dradis-netsparker 3.22.0 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +43 -45
- data/CHANGELOG.template +12 -0
- data/dradis-netsparker.gemspec +2 -2
- data/lib/dradis/plugins/netsparker/gem_version.rb +2 -2
- data/lib/netsparker/vulnerability.rb +10 -4
- data/templates/issue.fields +4 -0
- metadata +10 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c02a75efe2a4bbbcba02fdfa56bcdd5e021fb3d8802b2fff36614fd0ef29fd24
|
|
4
|
+
data.tar.gz: 986844a569690a62adc64d4ab6793f7582f3309636e6bbfd968e954fd72aca18
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d2f54f276a1b90eb5c3419f54e429149af49f64b0325514f357d493e2f925e162d4ba934d6db6928e817be06b6fef80dff5ae795b7a9bb525b3466c6dbd949a2
|
|
7
|
+
data.tar.gz: 466db31ebb28d32b81f9f029c3f1a37477a8e38add9346d8e8e2db01331b2da7278a7d57a0d55e1cfff18ef21edc73ac86f708d62b1d8918b6e615d1ab338287
|
data/CHANGELOG.md
CHANGED
|
@@ -1,62 +1,60 @@
|
|
|
1
|
-
|
|
1
|
+
v4.1.0 (October 2021)
|
|
2
|
+
- Upgraded gems:
|
|
3
|
+
- nokogiri
|
|
2
4
|
|
|
3
|
-
|
|
5
|
+
v4.0.0 (July 2021)
|
|
6
|
+
- No changes
|
|
4
7
|
|
|
5
|
-
|
|
8
|
+
v3.22.1 (May 2021)
|
|
9
|
+
- Add new issue.classification_asvs40, issue.classification_nistsp80053, issue.classification_disastig, and issue.classification_iso27001 fields
|
|
10
|
+
- Upgraded gems:
|
|
11
|
+
- nokogiri
|
|
6
12
|
|
|
7
|
-
|
|
13
|
+
v3.22.0 (April 2021)
|
|
14
|
+
- Initial release
|
|
8
15
|
|
|
9
|
-
|
|
16
|
+
v3.21.0 (February 2021)
|
|
17
|
+
- No changes
|
|
10
18
|
|
|
11
|
-
|
|
19
|
+
v3.20.0 (December 2020)
|
|
20
|
+
- No changes
|
|
12
21
|
|
|
13
|
-
|
|
22
|
+
v3.19.0 (September 2020)
|
|
23
|
+
- No changes
|
|
14
24
|
|
|
15
|
-
|
|
25
|
+
v3.18.0 (July 2020)
|
|
26
|
+
- No changes
|
|
16
27
|
|
|
17
|
-
|
|
28
|
+
v3.17.0 (May 2020)
|
|
29
|
+
- Use the new <title> tag provided by Netsparker
|
|
18
30
|
|
|
19
|
-
|
|
31
|
+
v3.16.0 (February 2020)
|
|
32
|
+
- No changes
|
|
20
33
|
|
|
21
|
-
|
|
34
|
+
v3.15.0 (November 2019)
|
|
35
|
+
- Bugs fixes:
|
|
36
|
+
- Parse links of issue.external_references
|
|
22
37
|
|
|
23
|
-
|
|
38
|
+
v3.14.0 (August 2019)
|
|
39
|
+
- No changes
|
|
24
40
|
|
|
25
|
-
|
|
41
|
+
v3.13.0 (June 2019)
|
|
42
|
+
- Add Known Vulnerabilities and OWASP 2017 Classification as available Issue fields
|
|
43
|
+
- Add :vulnerableparameter, :vulnerableparametertype, and :vulnerableparametervalue Evidence fields
|
|
26
44
|
|
|
27
|
-
|
|
45
|
+
v3.12.0 (March 2019)
|
|
46
|
+
- Change alphabetical lists to bullet lists
|
|
28
47
|
|
|
29
|
-
|
|
48
|
+
v3.11.0 (November 2018)
|
|
49
|
+
- Add CVSS fields for Issues
|
|
50
|
+
- Add impact, actionsToTake, requiredSkillsForExploitation, externalReferences, remedyReferences, and extrainformation fields
|
|
51
|
+
- Update formatting to deal with HTML tags and entities
|
|
30
52
|
|
|
31
|
-
|
|
53
|
+
v3.10.0 (September 2018)
|
|
54
|
+
- Add CSS classification fields to Issues
|
|
32
55
|
|
|
33
|
-
|
|
56
|
+
v3.9.0 (January 2018)
|
|
57
|
+
- No changes
|
|
34
58
|
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
## Dradis Framework 3.13 (June, 2019)
|
|
38
|
-
|
|
39
|
-
* Add Known Vulnerabilities and OWASP 2017 Classification as available Issue fields
|
|
40
|
-
* Add :vulnerableparameter, :vulnerableparametertype, and :vulnerableparametervalue Evidence fields
|
|
41
|
-
|
|
42
|
-
## Dradis Framework 3.12 (March, 2019)
|
|
43
|
-
|
|
44
|
-
* Change alphabetical lists to bullet lists
|
|
45
|
-
|
|
46
|
-
## Dradis Framework 3.11 (November, 2018) ##
|
|
47
|
-
|
|
48
|
-
* Add CVSS fields for Issues.
|
|
49
|
-
* Add impact, actionsToTake, requiredSkillsForExploitation, externalReferences, remedyReferences, and extrainformation fields
|
|
50
|
-
* