dradis-burp 4.15.0 → 4.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc7f67339be5ca455cab71532d4b761f66358ef2839e9f92c2ef3753d2e6239d
-  data.tar.gz: 614bb38ff3f2d2822c1eff16277b0d5a72d9b1d907929d994650be30e1fd8257
+  metadata.gz: 4b020b3796f439d717c5b889493eaaabb85d7ab654bd7cb0ae898dd839993bd7
+  data.tar.gz: 956ac5571512e4af5279ba2275dc12bd03dc5bdcb6ecd5d3c263cd987162a725
 SHA512:
-  metadata.gz: 67ce502e8c2dfa3d2a53f023e6e849ce6356c34963b96ed573cd7ec564acfea627fef901bd1c57f820c77839d7f99bfa5df0ee522829da984d34e19f473d7572
-  data.tar.gz: fa80e16d0f388955692dee455da6b2ec684f476e0de51f44e284699868e6d6c8075b99fa1e2c8898611cfd96ea2d138b0f9b476364ef3ef4dd3f1571d8dd4232
+  metadata.gz: 13a51ae2624b18c31ce471739d69e145e64634009fa2151808a09faa2eba248b409d999038339ef31c442f038f5c04618f902f10c6bdfe991cb8ac1520d451e3
+  data.tar.gz: 3c541cb0c9d279d73d828325be1bcabc00a33fd705312070c4bb290090b0baf910efccd240ddce10c8d63d1fa727f2de6d0a743e50cd58eee52dea5176b8f230

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+v4.16.0 (May 2025)
+  - Fix HTML importer associating issues in the wrong node
+
 v4.15.0 (December 2024)
   - No changes
 

data/lib/dradis/plugins/burp/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 15
+        MINOR = 16
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/burp/html/importer.rb

@@ -90,7 +90,7 @@ module Dradis::Plugins::Burp
         evidence_id = html_evidence.attr('id').value
         logger.info { "Processing evidence #{evidence_id}" }
 
-        host_td    = html_evidence.xpath("//td[starts-with(.,'Host:')]").first
+        host_td    = html_evidence.at_xpath(".//td[starts-with(.,'Host:')]")
         host_label = host_td.next_element.text.split('//').last
         host       = content_service.create_node(label: host_label, type: :host)
 

data/spec/html/importer_spec.rb

@@ -0,0 +1,70 @@
+require 'spec_helper'
+require 'ostruct'
+
+describe 'Burp upload plugin' do
+  describe Dradis::Plugins::Burp::Html::Importer do
+    before(:each) do
+      # Stub mappings service
+      allow(Dradis::Plugins::MappingService).to receive(:new).and_return(
+        StubbedMappingService.new
+      )
+
+      # Init services
+      plugin = Dradis::Plugins::Burp::Html
+
+      @content_service = Dradis::Plugins::ContentService::Base.new(
+        logger: Logger.new(STDOUT),
+        plugin: plugin
+      )
+
+      @importer = plugin::Importer.new(
+        content_service: @content_service,
+      )
+
+      # Stub dradis-plugins methods
+      #
+      # They return their argument hashes as objects mimicking
+      # Nodes, Issues, etc
+      allow(@content_service).to receive(:create_node) do |args|
+        obj = OpenStruct.new(args)
+        obj.define_singleton_method(:set_property) { |_, __| }
+        obj
+      end
+      allow(@content_service).to receive(:create_issue) do |args|
+        OpenStruct.new(args)
+      end
+      allow(@content_service).to receive(:create_evidence) do |args|
+        OpenStruct.new(args)
+      end
+    end
+
+    it 'creates nodes, issues, and evidence as needed' do
+      # Host node
+      #
+      # create_node should be called once for each issue in the xml,
+      # but ContentService knows it's already created and NOOPs
+      expect(@content_service).to receive(:create_node)
+      .with(hash_including label: 'github.com/dradis/dradis-burp')
+      .exactly(1).times
+
+      # # create_issue should be called once for each issue in the xml
+      expect(@content_service).to receive(:create_issue) do |args|
+        expect(args[:text]).to include("Strict transport security not enforced")
+        expect(args[:text]).to include('*application*', '@Wi-Fi@')
+        expect(args[:id]).to eq(16777984)
+        OpenStruct.new(args)
+      end.once
+      
+      expect(@content_service).to receive(:create_evidence) do |args|
+        expect(args[:content]).to include('Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')
+        expect(args[:content]).to include("http://1.1.1.1/dradis/sessions")
+        expect(args[:issue].text).to include("Strict transport security not enforced")
+        expect(args[:issue].text).to include('*application*', '@Wi-Fi@')
+        expect(args[:node].label).to eq('github.com/dradis/dradis-burp')
+      end.once
+
+      # Run the import
+      @importer.import(file: 'spec/fixtures/files/burp.html')
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -3,6 +3,8 @@ require 'bundler/setup'
 require 'nokogiri'
 require 'combustion'
 
