dradis-nessus 4.11.0 → 4.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44155793c4e6b3bba1b126e987de10df8a4abfd733c9ce4cdd78040d8d09ed4e
-  data.tar.gz: 6c0e3a28d04527782365997d695cd46a3148ec8023f43e2aac6cf7d73c02c0d3
+  metadata.gz: 5b1cd71866a497daa6b69caeab52f5a5931e5797a91641919a20b0f88f966444
+  data.tar.gz: 6d2afaa4bf0cdeb5a07043b418e759d039e373614abfa7899a77b2f14fa9cdc8
 SHA512:
-  metadata.gz: 5f377ed2c653ee9bced8f84171729eb35632f8399f94726e047e34287eec0ae311b3017d471d41d9dbc2b0e95711bfcace04bf88bcf9ed542c2c0870201bb623
-  data.tar.gz: 5c1da6c5d345bd8db460190325d14f5490a84dca423b8fb3b2de1e7de73b27b4bc683197ec6c71f22adeb489410d13d0ad9750e28eaf9adc8379c85595cea831
+  metadata.gz: d51ec219b303d14569ed0a43af65ed2761c465a634c4b2fc2b7957b696ad809cb44505a58d90b067054516d5ec5e6c007a2e3a5929d795da971df3cfa2c1f221
+  data.tar.gz: 935990184cec4b2a2870edd44ba4bc62821ce02d5181d9996332d5974ab6bd981131a16c08d9cbdd1bac9b8f070795433807238806f7c9e85d2b1b8b789d1c43

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+v4.13.0 (July 2024)
+ - Add `cwe_entries` as an available Issue field
+ - Add `vulnerability_priority_rating` as an available Issue field
+
+v4.12.0 (May 2024)
+ - Migrate integration to use Mappings Manager
+ - Update Dradis links in README
+
 v4.11.0 (January 2024)
   - No changes
 

data/README.md

@@ -8,8 +8,7 @@ The parser only supports version 2 of nessus xml format. Other formats (nbe, nsr
 
 Also, the xml parser only extracts the results of a scan. It is not able to parse the scan policy itself which is also part of the xml file.
 
-The add-on requires Dradis 3.0 or higher.
-
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 
 ## More information
 

data/dradis-nessus.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'dradis-plugins', '~> 4.0'
   spec.add_dependency 'nokogiri'
 
-  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec-rails'
   spec.add_development_dependency 'combustion', '~> 0.5.2'

data/lib/dradis/plugins/nessus/gem_version.rb

@@ -8,11 +8,11 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 11
+        MINOR = 13
         TINY = 0
         PRE = nil
 
-        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
       end
     end
   end

data/lib/dradis/plugins/nessus/importer.rb

@@ -79,7 +79,7 @@ module Dradis::Plugins::Nessus
       logger.info{ "\tHost: #{host_label}" }
 
       # 2. Add host info note and host properties
-      host_note_text = template_service.process_template(template: 'report_host', data: xml_host)
+      host_note_text = mapping_service.apply_mapping(source: 'report_host', data: xml_host)
       content_service.create_note(text: host_note_text, node: host_node)
 
       if host_node.respond_to?(:properties)
@@ -123,7 +123,7 @@ module Dradis::Plugins::Nessus
       plugin_id = xml_report_item.attributes['pluginID'].value
       logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
 
-      issue_text = template_service.process_template(template: 'report_item', data: xml_report_item)
+      issue_text = mapping_service.apply_mapping(source: 'report_item', data: xml_report_item)
 
       issue = content_service.create_issue(text: issue_text, id: plugin_id)
 
@@ -133,7 +133,7 @@ module Dradis::Plugins::Nessus
       port_info += xml_report_item.attributes['port'].value
 
       logger.info{ "\t\t\t => Adding reference to this host" }
-      evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item)
+      evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_report_item)
 
       content_service.create_evidence(issue: issue, node: host_node, content: evidence_content)
 

