secureCodeBox · Ilyesbdlala · Mar 21, 2023 · Mar 13, 2023 · Mar 13, 2023 · Mar 13, 2023
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -185,3 +185,7 @@ Demand for the scanner was low and AngularJS (1.x) has been officially [deprecat
 
 ➡️  [Reference: #1649](https://github.com/secureCodeBox/secureCodeBox/pull/1649)
 
+### Renamed the scanners ssh-scan and sslyze  `hint` to `mitigation`
+We added a new attribute to the finding format called `mitigation` which is used to store information about how to mitigate the finding/issue. The `hint` attribute of the findings of the scanners `ssh-scan` and `sslyze` has been renamed to `mitigation` to be more consistent with the other scanners.
+
+➡️  [Reference: #1639](https://github.com/secureCodeBox/secureCodeBox/pull/1639)
diff --git a/parser-sdk/nodejs/findings-schema.json b/parser-sdk/nodejs/findings-schema.json
@@ -48,6 +48,11 @@
             "HIGH"
           ]
         },
+        "mitigation": {
+          "description": "Contains a short description of how to mitigate the issue.",
+          "type": "string",
+          "nullable": true
+        },
         "attributes": {
           "description": "Attributes are not standardized. They differ from Scanner to Scanner.",
           "type": "object"

diff --git a/scanners/ncrack/parser/parser.js b/scanners/ncrack/parser/parser.js
@@ -44,6 +44,7 @@ function transformToFindings (ncrackrun, publicKey) {
         location: `${portName}://${ipAddress}:${portid}`,
         osi_layer: 'APPLICATION',
         severity: 'HIGH',
+        mitigation: 'Use a more secure password or disable the service at ' + `${portName}://${ipAddress}:${portid}`,
         attributes: {
           port: portid,
           ip_address: ipAddress,

diff --git a/scanners/ncrack/parser/parser.test.js b/scanners/ncrack/parser/parser.test.js
@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-const { parse } = require("./parser");
+const {parse} = require("./parser");
 const fs = require("fs");
 const crypto = require("crypto");
 const {
@@ -34,23 +34,24 @@ it("should return findings when ncrack found credentials", async () => {
   await expect(validateParser(findings)).resolves.toBeUndefined();
   const [finding, ...otherFindings] = findings;
   expect(finding).toMatchInlineSnapshot(`
-{
-  "attributes": {
-    "ip_address": "192.168.0.1",
-    "password": "aaf076d4fe7cfb63fd1628df91",
-    "port": "22",
-    "protocol": "tcp",
-    "service": "ssh",
-    "username": "root",
-  },
-  "category": "Discovered Credentials",
-  "description": "",
-  "location": "ssh://192.168.0.1:22",
-  "name": "Credentials for Service ssh://192.168.0.1:22 discovered via bruteforce.",
-  "osi_layer": "APPLICATION",
-  "severity": "HIGH",
-}
-`);
+    {
+      "attributes": {
+        "ip_address": "192.168.0.1",
+        "password": "aaf076d4fe7cfb63fd1628df91",
+        "port": "22",
+        "protocol": "tcp",
+        "service": "ssh",
+        "username": "root",
+      },
+      "category": "Discovered Credentials",
+      "description": "",
+      "location": "ssh://192.168.0.1:22",
+      "mitigation": "Use a more secure password or disable the service at ssh://192.168.0.1:22",
+      "name": "Credentials for Service ssh://192.168.0.1:22 discovered via bruteforce.",
+      "osi_layer": "APPLICATION",
+      "severity": "HIGH",
+    }
+  `);
   expect(otherFindings.length).toBe(0);
 });
 
@@ -79,41 +80,43 @@ it("should return findings when ncrack found two credentials scanning two servic
   const findings = await parse(ncrackXML);
   await expect(validateParser(findings)).resolves.toBeUndefined();
   expect(findings).toMatchInlineSnapshot(`
-[
-  {
-    "attributes": {
-      "ip_address": "192.168.0.2",
-      "password": "55994bcdabd8b0b69d4cb32919",
-      "port": "22",
-      "protocol": "tcp",
-      "service": "ssh",
-      "username": "root",
-    },
-    "category": "Discovered Credentials",
-    "description": "",
-    "location": "ssh://192.168.0.2:22",
-    "name": "Credentials for Service ssh://192.168.0.2:22 discovered via bruteforce.",
-    "osi_layer": "APPLICATION",
-    "severity": "HIGH",
-  },
-  {
-    "attributes": {
-      "ip_address": "192.168.0.1",
-      "password": "2a4707625af87d8d4302ad226d",
-      "port": "22",
-      "protocol": "tcp",
-      "service": "ssh",
-      "username": "root",
-    },
-    "category": "Discovered Credentials",
-    "description": "",
-    "location": "ssh://192.168.0.1:22",
-    "name": "Credentials for Service ssh://192.168.0.1:22 discovered via bruteforce.",
-    "osi_layer": "APPLICATION",
-    "severity": "HIGH",
-  },
-]
-`);
+    [
+      {
+        "attributes": {
+          "ip_address": "192.168.0.2",
+          "password": "55994bcdabd8b0b69d4cb32919",
+          "port": "22",
+          "protocol": "tcp",
+          "service": "ssh",
+          "username": "root",
+        },
+        "category": "Discovered Credentials",
+        "description": "",
+        "location": "ssh://192.168.0.2:22",
+        "mitigation": "Use a more secure password or disable the service at ssh://192.168.0.2:22",
+        "name": "Credentials for Service ssh://192.168.0.2:22 discovered via bruteforce.",
+        "osi_layer": "APPLICATION",
+        "severity": "HIGH",
+      },
+      {
+        "attributes": {
+          "ip_address": "192.168.0.1",
+          "password": "2a4707625af87d8d4302ad226d",
+          "port": "22",
+          "protocol": "tcp",
+          "service": "ssh",
+          "username": "root",
+        },
+        "category": "Discovered Credentials",
+        "description": "",
+        "location": "ssh://192.168.0.1:22",
+        "mitigation": "Use a more secure password or disable the service at ssh://192.168.0.1:22",
+        "name": "Credentials for Service ssh://192.168.0.1:22 discovered via bruteforce.",
+        "osi_layer": "APPLICATION",
+        "severity": "HIGH",
+      },
+    ]
+  `);
 });
 
 it("should encrypt findings when a public key is set", async () => {

diff --git a/scanners/ssh-scan/parser/parser.js b/scanners/ssh-scan/parser/parser.js
@@ -102,7 +102,7 @@ function createPolicyViolationFinding({
     osi_layer: "NETWORK",
     severity: "MEDIUM",
     reference: {},
-    hint: recommendation,
+    mitigation: recommendation,
     location: hostname || ipAddress,
     attributes: {
       hostname: hostname,
@@ -180,7 +180,7 @@ async function parse(fileContent) {
         osi_layer: "APPLICATION",
         severity: "INFORMATIONAL",
         reference: {},
-        hint: "",
+        mitigation: null,
         location: location,
         attributes: {
           hostname: host.hostname || null,

