dradis-nessus 3.12.0 → 3.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/issue_template.md +16 -0
- data/.github/pull_request_template.md +36 -0
- data/CHANGELOG.md +20 -0
- data/lib/dradis/plugins/nessus/field_processor.rb +7 -5
- data/lib/dradis/plugins/nessus/gem_version.rb +1 -1
- data/spec/dradis/plugins/nessus/field_processor_spec.rb +24 -10
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 525b6414b2fe9dfa5b90211ce9851eae66719e6a459e289e0eb9f08d80ba42fd
|
|
4
|
+
data.tar.gz: 68206b4fff7b3df9d2967fa3d1054be5a012e320d68089d2b5308e74e9aad00b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 118844a0a6c32a1a197925e0748f7addb774e348ba5349101cf261f585ac9a0086a39cedcff870e62fa833efd4312d6f51b1109ea61187fac59731fcf2bfabd0
|
|
7
|
+
data.tar.gz: 577bc2449a1100fbb766fe3f6851471c8c6d8d920f21506a39332cf10163ca7136017df883424c7ca10fc987774db6083bcd11115a92bab1263352bf502d6650
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
### Steps to reproduce
|
|
2
|
+
|
|
3
|
+
Help us help you, how can we reproduce the problem?
|
|
4
|
+
|
|
5
|
+
### Expected behavior
|
|
6
|
+
Tell us what should happen
|
|
7
|
+
|
|
8
|
+
### Actual behavior
|
|
9
|
+
Tell us what happens instead
|
|
10
|
+
|
|
11
|
+
### System configuration
|
|
12
|
+
**Dradis version**:
|
|
13
|
+
|
|
14
|
+
**Ruby version**:
|
|
15
|
+
|
|
16
|
+
**OS version**:
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
### Summary
|
|
2
|
+
|
|
3
|
+
Provide a general description of the code changes in your pull
|
|
4
|
+
request... were there any bugs you had fixed? If so, mention them. If
|
|
5
|
+
these bugs have open GitHub issues, be sure to tag them here as well,
|
|
6
|
+
to keep the conversation linked together.
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
### Other Information
|
|
10
|
+
|
|
11
|
+
If there's anything else that's important and relevant to your pull
|
|
12
|
+
request, mention that information here. This could include
|
|
13
|
+
benchmarks, or other information.
|
|
14
|
+
|
|
15
|
+
Thanks for contributing to Dradis!
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
### Copyright assignment
|
|
19
|
+
|
|
20
|
+
Collaboration is difficult with commercial closed source but we want
|
|
21
|
+
to keep as much of the OSS ethos as possible available to users
|
|
22
|
+
who want to fix it themselves.
|
|
23
|
+
|
|
24
|
+
In order to unambiguously own and sell Dradis Framework commercial
|
|
25
|
+
products, we must have the copyright associated with the entire
|
|
26
|
+
codebase. Any code you create which is merged must be owned by us.
|
|
27
|
+
That's not us trying to be a jerks, that's just the way it works.
|
|
28
|
+
|
|
29
|
+
Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
|
|
30
|
+
file for the details.
|
|
31
|
+
|
|
32
|
+
You can delete this section, but the following sentence needs to
|
|
33
|
+
remain in the PR's description:
|
|
34
|
+
|
|
35
|
+
> I assign all rights, including copyright, to any future Dradis
|
|
36
|
+
> work by myself to Security Roots.
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,23 @@
|
|
|
1
|
+
## Dradis Framework 3.17 (May, 2020) ##
|
|
2
|
+
|
|
3
|
+
* No changes.
|
|
4
|
+
|
|
5
|
+
## Dradis Framework 3.16 (February, 2020) ##
|
|
6
|
+
|
|
7
|
+
* No changes.
|
|
8
|
+
|
|
9
|
+
## Dradis Framework 3.15 (November, 2019) ##
|
|
10
|
+
|
|
11
|
+
* Fixed bullet points formatting to handle internal text column widths
|
|
12
|
+
|
|
13
|
+
## Dradis Framework 3.14 (August, 2019) ##
|
|
14
|
+
|
|
15
|
+
* No changes.
|
|
16
|
+
|
|
17
|
+
## Dradis Framework 3.13 (June, 2019) ##
|
|
18
|
+
|
|
19
|
+
* No changes.
|
|
20
|
+
|
|
1
21
|
## Dradis Framework 3.12 (March, 2019) ##
|
|
2
22
|
|
|
3
23
|
* No changes.
