More Nuclei translations and minor bugfixes (#1168)

CERT-Polska · Aug 3, 2024 · 4a7a597 · 4a7a597
1 parent 2929e60
commit 4a7a597
Show file tree

Hide file tree

Showing 4 changed files with 263 additions and 3 deletions.
diff --git a/artemis/config.py b/artemis/config.py
@@ -404,6 +404,7 @@ class Nuclei:
                         # Too small impact to report
                         "http/exposed-panels/webeditors-check-detect.yaml",
                         # Online stores, CRMs and ticketing systems - it's a standard practice to have them exposed in a small organization
+                        "http/exposed-panels/bitrix-panel.yaml",
                         "http/exposed-panels/dynamicweb-panel.yaml",
                         "http/exposed-panels/jira-detect.yaml",
                         "http/exposed-panels/kanboard-login.yaml",
@@ -533,6 +534,8 @@ class Nuclei:
                         "custom:xss-inside-tag-top-params",
                         "http/miscellaneous/defaced-website-detect.yaml",
                         "http/misconfiguration/google/insecure-firebase-database.yaml",
+                        # This catches other Open Redirects as well
+                        "http/cves/2018/CVE-2018-11784.yaml",
                         # Until https://github.com/projectdiscovery/nuclei-templates/issues/8657
                         # gets fixed, these templates return a FP on phpinfo(). Let's not spam
                         # our recipients with FPs.

diff --git a/artemis/reporting/export/main.py b/artemis/reporting/export/main.py
@@ -1,3 +1,4 @@
+import copy
 import dataclasses
 import datetime
 import json
@@ -116,7 +117,7 @@ def _build_messages_and_print_path(
             message_data = {
                 "contains_type": {report.report_type},
                 "reports": [report],
-                "custom_template_arguments": message.custom_template_arguments,
+                "custom_template_arguments": copy.deepcopy(message.custom_template_arguments),
             }
             message_data["custom_template_arguments"]["skip_html_and_body_tags"] = True  # type: ignore
             message_data["custom_template_arguments"]["skip_header_and_footer_text"] = True  # type: ignore

diff --git a/artemis/reporting/modules/nuclei/reporter.py b/artemis/reporting/modules/nuclei/reporter.py
@@ -32,7 +32,7 @@ class NucleiReporter(Reporter):
         GROUPS = json.load(f)
 
     @staticmethod
-    def get_alerts(all_reports: List[Report], false_positive_threshold: int = 3) -> List[str]:
+    def get_alerts(all_reports: List[Report], false_positive_threshold: int = 2) -> List[str]:
         result = []
 
         reports_by_target_counter: Counter[str] = collections.Counter()