dradis-nessus 4.12.0 → 4.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 89e36338a9a7b2d0791868394749b7ceda41c746374e18ca3262208b8901f801
-  data.tar.gz: '085692aa88ed591b56b6e7b4f47959db2aa3a81a4157da9b42ca27dd50115098'
+  metadata.gz: 5b1cd71866a497daa6b69caeab52f5a5931e5797a91641919a20b0f88f966444
+  data.tar.gz: 6d2afaa4bf0cdeb5a07043b418e759d039e373614abfa7899a77b2f14fa9cdc8
 SHA512:
-  metadata.gz: 6f11c491e50351cac07dc65fbfa06a96b20e73b4e1075dbccc1ef88356943a1d52847deac6a27c6e05bb50447d9f93d3d1e1ad886a0c90bdaca08a86d34b8acd
-  data.tar.gz: 161919167d9263c1c0782ea1317947e3a3f1f1d1a3748dcf9c3690b13a98524f9d7a62dddf9f87eb4c81f35125347b4a309810fcd35cd5429e4f77fefc68616a
+  metadata.gz: d51ec219b303d14569ed0a43af65ed2761c465a634c4b2fc2b7957b696ad809cb44505a58d90b067054516d5ec5e6c007a2e3a5929d795da971df3cfa2c1f221
+  data.tar.gz: 935990184cec4b2a2870edd44ba4bc62821ce02d5181d9996332d5974ab6bd981131a16c08d9cbdd1bac9b8f070795433807238806f7c9e85d2b1b8b789d1c43

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+v4.13.0 (July 2024)
+ - Add `cwe_entries` as an available Issue field
+ - Add `vulnerability_priority_rating` as an available Issue field
+
 v4.12.0 (May 2024)
  - Migrate integration to use Mappings Manager
  - Update Dradis links in README

data/dradis-nessus.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'dradis-plugins', '~> 4.0'
   spec.add_dependency 'nokogiri'
 
-  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec-rails'
   spec.add_development_dependency 'combustion', '~> 0.5.2'

data/lib/dradis/plugins/nessus/gem_version.rb

@@ -8,11 +8,11 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 12
+        MINOR = 13
         TINY = 0
         PRE = nil
 
-        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
       end
     end
   end

data/lib/dradis/plugins/nessus/mapping.rb

@@ -13,7 +13,7 @@ module Dradis::Plugins::Nessus
       report_item: {
         'Title' => '{{ nessus[report_item.plugin_name] }}',
         'CVSSv3.BaseScore' => '{{ nessus[report_item.cvss3_base_score] }}',
-        'CVSSv3Vector' => '{{ nessus[report_item.cvss3_vector] }}',
+        'CVSSv3.Vector' => '{{ nessus[report_item.cvss3_vector] }}',
         'Type' => 'Internal',
         'Description' => '{{ nessus[report_item.description] }}',
         'Solution' => '{{ nessus[report_item.solution] }}',
@@ -55,6 +55,7 @@ module Dradis::Plugins::Nessus
         'report_item.age_of_vuln',
         'report_item.bid_entries',
         'report_item.cve_entries',
+        'report_item.cwe_entries',
         'report_item.cvss3_base_score',
         'report_item.cvss3_impact_score',
         'report_item.cvss3_temporal_score',

data/lib/nessus/report_item.rb

@@ -31,7 +31,7 @@ module Nessus
         :risk_factor, :solution, :synopsis, :threat_intensity_last_28, :threat_recency, 
         :threat_sources_last_28, :vpr_score, :vuln_publication_date,
         # multiple tags
-        :bid_entries, :cve_entries, :see_also_entries, :xref_entries,
+        :bid_entries, :cve_entries, :cwe_entries, :see_also_entries, :xref_entries,
         # compliance tags
         :cm_actual_value, :cm_audit_file, :cm_check_id, :cm_check_name, :cm_info,
         :cm_output, :cm_policy_value, :cm_reference, :cm_result, :cm_see_also,
@@ -102,11 +102,18 @@ module Nessus
         end
       end
 
+      # older versions of Nessus use <vpr_score> while newer versions of Nessus 
+      #   use <vulnerability_priority_rating>. This allows either tag to be 
+      #   pulled in to the vpr_score mapping
+      if method_name == 'vpr_score'
+        return @xml.at_xpath('./vulnerability_priority_rating | ./vpr_score')&.text
+      end
 
       # finally the enumerations: bid_entries, cve_entries, xref_entries
       translations_table = {
         :bid_entries => 'bid',
         :cve_entries => 'cve',
+        :cwe_entries => 'cwe',
         :see_also_entries => 'see_also',
         :xref_entries  => 'xref'
       }

data/spec/dradis/plugins/nessus/importer_spec.rb

@@ -2,13 +2,10 @@ require 'spec_helper'
 require 'ostruct'
 
 describe Dradis::Plugins::Nessus::Importer do
-
   before(:each) do
-    # Stub template service
-    templates_dir = File.expand_path('../../../../../templates', __FILE__)
-    expect_any_instance_of(Dradis::Plugins::TemplateService)
-    .to receive(:default_templates_dir).and_return(templates_dir)
-
+    mapping_service = double('Dradis::Plugins::MappingService')
+    allow(mapping_service).to receive(:apply_mapping).and_return('')
+    allow(Dradis::Plugins::MappingService).to receive(:new).and_return(mapping_service)
 
     # Init services
     plugin = Dradis::Plugins::Nessus
@@ -37,7 +34,7 @@ describe Dradis::Plugins::Nessus::Importer do
     end
   end
 
-  it "creates one node for each host" do
+  it 'creates one node for each host' do
     %w{snorby.org scanme.insecure.org}.each do |host|
       expect(@content_service).to receive(:create_node).with(hash_including label: host).once
     end
@@ -52,4 +49,29 @@ describe Dradis::Plugins::Nessus::Importer do
     # Run the import
     @importer.import(file: 'spec/fixtures/files/example_v2.nessus')
   end
+
+  describe 'vulnerability priority rating field' do
+    before do
+      allow(@content_service).to receive(:create_evidence) do |args|
+        OpenStruct.new(args)
+      end
+
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:template_source).and_return("#[VPR]#\n%report_item.vpr_score%\n")
+    end
+
+    context '<vpr_score>' do
+      it 'exports the vpr_score field' do
+        expect(@content_service).to receive(:create_issue).with(hash_including text: "#[VPR]#\n9.0\n")
+        @importer.import(file: 'spec/fixtures/files/vulnerability_priority_rating.xml')
+      end
+    end
+
+    context '<vulnerability_priority_rating>' do
+      it 'exports the vpr_score field' do
+        expect(@content_service).to receive(:create_issue).with(hash_including text: "#[VPR]#\n9.0\n")
+        @importer.import(file: 'spec/fixtures/files/vpr_score.xml')
+      end
+    end
+  end
 end

data/spec/fixtures/files/vpr_score.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" ?>
+<NessusClientData_v2>
+<Report name="vprscore" xmlns:cm="http://www.nessus.org/cm">
+<ReportHost name="computer">
+<HostProperties>
+<tag name="host-fqdn">computer.domain</tag>
+<tag name="operating-system">windows</tag>
+<tag name="system-type">general-purpose</tag>
+<tag name="host-uuid">real-uuid</tag>
+<tag name="host-ip">0.0.0.0</tag>
+<tag name="netbios-name">computer</tag>
+<tag name="LastAuthenticatedResults">1111</tag>
+<tag name="local-checks-proto">local</tag>
+<tag name="bios-uuid">real-uuid</tag></HostProperties>
+<ReportItem port="9090" svc_name="www" protocol="tcp" severity="1" pluginID="24260" pluginName="HyperText Transfer Protocol (HTTP) Information" pluginFamily="Web Servers">
+<solution>n/a</solution><risk_factor>None</risk_factor><description>This test gives some information about the remote HTTP protocol - the
+version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
+etc...
+
+This test is informational only and does not denote any security
+problem.</description><synopsis>Some information about the remote HTTP configuration can be extracted.</synopsis><plugin_output>
+Protocol version : HTTP/1.1
+SSL : no
+Keep-Alive : no
+Options allowed : (Not implemented)
+Headers :
+
+  Content-length: 1001
+  Server: TwistedWeb/8.1.0
+  Last-modified: Mon, 10 Aug 2009 07:16:33 GMT
+  Connection: close
+  Date: Fri, 11 Dec 2009 09:03:32 GMT
+  Content-type: text/html
+
+</plugin_output>
+<vpr_score>9.0</vpr_score>
+<plugin_version>$Revision: 1.9 $</plugin_version></ReportItem></ReportHost></Report></NessusClientData_v2>

data/spec/fixtures/files/vulnerability_priority_rating.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" ?>
+<NessusClientData_v2>
+<Report name="vulnerability_priority_rating" xmlns:cm="http://www.nessus.org/cm">
+<ReportHost name="computer">
+<HostProperties>
+<tag name="host-fqdn">computer.domain</tag>
+<tag name="operating-system">windows</tag>
+<tag name="system-type">general-purpose</tag>
+<tag name="host-uuid">real-uuid</tag>
+<tag name="host-ip">0.0.0.0</tag>
+<tag name="netbios-name">computer</tag>
+<tag name="LastAuthenticatedResults">111111</tag>
+<tag name="local-checks-proto">local</tag>
+<tag name="bios-uuid">real-uuid</tag></HostProperties>
+<ReportItem port="9090" svc_name="www" protocol="tcp" severity="1" pluginID="24260" pluginName="HyperText Transfer Protocol (HTTP) Information" pluginFamily="Web Servers">
+<solution>n/a</solution><risk_factor>None</risk_factor><description>This test gives some information about the remote HTTP protocol - the
+version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
+etc...
+
+This test is informational only and does not denote any security
+problem.</description><synopsis>Some information about the remote HTTP configuration can be extracted.</synopsis><plugin_output>
+Protocol version : HTTP/1.1
+SSL : no
+Keep-Alive : no
+Options allowed : (Not implemented)
+Headers :
+
+  Content-length: 1001
+  Server: TwistedWeb/8.1.0
+  Last-modified: Mon, 10 Aug 2009 07:16:33 GMT
+  Connection: close
+  Date: Fri, 11 Dec 2009 09:03:32 GMT
+  Content-type: text/html
+
+</plugin_output>
+<vulnerability_priority_rating>9.0</vulnerability_priority_rating>
+<plugin_version>$Revision: 1.9 $</plugin_version></ReportItem></ReportHost></Report></NessusClientData_v2>

data/templates/report_item.sample

@@ -42,10 +42,11 @@ If safe checks are enabled, this may be a false positive since it is based on th
   <exploit_code_maturity>Unproven</exploit_code_maturity>
   <plugin_modification_date>2011/03/08</plugin_modification_date>
   <cvss_base_score>7.5</cvss_base_score>
-  <vpr_score>6.7</vpr_score>
+  <vulnerability_priority_rating>6.7</vulnerability_priority_rating>
   <product_coverage>Low</product_coverage>
   <canvas_package>CANVAS</canvas_package>
   <cve>CVE-2002-0392</cve>
+  <cwe>123</cwe>
   <bid>5033</bid>
   <xref>IAVA:2002-a-0003</xref>
   <xref>OSVDB:838</xref>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nessus
 version: !ruby/object:Gem::Version
-  version: 4.12.0
+  version: 4.13.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-07 00:00:00.000000000 Z
+date: 2024-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -129,6 +129,8 @@ files:
 - spec/fixtures/files/example_v2.nessus
 - spec/fixtures/files/host-01.xml
 - spec/fixtures/files/report_item-with-list.xml
+- spec/fixtures/files/vpr_score.xml
+- spec/fixtures/files/vulnerability_priority_rating.xml
 - spec/nessus/host_spec.rb
 - spec/spec_helper.rb
 - templates/evidence.sample
@@ -163,5 +165,7 @@ test_files:
 - spec/fixtures/files/example_v2.nessus
 - spec/fixtures/files/host-01.xml
 - spec/fixtures/files/report_item-with-list.xml
+- spec/fixtures/files/vpr_score.xml
+- spec/fixtures/files/vulnerability_priority_rating.xml
 - spec/nessus/host_spec.rb
 - spec/spec_helper.rb