dradis-netsparker 3.22.0 → 4.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 43cd895f57d59fe1928d2941167c2da47d27496dd38dc99286119b8f5f6b65b5
4
- data.tar.gz: 3d21675636a694453d76690ffd23654239dcc4230fa457d3444ea7854528e7fb
3
+ metadata.gz: c02a75efe2a4bbbcba02fdfa56bcdd5e021fb3d8802b2fff36614fd0ef29fd24
4
+ data.tar.gz: 986844a569690a62adc64d4ab6793f7582f3309636e6bbfd968e954fd72aca18
5
5
  SHA512:
6
- metadata.gz: 9d583f8b743d429c50672084e994cb7946d935e9d0fc03e2e4b61bf6bd7ad5f898ccc8b26d115f786062ffe1ba81c20b7f9edbf7f8691761ec6d6f91b24d7919
7
- data.tar.gz: 0afc40c7a19e9e677cfb41fe335528055018f4f28662a1410db3d18e764e7c5b4b56729afabbcaa0138b9f87ca87d454a8de388d22f635f9907c60ba858a2802
6
+ metadata.gz: d2f54f276a1b90eb5c3419f54e429149af49f64b0325514f357d493e2f925e162d4ba934d6db6928e817be06b6fef80dff5ae795b7a9bb525b3466c6dbd949a2
7
+ data.tar.gz: 466db31ebb28d32b81f9f029c3f1a37477a8e38add9346d8e8e2db01331b2da7278a7d57a0d55e1cfff18ef21edc73ac86f708d62b1d8918b6e615d1ab338287
data/CHANGELOG.md CHANGED
@@ -1,62 +1,60 @@
1
- ## Dradis Framework 3.22 (April, 2021) ##
1
+ v4.1.0 (October 2021)
2
+ - Upgraded gems:
3
+ - nokogiri
2
4
 
3
- * No changes.
5
+ v4.0.0 (July 2021)
6
+ - No changes
4
7
 
5
- ## Dradis Framework 3.21 (February, 2021) ##
8
+ v3.22.1 (May 2021)
9
+ - Add new issue.classification_asvs40, issue.classification_nistsp80053, issue.classification_disastig, and issue.classification_iso27001 fields
10
+ - Upgraded gems:
11
+ - nokogiri
6
12
 
7
- * No changes.
13
+ v3.22.0 (April 2021)
14
+ - Initial release
8
15
 
9
- ## Dradis Framework 3.20 (December, 2020) ##
16
+ v3.21.0 (February 2021)
17
+ - No changes
10
18
 
11
- * No changes.
19
+ v3.20.0 (December 2020)
20
+ - No changes
12
21
 
13
- ## Dradis Framework 3.19 (September, 2020) ##
22
+ v3.19.0 (September 2020)
23
+ - No changes
14
24
 
15
- * No changes.
25
+ v3.18.0 (July 2020)
26
+ - No changes
16
27
 
17
- ## Dradis Framework 3.18 (July, 2020) ##
28
+ v3.17.0 (May 2020)
29
+ - Use the new <title> tag provided by Netsparker
18
30
 
19
- * No changes.
31
+ v3.16.0 (February 2020)
32
+ - No changes
20
33
 
21
- ## Dradis Framework 3.17 (May, 2020) ##
34
+ v3.15.0 (November 2019)
35
+ - Bugs fixes:
36
+ - Parse links of issue.external_references
22
37
 
23
- * Use the new <title> tag provided by Netsparker.
38
+ v3.14.0 (August 2019)
39
+ - No changes
24
40
 
25
- ## Dradis Framework 3.16 (February, 2020) ##
41
+ v3.13.0 (June 2019)
42
+ - Add Known Vulnerabilities and OWASP 2017 Classification as available Issue fields
43
+ - Add :vulnerableparameter, :vulnerableparametertype, and :vulnerableparametervalue Evidence fields
26
44
 
27
- * No changes.
45
+ v3.12.0 (March 2019)
46
+ - Change alphabetical lists to bullet lists
28
47
 
29
- ## Dradis Framework 3.15 (November, 2019) ##
48
+ v3.11.0 (November 2018)
49
+ - Add CVSS fields for Issues
50
+ - Add impact, actionsToTake, requiredSkillsForExploitation, externalReferences, remedyReferences, and extrainformation fields
51
+ - Update formatting to deal with HTML tags and entities
30
52
 
31
- * Fix link parsing of issue.external_references
53
+ v3.10.0 (September 2018)
54
+ - Add CSS classification fields to Issues
32
55
 
33
- ## Dradis Framework 3.14 (August, 2019) ##
56
+ v3.9.0 (January 2018)
57
+ - No changes
34
58
 
35
- * No changes.
36
-
37
- ## Dradis Framework 3.13 (June, 2019)
38
-
39
- * Add Known Vulnerabilities and OWASP 2017 Classification as available Issue fields
40
- * Add :vulnerableparameter, :vulnerableparametertype, and :vulnerableparametervalue Evidence fields
41
-
42
- ## Dradis Framework 3.12 (March, 2019)
43
-
44
- * Change alphabetical lists to bullet lists
45
-
46
- ## Dradis Framework 3.11 (November, 2018) ##
47
-
48
- * Add CVSS fields for Issues.
49
- * Add impact, actionsToTake, requiredSkillsForExploitation, externalReferences, remedyReferences, and extrainformation fields
50
- * Update formatting to deal with HTML tags and entities
51
-
52
- ## Dradis Framework 3.10 (September, 2018) ##
53
-
54
- * Add CSS classification fields to Issues
55
-
56
- ## Dradis Framework 3.9 (January, 2018) ##
57
-
58
- * No changes.
59
-
60
- ## Dradis Framework 3.8 (September, 2017) ##
61
-
62
- * Initial release.
59
+ v3.8.0 (September 2017)
60
+ - Initial release
@@ -0,0 +1,12 @@
1
+ [v#.#.#] ([month] [YYYY])
2
+ - [future tense verb] [feature]
3
+ - Upgraded gems:
4
+ - [gem]
5
+ - Bugs fixes:
6
+ - [future tense verb] [bug fix]
7
+ - Bug tracker items:
8
+ - [item]
9
+ - Security Fixes:
10
+ - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
11
+ - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
12
+ - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
@@ -25,8 +25,8 @@ Gem::Specification.new do |spec|
25
25
  # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
26
26
  # until we bump Dradis Pro to 4.1.
27
27
  # s.add_dependency 'rails', '~> 4.1.1'
28
- spec.add_dependency 'dradis-plugins', '~> 3.2'
29
- spec.add_dependency 'nokogiri', '~> 1.10.4'
28
+ spec.add_dependency 'dradis-plugins', '~> 4.0'
29
+ spec.add_dependency 'nokogiri', '>= 1.12.5'
30
30
 
31
31
  spec.add_development_dependency 'bundler'
32
32
  spec.add_development_dependency 'rake', '~> 10.0'
@@ -7,8 +7,8 @@ module Dradis
7
7
  end
8
8
 
9
9
  module VERSION
10
- MAJOR = 3
11
- MINOR = 22
10
+ MAJOR = 4
11
+ MINOR = 1
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -30,14 +30,15 @@ module Netsparker
30
30
  :vulnerableparameter, :vulnerableparametertype, :vulnerableparametervalue,
31
31
 
32
32
  # nested tags
33
- :classification_capec,
33
+ :classification_asvs40, :classification_capec,
34
34
 
35
35
  :classification_cvss_vector,
36
36
  :classification_cvss_base_value, :classification_cvss_base_severity,
37
37
  :classification_cvss_environmental_value, :classification_cvss_environmental_severity,
38
38
  :classification_cvss_temporal_value, :classification_cvss_temporal_severity,
39
39
 
40
- :classification_cwe, :classification_hipaa,
40
+ :classification_cwe, :classification_disastig, :classification_hipaa,
41
+ :classification_iso27001, :classification_nistsp80053,
41
42
  :classification_owasp2013, :classification_owasp2017, :classification_owasppc,
42
43
  :classification_pci31, :classification_pci32, :classification_wasc,
43
44
 
