dradis-netsparker 3.14.0 → 3.19.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/dradis-netsparker.gemspec +2 -2
- data/lib/dradis/plugins/netsparker/gem_version.rb +1 -1
- data/lib/netsparker/vulnerability.rb +3 -11
- data/spec/vulnerability_spec.rb +50 -0
- metadata +11 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e8ebe715ad95148175c506b469c631dad6681c9cf5ccb80355d591dc45fb6366
|
4
|
+
data.tar.gz: 84168e97191291ac0e71e45a0097f27a64063c866e6f80e538b57cb14f6a8d27
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: deb698dbcfae56ec5145c6eacf42c7d8d7b8a19edfcd0b1b6cf5399b7c41ab60f7800d580c3bb4596154fbea679623da28ea2062b3c3bfd413f398954ae0a852
|
7
|
+
data.tar.gz: 806d888dfd42d237f94e887746fef253395935df6c231318d7edc8490120759501f5d58e78f530d6693833c84dd57393d0890cb7c1d3ac423c30ae868e389f25
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
## Dradis Framework 3.19 (September, 2020) ##
|
2
|
+
|
3
|
+
* No changes.
|
4
|
+
|
5
|
+
## Dradis Framework 3.18 (July, 2020) ##
|
6
|
+
|
7
|
+
* No changes.
|
8
|
+
|
9
|
+
## Dradis Framework 3.17 (May, 2020) ##
|
10
|
+
|
11
|
+
* Use the new <title> tag provided by Netsparker.
|
12
|
+
|
13
|
+
## Dradis Framework 3.16 (February, 2020) ##
|
14
|
+
|
15
|
+
* No changes.
|
16
|
+
|
17
|
+
## Dradis Framework 3.15 (November, 2019) ##
|
18
|
+
|
19
|
+
* Fix link parsing of issue.external_references
|
20
|
+
|
1
21
|
## Dradis Framework 3.14 (August, 2019) ##
|
2
22
|
|
3
23
|
* No changes.
|
data/dradis-netsparker.gemspec
CHANGED
@@ -26,9 +26,9 @@ Gem::Specification.new do |spec|
|
|
26
26
|
# until we bump Dradis Pro to 4.1.
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
28
28
|
spec.add_dependency 'dradis-plugins', '~> 3.2'
|
29
|
-
spec.add_dependency 'nokogiri', '~> 1.
|
29
|
+
spec.add_dependency 'nokogiri', '~> 1.10.4'
|
30
30
|
|
31
|
-
spec.add_development_dependency 'bundler'
|
31
|
+
spec.add_development_dependency 'bundler'
|
32
32
|
spec.add_development_dependency 'rake', '~> 10.0'
|
33
33
|
spec.add_development_dependency 'rspec-rails'
|
34
34
|
spec.add_development_dependency 'combustion', '~> 0.5.2'
|
@@ -19,15 +19,12 @@ module Netsparker
|
|
19
19
|
# collections.
|
20
20
|
def supported_tags
|
21
21
|
[
|
22
|
-
# made-up tags
|
23
|
-
:title,
|
24
|
-
|
25
22
|
# simple tags
|
26
23
|
:actions_to_take, :certainty, :description, :external_references,
|
27
|
-
:extrainformation, :impact, :knownvulnerabilities,
|
24
|
+
:extrainformation, :impact, :knownvulnerabilities,
|
28
25
|
:rawrequest, :rawresponse, :remedy,
|
29
26
|
:remedy_references, :required_skills_for_exploitation, :severity,
|
30
|
-
:type, :url,
|
27
|
+
:title, :type, :url,
|
31
28
|
|
32
29
|
# tags that correspond to Evidence
|
33
30
|
:vulnerableparameter, :vulnerableparametertype, :vulnerableparametervalue,
|
@@ -99,10 +96,6 @@ module Netsparker
|
|
99
96
|
}
|
100
97
|
method_name = translations_table.fetch(method, method.to_s)
