dradis-brakeman 4.11.0 → 4.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8578aa3c7f477a4bb83e44cb97200439f4e14f74bb590aca2bb578c427bffff9
-  data.tar.gz: f840c787d468c65b18c99d1049abe7d94e050c70f370edf26a98dc5f77f9b27d
+  metadata.gz: 90577962578040e2c8d19cec0705f99785452159956c0e2506126f6ca10465c8
+  data.tar.gz: 5044fa833abc2ed6b717a7ea17ca6d33bbb41c0f6ff94a4cb70bbe4320b97da9
 SHA512:
-  metadata.gz: febc027dbb25b3680f9fab448b89b40ce2ac57463e3806152663648b77734ce44d65683dcf2fc9c2c7c3481f6d5955c1214ba4aa875f9af06a8a93cde3c44ed8
-  data.tar.gz: e4949c08589c40cd4359321c17f2c4b057c679d9fa77ffbfc250233979371fba94d53d7ec35291f16e5857a747f05c25144d91c4cb629cc2918fa3ec16275c24
+  metadata.gz: a786098b366dc4763a0321055194c1a99d8d3d29a3ed0f089f29c2948de1c969752d6a8538b80386e01326d774487bb8a50bd6fb24de5475ca63a3d3e7cad9c6
+  data.tar.gz: e65f3b2576730843a3b138fba4de28e5a9bacec25d1a7927fb1bddc1f038a64a9ee74d7c45b95ec2fa13f94e307428ba55376722fcee6bfe9fa81e5a783411d7

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+v4.12.0 (May 2024)
+  - Migrate integration to use Mappings Manager
+  - Update Dradis links in README
+
 v4.11.0 (January 2024)
   - No changes
 

data/README.md

@@ -4,8 +4,7 @@
 
 Upload [Brakeman](http://brakemanscanner.org/) Rails security scanner JSON output into Dradis.
 
-The add-on requires [Dradis CE](https://dradisframework.com/ce/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
-
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 
 ## More information
 

data/lib/dradis/plugins/brakeman/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 11
+        MINOR = 12
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/brakeman/importer.rb

@@ -24,7 +24,7 @@ module Dradis::Plugins::Brakeman
       end
 
       # choose a different parent based on the application path?
-      scan_info = template_service.process_template(template: 'scan_info', data: data['scan_info'])
+      scan_info = mapping_service.apply_mapping(source: 'scan_info', data: data['scan_info'])
       content_service.create_note text: scan_info
 
       logger.info { "#{data['warnings'].count} Warnings\n===========" }
@@ -32,7 +32,7 @@ module Dradis::Plugins::Brakeman
       data['warnings'].each do |warning|
         logger.info { "* [#{warning['warning_type']}] #{warning['message']}" }
 
-        warning_info = template_service.process_template(template: 'warning', data: warning)
+        warning_info = mapping_service.apply_mapping(source: 'warning', data: warning)
         content_service.create_issue text: warning_info, id: warning['warning_code']
       end
 

data/lib/dradis/plugins/brakeman/mapping.rb

@@ -0,0 +1,53 @@
+module Dradis::Plugins::Brakeman
+  module Mapping
+    DEFAULT_MAPPING = {
+      scan_info: {
+        'Title' => 'Brakeman scan information',
+        'Application' => '{{ brakeman[scan_info.app_path] }}',
+        'BrakemanVersion' => '{{ brakeman[scan_info.brakeman_version] }}',
+        'RailsVersion' => '{{ brakeman[scan_info.rails_version] }}',
+        'WarningCount' => '{{ brakeman[scan_info.security_warnings] }}'
+      },
+      warning: {
+        'Title' => '{{ brakeman[warning.message] }}',
+        'Type' => '{{ brakeman[warning.warning_type] }}',
+        'Confidence' => '{{ brakeman[warning.confidence] }}',
+        'Path' => '{{ brakeman[warning.file] }}#{{ brakeman[warning.line] }}',
+        'Code' => 'bc.. {{ brakeman[warning.code] }}',
+        'References' => '{{ brakeman[warning.link] }}'
+      }      
+    }.freeze
+
+    SOURCE_FIELDS = {
+      scan_info: [
+        'scan_info.app_path',
+        'scan_info.rails_version',
+        'scan_info.security_warnings',
+        'scan_info.start_time',
+        'scan_info.end_time',
+        'scan_info.duration',
+        'scan_info.number_of_controllers',
+        'scan_info.number_of_models',
+        'scan_info.number_of_templates',
+        'scan_info.ruby_version',
+        'scan_info.brakeman_version'
+      ],
+      warning: [
+        'warning.warning_type',
+        'warning.warning_code',
+        'warning.fingerprint',
+        'warning.message',
+        'warning.file',
+        'warning.line',
+        'warning.link',
+        'warning.code',
+        'warning.render_path',
+        'warning.location_type',
+        'warning.location_class',
+        'warning.location_method',
+        'warning.user_input',
+        'warning.confidence'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/brakeman.rb

