dradis-nexpose 3.20.0 → 4.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +47 -50
- data/CHANGELOG.template +12 -0
- data/dradis-nexpose.gemspec +1 -1
- data/lib/dradis/plugins/nexpose/gem_version.rb +2 -2
- data/lib/nexpose/vulnerability.rb +10 -9
- metadata +9 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8fd614ab4ae6d76629846fcc4b4446ae557f34057bc60abee7a10e7e73859bd9
|
|
4
|
+
data.tar.gz: f41b9074788b7c48ee2868424cceeb0d4857499c1ed1a811920c9887cc283be8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5ee4f44de8248385c6fc0d4ced288088bc2561b7dc2ad0e5fce555f2ec86186092cd23d7d85ef790f439df3f27c731c9e78f892042aaad68a5dddedbeb5ff0f0
|
|
7
|
+
data.tar.gz: 076bffc61f49b676914e19f075fc23da290d4e87f88d227e4c9efcf519e8078d5f0a961e5e59785da2da86ae9b74aa18773cf7e688ddbf10f33d1eeaa29ee5e5
|
data/CHANGELOG.md
CHANGED
|
@@ -1,69 +1,66 @@
|
|
|
1
|
-
|
|
1
|
+
v4.1.0 (November 2021)
|
|
2
|
+
- Update HTML tag cleanup to better cover `UnorderedList` and `URLLink` tags in the solution field
|
|
2
3
|
|
|
3
|
-
|
|
4
|
+
v4.0.0 (July 2021)
|
|
5
|
+
- Expand coverage for cipher wrapping to ssl-anon-ciphers and ssl-only-weak-ciphers
|
|
6
|
+
- Update HTML tag cleanup
|
|
4
7
|
|
|
5
|
-
|
|
8
|
+
v3.22.0 (April 2021)
|
|
9
|
+
- No changes
|
|
6
10
|
|
|
7
|
-
|
|
11
|
+
v3.21.0 (February 2021)
|
|
12
|
+
- No changes
|
|
8
13
|
|
|
9
|
-
|
|
14
|
+
v3.20.0 (December 2020)
|
|
15
|
+
- Expand coverage for cipher wrapping
|
|
10
16
|
|
|
11
|
-
|
|
17
|
+
v3.19.0 (September 2020)
|
|
18
|
+
- No changes
|
|
12
19
|
|
|
13
|
-
|
|
20
|
+
v3.18.0 (July 2020)
|
|
21
|
+
- No changes
|
|
14
22
|
|
|
15
|
-
|
|
23
|
+
v3.17.0 (May 2020)
|
|
24
|
+
- Expand coverage for cipher wrapping
|
|
16
25
|
|
|
17
|
-
|
|
26
|
+
v3.16.0 (February 2020)
|
|
27
|
+
- No changes
|
|
18
28
|
|
|
19
|
-
|
|
29
|
+
v3.15.0 (November 2019)
|
|
30
|
+
- Wrap ciphers in code blocks
|
|
20
31
|
|
|
21
|
-
|
|
32
|
+
v3.14.0 (August 2019)
|
|
33
|
+
- Add risk-score attribute to nodes
|
|
22
34
|
|
|
23
|
-
|
|
35
|
+
v3.13.0 (June 2019)
|
|
36
|
+
- No changes
|
|
24
37
|
|
|
25
|
-
|
|
38
|
+
v3.12.0 (March 2019)
|
|
39
|
+
- No changes
|
|
26
40
|
|
|
27
|
-
|
|
41
|
+
v3.11.0 (November 2018)
|
|
42
|
+
- No changes
|
|
28
43
|
|
|
29
|
-
|
|
44
|
+
v3.10.1 (October 2018)
|
|
45
|
+
- Fix usage of set_property(:services) to use set_service
|
|
30
46
|
|
|
31
|
-
|
|
47
|
+
v3.10.0 (August 2018)
|
|
48
|
+
- Create `hostname` and `os` Node properties (if present)
|
|
49
|
+
- Improve parsing of `<ListItem>` tags
|
|
50
|
+
- Import `vulnerability.tags` field as expected
|
|
51
|
+
- Import `<Paragraph preformat="true">` tags as code blocks
|
|
52
|
+
- Import `<URLLink>` tags as textile links
|
|
53
|
+
- Resolve duplicate content in nested `<Paragraph>` tags
|
|
32
54
|
|
|
33
|
-
|
|
55
|
+
v3.9.0 (January 2018)
|
|
56
|
+
- No changes
|
|
34
57
|
|
|
35
|
-
|
|
58
|
+
v3.8.0 (September 2017)
