dradis-burp 3.14.0 → 3.19.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f055ebfe75f0d8cc4bddf2ef5e312f1362e278f0a6e65f0996ea24e99b805ab6
4
- data.tar.gz: bc1a960cf076a017b264855704c16b47cf29f144d7439d53788caac8c8ba406a
3
+ metadata.gz: c2b4b8bdaf8da575ef3f15de612a85d43f4400811306de8fde2955001b4dbc21
4
+ data.tar.gz: 7102211128794fe2a6abd210bd76b4c89456731a4a4199661b15a4db7160af2a
5
5
  SHA512:
6
- metadata.gz: 914ac3f3d7ff0eac62eb6d8094b4185ce2e98f90c574e9d7f07823f3974e6fbd04db09be3f0840f7573d045bb663130fd5cb04d1bc240f0277f665757f6cd66d
7
- data.tar.gz: f7b6ec9e42422bb39d55649c652387f8fe99dc12ee3e5adf1178bb7bdd25dbcdcabc2dfb61c254097951e2392005f02e8ed5030fdf60a4d055bdbfcc5195b9fa
6
+ metadata.gz: ac25b69093399bfd453a500bf19e75a57fc56ec146e34f875f1737b9481fca961e5edc4eabb8bf1860b718dedecd1efb4882e15f6b41db9bac6f67a90e0c080d
7
+ data.tar.gz: 61e8a46ac255f3884d19ad16525861c94088275e67d73732282b8d586d647f3d12f3d366c2cc3c898ebba656f146352179417bc997dcebfee5f798a9bb7da33b
@@ -1,14 +1,34 @@
1
+ ## Dradis Framework 3.19 (September, 2020) ##
2
+
3
+ * No changes.
4
+
5
+ ## Dradis Framework 3.18 (July, 2020) ##
6
+
7
+ * No changes.
8
+
9
+ ## Dradis Framework 3.17 (May, 2020) ##
10
+
11
+ * No changes.
12
+
13
+ ## Dradis Framework 3.16 (February, 2020) ##
14
+
15
+ * Update severity fixture for specs.
16
+
17
+ ## Dradis Framework 3.15 (November, 2019) ##
18
+
19
+ * Make `issue.severity` available at the Issue level.
20
+
1
21
  ## Dradis Framework 3.14 (August, 2019) ##
2
22
 
3
23
  * No changes.
4
24
 
5
25
  ## Dradis Framework 3.13 (June, 2019) ##
6
26
 
7
- * Include parsing Burp Html output
27
+ * Include parsing Burp Html output.
8
28
 
9
29
  ## Dradis Framework 3.12 (March, 2019) ##
10
30
 
11
- * Make `issue.detail` available at the Evidence level
31
+ * Make `issue.detail` available at the Evidence level.
12
32
 
13
33
  ## Dradis Framework 3.11 (November, 2018) ##
14
34
 
@@ -16,17 +36,17 @@
16
36
 
17
37
  ## Dradis Framework 3.10 (August, 2018) ##
18
38
 
19
- * Adds `references` and `vulnerability_classifications` as available fields
39
+ * Adds `references` and `vulnerability_classifications` as available fields.
20
40
 
21
- * Adds `hostname` as a Node property
41
+ * Adds `hostname` as a Node property.
22
42
 
23
- * Fixes formatting errors including `<p>`, `<a href="">`, and `<table>` tags
43
+ * Fixes formatting errors including `<p>`, `<a href="">`, and `<table>` tags.
24
44
 
25
- * Findings with <type>134217728</type> are not bundled together into one Issue
45
+ * Findings with <type>134217728</type> are not bundled together into one Issue.
26
46
 
27
47
  ## Dradis Framework 3.9 (January, 2018) ##
28
48
 
29
- * Encode content with UTF-8 to avoid incompatible db errors (v3.8.1)
49
+ * Encode content with UTF-8 to avoid incompatible db errors (v3.8.1).
30
50
 
31
51
  ## Dradis Framework 3.8 (September, 2017) ##
32
52
 
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 3
11
- MINOR = 14
11
+ MINOR = 19
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -12,10 +12,14 @@ module Dradis::Plugins::Burp
12
12
  end
13
13
 
14
14
  class Importer < Dradis::Plugins::Upload::Importer
15
+ BURP_EXTENSION_TYPE = '134217728'.freeze
16
+ BURP_SEVERITIES = ['Information', 'Low', 'Medium', 'High'].freeze
17
+
15
18
  def initialize(args={})
16
19
  args[:plugin] = Dradis::Plugins::Burp
17
20
  super(args)
18
21
  end
22
+
19
23
  def import(params = {})
20
24
  file_content = File.read(params[:file])
21
25
 
@@ -33,80 +37,39 @@ module Dradis::Plugins::Burp
33
37
  logger.info { 'Done.' }
34
38
 
35
39
  if doc.root.name != 'issues'
36
- error = "Document doesn't seem to be in the Burp Scanner XML format."
40
+ error = 'Document doesn\'t seem to be in the Burp Scanner XML format.'
37
41
  logger.fatal { error }
38
42
  content_service.create_note text: error
39
43
  return false
40
44
  end
41
45
 
42
46
  # This will be filled in by the Processor while iterating over the issues
43
- @hosts = []
44
- @affected_host = nil
45
- @issue_text = nil
46
- @evidence_text = nil
47
+ @issues = []
48
+ @severities = Hash.new(0)
47
49
 
50
+ # We need to look ahead through all issues to bring the highest severity
51
+ # of each instance to the Issue level.
48
52
  doc.xpath('issues/issue').each do |xml_issue|
49
- process_issue(xml_issue)
50
- end
51
-
52
- logger.info { 'Burp Scanner results successfully imported' }
53
- true
54
- end
55
-
56
- # Creates the Nodes/properties
57
- def process_issue(xml_issue)
58
- host_label = xml_issue.at('host')['ip']
59
- host_label = xml_issue.at('host').text if host_label.empty?
60
- affected_host = content_service.create_node(label: host_label, type: :host)
61
- logger.info { "\taffects: #{host_label}" }
53
+ issue_id = issue_id_for(xml_issue)
54
+ issue_severity = BURP_SEVERITIES.index(xml_issue.at('severity').text)
62
55
 
63
- unless @hosts.include?(affected_host.label)
64
- @hosts << affected_host.label
65
- url = xml_issue.at('host').text
66
- affected_host.set_property(:hostname, url)
67
- affected_host.save
56
+ @severities[issue_id] = issue_severity if issue_severity > @severities[issue_id]
57
+ @issues << xml_issue
68
58
  end
69
59
 
70
- # Burp extensions don't follow the "unique type for every Issue" logic
71
- # so we have to deal with them separately
72
- burp_extension_type = '134217728'.freeze
73
- if xml_issue.at('type').text.to_str == burp_extension_type
74
- process_extension_issues(affected_host, xml_issue)
75
- else
76
- process_burp_issues(affected_host, xml_issue)
77
- end
78
- end
79
-
80
- # If the Issues come from the Burp app, use the type as the plugin_ic
81
- def process_burp_issues(affected_host, xml_issue)
82
- issue_name = xml_issue.at('name').text
83
- issue_type = xml_issue.at('type').text.to_i
60
+ @issues.each { |xml_issue| process_issue(xml_issue) }
84
61
 
85
- logger.info { "Adding #{issue_name} (#{issue_type})" }
86
-
87
- create_issue(
88
- affected_host: affected_host,
89
- id: issue_type,
90
- xml_issue: xml_issue
91
- )
62
+ logger.info { 'Burp Scanner results successfully imported' }
63
+ true
92
64
  end
93
65
 
94
- # If the Issues come from a Burp extension (type = 134217728), then
95
- # use the name (spaces removed) as the plugin_id
96
- def process_extension_issues(affected_host, xml_issue)
97
- ext_name = xml_issue.at('name').text
98
- ext_name = ext_name.gsub!(" ", "")
66
+ private
67
+ def create_issue(affected_host:, id:, xml_issue:)
68
+ xml_evidence = xml_issue.clone
99
69
 
100
- logger.info { "Adding #{ext_name}" }
70
+ # Ensure that the Issue contains the highest Severity value
71
+ xml_issue.at('severity').content = BURP_SEVERITIES[@severities[id]]
101
72
 
