dradis-nessus 3.21.0 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 35a847aee9242430eb7d2b88de6e33d642836604cc2e71465d1ac739c6f5782a
-  data.tar.gz: d4a58032c0e0ad9a1112e1611cd57b1804dad49c9a85c702d0ec8d4b2f1502e6
+  metadata.gz: 39e68f750e4e6f16e4b203440d84bcf981794d2835c74349eb8bf4e383a059ee
+  data.tar.gz: 3302fca0e112a5be6bae321bdf7d6bb666469a1f44a44b8d9da7722c443363a1
 SHA512:
-  metadata.gz: ea107ba13c04f4fe79f259dc05b1d1a206ba737684854010b49e909b84d232701bf8e79cfd6d4ac071ecbf9a24345e98424357f8b9004ecc0a1983cd5209dcee
-  data.tar.gz: 94e26f9da628ea5be6fc124e8b9310513b4e4284fd3cef14a32361326b7dae805fbbc5650db7529fd34df2bde80964462324d150d25bc0a691f61ed6fcb8753d
+  metadata.gz: 45476d65333d912cca4636f6e737669bd4950bf00d7767c7e108fc8a746e192aecae105e68c779419bc771b469404cbd8492e610a1159cb4e32a4f8b294373f5
+  data.tar.gz: 145f623c1d58cff49d95a3cc2b78844d0d863fc7395d19b41cd530456cf22d23a0d5d9d893b67c1fe7dea4ad72e64d8dec85859d07c53cb21f312d9da97617e6

data/CHANGELOG.md

@@ -1,68 +1,62 @@
-## Dradis Framework 3.21 (February, 2021) ##
+v4.2.0 (February 2022)
+  - No changes
 
-*   No changes.
+v4.1.0 (November 2021)
+  - Add product_coverage & cvss3_impact_score as available Issue fields
 
-## Dradis Framework 3.20 (December, 2020) ##
+v4.0.0 (July 2021)
+  - Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28 threat_recency, & threat_sources_last_28 as available Issue fields
 
-*   No changes.
+v3.22.0 (April 2021)
+  - Add report_item.cvss3_temporal_score & report_item.cvss3_temporal_vector as available fields
+  - Add report_item.vpr_score as an available field
 
-## Dradis Framework 3.19 (September, 2020) ##
+v3.21.0 (February 2021)
+  - No changes
 
-*   No changes.
+v3.20.0 (December 2020)
+  - No changes
 
-## Dradis Framework 3.18 (July, 2020) ##
+v3.19.0 (September 2020)
+  - No changes
 
-*   No changes.
+v3.18.0 (July 2020)
+  - No changes
 
-## Dradis Framework 3.17 (May, 2020) ##
+v3.17.0 (May 2020)
+  - No changes
 
-*   No changes.
+v3.16.0 (February 2020)
+  - No changes
 
-## Dradis Framework 3.16 (February, 2020) ##
+v3.15.0 (November 2019)
+  - Fixed bullet points formatting to handle internal text column widths
 
-*   No changes.
+v3.14.0 (August 2019)
+  - No changes
 
-## Dradis Framework 3.15 (November, 2019) ##
+v3.13.0 (June 2019)
+  - No changes
 
-*   Fixed bullet points formatting to handle internal text column widths
+v3.12.0 (March 2019)
+  - No changes
 
-## Dradis Framework 3.14 (August, 2019) ##
+v3.11.0 (November 2018)
+  - No changes
 
-*   No changes.
+v3.10.0 (August 2018)
+  - Make Issue Title available at the Evidence level
+  - Split services data into services and services_extra tables
+  - Update default configuration to match Welcome templates
 
-## Dradis Framework 3.13 (June, 2019) ##
+v3.9.0 (January 2018)
+  - Correctly format bullet lists whether separated by 1 or 2 new lines
 
