fix nuclei parser: expect invalid CWEs (#11232)

DefectDojo · Nov 12, 2024 · d4959b8 · d4959b8
1 parent 9b71a37
commit d4959b8
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 4 deletions.
diff --git a/dojo/tools/nuclei/parser.py b/dojo/tools/nuclei/parser.py
@@ -96,12 +96,16 @@ def get_findings(self, filename, test):
                     cve_ids = classification["cve-id"]
                     finding.unsaved_vulnerability_ids = [x.upper() for x in cve_ids]
                 if (
-                    "cwe-id" in classification
-                    and classification["cwe-id"]
-                    and len(classification["cwe-id"]) > 0
+                    classification.get("cwe-id")
                 ):
                     cwe = classification["cwe-id"][0]
-                    finding.cwe = int(cwe[4:])
+                    try:
+                        finding.cwe = int(cwe[4:])
+                    except ValueError:
+                        """
+                        ignore CWE if non-int
+                        several older templates such as https://github.com/projectdiscovery/nuclei-templates/blob/6636c0d2dd540645cc3472822beb4b3819ff8322/http/cves/2004/CVE-2004-0519.yaml#L21
+                        """
                 if classification.get("cvss-metrics"):
                     cvss_objects = cvss_parser.parse_cvss_from_text(
                         classification["cvss-metrics"],

diff --git a/unittests/scans/nuclei/invalid_cwe.json b/unittests/scans/nuclei/invalid_cwe.json
@@ -0,0 +1 @@
+{"templateID":"mysql-native-password-bruteforce","info":{"name":"MySQL DB with enabled native password","author":"iamthefrogy","severity":"info","tags":"network,mysql,bruteforce,db","description":"MySQL instance with enabled native password support prone vulnerable for password brute-force attack.", "classification": {"cwe-id": ["nvd-cve-other"]}},"type":"network","host":"https://nuclei-example.com","matched":"nuclei-example.com:3306","ip":"178.21.15.56","timestamp":"2021-05-20T11:12:02.301031+03:00"}
diff --git a/unittests/tools/test_nuclei_parser.py b/unittests/tools/test_nuclei_parser.py
@@ -236,3 +236,14 @@ def test_parse_many_findings_v3(self):
             with self.subTest(i=0):
                 finding = findings[0]
                 self.assertEqual("Info", finding.severity)
+
+    def test_parse_invalid_cwe(self):
+        with open("unittests/scans/nuclei/invalid_cwe.json", encoding="utf-8") as testfile:
+            parser = NucleiParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(1, len(findings))
+            for finding in findings:
+                for endpoint in finding.unsaved_endpoints:
+                    endpoint.clean()
+            self.assertEqual("nuclei-example.com", finding.unsaved_endpoints[0].host)
+            self.assertEqual(0, finding.cwe)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"templateID":"mysql-native-password-bruteforce","info":{"name":"MySQL DB with enabled native password","author":"iamthefrogy","severity":"info","tags":"network,mysql,bruteforce,db","description":"MySQL instance with enabled native password support prone vulnerable for password brute-force attack.", "classification": {"cwe-id": ["nvd-cve-other"]}},"type":"network","host":"https://nuclei-example.com","matched":"nuclei-example.com:3306","ip":"178.21.15.56","timestamp":"2021-05-20T11:12:02.301031+03:00"}