dradis-burp 3.12.0 → 3.17.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,7 +1,8 @@
1
- issue.name
2
1
  issue.background
3
- issue.remediation_background
4
2
  issue.detail
5
- issue.remediation_detail
3
+ issue.name
6
4
  issue.references
5
+ issue.remediation_background
6
+ issue.remediation_detail
7
+ issue.severity
7
8
  issue.vulnerability_classifications
@@ -2,6 +2,10 @@
2
2
  %issue.name%
3
3
 
4
4
 
5
+ #[Severity]#
6
+ %issue.severity%
7
+
8
+
5
9
  #[Background]#
6
10
  %issue.background%
7
11
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-burp
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.12.0
4
+ version: 3.17.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-01 00:00:00.000000000 Z
11
+ date: 2020-06-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -42,16 +42,16 @@ dependencies:
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: '1.6'
47
+ version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
- version: '1.6'
54
+ version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rake
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -102,6 +102,8 @@ executables: []
102
102
  extensions: []
103
103
  extra_rdoc_files: []
104
104
  files:
105
+ - ".github/issue_template.md"
106
+ - ".github/pull_request_template.md"
105
107
  - ".gitignore"
106
108
  - ".rspec"
107
109
  - CHANGELOG.md
@@ -111,23 +113,31 @@ files:
111
113
  - README.md
112
114
  - Rakefile
113
115
  - dradis-burp.gemspec
116
+ - lib/burp/html/issue.rb
114
117
  - lib/burp/issue.rb
118
+ - lib/burp/xml/issue.rb
115
119
  - lib/dradis-burp.rb
116
120
  - lib/dradis/plugins/burp.rb
117
121
  - lib/dradis/plugins/burp/engine.rb
118
122
  - lib/dradis/plugins/burp/field_processor.rb
119
123
  - lib/dradis/plugins/burp/gem_version.rb
120
- - lib/dradis/plugins/burp/importer.rb
124
+ - lib/dradis/plugins/burp/html/importer.rb
121
125
  - lib/dradis/plugins/burp/version.rb
126
+ - lib/dradis/plugins/burp/xml/importer.rb
122
127
  - lib/tasks/thorfile.rb
123
128
  - spec/burp_upload_spec.rb
129
+ - spec/fixtures/files/burp.html
124
130
  - spec/fixtures/files/burp.xml
131
+ - spec/fixtures/files/burp_issue_severity.xml
125
132
  - spec/fixtures/files/invalid-utf-issue.xml
126
133
  - spec/fixtures/files/without-base64.xml
127
134
  - spec/spec_helper.rb
128
135
  - templates/evidence.fields
129
136
  - templates/evidence.sample
130
137
  - templates/evidence.template
138
+ - templates/html_evidence.fields
139
+ - templates/html_evidence.sample
140
+ - templates/html_evidence.template
131
141
  - templates/issue.fields
132
142
  - templates/issue.sample
133
143
  - templates/issue.template
@@ -150,14 +160,15 @@ required_rubygems_version: !ruby/object:Gem::Requirement
150
160
  - !ruby/object:Gem::Version
151
161
  version: '0'
152
162
  requirements: []
153
- rubyforge_project:
154
- rubygems_version: 2.6.12
163
+ rubygems_version: 3.0.1
155
164
  signing_key:
156
165
  specification_version: 4
157
166
  summary: Burp Scanner upload plugin for the Dradis Framework.
158
167
  test_files:
159
168
  - spec/burp_upload_spec.rb
169
+ - spec/fixtures/files/burp.html
160
170
  - spec/fixtures/files/burp.xml
171
+ - spec/fixtures/files/burp_issue_severity.xml
161
172
  - spec/fixtures/files/invalid-utf-issue.xml
162
173
  - spec/fixtures/files/without-base64.xml
163
174
  - spec/spec_helper.rb
@@ -1,138 +0,0 @@
1
- module Dradis::Plugins::Burp
2
- class Importer < Dradis::Plugins::Upload::Importer
3
-
4
- # The framework will call this function if the user selects this plugin from
5
- # the dropdown list and uploads a file.
6
- # @returns true if the operation was successful, false otherwise
7
- def import(params = {})
8
- file_content = File.read(params[:file])
9
-
10
- if file_content =~ /base64="false"/
11
- error = "Burp input contains HTTP request / response data that hasn't been Base64-encoded.\n"
12
- error << 'Please re-export your scanner results making sure the Base-64 encode option is selected.'
