Fix incorrect message formatting + references.

agent/metasploit_agent.py

@@ -4,6 +4,7 @@
 import ipaddress
 import time
 from typing import Any
+import re
 
 from ostorlab.agent import agent, definitions as agent_definitions
 from ostorlab.agent.kb import kb
@@ -28,6 +29,12 @@
 MODULE_TIMEOUT = 300
 VULNERABLE_STATUSES = ["vulnerable", "appears"]
 METASPLOIT_AGENT_KEY = b"agent_metasploit_asset"
+TOKEN_REPLACE = "REPLACEME"
+REFERENCES = {
+    "CVE": f"https://nvd.nist.gov/vuln/detail/CVE-{TOKEN_REPLACE}",
+    "CWE": f"https://cwe.mitre.org/data/definitions/{TOKEN_REPLACE}.html",
+    "EDB": f"https://www.exploit-db.com/exploits/{TOKEN_REPLACE}",
+}
 
 
 class Error(Exception):
@@ -122,7 +129,7 @@ def process(self, message: m.Message) -> None:
                 ):
                     technical_detail = f"Using `{module_instance.moduletype}` module `{module_instance.modulename}`\n"
                     technical_detail += f"Target: {vhost}:{rport}\n"
-                    technical_detail += f'Message: \n```{results["message"]}```'
+                    technical_detail += f'Message: \n```\n{results["message"]}\n```'
 
                     self._emit_results(module_instance, technical_detail)
 
@@ -198,7 +205,11 @@ def _emit_results(
         msf_references = {}
         for reference in module_instance.references:
             if isinstance(reference, list) and len(reference) == 2:
-                msf_references[reference[0]] = reference[1]
+                if reference[0] == "URL":
+                    msf_references[reference[1]] = reference[1]
+                elif reference[0] in REFERENCES:
+                    url = re.sub(TOKEN_REPLACE, reference[1], REFERENCES[reference[0]])
+                    msf_references[url] = url
         entry = kb.Entry(
             title=entry_title,
             risk_rating="HIGH",
@@ -251,12 +262,10 @@ def _set_module_args(
             arg_name = arg["name"]
             if arg_name in selected_module.options:
                 selected_module[arg_name] = arg["value"]
-
         if len(selected_module.missing_required) > 0:
             raise ValueError(
                 f"The following arguments are missing: {str(selected_module.missing_required)}"
             )
-
         return selected_module
 
 

tests/metasploit_agent_test.py

@@ -78,8 +78,18 @@ def testExploit_whenVulnerable_returnFindings(
         "Using `exploit` module `unix/misc/distcc_exec`\n"
         "Target: 192.168.1.17:443\n"
         "Message: \n"
-        "```The target is vulnerable.```"
+        "```\nThe target is vulnerable.\n```"
     )
+    assert vulnerability_finding["references"] == [
+        {
+            "title": "https://nvd.nist.gov/vuln/detail/CVE-2004-2687",
+            "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2687",
+        },
+        {
+            "title": "http://distcc.samba.org/security.html",
+            "url": "http://distcc.samba.org/security.html",
+        },
+    ]
 
 
 @pytest.mark.parametrize(