From 8bd87bbc3c80986df4d0cd44b7aeb90c003d27c5 Mon Sep 17 00:00:00 2001
From: Samreet Singh <samreet.singh@iteratec.com>
Date: Wed, 1 Oct 2025 09:33:55 +0200
Subject: [PATCH 1/2] Set tunnel attriute by default to none servicescans use
 http/ssl notation which results into confusion with the matching of
 cascadingscans So tunnel is given a default value so the https can be matched
 with tunnel

Signed-off-by: Samreet Singh <samreet.singh@iteratec.com>
---
 .../parser/__testFiles__/service-scan.xml     |  37 +++++
 scanners/nmap/parser/parser.js                |   3 +-
 scanners/nmap/parser/parser.test.js           | 154 +++++++++++++-----
 3 files changed, 156 insertions(+), 38 deletions(-)
 create mode 100644 scanners/nmap/parser/__testFiles__/service-scan.xml

diff --git a/scanners/nmap/parser/__testFiles__/service-scan.xml b/scanners/nmap/parser/__testFiles__/service-scan.xml
new file mode 100644
index 0000000000..33d7397dee
--- /dev/null
+++ b/scanners/nmap/parser/__testFiles__/service-scan.xml
@@ -0,0 +1,37 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.97 scan initiated Thu Sep  4 14:07:30 2025 as: nmap -oX /home/securecodebox/nmap-results.xml -sV example.com -->
+<nmaprun scanner="nmap" args="nmap -oX /home/securecodebox/nmap-results.xml -sV example.com" start="1756994850" startstr="Thu Sep  4 14:07:30 2025" version="7.97" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3006,3011,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5985-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+<verbose level="0"/>
+<debugging level="0"/>
+<hosthint><status state="up" reason="unknown-response" reason_ttl="0"/>
+<address addr="10.50.0.2" addrtype="ipv4"/>
+<hostnames>
+<hostname name="example.com" type="user"/>
+</hostnames>
+</hosthint>
+<host starttime="1756994851" endtime="1756994890"><status state="up" reason="syn-ack" reason_ttl="0"/>
+<address addr="10.50.0.2" addrtype="ipv4"/>
+<hostnames>
+<hostname name="example.com" type="user"/>
+<hostname name="static.86.161.13.49.clients.your-server.de" type="PTR"/>
+</hostnames>
+<ports><extraports state="filtered" count="998">
+<extrareasons reason="no-response" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,444-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3006,3011,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5985-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+</extraports>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" extrainfo="reverse proxy" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx</cpe></service></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" extrainfo="reverse proxy" tunnel="ssl" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx</cpe></service></port>
+</ports>
+<times srtt="18567" rttvar="4248" to="100000"/>
+</host>
+<runstats><finished time="1756994890" timestr="Thu Sep  4 14:08:10 2025" summary="Nmap done at Thu Sep  4 14:08:10 2025; 1 IP address (1 host up) scanned in 40.02 seconds" elapsed="40.02" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
diff --git a/scanners/nmap/parser/parser.js b/scanners/nmap/parser/parser.js
index 38f388adc5..afa97cfb55 100644
--- a/scanners/nmap/parser/parser.js
+++ b/scanners/nmap/parser/parser.js
@@ -332,7 +332,8 @@ function parseResultFile(fileContent) {
                   "version",
                 ]);
 
-                const tunnel = get(portItem, ["service", 0, "$", "tunnel"]);
+                const tunnel =
+                  get(portItem, ["service", 0, "$", "tunnel"]) || "none";
                 const method = get(portItem, ["service", 0, "$", "method"]);
                 const product = get(portItem, ["service", 0, "$", "tunnel"]);
 
