dradis-burp 3.13.0 → 3.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/issue_template.md +16 -0
- data/.github/pull_request_template.md +36 -0
- data/CHANGELOG.md +28 -8
- data/lib/dradis/plugins/burp/gem_version.rb +1 -1
- data/lib/dradis/plugins/burp/xml/importer.rb +53 -59
- data/spec/burp_upload_spec.rb +42 -2
- data/spec/fixtures/files/burp_issue_severity.xml +118 -0
- data/templates/issue.fields +4 -3
- data/templates/issue.template +4 -0
- metadata +7 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f87e164401b9a2bd5ee2a795d93448651ed2eb08d6cebc661fefde6b15c57315
|
4
|
+
data.tar.gz: 1e46a0f0d296996623a3e479ddd2f7d6a666672ebfade92ad4883c62a740c096
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f5e7b6bc8a65e1d15fec78bb2da94ea36bd11e468d9d2dc15b1535b7f7df955dbfe077bdeda67aa3e632282bc26412ccf1aafffba9068a420d5433e774becce4
|
7
|
+
data.tar.gz: d5691cc2a904caa1d8f469e9bd48650a424ee2768bb41f82cd78101bfacdcb65b32f2c69011cf223e2e3f32614a9ff0239e6d2ffebd4902a599f383e695c6986
|
@@ -0,0 +1,16 @@
|
|
1
|
+
### Steps to reproduce
|
2
|
+
|
3
|
+
Help us help you, how can we reproduce the problem?
|
4
|
+
|
5
|
+
### Expected behavior
|
6
|
+
Tell us what should happen
|
7
|
+
|
8
|
+
### Actual behavior
|
9
|
+
Tell us what happens instead
|
10
|
+
|
11
|
+
### System configuration
|
12
|
+
**Dradis version**:
|
13
|
+
|
14
|
+
**Ruby version**:
|
15
|
+
|
16
|
+
**OS version**:
|
@@ -0,0 +1,36 @@
|
|
1
|
+
### Summary
|
2
|
+
|
3
|
+
Provide a general description of the code changes in your pull
|
4
|
+
request... were there any bugs you had fixed? If so, mention them. If
|
5
|
+
these bugs have open GitHub issues, be sure to tag them here as well,
|
6
|
+
to keep the conversation linked together.
|
7
|
+
|
8
|
+
|
9
|
+
### Other Information
|
10
|
+
|
11
|
+
If there's anything else that's important and relevant to your pull
|
12
|
+
request, mention that information here. This could include
|
13
|
+
benchmarks, or other information.
|
14
|
+
|
15
|
+
Thanks for contributing to Dradis!
|
16
|
+
|
17
|
+
|
18
|
+
### Copyright assignment
|
19
|
+
|
20
|
+
Collaboration is difficult with commercial closed source but we want
|
21
|
+
to keep as much of the OSS ethos as possible available to users
|
22
|
+
who want to fix it themselves.
|
23
|
+
|
24
|
+
In order to unambiguously own and sell Dradis Framework commercial
|
25
|
+
products, we must have the copyright associated with the entire
|
26
|
+
codebase. Any code you create which is merged must be owned by us.
|
27
|
+
That's not us trying to be a jerks, that's just the way it works.
|
28
|
+
|
29
|
+
Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
|
30
|
+
file for the details.
|
31
|
+
|
32
|
+
You can delete this section, but the following sentence needs to
|
33
|
+
remain in the PR's description:
|
34
|
+
|
35
|
+
> I assign all rights, including copyright, to any future Dradis
|
36
|
+
> work by myself to Security Roots.
|
data/CHANGELOG.md
CHANGED
@@ -1,10 +1,30 @@
|
|
1
|
-
## Dradis Framework 3.
|
1
|
+
## Dradis Framework 3.18 (July, 2020) ##
|
2
2
|
|
3
|
-
*
|
3
|
+
* No changes.
|
4
|
+
|
5
|
+
## Dradis Framework 3.17 (May, 2020) ##
|
6
|
+
|
7
|
+
* No changes.
|
8
|
+
|
9
|
+
## Dradis Framework 3.16 (February, 2020) ##
|
10
|
+
|
11
|
+
* Update severity fixture for specs.
|
12
|
+
|
13
|
+
## Dradis Framework 3.15 (November, 2019) ##
|
14
|
+
|
15
|
+
* Make `issue.severity` available at the Issue level.
|
16
|
+
|
17
|
+
## Dradis Framework 3.14 (August, 2019) ##
|
18
|
+
|
19
|
+
* No changes.
|
20
|
+
|
21
|
+
## Dradis Framework 3.13 (June, 2019) ##
|
22
|
+
|
23
|
+
* Include parsing Burp Html output.
|
4
24
|
|
5
25
|
## Dradis Framework 3.12 (March, 2019) ##
|
6
26
|
|
7
|
-
* Make `issue.detail` available at the Evidence level
|
27
|
+
* Make `issue.detail` available at the Evidence level.
|
8
28
|
|
9
29
|
## Dradis Framework 3.11 (November, 2018) ##
|
10
30
|
|
@@ -12,17 +32,17 @@
|
|
12
32
|
|
13
33
|
## Dradis Framework 3.10 (August, 2018) ##
|
14
34
|
|
15
|
-
* Adds `references` and `vulnerability_classifications` as available fields
|
35
|
+
* Adds `references` and `vulnerability_classifications` as available fields.
|
16
36
|
|
17
|
-
* Adds `hostname` as a Node property
|
37
|
+
* Adds `hostname` as a Node property.
|
18
38
|
|
19
|
-
* Fixes formatting errors including `<p>`, `<a href="">`, and `<table>` tags
|
39
|
+
* Fixes formatting errors including `<p>`, `<a href="">`, and `<table>` tags.
|
20
40
|
|
21
|
-
* Findings with <type>134217728</type> are not bundled together into one Issue
|
41
|
+
* Findings with <type>134217728</type> are not bundled together into one Issue.
|
22
42
|
|
23
43
|
## Dradis Framework 3.9 (January, 2018) ##
|
24
44
|
|
25
|
-
* Encode content with UTF-8 to avoid incompatible db errors (v3.8.1)
|
45
|
+
* Encode content with UTF-8 to avoid incompatible db errors (v3.8.1).
|
26
46
|
|
27
47
|
## Dradis Framework 3.8 (September, 2017) ##
|
28
48
|
|
@@ -12,10 +12,14 @@ module Dradis::Plugins::Burp
|
|
12
12
|
end
|
13
13
|
|
14
14
|
class Importer < Dradis::Plugins::Upload::Importer
|
15
|
+
BURP_EXTENSION_TYPE = '134217728'.freeze
|
16
|
+
BURP_SEVERITIES = ['Information', 'Low', 'Medium', 'High'].freeze
|
17
|
+
|
15
18
|
def initialize(args={})
|
16
19
|
args[:plugin] = Dradis::Plugins::Burp
|
17
20
|
super(args)
|
18
21
|
end
|
22
|
+
|
19
23
|
def import(params = {})
|
20
24
|
file_content = File.read(params[:file])
|
21
25
|
|
@@ -33,80 +37,39 @@ module Dradis::Plugins::Burp
|
|
33
37
|
logger.info { 'Done.' }
|
34
38
|
|
35
39
|
if doc.root.name != 'issues'
|
36
|
-
error =
|
40
|
+
error = 'Document doesn\'t seem to be in the Burp Scanner XML format.'