|
101
98
|
|
102
|
-
# We've got a virtual method :title which isn't provided by Netsparker
|
103
|
-
# but that most users will be expecting.
|
104
|
-
return type.underscore.humanize if method == :title
|
105
|
-
|
106
99
|
# first we try the attributes:
|
107
100
|
# return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
|
108
101
|
|
@@ -145,8 +138,7 @@ module Netsparker
|
|
145
138
|
result.gsub!(/(<p>)|(<\/p>)/, "\n")
|
146
139
|
result.gsub!(/\n[a-z]\. /, "\n\* ")
|
147
140
|
|
148
|
-
result.gsub!(/<a href
|
149
|
-
result.gsub!(/<a href=\'(.*?)\'>(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
|
141
|
+
result.gsub!(/<a .*?href=(?:\"|\')(.*?)(?:\"|\').*?>(?:<i.*?<\/i>)?(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
|
150
142
|
|
151
143
|
result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
|
152
144
|
result.gsub!(/<pre.*?>(.*?)<\/pre>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
|
@@ -0,0 +1,50 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Netsparker::Vulnerability do
|
4
|
+
let(:doc) { described_class.new(nil) }
|
5
|
+
|
6
|
+
describe '#cleanup_html' do
|
7
|
+
it 'formats the html special characters' do
|
8
|
+
sample = "<doc>"&<>'</doc>"
|
9
|
+
expected = "<doc>\"&<>\'</doc>"
|
10
|
+
expect(doc.send(:cleanup_html, sample)).to eq(expected)
|
11
|
+
end
|
12
|
+
|
13
|
+
it 'outputs the CDATA text' do
|
14
|
+
sample = "<doc><![CDATA[Sample Text]]></doc>"
|
15
|
+
|
16
|
+
expected = "<doc>Sample Text</doc>"
|
17
|
+
expect(doc.send(:cleanup_html, sample)).to eq(expected)
|
18
|
+
end
|
19
|
+
|
20
|
+
it 're-formats the html formatting tags to textile' do
|
21
|
+
sample = "<doc>"\
|
22
|
+
"<b>Bold</b>\n"\
|
23
|
+
"<i>Italic</i>\n"\
|
24
|
+
"<em>Emphasis</em>\n"\
|
25
|
+
"<h2>Header</h2>\n"\
|
26
|
+
"<strong>Strong</strong>\n"\
|
27
|
+
"</doc>"
|
28
|
+
|
29
|
+
expected = "<doc>*Bold*\n_Italic_\n*Emphasis*\n*Header*\n*Strong*\n</doc>"
|
30
|
+
expect(doc.send(:cleanup_html, sample)).to eq(expected)
|
31
|
+
end
|
32
|
+
|
33
|
+
it 're-format the html link to textile' do
|
34
|
+
sample = "<doc>"\
|
35
|
+
"<a href='https://drad.is'>DradisLink1</a>\n"\
|
36
|
+
"<a target='_blank' href='https://drad.is'><i class='icon-external-link'></i>DradisLink2</a>\n"\
|
37
|
+
"<a href=\"https://drad.is\">DradisLink3</a>\n"\
|
38
|
+
"<a href=\"https://drad.is\" class='rspec'>DradisLink4</a>\n"\
|
39
|
+
"</doc>"
|
40
|
+
|
41
|
+
expected = "<doc>"\
|
42
|
+
"\"DradisLink1\":https://drad.is\n"\
|
43
|
+
"\"DradisLink2\":https://drad.is\n"\
|
44
|
+
"\"DradisLink3\":https://drad.is\n"\
|
45
|
+
"\"DradisLink4\":https://drad.is\n"\
|
46
|
+
"</doc>"
|
47
|
+
expect(doc.send(:cleanup_html, sample)).to eq(expected)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-netsparker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.19.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Martin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-09-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dradis-plugins
|
@@ -30,28 +30,28 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 1.10.4
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 1.10.4
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: bundler
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
47
|
+
version: '0'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - "
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rake
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -127,6 +127,7 @@ files:
|
|
127
127
|
- spec/fixtures/files/netsparker-localhost-demo.xml
|
128
128
|
- spec/fixtures/files/testsparker.xml
|
129
129
|
- spec/spec_helper.rb
|
130
|
+
- spec/vulnerability_spec.rb
|
130
131
|
- templates/evidence.fields
|
131
132
|
- templates/evidence.sample
|
132
133
|
- templates/evidence.template
|
@@ -152,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
152
153
|
- !ruby/object:Gem::Version
|
153
154
|
version: '0'
|
154
155
|
requirements: []
|
155
|
-
rubygems_version: 3.0.
|
156
|
+
rubygems_version: 3.0.1
|
156
157
|
signing_key:
|
157
158
|
specification_version: 4
|
158
159
|
summary: Netsparker add-on for the Dradis Framework.
|
@@ -163,3 +164,4 @@ test_files:
|
|
163
164
|
- spec/fixtures/files/netsparker-localhost-demo.xml
|
164
165
|
- spec/fixtures/files/testsparker.xml
|
165
166
|
- spec/spec_helper.rb
|
167
|
+
- spec/vulnerability_spec.rb
|