Dont yield all snyk findings when no version was found (1.17) (#3533)

Co-authored-by: noamblitz <[email protected]>
Co-authored-by: stephanie0x00 <[email protected]>
Co-authored-by: Jan Klopper <[email protected]>

boefjes/boefjes/plugins/kat_kat_finding_types/kat_finding_types.json

@@ -486,5 +486,10 @@
     "source": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers",
     "impact": "Nonstandard headers may not be supported by all browsers and may not provide the security that is expected.",
     "recommendation": "Remove the nonstandard headers from the response."
+  },
+  "KAT-SOFTWARE-VERSION-NOT-FOUND": {
+    "description": "The version of the software is not found.",
+    "risk": "recommendation",
+    "recommendation": "There was no version found for this software but there are known vulnerabilities for this software."
   }
 }

boefjes/boefjes/plugins/kat_snyk/normalize.py

@@ -23,7 +23,7 @@ def run(input_ooi: dict, raw: bytes) -> Iterable[NormalizerOutput]:
     elif not results["table_vulnerabilities"] and not results["cve_vulnerabilities"]:
         # no vulnerabilities found
         return
-    else:
+    if software_version:
         for vuln in results["table_vulnerabilities"]:
             snyk_ft = SnykFindingType(id=vuln.get("Vuln_href"))
             yield snyk_ft
@@ -40,6 +40,15 @@ def run(input_ooi: dict, raw: bytes) -> Iterable[NormalizerOutput]:
                 ooi=pk_ooi,
                 description=vuln.get("Vuln_text"),
             )
+    if not software_version and (results["table_vulnerabilities"] or results["cve_vulnerabilities"]):
+        kat_ooi = KATFindingType(id="KAT-SOFTWARE-VERSION-NOT-FOUND")
+        yield kat_ooi
+        yield Finding(
+            finding_type=kat_ooi.reference,
+            ooi=pk_ooi,
+            description="There was no version found for this software. "
+            "But there are known vulnerabilities for some versions.",
+        )
 
     # Check for latest version
     latest_version = ""