dradis-netsparker 3.10.0 → 3.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -1
- data/lib/dradis/plugins/netsparker/gem_version.rb +1 -1
- data/lib/netsparker/vulnerability.rb +39 -15
- data/spec/fixtures/files/testsparker.xml +4841 -0
- data/templates/issue.fields +6 -0
- data/templates/issue.sample +10 -1
- data/templates/issue.template +0 -1
- metadata +5 -3
data/templates/issue.fields
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
issue.actions_to_take
|
1
2
|
issue.certainty
|
2
3
|
issue.classification_capec
|
3
4
|
issue.classification_cvss_vector
|
@@ -15,7 +16,12 @@ issue.classification_pci31
|
|
15
16
|
issue.classification_pci32
|
16
17
|
issue.classification_wasc
|
17
18
|
issue.description
|
19
|
+
issue.external_references
|
20
|
+
issue.extrainformation
|
21
|
+
issue.impact
|
18
22
|
issue.remedy
|
23
|
+
issue.remedy_references
|
24
|
+
issue.required_skills_for_exploitation
|
19
25
|
issue.severity
|
20
26
|
issue.title
|
21
27
|
issue.type
|
data/templates/issue.sample
CHANGED
@@ -4,7 +4,13 @@
|
|
4
4
|
<severity>Information</severity>
|
5
5
|
<certainty>100</certainty>
|
6
6
|
<description><![CDATA[<p>Netsparker detected a missing <code>X-XSS-Protection</code> header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.</p>]]></description>
|
7
|
+
<impact><![CDATA[ <div>;This issue is reported as additional information only. There is no direct impact arising from this issue.</div> ]]></impact>
|
8
|
+
<actionsToTake><![CDATA[Placeholder Actions to Take for plugin manager configuration]]></actionsToTake>
|
7
9
|
<remedy><![CDATA[<div>Add the X-XSS-Protection header with a value of "1; mode= block".<ul><li><pre class="code">X-XSS-Protection: 1; mode=block</pre></li></ul></div>]]></remedy>
|
10
|
+
<requiredSkillsForExploitation><![CDATA[ Placeholder Required Skills for Exploitation for Plugin Manager configuration ]]></requiredSkillsForExploitation>
|
11
|
+
<externalReferences><![CDATA[ <div><ul><li><a href='https://msdn.microsoft.com/en-us/library/cc288472(VS.85).aspx#_replace'>MSDN - Internet Explorer 8 Security Features</a></li><li><a href='https://blogs.msdn.com/b/ie/archive/2008/07/01/ie8-security-part-iv-the-xss-filter.aspx'>Internet Explorer 8 XSS Filter</a></li></ul></div> ]]></externalReferences>
|
12
|
+
<remedyReferences><![CDATA[ Placeholder Remedy References for Plugin Manager configuration ]]></remedyReferences>
|
13
|
+
<proofOfConcept><![CDATA[ Placeholder Proof of Concept for Plugin Manager configuration ]]></proofOfConcept>
|
8
14
|
|
9
15
|
<rawrequest><![CDATA[GET /javascripts/responsive.js HTTP/1.1
|
10
16
|
Host: test.testlab.com:3000
|
@@ -36,7 +42,10 @@ function openFlyout() {
|
|
36
42
|
});
|
37
43
|
}
|
38
44
|
]]></rawresponse>
|
39
|
-
<extrainformation
|
45
|
+
<extrainformation>
|
46
|
+
<info name="Example Name"><![CDATA[SESSIONID]]></info>
|
47
|
+
</extrainformation>
|
48
|
+
|
40
49
|
|
41
50
|
<proofs></proofs>
|
42
51
|
|
data/templates/issue.template
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-netsparker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Martin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-11-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dradis-plugins
|
@@ -123,6 +123,7 @@ files:
|
|
123
123
|
- spec/fixtures/files/example-evidence.xml
|
124
124
|
- spec/fixtures/files/example.xml
|
125
125
|
- spec/fixtures/files/netsparker-localhost-demo.xml
|
126
|
+
- spec/fixtures/files/testsparker.xml
|
126
127
|
- spec/spec_helper.rb
|
127
128
|
- templates/evidence.fields
|
128
129
|
- templates/evidence.sample
|
@@ -150,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
150
151
|
version: '0'
|
151
152
|
requirements: []
|
152
153
|
rubyforge_project:
|
153
|
-
rubygems_version: 2.6.
|
154
|
+
rubygems_version: 2.6.12
|
154
155
|
signing_key:
|
155
156
|
specification_version: 4
|
156
157
|
summary: Netsparker add-on for the Dradis Framework.
|
@@ -159,4 +160,5 @@ test_files:
|
|
159
160
|
- spec/fixtures/files/example-evidence.xml
|
160
161
|
- spec/fixtures/files/example.xml
|
161
162
|
- spec/fixtures/files/netsparker-localhost-demo.xml
|
163
|
+
- spec/fixtures/files/testsparker.xml
|
162
164
|
- spec/spec_helper.rb
|