-*   No changes.
+v3.8.0 (September 2017)
+  - Added CVSSv3 fields
 
-## Dradis Framework 3.12 (March, 2019) ##
+v3.7.0 (July 2017)
+  - No changes
 
-*   No changes.
-
-## Dradis Framework 3.11 (November, 2018) ##
-
-*   No changes.
-
-## Dradis Framework 3.10 (August, 2018) ##
-
-*   Make Issue Title available at the Evidence level
-
-*   Update default configuration to match Welcome templates
-
-*   Split services data into services and services_extra tables
-
-## Dradis Framework 3.9 (January, 2018) ##
-
-*   Correctly format bullet lists whether separated by
-    1 or 2 new lines
-
-## Dradis Framework 3.8 (September, 2017) ##
-
-*   Added CVSSv3 fields.
-
-## Dradis Framework 3.7 (July, 2017) ##
-
-*   No changes.
-
-## Dradis Framework 3.6 (March, 2017) ##
-
-*   No changes.
+v3.6.0 (March 2017)
+  - No changes

data/CHANGELOG.template

@@ -0,0 +1,12 @@
+[v#.#.#] ([month] [YYYY])
+  - [future tense verb] [feature]
+  - Upgraded gems:
+    - [gem]
+  - Bugs fixes:
+    - [future tense verb] [bug fix]
+    - Bug tracker items:
+      - [item]
+  - Security Fixes:
+    - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]

data/dradis-nessus.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
   # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
   # until we bump Dradis Pro to 4.1.
   # s.add_dependency 'rails', '~> 4.1.1'
-  spec.add_dependency 'dradis-plugins', '~> 3.6'
+  spec.add_dependency 'dradis-plugins', '~> 4.0'
   spec.add_dependency 'nokogiri'
 
   spec.add_development_dependency 'bundler', '~> 1.6'

data/lib/dradis/plugins/nessus/gem_version.rb

@@ -7,8 +7,8 @@ module Dradis
       end
 
       module VERSION
-        MAJOR = 3
-        MINOR = 21
+        MAJOR = 4
+        MINOR = 2
         TINY = 0
         PRE = nil
 

data/lib/nessus/report_item.rb

@@ -19,15 +19,17 @@ module Nessus
     def supported_tags
       [
         # attributes
-        :port, :svc_name, :protocol, :severity, :plugin_id, :plugin_name, :plugin_family,
+        :plugin_family, :plugin_id, :plugin_name, :port, :protocol, :svc_name, :severity, 
         # simple tags
-        :solution, :risk_factor, :description, :plugin_publication_date,
-        :metasploit_name, :cvss_vector, :cvss3_vector, :cvss_temporal_vector, :synopsis,
-        :exploit_available, :patch_publication_date, :plugin_modification_date,
-        :cvss_temporal_score, :cvss_base_score, :cvss3_base_score, :plugin_output,
-        :plugin_version, :exploitability_ease, :vuln_publication_date,
-        :exploit_framework_canvas, :exploit_framework_metasploit,
-        :exploit_framework_core,
+        :age_of_vuln, :cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector, 
+        :cvss3_vector, :cvss_base_score, :cvss3_impact_score, :cvss_temporal_score, 
+        :cvss_temporal_vector, :cvss_vector, :description, :exploit_available, 
+        :exploit_code_maturity, :exploit_framework_canvas, :exploit_framework_core, 
+        :exploitability_ease, :exploit_framework_metasploit,:metasploit_name, 
+        :patch_publication_date, :plugin_modification_date, :plugin_output, 
+        :plugin_publication_date, :plugin_version, :product_coverage, :risk_factor, 
+        :solution, :synopsis, :threat_intensity_last_28, :threat_recency, 
+        :threat_sources_last_28, :vpr_score, :vuln_publication_date,
         # multiple tags
         :bid_entries, :cve_entries, :see_also_entries, :xref_entries,
         # compliance tags
@@ -68,6 +70,7 @@ module Nessus
         # @svc_name       = xml.attributes["svc_name"]
         # @protocol       = xml.attributes["protocol"]
         # @severity       = xml.attributes["severity"]
+        :cvss3_impact_score => 'cvssV3_impactScore',
         :plugin_id => 'pluginID',
         :plugin_name => 'pluginName',
         :plugin_family  => 'pluginFamily'

