dradis-nexpose 3.13.0 → 3.14.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/issue_template.md +16 -0
- data/.github/pull_request_template.md +36 -0
- data/CHANGELOG.md +4 -0
- data/dradis-nexpose.gemspec +1 -1
- data/lib/dradis/plugins/nexpose/formats/full.rb +1 -0
- data/lib/dradis/plugins/nexpose/gem_version.rb +1 -1
- data/lib/nexpose/node.rb +5 -4
- data/lib/nexpose/vulnerability.rb +3 -1
- data/spec/nexpose_upload_spec.rb +17 -12
- data/templates/full_node.fields +2 -1
- data/templates/full_node.sample +2 -1
- metadata +9 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 99e3bbf8c1b57a35e86fa01ebf199f1d19272e8e4f9fa132cce88ec4d290ac1d
|
4
|
+
data.tar.gz: 7e02c4959a3808412190fd1bb2f4e353b93f353dd3178bce215ff01a46d9df72
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ea314d47b29d2c24e769b922ebe41847770061d09ad6086f36ea9a0932be3c34275f0708193c7cf874a893937a9332965867b32e31fc99e8289fd63bc5b8759b
|
7
|
+
data.tar.gz: dc118f62552c642f949f97f136c9a980310c0a124947761821b09f6c11758dc02939c876d52ab2f8d578ca5876e383b64acaa9d5dcb2d1a3ef2da3f9267e767c
|
@@ -0,0 +1,16 @@
|
|
1
|
+
### Steps to reproduce
|
2
|
+
|
3
|
+
Help us help you, how can we reproduce the problem?
|
4
|
+
|
5
|
+
### Expected behavior
|
6
|
+
Tell us what should happen
|
7
|
+
|
8
|
+
### Actual behavior
|
9
|
+
Tell us what happens instead
|
10
|
+
|
11
|
+
### System configuration
|
12
|
+
**Dradis version**:
|
13
|
+
|
14
|
+
**Ruby version**:
|
15
|
+
|
16
|
+
**OS version**:
|
@@ -0,0 +1,36 @@
|
|
1
|
+
### Summary
|
2
|
+
|
3
|
+
Provide a general description of the code changes in your pull
|
4
|
+
request... were there any bugs you had fixed? If so, mention them. If
|
5
|
+
these bugs have open GitHub issues, be sure to tag them here as well,
|
6
|
+
to keep the conversation linked together.
|
7
|
+
|
8
|
+
|
9
|
+
### Other Information
|
10
|
+
|
11
|
+
If there's anything else that's important and relevant to your pull
|
12
|
+
request, mention that information here. This could include
|
13
|
+
benchmarks, or other information.
|
14
|
+
|
15
|
+
Thanks for contributing to Dradis!
|
16
|
+
|
17
|
+
|
18
|
+
### Copyright assignment
|
19
|
+
|
20
|
+
Collaboration is difficult with commercial closed source but we want
|
21
|
+
to keep as much of the OSS ethos as possible available to users
|
22
|
+
who want to fix it themselves.
|
23
|
+
|
24
|
+
In order to unambiguously own and sell Dradis Framework commercial
|
25
|
+
products, we must have the copyright associated with the entire
|
26
|
+
codebase. Any code you create which is merged must be owned by us.
|
27
|
+
That's not us trying to be a jerks, that's just the way it works.
|
28
|
+
|
29
|
+
Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
|
30
|
+
file for the details.
|
31
|
+
|
32
|
+
You can delete this section, but the following sentence needs to
|
33
|
+
remain in the PR's description:
|
34
|
+
|
35
|
+
> I assign all rights, including copyright, to any future Dradis
|
36
|
+
> work by myself to Security Roots.
|
data/CHANGELOG.md
CHANGED
data/dradis-nexpose.gemspec
CHANGED
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
|
|
28
28
|
spec.add_dependency 'dradis-plugins', '~> 3.6'
|
29
29
|
spec.add_dependency 'nokogiri', '~> 1.3'
|
30
30
|
|
31
|
-
spec.add_development_dependency 'bundler'
|
31
|
+
spec.add_development_dependency 'bundler'
|
32
32
|
spec.add_development_dependency 'rake', '~> 10.0'
|
33
33
|
spec.add_development_dependency 'rspec-rails'
|
34
34
|
spec.add_development_dependency 'combustion', '~> 0.5.2'
|
@@ -36,6 +36,7 @@ module Dradis::Plugins::Nexpose::Formats
|
|
36
36
|
host_node.set_property(:ip, nexpose_node.address)
|
37
37
|
host_node.set_property(:hostname, nexpose_node.site_name)
|
38
38
|
host_node.set_property(:os, nexpose_node.software)
|
39
|
+
host_node.set_property(:risk_score, nexpose_node.risk_score)
|
39
40
|
host_node.save
|
40
41
|
end
|
41
42
|
|
data/lib/nexpose/node.rb
CHANGED
@@ -18,7 +18,7 @@ module Nexpose
|
|
18
18
|
def supported_tags
|
19
19
|
[
|
20
20
|
# attributes
|
21
|
-
:address, :device_id, :hardware_address, :site_name, :status,
|
21
|
+
:address, :device_id, :hardware_address, :risk_score, :site_name, :status,
|
22
22
|
|
23
23
|
# simple tags
|
24
24
|
|
@@ -71,9 +71,10 @@ module Nexpose
|
|
71
71
|
# First we try the attributes. In Ruby we use snake_case, but in XML
|
72
72
|
# hyphenated-case is used for some attributes
|
73
73
|
translations_table = {
|
74
|
-
:
|
75
|
-
:
|
76
|
-
:
|
74
|
+
device_id: 'device-id',
|
75
|
+
hardware_address: 'hardware-address',
|
76
|
+
risk_score: 'risk-score',
|
77
|
+
site_name: 'site-name'
|
77
78
|
}
|
78
79
|
|
79
80
|
method_name = translations_table.fetch(method, method.to_s)
|
@@ -124,7 +124,9 @@ module Nexpose
|
|
124
124
|
result.gsub!(/<URLLink LinkTitle=\"(.*?)\" LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$2.strip} " }
|
125
125
|
result.gsub!(/<URLLink LinkURL=\"(.*?)\" LinkTitle=\"(.*?)\"\/>/i) { "\"#{$2.strip}\":#{$1.strip} " }
|
126
126
|
result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/m) {|m| "\"#{$4.strip}\":#{$2.strip} " }
|
127
|
-
|
127
|
+
result.gsub!(/>/, '>')
|
128
|
+
result.gsub!(/</, '<')
|
129
|
+
|
128
130
|
result
|
129
131
|
end
|
130
132
|
|
data/spec/nexpose_upload_spec.rb
CHANGED
@@ -86,25 +86,20 @@ describe 'Nexpose upload plugin' do
|
|
86
86
|
expect(args[:node].label).to eq("Nexpose Scan Summary")
|
87
87
|
end.once
|
88
88
|
|
89
|
-
expect(@content_service).to receive(:create_node).with(
|
89
|
+
expect(@content_service).to receive(:create_node).with(
|
90
|
+
hash_including label: "1.1.1.1", type: :host
|
91
|
+
).twice
|
92
|
+
|
90
93
|
expect(@content_service).to receive(:create_note) do |args|
|
91
|
-
expect(args[:text]).to include("#[
|
94
|
+
expect(args[:text]).to include("#[Title]#\n1.1.1.1")
|
92
95
|
expect(args[:node].label).to eq("1.1.1.1")
|
93
96
|
end.once
|
94
97
|
|
95
|
-
expect(@content_service).to receive(:create_node) do |args|
|
96
|
-
expect(args[:label]).to eq("Definitions")
|
97
|
-
OpenStruct.new(args)
|
98
|
-
end.once
|
99
98
|
expect(@content_service).to receive(:create_note) do |args|
|
100
99
|
expect(args[:text]).to include("#[Title]#\nService name: NTP")
|
101
100
|
expect(args[:node].label).to eq("1.1.1.1")
|
102
101
|
end.once
|
103
102
|
|
104
|
-
expect(@content_service).to receive(:create_node) do |args|
|
105
|
-
expect(args[:label]).to eq("1.1.1.1")
|
106
|
-
OpenStruct.new(args)
|
107
|
-
end.once
|
108
103
|
expect(@content_service).to receive(:create_note) do |args|
|
109
104
|
expect(args[:text]).to include("#[Title]#\nService name: SNMP")
|
110
105
|
expect(args[:node].label).to eq("1.1.1.1")
|
@@ -134,16 +129,26 @@ describe 'Nexpose upload plugin' do
|
|
134
129
|
# Regression test for github.com/dradis/dradis-nexpose/issues/1
|
135
130
|
it "populates solutions regardless they are wrapped in paragraphs or lists" do
|
136
131
|
expect(@content_service).to receive(:create_issue) do |args|
|
137
|
-
expect(args[:text]).to include("#[Solution]#\nApache HTTPD >= 2.0 and < 2.0.65")
|
132
|
+
expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
|
138
133
|
OpenStruct.new(args)
|
139
134
|
end.once
|
140
135
|
|
141
136
|
expect(@content_service).to receive(:create_issue) do |args|
|
142
|
-
expect(args[:text]).to include("#[Solution]#\
|
137
|
+
expect(args[:text]).to include("#[Solution]#\n")
|
138
|
+
expect(args[:text]).to include("You can remove inode information from the ETag header")
|
143
139
|
OpenStruct.new(args)
|
144
140
|
end.once
|
145
141
|
|
146
142
|
@importer.import(file: 'spec/fixtures/files/full.xml')
|
147
143
|
end
|
144
|
+
|
145
|
+
it "transforms html entities (< and >)" do
|
146
|
+
expect(@content_service).to receive(:create_issue) do |args|
|
147
|
+
expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
|
148
|
+
OpenStruct.new(args)
|
149
|
+
end
|
150
|
+
|
151
|
+
@importer.import(file: 'spec/fixtures/files/full.xml')
|
152
|
+
end
|
148
153
|
end
|
149
154
|
end
|
data/templates/full_node.fields
CHANGED
data/templates/full_node.sample
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-nexpose
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.14.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Martin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-08-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dradis-plugins
|
@@ -42,16 +42,16 @@ dependencies:
|
|
42
42
|
name: bundler
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
47
|
+
version: '0'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - "
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rake
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -102,6 +102,8 @@ executables: []
|
|
102
102
|
extensions: []
|
103
103
|
extra_rdoc_files: []
|
104
104
|
files:
|
105
|
+
- ".github/issue_template.md"
|
106
|
+
- ".github/pull_request_template.md"
|
105
107
|
- ".gitignore"
|
106
108
|
- ".rspec"
|
107
109
|
- CHANGELOG.md
|
@@ -168,8 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
168
170
|
- !ruby/object:Gem::Version
|
169
171
|
version: '0'
|
170
172
|
requirements: []
|
171
|
-
|
172
|
-
rubygems_version: 2.6.12
|
173
|
+
rubygems_version: 3.0.3
|
173
174
|
signing_key:
|
174
175
|
specification_version: 4
|
175
176
|
summary: Nexpose add-on for the Dradis Framework.
|