dradis-nessus 4.0.0 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8daa3079a907770f6e96d8ed3a10201c06e38499946c4c41d67a15ecc9570952
-  data.tar.gz: c505dd8204f3965efbe3dd9cc516dda4085f3f5bcaaaa37281085b2884be6472
+  metadata.gz: f2a9e89cf9a8ef05122253d401914f89b8eaa5b00f0871584e919798a59639d5
+  data.tar.gz: 4cbfac3c01c5a3b613ad7ba94a320bb500037a30a8ba9cdfebe628fb99a36d8b
 SHA512:
-  metadata.gz: bb1d2625988e6c72c86a2eb7d186f5d446713ff8c6cf53ef2a2fe22b294039dc59cf77a481d518b000effff4b8e390fe5d1bf8610c5a82488a33a9f6248bcbe3
-  data.tar.gz: 1ed3d69ab003f39d7093eef2895efe2f845efab8a799068655b676344ae7d074743b4fa376bae361407fb0dadef2528a7f1ec1d86fe205527423eae7c3e5ced7
+  metadata.gz: b40b4974b16cacebd911c716af671178d7b8da821e8af7b43178ac664be17848df7a965a1c4fad8477a2060d38f17faa59b4ae665c4fc00633cfc30e010408f0
+  data.tar.gz: e34ecb83feb08a9b045a34319d4c45fbfd9fbb2e017e1d18dca208742ccf1cc3bee340101117073080e662082745507513e1279dad8d46b90d3eac8a24338b5d

data/CHANGELOG.md

@@ -1,78 +1,65 @@
-## Dradis Framework 4.0.0 (July, 2021) ##
+v4.3.0 (April 2022)
+  - No changes
 
-*   Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28
-    threat_recency, & threat_sources_last_28 as available Issue fields.
+v4.2.0 (February 2022)
+  - No changes
 
-## Dradis Framework 3.22 (April, 2021) ##
+v4.1.0 (November 2021)
+  - Add product_coverage & cvss3_impact_score as available Issue fields
 
-*   Add report_item.cvss3_temporal_score & report_item.cvss3_temporal_vector as available fields.
-*   Add report_item.vpr_score as an available field.
+v4.0.0 (July 2021)
+  - Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28 threat_recency, & threat_sources_last_28 as available Issue fields
 
-## Dradis Framework 3.21 (February, 2021) ##
+v3.22.0 (April 2021)
+  - Add report_item.cvss3_temporal_score & report_item.cvss3_temporal_vector as available fields
+  - Add report_item.vpr_score as an available field
 
-*   No changes.
+v3.21.0 (February 2021)
+  - No changes
 
-## Dradis Framework 3.20 (December, 2020) ##
+v3.20.0 (December 2020)
+  - No changes
 
-*   No changes.
+v3.19.0 (September 2020)
+  - No changes
 
-## Dradis Framework 3.19 (September, 2020) ##
+v3.18.0 (July 2020)
+  - No changes
 
-*   No changes.
+v3.17.0 (May 2020)
+  - No changes
 
-## Dradis Framework 3.18 (July, 2020) ##
+v3.16.0 (February 2020)
+  - No changes
 
-*   No changes.
+v3.15.0 (November 2019)
+  - Fixed bullet points formatting to handle internal text column widths
 
-## Dradis Framework 3.17 (May, 2020) ##
+v3.14.0 (August 2019)
+  - No changes
 
-*   No changes.
+v3.13.0 (June 2019)
+  - No changes
 
-## Dradis Framework 3.16 (February, 2020) ##
+v3.12.0 (March 2019)
+  - No changes
 
-*   No changes.
+v3.11.0 (November 2018)
+  - No changes
 
-## Dradis Framework 3.15 (November, 2019) ##
+v3.10.0 (August 2018)
+  - Make Issue Title available at the Evidence level
+  - Split services data into services and services_extra tables
+  - Update default configuration to match Welcome templates
 
-*   Fixed bullet points formatting to handle internal text column widths
+v3.9.0 (January 2018)
+  - Correctly format bullet lists whether separated by 1 or 2 new lines
 
-## Dradis Framework 3.14 (August, 2019) ##
+v3.8.0 (September 2017)
+  - Added CVSSv3 fields
 
-*   No changes.
+v3.7.0 (July 2017)
+  - No changes
 
-## Dradis Framework 3.13 (June, 2019) ##
-
-*   No changes.
-
-## Dradis Framework 3.12 (March, 2019) ##
-
-*   No changes.
-
-## Dradis Framework 3.11 (November, 2018) ##
-
-*   No changes.
-
-## Dradis Framework 3.10 (August, 2018) ##
-
-*   Make Issue Title available at the Evidence level
-
-*   Update default configuration to match Welcome templates
-
-*   Split services data into services and services_extra tables
-
-## Dradis Framework 3.9 (January, 2018) ##
-
-*   Correctly format bullet lists whether separated by
-    1 or 2 new lines
-
-## Dradis Framework 3.8 (September, 2017) ##
-
-*   Added CVSSv3 fields.
-
-## Dradis Framework 3.7 (July, 2017) ##
-
-*   No changes.
-
-## Dradis Framework 3.6 (March, 2017) ##
-
-*   No changes.
+v3.6.0 (March 2017)
+  - No changes

data/CHANGELOG.template

@@ -0,0 +1,12 @@
+[v#.#.#] ([month] [YYYY])
+  - [future tense verb] [feature]
+  - Upgraded gems:
+    - [gem]
+  - Bugs fixes:
+    - [future tense verb] [bug fix]
+    - Bug tracker items:
+      - [item]
+  - Security Fixes:
+    - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]

data/dradis-nessus.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
   # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
   # until we bump Dradis Pro to 4.1.
   # s.add_dependency 'rails', '~> 4.1.1'
-  spec.add_dependency 'dradis-plugins', '~> 4.0.0'
+  spec.add_dependency 'dradis-plugins', '~> 4.0'
   spec.add_dependency 'nokogiri'
 
   spec.add_development_dependency 'bundler', '~> 1.6'

data/lib/dradis/plugins/nessus/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 0
+        MINOR = 3
         TINY = 0
         PRE = nil
 

data/lib/nessus/report_item.rb

@@ -22,13 +22,14 @@ module Nessus
         :plugin_family, :plugin_id, :plugin_name, :port, :protocol, :svc_name, :severity, 
         # simple tags
         :age_of_vuln, :cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector, 
-        :cvss3_vector, :cvss_base_score, :cvss_temporal_score, :cvss_temporal_vector, :cvss_vector,
-        :description, :exploit_available, :exploit_code_maturity, :exploit_framework_canvas, 
-        :exploit_framework_core, :exploitability_ease, :exploit_framework_metasploit,
-        :metasploit_name, :patch_publication_date, :plugin_modification_date, :plugin_output,
-        :plugin_publication_date, :plugin_version, :risk_factor, :solution, :synopsis, 
-        :threat_intensity_last_28, :threat_recency, :threat_sources_last_28, :vpr_score, 
-        :vuln_publication_date,
+        :cvss3_vector, :cvss_base_score, :cvss3_impact_score, :cvss_temporal_score, 
+        :cvss_temporal_vector, :cvss_vector, :description, :exploit_available, 
+        :exploit_code_maturity, :exploit_framework_canvas, :exploit_framework_core, 
+        :exploitability_ease, :exploit_framework_metasploit,:metasploit_name, 
+        :patch_publication_date, :plugin_modification_date, :plugin_output, 
+        :plugin_publication_date, :plugin_version, :product_coverage, :risk_factor, 
+        :solution, :synopsis, :threat_intensity_last_28, :threat_recency, 
+        :threat_sources_last_28, :vpr_score, :vuln_publication_date,
         # multiple tags
         :bid_entries, :cve_entries, :see_also_entries, :xref_entries,
         # compliance tags
@@ -69,6 +70,7 @@ module Nessus
         # @svc_name       = xml.attributes["svc_name"]
         # @protocol       = xml.attributes["protocol"]
         # @severity       = xml.attributes["severity"]
+        :cvss3_impact_score => 'cvssV3_impactScore',
         :plugin_id => 'pluginID',
         :plugin_name => 'pluginName',
         :plugin_family  => 'pluginFamily'

data/templates/report_item.fields

@@ -2,6 +2,7 @@ report_item.age_of_vuln
 report_item.bid_entries
 report_item.cve_entries
 report_item.cvss3_base_score
+report_item.cvss3_impact_score
 report_item.cvss3_temporal_score
 report_item.cvss3_temporal_vector
 report_item.cvss3_vector
@@ -26,6 +27,7 @@ report_item.plugin_output
 report_item.plugin_publication_date
 report_item.plugin_version
 report_item.port
+report_item.product_coverage
 report_item.protocol
 report_item.risk_factor
 report_item.see_also_entries

data/templates/report_item.sample

@@ -28,6 +28,7 @@ If safe checks are enabled, this may be a false positive since it is based on th
   <cvss3_temporal_score>6.8</cvss3_temporal_score>
   <cvss3_temporal_vector>CVSS:3.0/E:U/RL:O/RC:C</cvss3_temporal_vector>
   <cvss3_vector>CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</cvss3_vector>
+  <cvssV3_impactScore>5.9</cvssV3_impactScore>
   <cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
   <synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
   <threat_intensity_last_28>Very Low</threat_intensity_last_28>
@@ -41,6 +42,7 @@ If safe checks are enabled, this may be a false positive since it is based on th
   <plugin_modification_date>2011/03/08</plugin_modification_date>
   <cvss_base_score>7.5</cvss_base_score>
   <vpr_score>6.7</vpr_score>
+  <product_coverage>Low</product_coverage>
   <canvas_package>CANVAS</canvas_package>
   <cve>CVE-2002-0392</cve>
   <bid>5033</bid>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nessus
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.3.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-03 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -107,6 +107,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
+- CHANGELOG.template
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE