dradis-calculator_dread 3.19.0 → 3.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c86c74f06c370672a7ed32a10e8c651941e62029ac56f9e8fc150aaeb68e85fd
-  data.tar.gz: 247efa5a3f48c3ba34ca7f8a6e575fceb67ca1debb93c3369aeebb24f1eb8e0a
+  metadata.gz: 4709e60ffa6d506b2bd17067bbdf79f0dbe154ae8ecdbb016831150d4ced1bf4
+  data.tar.gz: d7455d2a8aea8e0b7acf673ff239273734d6ecb197615ccdfe07c9ac75df14fd
 SHA512:
-  metadata.gz: 43b6e6bb8deb8c53726594df38c842fa6da11757d5879830229f5c38af66d580b4d1fc3c07a767af1cb05a32e71d0ffe2470b360f06c34d71c5eda004367f605
-  data.tar.gz: 02eeed533f02b4cb7b1f0898aaf7ec0b326bf9483a30f3412724c33d2f1ee815aa813d0ce2602ccdaed026ce50fbcb65c5e32d6e40d4780b780fb636357e9c70
+  metadata.gz: 53be04520f5243b1ac09c40932d72484edfd4b26b9a63c640ca732758e3252fc8ce4a5ad70321350b5ade6e9b372d69a4040356df54968726197c0d4e490a79b
+  data.tar.gz: 668bb9f73b0729e4e59dda8b5f2d3c515d5c2fff1e2ddabe01716a3ca3231f84206bf9f44d54e090544c71dae4133a00ad461f7e3948e4a12d38eb39e9c0448a

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Dradis Framework 3.20 (December, 2020) ##
+
+*   Integrate calculator in Issues view.
+*   Use Bootstrap gem vs vendored assets.
+
 ## Dradis Framework 3.19 (September, 2020) ##
 
 *   No changes.

data/app/assets/javascripts/dradis/plugins/calculators/dread/calculator.js.coffee

@@ -10,8 +10,8 @@
     threat     = $("input[name='disc']:checked").data('agent')
     likelihood = (repro + exploit + disc) / 3
 
-
-    dread      = (impact + likelihood) / 2
+    dread        = (impact + likelihood) / 2
+    dread_vector = "DREAD:1.0/D:#{damage}/A:#{affected}/R:#{repro}/E:#{exploit}/DI:#{disc}"
 
     impact_fixed     = DREADCalculator._fix(impact)
     likelihood_fixed = DREADCalculator._fix(likelihood)
@@ -21,25 +21,28 @@
     $('#likelihood-score').text(likelihood_fixed)
     $('#dread-score').text(dread_fixed)
 
-    issue_dread = "#[DreadValue]#\n"
+    issue_dread = "#[DREAD.Vector]#\n"
+    issue_dread += "#{dread_vector}\n\n"
+    issue_dread += "#[DREAD.Score]#\n"
     issue_dread += "#{dread_fixed}\n\n"
-    issue_dread += "#[Damage]#\n"
+    issue_dread += "#[DREAD.Damage]#\n"
     issue_dread += "#{damage}\n\n"
-    issue_dread += "#[AffectedSystems]#\n"
+    issue_dread += "#[DREAD.AffectedSystems]#\n"
     issue_dread += "#{affected}\n\n"
-    issue_dread += "#[Impact]#\n"
+    issue_dread += "#[DREAD.Impact]#\n"
     issue_dread += "#{impact_fixed}\n\n"
-    issue_dread += "#[Reproducibility]#\n"
+    issue_dread += "#[DREAD.Reproducibility]#\n"
     issue_dread += "#{repro}\n\n"
-    issue_dread += "#[Discoverability]#\n"
+    issue_dread += "#[DREAD.Discoverability]#\n"
     issue_dread += "#{disc}\n\n"
-    issue_dread += "#[ThreatAgent]#\n"
+    issue_dread += "#[DREAD.ThreatAgent]#\n"
     issue_dread += "#{threat}\n\n"
-    issue_dread += "#[Exploitability]#\n"
+    issue_dread += "#[DREAD.Exploitability]#\n"
     issue_dread += "#{exploit}\n\n"
-    issue_dread += "#[Likelihood]#\n"
+    issue_dread += "#[DREAD.Likelihood]#\n"
     issue_dread += "#{likelihood_fixed}\n"
-    $('#blob').text(issue_dread)
+
+    $('textarea[name=dread_fields]').val(issue_dread)
 
