Skip to content

🎉 add Dawnscanner fix_available field. #13660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 12, 2025
Merged

🎉 add Dawnscanner fix_available field. #13660

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9bcc587
:tada: Advance Dawnscanner with fix_available
manuel-sommer Nov 10, 2025
b1a9988
update
manuel-sommer Nov 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion dojo/tools/dawnscanner/parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ def get_findings(self, filename, test):
if item["message"][0:2] != "b,"
else item["message"][0:-1]
)

finding = Finding(
title=item["name"],
test=test,
Expand All @@ -42,6 +41,10 @@ def get_findings(self, filename, test):
static_finding=True,
dynamic_finding=False,
)
if item.get("remediation"):
finding.fix_available = True
else:
finding.fix_available = False

if self.CVE_REGEX.match(item["name"]):
finding.unsaved_vulnerability_ids = [
Expand Down
2 changes: 1 addition & 1 deletion unittests/scans/dawnscanner/dawnscanner_v1.6.9.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"severity": "info",
"cvss_score": " ",
"message": "Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request.",
"remediation": "Make sure you are using Rails protect_from_forgery facilities in application_controller.rMake sure you are using Rails protect_from_forgery facilities in application_controller.rb"
"remediation": ""
}, {
"name": "Owasp Ror CheatSheet: Security Related Headers",
"cve_link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=Owasp Ror CheatSheet: Security Related Headers",
Expand Down
32 changes: 9 additions & 23 deletions unittests/tools/test_dawnscanner_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,38 +13,24 @@ def test_burp_with_one_vuln_has_one_finding(self):
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()

self.assertEqual(4, len(findings))

with self.subTest(i=0):
finding = findings[0]
self.assertEqual("CVE-2016-6316", finding.title)
self.assertEqual("Medium", finding.severity)
self.assertEqual(1, len(finding.unsaved_vulnerability_ids))
self.assertEqual("CVE-2016-6316", finding.unsaved_vulnerability_ids[0])
self.assertEqual(
'Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to an XSS attack.',
finding.description,
)
self.assertEqual(
datetime.datetime(2019, 4, 1, 21, 14, 32, tzinfo=datetime.timezone(datetime.timedelta(seconds=0))),
finding.date,
) # 2019-04-01 21:14:32 +0000

self.assertEqual(finding.description, 'Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to an XSS attack.')
self.assertEqual(datetime.datetime(2019, 4, 1, 21, 14, 32, tzinfo=datetime.timezone(datetime.timedelta(seconds=0))), finding.date) # 2019-04-01 21:14:32 +0000
with self.subTest(i=2):
finding = findings[2]
self.assertEqual(False, finding.fix_available)
with self.subTest(i=3):
finding = findings[3]
self.assertEqual("Owasp Ror CheatSheet: Security Related Headers", finding.title)
self.assertEqual("Info", finding.severity)
self.assertIsNone(finding.unsaved_vulnerability_ids)
self.assertEqual(
'To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the "default_headers" functionality that will automatically apply the values supplied. This works for most headers in almost all cases.',
finding.description,
)
self.assertEqual(
"Use response headers like X-Frame-Options, X-Content-Type-Options, X-XSS-Protection in your project.",
finding.mitigation,
)
self.assertEqual(
datetime.datetime(2019, 4, 1, 21, 14, 32, tzinfo=datetime.timezone(datetime.timedelta(seconds=0))),
finding.date,
) # 2019-04-01 21:14:32 +0000
self.assertEqual(finding.description, 'To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the "default_headers" functionality that will automatically apply the values supplied. This works for most headers in almost all cases.')
self.assertEqual("Use response headers like X-Frame-Options, X-Content-Type-Options, X-XSS-Protection in your project.", finding.mitigation)
self.assertEqual(datetime.datetime(2019, 4, 1, 21, 14, 32, tzinfo=datetime.timezone(datetime.timedelta(seconds=0))), finding.date) # 2019-04-01 21:14:32 +0000
self.assertEqual(True, finding.fix_available)