dradis-coreimpact 4.5.0

data/lib/dradis/plugins/coreimpact/gem_version.rb

@@ -0,0 +1,19 @@
+module Dradis
+  module Plugins
+    module Coreimpact
+      # Returns the version of the currently loaded Dradis as a <tt>Gem::Version</tt>
+      def self.gem_version
+        Gem::Version.new VERSION::STRING
+      end
+
+      module VERSION
+        MAJOR = 4
+        MINOR = 5
+        TINY = 0
+        PRE = nil
+
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+      end
+    end
+  end
+end

data/lib/dradis/plugins/coreimpact/importer.rb

@@ -0,0 +1,112 @@
+module Dradis::Plugins::Coreimpact
+  class Importer < Dradis::Plugins::Upload::Importer
+    # The framework will call this function if the user selects this plugin from
+    # the dropdown list and uploads a file.
+    # @returns true if the operation was successful, false otherwise
+    def import(params={})
+
+      file_content = File.read( params[:file] )
+
+      # Parse the uploaded file XML
+      logger.info { "Parsing CORE Impact output file... #{params[:file]}" }
+      @doc = Nokogiri::XML( file_content )
+      logger.info { 'Done.' }
+
+      if @doc.xpath('/entities').empty?
+        logger.error "ERROR: no '<entities>' root element present in the provided "\
+                     "data. Are you sure you uploaded a CORE Impact file?"
+        return false
+      end
+
+      @doc.xpath('/entities/entity[@class="host"]').each do |xml_entity|
+        add_host(xml_entity)
+      end
+    end
+
+    private
+    def add_host(xml_entity)
+      label = xml_entity.at_xpath('./property[@key="display_name"]').text
+      node  = content_service.create_node(label: label, type: :host)
+
+      logger.info{ "\tNew Host: #{label}" }
+
+      node.set_property(:ip, xml_entity.at_xpath('./property[@key="ip"]').text)
+      node.set_property(:os, xml_entity.at_xpath('./property[@type="os"]/property[@key="entity name"]').text)
+
+      # port and service info
+      add_ports(xml_entity, node)
+      add_services(xml_entity, node)
+
+      # vulns and exposures
+      xml_entity.xpath('.//property[@key="Vulnerabilities"]').each do |xml_container|
+        add_vulnerability(xml_container, node)
+      end
+    end
+
+    def add_ports(xml_entity, node)
+      xml_entity.xpath('./property[@type="ports"]').each do |xml_ports|
+        protocol = xml_ports['key'].split('_').first
+
+        xml_ports.xpath('./property[@type="port"]').each do |xml_port|
+
+          logger.info{ "\t\tNew Port: #{protocol}/#{xml_port['key']}"}
+
+          node.set_service(
+            port: xml_port['key'],
+            protocol: protocol,
+            source: :coreimpact,
+            state: (xml_port.text == 'listen') ? :open : xml_port.text
+          )
+        end
+      end
+
+      # Save node properties
+      node.save
+    end
+
+    def add_services(xml_entity, node)
+      xml_entity.xpath('./property[@key="services"]').each do |xml_services|
+
+        xml_services.xpath('./property').each do |xml_container|
+
+          name = xml_container['key']
+
+          # Each service container can have multiple ports/protocols.
+          xml_container.xpath('./property').each do |xml_service|
+
+            port, protocol = xml_service['key'].split('-')
+
+            logger.info{ "\t\tNew Service: #{protocol}/#{port} - #{name}"}
+
+            node.set_service(
+              name: name,
+              port: port,
+              protocol: protocol,
+              source: :coreimpact
+            )
+          end
+        end
+      end
+      # Save node properties
+      node.save
+    end
+
+    def add_vulnerability(xml_container, node)
+      plugin_id = xml_container.at_xpath('./property[@type="container"]')['key']
+
+      issue_text = template_service.process_template(data: xml_container, template: 'issue')
+      issue = content_service.create_issue(id: plugin_id, text: issue_text)
+      logger.info{ "\tCreating new issue (plugin_id: #{plugin_id})"}
+
+      evidence_content = template_service.process_template(
+        data: xml_container.at_xpath('./property[@type="container"]/property[@key="Modules"]'),
+        template: 'evidence'
+      )
+      content_service.create_evidence(content: evidence_content, issue: issue, node: node)
+      logger.info{ "\t\tAdding reference to this host"}
+
+
+
+    end
+  end
+end

data/lib/dradis/plugins/coreimpact/version.rb

@@ -0,0 +1,13 @@
+require_relative 'gem_version'
+
+module Dradis
+  module Plugins
+    module Coreimpact
+      # Returns the version of the currently loaded CORE Impact as a
+      # <tt>Gem::Version</tt>.
+      def self.version
+        gem_version
+      end
+    end
+  end
+end

data/lib/dradis/plugins/coreimpact.rb

@@ -0,0 +1,11 @@
+module Dradis
+  module Plugins
+    module Coreimpact
+    end
+  end
+end
+
+require 'dradis/plugins/coreimpact/engine'
+require 'dradis/plugins/coreimpact/field_processor'
+require 'dradis/plugins/coreimpact/importer'
+require 'dradis/plugins/coreimpact/version'

data/lib/dradis-coreimpact.rb

@@ -0,0 +1,9 @@
+# Hook to the framework base clases
+require 'dradis-plugins'
+
+# Load this add-on's engine
+require 'dradis/plugins/coreimpact'
+
+# Require supporting CORE Impact library
+require 'coreimpact/module'
+require 'coreimpact/vulnerability'

data/lib/tasks/thorfile.rb

@@ -0,0 +1,22 @@
+class CoreimpactTasks < Thor
+  include Rails.application.config.dradis.thor_helper_module
+
+  namespace "dradis:plugins:coreimpact"
+
+  desc      "upload FILE", "upload CORE Impact results in XML format"
+  long_desc "This plugin expect a XML file generated by CORE Impact"
+  def upload(file_path)
+    require 'config/environment'
+
+    unless File.exists?(file_path)
+      $stderr.puts "** the file [#{file_path}] does not exist"
+      exit(-1)
+    end
+
+    detect_and_set_project_scope
+
+    importer = Dradis::Plugins::Coreimpact::Importer.new(task_options)
+    importer.import(file: file_path)
+  end
+
+end

data/spec/coreimpact/importer_spec.rb

@@ -0,0 +1,88 @@
+require 'spec_helper'
+
+module Dradis::Plugins
+  describe 'Qualys upload plugin' do
+    let(:xml) { 'spec/fixtures/files/example.xml' }
+
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+        .to receive(:default_templates_dir).and_return(templates_dir)
+
+      plugin = Dradis::Plugins::Coreimpact
+
+      @content_service = Dradis::Plugins::ContentService::Base.new(
+        logger: Logger.new(STDOUT),
+        plugin: plugin
+      )
+
+      @importer = Dradis::Plugins::Coreimpact::Importer.new(
+        content_service: @content_service
+      )
+
+      # Stub dradis-plugins methods
+      #
+      # They return their argument hashes as objects mimicking
+      # Nodes, Issues, etc
+      allow(@content_service).to receive(:create_node) do |args|
+        obj = OpenStruct.new(args)
+        obj.define_singleton_method(:set_property) { |*| }
+        obj.define_singleton_method(:set_service) { |*| }
+        obj
+      end
+      allow(@content_service).to receive(:create_issue) do |args|
+        OpenStruct.new(args)
+      end
+      allow(@content_service).to receive(:create_evidence) do |args|
+        OpenStruct.new(args)
+      end
+    end
+
+    it 'creates nodes' do
+      expect(@content_service).to receive(:create_node).with(
+        hash_including(label: '10.0.10.41')
+      ).once
+
+      expect(@content_service).to receive(:create_node).with(
+        hash_including(label: '10.0.10.53')
+      ).once
+
+      @importer.import(file: xml)
+    end
+
+    it 'creates issues' do
+      expect(@content_service).to receive(:create_issue) do |args|
+        expect(args[:text]).to include 'OpenSSL ChangeCipherSpec Message Vulnerability Checker'
+        expect(args[:text]).to include 'CVE-2014-0224'
+        expect(args[:text]).to include 'OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages'
+        OpenStruct.new(args)
+      end.once
+
+      expect(@content_service).to receive(:create_issue) do |args|
+        expect(args[:text]).to include 'SNMP Identity Verifier'
+        expect(args[:text]).to include 'CVE-1999-0516'
+        expect(args[:text]).to include 'An SNMP community name is guessable.'
+        OpenStruct.new(args)
+      end.once
+
+      @importer.import(file: xml)
+    end
+
+    it 'creates evidence' do
+      expect(@content_service).to receive(:create_evidence) do |args|
+        expect(args[:content]).to include "#[AgentDeployed]#\nfalse\n\n#[TriedToInstallAgent]#\nfalse\n\n#[Port]#\n443\n"
+        expect(args[:issue].text).to include 'OpenSSL ChangeCipherSpec Message Vulnerability Checker'
+        expect(args[:node].label).to eq '10.0.10.41'
+      end.once
+
+      expect(@content_service).to receive(:create_evidence) do |args|
+        expect(args[:content]).to include "#[AgentDeployed]#\nfalse\n\n#[TriedToInstallAgent]#\nfalse\n\n#[Port]#\n161\n"
+        expect(args[:issue].text).to include 'SNMP Identity Verifier'
+        expect(args[:node].label).to eq '10.0.10.53'
+      end.once
+
+      @importer.import(file: xml)
+    end
+  end
+end

data/spec/coreimpact_upload_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe 'Coreimpact plugin' do
+  pending 'describe the behaviour of the Coreimpact plugin'
+end