dradis-csv 4.8.0 → 4.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 426293d8c721f9922fff09466b331af1387e3637dc39d3655976b079657de327
-  data.tar.gz: 4e18680b1764145a85826f6613307e22c44b88b8026203906804dd725c4fb9a7
+  metadata.gz: 73b72a29b3c7c57b0b65426b584d3a88f7557089b26c0c1da43fc897e7b17d30
+  data.tar.gz: 67eb6934d1b164e7e97925d6c38cfa3149ce580c59453f20c9759bfea94fb089
 SHA512:
-  metadata.gz: b0c51aaba321b1ed9b6eb01f5ea059604f4c6201a38360b456a015419f7f6e2225d980016dbf231f94f24b8bfd5c0816ad820a3a289fa6b999962fd1aac3b5c1
-  data.tar.gz: '011549871879a0cc0edcd4240b2c139bc1b19c8ae0e850bfd61ca14e48837d22ce4e21893efb43ad296e55f83a7fcac6f50ff73fef9c575c96ce266458933d38'
+  metadata.gz: e7a721f5ab932bf17efb2f39debfb42145374504ecfb2b1cd7147197284e3ca943678be2ce49f16b990873a3e40dbb0c5f9956d35fd9967714e5136819841033
+  data.tar.gz: 651af8822ababb6b238d6b31fe30ea6f979b8ed4e89e1401c9ae9afbeb7827f9d61a83cd7f1d0610c283b776f42c281ad519ca018d10e2b601d05f18dfb50834

data/.gitignore

@@ -0,0 +1 @@
+.DS_Store

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+v4.9.0 (June 2023)
+  - Fix CSV upload for files with special characters
+  - Update views for compatibility with Bootstrap 5
+
 v4.8.0 (April 2023)
   - No changes
 

data/app/controllers/dradis/plugins/csv/upload_controller.rb

@@ -30,15 +30,9 @@ module Dradis::Plugins::CSV
       @job_logger ||= Log.new(uid: params[:log_uid].to_i)
     end
 
-    def load_rtp_fields
-      rtp = current_project.report_template_properties
-      @rtp_fields =
-        unless rtp.nil?
-          {
-            evidence: rtp.evidence_fields.map(&:name),
-            issue: rtp.issue_fields.map(&:name)
-          }
-        end
+    def load_attachment
+      filename = CGI::escape params[:attachment]
+      @attachment = Attachment.find(filename, conditions: { node_id: current_project.plugin_uploads_node.id })
     end
 
     def load_csv_headers
@@ -55,8 +49,15 @@ module Dradis::Plugins::CSV
       end
     end
 
-    def load_attachment
-      @attachment = Attachment.find(params[:attachment], conditions: { node_id: current_project.plugin_uploads_node.id })
+    def load_rtp_fields
+      rtp = current_project.report_template_properties
+      @rtp_fields =
+        unless rtp.nil?
+          {
+            evidence: rtp.evidence_fields.map(&:name),
+            issue: rtp.issue_fields.map(&:name)
+          }
+        end
     end
 
     def mappings_params

data/app/views/dradis/plugins/csv/upload/new.html.erb

@@ -41,19 +41,19 @@
             <td><%= header %></td>
             <td>
               <div class="form-group m-0">
-                <%= f.select "mappings[field_attributes][#{index}][type]", [['Issue Field', 'issue'], ['Issue ID', 'identifier'], ['Evidence Field', 'evidence'], ['Node', 'node'], ['&#9472;'.html_safe, 'divider'], ['Do Not Import','skip']], { disabled: 'divider' }, class: 'form-control custom-select w-75', data: { behavior: 'type-select' } %>
+                <%= f.select "mappings[field_attributes][#{index}][type]", [['Issue Field', 'issue'], ['Issue ID', 'identifier'], ['Evidence Field', 'evidence'], ['Node', 'node'], ['&#9472;'.html_safe, 'divider'], ['Do Not Import','skip']], { disabled: 'divider' }, class: 'form-select w-75', data: { behavior: 'type-select' } %>
               </div>
             </td>
             <td>
               <% if @rtp_fields %>
-                <div class="form-group m-0">
+                <div>
                   <% issue_options = @rtp_fields[:issue].any? ? options_for_select(@rtp_fields[:issue]) : options_for_select([[header, header]], disabled: header, selected: header) %>
-                  <%= f.select "mappings[field_attributes][#{index}][field]", issue_options, {}, class: 'form-control custom-select w-75 field-select', data: { behavior: 'issue-field-select', header: header } %>
+                  <%= f.select "mappings[field_attributes][#{index}][field]", issue_options, {}, class: 'form-select w-75 field-select', data: { behavior: 'issue-field-select', header: header } %>
 
                   <% evidence_options = @rtp_fields[:evidence].any? ? options_for_select(@rtp_fields[:evidence]) : options_for_select([[header, header]], disabled: header, selected: header) %>
-                  <%= f.select "mappings[field_attributes][#{index}][field]", evidence_options, {}, disabled: true, class: 'form-control custom-select w-75 field-select d-none', data: { behavior: 'evidence-field-select', header: header } %>
+                  <%= f.select "mappings[field_attributes][#{index}][field]", evidence_options, {}, disabled: true, class: 'form-select w-75 field-select d-none', data: { behavior: 'evidence-field-select', header: header } %>
 
