dradis-netsparker 3.12.0 → 3.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/dradis/plugins/netsparker/gem_version.rb +1 -1
- data/lib/netsparker/vulnerability.rb +5 -2
- data/templates/evidence.fields +3 -0
- data/templates/evidence.sample +3 -0
- data/templates/evidence.template +9 -0
- data/templates/issue.fields +2 -0
- data/templates/issue.sample +11 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3c208fd09188d0fec2b5898d52bf9c7e600dadf8
|
|
4
|
+
data.tar.gz: 6dcece49ce83c7b127d7ecd69a1b413877fff868
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c9a3c156f2cb35e4ed97a7ac49041fa35d5156b1769aa30e9d3cd0febab83b59fe3d3f476383925de93f2531db2c7fbbb699cbc01041563017839d0efdd53120
|
|
7
|
+
data.tar.gz: aa5396878ddb4bc18e9e960f87f4cfc150c8af85e3e4c79450d5b75156f5cd74318bb6f389698683034dbcb68117b131d68f03eeb22a6ae4a7fd29d7d688e95b
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
## Dradis Framework 3.13 (June, 2019)
|
|
2
|
+
|
|
3
|
+
* Add Known Vulnerabilities and OWASP 2017 Classification as available Issue fields
|
|
4
|
+
* Add :vulnerableparameter, :vulnerableparametertype, and :vulnerableparametervalue Evidence fields
|
|
5
|
+
|
|
1
6
|
## Dradis Framework 3.12 (March, 2019)
|
|
2
7
|
|
|
3
8
|
* Change alphabetical lists to bullet lists
|
|
@@ -24,11 +24,13 @@ module Netsparker
|
|
|
24
24
|
|
|
25
25
|
# simple tags
|
|
26
26
|
:actions_to_take, :certainty, :description, :external_references,
|
|
27
|
-
:extrainformation, :impact, :
|
|
27
|
+
:extrainformation, :impact, :knownvulnerabilities,
|
|
28
|
+
:rawrequest, :rawresponse, :remedy,
|
|
28
29
|
:remedy_references, :required_skills_for_exploitation, :severity,
|
|
29
30
|
:type, :url,
|
|
30
31
|
|
|
31
32
|
# tags that correspond to Evidence
|
|
33
|
+
:vulnerableparameter, :vulnerableparametertype, :vulnerableparametervalue,
|
|
32
34
|
|
|
33
35
|
# nested tags
|
|
34
36
|
:classification_capec,
|
|
@@ -39,7 +41,7 @@ module Netsparker
|
|
|
39
41
|
:classification_cvss_temporal_value, :classification_cvss_temporal_severity,
|
|
40
42
|
|
|
41
43
|
:classification_cwe, :classification_hipaa,
|
|
42
|
-
:classification_owasp2013, :classification_owasppc,
|
|
44
|
+
:classification_owasp2013, :classification_owasp2017, :classification_owasppc,
|
|
43
45
|
:classification_pci31, :classification_pci32, :classification_wasc,
|
|
44
46
|
|
|
45
47
|
# multiple tags
|
|
@@ -86,6 +88,7 @@ module Netsparker
|
|
|
86
88
|
classification_cvss_temporal_severity: "classification/CVSS/score/type[text()='Temporal']/../severity",
|
|
87
89
|
classification_hipaa: 'classification/HIPAA',
|
|
88
90
|
classification_owasp2013: 'classification/OWASP2013',
|
|
91
|
+
classification_owasp2017: 'classification/OWASP2017',
|
|
89
92
|
classification_owasppc: 'classification/OWASPPC',
|
|
90
93
|
classification_pci31: 'classification/PCI31',
|
|
91
94
|
classification_pci32: 'classification/PCI32',
|
data/templates/evidence.fields
CHANGED
data/templates/evidence.sample
