ARS-487 - nmap - avoid PTR hostname during parsing

engines/nmap/Dockerfile

@@ -1,5 +1,5 @@
 FROM alpine:3.16.3
-LABEL Name="Nmap\ \(Patrowl engine\)" Version="1.5.0"
+LABEL Name="Nmap\ \(Patrowl engine\)" Version="1.5.1"
 
 # Set the working directory
 RUN mkdir -p /opt/patrowl-engines/nmap
@@ -19,15 +19,15 @@ COPY libs/ libs/
 
 # Install any needed packages specified in requirements.txt
 RUN apk add --update \
-	linux-headers \
-	libffi-dev \
-    #sudo \
-    python3 \
-    python3-dev \
-    py3-pip \
-    build-base \
-    nmap \
-    nmap-scripts \
+  linux-headers \
+  libffi-dev \
+  #sudo \
+  python3 \
+  python3-dev \
+  py3-pip \
+  build-base \
+  nmap \
+  nmap-scripts \
   #&& adduser -u 1000 -G wheel -D alpine \
   && rm -rf /var/cache/apk/*
 

engines/nmap/VERSION

@@ -1 +1 @@
-1.5.0
+1.5.1

engines/nmap/__init__.py

@@ -1,8 +1,8 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
-__title__ = 'patrowl_engine_nmap'
-__version__ = '1.5.0'
-__author__ = 'Nicolas MATTIOCCO'
-__license__ = 'AGPLv3'
-__copyright__ = 'Copyright (C) 2018-2022 Nicolas Mattiocco - @MaKyOtOx'
+__title__ = "patrowl_engine_nmap"
+__version__ = "1.5.1"
+__author__ = "Nicolas MATTIOCCO"
+__license__ = "AGPLv3"
+__copyright__ = "Copyright (C) 2018-2024 Nicolas Mattiocco - @MaKyOtOx"

engines/nmap/engine-nmap.py

@@ -86,6 +86,16 @@ def clean():
 @app.route("/engines/nmap/clean/<scan_id>")
 def clean_scan(scan_id):
     """Clean scan identified by id."""
+    if scan_id not in engine.scans.keys():
+        return (
+            jsonify(
+                {
+                    "status": "error",
+                    "reason": f"Error 1002: scan_id '{scan_id}' not found",
+                }
+            ),
+            503,
+        )
     return engine.clean_scan(scan_id)
 
 
@@ -568,7 +578,8 @@ def _parse_report(filename, scan_id):
         # Find hostnames
         for hostnames in host.findall("hostnames"):
             for hostname in list(hostnames):
-                if hostname.get("type") in ["user", "PTR"]:
+                # if hostname.get("type") in ["user", "PTR"]:
+                if hostname.get("type") == "user":
                     has_hostnames = True
                     addr = hostname.get("name")
                     addr_list.append(hostname.get("name"))
@@ -592,6 +603,8 @@ def _parse_report(filename, scan_id):
         if has_hostnames:
             for hostnames in host.findall("hostnames"):
                 for hostname in list(hostnames):
+                    if hostname.get("type") != "user":
+                        continue
                     ip_address = str(host.find("address").get("addr"))
                     issues.append(
                         deepcopy(
@@ -1049,7 +1062,7 @@ def getfindings(scan_id):
         os.remove(hosts_filename)
 
     # remove the scan from the active scan list
-    engine.clean_scan(scan_id)
+    # engine.clean_scan(scan_id)
 
     res.update({"summary": summary, "issues": issues, "status": "success"})
     return jsonify(res)

engines/nmap/nmap.json.sample

@@ -1,6 +1,6 @@
 {
 	"name": "Nmap",
-	"version": "1.5.0",
+	"version": "1.5.1",
 	"description": "Network Scanner",
 	"path": "/usr/bin/nmap",
 	"allowed_asset_types": ["ip", "domain", "fqdn", "url", "ip-range", "ip-subnet"],