dradis-netsparker 3.12.0 → 3.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9dd196e151bf9ca25d8cb0db7c567d6a5304be1e
4
- data.tar.gz: a5089c0007bac27aa333e6358a470305f7b11acf
3
+ metadata.gz: 3c208fd09188d0fec2b5898d52bf9c7e600dadf8
4
+ data.tar.gz: 6dcece49ce83c7b127d7ecd69a1b413877fff868
5
5
  SHA512:
6
- metadata.gz: 32516dccc206766d06f5355dd17dc059af39414fc11371376d3673a5599814d783ad56fb27b8f5a0f859a46e721c6df9d361c52cced8318b8ebb5e22caa1622b
7
- data.tar.gz: fab2932b1293e827b10a25d78b89af5a8f7dcdc51b15dc8d1818839274534fbb02e0fa32d02e9277a3bec81cd44a22715d1551bc11a00b83dbcc16d95adc4ac3
6
+ metadata.gz: c9a3c156f2cb35e4ed97a7ac49041fa35d5156b1769aa30e9d3cd0febab83b59fe3d3f476383925de93f2531db2c7fbbb699cbc01041563017839d0efdd53120
7
+ data.tar.gz: aa5396878ddb4bc18e9e960f87f4cfc150c8af85e3e4c79450d5b75156f5cd74318bb6f389698683034dbcb68117b131d68f03eeb22a6ae4a7fd29d7d688e95b
@@ -1,3 +1,8 @@
1
+ ## Dradis Framework 3.13 (June, 2019)
2
+
3
+ * Add Known Vulnerabilities and OWASP 2017 Classification as available Issue fields
4
+ * Add :vulnerableparameter, :vulnerableparametertype, and :vulnerableparametervalue Evidence fields
5
+
1
6
  ## Dradis Framework 3.12 (March, 2019)
2
7
 
3
8
  * Change alphabetical lists to bullet lists
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 3
11
- MINOR = 12
11
+ MINOR = 13
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -24,11 +24,13 @@ module Netsparker
24
24
 
25
25
  # simple tags
26
26
  :actions_to_take, :certainty, :description, :external_references,
27
- :extrainformation, :impact, :rawrequest, :rawresponse, :remedy,
27
+ :extrainformation, :impact, :knownvulnerabilities,
28
+ :rawrequest, :rawresponse, :remedy,
28
29
  :remedy_references, :required_skills_for_exploitation, :severity,
29
30
  :type, :url,
30
31
 
31
32
  # tags that correspond to Evidence
33
+ :vulnerableparameter, :vulnerableparametertype, :vulnerableparametervalue,
32
34
 
33
35
  # nested tags
34
36
  :classification_capec,
@@ -39,7 +41,7 @@ module Netsparker
39
41
  :classification_cvss_temporal_value, :classification_cvss_temporal_severity,
40
42
 
41
43
  :classification_cwe, :classification_hipaa,
42
- :classification_owasp2013, :classification_owasppc,
44
+ :classification_owasp2013, :classification_owasp2017, :classification_owasppc,
43
45
  :classification_pci31, :classification_pci32, :classification_wasc,
44
46
 
45
47
  # multiple tags
@@ -86,6 +88,7 @@ module Netsparker
86
88
  classification_cvss_temporal_severity: "classification/CVSS/score/type[text()='Temporal']/../severity",
87
89
  classification_hipaa: 'classification/HIPAA',
88
90
  classification_owasp2013: 'classification/OWASP2013',
91
+ classification_owasp2017: 'classification/OWASP2017',
89
92
  classification_owasppc: 'classification/OWASPPC',
90
93
  classification_pci31: 'classification/PCI31',
91
94
  classification_pci32: 'classification/PCI32',
@@ -1,3 +1,6 @@
1
1
  evidence.rawrequest
2
2
  evidence.rawresponse
3
3
  evidence.url
4
+ evidence.vulnerableparameter
5
+ evidence.vulnerableparametertype
6
+ evidence.vulnerableparametervalue
@@ -6,6 +6,9 @@
6
6
  ​<description><![CDATA[<p>Netsparker detected a missing <code>X-XSS-Protection</code> header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.</p>]]></description>
7
7
  <remedy><![CDATA[<div>Add the X-XSS-Protection header with a value of "1; mode= block".<ul><li><pre class="code">X-XSS-Protection: 1; mode=block</pre></li></ul></div>]]></remedy>
8
8
 
9
+ <vulnerableparametertype>GET</vulnerableparametertype>
10
+ <vulnerableparameter>value</vulnerableparameter>
11
+ <vulnerableparametervalue>1;expr 268409241 - 85983;x</vulnerableparametervalue>
9
12
  <rawrequest><![CDATA[GET /javascripts/responsive.js HTTP/1.1
10
13
  Host: test.testlab.com:3000
11
14
  Cache-Control: no-cache
@@ -6,3 +6,12 @@ bc.. %evidence.rawrequest%
6
6
 
7
7
  #[Response]#
8
8
  bc.. %evidence.rawresponse%
9
+
10
+ #[VulnerableParameter]#
11
+ bc. %evidence.vulnerableparameter%
12
+
13
+ #[VulnerableParameterType]#
14
+ bc. %evidence.vulnerableparametertype%
15
+
16
+ #[VulnerableParameterValue]#
17
+ bc. %evidence.vulnerableparametervalue%
@@ -11,6 +11,7 @@ issue.classification_cvss_temporal_severity
11
11
  issue.classification_cwe
12
12
  issue.classification_hipaa
13
13
  issue.classification_owasp2013
14
+ issue.classification_owasp2017
14
15
  issue.classification_owasppc
15
16
  issue.classification_pci31
16
17
  issue.classification_pci32
@@ -19,6 +20,7 @@ issue.description
19
20
  issue.external_references
20
21
  issue.extrainformation
21
22
  issue.impact
23
+ issue.knownvulnerabilities
22
24
  issue.remedy
23
25
  issue.remedy_references
24
26
  issue.required_skills_for_exploitation
@@ -51,7 +51,8 @@ function openFlyout() {
51
51
 
52
52
 
53
53
  <classification>
54
- <OWASP2013></OWASP2013>
54
+ <OWASP2013>A2</OWASP2013>
55
+ <OWASP2017>A1</OWASP2017>
55
56
  <WASC></WASC>
56
57
  <CWE></CWE>
57
58
  <CAPEC></CAPEC>
@@ -79,5 +80,14 @@ function openFlyout() {
79
80
  </score>
80
81
  </CVSS>
81
82
  </classification>
83
+
84
+ <knownvulnerabilities>
85
+ <knownvulnerability>
86
+ <title>Apache Denial of Service Vulnerabillity</title>
87
+ <severity>Low</severity>
88
+ <references>CVE-2013-1896</references>
89
+ <affectedversions>2.2.2 to 2.2.21</affectedversions>
90
+ </knownvulnerability>
91
+ </knownvulnerabilities>
82
92
 
83
93
  </vulnerability>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-netsparker
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.12.0
4
+ version: 3.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-01 00:00:00.000000000 Z
11
+ date: 2019-06-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins