RubyGems - dradis-acunetix - Versions diffs - 4.11.0 → 4.12.0 - Mend

dradis-acunetix 4.11.0 → 4.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/README.md +1 -1
data/lib/dradis/plugins/acunetix/formats/acunetix360.rb +4 -4
data/lib/dradis/plugins/acunetix/formats/standard.rb +3 -3
data/lib/dradis/plugins/acunetix/gem_version.rb +1 -1
data/lib/dradis/plugins/acunetix/mapping.rb +154 -0
data/lib/dradis/plugins/acunetix.rb +1 -0
metadata +8 -17
data/templates/evidence.fields +0 -9
data/templates/evidence.template +0 -16
data/templates/evidence_360.fields +0 -5
data/templates/evidence_360.template +0 -5
data/templates/report_item.fields +0 -18
data/templates/report_item.template +0 -59
data/templates/scan.fields +0 -12
data/templates/scan.template +0 -16
data/templates/vulnerability_360.fields +0 -30
data/templates/vulnerability_360.template +0 -74

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53be28aad08aa0bb0c29788729eef45cbc6a001aafbc2ad7e92d2aee40fb8b2a
-  data.tar.gz: d1d56bd00089c98c91c34051b10ff6516b16ffaa5e39515e891d6d87eea44a20
+  metadata.gz: f524ed0cb7e422e55d6a417c7f44ffcc75062ad8fd270c3974b5d4df36296cb7
+  data.tar.gz: 3c76fdd522b2471213d32b88e5fe83675b22fd5cf542f3b560cf589169656fac
 SHA512:
-  metadata.gz: 1c9d3fa974a1f866af947047f54fd7f4a6454f8487561c8fb2ca6a95ef3ffa3f0dc2b149d2a5d2fb6cb108d958bb6510d1a94987b1dfd6e9ec325cf02972fe66
-  data.tar.gz: 88da3ee0c3b030f064093b7ffb12767e616675e543c8f882467b5482357e725340ad35fbe4a3243e7b741e7896bed998fd7abd1d1f5bbb43b09599a06ce028d9
+  metadata.gz: 1cd647ad42044b3e6eaed0bdd803cbac50e64f82d2bff5d8849b631409e64a41d4f280a4ee045286b5618e6bf587d8860786e65eb8dcb8e1f72e8b835c739b4b
+  data.tar.gz: b6d4cf1be6d5fd42cad884af20b045551c2390f6c18bae467aaecfd03e289e49c29c903e5440c8ca495c87cce6e6d6839c93e92a6d110ad173dcbb7984edd192

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+v4.12.0 (May 2024)
+  - Migrate integration to use Mappings Manager
+  - Update Dradis links in README
 v4.11.0 (January 2024)
   - No changes

data/README.md CHANGED Viewed

@@ -4,7 +4,7 @@
 The Acunetix add-on enables users to upload Acunexit XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
-The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 ## More information

data/lib/dradis/plugins/acunetix/formats/acunetix360.rb CHANGED Viewed

@@ -28,8 +28,8 @@ module Dradis::Plugins::Acunetix::Formats
       logger.info { 'Creating issues from Acunetix360 vulnerabilities.' }
       xml.xpath('//acunetix-360/vulnerabilities/vulnerability').each do |vuln_xml|
-        issue_text = template_service.process_template(
-          template: 'vulnerability_360',
+        issue_text = mapping_service.apply_mapping(
+          source: 'vulnerability_360',
           data: vuln_xml
         )
@@ -38,8 +38,8 @@ module Dradis::Plugins::Acunetix::Formats
         logger.info { "\t\t => Creating new issue: #{type}" }
         issue = content_service.create_issue(text: issue_text, id: type)
-        evidence_text = template_service.process_template(
-          template: 'evidence_360',
+        evidence_text = mapping_service.apply_mapping(
+          source: 'evidence_360',
           data: vuln_xml
         )

data/lib/dradis/plugins/acunetix/formats/standard.rb CHANGED Viewed

@@ -32,7 +32,7 @@ module Dradis::Plugins::Acunetix::Formats
         scan_node.save
       end
-      scan_note = template_service.process_template(template: 'scan', data: xml_scan)
+      scan_note = mapping_service.apply_mapping(source: 'scan', data: xml_scan)
       content_service.create_note text: scan_note, node: scan_node
       xml_scan.xpath('./ReportItems/ReportItem').each do |xml_report_item|
@@ -47,11 +47,11 @@ module Dradis::Plugins::Acunetix::Formats
                             ]
       logger.info { "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
-      issue_text = template_service.process_template(template: 'report_item', data: xml_report_item)
+      issue_text = mapping_service.apply_mapping(source: 'report_item', data: xml_report_item)
       issue = content_service.create_issue(text: issue_text, id: plugin_id)
       logger.info { "\t\t => Creating new evidence" }
-      evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item)
+      evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_report_item)
       content_service.create_evidence(issue: issue, node: scan_node, content: evidence_content)
     end
   end