102
- create_issue(
103
- affected_host: affected_host,
104
- id: ext_name,
105
- xml_issue: xml_issue
106
- )
107
- end
108
-
109
- def create_issue(affected_host:, id:, xml_issue:)
110
73
  issue_text =
111
74
  template_service.process_template(
112
75
  template: 'issue',
@@ -129,7 +92,7 @@ module Dradis::Plugins::Burp
129
92
  evidence_text =
130
93
  template_service.process_template(
131
94
  template: 'evidence',
132
- data: xml_issue
95
+ data: xml_evidence
133
96
  )
134
97
 
135
98
  if evidence_text.include?(::Burp::INVALID_UTF_REPLACE)
@@ -145,6 +108,37 @@ module Dradis::Plugins::Burp
145
108
  content: evidence_text
146
109
  )
147
110
  end
111
+
112
+ # Burp extensions don't follow the "unique type for every Issue" logic
113
+ # so we have to deal with them separately
114
+ def issue_id_for(xml_issue)
115
+ if xml_issue.at('type').text == BURP_EXTENSION_TYPE
116
+ xml_issue.at('name').text.gsub!(' ', '')
117
+ else
118
+ xml_issue.at('type').text.to_i
119
+ end
120
+ end
121
+
122
+ # Creates the Nodes/properties
123
+ def process_issue(xml_issue)
124
+ host_url = xml_issue.at('host').text
125
+ host_label = xml_issue.at('host')['ip']
126
+ host_label = host_url if host_label.empty?
127
+ issue_id = issue_id_for(xml_issue)
128
+
129
+ affected_host = content_service.create_node(label: host_label, type: :host)
130
+ affected_host.set_property(:hostname, host_url)
131
+ affected_host.save
132
+
133
+ logger.info { "Adding #{xml_issue.at('name').text} (#{issue_id})"}
134
+ logger.info { "\taffects: #{host_label}" }
135
+
136
+ create_issue(
137
+ affected_host: affected_host,
138
+ id: issue_id,
139
+ xml_issue: xml_issue
140
+ )
141
+ end
148
142
  end
149
143
  end
150
144
  end
@@ -4,7 +4,7 @@ require 'ostruct'
4
4
  describe 'Burp upload plugin' do
5
5
 
6
6
  describe Burp::Xml::Issue do
7
- it "handles invalid utf-8 bytes" do
7
+ it 'handles invalid utf-8 bytes' do
8
8
  doc = Nokogiri::XML(File.read('spec/fixtures/files/invalid-utf-issue.xml'))
9
9
  xml_issue = doc.xpath('issues/issue').first
10
10
  issue = Burp::Xml::Issue.new(xml_issue)
@@ -49,7 +49,7 @@ describe 'Burp upload plugin' do
49
49
  end
50
50
  end
51
51
 
52
- it "creates nodes, issues, and evidence as needed" do
52
+ it 'creates nodes, issues, and evidence as needed' do
53
53
 
54
54
  # Host node
55
55
  #
@@ -112,6 +112,46 @@ describe 'Burp upload plugin' do
112
112
  @importer.import(file: 'spec/fixtures/files/burp.xml')
113
113
  end
114
114
 