+require 'support/stubbed_mapping_service'
+
 Combustion.initialize!
 
 RSpec.configure do |config|

data/spec/support/stubbed_mapping_service.rb

@@ -0,0 +1,8 @@
+class StubbedMappingService
+  def apply_mapping(args)
+    processor = Dradis::Plugins::Burp::FieldProcessor.new(data: args[:data])
+    Dradis::Plugins::Burp::Mapping::SOURCE_FIELDS[args[:source].to_sym].map do |field|
+      processor.value(field: field)
+    end.join("\n")
+  end
+end

data/spec/{burp_upload_spec.rb → xml/importer_spec.rb}

@@ -2,7 +2,6 @@ require 'spec_helper'
 require 'ostruct'
 
 describe 'Burp upload plugin' do
-
   describe Burp::Xml::Issue do
     it 'handles invalid utf-8 bytes' do
       doc = Nokogiri::XML(File.read('spec/fixtures/files/invalid-utf-issue.xml'))
@@ -15,10 +14,10 @@ describe 'Burp upload plugin' do
 
   describe Dradis::Plugins::Burp::Xml::Importer do
     before(:each) do
-      # Stub template service
-      templates_dir = File.expand_path('../../templates', __FILE__)
-      expect_any_instance_of(Dradis::Plugins::TemplateService)
-      .to receive(:default_templates_dir).and_return(templates_dir)
+      # Stub mappings service
+      allow(Dradis::Plugins::MappingService).to receive(:new).and_return(
+        StubbedMappingService.new
+      )
 
       # Init services
       plugin = Dradis::Plugins::Burp::Xml
@@ -50,7 +49,6 @@ describe 'Burp upload plugin' do
     end
 
     it 'creates nodes, issues, and evidence as needed' do
-
       # Host node
       #
       # create_node should be called once for each issue in the xml,
@@ -61,24 +59,24 @@ describe 'Burp upload plugin' do
 
       # create_issue should be called once for each issue in the xml
       expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Title]#\nIssue 1")
+        expect(args[:text]).to include("Issue 1")
         expect(args[:id]).to eq(8781630)
         OpenStruct.new(args)
       end.once
       expect(@content_service).to receive(:create_evidence) do |args|
         expect(args[:content]).to include('Lorem ipsum dolor sit amet')
-        expect(args[:issue].text).to include("#[Title]#\nIssue 1")
+        expect(args[:issue].text).to include("Issue 1")
         expect(args[:node].label).to eq('10.0.0.1')
       end.once
 
       expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Title]#\nIssue 2")
+        expect(args[:text]).to include("Issue 2")
         expect(args[:id]).to eq(8781631)
         OpenStruct.new(args)
       end.once
       expect(@content_service).to receive(:create_evidence) do |args|
         expect(args[:content]).to include('Lorem ipsum dolor sit amet')
-        expect(args[:issue].text).to include("#[Title]#\nIssue 2")
+        expect(args[:issue].text).to include("Issue 2")
         expect(args[:node].label).to eq('10.0.0.1')
       end.once
 