|
|
@@ -28,7 +28,7 @@ module Dradis
|
|
|
28
28
|
else
|
|
29
29
|
output = @nessus_object.try(name) || 'n/a'
|
|
30
30
|
|
|
31
|
-
if field == 'report_item.description' && output =~
|
|
31
|
+
if field == 'report_item.description' && output =~ /^\s+-/
|
|
32
32
|
format_bullet_point_lists(output)
|
|
33
33
|
else
|
|
34
34
|
output
|
|
@@ -39,15 +39,17 @@ module Dradis
|
|
|
39
39
|
private
|
|
40
40
|
def format_bullet_point_lists(input)
|
|
41
41
|
input.split("\n").map do |paragraph|
|
|
42
|
-
if paragraph =~
|
|
43
|
-
|
|
42
|
+
if paragraph =~ /(.*)\s+:\s*$/m
|
|
43
|
+
$1 + ':'
|
|
44
|
+
elsif paragraph =~ /^\s+-\s+(.*)$/m
|
|
45
|
+
'* ' + $1.gsub(/\s{3,}/, ' ').gsub(/\n/, ' ')
|
|
44
46
|
else
|
|
45
47
|
paragraph
|
|
46
48
|
end
|
|
47
|
-
end.join("\n
|
|
49
|
+
end.join("\n")
|
|
48
50
|
end
|
|
49
51
|
end
|
|
50
52
|
|
|
51
53
|
end
|
|
52
54
|
end
|
|
53
|
-
end
|
|
55
|
+
end
|
|
@@ -3,25 +3,39 @@ require 'ostruct'
|
|
|
3
3
|
|
|
4
4
|
describe Dradis::Plugins::Nessus::FieldProcessor do
|
|
5
5
|
|
|
6
|
-
describe
|
|
7
|
-
context
|
|
8
|
-
|
|
9
|
-
doc = Nokogiri::XML(
|
|
6
|
+
describe '%report_item.description% field formatting' do
|
|
7
|
+
context 'bullet points' do
|
|
8
|
+
before do
|
|
9
|
+
doc = Nokogiri::XML(
|
|
10
|
+
File.read('spec/fixtures/files/report_item-with-list.xml')
|
|
11
|
+
)
|
|
10
12
|
processor = described_class.new(data: doc.root)
|
|
11
13
|
|
|
12
|
-
value = processor.value(field: 'report_item.description')
|
|
13
|
-
|
|
14
|
+
@value = processor.value(field: 'report_item.description')
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it 'converts Nessus broken lists into Textile bullet-point lists' do
|
|
18
|
+
expect(@value).to_not be_empty
|
|
19
|
+
|
|
20
|
+
expect(@value).to include(
|
|
21
|
+
'* A denial of service vulnerability exists relating to '\
|
|
22
|
+
'the \'mod_dav\' module as it relates to MERGE requests.'
|
|
23
|
+
)
|
|
24
|
+
end
|
|
14
25
|
|
|
15
|
-
|
|
26
|
+
it 'does not add unnecessary newlines to list items' do
|
|
27
|
+
expect(@value).to include("vulnerabilities:\n\n* A flaw exists")
|
|
16
28
|
end
|
|
17
29
|
end
|
|
18
30
|
end
|
|
19
31
|
|
|
20
|
-
it
|
|
21
|
-
doc = Nokogiri::XML(
|
|
32
|
+
it 'Recasted severity values appear in the Evidence' do
|
|
33
|
+
doc = Nokogiri::XML(
|
|
34
|
+
File.read('spec/fixtures/files/report_item-with-list.xml')
|
|
35
|
+
)
|
|
22
36
|
processor = described_class.new(data: doc.root)
|
|
23
37
|
value = processor.value(field: 'evidence.severity')
|
|
24
38
|
expect(value).to_not be_empty
|
|
25
|
-
expect(value).to include(
|
|
39
|
+
expect(value).to include('2')
|
|
26
40
|
end
|
|
27
41
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-nessus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.17.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-06-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -102,6 +102,8 @@ executables: []
|
|
|
102
102
|
extensions: []
|
|
103
103
|
extra_rdoc_files: []
|
|
104
104
|
files:
|
|
105
|
+
- ".github/issue_template.md"
|
|
106
|
+
- ".github/pull_request_template.md"
|
|
105
107
|
- ".gitignore"
|
|
106
108
|
- ".rspec"
|
|
107
109
|
- CHANGELOG.md
|
|
@@ -156,8 +158,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
156
158
|
- !ruby/object:Gem::Version
|
|
157
159
|
version: '0'
|
|
158
160
|
requirements: []
|
|
159
|
-
|
|
160
|
-
rubygems_version: 2.6.12
|
|
161
|
+
rubygems_version: 3.0.1
|
|
161
162
|
signing_key:
|
|
162
163
|
specification_version: 4
|
|
163
164
|
summary: Nessus upload add-on for the Dradis Framework.
|