   _fix: (input) ->
     if $.isNumeric(input) && Math.floor(input) == input
@@ -48,5 +51,7 @@
       input.toFixed(3)
 
 
-jQuery ->
-  $('input[type=radio]').on 'change', DREADCalculator.calculate
+document.addEventListener "turbolinks:load", ->
+  if $('[data-behavior~=dread-buttons]').length
+    DREADCalculator.calculate()
+    $('input[type=radio]').on 'change', DREADCalculator.calculate

data/app/assets/javascripts/dradis/plugins/calculators/dread/manifests/{application.js.coffee → application.js}

@@ -1,2 +1,4 @@
 //= require jquery
+//= require turbolinks
+
 //= require dradis/plugins/calculators/dread/calculator

data/app/assets/javascripts/dradis/plugins/calculators/dread/manifests/tylium.js

@@ -0,0 +1 @@
+//= require dradis/plugins/calculators/dread/calculator

data/app/assets/stylesheets/dradis/plugins/calculators/dread/manifests/application.css.scss

@@ -1,2 +1 @@
-@import 'bootstrap';
-@import 'bootstrap-responsive';
+@import '_bootstrap';

data/app/controllers/dradis/plugins/calculators/dread/base_controller.rb

@@ -1,5 +1,8 @@
 module Dradis::Plugins::Calculators::DREAD
   # Does it matter that we're inheriting from the no-frills controller?
   class BaseController < ActionController::Base
+    def index
+      @dread_vector = Hash.new { |h, k| h[k] = 0 }
+    end
   end
 end

data/app/controllers/dradis/plugins/calculators/dread/issues_controller.rb

@@ -0,0 +1,40 @@
+module Dradis::Plugins::Calculators::DREAD
+  # Does it matter that we're inheriting from the no-frills controller?
+  class IssuesController < ::IssuesController
+    before_action :set_dread_vector, only: :edit
+
+    def edit
+    end
+
+    def update
+      dread_fields = Hash[ *params[:dread_fields].scan(FieldParser::FIELDS_REGEX).flatten.map(&:strip) ]
+      dread_fields.each do |name, value|
+        @issue.set_field(name, value)
+      end
+
+      if @issue.save
+        redirect_to main_app.project_issue_path(current_project, @issue), notice: 'DREAD fields updated.'
+      else
+        render :edit
+      end
+    end
+
+    def set_dread_vector
+      # Undefined values default to 0
+      @dread_vector = Hash.new { |h, k| h[k] = 0 }
+      field_value  = @issue.fields['DREAD.Vector']
+
+      # If no vector is set yet, that's OK
+      return if field_value.blank?
+
+      if field_value =~ V1::VECTOR_REGEXP
+        field_value.split('/').each do |pair|
+          field, value = pair.split(':')
+          @dread_vector[field] = value.to_i
+        end
+      else
+        redirect_to main_app.project_issue_path(current_project, @issue), alert: 'The format of the DREAD Vector field is invalid.'
+      end
+    end
+  end
+end

data/app/models/dradis/plugins/calculators/dread/v1.rb

@@ -0,0 +1,19 @@
+module Dradis::Plugins::Calculators::DREAD
+  class V1
+    FIELD_NAMES = %i{
+      Vector
+      Score
+      Impact
+      Damage
+      AffectedSystems
+      Likelihood
+      Reproducibility
+      Exploitability
+      Discoverability
+      ThreatAgent
+    }.freeze
+
+    FIELDS = FIELD_NAMES.map { |name| "DREAD.#{name}".freeze }.freeze
+    VECTOR_REGEXP = /DREAD:1.0\/D:\d\/A:\d\/R:\d\/E:\d\/DI:\d/.freeze
+  end
+end

data/app/views/dradis/plugins/calculators/dread/_addons_menu.html.erb

@@ -1 +1 @@
-<li><%= link_to 'Risk Calculators - DREAD', dread_calculator.dread_path %></li>
+<%= link_to 'Risk Calculators - DREAD', dread_calculator.calculators_dread_path, class: 'dropdown-item', data: { turbolinks: false } %>