13
-
14
- logger.fatal{ error }
15
- content_service.create_note text: error
16
- return false
17
- end
18
-
19
- logger.info { 'Parsing Burp Scanner output file...' }
20
- doc = Nokogiri::XML(file_content)
21
- logger.info { 'Done.' }
22
-
23
- if doc.root.name != 'issues'
24
- error = "Document doesn't seem to be in the Burp Scanner XML format."
25
- logger.fatal { error }
26
- content_service.create_note text: error
27
- return false
28
- end
29
-
30
- # This will be filled in by the Processor while iterating over the issues
31
- @hosts = []
32
- @affected_host = nil
33
- @issue_text = nil
34
- @evidence_text = nil
35
-
36
- doc.xpath('issues/issue').each do |xml_issue|
37
- process_issue(xml_issue)
38
- end
39
-
40
- logger.info { 'Burp Scanner results successfully imported' }
41
- true
42
- end
43
-
44
- private
45
-
46
- # Creates the Nodes/properties
47
- def process_issue(xml_issue)
48
- host_label = xml_issue.at('host')['ip']
49
- host_label = xml_issue.at('host').text if host_label.empty?
50
- affected_host = content_service.create_node(label: host_label, type: :host)
51
- logger.info { "\taffects: #{host_label}" }
52
-
53
- unless @hosts.include?(affected_host.label)
54
- @hosts << affected_host.label
55
- url = xml_issue.at('host').text
56
- affected_host.set_property(:hostname, url)
57
- affected_host.save
58
- end
59
-
60
- # Burp extensions don't follow the "unique type for every Issue" logic
61
- # so we have to deal with them separately
62
- if xml_issue.at('type').text.to_str == '134217728'
63
- process_extension_issues(affected_host, xml_issue)
64
- else
65
- process_burp_issues(affected_host, xml_issue)
66
- end
67
- end
68
-
69
- # If the Issues come from the Burp app, use the type as the plugin_ic
70
- def process_burp_issues(affected_host, xml_issue)
71
- issue_name = xml_issue.at('name').text
72
- issue_type = xml_issue.at('type').text.to_i
73
-
74
- logger.info { "Adding #{issue_name} (#{issue_type})" }
75
-
76
- create_issue(
77
- affected_host: affected_host,
78
- id: issue_type,
79
- xml_issue: xml_issue
80
- )
81
- end
82
-
83
- # If the Issues come from a Burp extension (type = 134217728), then
84
- # use the name (spaces removed) as the plugin_id
85
- def process_extension_issues(affected_host, xml_issue)
86
- ext_name = xml_issue.at('name').text
87
- ext_name = ext_name.gsub!(" ", "")
88
-
89
- logger.info { "Adding #{ext_name}" }
90
-
91
- create_issue(
92
- affected_host: affected_host,
93
- id: ext_name,
94
- xml_issue: xml_issue
95
- )
96
- end
97
-
98
- def create_issue(affected_host:, id:, xml_issue:)
99
- issue_text =
100
- template_service.process_template(
101
- template: 'issue',
102
- data: xml_issue
103
- )
104
-
105
- if issue_text.include?(::Burp::INVALID_UTF_REPLACE)
106
- logger.info do
107
- "\tdetected invalid UTF-8 bytes in your issue. " \
108
- "Replacing them with '#{::Burp::INVALID_UTF_REPLACE}'."
109
- end
110
- end
111
-
112
- issue = content_service.create_issue(text: issue_text, id: id)
113
-
114
- logger.info do
115
- "\tadding evidence for this instance to #{affected_host.label}."
116
- end
117
-
118
- evidence_text =
119
- template_service.process_template(
120
- template: 'evidence',
121
- data: xml_issue
122
- )
123
-
124
- if evidence_text.include?(::Burp::INVALID_UTF_REPLACE)
125
- logger.info do
126
- "\tdetected invalid UTF-8 bytes in your evidence. " \
127
- "Replacing them with '#{::Burp::INVALID_UTF_REPLACE}'."
128
- end
129
- end
130
-
131
- content_service.create_evidence(
132
- issue: issue,
133
- node: affected_host,
134
- content: evidence_text
135
- )
136
- end
137
- end
138
- end