diff --git a/scanners/ssh-scan/parser/parser.test.js b/scanners/ssh-scan/parser/parser.test.js
@@ -86,9 +86,9 @@ test("ssh-scan parser parses a proper result to proper findings", async () => {
         },
         "category": "SSH Service",
         "description": "SSH Service Information",
-        "hint": "",
         "identified_at": "2019-10-03T16:28:09.000Z",
         "location": "securecodebox.io",
+        "mitigation": null,
         "name": "SSH Service",
         "osi_layer": "APPLICATION",
         "reference": {},
@@ -104,8 +104,8 @@ test("ssh-scan parser parses a proper result to proper findings", async () => {
         },
         "category": "SSH Policy Violation",
         "description": "Deprecated / discouraged SSH key algorithms are used",
-        "hint": "Remove these key exchange algorithms: diffie-hellman-group14-sha1",
         "location": "securecodebox.io",
+        "mitigation": "Remove these key exchange algorithms: diffie-hellman-group14-sha1",
         "name": "Insecure SSH Key Algorithms",
         "osi_layer": "NETWORK",
         "reference": {},
@@ -124,8 +124,8 @@ test("ssh-scan parser parses a proper result to proper findings", async () => {
         },
         "category": "SSH Policy Violation",
         "description": "Deprecated / discouraged SSH MAC algorithms are used",
-        "hint": "Remove these MAC algorithms: umac-64-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, hmac-sha1",
         "location": "securecodebox.io",
+        "mitigation": "Remove these MAC algorithms: umac-64-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, hmac-sha1",
         "name": "Insecure SSH MAC Algorithms",
         "osi_layer": "NETWORK",
         "reference": {},
@@ -198,9 +198,9 @@ test("ssh-scan parser parses a result without a hostname into proper findings",
         },
         "category": "SSH Service",
         "description": "SSH Service Information",
-        "hint": "",
         "identified_at": "2019-10-03T16:37:12.000Z",
         "location": "192.168.42.42",
+        "mitigation": null,
         "name": "SSH Service",
         "osi_layer": "APPLICATION",
         "reference": {},
@@ -216,8 +216,8 @@ test("ssh-scan parser parses a result without a hostname into proper findings",
         },
         "category": "SSH Policy Violation",
         "description": "Deprecated / discouraged SSH key algorithms are used",
-        "hint": "Remove these key exchange algorithms: diffie-hellman-group14-sha1",
         "location": "192.168.42.42",
+        "mitigation": "Remove these key exchange algorithms: diffie-hellman-group14-sha1",
         "name": "Insecure SSH Key Algorithms",
         "osi_layer": "NETWORK",
         "reference": {},
@@ -236,8 +236,8 @@ test("ssh-scan parser parses a result without a hostname into proper findings",
         },
         "category": "SSH Policy Violation",
         "description": "Deprecated / discouraged SSH MAC algorithms are used",
-        "hint": "Remove these MAC algorithms: umac-64-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, hmac-sha1",
         "location": "192.168.42.42",
+        "mitigation": "Remove these MAC algorithms: umac-64-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, hmac-sha1",
         "name": "Insecure SSH MAC Algorithms",
         "osi_layer": "NETWORK",
         "reference": {},
@@ -253,8 +253,8 @@ test("ssh-scan parser parses a result without a hostname into proper findings",
         },
         "category": "SSH Policy Violation",
         "description": "Discouraged SSH authentication methods are used",
-        "hint": "Remove these authentication methods: password",
         "location": "192.168.42.42",
+        "mitigation": "Remove these authentication methods: password",
         "name": "Discouraged SSH authentication methods",
         "osi_layer": "NETWORK",
         "reference": {},

diff --git a/scanners/sslyze/parser/parser.js b/scanners/sslyze/parser/parser.js
@@ -119,7 +119,7 @@ function generateInformationalServiceFinding(serverScanResult) {
     identified_at: serverScanResult.identified_at,
     category: "TLS Service Info",
     severity: "INFORMATIONAL",
-    hint: null,
+    mitigation: null,
     attributes: {
       tls_versions: getAllSupportedTlsVersions(serverScanResult),
       cipher_suites: getAllAcceptedCipherSuites(serverScanResult),
@@ -141,7 +141,7 @@ function generateVulnerableTLSVersionFindings(serverScanResult) {
         description: "The server uses outdated or insecure tls versions.",
         identified_at: serverScanResult.identified_at,
         severity: "MEDIUM",
-        hint: "Upgrade to a higher tls version.",
+        mitigation: "Upgrade to a higher tls version.",
         attributes: {
           outdated_version: tlsVersion,
         },
@@ -197,7 +197,7 @@ function analyseCertificateDeployments(serverScanResult) {
       description: findingTemplate.description,
       identified_at: serverScanResult.identified_at,
       severity: "MEDIUM",
-      hint: null,
+      mitigation: null,
       attributes: {},
     };
   });