From 32eddb4125d4e417938325bcbc72c5382189a36d Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Wed, 30 Jul 2025 09:40:49 -0700 Subject: [PATCH 1/9] Add CISA KEV date (publishDate) + Add Exploitable boolean + Add Ransomware boolean Add CISA KEV date (publishDate) + Add Exploitable boolean + Add Ransomware boolean --- dojo/tools/mend/parser.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index 1edc05565b1..3fc4781c528 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -64,6 +64,9 @@ def _build_common_output(node, lib_name=None): + "\n" ) cvss3_score = node["vulnerability"].get("score", None) + kev_date = node["vulnerability"].get("publishDate", None) + ransomware_used = node.get("malicious", None) + known_exploited = node.get("exploitable", None) component_path = node["component"].get("path", None) if component_path: locations.append(component_path) @@ -195,6 +198,9 @@ def _build_common_output(node, lib_name=None): cvssv3_score=float(cvss3_score) if cvss3_score is not None else None, impact=impact if impact is not None else None, steps_to_reproduce="**Locations Found**: " + ", ".join(locations) if locations is not None else None, + kev_date=kev_date if kev_date is not None else None, + known_exploited=known_exploited if known_exploited is not None else None, + ransomware_used=ransomware_used if ransomware_used is not None else None, ) if cve: new_finding.unsaved_vulnerability_ids = [cve] From 515392c1bb078ee8263fc940af7a2531b9d84e1f Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Wed, 30 Jul 2025 10:01:49 -0700 Subject: [PATCH 2/9] Update parser.py --- dojo/tools/mend/parser.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index 3fc4781c528..6c75f5ad70e 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -36,6 +36,9 @@ def _build_common_output(node, lib_name=None): component_name = None component_version = None impact = None + kev_date = None + ransomware_used = None + component_path = None description = "No Description Available" cvss3_score = None mitigation = "N/A" From b3c1d9fca1960caed083e04070a9c679f9ce94cd Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Wed, 30 Jul 2025 10:23:10 -0700 Subject: [PATCH 3/9] Update parser.py --- dojo/tools/mend/parser.py | 1 + 1 file changed, 1 insertion(+) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index 6c75f5ad70e..6ed1a013ead 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -38,6 +38,7 @@ def _build_common_output(node, lib_name=None): impact = None kev_date = None ransomware_used = None + known_exploited = None component_path = None description = "No Description Available" cvss3_score = None From c98bd3b0b3157d7866f3c83079999f70aef4cfb5 Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Mon, 4 Aug 2025 10:23:04 -0700 Subject: [PATCH 4/9] Fix kev_date - add conversion kev_date format is not as expected - adding a conversion --- dojo/tools/mend/parser.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index 6ed1a013ead..df5b08d8c3c 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -1,6 +1,7 @@ import hashlib import json import logging +from datetime import datetime from dojo.models import Finding @@ -36,7 +37,6 @@ def _build_common_output(node, lib_name=None): component_name = None component_version = None impact = None - kev_date = None ransomware_used = None known_exploited = None component_path = None @@ -68,7 +68,12 @@ def _build_common_output(node, lib_name=None): + "\n" ) cvss3_score = node["vulnerability"].get("score", None) - kev_date = node["vulnerability"].get("publishDate", None) + kev_date_str = node["vulnerability"].get("publishDate", None) + kev_date = None + if kev_date_str: + try: + # Parses ISO 8601 format with Zulu time (Z) + kev_date = datetime.strptime(kev_date_str, "%Y-%m-%dT%H:%M:%SZ").date() ransomware_used = node.get("malicious", None) known_exploited = node.get("exploitable", None) component_path = node["component"].get("path", None) From 8b9a9aa9a6b18afa9119b5e5ed9a2ab0699d569e Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Mon, 4 Aug 2025 10:33:29 -0700 Subject: [PATCH 5/9] fix indent fix indent --- dojo/tools/mend/parser.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index df5b08d8c3c..e5787337bc9 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -72,8 +72,8 @@ def _build_common_output(node, lib_name=None): kev_date = None if kev_date_str: try: - # Parses ISO 8601 format with Zulu time (Z) - kev_date = datetime.strptime(kev_date_str, "%Y-%m-%dT%H:%M:%SZ").date() + # Parses ISO 8601 format with Zulu time (Z) + kev_date = datetime.strptime(kev_date_str, "%Y-%m-%dT%H:%M:%SZ").date() ransomware_used = node.get("malicious", None) known_exploited = node.get("exploitable", None) component_path = node["component"].get("path", None) From 8e4fbe366a27b305ab304adfbc0f0bfe5e94509d Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Mon, 4 Aug 2025 10:35:12 -0700 Subject: [PATCH 6/9] Update parser.py --- dojo/tools/mend/parser.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index e5787337bc9..8c29664b1dd 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -74,6 +74,8 @@ def _build_common_output(node, lib_name=None): try: # Parses ISO 8601 format with Zulu time (Z) kev_date = datetime.strptime(kev_date_str, "%Y-%m-%dT%H:%M:%SZ").date() + except ValueError: + pass ransomware_used = node.get("malicious", None) known_exploited = node.get("exploitable", None) component_path = node["component"].get("path", None) From b24fbcbb3f58f52cf80b958be1a4bb9925cdefa0 Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Mon, 4 Aug 2025 10:37:30 -0700 Subject: [PATCH 7/9] Update parser.py --- dojo/tools/mend/parser.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index 8c29664b1dd..1098dc8fae0 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -2,6 +2,7 @@ import json import logging from datetime import datetime +from contextlib import suppress from dojo.models import Finding @@ -71,11 +72,8 @@ def _build_common_output(node, lib_name=None): kev_date_str = node["vulnerability"].get("publishDate", None) kev_date = None if kev_date_str: - try: - # Parses ISO 8601 format with Zulu time (Z) + with suppress(ValueError): kev_date = datetime.strptime(kev_date_str, "%Y-%m-%dT%H:%M:%SZ").date() - except ValueError: - pass ransomware_used = node.get("malicious", None) known_exploited = node.get("exploitable", None) component_path = node["component"].get("path", None) From 4ffd97d8d4031c14ad4399099e17a986e319ec15 Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Mon, 4 Aug 2025 10:41:18 -0700 Subject: [PATCH 8/9] Update parser.py --- dojo/tools/mend/parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index 1098dc8fae0..7dfed4c5db3 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -1,8 +1,8 @@ import hashlib import json import logging -from datetime import datetime from contextlib import suppress +from datetime import datetime from dojo.models import Finding From da1d1613f8339a7e361875bc2b9d24235f833d60 Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Mon, 4 Aug 2025 11:02:11 -0700 Subject: [PATCH 9/9] Fix unbound local var Defined too late, fixing so it's defined earlier --- dojo/tools/mend/parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index 7dfed4c5db3..51688698fc1 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -41,6 +41,7 @@ def _build_common_output(node, lib_name=None): ransomware_used = None known_exploited = None component_path = None + kev_date = None description = "No Description Available" cvss3_score = None mitigation = "N/A" @@ -70,7 +71,6 @@ def _build_common_output(node, lib_name=None): ) cvss3_score = node["vulnerability"].get("score", None) kev_date_str = node["vulnerability"].get("publishDate", None) - kev_date = None if kev_date_str: with suppress(ValueError): kev_date = datetime.strptime(kev_date_str, "%Y-%m-%dT%H:%M:%SZ").date()