data/lib/dradis/plugins/nessus/mapping.rb

@@ -0,0 +1,103 @@
+module Dradis::Plugins::Nessus
+  module Mapping
+    DEFAULT_MAPPING = {
+      evidence: {
+        'Location' => '{{ nessus[evidence.protocol] }}/{{ nessus[evidence.port] }}',
+        'Output' => 'bc.. {{ nessus[evidence.plugin_output] }}'
+      },
+      report_host: {
+        'Title' => 'Nessus host summary',
+        'Host information' => "Name: {{ nessus[report_host.name] }}\nIP address: {{ nessus[report_host.ip] }}\nFQDN: {{ nessus[report_host.fqdn] }}\nOS: {{ nessus[report_host.operating_system] }}\nMac address: {{ nessus[report_host.mac_address] }}\nNetbios name: {{ nessus[report_host.netbios_name] }}",
+        'Scan information' => "Scan started: {{ nessus[report_host.scan_start_time] }}\nScan ended: {{ nessus[report_host.scan_stop_time] }}"
+      },
+      report_item: {
+        'Title' => '{{ nessus[report_item.plugin_name] }}',
+        'CVSSv3.BaseScore' => '{{ nessus[report_item.cvss3_base_score] }}',
+        'CVSSv3.Vector' => '{{ nessus[report_item.cvss3_vector] }}',
+        'Type' => 'Internal',
+        'Description' => '{{ nessus[report_item.description] }}',
+        'Solution' => '{{ nessus[report_item.solution] }}',
+        'References' => '{{ nessus[report_item.see_also_entries] }}'
+      }
+    }.freeze
+
+    SOURCE_FIELDS = {
+      evidence: [
+        'compliance.cm_actual_value',
+        'compliance.cm_audit_file',
+        'compliance.cm_check_id',
+        'compliance.cm_check_name',
+        'compliance.cm_info',
+        'compliance.cm_output',
+        'compliance.cm_policy_value',
+        'compliance.cm_reference',
+        'compliance.cm_result',
+        'compliance.cm_see_also',
+        'compliance.cm_solution',
+        'evidence.plugin_output',
+        'evidence.port',
+        'evidence.protocol',
+        'evidence.svc_name',
+        'evidence.severity',
+        'report_item.plugin_name'
+      ],
+      report_host: [
+        'report_host.name',
+        'report_host.ip',
+        'report_host.fqdn',
+        'report_host.operating_system',
+        'report_host.mac_address',
+        'report_host.netbios_name',
+        'report_host.scan_start_time',
+        'report_host.scan_stop_time'
+      ],
+      report_item: [
+        'report_item.age_of_vuln',
+        'report_item.bid_entries',
+        'report_item.cve_entries',
+        'report_item.cwe_entries',
+        'report_item.cvss3_base_score',
+        'report_item.cvss3_impact_score',
+        'report_item.cvss3_temporal_score',
+        'report_item.cvss3_temporal_vector',
+        'report_item.cvss3_vector',
+        'report_item.cvss_base_score',
+        'report_item.cvss_temporal_score',
+        'report_item.cvss_temporal_vector',
+        'report_item.cvss_vector',
+        'report_item.description',
+        'report_item.exploitability_ease',
+        'report_item.exploit_available',
+        'report_item.exploit_code_maturity',
+        'report_item.exploit_framework_canvas',
+        'report_item.exploit_framework_core',
+        'report_item.exploit_framework_metasploit',
+        'report_item.metasploit_name',
+        'report_item.patch_publication_date',
+        'report_item.plugin_family',
+        'report_item.plugin_id',
+        'report_item.plugin_modification_date',
+        'report_item.plugin_name',
+        'report_item.plugin_output',
+        'report_item.plugin_publication_date',
+        'report_item.plugin_type',
+        'report_item.plugin_version',
+        'report_item.port',
+        'report_item.product_coverage',
+        'report_item.protocol',
+        'report_item.risk_factor',
+        'report_item.see_also_entries',
+        'report_item.severity',
+        'report_item.solution',
+        'report_item.svc_name',
+        'report_item.synopsis',
+        'report_item.threat_intensity_last_28',
+        'report_item.threat_recency',
+        'report_item.threat_sources_last_28',
+        'report_item.vpr_score',
+        'report_item.vuln_publication_date',
+        'report_item.xref_entries'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/nessus.rb

@@ -7,5 +7,6 @@ end
 
 require 'dradis/plugins/nessus/engine'
 require 'dradis/plugins/nessus/field_processor'
+require 'dradis/plugins/nessus/mapping'
 require 'dradis/plugins/nessus/importer'
 require 'dradis/plugins/nessus/version'

data/lib/nessus/report_item.rb

@@ -31,7 +31,7 @@ module Nessus
         :risk_factor, :solution, :synopsis, :threat_intensity_last_28, :threat_recency, 
         :threat_sources_last_28, :vpr_score, :vuln_publication_date,
         # multiple tags
-        :bid_entries, :cve_entries, :see_also_entries, :xref_entries,
+        :bid_entries, :cve_entries, :cwe_entries, :see_also_entries, :xref_entries,
         # compliance tags
         :cm_actual_value, :cm_audit_file, :cm_check_id, :cm_check_name, :cm_info,
         :cm_output, :cm_policy_value, :cm_reference, :cm_result, :cm_see_also,
@@ -102,11 +102,18 @@ module Nessus
         end
       end
 
