dradis-nexpose 3.13.0 → 3.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5741ee667d7c449c8c387f75126cf1032bc7da09
-  data.tar.gz: 61dbd3e61a47d13cb51e3cfaddf2c21dc12d0380
+SHA256:
+  metadata.gz: 99e3bbf8c1b57a35e86fa01ebf199f1d19272e8e4f9fa132cce88ec4d290ac1d
+  data.tar.gz: 7e02c4959a3808412190fd1bb2f4e353b93f353dd3178bce215ff01a46d9df72
 SHA512:
-  metadata.gz: d313717bb513c76e5d3377f8ca8ce4f2abaa1874f5693b6cc7d38d1ee8cbfe96122c9c0338f6fc5b21f28fc04b878b4139fb43895f39ad98d753cd120b885153
-  data.tar.gz: 5efd749d9d89df38e32f6eacaa9c90c01636994dd1979b73a9c85f331f684eafcbc651b043174d3846d38f0d04fae68c7b84cbd51ce3bd564dfffc4eadf70891
+  metadata.gz: ea314d47b29d2c24e769b922ebe41847770061d09ad6086f36ea9a0932be3c34275f0708193c7cf874a893937a9332965867b32e31fc99e8289fd63bc5b8759b
+  data.tar.gz: dc118f62552c642f949f97f136c9a980310c0a124947761821b09f6c11758dc02939c876d52ab2f8d578ca5876e383b64acaa9d5dcb2d1a3ef2da3f9267e767c

data/.github/issue_template.md

@@ -0,0 +1,16 @@
+### Steps to reproduce
+
+Help us help you, how can we reproduce the problem?
+
+### Expected behavior
+Tell us what should happen
+
+### Actual behavior
+Tell us what happens instead
+
+### System configuration
+**Dradis version**:
+
+**Ruby version**:
+
+**OS version**:

data/.github/pull_request_template.md

@@ -0,0 +1,36 @@
+### Summary
+
+Provide a general description of the code changes in your pull
+request... were there any bugs you had fixed? If so, mention them. If
+these bugs have open GitHub issues, be sure to tag them here as well,
+to keep the conversation linked together.
+
+
+### Other Information
+
+If there's anything else that's important and relevant to your pull
+request, mention that information here. This could include
+benchmarks, or other information.
+
+Thanks for contributing to Dradis!
+
+
+### Copyright assignment
+
+Collaboration is difficult with commercial closed source but we want
+to keep as much of the OSS ethos as possible available to users
+who want to fix it themselves.
+
+In order to unambiguously own and sell Dradis Framework commercial
+products, we must have the copyright associated with the entire
+codebase. Any code you create which is merged must be owned by us.
+That's not us trying to be a jerks, that's just the way it works.
+
+Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
+file for the details.
+
+You can delete this section, but the following sentence needs to
+remain in the PR's description:
+
+> I assign all rights, including copyright, to any future Dradis
+> work by myself to Security Roots.

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## Dradis Framework 3.14 (August, 2019) ##
+
+*   Add risk-score attribute to nodes
+
 ## Dradis Framework 3.13 (June, 2019) ##
 
 *   No changes.

data/dradis-nexpose.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'dradis-plugins', '~> 3.6'
   spec.add_dependency 'nokogiri', '~> 1.3'
 
-  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec-rails'
   spec.add_development_dependency 'combustion', '~> 0.5.2'

data/lib/dradis/plugins/nexpose/formats/full.rb

@@ -36,6 +36,7 @@ module Dradis::Plugins::Nexpose::Formats
           host_node.set_property(:ip, nexpose_node.address)
           host_node.set_property(:hostname, nexpose_node.site_name)
           host_node.set_property(:os, nexpose_node.software)
+          host_node.set_property(:risk_score, nexpose_node.risk_score)
           host_node.save
         end
 

data/lib/dradis/plugins/nexpose/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 3
-        MINOR = 13
+        MINOR = 14
         TINY = 0
         PRE = nil
 

data/lib/nexpose/node.rb

@@ -18,7 +18,7 @@ module Nexpose
     def supported_tags
       [
         # attributes
-        :address, :device_id, :hardware_address, :site_name, :status,
+        :address, :device_id, :hardware_address, :risk_score, :site_name, :status,
 
         # simple tags
 
@@ -71,9 +71,10 @@ module Nexpose
       # First we try the attributes. In Ruby we use snake_case, but in XML
       # hyphenated-case is used for some attributes
       translations_table = {
-        :device_id => 'device-id',
-        :hardware_address => 'hardware-address',
-        :site_name => 'site-name'
+        device_id: 'device-id',
+        hardware_address: 'hardware-address',
+        risk_score: 'risk-score',
+        site_name: 'site-name'
       }
 
       method_name = translations_table.fetch(method, method.to_s)

data/lib/nexpose/vulnerability.rb

@@ -124,7 +124,9 @@ module Nexpose
       result.gsub!(/<URLLink LinkTitle=\"(.*?)\" LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$2.strip} " }
       result.gsub!(/<URLLink LinkURL=\"(.*?)\" LinkTitle=\"(.*?)\"\/>/i) { "\"#{$2.strip}\":#{$1.strip} " }
       result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/m) {|m| "\"#{$4.strip}\":#{$2.strip} " }
-
+      result.gsub!(/&gt;/, '>')
+      result.gsub!(/&lt;/, '<')
+      
       result
     end
 

data/spec/nexpose_upload_spec.rb

@@ -86,25 +86,20 @@ describe 'Nexpose upload plugin' do
         expect(args[:node].label).to eq("Nexpose Scan Summary")
       end.once
 
-      expect(@content_service).to receive(:create_node).with(hash_including label: "1.1.1.1", type: :host).once
+      expect(@content_service).to receive(:create_node).with(
+        hash_including label: "1.1.1.1", type: :host
+      ).twice
+
       expect(@content_service).to receive(:create_note) do |args|
-        expect(args[:text]).to include("#[Host]#\n1.1.1.1")
+        expect(args[:text]).to include("#[Title]#\n1.1.1.1")
         expect(args[:node].label).to eq("1.1.1.1")
       end.once
 
-      expect(@content_service).to receive(:create_node) do |args|
-        expect(args[:label]).to eq("Definitions")
-        OpenStruct.new(args)
-      end.once
       expect(@content_service).to receive(:create_note) do |args|
         expect(args[:text]).to include("#[Title]#\nService name: NTP")
         expect(args[:node].label).to eq("1.1.1.1")
       end.once
 
-      expect(@content_service).to receive(:create_node) do |args|
-        expect(args[:label]).to eq("1.1.1.1")
-        OpenStruct.new(args)
-      end.once
       expect(@content_service).to receive(:create_note) do |args|
         expect(args[:text]).to include("#[Title]#\nService name: SNMP")
         expect(args[:node].label).to eq("1.1.1.1")
@@ -134,16 +129,26 @@ describe 'Nexpose upload plugin' do
     # Regression test for github.com/dradis/dradis-nexpose/issues/1
     it "populates solutions regardless they are wrapped in paragraphs or lists" do
       expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Solution]#\nApache HTTPD >= 2.0 and < 2.0.65")
+        expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
         OpenStruct.new(args)
       end.once
 
       expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Solution]#\nYou can remove inode information from the ETag header")
+        expect(args[:text]).to include("#[Solution]#\n")
+        expect(args[:text]).to include("You can remove inode information from the ETag header")
         OpenStruct.new(args)
       end.once
 
       @importer.import(file: 'spec/fixtures/files/full.xml')
     end
+
+    it "transforms html entities (&lt; and &gt;)" do
+      expect(@content_service).to receive(:create_issue) do |args|
+        expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
+        OpenStruct.new(args)
+      end
+
+      @importer.import(file: 'spec/fixtures/files/full.xml')
+    end
   end
 end

data/templates/full_node.fields

@@ -4,6 +4,7 @@ node.fingerprints
 node.hardware_address
 node.names
 node.tests
+node.risk_score
 node.site_name
 node.status
-node.software
+node.software

data/templates/full_node.sample

@@ -3,7 +3,8 @@
   site-name="snorby"
   status="alive"
   device-id="211"
-  hardware-address="00:de:ad:be:ef:00">
+  hardware-address="00:de:ad:be:ef:00"
+  risk-score="123">
 
   <names>
       <name>iPad.local</name>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nexpose
 version: !ruby/object:Gem::Version
-  version: 3.13.0
+  version: 3.14.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-10 00:00:00.000000000 Z
+date: 2019-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -42,16 +42,16 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -102,6 +102,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/issue_template.md"
+- ".github/pull_request_template.md"
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
@@ -168,8 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Nexpose add-on for the Dradis Framework.