@@ -86,24 +84,24 @@ describe 'Burp upload plugin' do
       # that it triggers process_extension_issues instead of process_burp_issues
       # and the plugin_id is not set to the Type (134217728)
       expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Title]#\nIssue 3")
+        expect(args[:text]).to include("Issue 3")
         expect(args[:id]).to eq('Issue3')
         OpenStruct.new(args)
       end.once
       expect(@content_service).to receive(:create_evidence) do |args|
         expect(args[:content]).to include('Lorem ipsum dolor sit amet')
-        expect(args[:issue].text).to include("#[Title]#\nIssue 3")
+        expect(args[:issue].text).to include("Issue 3")
         expect(args[:node].label).to eq('10.0.0.1')
       end.once
 
       expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Title]#\nIssue 4")
+        expect(args[:text]).to include("Issue 4")
         expect(args[:id]).to eq(8781633)
         OpenStruct.new(args)
       end.once
       expect(@content_service).to receive(:create_evidence) do |args|
         expect(args[:content]).to include('Lorem ipsum dolor sit amet')
-        expect(args[:issue].text).to include("#[Title]#\nIssue 4")
+        expect(args[:issue].text).to include("Issue 4")
         expect(args[:node].label).to eq('10.0.0.1')
       end.once
 
@@ -112,38 +110,37 @@ describe 'Burp upload plugin' do
     end
 
     it 'returns the highest <severity> at the Issue level' do
-
       expect(@content_service).to receive(:create_issue) do |args|
         expect(args[:id]).to eq(8781630)
-        expect(args[:text]).to include("#[Title]#\nIssue 1")
-        expect(args[:text]).to include("#[Severity]#\nInformation")
+        expect(args[:text]).to include("Issue 1")
+        expect(args[:text]).to include("Information")
         OpenStruct.new(args)
       end
 
       expect(@content_service).to receive(:create_evidence) do |args|
-        expect(args[:content]).to include("#[Severity]#\nInformation")
-        expect(args[:issue].text).to include("#[Title]#\nIssue 1")
+        expect(args[:content]).to include("Information")
+        expect(args[:issue].text).to include("Issue 1")
         expect(args[:node].label).to eq('10.0.0.1')
       end.once
       expect(@content_service).to receive(:create_evidence) do |args|
-        expect(args[:content]).to include("#[Severity]#\nHigh")
-        expect(args[:issue].text).to include("#[Title]#\nIssue 2")
+        expect(args[:content]).to include("High")
+        expect(args[:issue].text).to include("Issue 2")
         expect(args[:node].label).to eq('10.0.0.1')
         OpenStruct.new(args)
       end.once
       expect(@content_service).to receive(:create_evidence) do |args|
-        expect(args[:content]).to include("#[Severity]#\nMedium")
-        expect(args[:issue].text).to include("#[Title]#\nIssue 3")
+        expect(args[:content]).to include("Medium")
+        expect(args[:issue].text).to include("Issue 3")
         expect(args[:node].label).to eq('10.0.0.1')
       end.once
       expect(@content_service).to receive(:create_evidence) do |args|
-        expect(args[:content]).to include("#[Severity]#\nHigh")
-        expect(args[:issue].text).to include("#[Title]#\nIssue 4")
+        expect(args[:content]).to include("High")
+        expect(args[:issue].text).to include("Issue 4")
         expect(args[:node].label).to eq('10.0.0.1')
       end.once
       expect(@content_service).to receive(:create_evidence) do |args|
-        expect(args[:content]).to include("#[Severity]#\nLow")
-        expect(args[:issue].text).to include("#[Title]#\nIssue 5")
+        expect(args[:content]).to include("Low")
+        expect(args[:issue].text).to include("Issue 5")
         expect(args[:node].label).to eq('10.0.0.1')
       end.once
 