data/app/views/dradis/plugins/calculators/dread/base/_impact.html.erb

@@ -0,0 +1,83 @@
+<section data-behavior="dread-buttons">
+  <p class="lead text-center">Impact = (Damage + Affected)/2</p>
+
+  <h3>Damage Potential</h3>
+  <p>If a vulnerability exploit occurs, how much damage will be caused?</p>
+
+  <table class="table table-striped">
+    <thead>
+      <tr>
+        <th></th>
+        <th>Sens. Data</th>
+        <th>Infra.</th>
+        <th>Phys. access</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td>
+          <input type="radio" name="damage" value="0" <%= 'checked' if @dread_vector['D'] == 0 %>/> 0
+        </td>
+        <td colspan="3">
+          Information leakage that could lead to compromise of sensitive data or systems
+        </td>
+      </tr>
+      <tr>
+        <td>
+          <input type="radio" name="damage" value="1" <%= 'checked' if @dread_vector['D'] == 1 %>/> 1
+        </td>
+        <td colspan="3">
+          The presence of this vulnerability contributes to other vulnerabilities being exploited
+        </td>
+      </tr>
+      <tr>
+        <td>
+          <input type="radio" name="damage" value="2" <%= 'checked' if @dread_vector['D'] == 2 %>/> 2
+        </td>
+        <td colspan="2">
+          Sensitive data compromised
+        </td>
+        <td>
+          Access to places with no critical systems
+        </td>
+      </tr>
+      <tr>
+        <td>
+          <input type="radio" name="damage" value="3" <%= 'checked' if @dread_vector['D'] == 3 %>/> 3
+        </td>
+        <td colspan="2">
+          User account compromised	System completely compromised
+        </td>
+        <td>
+          Access to places with critical systems
+        </td>
+      </tr>
+    </tbody>
+  </table>
+
+  <p class="alert alert-warning"><strong>NOTE</strong>: If vulnerability violates PCI compliance it is automatically marked as 3</p>
+
+  <h3>Affected users or systems</h3>
+  <p>How many users or systems will be affected if the vulnerability is exploited?</p>
+
+  <table class="table table-striped">
+    <tbody>
+      <tr>
+        <td><input type="radio" name="affected" value="0" <%= 'checked' if @dread_vector['A'] == 0 %>/> 0</td>
+        <td>None</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="affected" value="1" <%= 'checked' if @dread_vector['A'] == 1 %>/> 1</td>
+        <td>Less than half of the systems/users are affected</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="affected" value="2" <%= 'checked' if @dread_vector['A'] == 2 %>/> 2</td>
+        <td>More than half of the systems/users are affected</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="affected" value="3" <%= 'checked' if @dread_vector['A'] == 3 %>/> 3</td>
+        <td>All systems or users are affected</td>
+      </tr>
+    </tbody>
+  </table>
+</section>

