@@ -313,20 +313,28 @@ def parse_finding(host, tree):
313313 temp ["CVSS_vector" ] = None
314314
315315 # CVE and LINKS
316- temp_cve_details = vuln_item .iterfind ("CVE_ID_LIST/CVE_ID" )
316+ temp_cve_details = list ( vuln_item .iterfind ("CVE_ID_LIST/CVE_ID" ) )
317317 if temp_cve_details :
318- cl = {
319- cve_detail .findtext ("ID" ): cve_detail .findtext ("URL" )
320- for cve_detail in temp_cve_details
321- }
322- temp ["cve" ] = "\n " .join (list (cl .keys ()))
323- temp ["links" ] = "\n " .join (list (cl .values ()))
318+ cve_list = []
319+ link_list = []
320+ for cve_detail in temp_cve_details :
321+ cve_id = cve_detail .findtext ("ID" )
322+ cve_url = cve_detail .findtext ("URL" )
323+ if cve_id :
324+ cve_list .append (cve_id )
325+ if cve_url :
326+ link_list .append (cve_url )
327+
328+ temp ["cve_list" ] = cve_list # list of CVE strings
329+ temp ["links" ] = "\n " .join (link_list )
330+ else :
331+ temp ["cve_list" ] = []
324332
325333 # Generate severity from number in XML's 'SEVERITY' field, if not present default to 'Informational'
326334 sev = get_severity (vuln_item .findtext ("SEVERITY" ))
327335 finding = None
328336 if temp_cve_details :
329- refs = " \n " . join ( list ( cl . values ()) )
337+ refs = temp . get ( "links" , "" )
330338 finding = Finding (
331339 title = "QID-" + gid [4 :] + " | " + temp ["vuln_name" ],
332340 mitigation = temp ["solution" ],
@@ -363,6 +371,7 @@ def parse_finding(host, tree):
363371 finding .verified = True
364372 finding .unsaved_endpoints = []
365373 finding .unsaved_endpoints .append (ep )
374+ finding .unsaved_vulnerability_ids = temp .get ("cve_list" , [])
366375 ret_rows .append (finding )
367376 return ret_rows
368377
0 commit comments