data/templates/report_item.fields

@@ -1,33 +1,43 @@
-report_item.port
-report_item.svc_name
-report_item.protocol
-report_item.severity
-report_item.plugin_id
-report_item.plugin_name
-report_item.plugin_family
+report_item.age_of_vuln
+report_item.bid_entries
+report_item.cve_entries
+report_item.cvss3_base_score
+report_item.cvss3_impact_score
+report_item.cvss3_temporal_score
+report_item.cvss3_temporal_vector
+report_item.cvss3_vector
+report_item.cvss_base_score
+report_item.cvss_temporal_score
+report_item.cvss_temporal_vector
+report_item.cvss_vector
+report_item.description
 report_item.exploitability_ease
-report_item.vuln_publication_date
+report_item.exploit_available
+report_item.exploit_code_maturity
 report_item.exploit_framework_canvas
-report_item.exploit_framework_metasploit
 report_item.exploit_framework_core
-report_item.solution
-report_item.risk_factor
-report_item.description
-report_item.plugin_publication_date
+report_item.exploit_framework_metasploit
 report_item.metasploit_name
-report_item.cvss_vector
-report_item.cvss3_vector
-report_item.cvss_temporal_vector
-report_item.cvss_temporal_score
-report_item.cvss_base_score
-report_item.cvss3_base_score
-report_item.synopsis
-report_item.exploit_available
 report_item.patch_publication_date
+report_item.plugin_family
+report_item.plugin_id
 report_item.plugin_modification_date
+report_item.plugin_name
 report_item.plugin_output
+report_item.plugin_publication_date
 report_item.plugin_version
-report_item.bid_entries
-report_item.cve_entries
+report_item.port
+report_item.product_coverage
+report_item.protocol
+report_item.risk_factor
 report_item.see_also_entries
-report_item.xref_entries
+report_item.severity
+report_item.solution
+report_item.svc_name
+report_item.synopsis
+report_item.threat_intensity_last_28
+report_item.threat_recency
+report_item.threat_sources_last_28
+report_item.vpr_score
+report_item.vuln_publication_date
+report_item.xref_entries

data/templates/report_item.sample

@@ -7,6 +7,7 @@
   pluginName="Apache Chunked Encoding Remote Overflow"
   pluginFamily="Web Servers">
 
+  <age_of_vuln>730 days +</age_of_vuln>
   <exploitability_ease>Exploits are available</exploitability_ease>
   <vuln_publication_date>2002/06/19</vuln_publication_date>
   <exploit_framework_canvas>true</exploit_framework_canvas>
@@ -24,15 +25,24 @@ If safe checks are enabled, this may be a false positive since it is based on th
   <plugin_publication_date>2002/06/17</plugin_publication_date>
   <metasploit_name>Apache Win32 Chunked Encoding</metasploit_name>
   <cvss3_base_score>3.7</cvss3_base_score>
+  <cvss3_temporal_score>6.8</cvss3_temporal_score>
+  <cvss3_temporal_vector>CVSS:3.0/E:U/RL:O/RC:C</cvss3_temporal_vector>
   <cvss3_vector>CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</cvss3_vector>
+  <cvssV3_impactScore>5.9</cvssV3_impactScore>
   <cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
   <synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
+  <threat_intensity_last_28>Very Low</threat_intensity_last_28>
+  <threat_recency>&gt; 365 days</threat_recency>
+  <threat_sources_last_28>No recorded events</threat_sources_last_28>
   <plugin_type>remote</plugin_type>
   <see_also>http://httpd.apache.org/info/security_bulletin_20020617.txt</see_also>
   <see_also>http://httpd.apache.org/info/security_bulletin_20020620.txt</see_also>
   <exploit_available>true</exploit_available>
+  <exploit_code_maturity>Unproven</exploit_code_maturity>
   <plugin_modification_date>2011/03/08</plugin_modification_date>
   <cvss_base_score>7.5</cvss_base_score>
+  <vpr_score>6.7</vpr_score>
+  <product_coverage>Low</product_coverage>
   <canvas_package>CANVAS</canvas_package>
   <cve>CVE-2002-0392</cve>
   <bid>5033</bid>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nessus
 version: !ruby/object:Gem::Version
-  version: 3.21.0
+  version: 4.2.0
 platform: ruby
 authors:
 - Daniel Martin
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-02-12 00:00:00.000000000 Z
+date: 2022-02-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -107,6 +107,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
+- CHANGELOG.template
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE
@@ -143,7 +144,7 @@ homepage: http://dradisframework.org
 licenses:
 - GPL-2
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -158,8 +159,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.4
-signing_key:
+rubygems_version: 3.1.4
+signing_key: 
 specification_version: 4
 summary: Nessus upload add-on for the Dradis Framework.
 test_files: