dradis-nessus 4.10.0 → 4.12.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '080f08fe4a7a612c7264ce46339a6c996cd311b33d2cc8a09a360d1c686fdf5f'
4
- data.tar.gz: 39512d271707760c6c7f166b45998d4d516fae2b67f8d051f229dc68476c5cdc
3
+ metadata.gz: 89e36338a9a7b2d0791868394749b7ceda41c746374e18ca3262208b8901f801
4
+ data.tar.gz: '085692aa88ed591b56b6e7b4f47959db2aa3a81a4157da9b42ca27dd50115098'
5
5
  SHA512:
6
- metadata.gz: ce4a4e9f5f1cba8bda205f90b0721d3e9d7062ad858e6662537d640a411fff32ca3c7c4cae78946ebe15260d81fac1b233172ff01ec47a71b65159336e4abbff
7
- data.tar.gz: 6e6158969274d12fdcc206300939ad2667b8c25c2ec2ebcaada26744d54cc6675b60d5361358f5e54b1db1f1c5179de8d8323829bff58eb485e6a3560ac97e20
6
+ metadata.gz: 6f11c491e50351cac07dc65fbfa06a96b20e73b4e1075dbccc1ef88356943a1d52847deac6a27c6e05bb50447d9f93d3d1e1ad886a0c90bdaca08a86d34b8acd
7
+ data.tar.gz: 161919167d9263c1c0782ea1317947e3a3f1f1d1a3748dcf9c3690b13a98524f9d7a62dddf9f87eb4c81f35125347b4a309810fcd35cd5429e4f77fefc68616a
@@ -1,3 +1,5 @@
1
+ Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
2
+
1
3
  ### Summary
2
4
 
3
5
  Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
6
8
  to keep the conversation linked together.
7
9
 
8
10
 
11
+ ### Testing Steps
12
+
13
+ Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
14
+
15
+
9
16
  ### Other Information
10
17
 
11
18
  If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
26
33
  codebase. Any code you create which is merged must be owned by us.
27
34
  That's not us trying to be a jerks, that's just the way it works.
28
35
 
29
- Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
30
- file for the details.
31
-
32
36
  You can delete this section, but the following sentence needs to
33
37
  remain in the PR's description:
34
38
 
35
39
  > I assign all rights, including copyright, to any future Dradis
36
40
  > work by myself to Security Roots.
41
+
42
+ ### Check List
43
+
44
+ - [ ] Added a CHANGELOG entry
45
+ - [ ] Added specs
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ v4.12.0 (May 2024)
2
+ - Migrate integration to use Mappings Manager
3
+ - Update Dradis links in README
4
+
5
+ v4.11.0 (January 2024)
6
+ - No changes
7
+
1
8
  v4.10.0 (September 2023)
2
9
  - Update gemspec links
3
10
 
data/README.md CHANGED
@@ -8,17 +8,16 @@ The parser only supports version 2 of nessus xml format. Other formats (nbe, nsr
8
8
 
9
9
  Also, the xml parser only extracts the results of a scan. It is not able to parse the scan policy itself which is also part of the xml file.
10
10
 
11
- The add-on requires Dradis 3.0 or higher.
12
-
11
+ The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
13
12
 
14
13
  ## More information
15
14
 
16
- See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
15
+ See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
17
16
 
18
17
 
19
18
  ## Contributing
20
19
 
21
- See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
20
+ See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
22
21
 
23
22
 
24
23
  ## License
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 10
11
+ MINOR = 12
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -79,7 +79,7 @@ module Dradis::Plugins::Nessus
79
79
  logger.info{ "\tHost: #{host_label}" }
80
80
 
81
81
  # 2. Add host info note and host properties
82
- host_note_text = template_service.process_template(template: 'report_host', data: xml_host)
82
+ host_note_text = mapping_service.apply_mapping(source: 'report_host', data: xml_host)
83
83
  content_service.create_note(text: host_note_text, node: host_node)
84
84
 
85
85
  if host_node.respond_to?(:properties)
@@ -123,7 +123,7 @@ module Dradis::Plugins::Nessus
123
123
  plugin_id = xml_report_item.attributes['pluginID'].value
124
124
  logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
125
125
 
126
- issue_text = template_service.process_template(template: 'report_item', data: xml_report_item)
126
+ issue_text = mapping_service.apply_mapping(source: 'report_item', data: xml_report_item)
127
127
 
128
128
  issue = content_service.create_issue(text: issue_text, id: plugin_id)
129
129
 
@@ -133,7 +133,7 @@ module Dradis::Plugins::Nessus
133
133
  port_info += xml_report_item.attributes['port'].value
134
134
 
135
135
  logger.info{ "\t\t\t => Adding reference to this host" }
136
- evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item)
136
+ evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_report_item)
137
137
 
138
138
  content_service.create_evidence(issue: issue, node: host_node, content: evidence_content)
139
139
 
@@ -0,0 +1,102 @@
1
+ module Dradis::Plugins::Nessus
2
+ module Mapping
3
+ DEFAULT_MAPPING = {
4
+ evidence: {
5
+ 'Location' => '{{ nessus[evidence.protocol] }}/{{ nessus[evidence.port] }}',
6
+ 'Output' => 'bc.. {{ nessus[evidence.plugin_output] }}'
7
+ },
8
+ report_host: {
9
+ 'Title' => 'Nessus host summary',
10
+ 'Host information' => "Name: {{ nessus[report_host.name] }}\nIP address: {{ nessus[report_host.ip] }}\nFQDN: {{ nessus[report_host.fqdn] }}\nOS: {{ nessus[report_host.operating_system] }}\nMac address: {{ nessus[report_host.mac_address] }}\nNetbios name: {{ nessus[report_host.netbios_name] }}",
11
+ 'Scan information' => "Scan started: {{ nessus[report_host.scan_start_time] }}\nScan ended: {{ nessus[report_host.scan_stop_time] }}"
12
+ },
13
+ report_item: {
14
+ 'Title' => '{{ nessus[report_item.plugin_name] }}',
15
+ 'CVSSv3.BaseScore' => '{{ nessus[report_item.cvss3_base_score] }}',
16
+ 'CVSSv3Vector' => '{{ nessus[report_item.cvss3_vector] }}',
17
+ 'Type' => 'Internal',
18
+ 'Description' => '{{ nessus[report_item.description] }}',
19
+ 'Solution' => '{{ nessus[report_item.solution] }}',
20
+ 'References' => '{{ nessus[report_item.see_also_entries] }}'
21
+ }
22
+ }.freeze
23
+
24
+ SOURCE_FIELDS = {
25
+ evidence: [
26
+ 'compliance.cm_actual_value',
27
+ 'compliance.cm_audit_file',
28
+ 'compliance.cm_check_id',
29
+ 'compliance.cm_check_name',
30
+ 'compliance.cm_info',
31
+ 'compliance.cm_output',
32
+ 'compliance.cm_policy_value',
33
+ 'compliance.cm_reference',
34
+ 'compliance.cm_result',
35
+ 'compliance.cm_see_also',
36
+ 'compliance.cm_solution',
37
+ 'evidence.plugin_output',
38
+ 'evidence.port',
39
+ 'evidence.protocol',
40
+ 'evidence.svc_name',
41
+ 'evidence.severity',
42
+ 'report_item.plugin_name'
43
+ ],
44
+ report_host: [
45
+ 'report_host.name',
46
+ 'report_host.ip',
47
+ 'report_host.fqdn',
48
+ 'report_host.operating_system',
49
+ 'report_host.mac_address',
50
+ 'report_host.netbios_name',
51
+ 'report_host.scan_start_time',
52
+ 'report_host.scan_stop_time'
53
+ ],
54
+ report_item: [
55
+ 'report_item.age_of_vuln',
56
+ 'report_item.bid_entries',
57
+ 'report_item.cve_entries',
58
+ 'report_item.cvss3_base_score',
59
+ 'report_item.cvss3_impact_score',
60
+ 'report_item.cvss3_temporal_score',
61
+ 'report_item.cvss3_temporal_vector',
62
+ 'report_item.cvss3_vector',
63
+ 'report_item.cvss_base_score',
64
+ 'report_item.cvss_temporal_score',
65
+ 'report_item.cvss_temporal_vector',
66
+ 'report_item.cvss_vector',
67
+ 'report_item.description',
68
+ 'report_item.exploitability_ease',
69
+ 'report_item.exploit_available',
70
+ 'report_item.exploit_code_maturity',
71
+ 'report_item.exploit_framework_canvas',
72
+ 'report_item.exploit_framework_core',
73
+ 'report_item.exploit_framework_metasploit',
74
+ 'report_item.metasploit_name',
75
+ 'report_item.patch_publication_date',
76
+ 'report_item.plugin_family',
77
+ 'report_item.plugin_id',
78
+ 'report_item.plugin_modification_date',
79
+ 'report_item.plugin_name',
80
+ 'report_item.plugin_output',
81
+ 'report_item.plugin_publication_date',
82
+ 'report_item.plugin_type',
83
+ 'report_item.plugin_version',
84
+ 'report_item.port',
85
+ 'report_item.product_coverage',
86
+ 'report_item.protocol',
87
+ 'report_item.risk_factor',
88
+ 'report_item.see_also_entries',
89
+ 'report_item.severity',
90
+ 'report_item.solution',
91
+ 'report_item.svc_name',
92
+ 'report_item.synopsis',
93
+ 'report_item.threat_intensity_last_28',
94
+ 'report_item.threat_recency',
95
+ 'report_item.threat_sources_last_28',
96
+ 'report_item.vpr_score',
97
+ 'report_item.vuln_publication_date',
98
+ 'report_item.xref_entries'
99
+ ]
100
+ }.freeze
101
+ end
102
+ end
@@ -7,5 +7,6 @@ end
7
7
 
8
8
  require 'dradis/plugins/nessus/engine'
9
9
  require 'dradis/plugins/nessus/field_processor'
10
+ require 'dradis/plugins/nessus/mapping'
10
11
  require 'dradis/plugins/nessus/importer'
11
12
  require 'dradis/plugins/nessus/version'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-nessus
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.10.0
4
+ version: 4.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-07 00:00:00.000000000 Z
11
+ date: 2024-05-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -96,7 +96,7 @@ dependencies:
96
96
  version: 0.5.2
97
97
  description: This add-on allows you to upload and parse output produced from Tenable's
98
98
  Nessus Scanner into Dradis.
99
- email:
99
+ email:
100
100
  executables: []
101
101
  extensions: []
102
102
  extra_rdoc_files: []
@@ -119,6 +119,7 @@ files:
119
119
  - lib/dradis/plugins/nessus/field_processor.rb
120
120
  - lib/dradis/plugins/nessus/gem_version.rb
121
121
  - lib/dradis/plugins/nessus/importer.rb
122
+ - lib/dradis/plugins/nessus/mapping.rb
122
123
  - lib/dradis/plugins/nessus/version.rb
123
124
  - lib/nessus/host.rb
124
125
  - lib/nessus/report_item.rb
@@ -130,20 +131,14 @@ files:
130
131
  - spec/fixtures/files/report_item-with-list.xml
131
132
  - spec/nessus/host_spec.rb
132
133
  - spec/spec_helper.rb
133
- - templates/evidence.fields
134
134
  - templates/evidence.sample
135
- - templates/evidence.template
136
- - templates/report_host.fields
137
135
  - templates/report_host.sample
138
- - templates/report_host.template
139
- - templates/report_item.fields
140
136
  - templates/report_item.sample
141
- - templates/report_item.template
142
137
  homepage: https://dradis.com/integrations/nessus.html
143
138
  licenses:
144
139
  - GPL-2
145
140
  metadata: {}
146
- post_install_message:
141
+ post_install_message:
147
142
  rdoc_options: []
148
143
  require_paths:
149
144
  - lib
@@ -158,8 +153,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
158
153
  - !ruby/object:Gem::Version
159
154
  version: '0'
160
155
  requirements: []
161
- rubygems_version: 3.1.4
162
- signing_key:
156
+ rubygems_version: 3.5.6
157
+ signing_key:
163
158
  specification_version: 4
164
159
  summary: Nessus upload add-on for the Dradis Framework.
165
160
  test_files:
@@ -1,17 +0,0 @@
1
- compliance.cm_actual_value
2
- compliance.cm_audit_file
3
- compliance.cm_check_id
4
- compliance.cm_check_name
5
- compliance.cm_info
6
- compliance.cm_output
7
- compliance.cm_policy_value
8
- compliance.cm_reference
9
- compliance.cm_result
10
- compliance.cm_see_also
11
- compliance.cm_solution
12
- evidence.plugin_output
13
- evidence.port
14
- evidence.protocol
15
- evidence.svc_name