data/app/views/dradis/plugins/calculators/dread/base/_likelihood.html.erb

@@ -0,0 +1,98 @@
+<section data-behavior="dread-buttons">
+  <p class="lead text-center">Likelihood = (Repro + Exploit + Disc)/3</p>
+
+  <h3>Reproducibility</h3>
+  <p>What kind of access is necessary to exploit this vulnerability?</p>
+
+  <table class="table table-striped">
+    <tbody>
+      <tr>
+        <td><input type="radio" name="repro" value="0" <%= 'checked' if @dread_vector['R'] == 0 %>/> 0</td>
+        <td>Physical access to target machine</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="repro" value="1" <%= 'checked' if @dread_vector['R'] == 1 %>/> 1</td>
+        <td>Valid credentials to the system</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="repro" value="2" <%= 'checked' if @dread_vector['R'] == 2 %>/> 2</td>
+        <td>Same network as the victim</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="repro" value="3" <%= 'checked' if @dread_vector['R'] == 3 %>/> 3</td>
+        <td>Internet access with no credentials</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <h3>Exploitability</h3>
+  <p>What is needed to exploit this vulnerability?</p>
+
+  <table class="table table-striped">
+    <tbody>
+
+      <tr>
+        <td><input type="radio" name="exploit" value="0" <%= 'checked' if @dread_vector['E'] == 0 %>/> 0</td>
+        <td>
+          <ul>
+            <li>Advanced programming and networking knowledge</li>
+            <li>Custom or advanced attack tools</li>
+            <li>Depends on other vulnerabilities being present which have not been discovered</li>
+          </ul>
+        </td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="exploit" value="1" <%= 'checked' if @dread_vector['E'] == 1 %>/> 1</td>
+        <td>Requires victim’s intervention, possibly through social engineering</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="exploit" value="2" <%= 'checked' if @dread_vector['E'] == 2 %>/> 2</td>
+        <td>
+          <ul>
+            <li>Tool or malware is available on the Internet</li>
+            <li>Exploit is easily performed</li>
+          </ul>
+        </td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="exploit" value="3" <%= 'checked' if @dread_vector['E'] == 3 %>/> 3</td>
+        <td>Just a web browser or no tools necessary</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <h3>Discoverability</h3>
+  <p>How easy is it to discover and exploit this vulnerability?</p>
+
+  <table class="table table-striped">
+    <thead>
+      <tr>
+        <th></th>
+        <th>Difficulty</th>
+        <th>Equivalent threat agent</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td><input type="radio" name="disc" value="0" data-agent="Organized crime, inside job" <%= 'checked' if @dread_vector['DI'] == 0 %>/> 0</td>
+        <td>Very hard to impossible; requires source code, administrative access or classified information</td>
+        <td>Organized crime, inside job</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="disc" value="1" data-agent="Motivated attacker" <%= 'checked' if @dread_vector['DI'] == 1 %>/> 1</td>
+        <td>Hard; requires partial knowledge of internal structure, or involves guessing</td>
+        <td>Motivated attacker</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="disc" value="2" data-agent="Script kiddie, curious attacker" <%= 'checked' if @dread_vector['DI'] == 2 %>/> 2</td>
+        <td>Medium; details of faults like this are already in public domain and can be easily discovered using a search engine</td>
+        <td>Script kiddie, curious attacker</td>
+      </tr>
+      <tr>
+        <td><input type="radio" name="disc" value="3" data-agent="Automated malware, accidental discovery" <%= 'checked' if @dread_vector['DI'] == 3 %>/> 3</td>
+        <td>Low; information is visible in a browser address bar, form, or readily visible or accessible in case of physical vulnerabilities</td>
+        <td>Automated malware, accidental discovery</td>
+      </tr>
+    </tbody>
+  </table>
+</section>

data/app/views/dradis/plugins/calculators/dread/base/index.html.erb

@@ -5,228 +5,45 @@
 <p class="lead">Use this page to calculate the <abbr title="Damage potential, Reproducibility, Exploitability, Affected Users, Discoverability">DREAD</abbr> score of a given finding.</p>
 
 <div class="row">
-  <div class="col-4">
+  <div class="col-8">
     <h2>Impact score: <span id="impact-score">0</span></h2>
-    <p class="lead text-center">Impact = (Damage + Affected)/2</p>
-
-    <h3>Damage Potential</h3>
-    <p>If a vulnerability exploit occurs, how much damage will be caused?</p>
-
-    <table class="table table-striped">
-      <thead>
-        <tr>
-          <th></th>
-          <th>Sens. Data</th>
-          <th>Infra.</th>
-          <th>Phys. access</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>
-            <input type="radio" name="damage" value="0" checked /> 0
-          </td>
-          <td colspan="3">
-            Information leakage that could lead to compromise of sensitive data or systems
-          </td>
-        </tr>
-        <tr>
-          <td>
-            <input type="radio" name="damage" value="1"/> 1
-          </td>
-          <td colspan="3">
-            The presence of this vulnerability contributes to other vulnerabilities being exploited
-          </td>
-        </tr>
-        <tr>
-          <td>
-            <input type="radio" name="damage" value="2"/> 2
-          </td>
-          <td colspan="2">
-            Sensitive data compromised
-          </td>
-          <td>
-            Access to places with no critical systems
-          </td>
-        </tr>
-        <tr>
-          <td>
-            <input type="radio" name="damage" value="3"/> 3
-          </td>
-          <td colspan="2">
-            3	User account compromised	System completely compromised
-          </td>
-          <td>
-            Access to places with critical systems
-          </td>
-        </tr>
-      </tbody>
-    </table>
-
-    <p class="alert alert-danger"><strong>NOTE</strong>: If vulnerability violates PCI compliance it is automatically marked as 3</p>
-
-    <h3>Affected users or systems</h3>
-    <p>How many users or systems will be affected if the vulnerability is exploited?</p>
-
-    <table class="table table-striped">
-      <tbody>
-        <tr>
-          <td><input type="radio" name="affected" value="0" checked/> 0</td>
-          <td>None</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="affected" value="1"/> 1</td>
-          <td>Less than half of the systems/users are affected</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="affected" value="2"/> 2</td>
-          <td>More than half of the systems/users are affected</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="affected" value="3"/> 3</td>
-          <td>All systems or users are affected</td>
-        </tr>
-      </tbody>
-    </table>
-  </div>
+    <%= render 'dradis/plugins/calculators/dread/base/impact' %>
 