@@ -74,6 +75,7 @@ module Netsparker
74
75
  # tags.
75
76
  translations_table = {
76
77
  actions_to_take: 'actionsToTake',
78
+ classification_asvs40: 'classification/ASVS40',
77
79
  classification_capec: 'classification/CAPEC',
78
80
  classification_cwe: 'classification/CWE',
79
81
  classification_cvss_vector: 'classification/CVSS/vector',
@@ -83,7 +85,10 @@ module Netsparker
83
85
  classification_cvss_environmental_severity: "classification/CVSS/score/type[text()='Environmental']/../severity",
84
86
  classification_cvss_temporal_value: "classification/CVSS/score/type[text()='Temporal']/../value",
85
87
  classification_cvss_temporal_severity: "classification/CVSS/score/type[text()='Temporal']/../severity",
88
+ classification_disastig: 'classification/DISASTIG',
86
89
  classification_hipaa: 'classification/HIPAA',
90
+ classification_iso27001: 'classification/ISO27001',
91
+ classification_nistsp80053: 'classification/NISTSP80053',
87
92
  classification_owasp2013: 'classification/OWASP2013',
88
93
  classification_owasp2017: 'classification/OWASP2017',
89
94
  classification_owasppc: 'classification/OWASPPC',
@@ -128,13 +133,14 @@ module Netsparker
128
133
  result.gsub!(/<i>(.*?)<\/i>/) { "_#{$1}_" }
129
134
  result.gsub!(/<em>(.*?)<\/em>/) { "*#{$1}*" }
130
135
  result.gsub!(/<h2>(.*?)<\/h2>/) { "*#{$1}*" }
131
- result.gsub!(/<strong>(.*?)<\/strong>/) { "*#{$1}*" }
136
+ result.gsub!(/<strong>(.*?)<\/strong>/) { "*#{$1}* " }
132
137
 
133
- result.gsub!(/(<br>)|(<br\/>)/, "\n")
138
+ result.gsub!(/(<br>)|(<br(\s*)\/>)/, "\n")
134
139
  result.gsub!(/(<div>)|(<\/div>)/, "")
135
140
  result.gsub!(/<font.*?>(.*?)<\/font>/m, '\1')
136
141
  result.gsub!(/<p (.*?)>(.*?)<\/p>/) { "\n#{$2}\n" }
137
142
  result.gsub!(/<span(.*?)>(.*?)<\/span>/, '\2')
143
+ result.gsub!(/<span(.*?)>|<\/span>/, "")
138
144
  result.gsub!(/(<p>)|(<\/p>)/, "\n")
139
145
  result.gsub!(/\n[a-z]\. /, "\n\* ")
140
146
 
@@ -1,5 +1,6 @@
1
1
  issue.actions_to_take
2
2
  issue.certainty
3
+ issue.classification_asvs40
3
4
  issue.classification_capec
4
5
  issue.classification_cvss_vector
5
6
  issue.classification_cvss_base_value
@@ -9,7 +10,10 @@ issue.classification_cvss_environmental_severity
9
10
  issue.classification_cvss_temporal_value
10
11
  issue.classification_cvss_temporal_severity
11
12
  issue.classification_cwe
13
+ issue.classification_disastig
12
14
  issue.classification_hipaa
15
+ issue.classification_iso27001
16
+ issue.classification_nistsp80053
13
17
  issue.classification_owasp2013
14
18
  issue.classification_owasp2017
15
19
  issue.classification_owasppc
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-netsparker
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.22.0
4
+ version: 4.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-02 00:00:00.000000000 Z
11
+ date: 2021-11-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '3.2'
19
+ version: '4.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '3.2'
26
+ version: '4.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: 1.10.4
33
+ version: 1.12.5
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: 1.10.4
40
+ version: 1.12.5
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -106,6 +106,7 @@ files:
106
106
  - ".github/pull_request_template.md"
107
107
  - ".gitignore"
108
108
  - CHANGELOG.md
109
+ - CHANGELOG.template
109
110
  - CONTRIBUTING.md
110
111
  - Gemfile
111
112
  - LICENSE
@@ -153,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
153
154
  - !ruby/object:Gem::Version
154
155
  version: '0'
155
156
  requirements: []
156
- rubygems_version: 3.1.2
157
+ rubygems_version: 3.1.6
157
158
  signing_key:
158
159
  specification_version: 4
159
160
  summary: Netsparker add-on for the Dradis Framework.