Include CVSS score in finding when using OpenVAS csv parser (#12472)

jostaub · web-flow · commit 0197647a8677 · 2025-05-23T10:20:35.000-06:00
* add cvss score to findings (#12447) * renamed variable for better clarity * reordered strategy processing
diff --git a/dojo/tools/openvas/csv_parser.py b/dojo/tools/openvas/csv_parser.py
@@ -151,6 +151,18 @@ def map_column_value(self, finding, column_value):
             finding.severity = "Info"
 
 
+class CvssColumnMappingStrategy(ColumnMappingStrategy):
+    def __init__(self):
+        self.mapped_column = "cvss"
+        super().__init__()
+
+    def map_column_value(self, finding, column_value):
+        # skip empty values
+        if not column_value:
+            return
+        finding.cvssv3_score = float(column_value)
+
+
 class DescriptionColumnMappingStrategy(ColumnMappingStrategy):
     def __init__(self):
         self.mapped_column = "summary"
@@ -231,6 +243,7 @@ def create_chain(self):
         ip_column_strategy = IpColumnMappingStrategy()
         hostname_column_strategy = HostnameColumnMappingStrategy()
         severity_column_strategy = SeverityColumnMappingStrategy()
+        cvss_score_column_strategy = CvssColumnMappingStrategy()
         description_column_strategy = DescriptionColumnMappingStrategy()
         mitigation_column_strategy = MitigationColumnMappingStrategy()
         impact_column_strategy = ImpactColumnMappingStrategy()
@@ -252,7 +265,8 @@ def create_chain(self):
         impact_column_strategy.successor = references_column_strategy
         mitigation_column_strategy.successor = impact_column_strategy
         description_column_strategy.successor = mitigation_column_strategy
-        severity_column_strategy.successor = description_column_strategy
+        cvss_score_column_strategy.successor = description_column_strategy
+        severity_column_strategy.successor = cvss_score_column_strategy
         ip_column_strategy.successor = severity_column_strategy
         hostname_column_strategy.successor = ip_column_strategy
         cwe_column_strategy.successor = hostname_column_strategy
diff --git a/unittests/tools/test_openvas_parser.py b/unittests/tools/test_openvas_parser.py
@@ -64,6 +64,7 @@ def test_openvas_csv_report_usingCVE(self):
             finding = findings[4]
             self.assertEqual("CVE-2014-0117", finding.title)
             self.assertEqual("Medium", finding.severity)
+            self.assertEqual(4.3, finding.cvssv3_score)
             self.assertEqual(finding.unsaved_vulnerability_ids[0], "CVE-2014-0117")
 
     def test_openvas_csv_report_usingOpenVAS(self):
