dradis-acunetix 3.18.0

data/README.md

@@ -0,0 +1,27 @@
+# Acunetix add-on for Dradis
+
+[![Build Status](https://secure.travis-ci.org/dradis/dradis-acunetix.png?branch=master)](http://travis-ci.org/dradis/dradis-acunetix) [![Code Climate](https://codeclimate.com/github/dradis/dradis-acunetix.png)](https://codeclimate.com/github/dradis/dradis-acunetix.png)
+
+The Acunetix add-on enables users to upload Acunexit XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
+
+The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+
+
+## More information
+
+See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+
+
+## Contributing
+
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+
+
+## License
+
+Dradis Framework and all its components are released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the Free Software Foundation and appearing in the file LICENSE included in the packaging of this file.
+
+
+## Feature requests and bugs
+
+Please use the [Dradis Framework issue tracker](https://github.com/dradis/dradis-ce/issues) for add-on improvements and bug reports.

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/dradis-acunetix.gemspec

@@ -0,0 +1,35 @@
+$:.push File.expand_path('../lib', __FILE__)
+require 'dradis/plugins/acunetix/version'
+version = Dradis::Plugins::Acunetix::VERSION::STRING
+
+
+# Describe your gem and declare its dependencies:
+Gem::Specification.new do |spec|
+  spec.platform      = Gem::Platform::RUBY
+  spec.name = 'dradis-acunetix'
+  spec.version = version
+  spec.summary = 'Acunetix add-on for the Dradis Framework.'
+  spec.description = 'This add-on allows you to upload and parse output produced from Acunetix Web Vulnerability Scanner into Dradis.'
+
+  spec.license = 'GPL-2'
+
+  spec.authors = ['Daniel Martin']
+  spec.email = ['etd@nomejortu.com']
+  spec.homepage = 'http://dradisframework.org'
+
+  spec.files = `git ls-files`.split($\)
+  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+
+  # By not including Rails as a dependency, we can use the gem with different
+  # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
+  # until we bump Dradis Pro to 4.1.
+  # s.add_dependency 'rails', '~> 4.1.1'
+  spec.add_dependency 'dradis-plugins', '~> 3.6'
+  spec.add_dependency 'nokogiri', '~> 1.3'
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec-rails'
+  spec.add_development_dependency 'combustion', '~> 0.5.2'
+end

data/lib/acunetix/report_item.rb

@@ -0,0 +1,168 @@
+module Acunetix
+  # This class represents each of the /ScanGroup/Scan/ReportItems/ReportItem
+  # elements in the Acunetix XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class ReportItem
+    attr_accessor :xml
+
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They can be attributes, simple descendans or
+    # collections.
+    def supported_tags
+      [
+        # attributes
+        # :color
+
+        # simple tags
+        :name, :module_name, :severity, :type, :impact, :description,
+        :detailed_information, :recommendation, :cwe,
+
+        # tags that correspond to Evidence
+        :details, :affects, :parameter, :aop_source_file, :aop_source_line,
+        :aop_additional, :is_false_positive,
+
+
+        # nested tags
+        :request, :response,
+        :cvss_descriptor, :cvss_score,
+        :cvss3_descriptor, :cvss3_score, :cvss3_tempscore, :cvss3_envscore,
+
+        # multiple tags
+        :cve_list, :references
+        ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+
+      # Any fields where a simple .camelcase() won't work we need to translate,
+      # this includes acronyms (e.g. :cwe would become 'Cwe') and simple nested
+      # tags.
+      translations_table = {
+                    cwe: 'CWE',
+        aop_source_file: 'AOPSourceFile',
+        aop_source_line: 'AOPSourceLine',
+         aop_additional: 'AOPAdditional',
+                request: 'TechnicalDetails/Request',
+               response: 'TechnicalDetails/Response',
+        cvss_descriptor: 'CVSS/Descriptor',
+             cvss_score: 'CVSS/Score',
+       cvss3_descriptor: 'CVSS3/Descriptor',
+            cvss3_score: 'CVSS3/Score',
+        cvss3_tempscore: 'CVSS3/TempScore',
+         cvss3_envscore: 'CVSS3/EnvScore'
+      }
+      method_name = translations_table.fetch(method, method.to_s.camelcase)
+      # first we try the attributes:
+      # return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
+
+
+      # There is a ./References tag, but we want to short-circuit that one to
+      # do custom processing.
+      return references_list() if method == :references
+
+      # then we try the children tags
+      tag = xml.at_xpath("./#{method_name}")
+      if tag && !tag.text.blank?
+        if tags_with_html_content.include?(method)
+          return cleanup_html(tag.text)
+        elsif tags_with_commas.include?(method)
+          return cleanup_decimals(tag.text)
+        else
+          return tag.text
+        end
+      else
+        'n/a'
+      end
+
+      return 'unimplemented'   if method == :cve_list
+
+      # nothing found
+      return nil
+    end
+
+    private
+
+    def cleanup_html(source)
+      result = source.dup
+      result.gsub!(/&quot;/, '"')
+      result.gsub!(/&amp;/, '&')
+      result.gsub!(/&lt;/, '<')
+      result.gsub!(/&gt;/, '>')
+
+      result.gsub!(/<b>(.*?)<\/b>/) { "*#{$1.strip}*" }
+      result.gsub!(/<br\/>/, "\n")
+      result.gsub!(/<font.*?>(.*?)<\/font>/m, '\1')
+      result.gsub!(/<h2>(.*?)<\/h2>/) { "*#{$1.strip}*" }
+      result.gsub!(/<i>(.*?)<\/i>/, '\1')
+      result.gsub!(/<p>(.*?)<\/p>/, '\1')
+      result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m){|m| "\n\nbc.. #{$1.strip}\n\np.  \n" }
+      result.gsub!(/<pre.*?>(.*?)<\/pre>/m){|m| "\n\nbc.. #{$1.strip}\n\np.  \n" }
+      result.gsub!(/<ul>(.*?)<\/ul>/m){"#{$1.strip}\n"}
+
+      result.gsub!(/<li>(.*?)<\/li>/){"\n* #{$1.strip}"}
+
+      result.gsub!(/<strong>(.*?)<\/strong>/) { "*#{$1.strip}*" }
+      result.gsub!(/<span.*?>(.*?)<\/span>/m){"#{$1.strip}\n"} 
+
+      result
+    end
+
+    def cleanup_decimals(source)
+      result = source.dup
+      result.gsub!(/([0-9])\,([0-9])/, '\1.\2')
+      result
+    end
+
+    def references_list
+      references = ''
+      xml.xpath('./References/Reference').each do |xml_reference|
+        references << xml_reference.at_xpath('./Database').text()
+        references << "\n"
+        references << xml_reference.at_xpath('./URL').text()
+        references << "\n\n"
+      end
+      references
+    end
+
+    # Some of the values have embedded HTML conent that we need to strip
+    def tags_with_html_content
+      [:details, :description, :detailed_information, :impact, :recommendation]
+    end
+
+    def tags_with_commas
+      [:cvss3_score, :cvss3_tempscore, :cvss3_envscore]
+    end
+
+  end
+end

data/lib/acunetix/scan.rb

@@ -0,0 +1,93 @@
+module Acunetix
+  # This class represents each of the /ScanGroup/Scan elements in the Acunetix
+  # XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class Scan
+    attr_accessor :xml
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+      unless @xml.name == "Scan"
+        raise "Invalid XML; root node must be called 'Scan'"
+      end
+    end
+
+    # List of supported tags. They are all descendents of the ./Scan node.
+    SUPPORTED_TAGS = [
+        # attributes
+
+        # simple tags
+        :name, :short_name, :start_url, :start_time, :finish_time, :scan_time,
+        :aborted, :responsive, :banner, :os, :web_server, :technologies, :ip,
+        :fqdn, :operating_system, :mac_address, :netbios_name, :scan_start_time,
+        :scan_stop_time
+      ]
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if SUPPORTED_TAGS.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # corresponding <tag/> element inside the ./Scan child.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      super and return unless SUPPORTED_TAGS.include?(method)
+
+      if tag = xml.at_xpath("./#{tag_name_for_method(method)}")
+        tag.text
+      else
+        nil
+      end
+    end
+
+
+    def report_items
+      @xml.xpath('./ReportItems/ReportItem')
+    end
+
+
+    def service
+      "port #{start_url_port}, #{banner}"
+    end
+
+
+    def start_url_host
+      start_uri.host
+    end
+    alias_method :hostname, :start_url_host
+
+
+    def start_url_port
+      start_uri.port
+    end
+
+    private
+
+    def start_uri
+      @start_uri ||= URI::parse(start_url)
+    end
+
+    def tag_name_for_method(method)
+      # Any fields where a simple .camelcase() won't work we need to translate,
+      # this includes acronyms (e.g. :scan_url would become 'ScanUrl').
+      {
+        start_url: 'StartURL'
+      }[method] || method.to_s.camelcase
+    end
+
+  end
+end

data/lib/dradis-acunetix.rb

@@ -0,0 +1,9 @@
+# hook to the framework base clases
+require 'dradis-plugins'
+
+# load this add-on's engine
+require 'dradis/plugins/acunetix'
+
+# load supporting Acunetix classes
+require 'acunetix/report_item'
+require 'acunetix/scan'

data/lib/dradis/plugins/acunetix.rb

@@ -0,0 +1,12 @@
+module Dradis
+  module Plugins
+    module Acunetix
+    end
+  end
+end
+
+require 'dradis/plugins/acunetix/engine'
+require 'dradis/plugins/acunetix/field_processor'
+require 'dradis/plugins/acunetix/importer'
+require 'dradis/plugins/acunetix/version'
+

data/lib/dradis/plugins/acunetix/engine.rb

@@ -0,0 +1,9 @@
+module Dradis::Plugins::Acunetix
+  class Engine < ::Rails::Engine
+    isolate_namespace Dradis::Plugins::Acunetix
+
+    include ::Dradis::Plugins::Base
+    description 'Processes Acunetix XML format'
+    provides :upload
+  end
+end

data/lib/dradis/plugins/acunetix/field_processor.rb

@@ -0,0 +1,25 @@
+module Dradis::Plugins::Acunetix
+  # This processor defers to ::Acunetix::Scan for the scan template and to
+  # ::Acunetix::ReportItem for the report_item and evidence templates.
+  class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
+
+    def post_initialize(args={})
+      if data.name == "Scan"
+        @acunetix_object = ::Acunetix::Scan.new(data)
+      else
+        @acunetix_object = ::Acunetix::ReportItem.new(data)
+      end
+    end
+
+    def value(args={})
+      field = args[:field]
+
+      # fields in the template are of the form <foo>.<field>, where <foo>
+      # is common across all fields for a given template (and meaningless).
+      _, name = field.split('.')
+
+      @acunetix_object.try(name) || 'n/a'
+    end
+  end
+
+end

data/lib/dradis/plugins/acunetix/gem_version.rb

@@ -0,0 +1,19 @@
+module Dradis
+  module Plugins
+    module Acunetix
+      # Returns the version of the currently loaded Acunetix as a <tt>Gem::Version</tt>
+      def self.gem_version
+        Gem::Version.new VERSION::STRING
+      end
+
+      module VERSION
+        MAJOR = 3
+        MINOR = 18
+        TINY = 0
+        PRE = nil
+
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+      end
+    end
+  end
+end

data/lib/dradis/plugins/acunetix/importer.rb

@@ -0,0 +1,78 @@
+module Dradis::Plugins::Acunetix
+  class Importer < Dradis::Plugins::Upload::Importer
+
+    # The framework will call this function if the user selects this plugin from
+    # the dropdown list and uploads a file.
+    # @returns true if the operation was successful, false otherwise
+    def import(params={})
+      file_content    = File.read( params.fetch(:file) )
+
+      logger.info{'Parsing Acunetix output file...'}
+      @doc = Nokogiri::XML( file_content )
+      logger.info{'Done.'}
+
+      if @doc.xpath('/ScanGroup/Scan').empty?
+        error = "No scan results were detected in the uploaded file (/ScanGroup/Scan). Ensure you uploaded an Acunetix XML report."
+        logger.fatal{ error }
+        content_service.create_note text: error
+        return false
+      end
+
+      @doc.xpath('/ScanGroup/Scan').each do |xml_scan|
+        process_scan(xml_scan)
+      end
+
+      return true
+    end # /import
+
+
+    private
+    attr_accessor :scan_node
+
+    def process_scan(xml_scan)
+      url = xml_scan.at_xpath('./StartURL').text()
+      start_url = URI::parse(url).host || url # urls wo/ protocol returned nil
+
+      self.scan_node = content_service.create_node(label: start_url, type: :host)
+      logger.info{ "\tScan start URL: #{start_url}" }
+
+      # Define Node properties
+      if scan_node.respond_to?(:properties)
+        scan_node.set_property(:short_name, xml_scan.at_xpath('./ShortName').text() )
+        scan_node.set_property(:start_url, start_url)
+        scan_node.set_property(:start_time, xml_scan.at_xpath('./StartTime').text() )
+        scan_node.set_property(:finish_time, xml_scan.at_xpath('./FinishTime').text() )
+        scan_node.set_property(:scan_time, xml_scan.at_xpath('./ScanTime').text() )
+        scan_node.set_property(:aborted, xml_scan.at_xpath('./Aborted').text() )
+        scan_node.set_property(:responsive, xml_scan.at_xpath('./Responsive').text() )
+        scan_node.set_property(:banner, xml_scan.at_xpath('./Banner').text() )
+        scan_node.set_property(:os, xml_scan.at_xpath('./Os').text() )
+        scan_node.set_property(:web_server, xml_scan.at_xpath('./WebServer').text() )
+        scan_node.set_property(:technologies, xml_scan.at_xpath('./Technologies').text() )
+        scan_node.save
+      end
+
+      scan_note = template_service.process_template(template: 'scan', data: xml_scan)
+      content_service.create_note text: scan_note, node: scan_node
+
+      xml_scan.xpath('./ReportItems/ReportItem').each do |xml_report_item|
+        process_report_item(xml_report_item)
+      end
+    end
+
+    def process_report_item(xml_report_item)
+      plugin_id = "%s/%s" % [
+                              xml_report_item.at_xpath('./ModuleName').text(),
+                              xml_report_item.at_xpath('./Name').text()
+                            ]
+      logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
+
+      issue_text = template_service.process_template(template: 'report_item', data: xml_report_item)
+      issue = content_service.create_issue(text: issue_text, id: plugin_id)
+
+      logger.info{ "\t\t => Creating new evidence" }
+      evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item)
+      content_service.create_evidence(issue: issue, node: scan_node, content: evidence_content)
+    end
+  end
+end