dradis-netsparker 3.13.0 → 3.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3c208fd09188d0fec2b5898d52bf9c7e600dadf8
-  data.tar.gz: 6dcece49ce83c7b127d7ecd69a1b413877fff868
+SHA256:
+  metadata.gz: 4462389c5ca5f5ee3b01cbe71afef3f72bf55929973cc15b02ac85d9f7469d19
+  data.tar.gz: 396cf9712edb1a494d6413652868338b89dbdc4db948d19aaec8e4f7c872138e
 SHA512:
-  metadata.gz: c9a3c156f2cb35e4ed97a7ac49041fa35d5156b1769aa30e9d3cd0febab83b59fe3d3f476383925de93f2531db2c7fbbb699cbc01041563017839d0efdd53120
-  data.tar.gz: aa5396878ddb4bc18e9e960f87f4cfc150c8af85e3e4c79450d5b75156f5cd74318bb6f389698683034dbcb68117b131d68f03eeb22a6ae4a7fd29d7d688e95b
+  metadata.gz: 7803d9cfe9076f46975026a0d64acea2522c5c00d8d7adbd94613adf9ac04ad67670a6ef67a82e860df9549762e9e9f6b10326d63eb8458815f4f9b4dfb52d9a
+  data.tar.gz: 135a840836c8550c6dabe79a986ca7c061418a7e203b482837f4eb494c7e6835d6ef7b43e870502c6025eba49647ecdf7ee7eca7b6376ab19252d7015aaf6fd3

data/.github/issue_template.md

@@ -0,0 +1,16 @@
+### Steps to reproduce
+
+Help us help you, how can we reproduce the problem?
+
+### Expected behavior
+Tell us what should happen
+
+### Actual behavior
+Tell us what happens instead
+
+### System configuration
+**Dradis version**:
+
+**Ruby version**:
+
+**OS version**:

data/.github/pull_request_template.md

@@ -0,0 +1,36 @@
+### Summary
+
+Provide a general description of the code changes in your pull
+request... were there any bugs you had fixed? If so, mention them. If
+these bugs have open GitHub issues, be sure to tag them here as well,
+to keep the conversation linked together.
+
+
+### Other Information
+
+If there's anything else that's important and relevant to your pull
+request, mention that information here. This could include
+benchmarks, or other information.
+
+Thanks for contributing to Dradis!
+
+
+### Copyright assignment
+
+Collaboration is difficult with commercial closed source but we want
+to keep as much of the OSS ethos as possible available to users
+who want to fix it themselves.
+
+In order to unambiguously own and sell Dradis Framework commercial
+products, we must have the copyright associated with the entire
+codebase. Any code you create which is merged must be owned by us.
+That's not us trying to be a jerks, that's just the way it works.
+
+Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
+file for the details.
+
+You can delete this section, but the following sentence needs to
+remain in the PR's description:
+
+> I assign all rights, including copyright, to any future Dradis
+> work by myself to Security Roots.

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+## Dradis Framework 3.18 (July, 2020) ##
+
+*   No changes.
+
+## Dradis Framework 3.17 (May, 2020) ##
+
+* Use the new <title> tag provided by Netsparker.
+
+## Dradis Framework 3.16 (February, 2020) ##
+
+*   No changes.
+
+## Dradis Framework 3.15 (November, 2019) ##
+
+*   Fix link parsing of issue.external_references
+
+## Dradis Framework 3.14 (August, 2019) ##
+
+*   No changes.
+
 ## Dradis Framework 3.13 (June, 2019)
 
 * Add Known Vulnerabilities and OWASP 2017 Classification as available Issue fields

data/dradis-netsparker.gemspec

@@ -26,9 +26,9 @@ Gem::Specification.new do |spec|
   # until we bump Dradis Pro to 4.1.
   # s.add_dependency 'rails', '~> 4.1.1'
   spec.add_dependency 'dradis-plugins', '~> 3.2'
-  spec.add_dependency 'nokogiri', '~> 1.3'
+  spec.add_dependency 'nokogiri', '~> 1.10.4'
 
-  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec-rails'
   spec.add_development_dependency 'combustion', '~> 0.5.2'

data/lib/dradis/plugins/netsparker/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 3
-        MINOR = 13
+        MINOR = 18
         TINY = 0
         PRE = nil
 

data/lib/netsparker/vulnerability.rb

@@ -19,15 +19,12 @@ module Netsparker
     # collections.
     def supported_tags
       [
-        # made-up tags
-        :title,
-
         # simple tags
         :actions_to_take, :certainty, :description, :external_references,
-        :extrainformation, :impact, :knownvulnerabilities, 
+        :extrainformation, :impact, :knownvulnerabilities,
         :rawrequest, :rawresponse, :remedy,
         :remedy_references, :required_skills_for_exploitation, :severity,
-        :type, :url,
+        :title, :type, :url,
 
         # tags that correspond to Evidence
         :vulnerableparameter, :vulnerableparametertype, :vulnerableparametervalue,
@@ -99,10 +96,6 @@ module Netsparker
       }
       method_name = translations_table.fetch(method, method.to_s)
 
-      # We've got a virtual method :title which isn't provided by Netsparker
-      # but that most users will be expecting.
-      return type.underscore.humanize if method == :title
-
       # first we try the attributes:
       # return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
 
@@ -145,8 +138,7 @@ module Netsparker
       result.gsub!(/(<p>)|(<\/p>)/, "\n")
       result.gsub!(/\n[a-z]\. /, "\n\* ")
 
-      result.gsub!(/<a href=\"(.*?)\" (.*?)>(.*?)<\/a>/i) { "\"#{$3.strip}\":#{$1.strip}" }
-      result.gsub!(/<a href=\'(.*?)\'>(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
+      result.gsub!(/<a .*?href=(?:\"|\')(.*?)(?:\"|\').*?>(?:<i.*?<\/i>)?(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
 
       result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m) {|m| "\n\nbc.. #{$1}\n\np.  \n" }
       result.gsub!(/<pre.*?>(.*?)<\/pre>/m) {|m| "\n\nbc.. #{$1}\n\np.  \n" }

data/spec/vulnerability_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe Netsparker::Vulnerability do
+  let(:doc) { described_class.new(nil) }
+
+  describe '#cleanup_html' do
+    it 'formats the html special characters' do
+      sample = "<doc>&quot;&amp;&lt;&gt;&#39;</doc>"
+      expected = "<doc>\"&<>\'</doc>"
+      expect(doc.send(:cleanup_html, sample)).to eq(expected)
+    end
+
+    it 'outputs the CDATA text' do
+      sample = "<doc><![CDATA[Sample Text]]></doc>"
+
+      expected = "<doc>Sample Text</doc>"
+      expect(doc.send(:cleanup_html, sample)).to eq(expected)
+    end
+
+    it 're-formats the html formatting tags to textile' do
+      sample = "<doc>"\
+        "<b>Bold</b>\n"\
+        "<i>Italic</i>\n"\
+        "<em>Emphasis</em>\n"\
+        "<h2>Header</h2>\n"\
+        "<strong>Strong</strong>\n"\
+        "</doc>"
+
+      expected = "<doc>*Bold*\n_Italic_\n*Emphasis*\n*Header*\n*Strong*\n</doc>"
+      expect(doc.send(:cleanup_html, sample)).to eq(expected)
+    end
+
+    it 're-format the html link to textile' do
+      sample = "<doc>"\
+        "<a href='https://drad.is'>DradisLink1</a>\n"\
+        "<a target='_blank' href='https://drad.is'><i class='icon-external-link'></i>DradisLink2</a>\n"\
+        "<a href=\"https://drad.is\">DradisLink3</a>\n"\
+        "<a href=\"https://drad.is\" class='rspec'>DradisLink4</a>\n"\
+        "</doc>"
+
+      expected = "<doc>"\
+                   "\"DradisLink1\":https://drad.is\n"\
+                   "\"DradisLink2\":https://drad.is\n"\
+                   "\"DradisLink3\":https://drad.is\n"\
+                   "\"DradisLink4\":https://drad.is\n"\
+                 "</doc>"
+      expect(doc.send(:cleanup_html, sample)).to eq(expected)
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-netsparker
 version: !ruby/object:Gem::Version
-  version: 3.13.0
+  version: 3.18.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-10 00:00:00.000000000 Z
+date: 2020-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -30,28 +30,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 1.10.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 1.10.4
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -102,6 +102,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/issue_template.md"
+- ".github/pull_request_template.md"
 - ".gitignore"
 - CHANGELOG.md
 - CONTRIBUTING.md
@@ -125,6 +127,7 @@ files:
 - spec/fixtures/files/netsparker-localhost-demo.xml
 - spec/fixtures/files/testsparker.xml
 - spec/spec_helper.rb
+- spec/vulnerability_spec.rb
 - templates/evidence.fields
 - templates/evidence.sample
 - templates/evidence.template
@@ -150,8 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Netsparker add-on for the Dradis Framework.
@@ -162,3 +164,4 @@ test_files:
 - spec/fixtures/files/netsparker-localhost-demo.xml
 - spec/fixtures/files/testsparker.xml
 - spec/spec_helper.rb
+- spec/vulnerability_spec.rb