-  <div class="col-4">
     <h2>Likelihood score: <span id="likelihood-score">0</span></h2>
-    <p class="lead text-center">Likelihood = (Repro + Exploit + Disc)/3</p>
-
-    <h3>Reproducibility</h3>
-    <p>What kind of access is necessary to exploit this vulnerability?</p>
-
-    <table class="table table-striped">
-      <tbody>
-        <tr>
-          <td><input type="radio" name="repro" value="0" checked/> 0</td>
-          <td>Physical access to target machine</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="repro" value="1"/> 1</td>
-          <td>Valid credentials to the system</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="repro" value="2"/> 2</td>
-          <td>Same network as the victim</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="repro" value="3"/> 3</td>
-          <td>Internet access with no credentials</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3>Exploitability</h3>
-    <p>What is needed to exploit this vulnerability?</p>
-
-    <table class="table table-striped">
-      <tbody>
-
-        <tr>
-          <td><input type="radio" name="exploit" value="0" checked/> 0</td>
-          <td>
-            <ul>
-              <li>Advanced programming and networking knowledge</li>
-              <li>Custom or advanced attack tools</li>
-              <li>Depends on other vulnerabilities being present which have not been discovered</li>
-            </ul>
-          </td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="exploit" value="1"/> 1</td>
-          <td>Requires victim’s intervention, possibly through social engineering</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="exploit" value="2"/> 2</td>
-          <td>
-            <ul>
-              <li>Tool or malware is available on the Internet</li>
-              <li>Exploit is easily performed</li>
-            </ul>
-          </td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="exploit" value="3"/> 3</td>
-          <td>Just a web browser or no tools necessary</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3>Discoverability</h3>
-    <p>How easy is it to discover and exploit this vulnerability?</p>
-
-    <table class="table table-striped">
-      <thead>
-        <tr>
-          <th></th>
-          <th>Difficulty</th>
-          <th>Equivalent threat agent</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td><input type="radio" name="disc" value="0" checked data-agent="Organized crime, inside job"/> 0</td>
-          <td>Very hard to impossible; requires source code, administrative access or classified information</td>
-          <td>Organized crime, inside job</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="disc" value="1" data-agent="Motivated attacker"/> 1</td>
-          <td>Hard; requires partial knowledge of internal structure, or involves guessing</td>
-          <td>Motivated attacker</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="disc" value="2" data-agent="Script kiddie, curious attacker"/> 2</td>
-          <td>Medium; details of faults like this are already in public domain and can be easily discovered using a search engine</td>
-          <td>Script kiddie, curious attacker</td>
-        </tr>
-        <tr>
-          <td><input type="radio" name="disc" value="3" data-agent="Automated malware, accidental discovery"/> 3</td>
-          <td>Low; information is visible in a browser address bar, form, or readily visible or accessible in case of physical vulnerabilities</td>
-          <td>Automated malware, accidental discovery</td>
-        </tr>
-      </tbody>
-    </table>
+    <%= render 'dradis/plugins/calculators/dread/base/likelihood' %>
   </div>
 
   <div class="col-4">
     <h2>DREAD score: <span id="dread-score">0</span></h2>
     <p class="lead text-center">DREAD = (Impact + Likelihood)/2</p>
-<pre id="blob">#[DreadValue]#
+    <textarea class="form-control" name="dread_fields" rows="28" style="width:95%">#[DreadValue]#
 N/A
 
-
 #[Damage]#
 N/A
 
-
 #[AffectedSystems]#
 N/A
 
-
 #[Impact]#
 N/A
 
-
 #[Reproducibility]#
 N/A
 
-
 #[Discoverability]#
 N/A
 
-
 #[ThreatAgent]#
 N/A
 
-
 #[Exploitability]#
 N/A
 
-
 #[Likelihood]#
 N/A
-</pre>
+
+
+</textarea>
   </div>
-</div>
+</div>

data/app/views/dradis/plugins/calculators/dread/issues/_show-content.html.erb

@@ -0,0 +1,20 @@
+<div class="tab-pane" id="dread-tab">
+  <div class="inner">
+    <h4 class="header-underline">DREAD Risk Scoring -
+      <span class="actions">
+        <%= link_to dread_calculator.dread_project_issue_path(current_project, @issue) do %>
+          <i class="fa fa-pencil"></i> Edit
+        <% end %>
+    </h4>
+
+    <div class="mb-4 content-textile">
+      <%=
+        markup(
+          @issue.fields
+            .select { |k,v| Dradis::Plugins::Calculators::DREAD::V1::FIELDS.include?(k) }
+            .map { |k,v| "#[#{k}]#\n#{v}" }.join("\n\n")
+        )
+      %>
+    </div>
+  </div>
+</div>

