To make sure things don't get lost, I also submitted a bug report about this -- it's Bug 507 at http://bugs.nessus.org/show_bug.cgi?id=507
Thanks, Matt > -----Original Message----- > From: Rickard, Matthew [mailto:[EMAIL PROTECTED] > Sent: 29 July, 2003 10:46 AM > To: [EMAIL PROTECTED] > Subject: Bug in nsr_output.c > > > I've come across a bug in nessus-core/nessus/nsr_output.c. It appears > 'Warning' and 'Note' are not matched correctly with 'INFO' > and 'NOTE'. This > causes them to be switched (and misclassified) when > converting to other > formats from nsr. > > Here is the trivial diff to correct this issue: > > diff -u nessus/nsr_output.c.old nessus/nsr_output.c > --- nessus/nsr_output.c.old 2002-09-10 18:01:25.000000000 -0400 > +++ nessus/nsr_output.c 2003-07-29 10:46:16.000000000 -0400 > @@ -140,8 +140,8 @@ > } > > while((t = strchr(data, ';')))t[0] = '\n'; > - if(!strcmp(severity, "INFO"))severity = "Security Note"; > - else if(!strcmp(severity, "NOTE"))severity = "Security Warning"; > + if(!strcmp(severity, "INFO"))severity = "Security Warning"; > + else if(!strcmp(severity, "NOTE"))severity = "Security Note"; > else if(!strcmp(severity, "REPORT"))severity ="Security Hole"; > backend_insert_report_data(be, subnet, hostname, port, script_id, > severity, data); >
