dradis-netsparker 3.14.0 → 3.19.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 353d310c2beeb39d7d4e556b86460b6512e48bdc2bcfd3e5019aeab24e7835d8
4
- data.tar.gz: 3d20d0a38d206e4d08228ab4e6b43066d6dfed1501ae04a36f559ccc794ce4e3
3
+ metadata.gz: e8ebe715ad95148175c506b469c631dad6681c9cf5ccb80355d591dc45fb6366
4
+ data.tar.gz: 84168e97191291ac0e71e45a0097f27a64063c866e6f80e538b57cb14f6a8d27
5
5
  SHA512:
6
- metadata.gz: 7400e753151cc1797d6732a6ad2f402148a66e8debb464e5033878ec1b7ac1ed284a3f34aee491fdf6deeeade8bc023e2cd279dc457454d62cf58946bd8dc0ec
7
- data.tar.gz: 5e6a672d83d44a5e8ce830c6457d7a87fc83de038aeb6c1531dc4e7e1d536fd79653a3c3c0acfc6e4d59c7da5913449d254ef8b7eaa136502bf13bddf8c68767
6
+ metadata.gz: deb698dbcfae56ec5145c6eacf42c7d8d7b8a19edfcd0b1b6cf5399b7c41ab60f7800d580c3bb4596154fbea679623da28ea2062b3c3bfd413f398954ae0a852
7
+ data.tar.gz: 806d888dfd42d237f94e887746fef253395935df6c231318d7edc8490120759501f5d58e78f530d6693833c84dd57393d0890cb7c1d3ac423c30ae868e389f25
@@ -1,3 +1,23 @@
1
+ ## Dradis Framework 3.19 (September, 2020) ##
2
+
3
+ * No changes.
4
+
5
+ ## Dradis Framework 3.18 (July, 2020) ##
6
+
7
+ * No changes.
8
+
9
+ ## Dradis Framework 3.17 (May, 2020) ##
10
+
11
+ * Use the new <title> tag provided by Netsparker.
12
+
13
+ ## Dradis Framework 3.16 (February, 2020) ##
14
+
15
+ * No changes.
16
+
17
+ ## Dradis Framework 3.15 (November, 2019) ##
18
+
19
+ * Fix link parsing of issue.external_references
20
+
1
21
  ## Dradis Framework 3.14 (August, 2019) ##
2
22
 
3
23
  * No changes.
@@ -26,9 +26,9 @@ Gem::Specification.new do |spec|
26
26
  # until we bump Dradis Pro to 4.1.
27
27
  # s.add_dependency 'rails', '~> 4.1.1'
28
28
  spec.add_dependency 'dradis-plugins', '~> 3.2'
29
- spec.add_dependency 'nokogiri', '~> 1.3'
29
+ spec.add_dependency 'nokogiri', '~> 1.10.4'
30
30
 
31
- spec.add_development_dependency 'bundler', '~> 1.6'
31
+ spec.add_development_dependency 'bundler'
32
32
  spec.add_development_dependency 'rake', '~> 10.0'
33
33
  spec.add_development_dependency 'rspec-rails'
34
34
  spec.add_development_dependency 'combustion', '~> 0.5.2'
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 3
11
- MINOR = 14
11
+ MINOR = 19
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -19,15 +19,12 @@ module Netsparker
19
19
  # collections.
20
20
  def supported_tags
21
21
  [
22
- # made-up tags
23
- :title,
24
-
25
22
  # simple tags
26
23
  :actions_to_take, :certainty, :description, :external_references,
27
- :extrainformation, :impact, :knownvulnerabilities,
24
+ :extrainformation, :impact, :knownvulnerabilities,
28
25
  :rawrequest, :rawresponse, :remedy,
29
26
  :remedy_references, :required_skills_for_exploitation, :severity,
30
- :type, :url,
27
+ :title, :type, :url,
31
28
 
32
29
  # tags that correspond to Evidence
33
30
  :vulnerableparameter, :vulnerableparametertype, :vulnerableparametervalue,
@@ -99,10 +96,6 @@ module Netsparker
99
96
  }
100
97
  method_name = translations_table.fetch(method, method.to_s)
101
98
 
102
- # We've got a virtual method :title which isn't provided by Netsparker
103
- # but that most users will be expecting.
104
- return type.underscore.humanize if method == :title
105
-
106
99
  # first we try the attributes:
107
100
  # return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
108
101
 