data/app/views/dradis/plugins/calculators/dread/issues/_show-tabs.html.erb

@@ -0,0 +1,3 @@
+<li class="nav-item">
+  <a href="#dread-tab" data-toggle="tab" class="nav-link"><i class="fa fa-calculator"></i> DREAD</a>
+</li>

data/app/views/dradis/plugins/calculators/dread/issues/edit.html.erb

@@ -0,0 +1,83 @@
+<% content_for :title, 'Edit DREAD score' %>
+
+<% content_for :sidebar do %>
+  <%= render 'issues/sidebar'%>
+<% end %>
+
+<div class="content-container">
+  <h4 class="header-underline">Edit DREAD Risk Scoring</h4>
+  <div id="issues_editor">
+    <div class="inner note-text-inner">
+
+      <%= simple_form_for [:dread, current_project, @issue], method: :patch do |f| %>
+
+        <ul class="nav nav-pills w-100" id="cvss-tabs">
+          <li class="nav-item">
+            <a href="#dread-edit-impact" data-toggle="pill" class="nav-link active">Impact: <span id="impact-score">0</span></a>
+          </li>
+          <li class="nav-item">
+            <a href="#dread-edit-likelihood" data-toggle="pill" class="nav-link">Likelihood: <span id="likelihood-score">0</span></a>
+          </li>
+          <li class="nav-item pull-right">
+            <a href="#dread-edit-result" data-toggle="pill" class="nav-link">Result: <span id="dread-score">0</span></a>
+          </li>
+        </ul>
+
+        <div class="tab-content mt-4">
+          <div class="tab-pane active" id="dread-edit-impact">
+            <%= render 'dradis/plugins/calculators/dread/base/impact' %>
+          </div>
+          <div class="tab-pane" id="dread-edit-likelihood">
+            <%= render 'dradis/plugins/calculators/dread/base/likelihood' %>
+          </div>
+
+          <div class="tab-pane" id="dread-edit-result">
+            <p class="lead text-center">DREAD = (Impact + Likelihood)/2</p>
+
+            <textarea class="form-control" name="dread_fields" rows="10" style="width:95%">#[DreadValue]#
+N/A
+
+
+#[Damage]#
+N/A
+
+
+#[AffectedSystems]#
+N/A
+
+
+#[Impact]#
+N/A
+
+
+#[Reproducibility]#
+N/A
+
+
+#[Discoverability]#
+N/A
+
+
+#[ThreatAgent]#
+N/A
+
+
+#[Exploitability]#
+N/A
+
+
+#[Likelihood]#
+N/A
+
+  </textarea>
+          </div>
+        </div>
+
+        <div class="form-actions">
+          <%= f.button :submit, nil, class: 'btn btn-primary' %> or
+          <%= link_to 'Cancel', main_app.project_issue_path(current_project, @issue), class: 'cancel-link' %>
+        </div>
+      <% end %>
+    </div>
+  </div>
+</div>

data/app/views/layouts/dradis/plugins/calculators/dread/base.html.erb

@@ -3,6 +3,7 @@
   <head>
     <title>DREAD Score Calculator | Dradis Framework</title>
     <%= stylesheet_link_tag    'dradis/plugins/calculators/dread/manifests/application', media: 'all', 'data-turbolinks-track' => true %>
+    <%= javascript_include_tag 'dradis/plugins/calculators/dread/manifests/application', 'data-turbolinks-track' => true %>
     <%= csrf_meta_tags %>
 
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
@@ -13,18 +14,14 @@
         <a href="javascript:void(0)" class="navbar-brand">DREAD score calculator</a>
         <ul class="navbar-nav pull-right">
           <li class="nav-item">
-            <%= link_to main_app.root_path, class: 'nav-link' do %>
+            <%= link_to main_app.root_path, class: 'nav-link', data: { turbolinks: false } do %>
             Back to the app  &rarr;
             <% end %>
           </li>
         </ul>
       </nav>
-      <%= yield%>
-    </div>
 
