dradis-brakeman 4.11.0 → 4.13.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8578aa3c7f477a4bb83e44cb97200439f4e14f74bb590aca2bb578c427bffff9
4
- data.tar.gz: f840c787d468c65b18c99d1049abe7d94e050c70f370edf26a98dc5f77f9b27d
3
+ metadata.gz: d23aeb091e080a950f46090b6457830db2abf5d471db557b90c5f73e726161d1
4
+ data.tar.gz: bacd1f204c1706e484692cde8458a7e2be9e82e5e4edbfe892f7f00549050d3e
5
5
  SHA512:
6
- metadata.gz: febc027dbb25b3680f9fab448b89b40ce2ac57463e3806152663648b77734ce44d65683dcf2fc9c2c7c3481f6d5955c1214ba4aa875f9af06a8a93cde3c44ed8
7
- data.tar.gz: e4949c08589c40cd4359321c17f2c4b057c679d9fa77ffbfc250233979371fba94d53d7ec35291f16e5857a747f05c25144d91c4cb629cc2918fa3ec16275c24
6
+ metadata.gz: a12da8453ccb211e587c927a24446b7b1ccbbfa247aea2091e02e8e9000122aad70aec982731a2bb05da50862b339038e59d63b2dc688603cae7d2b24fd00e1c
7
+ data.tar.gz: 94d387373de88c142a1d22e595e4c43460a58f36a87d928ec79dd6fd73a574efb8750eca7d949d4286df0ec08a6b002899ec496d1e6fc7606888168203f3cae9
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ v4.13.0 (July 2024)
2
+ - No changes
3
+
4
+ v4.12.0 (May 2024)
5
+ - Migrate integration to use Mappings Manager
6
+ - Update Dradis links in README
7
+
1
8
  v4.11.0 (January 2024)
2
9
  - No changes
3
10
 
data/README.md CHANGED
@@ -4,8 +4,7 @@
4
4
 
5
5
  Upload [Brakeman](http://brakemanscanner.org/) Rails security scanner JSON output into Dradis.
6
6
 
7
- The add-on requires [Dradis CE](https://dradisframework.com/ce/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
8
-
7
+ The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
9
8
 
10
9
  ## More information
11
10
 
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
25
25
  # s.add_dependency 'rails', '~> 4.1.1'
26
26
  spec.add_dependency 'dradis-plugins', '~> 4.0'
27
27
 
28
- spec.add_development_dependency 'bundler', '~> 1.6'
28
+ spec.add_development_dependency 'bundler', '~> 2'
29
29
  spec.add_development_dependency 'rake', '~> 10.0'
30
30
  spec.add_development_dependency 'rspec-rails'
31
31
  spec.add_development_dependency 'combustion', '~> 0.5.2'
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 11
11
+ MINOR = 13
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -24,7 +24,7 @@ module Dradis::Plugins::Brakeman
24
24
  end
25
25
 
26
26
  # choose a different parent based on the application path?
27
- scan_info = template_service.process_template(template: 'scan_info', data: data['scan_info'])
27
+ scan_info = mapping_service.apply_mapping(source: 'scan_info', data: data['scan_info'])
28
28
  content_service.create_note text: scan_info
29
29
 
30
30
  logger.info { "#{data['warnings'].count} Warnings\n===========" }
@@ -32,7 +32,7 @@ module Dradis::Plugins::Brakeman
32
32
  data['warnings'].each do |warning|
33
33
  logger.info { "* [#{warning['warning_type']}] #{warning['message']}" }
34
34
 
35
- warning_info = template_service.process_template(template: 'warning', data: warning)
35
+ warning_info = mapping_service.apply_mapping(source: 'warning', data: warning)
36
36
  content_service.create_issue text: warning_info, id: warning['warning_code']
37
37
  end
38
38
 