|
|
59
|
+
- No changes
|
|
36
60
|
|
|
37
|
-
|
|
61
|
+
v3.7.0 (July 2017)
|
|
62
|
+
- Add full evidence template for exporting evidences
|
|
63
|
+
- Fix issue resulting in Evidence with null content
|
|
38
64
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
## Dradis Framework 3.10.1 (October, 2018) ##
|
|
42
|
-
|
|
43
|
-
* Fix usage of set_property(:services) to use set_service
|
|
44
|
-
|
|
45
|
-
## Dradis Framework 3.10 (August, 2018) ##
|
|
46
|
-
|
|
47
|
-
* Resolve duplicate content in nested `<Paragraph>` tags
|
|
48
|
-
* Import `<URLLink>` tags as textile links
|
|
49
|
-
* Import `<Paragraph preformat="true">` tags as code blocks
|
|
50
|
-
* Improve parsing of `<ListItem>` tags
|
|
51
|
-
* Import `vulnerability.tags` field as expected
|
|
52
|
-
* Create `hostname` and `os` Node properties (if present)
|
|
53
|
-
|
|
54
|
-
## Dradis Framework 3.9 (January, 2018) ##
|
|
55
|
-
|
|
56
|
-
* No changes.
|
|
57
|
-
|
|
58
|
-
## Dradis Framework 3.8 (September, 2017) ##
|
|
59
|
-
|
|
60
|
-
* No changes.
|
|
61
|
-
|
|
62
|
-
## Dradis Framework 3.7 (July, 2017) ##
|
|
63
|
-
|
|
64
|
-
* Add full evidence template for exporting evidences.
|
|
65
|
-
* Fix issue resulting in Evidence with null content.
|
|
66
|
-
|
|
67
|
-
## Dradis Framework 3.6 (March, 2017) ##
|
|
68
|
-
|
|
69
|
-
* No changes.
|
|
65
|
+
v3.6.0 (March 2017)
|
|
66
|
+
- No changes
|
data/CHANGELOG.template
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
[v#.#.#] ([month] [YYYY])
|
|
2
|
+
- [future tense verb] [feature]
|
|
3
|
+
- Upgraded gems:
|
|
4
|
+
- [gem]
|
|
5
|
+
- Bugs fixes:
|
|
6
|
+
- [future tense verb] [bug fix]
|
|
7
|
+
- Bug tracker items:
|
|
8
|
+
- [item]
|
|
9
|
+
- Security Fixes:
|
|
10
|
+
- High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
|
11
|
+
- Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
|
12
|
+
- Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
data/dradis-nexpose.gemspec
CHANGED
|
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
# versions of Rails (a sure recipe for disaster, I'm sure), which is needed
|
|
26
26
|
# until we bump Dradis Pro to 4.1.
|
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
|
28
|
-
spec.add_dependency 'dradis-plugins', '~>
|
|
28
|
+
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
|
29
29
|
spec.add_dependency 'nokogiri', '~> 1.3'
|
|
30
30
|
|
|
31
31
|
spec.add_development_dependency 'bundler'
|
|
@@ -8,7 +8,7 @@ module Nexpose
|
|
|
8
8
|
# Instead of providing separate methods for each supported property we rely
|
|
9
9
|
# on Ruby's #method_missing to do most of the work.
|
|
10
10
|
class Vulnerability
|
|
11
|
-
SSL_CIPHER_VULN_IDS = %w[ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
|
|
11
|
+
SSL_CIPHER_VULN_IDS = %w[ssl-anon-ciphers ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-only-weak-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
|
|
12
12
|
|
|
13
13
|
# Accepts an XML node from Nokogiri::XML.
|
|
14
14
|
def initialize(xml_node)
|
|
@@ -112,17 +112,18 @@ module Nexpose
|
|
|
112
112
|
def cleanup_html(source)
|
|
113
113
|
result = source.to_s
|
|
114
114
|
result.gsub!(/<ContainerBlockElement>(.*?)<\/ContainerBlockElement>/m){|m| "#{ $1 }"}
|
|
115
|
-
result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/
|
|
115
|
+
result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/mi){|m| "\nbc. #{ $1 }\n\n"}
|
|
116
116
|
result.gsub!(/<Paragraph>(.*?)<\/Paragraph>/m){|m| "#{ $1 }\n"}
|
|
117
|
-
result.gsub!(/<Paragraph>/, '')
|
|
118
|
-
result.gsub!(
|
|
119
|
-
result.gsub!(/<
|
|
120
|
-
result.gsub!(/<ListItem
|
|
117
|
+
result.gsub!(/<Paragraph>|<\/Paragraph>/, '')
|
|
118
|
+
result.gsub!(/<UnorderedList (.*?)>(.*?)<\/UnorderedList>/m){|m| "#{ $2 }"}
|
|
119
|
+
result.gsub!(/<OrderedList(.*?)>(.*?)<\/OrderedList>/m){|m| "#{ $2 }"}
|
|
120
|
+
result.gsub!(/<ListItem>|<\/ListItem>/, '')
|
|
121
121
|
result.gsub!(/ /, '')
|
|
122
|
+
result.gsub!(/ /, '')
|
|
122
123
|
result.gsub!(/\t\t/, '')
|
|
123
|
-
result.gsub!(/<URLLink
|
|
124
|
-
result.gsub!(/<URLLink
|
|
125
|
-
result.gsub!(/<URLLink
|
|
124
|
+
result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/im) { "\"#{$4.strip}\":#{$2.strip} " }
|
|
125
|
+
result.gsub!(/<URLLink LinkTitle=\"(.*?)\"(.*?)LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$3.strip} " }
|
|
126
|
+
result.gsub!(/<URLLink LinkURL=\"(.*?)\"(.*?)LinkTitle=\"(.*?)\"\/>/i) { "\"#{$3.strip}\":#{$1.strip} " }
|
|
126
127
|
result.gsub!(/>/, '>')
|
|
127
128
|
result.gsub!(/</, '<')
|
|
128
129
|
result
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-nexpose
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '
|
|
19
|
+
version: '4.0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
26
|
+
version: '4.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: nokogiri
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -107,6 +107,7 @@ files:
|
|
|
107
107
|
- ".gitignore"
|
|
108
108
|
- ".rspec"
|
|
109
109
|
- CHANGELOG.md
|
|
110
|
+
- CHANGELOG.template
|
|
110
111
|
- CONTRIBUTING.md
|
|
111
112
|
- Gemfile
|
|
112
113
|
- LICENSE
|
|
@@ -156,7 +157,7 @@ homepage: http://dradisframework.org
|
|
|
156
157
|
licenses:
|
|
157
158
|
- GPL-2
|
|
158
159
|
metadata: {}
|
|
159
|
-
post_install_message:
|
|
160
|
+
post_install_message:
|
|
160
161
|
rdoc_options: []
|
|
161
162
|
require_paths:
|
|
162
163
|
- lib
|
|
@@ -171,8 +172,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
171
172
|
- !ruby/object:Gem::Version
|
|
172
173
|
version: '0'
|
|
173
174
|
requirements: []
|
|
174
|
-
rubygems_version: 3.
|
|
175
|
-
signing_key:
|
|
175
|
+
rubygems_version: 3.1.6
|
|
176
|
+
signing_key:
|
|
176
177
|
specification_version: 4
|
|
177
178
|
summary: Nexpose add-on for the Dradis Framework.
|
|
178
179
|
test_files:
|