|
37
41
|
logger.fatal { error }
|
38
42
|
content_service.create_note text: error
|
39
43
|
return false
|
40
44
|
end
|
41
45
|
|
42
46
|
# This will be filled in by the Processor while iterating over the issues
|
43
|
-
@
|
44
|
-
@
|
45
|
-
@issue_text = nil
|
46
|
-
@evidence_text = nil
|
47
|
+
@issues = []
|
48
|
+
@severities = Hash.new(0)
|
47
49
|
|
50
|
+
# We need to look ahead through all issues to bring the highest severity
|
51
|
+
# of each instance to the Issue level.
|
48
52
|
doc.xpath('issues/issue').each do |xml_issue|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
logger.info { 'Burp Scanner results successfully imported' }
|
53
|
-
true
|
54
|
-
end
|
55
|
-
|
56
|
-
# Creates the Nodes/properties
|
57
|
-
def process_issue(xml_issue)
|
58
|
-
host_label = xml_issue.at('host')['ip']
|
59
|
-
host_label = xml_issue.at('host').text if host_label.empty?
|
60
|
-
affected_host = content_service.create_node(label: host_label, type: :host)
|
61
|
-
logger.info { "\taffects: #{host_label}" }
|
53
|
+
issue_id = issue_id_for(xml_issue)
|
54
|
+
issue_severity = BURP_SEVERITIES.index(xml_issue.at('severity').text)
|
62
55
|
|
63
|
-
|
64
|
-
@
|
65
|
-
url = xml_issue.at('host').text
|
66
|
-
affected_host.set_property(:hostname, url)
|
67
|
-
affected_host.save
|
56
|
+
@severities[issue_id] = issue_severity if issue_severity > @severities[issue_id]
|
57
|
+
@issues << xml_issue
|
68
58
|
end
|
69
59
|
|
70
|
-
|
71
|
-
# so we have to deal with them separately
|
72
|
-
burp_extension_type = '134217728'.freeze
|
73
|
-
if xml_issue.at('type').text.to_str == burp_extension_type
|
74
|
-
process_extension_issues(affected_host, xml_issue)
|
75
|
-
else
|
76
|
-
process_burp_issues(affected_host, xml_issue)
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
# If the Issues come from the Burp app, use the type as the plugin_ic
|
81
|
-
def process_burp_issues(affected_host, xml_issue)
|
82
|
-
issue_name = xml_issue.at('name').text
|
83
|
-
issue_type = xml_issue.at('type').text.to_i
|
60
|
+
@issues.each { |xml_issue| process_issue(xml_issue) }
|
84
61
|
|
85
|
-
logger.info {
|
86
|
-
|
87
|
-
create_issue(
|
88
|
-
affected_host: affected_host,
|
89
|
-
id: issue_type,
|
90
|
-
xml_issue: xml_issue
|
91
|
-
)
|
62
|
+
logger.info { 'Burp Scanner results successfully imported' }
|
63
|
+
true
|
92
64
|
end
|
93
65
|
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
ext_name = xml_issue.at('name').text
|
98
|
-
ext_name = ext_name.gsub!(" ", "")
|
66
|
+
private
|
67
|
+
def create_issue(affected_host:, id:, xml_issue:)
|
68
|
+
xml_evidence = xml_issue.clone
|
99
69
|
|
100
|
-
|
70
|
+
# Ensure that the Issue contains the highest Severity value
|
71
|
+
xml_issue.at('severity').content = BURP_SEVERITIES[@severities[id]]
|
101
72
|
|
102
|
-
create_issue(
|
103
|
-
affected_host: affected_host,
|
104
|
-
id: ext_name,
|
105
|
-
xml_issue: xml_issue
|
106
|
-
)
|
107
|
-
end
|
108
|
-
|
109
|
-
def create_issue(affected_host:, id:, xml_issue:)
|
110
73
|
issue_text =
|
111
74
|
template_service.process_template(
|
112
75
|
template: 'issue',
|
@@ -129,7 +92,7 @@ module Dradis::Plugins::Burp
|
|
129
92
|
evidence_text =
|
130
93
|
template_service.process_template(
|
131
94
|
template: 'evidence',
|
132
|
-
data:
|
95
|
+
data: xml_evidence
|
133
96
|
)
|
134
97
|
|
135
98
|
if evidence_text.include?(::Burp::INVALID_UTF_REPLACE)
|
@@ -145,6 +108,37 @@ module Dradis::Plugins::Burp
|
|
145
108
|
content: evidence_text
|
146
109
|
)
|
147
110
|
end
|
111
|
+
|
112
|
+
# Burp extensions don't follow the "unique type for every Issue" logic
|
113
|
+
# so we have to deal with them separately
|
114
|
+
def issue_id_for(xml_issue)
|
115
|
+
if xml_issue.at('type').text == BURP_EXTENSION_TYPE
|
116
|
+
xml_issue.at('name').text.gsub!(' ', '')
|
117
|
+
else
|
118
|
+
xml_issue.at('type').text.to_i
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
# Creates the Nodes/properties
|
123
|
+
def process_issue(xml_issue)
|
124
|
+
host_url = xml_issue.at('host').text
|
125
|
+
host_label = xml_issue.at('host')['ip']
|
126
|
+
host_label = host_url if host_label.empty?
