django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

nuclei incorrect deduplication

Open egorbeliy opened this issue 8 months ago • 2 comments

Bug description Nuclei findings with different Endpoints but same other finding fields (component name, cve, etc) marked as duplicates after being imported

Steps to reproduce Steps to reproduce the behavior:

  1. do scan of amazon.com and google.com using nuclei nuclei -list targets.txt -j -s low -o output.json

targets.txt sample of output has been attached

  1. import results to defectdojo
curl -s -X POST "$DEFECTDOJO_URL/api/v2/import-scan/" \
  -H "Authorization: Token $DEFECTDOJO_TOKEN" \
  -F "scan_date=$(date +%F)" \
  -F "minimum_severity=Low" \
  -F "scan_type=Nuclei Scan" \
  -F "file=@$NUCLEI_OUTPUT;type=application/json" \
  -F "engagement_name=Passive scan" \
  -F "product_name=Passive scan" \
  -F "verified=false" \
  -F "active=true" \
  -F "auto_create_context=true" \
  -F "auto_create=true" \
  -F "product_type_name=Research and Development" \
  -F "close_old_findings=false" \
  -F "push_to_jira=false"

  1. google.com findings are active, amazon.com findings being closed as duplicate Image

Expected behavior Amazon findings aren't duplicates, 2 findings with 2 endpoints in each should be created

Environment information

  • Defectdojo version - v. 2.44.2
  • Nuclei version - v3.4.2

egorbeliy avatar May 07 '25 13:05 egorbeliy

Could you check the PR @egorbeliy ?

manuel-sommer avatar May 07 '25 19:05 manuel-sommer

i guess looks good

egorbeliy avatar May 08 '25 08:05 egorbeliy