to avoid use of medium strength ciphers.", findings[0].mitigation)