@@ -151,71 +148,4 @@ describe 'Burp upload plugin' do
       @importer.import(file: 'spec/fixtures/files/burp_issue_severity.xml')
     end
   end
-
-  describe Dradis::Plugins::Burp::Html::Importer do
-    before(:each) do
-      # Stub template service
-      templates_dir = File.expand_path('../../templates', __FILE__)
-      expect_any_instance_of(Dradis::Plugins::TemplateService)
-      .to receive(:default_templates_dir).and_return(templates_dir)
-
-      # Init services
-      plugin = Dradis::Plugins::Burp::Html
-
-      @content_service = Dradis::Plugins::ContentService::Base.new(
-        logger: Logger.new(STDOUT),
-        plugin: plugin
-      )
-
-      @importer = plugin::Importer.new(
-        content_service: @content_service,
-      )
-
-      # Stub dradis-plugins methods
-      #
-      # They return their argument hashes as objects mimicking
-      # Nodes, Issues, etc
-      allow(@content_service).to receive(:create_node) do |args|
-        obj = OpenStruct.new(args)
-        obj.define_singleton_method(:set_property) { |_, __| }
-        obj
-      end
-      allow(@content_service).to receive(:create_issue) do |args|
-        OpenStruct.new(args)
-      end
-      allow(@content_service).to receive(:create_evidence) do |args|
-        OpenStruct.new(args)
-      end
-    end
-
-    it 'creates nodes, issues, and evidence as needed' do
-
-      # Host node
-      #
-      # create_node should be called once for each issue in the xml,
-      # but ContentService knows it's already created and NOOPs
-      expect(@content_service).to receive(:create_node)
-      .with(hash_including label: 'github.com/dradis/dradis-burp')
-      .exactly(1).times
-
-      # # create_issue should be called once for each issue in the xml
-      expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Title]#\nStrict transport security not enforced")
-        expect(args[:text]).to include('*application*', '@Wi-Fi@')
-        expect(args[:id]).to eq(16777984)
-        OpenStruct.new(args)
-      end.once
-      expect(@content_service).to receive(:create_evidence) do |args|
-        expect(args[:content]).to include('Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')
-        expect(args[:content]).to include("#[Location]#\nhttp://1.1.1.1/dradis/sessions")
-        expect(args[:issue].text).to include("#[Title]#\nStrict transport security not enforced")
-        expect(args[:issue].text).to include('*application*', '@Wi-Fi@')
-        expect(args[:node].label).to eq('github.com/dradis/dradis-burp')
-      end.once
-
-      # Run the import
-      @importer.import(file: 'spec/fixtures/files/burp.html')
-    end
-
-  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-burp
 version: !ruby/object:Gem::Version
-  version: 4.15.0
+  version: 4.16.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-20 00:00:00.000000000 Z
+date: 2025-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -126,13 +126,15 @@ files:
 - lib/dradis/plugins/burp/version.rb
 - lib/dradis/plugins/burp/xml/importer.rb
 - lib/tasks/thorfile.rb
-- spec/burp_upload_spec.rb
 - spec/fixtures/files/burp.html
 - spec/fixtures/files/burp.xml
 - spec/fixtures/files/burp_issue_severity.xml
 - spec/fixtures/files/invalid-utf-issue.xml
 - spec/fixtures/files/without-base64.xml
+- spec/html/importer_spec.rb
 - spec/spec_helper.rb
+- spec/support/stubbed_mapping_service.rb
+- spec/xml/importer_spec.rb
 - templates/html_evidence.sample
 - templates/html_issue.sample
 - templates/xml_evidence.sample
@@ -161,10 +163,12 @@ signing_key:
 specification_version: 4
 summary: Burp Scanner upload plugin for the Dradis Framework.
 test_files:
-- spec/burp_upload_spec.rb
 - spec/fixtures/files/burp.html
 - spec/fixtures/files/burp.xml
 - spec/fixtures/files/burp_issue_severity.xml
 - spec/fixtures/files/invalid-utf-issue.xml
 - spec/fixtures/files/without-base64.xml
+- spec/html/importer_spec.rb
 - spec/spec_helper.rb
+- spec/support/stubbed_mapping_service.rb
+- spec/xml/importer_spec.rb