-    <div class="card d-none">
-      <%= debug main_app.methods(false).sort %>
+      <%= yield %>
     </div>
-    <%= javascript_include_tag 'dradis/plugins/calculators/dread/manifests/application', 'data-turbolinks-track' => true %>
   </body>
-</html>
+</html>

data/config/routes.rb

@@ -1,3 +1,12 @@
 Dradis::Plugins::Calculators::DREAD::Engine.routes.draw do
-  get '/dread' => "base#index"
-end
+  get '/calculators/dread' => 'base#index'
+
+  resources :projects, only: [] do
+    resources :issues, only: [] do
+      member do
+        get 'dread' => 'issues#edit'
+        patch 'dread' => 'issues#update'
+      end
+    end
+  end
+end

data/lib/dradis/plugins/calculators/dread/engine.rb

@@ -4,7 +4,7 @@ module Dradis::Plugins::Calculators::DREAD
 
     include Dradis::Plugins::Base
     provides :addon
-    description 'Provides a DREAD score calculator under /calculators/dread'
+    description 'Risk Calculators: DREAD'
 
     initializer 'calculator_dread.asset_precompile_paths' do |app|
       app.config.assets.precompile += ["dradis/plugins/calculators/dread/manifests/*"]
@@ -18,7 +18,7 @@ module Dradis::Plugins::Calculators::DREAD
 
     initializer 'calculator_dread.mount_engine' do
       Rails.application.routes.append do
-        mount Dradis::Plugins::Calculators::DREAD::Engine => '/calculators/', as: :dread_calculator
+        mount Dradis::Plugins::Calculators::DREAD::Engine => '/', as: :dread_calculator
       end
     end
 

data/lib/dradis/plugins/calculators/dread/gem_version.rb

@@ -9,7 +9,7 @@ module Dradis
 
         module VERSION
           MAJOR = 3
-          MINOR = 19
+          MINOR = 20
           TINY = 0
           PRE = nil
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-calculator_dread
 version: !ruby/object:Gem::Version
-  version: 3.19.0
+  version: 3.20.0
 platform: ruby
 authors:
 - Daniel Martin
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-04 00:00:00.000000000 Z
+date: 2021-01-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -69,12 +69,19 @@ files:
 - README.md
 - Rakefile
 - app/assets/javascripts/dradis/plugins/calculators/dread/calculator.js.coffee
-- app/assets/javascripts/dradis/plugins/calculators/dread/manifests/application.js.coffee
+- app/assets/javascripts/dradis/plugins/calculators/dread/manifests/application.js
+- app/assets/javascripts/dradis/plugins/calculators/dread/manifests/tylium.js
 - app/assets/stylesheets/dradis/plugins/calculators/dread/manifests/application.css.scss
 - app/controllers/dradis/plugins/calculators/dread/base_controller.rb
+- app/controllers/dradis/plugins/calculators/dread/issues_controller.rb
+- app/models/dradis/plugins/calculators/dread/v1.rb
 - app/views/dradis/plugins/calculators/dread/_addons_menu.html.erb
-- app/views/dradis/plugins/calculators/dread/_addons_menu_bs4.html.erb
+- app/views/dradis/plugins/calculators/dread/base/_impact.html.erb
+- app/views/dradis/plugins/calculators/dread/base/_likelihood.html.erb
 - app/views/dradis/plugins/calculators/dread/base/index.html.erb
+- app/views/dradis/plugins/calculators/dread/issues/_show-content.html.erb
+- app/views/dradis/plugins/calculators/dread/issues/_show-tabs.html.erb
+- app/views/dradis/plugins/calculators/dread/issues/edit.html.erb
 - app/views/layouts/dradis/plugins/calculators/dread/base.html.erb
 - config/routes.rb
 - dradis-calculator_dread.gemspec
@@ -86,7 +93,7 @@ homepage: http://dradisframework.org
 licenses:
 - GPL-2
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -101,8 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
-signing_key: 
+rubygems_version: 3.2.4
+signing_key:
 specification_version: 4
 summary: This plugin adds a DREAD score calculator to Dradis.
 test_files: []

data/app/views/dradis/plugins/calculators/dread/_addons_menu_bs4.html.erb

@@ -1 +0,0 @@
-<%= link_to 'Risk Calculators - DREAD', dread_calculator.dread_path, class: 'dropdown-item' %>