16
- evidence.severity
17
- report_item.plugin_name
@@ -1,5 +0,0 @@
1
- #[Location]#
2
- %evidence.protocol%/%evidence.port%
3
-
4
- #[Output]#
5
- bc.. %evidence.plugin_output%
@@ -1,8 +0,0 @@
1
- report_host.name
2
- report_host.ip
3
- report_host.fqdn
4
- report_host.operating_system
5
- report_host.mac_address
6
- report_host.netbios_name
7
- report_host.scan_start_time
8
- report_host.scan_stop_time
@@ -1,14 +0,0 @@
1
- #[Title]#
2
- Nessus host summary
3
-
4
- #[Host information]#
5
- Name: %report_host.name%
6
- IP address: %report_host.ip%
7
- FQDN: %report_host.fqdn%
8
- OS: %report_host.operating_system%
9
- Mac address: %report_host.mac_address%
10
- Netbios name: %report_host.netbios_name%
11
-
12
- #[Scan information]#
13
- Scan started: %report_host.scan_start_time%
14
- Scan ended: %report_host.scan_stop_time%
@@ -1,44 +0,0 @@
1
- report_item.age_of_vuln
2
- report_item.bid_entries
3
- report_item.cve_entries
4
- report_item.cvss3_base_score
5
- report_item.cvss3_impact_score
6
- report_item.cvss3_temporal_score
7
- report_item.cvss3_temporal_vector
8
- report_item.cvss3_vector
9
- report_item.cvss_base_score
10
- report_item.cvss_temporal_score
11
- report_item.cvss_temporal_vector
12
- report_item.cvss_vector
13
- report_item.description
14
- report_item.exploitability_ease
15
- report_item.exploit_available
16
- report_item.exploit_code_maturity
17
- report_item.exploit_framework_canvas
18
- report_item.exploit_framework_core
19
- report_item.exploit_framework_metasploit
20
- report_item.metasploit_name
21
- report_item.patch_publication_date
22
- report_item.plugin_family
23
- report_item.plugin_id
24
- report_item.plugin_modification_date
25
- report_item.plugin_name
26
- report_item.plugin_output
27
- report_item.plugin_publication_date
28
- report_item.plugin_type
29
- report_item.plugin_version
30
- report_item.port
31
- report_item.product_coverage
32
- report_item.protocol
33
- report_item.risk_factor
34
- report_item.see_also_entries
35
- report_item.severity
36
- report_item.solution
37
- report_item.svc_name
38
- report_item.synopsis
39
- report_item.threat_intensity_last_28
40
- report_item.threat_recency
41
- report_item.threat_sources_last_28
42
- report_item.vpr_score
43
- report_item.vuln_publication_date
44
- report_item.xref_entries
@@ -1,20 +0,0 @@
1
- #[Title]#
2
- %report_item.plugin_name%
3
-
4
- #[CVSSv3.BaseScore]#
5
- %report_item.cvss3_base_score%
6
-
7
- #[CVSSv3Vector]#
8
- %report_item.cvss3_vector%
9
-
10
- #[Type]#
11
- Internal
12
-
13
- #[Description]#
14
- %report_item.description%
15
-
16
- #[Solution]#
17
- %report_item.solution%
18
-
19
- #[References]#
20
- %report_item.see_also_entries%