dradis-burp 3.13.0 → 3.18.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: a8034f8e440c364e55c983a3d413fe7111b5d7e1
4
- data.tar.gz: 0daba2fe9ef55228264d5f3e83d6a88d0ddad849
2
+ SHA256:
3
+ metadata.gz: f87e164401b9a2bd5ee2a795d93448651ed2eb08d6cebc661fefde6b15c57315
4
+ data.tar.gz: 1e46a0f0d296996623a3e479ddd2f7d6a666672ebfade92ad4883c62a740c096
5
5
  SHA512:
6
- metadata.gz: f0960ebadfdbb8096f1bf841fc707cc78290d1feaf8cb619ced75999ff0f41c66ca1b332bd9691a16a5f5683d76d8f234d829bfeaa8c59ebc5383afd5eacf2b1
7
- data.tar.gz: 68f6554c4c1772bfaa8c0e2ab1d35cd3ddd679bd30dbee7269299fa2242c8ab9f5cf085f3bad2578f4ffb2e38b55ae253b52c880c8f781a52a55f339746c34eb
6
+ metadata.gz: f5e7b6bc8a65e1d15fec78bb2da94ea36bd11e468d9d2dc15b1535b7f7df955dbfe077bdeda67aa3e632282bc26412ccf1aafffba9068a420d5433e774becce4
7
+ data.tar.gz: d5691cc2a904caa1d8f469e9bd48650a424ee2768bb41f82cd78101bfacdcb65b32f2c69011cf223e2e3f32614a9ff0239e6d2ffebd4902a599f383e695c6986
@@ -0,0 +1,16 @@
1
+ ### Steps to reproduce
2
+
3
+ Help us help you, how can we reproduce the problem?
4
+
5
+ ### Expected behavior
6
+ Tell us what should happen
7
+
8
+ ### Actual behavior
9
+ Tell us what happens instead
10
+
11
+ ### System configuration
12
+ **Dradis version**:
13
+
14
+ **Ruby version**:
15
+
16
+ **OS version**:
@@ -0,0 +1,36 @@
1
+ ### Summary
2
+
3
+ Provide a general description of the code changes in your pull
4
+ request... were there any bugs you had fixed? If so, mention them. If
5
+ these bugs have open GitHub issues, be sure to tag them here as well,
6
+ to keep the conversation linked together.
7
+
8
+
9
+ ### Other Information
10
+
11
+ If there's anything else that's important and relevant to your pull
12
+ request, mention that information here. This could include
13
+ benchmarks, or other information.
14
+
15
+ Thanks for contributing to Dradis!
16
+
17
+
18
+ ### Copyright assignment
19
+
20
+ Collaboration is difficult with commercial closed source but we want
21
+ to keep as much of the OSS ethos as possible available to users
22
+ who want to fix it themselves.
23
+
24
+ In order to unambiguously own and sell Dradis Framework commercial
25
+ products, we must have the copyright associated with the entire
26
+ codebase. Any code you create which is merged must be owned by us.
27
+ That's not us trying to be a jerks, that's just the way it works.
28
+
29
+ Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
30
+ file for the details.
31
+
32
+ You can delete this section, but the following sentence needs to
33
+ remain in the PR's description:
34
+
35
+ > I assign all rights, including copyright, to any future Dradis
36
+ > work by myself to Security Roots.
@@ -1,10 +1,30 @@
1
- ## Dradis Framework 3.13 (XXX, 2019) ##
1
+ ## Dradis Framework 3.18 (July, 2020) ##
2
2
 
3
- * Include parsing Burp Html output
3
+ * No changes.
4
+
5
+ ## Dradis Framework 3.17 (May, 2020) ##
6
+
7
+ * No changes.
8
+
9
+ ## Dradis Framework 3.16 (February, 2020) ##
10
+
11
+ * Update severity fixture for specs.
12
+
13
+ ## Dradis Framework 3.15 (November, 2019) ##
14
+
15
+ * Make `issue.severity` available at the Issue level.
16
+
17
+ ## Dradis Framework 3.14 (August, 2019) ##
18
+
19
+ * No changes.
20
+
21
+ ## Dradis Framework 3.13 (June, 2019) ##
22
+
23
+ * Include parsing Burp Html output.
4
24
 
5
25
  ## Dradis Framework 3.12 (March, 2019) ##
6
26
 
7
- * Make `issue.detail` available at the Evidence level
27
+ * Make `issue.detail` available at the Evidence level.
8
28
 
9
29
  ## Dradis Framework 3.11 (November, 2018) ##
10
30
 
@@ -12,17 +32,17 @@
12
32
 
13
33
  ## Dradis Framework 3.10 (August, 2018) ##
14
34
 
15
- * Adds `references` and `vulnerability_classifications` as available fields
35
+ * Adds `references` and `vulnerability_classifications` as available fields.
16
36
 
17
- * Adds `hostname` as a Node property
37
+ * Adds `hostname` as a Node property.
18
38
 
19
- * Fixes formatting errors including `<p>`, `<a href="">`, and `<table>` tags
39
+ * Fixes formatting errors including `<p>`, `<a href="">`, and `<table>` tags.
20
40
 
21
- * Findings with <type>134217728</type> are not bundled together into one Issue
41
+ * Findings with <type>134217728</type> are not bundled together into one Issue.
22
42
 
23
43
  ## Dradis Framework 3.9 (January, 2018) ##
24
44
 
25
- * Encode content with UTF-8 to avoid incompatible db errors (v3.8.1)
45
+ * Encode content with UTF-8 to avoid incompatible db errors (v3.8.1).
26
46
 
27
47
  ## Dradis Framework 3.8 (September, 2017) ##
28
48
 
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 3
11
- MINOR = 13
11
+ MINOR = 18
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -12,10 +12,14 @@ module Dradis::Plugins::Burp
12
12
  end
13
13
 
14
14
  class Importer < Dradis::Plugins::Upload::Importer
15
+ BURP_EXTENSION_TYPE = '134217728'.freeze
16
+ BURP_SEVERITIES = ['Information', 'Low', 'Medium', 'High'].freeze
17
+
15
18
  def initialize(args={})
16
19
  args[:plugin] = Dradis::Plugins::Burp
17
20
  super(args)
18
21
  end
22
+
19
23
  def import(params = {})
20
24
  file_content = File.read(params[:file])
21
25
 
@@ -33,80 +37,39 @@ module Dradis::Plugins::Burp
33
37
  logger.info { 'Done.' }
34
38
 
35
39
  if doc.root.name != 'issues'
36
- error = "Document doesn't seem to be in the Burp Scanner XML format."
40
+ error = 'Document doesn\'t seem to be in the Burp Scanner XML format.'
37
41
  logger.fatal { error }
38
42
  content_service.create_note text: error
39
43
  return false
40
44
  end
41
45
 
42
46
  # This will be filled in by the Processor while iterating over the issues
43
- @hosts = []
44
- @affected_host = nil
45
- @issue_text = nil
46
- @evidence_text = nil
47
+ @issues = []
48
+ @severities = Hash.new(0)
47
49
 
50
+ # We need to look ahead through all issues to bring the highest severity
51
+ # of each instance to the Issue level.
48
52
  doc.xpath('issues/issue').each do |xml_issue|
49
- process_issue(xml_issue)
50
- end
51
-
52
- logger.info { 'Burp Scanner results successfully imported' }
53
- true
54
- end
55
-
56
- # Creates the Nodes/properties
57
- def process_issue(xml_issue)
58
- host_label = xml_issue.at('host')['ip']
59
- host_label = xml_issue.at('host').text if host_label.empty?
60
- affected_host = content_service.create_node(label: host_label, type: :host)
61
- logger.info { "\taffects: #{host_label}" }
53
+ issue_id = issue_id_for(xml_issue)
54
+ issue_severity = BURP_SEVERITIES.index(xml_issue.at('severity').text)
62
55
 
63
- unless @hosts.include?(affected_host.label)
64
- @hosts << affected_host.label
65
- url = xml_issue.at('host').text
66
- affected_host.set_property(:hostname, url)
67
- affected_host.save
56
+ @severities[issue_id] = issue_severity if issue_severity > @severities[issue_id]
57
+ @issues << xml_issue
68
58
  end
69
59
 
70
- # Burp extensions don't follow the "unique type for every Issue" logic
71
- # so we have to deal with them separately
72
- burp_extension_type = '134217728'.freeze
73
- if xml_issue.at('type').text.to_str == burp_extension_type
74
- process_extension_issues(affected_host, xml_issue)
75
- else
76
- process_burp_issues(affected_host, xml_issue)
77
- end
78
- end
79
-
80
- # If the Issues come from the Burp app, use the type as the plugin_ic
81
- def process_burp_issues(affected_host, xml_issue)
82
- issue_name = xml_issue.at('name').text
83
- issue_type = xml_issue.at('type').text.to_i
60
+ @issues.each { |xml_issue| process_issue(xml_issue) }
84
61
 
85
- logger.info { "Adding #{issue_name} (#{issue_type})" }
86
-
87
- create_issue(
88
- affected_host: affected_host,
89
- id: issue_type,
90
- xml_issue: xml_issue
91
- )
62
+ logger.info { 'Burp Scanner results successfully imported' }
63
+ true
92
64
  end
93
65
 
94
- # If the Issues come from a Burp extension (type = 134217728), then
95
- # use the name (spaces removed) as the plugin_id
96
- def process_extension_issues(affected_host, xml_issue)
97
- ext_name = xml_issue.at('name').text
98
- ext_name = ext_name.gsub!(" ", "")
66
+ private
67
+ def create_issue(affected_host:, id:, xml_issue:)
68
+ xml_evidence = xml_issue.clone
99
69
 
100
- logger.info { "Adding #{ext_name}" }
70
+ # Ensure that the Issue contains the highest Severity value
71
+ xml_issue.at('severity').content = BURP_SEVERITIES[@severities[id]]
101
72
 
102
- create_issue(
103
- affected_host: affected_host,
104
- id: ext_name,
105
- xml_issue: xml_issue
106
- )
107
- end
108
-
109
- def create_issue(affected_host:, id:, xml_issue:)
110
73
  issue_text =
111
74
  template_service.process_template(
112
75
  template: 'issue',
@@ -129,7 +92,7 @@ module Dradis::Plugins::Burp
129
92
  evidence_text =
130
93
  template_service.process_template(
131
94
  template: 'evidence',
132
- data: xml_issue
95
+ data: xml_evidence
133
96
  )
134
97
 
135
98
  if evidence_text.include?(::Burp::INVALID_UTF_REPLACE)
@@ -145,6 +108,37 @@ module Dradis::Plugins::Burp
145
108
  content: evidence_text
146
109
  )
147
110
  end
111
+
112
+ # Burp extensions don't follow the "unique type for every Issue" logic
113
+ # so we have to deal with them separately
114
+ def issue_id_for(xml_issue)
115
+ if xml_issue.at('type').text == BURP_EXTENSION_TYPE
116
+ xml_issue.at('name').text.gsub!(' ', '')
117
+ else
118
+ xml_issue.at('type').text.to_i
119
+ end
120
+ end
121
+
122
+ # Creates the Nodes/properties
123
+ def process_issue(xml_issue)
124
+ host_url = xml_issue.at('host').text
125
+ host_label = xml_issue.at('host')['ip']
126
+ host_label = host_url if host_label.empty?
127
+ issue_id = issue_id_for(xml_issue)
128
+
129
+ affected_host = content_service.create_node(label: host_label, type: :host)
130
+ affected_host.set_property(:hostname, host_url)
131
+ affected_host.save
132
+
133
+ logger.info { "Adding #{xml_issue.at('name').text} (#{issue_id})"}
134
+ logger.info { "\taffects: #{host_label}" }
135
+
136
+ create_issue(
137
+ affected_host: affected_host,
138
+ id: issue_id,
139
+ xml_issue: xml_issue
140
+ )
141
+ end
148
142
  end
149
143
  end
150
144
  end
@@ -4,7 +4,7 @@ require 'ostruct'
4
4
  describe 'Burp upload plugin' do
5
5
 
6
6
  describe Burp::Xml::Issue do
7
- it "handles invalid utf-8 bytes" do
7
+ it 'handles invalid utf-8 bytes' do
8
8
  doc = Nokogiri::XML(File.read('spec/fixtures/files/invalid-utf-issue.xml'))
9
9
  xml_issue = doc.xpath('issues/issue').first
10
10
  issue = Burp::Xml::Issue.new(xml_issue)
@@ -49,7 +49,7 @@ describe 'Burp upload plugin' do
49
49
  end
50
50
  end
51
51
 
52
- it "creates nodes, issues, and evidence as needed" do
52
+ it 'creates nodes, issues, and evidence as needed' do
53
53
 
54
54
  # Host node
55
55
  #
@@ -112,6 +112,46 @@ describe 'Burp upload plugin' do
112
112
  @importer.import(file: 'spec/fixtures/files/burp.xml')
113
113
  end
114
114
 
115
+ it 'returns the highest <severity> at the Issue level' do
116
+
117
+ # create_issue should be called once for each issue in the xml
118
+ expect(@content_service).to receive(:create_issue) do |args|
119
+ expect(args[:id]).to eq(8781630)
120
+ expect(args[:text]).to include("#[Title]#\nIssue 1")
121
+ expect(args[:text]).to include("#[Severity]#\nCritical")
122
+ OpenStruct.new(args)
123
+ end
124
+
125
+ expect(@content_service).to receive(:create_evidence) do |args|
126
+ expect(args[:content]).to include("#[Severity]#\nInformation")
127
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
128
+ expect(args[:node].label).to eq('10.0.0.1')
129
+ end.once
130
+ expect(@content_service).to receive(:create_evidence) do |args|
131
+ expect(args[:content]).to include("#[Severity]#\nHigh")
132
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
133
+ expect(args[:node].label).to eq('10.0.0.1')
134
+ OpenStruct.new(args)
135
+ end.once
136
+ expect(@content_service).to receive(:create_evidence) do |args|
137
+ expect(args[:content]).to include("#[Severity]#\nMedium")
138
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
139
+ expect(args[:node].label).to eq('10.0.0.1')
140
+ end.once
141
+ expect(@content_service).to receive(:create_evidence) do |args|
142
+ expect(args[:content]).to include("#[Severity]#\nCritical")
143
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
144
+ expect(args[:node].label).to eq('10.0.0.1')
145
+ end.once
146
+ expect(@content_service).to receive(:create_evidence) do |args|
147
+ expect(args[:content]).to include("#[Severity]#\nLow")
148
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
149
+ expect(args[:node].label).to eq('10.0.0.1')
150
+ end.once
151
+
152
+ # Run the import
153
+ @importer.import(file: 'spec/fixtures/files/burp_issue_severity.xml')
154
+ end
115
155
  end
116
156
 
117
157
  describe Dradis::Plugins::Burp::Html::Importer do
@@ -0,0 +1,118 @@
1
+ <?xml version="1.0"?>
2
+ <!DOCTYPE issues [
3
+ <!ELEMENT issues (issue*)>
4
+ <!ATTLIST issues burpVersion CDATA "">
5
+ <!ATTLIST issues exportTime CDATA "">
6
+ <!ELEMENT issue (serialNumber, type, name, host, path, location, severity, confidence, issueBackground?, remediationBackground?, issueDetail?, remediationDetail?, requestresponse*)>
7
+ <!ELEMENT serialNumber (#PCDATA)>
8
+ <!ELEMENT type (#PCDATA)>
9
+ <!ELEMENT name (#PCDATA)>
10
+ <!ELEMENT host (#PCDATA)>
11
+ <!ATTLIST host ip CDATA "">
12
+ <!ELEMENT path (#PCDATA)>
13
+ <!ELEMENT location (#PCDATA)>
14
+ <!ELEMENT severity (#PCDATA)>
15
+ <!ELEMENT confidence (#PCDATA)>
16
+ <!ELEMENT issueBackground (#PCDATA)>
17
+ <!ELEMENT remediationBackground (#PCDATA)>
18
+ <!ELEMENT issueDetail (#PCDATA)>
19
+ <!ELEMENT remediationDetail (#PCDATA)>
20
+ <!ELEMENT requestresponse (request?, response?, responseRedirected?)>
21
+ <!ELEMENT request (#PCDATA)>
22
+ <!ATTLIST request base64 (true|false) "false">
23
+ <!ELEMENT response (#PCDATA)>
24
+ <!ATTLIST response base64 (true|false) "false">
25
+ <!ELEMENT responseRedirected (#PCDATA)>
26
+ ]>
27
+ <issues burpVersion="1.5.14" exportTime="Wed Nov 10 17:26:55 EDT 2014">
28
+ <issue>
29
+ <serialNumber>1833460934674078320</serialNumber>
30
+ <type>8781630</type>
31
+ <name>Issue 1</name>
32
+ <host ip="10.0.0.1">http://www.test.com</host>
33
+ <path><![CDATA[/Common/login.aspx]]></path>
34
+ <location><![CDATA[/Common/login.aspx]]></location>
35
+ <severity>Information</severity>
36
+ <confidence>Firm</confidence>
37
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
38
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
39
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
40
+ <requestresponse>
41
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
42
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
43
+ <responseRedirected>false</responseRedirected>
44
+ </requestresponse>
45
+ </issue>
46
+ <issue>
47
+ <serialNumber>1833460934674078321</serialNumber>
48
+ <type>8781631</type>
49
+ <name>Issue 2</name>
50
+ <host ip="10.0.0.1">http://www.test.com</host>
51
+ <path><![CDATA[/Common/login.aspx]]></path>
52
+ <location><![CDATA[/Common/login.aspx]]></location>
53
+ <severity>High</severity>
54
+ <confidence>Firm</confidence>
55
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
56
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
57
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
58
+ <requestresponse>
59
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
60
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
61
+ <responseRedirected>false</responseRedirected>
62
+ </requestresponse>
63
+ </issue>
64
+ <issue>
65
+ <serialNumber>1833460934674078322</serialNumber>
66
+ <type>134217728</type>
67
+ <name>Issue 3</name>
68
+ <host ip="10.0.0.1">http://www.test.com</host>
69
+ <path><![CDATA[/Common/login.aspx]]></path>
70
+ <location><![CDATA[/Common/login.aspx]]></location>
71
+ <severity>Medium</severity>
72
+ <confidence>Firm</confidence>
73
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
74
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
75
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
76
+ <requestresponse>
77
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
78
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
79
+ <responseRedirected>false</responseRedirected>
80
+ </requestresponse>
81
+ </issue>
82
+ <issue>
83
+ <serialNumber>1833460934674078323</serialNumber>
84
+ <type>8781632</type>
85
+ <name>Issue 4</name>
86
+ <host ip="10.0.0.1">http://www.test.com</host>
87
+ <path><![CDATA[/Common/login.aspx]]></path>
88
+ <location><![CDATA[/Common/login.aspx]]></location>
89
+ <severity>High</severity>
90
+ <confidence>Firm</confidence>
91
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
92
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
93
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
94
+ <requestresponse>
95
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
96
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
97
+ <responseRedirected>false</responseRedirected>
98
+ </requestresponse>
99
+ </issue>
100
+ <issue>
101
+ <serialNumber>1833460934674078323</serialNumber>
102
+ <type>8781633</type>
103
+ <name>Issue 5</name>
104
+ <host ip="10.0.0.1">http://www.test.com</host>
105
+ <path><![CDATA[/Common/login.aspx]]></path>
106
+ <location><![CDATA[/Common/login.aspx]]></location>
107
+ <severity>Low</severity>
108
+ <confidence>Firm</confidence>
109
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
110
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
111
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
112
+ <requestresponse>
113
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
114
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
115
+ <responseRedirected>false</responseRedirected>
116
+ </requestresponse>
117
+ </issue>
118
+ </issues>
@@ -1,7 +1,8 @@
1
- issue.name
2
1
  issue.background
3
- issue.remediation_background
4
2
  issue.detail
5
- issue.remediation_detail
3
+ issue.name
6
4
  issue.references
5
+ issue.remediation_background
6
+ issue.remediation_detail
7
+ issue.severity
7
8
  issue.vulnerability_classifications
@@ -2,6 +2,10 @@
2
2
  %issue.name%
3
3
 
4
4
 
5
+ #[Severity]#
6
+ %issue.severity%
7
+
8
+
5
9
  #[Background]#
6
10
  %issue.background%
7
11
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-burp
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.13.0
4
+ version: 3.18.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-06-10 00:00:00.000000000 Z
11
+ date: 2020-07-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -102,6 +102,8 @@ executables: []
102
102
  extensions: []
103
103
  extra_rdoc_files: []
104
104
  files:
105
+ - ".github/issue_template.md"
106
+ - ".github/pull_request_template.md"
105
107
  - ".gitignore"
106
108
  - ".rspec"
107
109
  - CHANGELOG.md
@@ -126,6 +128,7 @@ files:
126
128
  - spec/burp_upload_spec.rb
127
129
  - spec/fixtures/files/burp.html
128
130
  - spec/fixtures/files/burp.xml
131
+ - spec/fixtures/files/burp_issue_severity.xml
129
132
  - spec/fixtures/files/invalid-utf-issue.xml
130
133
  - spec/fixtures/files/without-base64.xml
131
134
  - spec/spec_helper.rb
@@ -157,8 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
157
160
  - !ruby/object:Gem::Version
158
161
  version: '0'
159
162
  requirements: []
160
- rubyforge_project:
161
- rubygems_version: 2.6.12
163
+ rubygems_version: 3.1.2
162
164
  signing_key:
163
165
  specification_version: 4
164
166
  summary: Burp Scanner upload plugin for the Dradis Framework.
@@ -166,6 +168,7 @@ test_files:
166
168
  - spec/burp_upload_spec.rb
167
169
  - spec/fixtures/files/burp.html
168
170
  - spec/fixtures/files/burp.xml
171
+ - spec/fixtures/files/burp_issue_severity.xml
169
172
  - spec/fixtures/files/invalid-utf-issue.xml
170
173
  - spec/fixtures/files/without-base64.xml
171
174
  - spec/spec_helper.rb