|
127
|
+
issue_id = issue_id_for(xml_issue)
|
128
|
+
|
129
|
+
affected_host = content_service.create_node(label: host_label, type: :host)
|
130
|
+
affected_host.set_property(:hostname, host_url)
|
131
|
+
affected_host.save
|
132
|
+
|
133
|
+
logger.info { "Adding #{xml_issue.at('name').text} (#{issue_id})"}
|
134
|
+
logger.info { "\taffects: #{host_label}" }
|
135
|
+
|
136
|
+
create_issue(
|
137
|
+
affected_host: affected_host,
|
138
|
+
id: issue_id,
|
139
|
+
xml_issue: xml_issue
|
140
|
+
)
|
141
|
+
end
|
148
142
|
end
|
149
143
|
end
|
150
144
|
end
|
data/spec/burp_upload_spec.rb
CHANGED
@@ -4,7 +4,7 @@ require 'ostruct'
|
|
4
4
|
describe 'Burp upload plugin' do
|
5
5
|
|
6
6
|
describe Burp::Xml::Issue do
|
7
|
-
it
|
7
|
+
it 'handles invalid utf-8 bytes' do
|
8
8
|
doc = Nokogiri::XML(File.read('spec/fixtures/files/invalid-utf-issue.xml'))
|
9
9
|
xml_issue = doc.xpath('issues/issue').first
|
10
10
|
issue = Burp::Xml::Issue.new(xml_issue)
|
@@ -49,7 +49,7 @@ describe 'Burp upload plugin' do
|
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
52
|
-
it
|
52
|
+
it 'creates nodes, issues, and evidence as needed' do
|
53
53
|
|
54
54
|
# Host node
|
55
55
|
#
|
@@ -112,6 +112,46 @@ describe 'Burp upload plugin' do
|
|
112
112
|
@importer.import(file: 'spec/fixtures/files/burp.xml')
|
113
113
|
end
|
114
114
|
|
115
|
+
it 'returns the highest <severity> at the Issue level' do
|
116
|
+
|
117
|
+
# create_issue should be called once for each issue in the xml
|
118
|
+
expect(@content_service).to receive(:create_issue) do |args|
|
119
|
+
expect(args[:id]).to eq(8781630)
|
120
|
+
expect(args[:text]).to include("#[Title]#\nIssue 1")
|
121
|
+
expect(args[:text]).to include("#[Severity]#\nCritical")
|
122
|
+
OpenStruct.new(args)
|
123
|
+
end
|
124
|
+
|
125
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
126
|
+
expect(args[:content]).to include("#[Severity]#\nInformation")
|
127
|
+
expect(args[:issue].text).to include("#[Title]#\nIssue 1")
|
128
|
+
expect(args[:node].label).to eq('10.0.0.1')
|
129
|
+
end.once
|
130
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
131
|
+
expect(args[:content]).to include("#[Severity]#\nHigh")
|
132
|
+
expect(args[:issue].text).to include("#[Title]#\nIssue 1")
|
133
|
+
expect(args[:node].label).to eq('10.0.0.1')
|
134
|
+
OpenStruct.new(args)
|
135
|
+
end.once
|
136
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
137
|
+
expect(args[:content]).to include("#[Severity]#\nMedium")
|
138
|
+
expect(args[:issue].text).to include("#[Title]#\nIssue 1")
|
139
|
+
expect(args[:node].label).to eq('10.0.0.1')
|
140
|
+
end.once
|
141
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
142
|
+
expect(args[:content]).to include("#[Severity]#\nCritical")
|
143
|
+
expect(args[:issue].text).to include("#[Title]#\nIssue 1")
|
144
|
+
expect(args[:node].label).to eq('10.0.0.1')
|
145
|
+
end.once
|
146
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
147
|
+
expect(args[:content]).to include("#[Severity]#\nLow")
|
148
|
+
expect(args[:issue].text).to include("#[Title]#\nIssue 1")
|
149
|
+
expect(args[:node].label).to eq('10.0.0.1')
|
150
|
+
end.once
|
151
|
+
|
152
|
+
# Run the import
|
153
|
+
@importer.import(file: 'spec/fixtures/files/burp_issue_severity.xml')
|
154
|
+
end
|
115
155
|
end
|
116
156
|
|
117
157
|
describe Dradis::Plugins::Burp::Html::Importer do
|
@@ -0,0 +1,118 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<!DOCTYPE issues [
|
3
|
+
<!ELEMENT issues (issue*)>
|
4
|
+
<!ATTLIST issues burpVersion CDATA "">
|
5
|
+
<!ATTLIST issues exportTime CDATA "">
|
6
|
+
<!ELEMENT issue (serialNumber, type, name, host, path, location, severity, confidence, issueBackground?, remediationBackground?, issueDetail?, remediationDetail?, requestresponse*)>
|
7
|
+
<!ELEMENT serialNumber (#PCDATA)>
|
8
|
+
<!ELEMENT type (#PCDATA)>
|
9
|
+
<!ELEMENT name (#PCDATA)>
|
10
|
+
<!ELEMENT host (#PCDATA)>
|
11
|
+
<!ATTLIST host ip CDATA "">
|
12
|
+
<!ELEMENT path (#PCDATA)>
|
13
|
+
<!ELEMENT location (#PCDATA)>
|
14
|
+
<!ELEMENT severity (#PCDATA)>
|
15
|
+
<!ELEMENT confidence (#PCDATA)>
|
16
|
+
<!ELEMENT issueBackground (#PCDATA)>
|
17
|
+
<!ELEMENT remediationBackground (#PCDATA)>
|
18
|
+
<!ELEMENT issueDetail (#PCDATA)>
|
19
|
+
<!ELEMENT remediationDetail (#PCDATA)>
|
20
|
+
<!ELEMENT requestresponse (request?, response?, responseRedirected?)>
|
21
|
+
<!ELEMENT request (#PCDATA)>
|
22
|
+
<!ATTLIST request base64 (true|false) "false">
|
23
|
+
<!ELEMENT response (#PCDATA)>
|
24
|
+
<!ATTLIST response base64 (true|false) "false">
|
25
|
+
<!ELEMENT responseRedirected (#PCDATA)>
|
26
|
+
]>
|
27
|
+
<issues burpVersion="1.5.14" exportTime="Wed Nov 10 17:26:55 EDT 2014">
|
28
|
+
<issue>
|
29
|
+
<serialNumber>1833460934674078320</serialNumber>
|
30
|
+
<type>8781630</type>
|
31
|
+
<name>Issue 1</name>
|
32
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
33
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
34
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
35
|
+
<severity>Information</severity>
|
36
|
+
<confidence>Firm</confidence>
|
37
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
38
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
39
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
40
|
+
<requestresponse>
|
41
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
42
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
43
|
+
<responseRedirected>false</responseRedirected>
|
44
|
+
</requestresponse>
|
45
|
+
</issue>
|
46
|
+
<issue>
|
47
|
+
<serialNumber>1833460934674078321</serialNumber>
|
48
|
+
<type>8781631</type>
|
49
|
+
<name>Issue 2</name>
|
50
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
51
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
52
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
53
|
+
<severity>High</severity>
|
54
|
+
<confidence>Firm</confidence>
|
55
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
56
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
57
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
58
|
+
<requestresponse>
|
59
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
60
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
61
|
+
<responseRedirected>false</responseRedirected>
|
62
|
+
</requestresponse>
|
63
|
+
</issue>
|
64
|
+
<issue>
|
65
|
+
<serialNumber>1833460934674078322</serialNumber>
|
66
|
+
<type>134217728</type>
|
67
|
+
<name>Issue 3</name>
|
68
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
69
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
70
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
71
|
+
<severity>Medium</severity>
|
72
|
+
<confidence>Firm</confidence>
|
73
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
74
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
75
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
76
|
+
<requestresponse>
|
77
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
78
