dradis-netsparker 3.14.0 → 3.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/dradis-netsparker.gemspec +2 -2
- data/lib/dradis/plugins/netsparker/gem_version.rb +1 -1
- data/lib/netsparker/vulnerability.rb +2 -3
- data/spec/vulnerability_spec.rb +50 -0
- metadata +11 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7087d2e46409d4e7722fc2aab3de716d655d148560485e0383a4d18e32571f5f
|
|
4
|
+
data.tar.gz: 86eb4744fac45f828968b36a3297b9d5a20151565ee70ab5e395b014c4921c30
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 55694bf4e039153ec50a76606775566774deffd92475fac5e4f5cdaac784395f0b7dc8036fa4462ce490a0698962a83ed1b7d3b57234f61469708beb5328d384
|
|
7
|
+
data.tar.gz: cf14e266180b7ce84c03dc0e19e65ea0511a22530f633c265d66a42c85decaf734a7493b5a29e4aa6300705cdfa4ac35e9d693b4c950f3dd25c2948ac9b82266
|
data/CHANGELOG.md
CHANGED
data/dradis-netsparker.gemspec
CHANGED
|
@@ -26,9 +26,9 @@ Gem::Specification.new do |spec|
|
|
|
26
26
|
# until we bump Dradis Pro to 4.1.
|
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
|
28
28
|
spec.add_dependency 'dradis-plugins', '~> 3.2'
|
|
29
|
-
spec.add_dependency 'nokogiri', '~> 1.
|
|
29
|
+
spec.add_dependency 'nokogiri', '~> 1.10.4'
|
|
30
30
|
|
|
31
|
-
spec.add_development_dependency 'bundler'
|
|
31
|
+
spec.add_development_dependency 'bundler'
|
|
32
32
|
spec.add_development_dependency 'rake', '~> 10.0'
|
|
33
33
|
spec.add_development_dependency 'rspec-rails'
|
|
34
34
|
spec.add_development_dependency 'combustion', '~> 0.5.2'
|
|
@@ -24,7 +24,7 @@ module Netsparker
|
|
|
24
24
|
|
|
25
25
|
# simple tags
|
|
26
26
|
:actions_to_take, :certainty, :description, :external_references,
|
|
27
|
-
:extrainformation, :impact, :knownvulnerabilities,
|
|
27
|
+
:extrainformation, :impact, :knownvulnerabilities,
|
|
28
28
|
:rawrequest, :rawresponse, :remedy,
|
|
29
29
|
:remedy_references, :required_skills_for_exploitation, :severity,
|
|
30
30
|
:type, :url,
|
|
@@ -145,8 +145,7 @@ module Netsparker
|
|
|
145
145
|
result.gsub!(/(<p>)|(<\/p>)/, "\n")
|
|
146
146
|
result.gsub!(/\n[a-z]\. /, "\n\* ")
|
|
147
147
|
|
|
148
|
-
result.gsub!(/<a href
|
|
149
|
-
result.gsub!(/<a href=\'(.*?)\'>(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
|
|
148
|
+
result.gsub!(/<a .*?href=(?:\"|\')(.*?)(?:\"|\').*?>(?:<i.*?<\/i>)?(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
|
|
150
149
|
|
|
151
150
|
result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
|
|
152
151
|
result.gsub!(/<pre.*?>(.*?)<\/pre>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Netsparker::Vulnerability do
|
|
4
|
+
let(:doc) { described_class.new(nil) }
|
|
5
|
+
|
|
6
|
+
describe '#cleanup_html' do
|
|
7
|
+
it 'formats the html special characters' do
|
|
8
|
+
sample = "<doc>"&<>'</doc>"
|
|
9
|
+
expected = "<doc>\"&<>\'</doc>"
|
|
10
|
+
expect(doc.send(:cleanup_html, sample)).to eq(expected)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it 'outputs the CDATA text' do
|
|
14
|
+
sample = "<doc><![CDATA[Sample Text]]></doc>"
|
|
15
|
+
|
|
16
|
+
expected = "<doc>Sample Text</doc>"
|
|
17
|
+
expect(doc.send(:cleanup_html, sample)).to eq(expected)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
it 're-formats the html formatting tags to textile' do
|
|
21
|
+
sample = "<doc>"\
|
|
22
|
+
"<b>Bold</b>\n"\
|
|
23
|
+
"<i>Italic</i>\n"\
|
|
24
|
+
"<em>Emphasis</em>\n"\
|
|
25
|
+
"<h2>Header</h2>\n"\
|
|
26
|
+
"<strong>Strong</strong>\n"\
|
|
27
|
+
"</doc>"
|
|
28
|
+
|
|
29
|
+
expected = "<doc>*Bold*\n_Italic_\n*Emphasis*\n*Header*\n*Strong*\n</doc>"
|
|
30
|
+
expect(doc.send(:cleanup_html, sample)).to eq(expected)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
it 're-format the html link to textile' do
|
|
34
|
+
sample = "<doc>"\
|
|
35
|
+
"<a href='https://drad.is'>DradisLink1</a>\n"\
|
|
36
|
+
"<a target='_blank' href='https://drad.is'><i class='icon-external-link'></i>DradisLink2</a>\n"\
|
|
37
|
+
"<a href=\"https://drad.is\">DradisLink3</a>\n"\
|
|
38
|
+
"<a href=\"https://drad.is\" class='rspec'>DradisLink4</a>\n"\
|
|
39
|
+
"</doc>"
|
|
40
|
+
|
|
41
|
+
expected = "<doc>"\
|
|
42
|
+
"\"DradisLink1\":https://drad.is\n"\
|
|
43
|
+
"\"DradisLink2\":https://drad.is\n"\
|
|
44
|
+
"\"DradisLink3\":https://drad.is\n"\
|
|
45
|
+
"\"DradisLink4\":https://drad.is\n"\
|
|
46
|
+
"</doc>"
|
|
47
|
+
expect(doc.send(:cleanup_html, sample)).to eq(expected)
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-netsparker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.15.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-12-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -30,28 +30,28 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 1.10.4
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: 1.10.4
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: bundler
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - "
|
|
45
|
+
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '
|
|
47
|
+
version: '0'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - "
|
|
52
|
+
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
54
|
+
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rake
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -127,6 +127,7 @@ files:
|
|
|
127
127
|
- spec/fixtures/files/netsparker-localhost-demo.xml
|
|
128
128
|
- spec/fixtures/files/testsparker.xml
|
|
129
129
|
- spec/spec_helper.rb
|
|
130
|
+
- spec/vulnerability_spec.rb
|
|
130
131
|
- templates/evidence.fields
|
|
131
132
|
- templates/evidence.sample
|
|
132
133
|
- templates/evidence.template
|
|
@@ -152,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
152
153
|
- !ruby/object:Gem::Version
|
|
153
154
|
version: '0'
|
|
154
155
|
requirements: []
|
|
155
|
-
rubygems_version: 3.0.
|
|
156
|
+
rubygems_version: 3.0.1
|
|
156
157
|
signing_key:
|
|
157
158
|
specification_version: 4
|
|
158
159
|
summary: Netsparker add-on for the Dradis Framework.
|
|
@@ -163,3 +164,4 @@ test_files:
|
|
|
163
164
|
- spec/fixtures/files/netsparker-localhost-demo.xml
|
|
164
165
|
- spec/fixtures/files/testsparker.xml
|
|
165
166
|
- spec/spec_helper.rb
|
|
167
|
+
- spec/vulnerability_spec.rb
|