CHANGED
|
@@ -6,6 +6,9 @@
|
|
|
6
6
|
<description><![CDATA[<p>Netsparker detected a missing <code>X-XSS-Protection</code> header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.</p>]]></description>
|
|
7
7
|
<remedy><![CDATA[<div>Add the X-XSS-Protection header with a value of "1; mode= block".<ul><li><pre class="code">X-XSS-Protection: 1; mode=block</pre></li></ul></div>]]></remedy>
|
|
8
8
|
|
|
9
|
+
<vulnerableparametertype>GET</vulnerableparametertype>
|
|
10
|
+
<vulnerableparameter>value</vulnerableparameter>
|
|
11
|
+
<vulnerableparametervalue>1;expr 268409241 - 85983;x</vulnerableparametervalue>
|
|
9
12
|
<rawrequest><![CDATA[GET /javascripts/responsive.js HTTP/1.1
|
|
10
13
|
Host: test.testlab.com:3000
|
|
11
14
|
Cache-Control: no-cache
|
data/templates/evidence.template
CHANGED
|
@@ -6,3 +6,12 @@ bc.. %evidence.rawrequest%
|
|
|
6
6
|
|
|
7
7
|
#[Response]#
|
|
8
8
|
bc.. %evidence.rawresponse%
|
|
9
|
+
|
|
10
|
+
#[VulnerableParameter]#
|
|
11
|
+
bc. %evidence.vulnerableparameter%
|
|
12
|
+
|
|
13
|
+
#[VulnerableParameterType]#
|
|
14
|
+
bc. %evidence.vulnerableparametertype%
|
|
15
|
+
|
|
16
|
+
#[VulnerableParameterValue]#
|
|
17
|
+
bc. %evidence.vulnerableparametervalue%
|
data/templates/issue.fields
CHANGED
|
@@ -11,6 +11,7 @@ issue.classification_cvss_temporal_severity
|
|
|
11
11
|
issue.classification_cwe
|
|
12
12
|
issue.classification_hipaa
|
|
13
13
|
issue.classification_owasp2013
|
|
14
|
+
issue.classification_owasp2017
|
|
14
15
|
issue.classification_owasppc
|
|
15
16
|
issue.classification_pci31
|
|
16
17
|
issue.classification_pci32
|
|
@@ -19,6 +20,7 @@ issue.description
|
|
|
19
20
|
issue.external_references
|
|
20
21
|
issue.extrainformation
|
|
21
22
|
issue.impact
|
|
23
|
+
issue.knownvulnerabilities
|
|
22
24
|
issue.remedy
|
|
23
25
|
issue.remedy_references
|
|
24
26
|
issue.required_skills_for_exploitation
|
data/templates/issue.sample
CHANGED
|
@@ -51,7 +51,8 @@ function openFlyout() {
|
|
|
51
51
|
|
|
52
52
|
|
|
53
53
|
<classification>
|
|
54
|
-
<OWASP2013
|
|
54
|
+
<OWASP2013>A2</OWASP2013>
|
|
55
|
+
<OWASP2017>A1</OWASP2017>
|
|
55
56
|
<WASC></WASC>
|
|
56
57
|
<CWE></CWE>
|
|
57
58
|
<CAPEC></CAPEC>
|
|
@@ -79,5 +80,14 @@ function openFlyout() {
|
|
|
79
80
|
</score>
|
|
80
81
|
</CVSS>
|
|
81
82
|
</classification>
|
|
83
|
+
|
|
84
|
+
<knownvulnerabilities>
|
|
85
|
+
<knownvulnerability>
|
|
86
|
+
<title>Apache Denial of Service Vulnerabillity</title>
|
|
87
|
+
<severity>Low</severity>
|
|
88
|
+
<references>CVE-2013-1896</references>
|
|
89
|
+
<affectedversions>2.2.2 to 2.2.21</affectedversions>
|
|
90
|
+
</knownvulnerability>
|
|
91
|
+
</knownvulnerabilities>
|
|
82
92
|
|
|
83
93
|
</vulnerability>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-netsparker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.13.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-06-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|