RubyGems - dradis-acunetix - Versions diffs - 4.10.0 → 4.12.0 - Mend

dradis-acunetix 4.10.0 → 4.12.0

Files changed (20) hide show

checksums.yaml +4 -4
data/.github/pull_request_template.md +12 -3
data/CHANGELOG.md +7 -0
data/README.md +3 -3
data/lib/dradis/plugins/acunetix/formats/acunetix360.rb +4 -4
data/lib/dradis/plugins/acunetix/formats/standard.rb +3 -3
data/lib/dradis/plugins/acunetix/gem_version.rb +1 -1
data/lib/dradis/plugins/acunetix/mapping.rb +154 -0
data/lib/dradis/plugins/acunetix.rb +1 -0
metadata +3 -12
data/templates/evidence.fields +0 -9
data/templates/evidence.template +0 -16
data/templates/evidence_360.fields +0 -5
data/templates/evidence_360.template +0 -5
data/templates/report_item.fields +0 -18
data/templates/report_item.template +0 -59
data/templates/scan.fields +0 -12
data/templates/scan.template +0 -16
data/templates/vulnerability_360.fields +0 -30
data/templates/vulnerability_360.template +0 -74

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2d210ce13d9d521f3341479ad1f6699c5d97d365481fc83312601d14e67c893c
-  data.tar.gz: 43ddff9e36ee490df0b6f32dc42bc79ff0922d00a20dcc17830b41a97064f0e6
+  metadata.gz: f524ed0cb7e422e55d6a417c7f44ffcc75062ad8fd270c3974b5d4df36296cb7
+  data.tar.gz: 3c76fdd522b2471213d32b88e5fe83675b22fd5cf542f3b560cf589169656fac
 SHA512:
-  metadata.gz: 8f2331adc43b9cc9655d757b17ad2ef876fece56b7318fd2174de3ea332015acbc9d7866ff7fdfe41715cf64d39e9af4b1785024d6ba396bdd46bf9a55581774
-  data.tar.gz: 91b26c3a9af85eb7b6069f53dbaf9a4d8eb797475902ffcffb091c6e3b86c9f4b1df53974af7f04e10a17477d8352978070affbeb6d54ac063c4492435fdabc4
+  metadata.gz: 1cd647ad42044b3e6eaed0bdd803cbac50e64f82d2bff5d8849b631409e64a41d4f280a4ee045286b5618e6bf587d8860786e65eb8dcb8e1f72e8b835c739b4b
+  data.tar.gz: b6d4cf1be6d5fd42cad884af20b045551c2390f6c18bae467aaecfd03e289e49c29c903e5440c8ca495c87cce6e6d6839c93e92a6d110ad173dcbb7984edd192

data/.github/pull_request_template.md CHANGED Viewed

@@ -1,3 +1,5 @@
+Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
 ### Summary
 Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
 to keep the conversation linked together.
+### Testing Steps
+Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
 ### Other Information
 If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
 codebase. Any code you create which is merged must be owned by us.
 That's not us trying to be a jerks, that's just the way it works.
-Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
-file for the details.
 You can delete this section, but the following sentence needs to
 remain in the PR's description:
 > I assign all rights, including copyright, to any future Dradis
 > work by myself to Security Roots.
+### Check List
+- [ ] Added a CHANGELOG entry
+- [ ] Added specs

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,10 @@
+v4.12.0 (May 2024)
+  - Migrate integration to use Mappings Manager
+  - Update Dradis links in README
+v4.11.0 (January 2024)
+  - No changes
 v4.10.0 (September 2023)
   - Update gemspec links

data/README.md CHANGED Viewed

@@ -4,17 +4,17 @@
 The Acunetix add-on enables users to upload Acunexit XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
-The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 ## More information
-See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
 ## Contributing
-See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
 ## License

data/lib/dradis/plugins/acunetix/formats/acunetix360.rb CHANGED Viewed

@@ -28,8 +28,8 @@ module Dradis::Plugins::Acunetix::Formats
       logger.info { 'Creating issues from Acunetix360 vulnerabilities.' }
       xml.xpath('//acunetix-360/vulnerabilities/vulnerability').each do |vuln_xml|
-        issue_text = template_service.process_template(
-          template: 'vulnerability_360',
+        issue_text = mapping_service.apply_mapping(
+          source: 'vulnerability_360',
           data: vuln_xml
         )
@@ -38,8 +38,8 @@ module Dradis::Plugins::Acunetix::Formats
         logger.info { "\t\t => Creating new issue: #{type}" }
         issue = content_service.create_issue(text: issue_text, id: type)
-        evidence_text = template_service.process_template(
-          template: 'evidence_360',
+        evidence_text = mapping_service.apply_mapping(
+          source: 'evidence_360',
           data: vuln_xml
         )

data/lib/dradis/plugins/acunetix/formats/standard.rb CHANGED Viewed

@@ -32,7 +32,7 @@ module Dradis::Plugins::Acunetix::Formats
         scan_node.save
       end
-      scan_note = template_service.process_template(template: 'scan', data: xml_scan)
+      scan_note = mapping_service.apply_mapping(source: 'scan', data: xml_scan)
       content_service.create_note text: scan_note, node: scan_node
       xml_scan.xpath('./ReportItems/ReportItem').each do |xml_report_item|
@@ -47,11 +47,11 @@ module Dradis::Plugins::Acunetix::Formats
                             ]
       logger.info { "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
-      issue_text = template_service.process_template(template: 'report_item', data: xml_report_item)
+      issue_text = mapping_service.apply_mapping(source: 'report_item', data: xml_report_item)
       issue = content_service.create_issue(text: issue_text, id: plugin_id)
       logger.info { "\t\t => Creating new evidence" }
-      evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item)
+      evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_report_item)
       content_service.create_evidence(issue: issue, node: scan_node, content: evidence_content)
     end
   end

data/lib/dradis/plugins/acunetix/gem_version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 10
+        MINOR = 12
         TINY = 0
         PRE = nil

data/lib/dradis/plugins/acunetix/mapping.rb ADDED Viewed

@@ -0,0 +1,154 @@
+module Dradis::Plugins::Acunetix
+  module Mapping
+    DEFAULT_MAPPING = {
+      evidence_360: {
+        'HTTP Request' => '{{ acunetix[evidence_360.http_request] }}',
+        'HTTP Response' => '{{ acunetix[evidence_360.http_response] }}'
+      },
+      evidence: {
+        'Details' => '{{ acunetix[evidence.details] }}',
+        'Affects' => "|_. Location |_. Parameter |\n| {{ acunetix[evidence.affects] }} | {{ acunetix[evidence.parameter] }} |",
+        'AOP' => "|_. File |_. Line |_. Additional |\n| {{ acunetix[evidence.aop_source_file] }} | {{ acunetix[evidence.aop_source_line] }} | {{ acunetix[evidence.aop_additional] }} |",
+        'FalsePositive' => '{{ acunetix[evidence.is_false_positive] }}'
+      },
+      report_item: {
+        'Title' => '{{ acunetix[report_item.name] }}',
+        'Severity' => '{{ acunetix[report_item.severity] }}',
+        'Type' => '{{ acunetix[report_item.type] }}',
+        'Impact' => '{{ acunetix[report_item.impact] }}',
+        'Description' => '{{ acunetix[report_item.description] }}',
+        'DetailedInformation' => '{{ acunetix[report_item.detailed_information] }}',
+        'Recommendation' => '{{ acunetix[report_item.recommendation] }}',
+        'CVSSVector' => '{{ acunetix[report_item.cvss_descriptor] }}',
+        'CVSSScore' => '{{ acunetix[report_item.cvss_score] }}',
+        'CVSS3Vector' => '{{ acunetix[report_item.cvss3_descriptor] }}',
+        'CVSS3Score' => '{{ acunetix[report_item.cvss3_score] }}',
+        'CVSS3TempScore' => '{{ acunetix[report_item.cvss3_tempscore] }}',
+        'CVSS3EnvScore' => '{{ acunetix[report_item.cvss3_envscore] }}',
+        'CVEList' => '{{ acunetix[report_item.cve_list] }}',
+        'References' => '{{ acunetix[report_item.references] }}'
+      },
+      scan: {
+        'Title' => 'Acunetix scanner notes ({{ acunetix[scan.start_time] }})',
+        'ScanName' => '{{ acunetix[scan.name] }}',
+        'StartURL' => '{{ acunetix[scan.start_url] }}',
+        'TimeAndFlags' => "|_. Start |_. Finish |_. Total |_. Aborted |_. Responsive |\n| {{ acunetix[scan.start_time] }} | {{ acunetix[scan.finish_time] }} | {{ acunetix[scan.scan_time] }} | {{ acunetix[scan.aborted] }} | {{ acunetix[scan.responsive] }} |",
+        'Fingerprint' => "|_. Banner |_. OS |_. Web server |_. Technologies |\n| {{ acunetix[scan.banner] }} | {{ acunetix[scan.os] }} | {{ acunetix[scan.web_server] }} | {{ acunetix[scan.technologies] }} |"
+      },
+      vulnerability_360: {
+        'Title' => '{{ acunetix[vulnerability_360.name] }}',
+        'Type' => '{{ acunetix[vulnerability_360.type] }}',
+        'URL' => '{{ acunetix[vulnerability_360.url] }}',
+        'Severity' => '{{ acunetix[vulnerability_360.severity] }}',
+        'Description' => '{{ acunetix[vulnerability_360.description] }}',
+        'Impact' => '{{ acunetix[vulnerability_360.impact] }}',
+        'Certainty' => '{{ acunetix[vulnerability_360.certainty] }}',
+        'Confirmed' => '{{ acunetix[vulnerability_360.confirmed] }}',
+        'State' => '{{ acunetix[vulnerability_360.state] }}',
+        'OWASP' => '{{ acunetix[vulnerability_360.owasp] }}',
+        'WASC' => '{{ acunetix[vulnerability_360.wasc] }}',
+        'CWE' => '{{ acunetix[vulnerability_360.cwe] }}',
+        'CAPEC' => '{{ acunetix[vulnerability_360.capec] }}',
+        'PCI32' => '{{ acunetix[vulnerability_360.pci32] }}',
+        'HIPAA' => '{{ acunetix[vulnerability_360.hipaa] }}',
+        'OWASPPC' => '{{ acunetix[vulnerability_360.owasppc] }}',
+        'ISO27001' => '{{ acunetix[vulnerability_360.iso27001] }}',
+        'CVSSVector' => '{{ acunetix[vulnerability_360.cvss_vector] }}',
+        'CVSSBase' => '{{ acunetix[vulnerability_360.cvss_base] }}',
+        'CVSSTemporal' => '{{ acunetix[vulnerability_360.cvss_temporal] }}',
+        'CVSSEnvironmental' => '{{ acunetix[vulnerability_360.cvss_environmental] }}',
+        'CVSS3Vector' => '{{ acunetix[vulnerability_360.cvss31_vector] }}',
+        'CVSS3Base' => '{{ acunetix[vulnerability_360.cvss31_base] }}',
+        'CVSS3Temporal' => '{{ acunetix[vulnerability_360.cvss31_temporal] }}',
+        'CVSS3Environmental' => '{{ acunetix[vulnerability_360.cvss31_environmental] }}'
+      }
+    }.freeze
+    SOURCE_FIELDS = {
+      evidence_360: [
+        'evidence_360.http_request',
+        'evidence_360.http_request_method',
+        'evidence_360.http_response',
+        'evidence_360.http_response_status_code',
+        'evidence_360.http_response_duration'
+      ],
+      evidence: [
+        'evidence.details',
+        'evidence.affects',
+        'evidence.parameter',
+        'evidence.aop_source_file',
+        'evidence.aop_source_line',
+        'evidence.aop_additional',
+        'evidence.is_false_positive',
+        'evidence.request',
+        'evidence.response'
+      ],
+      report_item: [
+        'report_item.name',
+        'report_item.module_name',
+        'report_item.severity',
+        'report_item.type',
+        'report_item.impact',
+        'report_item.description',
+        'report_item.detailed_information',
+        'report_item.recommendation',
+        'report_item.request',
+        'report_item.response',
+        'report_item.cvss_descriptor',
+        'report_item.cvss_score',
+        'report_item.cvss3_descriptor',
+        'report_item.cvss3_score',
+        'report_item.cvss3_tempscore',
+        'report_item.cvss3_envscore',
+        'report_item.cve_list',
+        'report_item.references'
+      ],
+      scan: [
+        'scan.name',
+        'scan.short_name',
+        'scan.start_url',
+        'scan.start_time',
+        'scan.finish_time',
+        'scan.scan_time',
+        'scan.aborted',
+        'scan.responsive',
+        'scan.banner',
+        'scan.os',
+        'scan.web_server',
+        'scan.technologies'
+      ],
+      vulnerability_360: [
+        'vulnerability_360.name',
+        'vulnerability_360.type',
+        'vulnerability_360.url',
+        'vulnerability_360.description',
+        'vulnerability_360.impact',
+        'vulnerability_360.remedial_actions',
+        'vulnerability_360.exploitation_skills',
+        'vulnerability_360.remedial_procedure',
+        'vulnerability_360.remedy_references',
+        'vulnerability_360.external_references',
+        'vulnerability_360.severity',
+        'vulnerability_360.certainty',
+        'vulnerability_360.confirmed',
+        'vulnerability_360.state',
+        'vulnerability_360.owasp',
+        'vulnerability_360.wasc',
+        'vulnerability_360.cwe',
+        'vulnerability_360.capec',
+        'vulnerability_360.pci32',
+        'vulnerability_360.hipaa',
+        'vulnerability_360.owasppc',
+        'vulnerability_360.iso27001',
+        'vulnerability_360.cvss_vector',
+        'vulnerability_360.cvss_base',
+        'vulnerability_360.cvss_temporal',
+        'vulnerability_360.cvss_environmental',
+        'vulnerability_360.cvss31_vector',
+        'vulnerability_360.cvss31_base',
+        'vulnerability_360.cvss31_temporal',
+        'vulnerability_360.cvss31_environmental'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/acunetix.rb CHANGED Viewed

@@ -8,5 +8,6 @@ end
 require 'dradis/plugins/acunetix/engine'
 require 'dradis/plugins/acunetix/field_processor'
 require 'dradis/plugins/acunetix/importer'
+require 'dradis/plugins/acunetix/mapping'
 require 'dradis/plugins/acunetix/version'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-acunetix
 version: !ruby/object:Gem::Version
-  version: 4.10.0
+  version: 4.12.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-07 00:00:00.000000000 Z
+date: 2024-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -125,6 +125,7 @@ files:
 - lib/dradis/plugins/acunetix/formats/standard.rb
 - lib/dradis/plugins/acunetix/gem_version.rb
 - lib/dradis/plugins/acunetix/importer.rb
+- lib/dradis/plugins/acunetix/mapping.rb
 - lib/dradis/plugins/acunetix/version.rb
 - lib/tasks/thorfile.rb
 - spec/dradis-acunetix_spec.rb
@@ -134,21 +135,11 @@ files:
 - spec/fixtures/files/testphp.vulnweb.com.export.acunetix.xml
 - spec/models/acunetix/scan_spec.rb
 - spec/spec_helper.rb
-- templates/evidence.fields
 - templates/evidence.sample
-- templates/evidence.template
-- templates/evidence_360.fields
 - templates/evidence_360.sample
-- templates/evidence_360.template
-- templates/report_item.fields
 - templates/report_item.sample
-- templates/report_item.template
-- templates/scan.fields
 - templates/scan.sample
-- templates/scan.template
-- templates/vulnerability_360.fields
 - templates/vulnerability_360.sample
-- templates/vulnerability_360.template
 homepage: https://dradis.com/integrations/acunetix.html
 licenses:
 - GPL-2

data/templates/evidence.fields DELETED Viewed

@@ -1,9 +0,0 @@
-evidence.details
-evidence.affects
-evidence.parameter
-evidence.aop_source_file
-evidence.aop_source_line
-evidence.aop_additional
-evidence.is_false_positive
-evidence.request
-evidence.response

data/templates/evidence.template DELETED Viewed

@@ -1,16 +0,0 @@
-#[Details]#
-%evidence.details%
-#[Affects]#
-|_. Location |_. Parameter |
-| %evidence.affects% | %evidence.parameter% |
-#[AOP]#
-|_. File |_. Line |_. Additional |
-| %evidence.aop_source_file% | %evidence.aop_source_line% | %evidence.aop_additional% |
-#[FalsePositive]#
-%evidence.is_false_positive%

data/templates/evidence_360.fields DELETED Viewed

@@ -1,5 +0,0 @@
-evidence_360.http_request
-evidence_360.http_request_method
-evidence_360.http_response
-evidence_360.http_response_status_code
-evidence_360.http_response_duration

data/templates/evidence_360.template DELETED Viewed

@@ -1,5 +0,0 @@
-#[HTTP Request]#
-%evidence_360.http_request%
-#[HTTP Response]#
-%evidence_360.http_response%

data/templates/report_item.fields DELETED Viewed

@@ -1,18 +0,0 @@
-report_item.name
-report_item.module_name
-report_item.severity
-report_item.type
-report_item.impact
-report_item.description
-report_item.detailed_information
-report_item.recommendation
-report_item.request
-report_item.response
-report_item.cvss_descriptor
-report_item.cvss_score
-report_item.cvss3_descriptor
-report_item.cvss3_score
-report_item.cvss3_tempscore
-report_item.cvss3_envscore
-report_item.cve_list
-report_item.references

data/templates/report_item.template DELETED Viewed

@@ -1,59 +0,0 @@
-#[Title]#
-%report_item.name%
-#[Severity]#
-%report_item.severity%
-#[Type]#
-%report_item.type%
-#[Impact]#
-%report_item.impact%
-#[Description]#
-%report_item.description%
-#[DetailedInformation]#
-%report_item.detailed_information%
-#[Recommendation]#
-%report_item.recommendation%
-#[CVSSVector]#
-%report_item.cvss_descriptor%
-#[CVSSScore]#
-%report_item.cvss_score%
-#[CVSS3Vector]#
-%report_item.cvss3_descriptor%
-#[CVSS3Score]#
-%report_item.cvss3_score%
-#[CVSS3TempScore]#
-%report_item.cvss3_tempscore%
-#[CVSS3EnvScore]#
-%report_item.cvss3_envscore%
-#[CVEList]#
-%report_item.cve_list%
-#[References]#
-%report_item.references%

data/templates/scan.fields DELETED Viewed

@@ -1,12 +0,0 @@
-scan.name
-scan.short_name
-scan.start_url
-scan.start_time
-scan.finish_time
-scan.scan_time
-scan.aborted
-scan.responsive
-scan.banner
-scan.os
-scan.web_server
-scan.technologies

data/templates/scan.template DELETED Viewed

@@ -1,16 +0,0 @@
-#[Title]#
-Acunetix scanner notes (%scan.start_time%)
-#[ScanName]#
-%scan.name%
-#[StartURL]#
-%scan.start_url%
-#[TimeAndFlags]#
-|_. Start |_. Finish |_. Total |_. Aborted |_. Responsive |
-| %scan.start_time% | %scan.finish_time% | %scan.scan_time% | %scan.aborted% | %scan.responsive% |
-#[Fingerprint]#
-|_. Banner |_. OS |_. Web server |_. Technologies |
-| %scan.banner% | %scan.os% | %scan.web_server% | %scan.technologies% |

data/templates/vulnerability_360.fields DELETED Viewed

@@ -1,30 +0,0 @@
-vulnerability_360.name
-vulnerability_360.type
-vulnerability_360.url
-vulnerability_360.description
-vulnerability_360.impact
-vulnerability_360.remedial_actions
-vulnerability_360.exploitation_skills
-vulnerability_360.remedial_procedure
-vulnerability_360.remedy_references
-vulnerability_360.external_references
-vulnerability_360.severity
-vulnerability_360.certainty
-vulnerability_360.confirmed
-vulnerability_360.state
-vulnerability_360.owasp
-vulnerability_360.wasc
-vulnerability_360.cwe
-vulnerability_360.capec
-vulnerability_360.pci32
-vulnerability_360.hipaa
-vulnerability_360.owasppc
-vulnerability_360.iso27001
-vulnerability_360.cvss_vector
-vulnerability_360.cvss_base
-vulnerability_360.cvss_temporal
-vulnerability_360.cvss_environmental
-vulnerability_360.cvss31_vector
-vulnerability_360.cvss31_base
-vulnerability_360.cvss31_temporal
-vulnerability_360.cvss31_environmental

data/templates/vulnerability_360.template DELETED Viewed

@@ -1,74 +0,0 @@
-#[Title]#
-%vulnerability_360.name%
-#[Type]#
-%vulnerability_360.type%
-#[URL]#
-%vulnerability_360.url%
-#[Severity]#
-%vulnerability_360.severity%
-#[Description]#
-%vulnerability_360.description%
-#[Impact]#
-%vulnerability_360.impact%
-#[Certainty]#
-%vulnerability_360.certainty%
-#[Confirmed]#
-%vulnerability_360.confirmed%
-#[State]#
-%vulnerability_360.state%
-#[OWASP]#
-%vulnerability_360.owasp%
-#[WASC]#
-%vulnerability_360.wasc%
-#[CWE]#
-%vulnerability_360.cwe%
-#[CAPEC]#
-%vulnerability_360.capec%
-#[PCI32]#
-%vulnerability_360.pci32%
-#[HIPAA]#
-%vulnerability_360.hipaa%
-#[OWASPPC]#
-%vulnerability_360.owasppc%
-#[ISO27001]#
-%vulnerability_360.iso27001%
-#[CVSSVector]#
-%vulnerability_360.cvss_vector%
-#[CVSSBase]#
-%vulnerability_360.cvss_base%
-#[CVSSTemporal]#
-%vulnerability_360.cvss_temporal%
-#[CVSSEnvironmental]#
-%vulnerability_360.cvss_environmental%
-#[CVSS3Vector]#
-%vulnerability_360.cvss31_vector%
-#[CVSS3Base]#
-%vulnerability_360.cvss31_base%
-#[CVSS3Temporal]#
-%vulnerability_360.cvss31_temporal%
-#[CVSS3Environmental]#
-%vulnerability_360.cvss31_environmental%