115
+ it 'returns the highest <severity> at the Issue level' do
116
+
117
+ # create_issue should be called once for each issue in the xml
118
+ expect(@content_service).to receive(:create_issue) do |args|
119
+ expect(args[:id]).to eq(8781630)
120
+ expect(args[:text]).to include("#[Title]#\nIssue 1")
121
+ expect(args[:text]).to include("#[Severity]#\nCritical")
122
+ OpenStruct.new(args)
123
+ end
124
+
125
+ expect(@content_service).to receive(:create_evidence) do |args|
126
+ expect(args[:content]).to include("#[Severity]#\nInformation")
127
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
128
+ expect(args[:node].label).to eq('10.0.0.1')
129
+ end.once
130
+ expect(@content_service).to receive(:create_evidence) do |args|
131
+ expect(args[:content]).to include("#[Severity]#\nHigh")
132
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
133
+ expect(args[:node].label).to eq('10.0.0.1')
134
+ OpenStruct.new(args)
135
+ end.once
136
+ expect(@content_service).to receive(:create_evidence) do |args|
137
+ expect(args[:content]).to include("#[Severity]#\nMedium")
138
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
139
+ expect(args[:node].label).to eq('10.0.0.1')
140
+ end.once
141
+ expect(@content_service).to receive(:create_evidence) do |args|
142
+ expect(args[:content]).to include("#[Severity]#\nCritical")
143
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
144
+ expect(args[:node].label).to eq('10.0.0.1')
145
+ end.once
146
+ expect(@content_service).to receive(:create_evidence) do |args|
147
+ expect(args[:content]).to include("#[Severity]#\nLow")
148
+ expect(args[:issue].text).to include("#[Title]#\nIssue 1")
149
+ expect(args[:node].label).to eq('10.0.0.1')
150
+ end.once
151
+
152
+ # Run the import
153
+ @importer.import(file: 'spec/fixtures/files/burp_issue_severity.xml')
154
+ end
115
155
  end
116
156
 
117
157
  describe Dradis::Plugins::Burp::Html::Importer do
@@ -0,0 +1,118 @@
1
+ <?xml version="1.0"?>
2
+ <!DOCTYPE issues [
3
+ <!ELEMENT issues (issue*)>
4
+ <!ATTLIST issues burpVersion CDATA "">
5
+ <!ATTLIST issues exportTime CDATA "">
6
+ <!ELEMENT issue (serialNumber, type, name, host, path, location, severity, confidence, issueBackground?, remediationBackground?, issueDetail?, remediationDetail?, requestresponse*)>
7
+ <!ELEMENT serialNumber (#PCDATA)>
8
+ <!ELEMENT type (#PCDATA)>
9
+ <!ELEMENT name (#PCDATA)>
10
+ <!ELEMENT host (#PCDATA)>
11
+ <!ATTLIST host ip CDATA "">
12
+ <!ELEMENT path (#PCDATA)>
13
+ <!ELEMENT location (#PCDATA)>
14
+ <!ELEMENT severity (#PCDATA)>
15
+ <!ELEMENT confidence (#PCDATA)>
16
+ <!ELEMENT issueBackground (#PCDATA)>
17
+ <!ELEMENT remediationBackground (#PCDATA)>
18
+ <!ELEMENT issueDetail (#PCDATA)>
19
+ <!ELEMENT remediationDetail (#PCDATA)>
20
+ <!ELEMENT requestresponse (request?, response?, responseRedirected?)>
21
+ <!ELEMENT request (#PCDATA)>
22
+ <!ATTLIST request base64 (true|false) "false">
23
+ <!ELEMENT response (#PCDATA)>
24
+ <!ATTLIST response base64 (true|false) "false">
25
+ <!ELEMENT responseRedirected (#PCDATA)>
26
+ ]>
27
+ <issues burpVersion="1.5.14" exportTime="Wed Nov 10 17:26:55 EDT 2014">
28
+ <issue>
29
+ <serialNumber>1833460934674078320</serialNumber>
30
+ <type>8781630</type>
31
+ <name>Issue 1</name>
32
+ <host ip="10.0.0.1">http://www.test.com</host>
33
+ <path><![CDATA[/Common/login.aspx]]></path>
34
+ <location><![CDATA[/Common/login.aspx]]></location>
35
+ <severity>Information</severity>
36
+ <confidence>Firm</confidence>
37
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
38
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
39
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
40
+ <requestresponse>
41
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
42
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
43
+ <responseRedirected>false</responseRedirected>
44
+ </requestresponse>
45
+ </issue>
46
+ <issue>
47
+ <serialNumber>1833460934674078321</serialNumber>
48
+ <type>8781631</type>
49
+ <name>Issue 2</name>
50
+ <host ip="10.0.0.1">http://www.test.com</host>
51
+ <path><![CDATA[/Common/login.aspx]]></path>
52
+ <location><![CDATA[/Common/login.aspx]]></location>
53
+ <severity>High</severity>
54
+ <confidence>Firm</confidence>
55
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
56
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
57
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
58
+ <requestresponse>
59
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
60
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
61
+ <responseRedirected>false</responseRedirected>
62
+ </requestresponse>
63
+ </issue>
64
+ <issue>
65
+ <serialNumber>1833460934674078322</serialNumber>
66
+ <type>134217728</type>
67
+ <name>Issue 3</name>
68
+ <host ip="10.0.0.1">http://www.test.com</host>
69
+ <path><![CDATA[/Common/login.aspx]]></path>
70
+ <location><![CDATA[/Common/login.aspx]]></location>
71
+ <severity>Medium</severity>
72
+ <confidence>Firm</confidence>
73
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
74
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
75
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
76
+ <requestresponse>
77
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
78
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
79
+ <responseRedirected>false</responseRedirected>
80
+ </requestresponse>
81
+ </issue>
82
+ <issue>
83
+ <serialNumber>1833460934674078323</serialNumber>
84
+ <type>8781632</type>
85
+ <name>Issue 4</name>
86
+ <host ip="10.0.0.1">http://www.test.com</host>
87
+ <path><![CDATA[/Common/login.aspx]]></path>
88
+ <location><![CDATA[/Common/login.aspx]]></location>
89
+ <severity>High</severity>
90
+ <confidence>Firm</confidence>
91
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
92
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
93
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
94
+ <requestresponse>
95
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
96
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
97
+ <responseRedirected>false</responseRedirected>
98
+ </requestresponse>
99
+ </issue>
100
+ <issue>
101
+ <serialNumber>1833460934674078323</serialNumber>
102
+ <type>8781633</type>
103
+ <name>Issue 5</name>
104
+ <host ip="10.0.0.1">http://www.test.com</host>
105
+ <path><![CDATA[/Common/login.aspx]]></path>
106
+ <location><![CDATA[/Common/login.aspx]]></location>
107
+ <severity>Low</severity>
108
+ <confidence>Firm</confidence>
109
+ <issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
110
+ <remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
111
+ <issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
112
+ <requestresponse>
113
+ <request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
114
+ <response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
115
+ <responseRedirected>false</responseRedirected>
116
+ </requestresponse>
117
+ </issue>
118
+ </issues>
@@ -1,7 +1,8 @@
1
- issue.name
2
1
  issue.background
3
- issue.remediation_background
4
2
  issue.detail
5
- issue.remediation_detail
3
+ issue.name
6
4
  issue.references
5
+ issue.remediation_background
6
+ issue.remediation_detail
7
+ issue.severity
7
8
  issue.vulnerability_classifications
@@ -2,6 +2,10 @@
2
2
  %issue.name%
3
3
 