@@ -7,5 +7,6 @@ end
 
 require 'dradis/plugins/brakeman/engine'
 require 'dradis/plugins/brakeman/field_processor'
+require 'dradis/plugins/brakeman/mapping'
 require 'dradis/plugins/brakeman/importer'
 require 'dradis/plugins/brakeman/version'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-brakeman
 version: !ruby/object:Gem::Version
-  version: 4.11.0
+  version: 4.12.0
 platform: ruby
 authors:
 - Daniel Martin
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-17 00:00:00.000000000 Z
+date: 2024-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -82,7 +82,7 @@ dependencies:
         version: 0.5.2
 description: This add-on allows you to upload and parse output produced from Brakeman
   Ruby on Rails security scanner into Dradis.
-email:
+email: 
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -105,21 +105,18 @@ files:
 - lib/dradis/plugins/brakeman/field_processor.rb
 - lib/dradis/plugins/brakeman/gem_version.rb
 - lib/dradis/plugins/brakeman/importer.rb
+- lib/dradis/plugins/brakeman/mapping.rb
 - lib/dradis/plugins/brakeman/version.rb
 - lib/tasks/thorfile.rb
 - spec/brakeman_upload_spec.rb
 - spec/spec_helper.rb
-- templates/scan_info.fields
 - templates/scan_info.sample
-- templates/scan_info.template
-- templates/warning.fields
 - templates/warning.sample
-- templates/warning.template
 homepage: https://dradis.com/integrations/brakeman.html
 licenses:
 - GPL-2
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -134,8 +131,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
-signing_key:
+rubygems_version: 3.1.4
+signing_key: 
 specification_version: 4
 summary: Brakeman add-on for the Dradis Framework.
 test_files:

data/templates/scan_info.fields

@@ -1,11 +0,0 @@
-scan_info.app_path
-scan_info.rails_version
-scan_info.security_warnings
-scan_info.start_time
-scan_info.end_time
-scan_info.duration
-scan_info.number_of_controllers
-scan_info.number_of_models
-scan_info.number_of_templates
-scan_info.ruby_version
-scan_info.brakeman_version

data/templates/scan_info.template

@@ -1,18 +0,0 @@
-#[Title]#
-Brakeman scan information
-
-
-#[Application]#
-%scan_info.app_path%
-
-
-#[BrakemanVersion]#
-%scan_info.brakeman_version%
-
-
-#[RailsVersion]#
-%scan_info.rails_version%
-
-
-#[WarningCount]#
-%scan_info.security_warnings%

data/templates/warning.fields

@@ -1,14 +0,0 @@
-warning.warning_type
-warning.warning_code
-warning.fingerprint
-warning.message
-warning.file
-warning.line
-warning.link
-warning.code
-warning.render_path
-warning.location_type
-warning.location_class
-warning.location_method
-warning.user_input
-warning.confidence

data/templates/warning.template

@@ -1,22 +0,0 @@
-#[Title]#
-%warning.message%
-
-
-#[Type]#
-%warning.warning_type%
-
-
-#[Confidence]#
-%warning.confidence%
-
-
-#[Path]#
-%warning.file%#%warning.line%
-
-
-#[Code]#
-bc.. %warning.code%
-
-
-#[References]#
-%warning.link%