report_item.rb in dradis-nessus-4.13.0

- old
+ new

@@ -29,11 +29,11 @@
         :patch_publication_date, :plugin_modification_date, :plugin_output, 
         :plugin_publication_date, :plugin_type, :plugin_version, :product_coverage, 
         :risk_factor, :solution, :synopsis, :threat_intensity_last_28, :threat_recency, 
         :threat_sources_last_28, :vpr_score, :vuln_publication_date,
         # multiple tags
-        :bid_entries, :cve_entries, :see_also_entries, :xref_entries,
+        :bid_entries, :cve_entries, :cwe_entries, :see_also_entries, :xref_entries,
         # compliance tags
         :cm_actual_value, :cm_audit_file, :cm_check_id, :cm_check_name, :cm_info,
         :cm_output, :cm_policy_value, :cm_reference, :cm_result, :cm_see_also,
         :cm_solution
       ]
@@ -100,14 +100,21 @@
         else
           return nil
         end
       end
 
+      # older versions of Nessus use <vpr_score> while newer versions of Nessus 
+      #   use <vulnerability_priority_rating>. This allows either tag to be 
+      #   pulled in to the vpr_score mapping
+      if method_name == 'vpr_score'
+        return @xml.at_xpath('./vulnerability_priority_rating | ./vpr_score')&.text
+      end
 
       # finally the enumerations: bid_entries, cve_entries, xref_entries
       translations_table = {
         :bid_entries => 'bid',
         :cve_entries => 'cve',
+        :cwe_entries => 'cwe',
         :see_also_entries => 'see_also',
         :xref_entries  => 'xref'
       }
       method_name = translations_table.fetch(method, nil)
       if method_name