4
4
 
5
+ #[Severity]#
6
+ %issue.severity%
7
+
8
+
5
9
  #[Background]#
6
10
  %issue.background%
7
11
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-burp
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.14.0
4
+ version: 3.19.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-08-13 00:00:00.000000000 Z
11
+ date: 2020-09-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -128,6 +128,7 @@ files:
128
128
  - spec/burp_upload_spec.rb
129
129
  - spec/fixtures/files/burp.html
130
130
  - spec/fixtures/files/burp.xml
131
+ - spec/fixtures/files/burp_issue_severity.xml
131
132
  - spec/fixtures/files/invalid-utf-issue.xml
132
133
  - spec/fixtures/files/without-base64.xml
133
134
  - spec/spec_helper.rb
@@ -159,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
159
160
  - !ruby/object:Gem::Version
160
161
  version: '0'
161
162
  requirements: []
162
- rubygems_version: 3.0.3
163
+ rubygems_version: 3.0.1
163
164
  signing_key:
164
165
  specification_version: 4
165
166
  summary: Burp Scanner upload plugin for the Dradis Framework.
@@ -167,6 +168,7 @@ test_files:
167
168
  - spec/burp_upload_spec.rb
168
169
  - spec/fixtures/files/burp.html
169
170
  - spec/fixtures/files/burp.xml
171
+ - spec/fixtures/files/burp_issue_severity.xml
170
172
  - spec/fixtures/files/invalid-utf-issue.xml
171
173
  - spec/fixtures/files/without-base64.xml
172
174
  - spec/spec_helper.rb