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
79
|
+
<responseRedirected>false</responseRedirected>
|
80
|
+
</requestresponse>
|
81
|
+
</issue>
|
82
|
+
<issue>
|
83
|
+
<serialNumber>1833460934674078323</serialNumber>
|
84
|
+
<type>8781632</type>
|
85
|
+
<name>Issue 4</name>
|
86
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
87
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
88
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
89
|
+
<severity>High</severity>
|
90
|
+
<confidence>Firm</confidence>
|
91
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
92
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
93
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
94
|
+
<requestresponse>
|
95
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
96
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
97
|
+
<responseRedirected>false</responseRedirected>
|
98
|
+
</requestresponse>
|
99
|
+
</issue>
|
100
|
+
<issue>
|
101
|
+
<serialNumber>1833460934674078323</serialNumber>
|
102
|
+
<type>8781633</type>
|
103
|
+
<name>Issue 5</name>
|
104
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
105
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
106
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
107
|
+
<severity>Low</severity>
|
108
|
+
<confidence>Firm</confidence>
|
109
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
110
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
111
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
112
|
+
<requestresponse>
|
113
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
114
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
115
|
+
<responseRedirected>false</responseRedirected>
|
116
|
+
</requestresponse>
|
117
|
+
</issue>
|
118
|
+
</issues>
|
data/templates/issue.fields
CHANGED
data/templates/issue.template
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-burp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.18.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Martin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-07-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dradis-plugins
|
@@ -102,6 +102,8 @@ executables: []
|
|
102
102
|
extensions: []
|
103
103
|
extra_rdoc_files: []
|
104
104
|
files:
|
105
|
+
- ".github/issue_template.md"
|
106
|
+
- ".github/pull_request_template.md"
|
105
107
|
- ".gitignore"
|
106
108
|
- ".rspec"
|
107
109
|
- CHANGELOG.md
|
@@ -126,6 +128,7 @@ files:
|
|
126
128
|
- spec/burp_upload_spec.rb
|
127
129
|
- spec/fixtures/files/burp.html
|
128
130
|
- spec/fixtures/files/burp.xml
|
131
|
+
- spec/fixtures/files/burp_issue_severity.xml
|
129
132
|
- spec/fixtures/files/invalid-utf-issue.xml
|
130
133
|
- spec/fixtures/files/without-base64.xml
|
131
134
|
- spec/spec_helper.rb
|
@@ -157,8 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
157
160
|
- !ruby/object:Gem::Version
|
158
161
|
version: '0'
|
159
162
|
requirements: []
|
160
|
-
|
161
|
-
rubygems_version: 2.6.12
|
163
|
+
rubygems_version: 3.1.2
|
162
164
|
signing_key:
|
163
165
|
specification_version: 4
|
164
166
|
summary: Burp Scanner upload plugin for the Dradis Framework.
|
@@ -166,6 +168,7 @@ test_files:
|
|
166
168
|
- spec/burp_upload_spec.rb
|
167
169
|
- spec/fixtures/files/burp.html
|
168
170
|
- spec/fixtures/files/burp.xml
|
171
|
+
- spec/fixtures/files/burp_issue_severity.xml
|
169
172
|
- spec/fixtures/files/invalid-utf-issue.xml
|
170
173
|
- spec/fixtures/files/without-base64.xml
|
171
174
|
- spec/spec_helper.rb
|