Skip to content

Commit f89446b

Browse files
IlyesbdlalaIlyesbdlala
committed
Refactored parsing for nuclei to allow for multiple cwe/cve ids
also made timestamp and references immutable Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
1 parent 60ed9ee commit f89446b

1 file changed

Lines changed: 37 additions & 44 deletions

File tree

scanners/nuclei/parser/parser.js

Lines changed: 37 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -12,50 +12,43 @@ async function parse(fileContent) {
1212

1313
return jsonResult.map((finding) => {
1414
const hostname = parseHostname(finding.host);
15-
let timestamp;
16-
let references = [];
17-
finding.info?.reference?.forEach(element => {
18-
references.push(
19-
{
20-
"type": "URL",
21-
"value": element
22-
}
23-
);
24-
});
25-
26-
const cweId = finding?.info?.classification?.["cwe-id"]?.[0] ?? null;
27-
if(cweId !== null) {
28-
references.push(
29-
{
30-
"type": "CWE",
31-
"value": cweId.toUpperCase()
32-
},
33-
{
34-
"type": "URL",
35-
"value": `https://cwe.mitre.org/data/definitions/${cweId}.html`
36-
}
37-
);
38-
}
39-
40-
const cveId = finding?.info?.classification?.["cve-id"]?.[0] ?? null;
41-
if(cveId !== null) {
42-
references.push(
43-
{
44-
"type": "CVE",
45-
"value": cveId.toUpperCase()
46-
},
47-
48-
{
49-
"type": "URL",
50-
"value": `https://nvd.nist.gov/vuln/detail/${cveId}`
51-
}
52-
);
53-
}
54-
55-
56-
if (finding.timestamp) {
57-
timestamp = new Date(finding.timestamp).toISOString();
58-
}
15+
// Add reference URLs to the references array
16+
const urlReferences = finding.info.reference ? finding.info.reference.flatMap(url => ({
17+
type: "URL",
18+
value: url
19+
})) : [];
20+
21+
// Add CWE reference to the references array
22+
const cweIds = finding?.info?.classification?.["cwe-id"] ?? [];
23+
const cweReferences = cweIds.flatMap(cweId => [
24+
{
25+
type: "CWE",
26+
value: cweId.toUpperCase()
27+
},
28+
{
29+
type: "URL",
30+
value: `https://cwe.mitre.org/data/definitions/${cweId}.html`
31+
}
32+
]);
33+
34+
// Add CVE reference to the references array
35+
const cveIds = finding?.info?.classification?.["cve-id"] ?? [];
36+
const cveReferences = cveIds.flatMap(cveId => [
37+
{
38+
type: "CVE",
39+
value: cveId.toUpperCase()
40+
},
41+
{
42+
type: "URL",
43+
value: `https://nvd.nist.gov/vuln/detail/${cveId}`
44+
}
45+
]);
46+
47+
48+
49+
const references = [...urlReferences, ...cweReferences, ...cveReferences];
50+
51+
const timestamp = finding.timestamp ? new Date(finding.timestamp).toISOString() : null;
5952

6053
return {
6154
name: finding.info.name,

0 commit comments

Comments
 (0)