@@ -145,8 +138,7 @@ module Netsparker
145
138
  result.gsub!(/(<p>)|(<\/p>)/, "\n")
146
139
  result.gsub!(/\n[a-z]\. /, "\n\* ")
147
140
 
148
- result.gsub!(/<a href=\"(.*?)\" (.*?)>(.*?)<\/a>/i) { "\"#{$3.strip}\":#{$1.strip}" }
149
- result.gsub!(/<a href=\'(.*?)\'>(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
141
+ result.gsub!(/<a .*?href=(?:\"|\')(.*?)(?:\"|\').*?>(?:<i.*?<\/i>)?(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
150
142
 
151
143
  result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
152
144
  result.gsub!(/<pre.*?>(.*?)<\/pre>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
@@ -0,0 +1,50 @@
1
+ require 'spec_helper'
2
+
3
+ describe Netsparker::Vulnerability do
4
+ let(:doc) { described_class.new(nil) }
5
+
6
+ describe '#cleanup_html' do
7
+ it 'formats the html special characters' do
8
+ sample = "<doc>&quot;&amp;&lt;&gt;&#39;</doc>"
9
+ expected = "<doc>\"&<>\'</doc>"
10
+ expect(doc.send(:cleanup_html, sample)).to eq(expected)
11
+ end
12
+
13
+ it 'outputs the CDATA text' do
14
+ sample = "<doc><![CDATA[Sample Text]]></doc>"
15
+
16
+ expected = "<doc>Sample Text</doc>"
17
+ expect(doc.send(:cleanup_html, sample)).to eq(expected)
18
+ end
19
+
20
+ it 're-formats the html formatting tags to textile' do
21
+ sample = "<doc>"\
22
+ "<b>Bold</b>\n"\
23
+ "<i>Italic</i>\n"\
24
+ "<em>Emphasis</em>\n"\
25
+ "<h2>Header</h2>\n"\
26
+ "<strong>Strong</strong>\n"\
27
+ "</doc>"
28
+
29
+ expected = "<doc>*Bold*\n_Italic_\n*Emphasis*\n*Header*\n*Strong*\n</doc>"
30
+ expect(doc.send(:cleanup_html, sample)).to eq(expected)
31
+ end
32
+
33
+ it 're-format the html link to textile' do
34
+ sample = "<doc>"\
35
+ "<a href='https://drad.is'>DradisLink1</a>\n"\
36
+ "<a target='_blank' href='https://drad.is'><i class='icon-external-link'></i>DradisLink2</a>\n"\
37
+ "<a href=\"https://drad.is\">DradisLink3</a>\n"\
38
+ "<a href=\"https://drad.is\" class='rspec'>DradisLink4</a>\n"\
39
+ "</doc>"
40
+
41
+ expected = "<doc>"\
42
+ "\"DradisLink1\":https://drad.is\n"\
43
+ "\"DradisLink2\":https://drad.is\n"\
44
+ "\"DradisLink3\":https://drad.is\n"\
45
+ "\"DradisLink4\":https://drad.is\n"\
46
+ "</doc>"
47
+ expect(doc.send(:cleanup_html, sample)).to eq(expected)
48
+ end
49
+ end
50
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-netsparker
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.14.0
4
+ version: 3.19.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-08-13 00:00:00.000000000 Z
11
+ date: 2020-09-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -30,28 +30,28 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '1.3'
33
+ version: 1.10.4
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.3'
40
+ version: 1.10.4
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: '1.6'
47
+ version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
- version: '1.6'
54
+ version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rake
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -127,6 +127,7 @@ files:
127
127
  - spec/fixtures/files/netsparker-localhost-demo.xml
128
128
  - spec/fixtures/files/testsparker.xml
129
129
  - spec/spec_helper.rb
130
+ - spec/vulnerability_spec.rb
130
131
  - templates/evidence.fields
131
132
  - templates/evidence.sample
132
133
  - templates/evidence.template
@@ -152,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
152
153
  - !ruby/object:Gem::Version
153
154
  version: '0'
154
155
  requirements: []
155
- rubygems_version: 3.0.3
156
+ rubygems_version: 3.0.1
156
157
  signing_key:
157
158
  specification_version: 4
158
159
  summary: Netsparker add-on for the Dradis Framework.
@@ -163,3 +164,4 @@ test_files:
163
164
  - spec/fixtures/files/netsparker-localhost-demo.xml
164
165
  - spec/fixtures/files/testsparker.xml
165
166
  - spec/spec_helper.rb
167
+ - spec/vulnerability_spec.rb