+      # older versions of Nessus use <vpr_score> while newer versions of Nessus 
+      #   use <vulnerability_priority_rating>. This allows either tag to be 
+      #   pulled in to the vpr_score mapping
+      if method_name == 'vpr_score'
+        return @xml.at_xpath('./vulnerability_priority_rating | ./vpr_score')&.text
+      end
 
       # finally the enumerations: bid_entries, cve_entries, xref_entries
       translations_table = {
         :bid_entries => 'bid',
         :cve_entries => 'cve',
+        :cwe_entries => 'cwe',
         :see_also_entries => 'see_also',
         :xref_entries  => 'xref'
       }

data/spec/dradis/plugins/nessus/importer_spec.rb

@@ -2,13 +2,10 @@ require 'spec_helper'
 require 'ostruct'
 
 describe Dradis::Plugins::Nessus::Importer do
-
   before(:each) do
-    # Stub template service
-    templates_dir = File.expand_path('../../../../../templates', __FILE__)
-    expect_any_instance_of(Dradis::Plugins::TemplateService)
-    .to receive(:default_templates_dir).and_return(templates_dir)
-
+    mapping_service = double('Dradis::Plugins::MappingService')
+    allow(mapping_service).to receive(:apply_mapping).and_return('')
+    allow(Dradis::Plugins::MappingService).to receive(:new).and_return(mapping_service)
 
     # Init services
     plugin = Dradis::Plugins::Nessus
@@ -37,7 +34,7 @@ describe Dradis::Plugins::Nessus::Importer do
     end
   end
 
-  it "creates one node for each host" do
+  it 'creates one node for each host' do
     %w{snorby.org scanme.insecure.org}.each do |host|
       expect(@content_service).to receive(:create_node).with(hash_including label: host).once
     end
@@ -52,4 +49,29 @@ describe Dradis::Plugins::Nessus::Importer do
     # Run the import
     @importer.import(file: 'spec/fixtures/files/example_v2.nessus')
   end
+
+  describe 'vulnerability priority rating field' do
+    before do
+      allow(@content_service).to receive(:create_evidence) do |args|
+        OpenStruct.new(args)
+      end
+
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:template_source).and_return("#[VPR]#\n%report_item.vpr_score%\n")
+    end
+
+    context '<vpr_score>' do
+      it 'exports the vpr_score field' do
+        expect(@content_service).to receive(:create_issue).with(hash_including text: "#[VPR]#\n9.0\n")
+        @importer.import(file: 'spec/fixtures/files/vulnerability_priority_rating.xml')
+      end
+    end
+
+    context '<vulnerability_priority_rating>' do
+      it 'exports the vpr_score field' do
+        expect(@content_service).to receive(:create_issue).with(hash_including text: "#[VPR]#\n9.0\n")
+        @importer.import(file: 'spec/fixtures/files/vpr_score.xml')
+      end
+    end
+  end
 end

data/spec/fixtures/files/vpr_score.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" ?>
+<NessusClientData_v2>
+<Report name="vprscore" xmlns:cm="http://www.nessus.org/cm">
+<ReportHost name="computer">
+<HostProperties>
+<tag name="host-fqdn">computer.domain</tag>
+<tag name="operating-system">windows</tag>
+<tag name="system-type">general-purpose</tag>
+<tag name="host-uuid">real-uuid</tag>
+<tag name="host-ip">0.0.0.0</tag>
+<tag name="netbios-name">computer</tag>
+<tag name="LastAuthenticatedResults">1111</tag>
+<tag name="local-checks-proto">local</tag>
+<tag name="bios-uuid">real-uuid</tag></HostProperties>
+<ReportItem port="9090" svc_name="www" protocol="tcp" severity="1" pluginID="24260" pluginName="HyperText Transfer Protocol (HTTP) Information" pluginFamily="Web Servers">
+<solution>n/a</solution><risk_factor>None</risk_factor><description>This test gives some information about the remote HTTP protocol - the
+version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
+etc...
+
+This test is informational only and does not denote any security
+problem.</description><synopsis>Some information about the remote HTTP configuration can be extracted.</synopsis><plugin_output>
+Protocol version : HTTP/1.1
+SSL : no
+Keep-Alive : no
+Options allowed : (Not implemented)
+Headers :
+
+  Content-length: 1001
+  Server: TwistedWeb/8.1.0
+  Last-modified: Mon, 10 Aug 2009 07:16:33 GMT
+  Connection: close
+  Date: Fri, 11 Dec 2009 09:03:32 GMT
+  Content-type: text/html
+
+</plugin_output>
+<vpr_score>9.0</vpr_score>
+<plugin_version>$Revision: 1.9 $</plugin_version></ReportItem></ReportHost></Report></NessusClientData_v2>

