OpenVAS parser should trim/strip hostname

[yerayvillamarin]

Bug description
We have a script that downloads the reports from OpenVAS and uploads them to DefectDojo automatically via the API. When we upload one of these reports the hosts are duplicated assigning some vulnerabilities to one and others to another.

After review we see that the reason for the duplication is that the host name adds spaces in front making them different. One of the hosts, for example, is “10.69.7.21” and the other is “ 10.69.7.21”. I attach some explanatory images.

Steps to reproduce
Steps to reproduce the behavior:

1. Upload an OpenVAS report
2. Click on hosts
3. See multiples hosts

Expected behavior
We are looking for these hosts to be the same, so that this space can be eliminated in some way such as a trim or some solution that is correct to avoid this.

Deployment method (select with an X)

• Docker Compose
• Kubernetes
• GoDojo

Environment information

• Operating System: Ubuntu 20.04
• DefectDojo version (see footer) or commit message: v. 2.43.3

Screenshots

[valentijnscholten]

Do you have a (redacted) openvas report that reproduces this? Is the extra space present in the report, or does it look like DD is adding it?

[yerayvillamarin]

Hello!

Thank you for your quick response, after further investigation, we see that the spaces are added by OpenVAS when exporting as CSV.

I don't know if it would be possible to remove the spaces at the beginning and at the end to create the hosts.

[valentijnscholten]

@kiblik @Maffooch Would it be safe for DD to just trim() the hostname before storing it?

[mtesauro]

@kiblik @Maffooch Would it be safe for DD to just trim() the hostname before storing it?

FWIW, that seems safe to me. I'd still like kiblik and Maffooch to chime in though. Kinda sad we have to do that 🤔

[kiblik]

Well, space is not an officially valid character in host (in any standard contention that I know), so it should be fixed by the producer of the report (OpenVAS in this case), and it should be addressed in their project, in my opinion. @yerayvillamarin, can you try to approach them?
But if it is not possible, trim() is acceptable to me (but let's try first). But it is just "accepting of new standard," and you know https://xkcd.com/927/

Btw, it is also the reason why you have a red flag next to the endpoint.

[yerayvillamarin]

Hello,

Thank you for your feedback. I completely agree that the basic problem is OpenVAS. I have also created a ticket for you to evaluate this problem.

greenbone/gvmd#2378

Thanks for your time, I look forward to hearing from you!

[valentijnscholten]

@kiblik How can these invalid hosts end up in Defect Dojo? When I try to create such an endpoint from a parser I am getting a ValidationError from the clean method.

[valentijnscholten]

I added a strip() in #11955 as I was working on OpenVAS anyway.

[yerayvillamarin]

Hello!

Thank you for this patch. Appreciate the great work you do with the tool.

I will update as soon as it is available.

[valentijnscholten]

Will be in release 2.44.2