-                  <%= f.select "mappings[field_attributes][#{index}][field]", [['N/A', '']], {}, disabled: true, class: 'form-control custom-select w-75 field-select d-none', data: { behavior: 'empty-field-select', header: header } %>
+                  <%= f.select "mappings[field_attributes][#{index}][field]", [['N/A', '']], {}, disabled: true, class: 'form-select w-75 field-select d-none', data: { behavior: 'empty-field-select', header: header } %>
                 </div>
               <% else %>
                 <span data-behavior="field-label" data-header="<%= header.delete(" \t\r\n") %>" ><%= header.delete(" \t\r\n") %></span>
@@ -64,7 +64,7 @@
       </tbody>
     </table>
     <div class="form-actions">
-      <%= f.submit 'Import CSV', class: 'btn btn-primary mr-1', data: { disable_with: false } %> or
+      <%= f.submit 'Import CSV', class: 'btn btn-primary me-1', data: { disable_with: false } %> or
       <%= link_to 'Cancel', main_app.project_upload_manager_path(current_project) %>
     </div>
   <% end %>

data/dradis-csv.gemspec

@@ -16,10 +16,11 @@ Gem::Specification.new do |spec|
   spec.email       = ['etd@nomejortu.com']
   spec.homepage    = 'http://dradisframework.org'
 
-  spec.files       = `git ls-files`.split($\)
-  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.files       = `git ls-files`.split("\n")
+  spec.executables = spec.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   spec.test_files  = spec.files.grep(%r{^(spec|features)/})
 
   spec.add_dependency 'dradis-plugins', '~> 4.0'
   spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
 end

data/lib/dradis/plugins/csv/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 8
+        MINOR = 9
         TINY = 0
         PRE = nil
 

data/spec/features/upload_spec.rb

@@ -199,12 +199,16 @@ describe 'upload feature', js: true do
           let (:issue_fields) { [] }
 
           it 'still creates evidence record' do
+            within all('tbody tr')[0] do
+              select 'Issue ID'
+            end
+
             within all('tbody tr')[1] do
-              select 'Node'
+              select 'Issue Field'
             end
 
-            within all('tbody tr')[2] do
-              select 'Issue ID'
+            within all('tbody tr')[3] do
+              select 'Node'
             end
 
             within all('tbody tr')[5] do
@@ -233,8 +237,7 @@ describe 'upload feature', js: true do
     end
   end
 
-  context 'uploading a malformed CSV file' do
-    let(:file_path) { File.expand_path('../fixtures/files/simple_malformed.csv', __dir__) }
+  describe 'CSV file samples' do
     before do
       select 'Dradis::Plugins::CSV', from: 'uploader'
 
@@ -243,25 +246,36 @@ describe 'upload feature', js: true do
       end
     end
 
-    it 'redirects to upload manager' do
-      expect(page).to have_text('The uploaded file is not a valid CSV file')
-      expect(current_path).to eq(main_app.project_upload_manager_path(@project))
+    context 'uploading a malformed CSV file' do
+      let(:file_path) { File.expand_path('../fixtures/files/simple_malformed.csv', __dir__) }
+
+      it 'redirects to upload manager with error' do
+        find('.alert.alert-danger', wait: 30)
+
+        expect(page).to have_text('The uploaded file is not a valid CSV file')
+        expect(current_path).to eq(main_app.project_upload_manager_path(@project))
+      end
     end
-  end
 
-  context 'uploading any file other than CSV' do
-    let(:file_path) { Rails.root.join('spec/fixtures/files/rails.png') }
-    before do
-      select 'Dradis::Plugins::CSV', from: 'uploader'
+    context 'uploading any file other than CSV' do
+      let(:file_path) { Rails.root.join('spec/fixtures/files/rails.png') }
 
-      within('.custom-file') do
-        page.find('#file', visible: false).attach_file(file_path)
+      it 'redirects to upload manager with error' do
+        find('.alert.alert-danger', wait: 30)
+
+        expect(page).to have_text('The uploaded file is not a CSV file.')
+        expect(current_path).to eq(main_app.project_upload_manager_path(@project))
       end
     end
 
-    it 'redirects to upload manager' do
-      expect(page).to have_text('The uploaded file is not a CSV file.')
-      expect(current_path).to eq(main_app.project_upload_manager_path(@project))
+    context 'uploading file with special characters in the filename' do
+      let(:file_path) { File.expand_path('../fixtures/files/simple (copy).csv', __dir__) }
+
+      it 'redirects to upload manager' do
+        find('body.upload.new', wait: 30)
+
+        expect(current_path).to eq(csv.new_project_upload_path(@project))
+      end
     end
   end
 end

data/spec/fixtures/files/simple (copy).csv

@@ -0,0 +1,2 @@
+"Id","Title","Description","Host","Location","Port","Vulnerability Category"
+"1","SQL Injection","Test CSV","10.0.0.1","10.0.0.1","443","High"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-csv
 version: !ruby/object:Gem::Version
-  version: 4.8.0
+  version: 4.9.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-04-12 00:00:00.000000000 Z
+date: 2023-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: This add-on allows you to upload and parse CSV output into Dradis.
 email:
 - etd@nomejortu.com
@@ -45,6 +59,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".gitignore"
 - CHANGELOG.md
 - CHANGELOG.template
 - CONTRIBUTING.md
@@ -70,6 +85,7 @@ files:
 - lib/dradis/plugins/csv/importer.rb
 - lib/dradis/plugins/csv/version.rb
 - spec/features/upload_spec.rb
+- spec/fixtures/files/simple (copy).csv
 - spec/fixtures/files/simple.csv
 - spec/fixtures/files/simple_malformed.csv
 - spec/jobs/dradis/plugins/csv/mapping_import_job_spec.rb
@@ -99,6 +115,7 @@ specification_version: 4
 summary: CSV add-on for the Dradis Framework.
 test_files:
 - spec/features/upload_spec.rb
+- spec/fixtures/files/simple (copy).csv
 - spec/fixtures/files/simple.csv
 - spec/fixtures/files/simple_malformed.csv
 - spec/jobs/dradis/plugins/csv/mapping_import_job_spec.rb