diff --git a/scanners/nmap/parser/parser.test.js b/scanners/nmap/parser/parser.test.js
index b6baedb458..a51481639b 100644
--- a/scanners/nmap/parser/parser.test.js
+++ b/scanners/nmap/parser/parser.test.js
@@ -60,7 +60,7 @@ test("should properly parse nmap xml file", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8021 is open using tcp protocol.",
@@ -85,7 +85,7 @@ test("should properly parse nmap xml file", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8080 is open using tcp protocol.",
@@ -110,7 +110,7 @@ test("should properly parse nmap xml file", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 9200 is open using tcp protocol.",
@@ -143,7 +143,7 @@ test("should properly parse a nmap xml without any ports", async () => {
     import.meta.dirname + "/__testFiles__/no-ports.xml",
     {
       encoding: "utf8",
-    },
+    }
   );
 
   const findings = await parse(xmlContent);
@@ -174,7 +174,7 @@ test("should properly parse a nmap xml without any host", async () => {
     import.meta.dirname + "/__testFiles__/no-host.xml",
     {
       encoding: "utf8",
-    },
+    }
   );
 
   const findings = await parse(xmlContent);
@@ -187,7 +187,7 @@ test("should properly parse a nmap xml with missing service information", async
     import.meta.dirname + "/__testFiles__/no-service.xml",
     {
       encoding: "utf8",
-    },
+    }
   );
 
   const findings = await parse(xmlContent);
@@ -210,7 +210,7 @@ test("should properly parse a nmap xml with missing service information", async
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "filtered",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 10250 is filtered using tcp protocol.",
@@ -243,7 +243,7 @@ test("Should properly parse a nmap xml with script specific SMB findings", async
     import.meta.dirname + "/__testFiles__/localhost-smb-script.xml",
     {
       encoding: "utf8",
-    },
+    }
   );
 
   const findings = await parse(xmlContent);
@@ -266,7 +266,7 @@ test("Should properly parse a nmap xml with script specific SMB findings", async
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 445 is open using tcp protocol.",
@@ -449,7 +449,7 @@ test("should properly parse a script finding for ftp in an xml file", async () =
     import.meta.dirname + "/__testFiles__/ftp.xml",
     {
       encoding: "utf8",
-    },
+    }
   );
   const findings = await parse(xmlContent);
   expect(validateParser(findings)).toBeUndefined();
@@ -481,7 +481,7 @@ test("should properly parse a script finding for ftp in an xml file", async () =
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 21 is open using tcp protocol.",
@@ -541,7 +541,7 @@ test("should parse scanme.nmap.org results properly", async () => {
     import.meta.dirname + "/__testFiles__/scanme.nmap.org-ipv6.xml",
     {
       encoding: "utf8",
-    },
+    }
   );
   const findings = await parse(xmlContent);
   expect(validateParser(findings)).toBeUndefined();
@@ -563,7 +563,7 @@ test("should parse scanme.nmap.org results properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 22 is open using tcp protocol.",
@@ -588,7 +588,7 @@ test("should parse scanme.nmap.org results properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 80 is open using tcp protocol.",
@@ -613,7 +613,7 @@ test("should parse scanme.nmap.org results properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 31337 is open using tcp protocol.",
@@ -646,7 +646,7 @@ test("should parse output of runs run --verbose properly", async () => {
     import.meta.dirname + "/__testFiles__/local-network-verbose.xml",
     {
       encoding: "utf8",
-    },
+    }
   );
   const findings = await parse(xmlContent);
   await validateParser(findings);
@@ -668,7 +668,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 21 is open using tcp protocol.",
@@ -693,7 +693,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 53 is open using tcp protocol.",
@@ -718,7 +718,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 80 is open using tcp protocol.",
@@ -743,7 +743,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 443 is open using tcp protocol.",
@@ -768,7 +768,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 554 is open using tcp protocol.",
@@ -793,7 +793,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 5060 is open using tcp protocol.",
@@ -818,7 +818,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8089 is open using tcp protocol.",
@@ -843,7 +843,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8181 is open using tcp protocol.",
@@ -868,7 +868,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 80 is open using tcp protocol.",
@@ -893,7 +893,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 7000 is open using tcp protocol.",
@@ -918,7 +918,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8082 is open using tcp protocol.",
@@ -943,7 +943,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8083 is open using tcp protocol.",
@@ -968,7 +968,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8085 is open using tcp protocol.",
@@ -993,7 +993,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8200 is open using tcp protocol.",
@@ -1018,7 +1018,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 80 is open using tcp protocol.",
@@ -1043,7 +1043,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 5000 is open using tcp protocol.",
@@ -1068,7 +1068,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 7000 is open using tcp protocol.",
@@ -1093,7 +1093,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8080 is open using tcp protocol.",
@@ -1118,7 +1118,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 8081 is open using tcp protocol.",
@@ -1143,7 +1143,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 80 is open using tcp protocol.",
@@ -1168,7 +1168,7 @@ test("should parse output of runs run --verbose properly", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 443 is open using tcp protocol.",
@@ -1255,3 +1255,83 @@ test("should parse output of runs run --verbose properly", async () => {
     ]
   `);
 });
+
+test("should parse output of service scan properly", async () => {
+  const xmlContent = await readFile(
+    import.meta.dirname + "/__testFiles__/service-scan.xml",
+    {
+      encoding: "utf8",
+    }
+  );
+  const findings = await parse(xmlContent);
+  await validateParser(findings);
+  expect(await parse(xmlContent)).toMatchInlineSnapshot(`
+    [
+      {
+        "attributes": {
+          "hostname": "example.com",
+          "ip_addresses": [
+            "10.50.0.2",
+          ],
+          "mac_address": null,
+          "method": "probed",
+          "operating_system": null,
+          "port": 80,
+          "protocol": "tcp",
+          "scripts": null,
+          "service": "http",
+          "serviceProduct": "nginx",
+          "serviceVersion": null,
+          "state": "open",
+          "tunnel": "none",
+        },
+        "category": "Open Port",
+        "description": "Port 80 is open using tcp protocol.",
+        "location": "tcp://example.com:80",
+        "name": "Open Port: 80 (http)",
+        "osi_layer": "NETWORK",
+        "severity": "INFORMATIONAL",
+      },
+      {
+        "attributes": {
+          "hostname": "example.com",
+          "ip_addresses": [
+            "10.50.0.2",
+          ],
+          "mac_address": null,
+          "method": "probed",
+          "operating_system": null,
+          "port": 443,
+          "protocol": "tcp",
+          "scripts": null,
+          "service": "http",
+          "serviceProduct": "nginx",
+          "serviceVersion": null,
+          "state": "open",
+          "tunnel": "ssl",
+        },
+        "category": "Open Port",
+        "description": "Port 443 is open using tcp protocol.",
+        "location": "tcp://example.com:443",
+        "name": "Open Port: 443 (http)",
+        "osi_layer": "NETWORK",
+        "severity": "INFORMATIONAL",
+      },
+      {
+        "attributes": {
+          "hostname": "example.com",
+          "ip_addresses": [
+            "10.50.0.2",
+          ],
+          "operating_system": null,
+        },
+        "category": "Host",
+        "description": "Found a host",
+        "location": "example.com",
+        "name": "Host: example.com",
+        "osi_layer": "NETWORK",
+        "severity": "INFORMATIONAL",
+      },
+    ]
+  `);
+});

From ed6cdb75ae3d32df020844dfc8f77bfb5db0fd2c Mon Sep 17 00:00:00 2001
From: Samreet Singh <samreet.singh@iteratec.com>
Date: Wed, 1 Oct 2025 10:08:38 +0200
Subject: [PATCH 2/2] Fix unit test

Signed-off-by: Samreet Singh <samreet.singh@iteratec.com>
---
 scanners/nmap/parser/parser.test.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanners/nmap/parser/parser.test.js b/scanners/nmap/parser/parser.test.js
index a51481639b..3d4083192b 100644
--- a/scanners/nmap/parser/parser.test.js
+++ b/scanners/nmap/parser/parser.test.js
@@ -35,7 +35,7 @@ test("should properly parse nmap xml file", async () => {
           "serviceProduct": null,
           "serviceVersion": null,
           "state": "open",
-          "tunnel": null,
+          "tunnel": "none",
         },
         "category": "Open Port",
         "description": "Port 53 is open using tcp protocol.",