data/lib/dradis/plugins/acunetix/gem_version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 11
+        MINOR = 12
         TINY = 0
         PRE = nil

data/lib/dradis/plugins/acunetix/mapping.rb ADDED Viewed

@@ -0,0 +1,154 @@
+module Dradis::Plugins::Acunetix
+  module Mapping
+    DEFAULT_MAPPING = {
+      evidence_360: {
+        'HTTP Request' => '{{ acunetix[evidence_360.http_request] }}',
+        'HTTP Response' => '{{ acunetix[evidence_360.http_response] }}'
+      },
+      evidence: {
+        'Details' => '{{ acunetix[evidence.details] }}',
+        'Affects' => "|_. Location |_. Parameter |\n| {{ acunetix[evidence.affects] }} | {{ acunetix[evidence.parameter] }} |",
+        'AOP' => "|_. File |_. Line |_. Additional |\n| {{ acunetix[evidence.aop_source_file] }} | {{ acunetix[evidence.aop_source_line] }} | {{ acunetix[evidence.aop_additional] }} |",
+        'FalsePositive' => '{{ acunetix[evidence.is_false_positive] }}'
+      },
+      report_item: {
+        'Title' => '{{ acunetix[report_item.name] }}',
+        'Severity' => '{{ acunetix[report_item.severity] }}',
+        'Type' => '{{ acunetix[report_item.type] }}',
+        'Impact' => '{{ acunetix[report_item.impact] }}',
+        'Description' => '{{ acunetix[report_item.description] }}',
+        'DetailedInformation' => '{{ acunetix[report_item.detailed_information] }}',
+        'Recommendation' => '{{ acunetix[report_item.recommendation] }}',
+        'CVSSVector' => '{{ acunetix[report_item.cvss_descriptor] }}',
+        'CVSSScore' => '{{ acunetix[report_item.cvss_score] }}',
+        'CVSS3Vector' => '{{ acunetix[report_item.cvss3_descriptor] }}',
+        'CVSS3Score' => '{{ acunetix[report_item.cvss3_score] }}',
+        'CVSS3TempScore' => '{{ acunetix[report_item.cvss3_tempscore] }}',
+        'CVSS3EnvScore' => '{{ acunetix[report_item.cvss3_envscore] }}',
+        'CVEList' => '{{ acunetix[report_item.cve_list] }}',
+        'References' => '{{ acunetix[report_item.references] }}'
+      },
+      scan: {
+        'Title' => 'Acunetix scanner notes ({{ acunetix[scan.start_time] }})',
+        'ScanName' => '{{ acunetix[scan.name] }}',
+        'StartURL' => '{{ acunetix[scan.start_url] }}',
+        'TimeAndFlags' => "|_. Start |_. Finish |_. Total |_. Aborted |_. Responsive |\n| {{ acunetix[scan.start_time] }} | {{ acunetix[scan.finish_time] }} | {{ acunetix[scan.scan_time] }} | {{ acunetix[scan.aborted] }} | {{ acunetix[scan.responsive] }} |",
+        'Fingerprint' => "|_. Banner |_. OS |_. Web server |_. Technologies |\n| {{ acunetix[scan.banner] }} | {{ acunetix[scan.os] }} | {{ acunetix[scan.web_server] }} | {{ acunetix[scan.technologies] }} |"
+      },
+      vulnerability_360: {
+        'Title' => '{{ acunetix[vulnerability_360.name] }}',
+        'Type' => '{{ acunetix[vulnerability_360.type] }}',
+        'URL' => '{{ acunetix[vulnerability_360.url] }}',
+        'Severity' => '{{ acunetix[vulnerability_360.severity] }}',
+        'Description' => '{{ acunetix[vulnerability_360.description] }}',
+        'Impact' => '{{ acunetix[vulnerability_360.impact] }}',
+        'Certainty' => '{{ acunetix[vulnerability_360.certainty] }}',
+        'Confirmed' => '{{ acunetix[vulnerability_360.confirmed] }}',
+        'State' => '{{ acunetix[vulnerability_360.state] }}',
+        'OWASP' => '{{ acunetix[vulnerability_360.owasp] }}',
+        'WASC' => '{{ acunetix[vulnerability_360.wasc] }}',
+        'CWE' => '{{ acunetix[vulnerability_360.cwe] }}',
+        'CAPEC' => '{{ acunetix[vulnerability_360.capec] }}',
+        'PCI32' => '{{ acunetix[vulnerability_360.pci32] }}',
+        'HIPAA' => '{{ acunetix[vulnerability_360.hipaa] }}',
+        'OWASPPC' => '{{ acunetix[vulnerability_360.owasppc] }}',
+        'ISO27001' => '{{ acunetix[vulnerability_360.iso27001] }}',
+        'CVSSVector' => '{{ acunetix[vulnerability_360.cvss_vector] }}',
+        'CVSSBase' => '{{ acunetix[vulnerability_360.cvss_base] }}',
+        'CVSSTemporal' => '{{ acunetix[vulnerability_360.cvss_temporal] }}',
+        'CVSSEnvironmental' => '{{ acunetix[vulnerability_360.cvss_environmental] }}',
+        'CVSS3Vector' => '{{ acunetix[vulnerability_360.cvss31_vector] }}',
+        'CVSS3Base' => '{{ acunetix[vulnerability_360.cvss31_base] }}',
+        'CVSS3Temporal' => '{{ acunetix[vulnerability_360.cvss31_temporal] }}',
+        'CVSS3Environmental' => '{{ acunetix[vulnerability_360.cvss31_environmental] }}'
+      }
+    }.freeze
+    SOURCE_FIELDS = {
+      evidence_360: [
+        'evidence_360.http_request',
+        'evidence_360.http_request_method',
+        'evidence_360.http_response',
+        'evidence_360.http_response_status_code',
+        'evidence_360.http_response_duration'
+      ],
+      evidence: [
+        'evidence.details',
+        'evidence.affects',
+        'evidence.parameter',
+        'evidence.aop_source_file',
+        'evidence.aop_source_line',
+        'evidence.aop_additional',
+        'evidence.is_false_positive',
+        'evidence.request',
+        'evidence.response'
+      ],
+      report_item: [
+        'report_item.name',
+        'report_item.module_name',
+        'report_item.severity',
+        'report_item.type',
+        'report_item.impact',
+        'report_item.description',
+        'report_item.detailed_information',
+        'report_item.recommendation',
+        'report_item.request',
+        'report_item.response',
+        'report_item.cvss_descriptor',
+        'report_item.cvss_score',
+        'report_item.cvss3_descriptor',
+        'report_item.cvss3_score',
+        'report_item.cvss3_tempscore',
+        'report_item.cvss3_envscore',
+        'report_item.cve_list',
+        'report_item.references'
+      ],
+      scan: [
+        'scan.name',
+        'scan.short_name',
+        'scan.start_url',
+        'scan.start_time',
+        'scan.finish_time',
+        'scan.scan_time',
+        'scan.aborted',
+        'scan.responsive',
+        'scan.banner',
+        'scan.os',
+        'scan.web_server',
+        'scan.technologies'
+      ],
+      vulnerability_360: [
+        'vulnerability_360.name',
+        'vulnerability_360.type',
+        'vulnerability_360.url',
+        'vulnerability_360.description',
+        'vulnerability_360.impact',
+        'vulnerability_360.remedial_actions',
+        'vulnerability_360.exploitation_skills',
+        'vulnerability_360.remedial_procedure',
+        'vulnerability_360.remedy_references',
+        'vulnerability_360.external_references',
+        'vulnerability_360.severity',
+        'vulnerability_360.certainty',
+        'vulnerability_360.confirmed',
+        'vulnerability_360.state',
+        'vulnerability_360.owasp',
+        'vulnerability_360.wasc',
+        'vulnerability_360.cwe',
+        'vulnerability_360.capec',
+        'vulnerability_360.pci32',
+        'vulnerability_360.hipaa',
+        'vulnerability_360.owasppc',
+        'vulnerability_360.iso27001',
+        'vulnerability_360.cvss_vector',
+        'vulnerability_360.cvss_base',
+        'vulnerability_360.cvss_temporal',
+        'vulnerability_360.cvss_environmental',
+        'vulnerability_360.cvss31_vector',
+        'vulnerability_360.cvss31_base',
+        'vulnerability_360.cvss31_temporal',
+        'vulnerability_360.cvss31_environmental'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/acunetix.rb CHANGED Viewed

@@ -8,5 +8,6 @@ end
 require 'dradis/plugins/acunetix/engine'
 require 'dradis/plugins/acunetix/field_processor'
 require 'dradis/plugins/acunetix/importer'
+require 'dradis/plugins/acunetix/mapping'
 require 'dradis/plugins/acunetix/version'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-acunetix
 version: !ruby/object:Gem::Version
-  version: 4.11.0
+  version: 4.12.0
 platform: ruby
 authors:
 - Daniel Martin
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-17 00:00:00.000000000 Z
+date: 2024-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -96,7 +96,7 @@ dependencies:
         version: 0.5.2
 description: This add-on allows you to upload and parse output produced from Acunetix
   Web Vulnerability Scanner into Dradis.
-email:
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -125,6 +125,7 @@ files:
 - lib/dradis/plugins/acunetix/formats/standard.rb
 - lib/dradis/plugins/acunetix/gem_version.rb
 - lib/dradis/plugins/acunetix/importer.rb
+- lib/dradis/plugins/acunetix/mapping.rb
 - lib/dradis/plugins/acunetix/version.rb
 - lib/tasks/thorfile.rb
 - spec/dradis-acunetix_spec.rb
@@ -134,26 +135,16 @@ files:
 - spec/fixtures/files/testphp.vulnweb.com.export.acunetix.xml
 - spec/models/acunetix/scan_spec.rb
 - spec/spec_helper.rb
-- templates/evidence.fields
 - templates/evidence.sample
-- templates/evidence.template
-- templates/evidence_360.fields
 - templates/evidence_360.sample
-- templates/evidence_360.template
-- templates/report_item.fields
 - templates/report_item.sample
-- templates/report_item.template
-- templates/scan.fields
 - templates/scan.sample
-- templates/scan.template
-- templates/vulnerability_360.fields
 - templates/vulnerability_360.sample
-- templates/vulnerability_360.template
 homepage: https://dradis.com/integrations/acunetix.html
 licenses:
 - GPL-2
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -168,8 +159,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
-signing_key:
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Acunetix add-on for the Dradis Framework.
 test_files:

data/templates/evidence.fields DELETED Viewed

@@ -1,9 +0,0 @@
-evidence.details
-evidence.affects
-evidence.parameter
-evidence.aop_source_file
-evidence.aop_source_line
-evidence.aop_additional
-evidence.is_false_positive
-evidence.request
-evidence.response

data/templates/evidence.template DELETED Viewed

@@ -1,16 +0,0 @@
-#[Details]#
-%evidence.details%
-#[Affects]#
-|_. Location |_. Parameter |
-| %evidence.affects% | %evidence.parameter% |
-#[AOP]#
-|_. File |_. Line |_. Additional |
-| %evidence.aop_source_file% | %evidence.aop_source_line% | %evidence.aop_additional% |
-#[FalsePositive]#
-%evidence.is_false_positive%

data/templates/evidence_360.fields DELETED Viewed

@@ -1,5 +0,0 @@
-evidence_360.http_request
-evidence_360.http_request_method
-evidence_360.http_response
-evidence_360.http_response_status_code
-evidence_360.http_response_duration

data/templates/evidence_360.template DELETED Viewed

@@ -1,5 +0,0 @@
-#[HTTP Request]#
-%evidence_360.http_request%
-#[HTTP Response]#
-%evidence_360.http_response%

data/templates/report_item.fields DELETED Viewed

@@ -1,18 +0,0 @@
-report_item.name
-report_item.module_name
-report_item.severity
-report_item.type
-report_item.impact
-report_item.description
-report_item.detailed_information
-report_item.recommendation
-report_item.request
-report_item.response
-report_item.cvss_descriptor
-report_item.cvss_score
-report_item.cvss3_descriptor
-report_item.cvss3_score
-report_item.cvss3_tempscore
-report_item.cvss3_envscore
-report_item.cve_list
-report_item.references

data/templates/report_item.template DELETED Viewed

@@ -1,59 +0,0 @@
-#[Title]#
-%report_item.name%
-#[Severity]#
-%report_item.severity%
-#[Type]#
-%report_item.type%
-#[Impact]#
-%report_item.impact%
-#[Description]#
-%report_item.description%
-#[DetailedInformation]#
-%report_item.detailed_information%
-#[Recommendation]#
-%report_item.recommendation%
-#[CVSSVector]#
-%report_item.cvss_descriptor%
-#[CVSSScore]#
-%report_item.cvss_score%
-#[CVSS3Vector]#
-%report_item.cvss3_descriptor%
-#[CVSS3Score]#
-%report_item.cvss3_score%
-#[CVSS3TempScore]#
-%report_item.cvss3_tempscore%
-#[CVSS3EnvScore]#
-%report_item.cvss3_envscore%
-#[CVEList]#
-%report_item.cve_list%
-#[References]#
-%report_item.references%

data/templates/scan.fields DELETED Viewed

@@ -1,12 +0,0 @@
-scan.name
-scan.short_name
-scan.start_url
-scan.start_time
-scan.finish_time
-scan.scan_time
-scan.aborted
-scan.responsive
-scan.banner
-scan.os
-scan.web_server
-scan.technologies

data/templates/scan.template DELETED Viewed

@@ -1,16 +0,0 @@
-#[Title]#
-Acunetix scanner notes (%scan.start_time%)
-#[ScanName]#
-%scan.name%
-#[StartURL]#
-%scan.start_url%
-#[TimeAndFlags]#
-|_. Start |_. Finish |_. Total |_. Aborted |_. Responsive |
-| %scan.start_time% | %scan.finish_time% | %scan.scan_time% | %scan.aborted% | %scan.responsive% |
-#[Fingerprint]#
-|_. Banner |_. OS |_. Web server |_. Technologies |
-| %scan.banner% | %scan.os% | %scan.web_server% | %scan.technologies% |

data/templates/vulnerability_360.fields DELETED Viewed

@@ -1,30 +0,0 @@
-vulnerability_360.name
-vulnerability_360.type
-vulnerability_360.url
-vulnerability_360.description
-vulnerability_360.impact
-vulnerability_360.remedial_actions
-vulnerability_360.exploitation_skills
-vulnerability_360.remedial_procedure
-vulnerability_360.remedy_references
-vulnerability_360.external_references
-vulnerability_360.severity
-vulnerability_360.certainty
-vulnerability_360.confirmed
-vulnerability_360.state
-vulnerability_360.owasp
-vulnerability_360.wasc
-vulnerability_360.cwe
-vulnerability_360.capec
-vulnerability_360.pci32
-vulnerability_360.hipaa
-vulnerability_360.owasppc
-vulnerability_360.iso27001
-vulnerability_360.cvss_vector
-vulnerability_360.cvss_base
-vulnerability_360.cvss_temporal
-vulnerability_360.cvss_environmental
-vulnerability_360.cvss31_vector
-vulnerability_360.cvss31_base
-vulnerability_360.cvss31_temporal
-vulnerability_360.cvss31_environmental

data/templates/vulnerability_360.template DELETED Viewed

@@ -1,74 +0,0 @@
-#[Title]#
-%vulnerability_360.name%
-#[Type]#
-%vulnerability_360.type%
-#[URL]#
-%vulnerability_360.url%
-#[Severity]#
-%vulnerability_360.severity%
-#[Description]#
-%vulnerability_360.description%
-#[Impact]#
-%vulnerability_360.impact%
-#[Certainty]#
-%vulnerability_360.certainty%
-#[Confirmed]#
-%vulnerability_360.confirmed%
-#[State]#
-%vulnerability_360.state%
-#[OWASP]#
-%vulnerability_360.owasp%
-#[WASC]#
-%vulnerability_360.wasc%
-#[CWE]#
-%vulnerability_360.cwe%
-#[CAPEC]#
-%vulnerability_360.capec%
-#[PCI32]#
-%vulnerability_360.pci32%
-#[HIPAA]#
-%vulnerability_360.hipaa%
-#[OWASPPC]#
-%vulnerability_360.owasppc%
-#[ISO27001]#
-%vulnerability_360.iso27001%
-#[CVSSVector]#
-%vulnerability_360.cvss_vector%
-#[CVSSBase]#
-%vulnerability_360.cvss_base%
-#[CVSSTemporal]#
-%vulnerability_360.cvss_temporal%
-#[CVSSEnvironmental]#
-%vulnerability_360.cvss_environmental%
-#[CVSS3Vector]#
-%vulnerability_360.cvss31_vector%
-#[CVSS3Base]#
-%vulnerability_360.cvss31_base%
-#[CVSS3Temporal]#
-%vulnerability_360.cvss31_temporal%
-#[CVSS3Environmental]#
-%vulnerability_360.cvss31_environmental%