@@ -0,0 +1,53 @@
1
+ module Dradis::Plugins::Brakeman
2
+ module Mapping
3
+ DEFAULT_MAPPING = {
4
+ scan_info: {
5
+ 'Title' => 'Brakeman scan information',
6
+ 'Application' => '{{ brakeman[scan_info.app_path] }}',
7
+ 'BrakemanVersion' => '{{ brakeman[scan_info.brakeman_version] }}',
8
+ 'RailsVersion' => '{{ brakeman[scan_info.rails_version] }}',
9
+ 'WarningCount' => '{{ brakeman[scan_info.security_warnings] }}'
10
+ },
11
+ warning: {
12
+ 'Title' => '{{ brakeman[warning.message] }}',
13
+ 'Type' => '{{ brakeman[warning.warning_type] }}',
14
+ 'Confidence' => '{{ brakeman[warning.confidence] }}',
15
+ 'Path' => '{{ brakeman[warning.file] }}#{{ brakeman[warning.line] }}',
16
+ 'Code' => 'bc.. {{ brakeman[warning.code] }}',
17
+ 'References' => '{{ brakeman[warning.link] }}'
18
+ }
19
+ }.freeze
20
+
21
+ SOURCE_FIELDS = {
22
+ scan_info: [
23
+ 'scan_info.app_path',
24
+ 'scan_info.rails_version',
25
+ 'scan_info.security_warnings',
26
+ 'scan_info.start_time',
27
+ 'scan_info.end_time',
28
+ 'scan_info.duration',
29
+ 'scan_info.number_of_controllers',
30
+ 'scan_info.number_of_models',
31
+ 'scan_info.number_of_templates',
32
+ 'scan_info.ruby_version',
33
+ 'scan_info.brakeman_version'
34
+ ],
35
+ warning: [
36
+ 'warning.warning_type',
37
+ 'warning.warning_code',
38
+ 'warning.fingerprint',
39
+ 'warning.message',
40
+ 'warning.file',
41
+ 'warning.line',
42
+ 'warning.link',
43
+ 'warning.code',
44
+ 'warning.render_path',
45
+ 'warning.location_type',
46
+ 'warning.location_class',
47
+ 'warning.location_method',
48
+ 'warning.user_input',
49
+ 'warning.confidence'
50
+ ]
51
+ }.freeze
52
+ end
53
+ end
@@ -7,5 +7,6 @@ end
7
7
 
8
8
  require 'dradis/plugins/brakeman/engine'
9
9
  require 'dradis/plugins/brakeman/field_processor'
10
+ require 'dradis/plugins/brakeman/mapping'
10
11
  require 'dradis/plugins/brakeman/importer'
11
12
  require 'dradis/plugins/brakeman/version'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.11.0
4
+ version: 4.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-17 00:00:00.000000000 Z
11
+ date: 2024-08-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '1.6'
33
+ version: '2'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.6'
40
+ version: '2'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rake
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -105,16 +105,13 @@ files:
105
105
  - lib/dradis/plugins/brakeman/field_processor.rb
106
106
  - lib/dradis/plugins/brakeman/gem_version.rb
107
107
  - lib/dradis/plugins/brakeman/importer.rb
108
+ - lib/dradis/plugins/brakeman/mapping.rb
108
109
  - lib/dradis/plugins/brakeman/version.rb
109
110
  - lib/tasks/thorfile.rb
110
111
  - spec/brakeman_upload_spec.rb
111
112
  - spec/spec_helper.rb
112
- - templates/scan_info.fields
113
113
  - templates/scan_info.sample
114
- - templates/scan_info.template
115
- - templates/warning.fields
116
114
  - templates/warning.sample
117
- - templates/warning.template
118
115
  homepage: https://dradis.com/integrations/brakeman.html
119
116
  licenses:
120
117
  - GPL-2
@@ -134,7 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
134
131
  - !ruby/object:Gem::Version
135
132
  version: '0'
136
133
  requirements: []
137
- rubygems_version: 3.3.7
134
+ rubygems_version: 3.5.6
138
135
  signing_key:
139
136
  specification_version: 4
140
137
  summary: Brakeman add-on for the Dradis Framework.
@@ -1,11 +0,0 @@
1
- scan_info.app_path
2
- scan_info.rails_version
3
- scan_info.security_warnings
4
- scan_info.start_time
5
- scan_info.end_time
6
- scan_info.duration
7
- scan_info.number_of_controllers
8
- scan_info.number_of_models
9
- scan_info.number_of_templates
10
- scan_info.ruby_version
11
- scan_info.brakeman_version
@@ -1,18 +0,0 @@
1
- #[Title]#
2
- Brakeman scan information
3
-
4
-
5
- #[Application]#
6
- %scan_info.app_path%
7
-
8
-
9
- #[BrakemanVersion]#
10
- %scan_info.brakeman_version%
11
-
12
-
13
- #[RailsVersion]#
14
- %scan_info.rails_version%
15
-
16
-
17
- #[WarningCount]#
18
- %scan_info.security_warnings%
@@ -1,14 +0,0 @@
1
- warning.warning_type
2
- warning.warning_code
3
- warning.fingerprint
4
- warning.message
5
- warning.file
6
- warning.line
7
- warning.link
8
- warning.code
9
- warning.render_path
10
- warning.location_type
11
- warning.location_class
12
- warning.location_method
13
- warning.user_input
14
- warning.confidence
@@ -1,22 +0,0 @@
1
- #[Title]#
2
- %warning.message%
3
-
4
-
5
- #[Type]#
6
- %warning.warning_type%
7
-
8
-
9
- #[Confidence]#
10
- %warning.confidence%
11
-
12
-
13
- #[Path]#
14
- %warning.file%#%warning.line%
15
-
16
-
17
- #[Code]#
18
- bc.. %warning.code%
19
-
20
-
21
- #[References]#
22
- %warning.link%