data/spec/fixtures/files/vulnerability_priority_rating.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" ?>
+<NessusClientData_v2>
+<Report name="vulnerability_priority_rating" xmlns:cm="http://www.nessus.org/cm">
+<ReportHost name="computer">
+<HostProperties>
+<tag name="host-fqdn">computer.domain</tag>
+<tag name="operating-system">windows</tag>
+<tag name="system-type">general-purpose</tag>
+<tag name="host-uuid">real-uuid</tag>
+<tag name="host-ip">0.0.0.0</tag>
+<tag name="netbios-name">computer</tag>
+<tag name="LastAuthenticatedResults">111111</tag>
+<tag name="local-checks-proto">local</tag>
+<tag name="bios-uuid">real-uuid</tag></HostProperties>
+<ReportItem port="9090" svc_name="www" protocol="tcp" severity="1" pluginID="24260" pluginName="HyperText Transfer Protocol (HTTP) Information" pluginFamily="Web Servers">
+<solution>n/a</solution><risk_factor>None</risk_factor><description>This test gives some information about the remote HTTP protocol - the
+version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
+etc...
+
+This test is informational only and does not denote any security
+problem.</description><synopsis>Some information about the remote HTTP configuration can be extracted.</synopsis><plugin_output>
+Protocol version : HTTP/1.1
+SSL : no
+Keep-Alive : no
+Options allowed : (Not implemented)
+Headers :
+
+  Content-length: 1001
+  Server: TwistedWeb/8.1.0
+  Last-modified: Mon, 10 Aug 2009 07:16:33 GMT
+  Connection: close
+  Date: Fri, 11 Dec 2009 09:03:32 GMT
+  Content-type: text/html
+
+</plugin_output>
+<vulnerability_priority_rating>9.0</vulnerability_priority_rating>
+<plugin_version>$Revision: 1.9 $</plugin_version></ReportItem></ReportHost></Report></NessusClientData_v2>

data/templates/report_item.sample

@@ -42,10 +42,11 @@ If safe checks are enabled, this may be a false positive since it is based on th
   <exploit_code_maturity>Unproven</exploit_code_maturity>
   <plugin_modification_date>2011/03/08</plugin_modification_date>
   <cvss_base_score>7.5</cvss_base_score>
-  <vpr_score>6.7</vpr_score>
+  <vulnerability_priority_rating>6.7</vulnerability_priority_rating>
   <product_coverage>Low</product_coverage>
   <canvas_package>CANVAS</canvas_package>
   <cve>CVE-2002-0392</cve>
+  <cwe>123</cwe>
   <bid>5033</bid>
   <xref>IAVA:2002-a-0003</xref>
   <xref>OSVDB:838</xref>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nessus
 version: !ruby/object:Gem::Version
-  version: 4.11.0
+  version: 4.13.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-17 00:00:00.000000000 Z
+date: 2024-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -119,6 +119,7 @@ files:
 - lib/dradis/plugins/nessus/field_processor.rb
 - lib/dradis/plugins/nessus/gem_version.rb
 - lib/dradis/plugins/nessus/importer.rb
+- lib/dradis/plugins/nessus/mapping.rb
 - lib/dradis/plugins/nessus/version.rb
 - lib/nessus/host.rb
 - lib/nessus/report_item.rb
@@ -128,17 +129,13 @@ files:
 - spec/fixtures/files/example_v2.nessus
 - spec/fixtures/files/host-01.xml
 - spec/fixtures/files/report_item-with-list.xml
+- spec/fixtures/files/vpr_score.xml
+- spec/fixtures/files/vulnerability_priority_rating.xml
 - spec/nessus/host_spec.rb
 - spec/spec_helper.rb
-- templates/evidence.fields
 - templates/evidence.sample
-- templates/evidence.template
-- templates/report_host.fields
 - templates/report_host.sample
-- templates/report_host.template
-- templates/report_item.fields
 - templates/report_item.sample
-- templates/report_item.template
 homepage: https://dradis.com/integrations/nessus.html
 licenses:
 - GPL-2
@@ -158,7 +155,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.5.6
 signing_key:
 specification_version: 4
 summary: Nessus upload add-on for the Dradis Framework.
@@ -168,5 +165,7 @@ test_files:
 - spec/fixtures/files/example_v2.nessus
 - spec/fixtures/files/host-01.xml
 - spec/fixtures/files/report_item-with-list.xml
+- spec/fixtures/files/vpr_score.xml
+- spec/fixtures/files/vulnerability_priority_rating.xml
 - spec/nessus/host_spec.rb
 - spec/spec_helper.rb

data/templates/evidence.fields

@@ -1,17 +0,0 @@
-compliance.cm_actual_value
-compliance.cm_audit_file
-compliance.cm_check_id
-compliance.cm_check_name
-compliance.cm_info
-compliance.cm_output
-compliance.cm_policy_value
-compliance.cm_reference
-compliance.cm_result
-compliance.cm_see_also
-compliance.cm_solution
-evidence.plugin_output
-evidence.port
-evidence.protocol
-evidence.svc_name
-evidence.severity
-report_item.plugin_name

data/templates/evidence.template

@@ -1,5 +0,0 @@
-#[Location]#
-%evidence.protocol%/%evidence.port%
-
-#[Output]#
-bc.. %evidence.plugin_output%

data/templates/report_host.fields

@@ -1,8 +0,0 @@
-report_host.name
-report_host.ip
-report_host.fqdn
-report_host.operating_system
-report_host.mac_address
-report_host.netbios_name
-report_host.scan_start_time
-report_host.scan_stop_time

data/templates/report_host.template

@@ -1,14 +0,0 @@
-#[Title]#
-Nessus host summary
-
-#[Host information]#
-Name: %report_host.name%
-IP address: %report_host.ip%
-FQDN: %report_host.fqdn%
-OS: %report_host.operating_system%
-Mac address: %report_host.mac_address%
-Netbios name: %report_host.netbios_name%
-
-#[Scan information]#
-Scan started: %report_host.scan_start_time%
-Scan ended: %report_host.scan_stop_time%

data/templates/report_item.fields

@@ -1,44 +0,0 @@
-report_item.age_of_vuln
-report_item.bid_entries
-report_item.cve_entries
-report_item.cvss3_base_score
-report_item.cvss3_impact_score
-report_item.cvss3_temporal_score
-report_item.cvss3_temporal_vector
-report_item.cvss3_vector
-report_item.cvss_base_score
-report_item.cvss_temporal_score
-report_item.cvss_temporal_vector
-report_item.cvss_vector
-report_item.description
-report_item.exploitability_ease
-report_item.exploit_available
-report_item.exploit_code_maturity
-report_item.exploit_framework_canvas
-report_item.exploit_framework_core
-report_item.exploit_framework_metasploit
-report_item.metasploit_name
-report_item.patch_publication_date
-report_item.plugin_family
-report_item.plugin_id
-report_item.plugin_modification_date
-report_item.plugin_name
-report_item.plugin_output
-report_item.plugin_publication_date
-report_item.plugin_type
-report_item.plugin_version
-report_item.port
-report_item.product_coverage
-report_item.protocol
-report_item.risk_factor
-report_item.see_also_entries
-report_item.severity
-report_item.solution
-report_item.svc_name
-report_item.synopsis
-report_item.threat_intensity_last_28
-report_item.threat_recency
-report_item.threat_sources_last_28
-report_item.vpr_score
-report_item.vuln_publication_date
-report_item.xref_entries

data/templates/report_item.template

@@ -1,20 +0,0 @@
-#[Title]#
-%report_item.plugin_name%
-
-#[CVSSv3.BaseScore]#
-%report_item.cvss3_base_score%
-
-#[CVSSv3Vector]#
-%report_item.cvss3_vector%
-
-#[Type]#
-Internal
-
-#[Description]#
-%report_item.description%
-
-#[Solution]#
-%report_item.solution%
-
-#[References]#
-%report_item.see_also_entries%