dradis-netsparker 3.13.0 → 3.18.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 3c208fd09188d0fec2b5898d52bf9c7e600dadf8
4
- data.tar.gz: 6dcece49ce83c7b127d7ecd69a1b413877fff868
2
+ SHA256:
3
+ metadata.gz: 4462389c5ca5f5ee3b01cbe71afef3f72bf55929973cc15b02ac85d9f7469d19
4
+ data.tar.gz: 396cf9712edb1a494d6413652868338b89dbdc4db948d19aaec8e4f7c872138e
5
5
  SHA512:
6
- metadata.gz: c9a3c156f2cb35e4ed97a7ac49041fa35d5156b1769aa30e9d3cd0febab83b59fe3d3f476383925de93f2531db2c7fbbb699cbc01041563017839d0efdd53120
7
- data.tar.gz: aa5396878ddb4bc18e9e960f87f4cfc150c8af85e3e4c79450d5b75156f5cd74318bb6f389698683034dbcb68117b131d68f03eeb22a6ae4a7fd29d7d688e95b
6
+ metadata.gz: 7803d9cfe9076f46975026a0d64acea2522c5c00d8d7adbd94613adf9ac04ad67670a6ef67a82e860df9549762e9e9f6b10326d63eb8458815f4f9b4dfb52d9a
7
+ data.tar.gz: 135a840836c8550c6dabe79a986ca7c061418a7e203b482837f4eb494c7e6835d6ef7b43e870502c6025eba49647ecdf7ee7eca7b6376ab19252d7015aaf6fd3
@@ -0,0 +1,16 @@
1
+ ### Steps to reproduce
2
+
3
+ Help us help you, how can we reproduce the problem?
4
+
5
+ ### Expected behavior
6
+ Tell us what should happen
7
+
8
+ ### Actual behavior
9
+ Tell us what happens instead
10
+
11
+ ### System configuration
12
+ **Dradis version**:
13
+
14
+ **Ruby version**:
15
+
16
+ **OS version**:
@@ -0,0 +1,36 @@
1
+ ### Summary
2
+
3
+ Provide a general description of the code changes in your pull
4
+ request... were there any bugs you had fixed? If so, mention them. If
5
+ these bugs have open GitHub issues, be sure to tag them here as well,
6
+ to keep the conversation linked together.
7
+
8
+
9
+ ### Other Information
10
+
11
+ If there's anything else that's important and relevant to your pull
12
+ request, mention that information here. This could include
13
+ benchmarks, or other information.
14
+
15
+ Thanks for contributing to Dradis!
16
+
17
+
18
+ ### Copyright assignment
19
+
20
+ Collaboration is difficult with commercial closed source but we want
21
+ to keep as much of the OSS ethos as possible available to users
22
+ who want to fix it themselves.
23
+
24
+ In order to unambiguously own and sell Dradis Framework commercial
25
+ products, we must have the copyright associated with the entire
26
+ codebase. Any code you create which is merged must be owned by us.
27
+ That's not us trying to be a jerks, that's just the way it works.
28
+
29
+ Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
30
+ file for the details.
31
+
32
+ You can delete this section, but the following sentence needs to
33
+ remain in the PR's description:
34
+
35
+ > I assign all rights, including copyright, to any future Dradis
36
+ > work by myself to Security Roots.
@@ -1,3 +1,23 @@
1
+ ## Dradis Framework 3.18 (July, 2020) ##
2
+
3
+ * No changes.
4
+
5
+ ## Dradis Framework 3.17 (May, 2020) ##
6
+
7
+ * Use the new <title> tag provided by Netsparker.
8
+
9
+ ## Dradis Framework 3.16 (February, 2020) ##
10
+
11
+ * No changes.
12
+
13
+ ## Dradis Framework 3.15 (November, 2019) ##
14
+
15
+ * Fix link parsing of issue.external_references
16
+
17
+ ## Dradis Framework 3.14 (August, 2019) ##
18
+
19
+ * No changes.
20
+
1
21
  ## Dradis Framework 3.13 (June, 2019)
2
22
 
3
23
  * Add Known Vulnerabilities and OWASP 2017 Classification as available Issue fields
@@ -26,9 +26,9 @@ Gem::Specification.new do |spec|
26
26
  # until we bump Dradis Pro to 4.1.
27
27
  # s.add_dependency 'rails', '~> 4.1.1'
28
28
  spec.add_dependency 'dradis-plugins', '~> 3.2'
29
- spec.add_dependency 'nokogiri', '~> 1.3'
29
+ spec.add_dependency 'nokogiri', '~> 1.10.4'
30
30
 
31
- spec.add_development_dependency 'bundler', '~> 1.6'
31
+ spec.add_development_dependency 'bundler'
32
32
  spec.add_development_dependency 'rake', '~> 10.0'
33
33
  spec.add_development_dependency 'rspec-rails'
34
34
  spec.add_development_dependency 'combustion', '~> 0.5.2'
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 3
11
- MINOR = 13
11
+ MINOR = 18
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -19,15 +19,12 @@ module Netsparker
19
19
  # collections.
20
20
  def supported_tags
21
21
  [
22
- # made-up tags
23
- :title,
24
-
25
22
  # simple tags
26
23
  :actions_to_take, :certainty, :description, :external_references,
27
- :extrainformation, :impact, :knownvulnerabilities,
24
+ :extrainformation, :impact, :knownvulnerabilities,
28
25
  :rawrequest, :rawresponse, :remedy,
29
26
  :remedy_references, :required_skills_for_exploitation, :severity,
30
- :type, :url,
27
+ :title, :type, :url,
31
28
 
32
29
  # tags that correspond to Evidence
33
30
  :vulnerableparameter, :vulnerableparametertype, :vulnerableparametervalue,
@@ -99,10 +96,6 @@ module Netsparker
99
96
  }
100
97
  method_name = translations_table.fetch(method, method.to_s)
101
98
 
102
- # We've got a virtual method :title which isn't provided by Netsparker
103
- # but that most users will be expecting.
104
- return type.underscore.humanize if method == :title
105
-
106
99
  # first we try the attributes:
107
100
  # return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
108
101
 
@@ -145,8 +138,7 @@ module Netsparker
145
138
  result.gsub!(/(<p>)|(<\/p>)/, "\n")
146
139
  result.gsub!(/\n[a-z]\. /, "\n\* ")
147
140
 
148
- result.gsub!(/<a href=\"(.*?)\" (.*?)>(.*?)<\/a>/i) { "\"#{$3.strip}\":#{$1.strip}" }
149
- result.gsub!(/<a href=\'(.*?)\'>(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
141
+ result.gsub!(/<a .*?href=(?:\"|\')(.*?)(?:\"|\').*?>(?:<i.*?<\/i>)?(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
150
142
 
151
143
  result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
152
144
  result.gsub!(/<pre.*?>(.*?)<\/pre>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
@@ -0,0 +1,50 @@
1
+ require 'spec_helper'
2
+
3
+ describe Netsparker::Vulnerability do
4
+ let(:doc) { described_class.new(nil) }
5
+
6
+ describe '#cleanup_html' do
7
+ it 'formats the html special characters' do
8
+ sample = "<doc>&quot;&amp;&lt;&gt;&#39;</doc>"
9
+ expected = "<doc>\"&<>\'</doc>"
10
+ expect(doc.send(:cleanup_html, sample)).to eq(expected)
11
+ end
12
+
13
+ it 'outputs the CDATA text' do
14
+ sample = "<doc><![CDATA[Sample Text]]></doc>"
15
+
16
+ expected = "<doc>Sample Text</doc>"
17
+ expect(doc.send(:cleanup_html, sample)).to eq(expected)
18
+ end
19
+
20
+ it 're-formats the html formatting tags to textile' do
21
+ sample = "<doc>"\
22
+ "<b>Bold</b>\n"\
23
+ "<i>Italic</i>\n"\
24
+ "<em>Emphasis</em>\n"\
25
+ "<h2>Header</h2>\n"\
26
+ "<strong>Strong</strong>\n"\
27
+ "</doc>"
28
+
29
+ expected = "<doc>*Bold*\n_Italic_\n*Emphasis*\n*Header*\n*Strong*\n</doc>"
30
+ expect(doc.send(:cleanup_html, sample)).to eq(expected)
31
+ end
32
+
33
+ it 're-format the html link to textile' do
34
+ sample = "<doc>"\
35
+ "<a href='https://drad.is'>DradisLink1</a>\n"\
36
+ "<a target='_blank' href='https://drad.is'><i class='icon-external-link'></i>DradisLink2</a>\n"\
37
+ "<a href=\"https://drad.is\">DradisLink3</a>\n"\
38
+ "<a href=\"https://drad.is\" class='rspec'>DradisLink4</a>\n"\
39
+ "</doc>"
40
+
41
+ expected = "<doc>"\
42
+ "\"DradisLink1\":https://drad.is\n"\
43
+ "\"DradisLink2\":https://drad.is\n"\
44
+ "\"DradisLink3\":https://drad.is\n"\
45
+ "\"DradisLink4\":https://drad.is\n"\
46
+ "</doc>"
47
+ expect(doc.send(:cleanup_html, sample)).to eq(expected)
48
+ end
49
+ end
50
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-netsparker
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.13.0
4
+ version: 3.18.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-06-10 00:00:00.000000000 Z
11
+ date: 2020-07-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -30,28 +30,28 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '1.3'
33
+ version: 1.10.4
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.3'
40
+ version: 1.10.4
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: '1.6'
47
+ version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
- version: '1.6'
54
+ version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rake
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -102,6 +102,8 @@ executables: []
102
102
  extensions: []
103
103
  extra_rdoc_files: []
104
104
  files:
105
+ - ".github/issue_template.md"
106
+ - ".github/pull_request_template.md"
105
107
  - ".gitignore"
106
108
  - CHANGELOG.md
107
109
  - CONTRIBUTING.md
@@ -125,6 +127,7 @@ files:
125
127
  - spec/fixtures/files/netsparker-localhost-demo.xml
126
128
  - spec/fixtures/files/testsparker.xml
127
129
  - spec/spec_helper.rb
130
+ - spec/vulnerability_spec.rb
128
131
  - templates/evidence.fields
129
132
  - templates/evidence.sample
130
133
  - templates/evidence.template
@@ -150,8 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
150
153
  - !ruby/object:Gem::Version
151
154
  version: '0'
152
155
  requirements: []
153
- rubyforge_project:
154
- rubygems_version: 2.6.12
156
+ rubygems_version: 3.1.2
155
157
  signing_key:
156
158
  specification_version: 4
157
159
  summary: Netsparker add-on for the Dradis Framework.
@@ -162,3 +164,4 @@ test_files:
162
164
  - spec/fixtures/files/netsparker-localhost-demo.xml
163
165
  - spec/fixtures/files/testsparker.xml
164
166
  - spec/spec_helper.rb
167
+ - spec/vulnerability_spec.rb