Fix copy paste error in XSS nikto id

J12934 · J12934 · commit 7fc0bdff543a · 2020-05-06T16:03:10.000+02:00
diff --git a/integrations/nikto/parser/__snapshots__/parser.test.js.snap b/integrations/nikto/parser/__snapshots__/parser.test.js.snap
@@ -75,12 +75,12 @@ Array [
       "niktoId": 999102,
       "port": 443,
     },
-    "category": "Nikto Finding",
+    "category": "X-XSS-Protection",
     "description": null,
     "location": "https://www.securecodebox.io/",
     "name": "The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS",
     "osi_layer": "NETWORK",
-    "severity": "INFORMATIONAL",
+    "severity": "LOW",
   },
   Object {
     "attributes": Object {
diff --git a/integrations/nikto/parser/parser.js b/integrations/nikto/parser/parser.js
@@ -1,36 +1,36 @@
-const INFORMATIONAL = 'INFORMATIONAL';
-const LOW = 'LOW';
-const MEDIUM = 'MEDIUM';
-const HIGH = 'HIGH';
+const INFORMATIONAL = "INFORMATIONAL";
+const LOW = "LOW";
+const MEDIUM = "MEDIUM";
+const HIGH = "HIGH";
 /**
  * Sorts Nikto findings into Categories
  *
  * @param {string} category
  */
 function categorize({ id }) {
   if (id === 999957) {
-    return ['X-Frame-Options Header', LOW];
-  } else if (id === 'X-XSS-Protection') {
-    return ['X-XSS-Protection', LOW];
+    return ["X-Frame-Options Header", LOW];
+  } else if (id === 999102) {
+    return ["X-XSS-Protection", LOW];
   } else if (id === 999100) {
-    return ['Uncommon Header', INFORMATIONAL];
+    return ["Uncommon Header", INFORMATIONAL];
   } else if (id === 999103) {
-    return ['X-Content-Type-Options Header', INFORMATIONAL];
+    return ["X-Content-Type-Options Header", INFORMATIONAL];
   } else if (id === 521000) {
-    return ['Path Traversal', HIGH];
+    return ["Path Traversal", HIGH];
   } else if (id >= 600000 && id < 700000) {
-    return ['Outdated Software', MEDIUM];
+    return ["Outdated Software", MEDIUM];
   } else if (id >= 800000 && id < 900000) {
-    return ['Identified Software', INFORMATIONAL];
+    return ["Identified Software", INFORMATIONAL];
   } else if (id >= 0 && id < 100000) {
-    return ['Potential Vulnerability', HIGH];
+    return ["Potential Vulnerability", HIGH];
   } else if (id >= 500017 && id < 600000) {
-    return ['Identified Software', INFORMATIONAL];
+    return ["Identified Software", INFORMATIONAL];
   } else if (id >= 300000 && id < 400000) {
-    return ['Embedded Device', INFORMATIONAL];
+    return ["Embedded Device", INFORMATIONAL];
   }
 
-  return ['Nikto Finding', INFORMATIONAL];
+  return ["Nikto Finding", INFORMATIONAL];
 }
 
 async function parse({ host, ip, port: portString, banner, vulnerabilities }) {
@@ -42,14 +42,14 @@ async function parse({ host, ip, port: portString, banner, vulnerabilities }) {
     const [category, severity] = categorize({ id: niktoId });
 
     // We can only guess at this point. Nikto doesn't tell use anymore :(
-    const protocol = port === 443 || port === 8443 ? 'https' : 'http';
+    const protocol = port === 443 || port === 8443 ? "https" : "http";
 
     return {
       name: msg,
       description: null,
       category,
       location: `${protocol}://${host}${url}`,
-      osi_layer: 'NETWORK',
+      osi_layer: "NETWORK",
       severity,
       attributes: {
         ip_address: ip,
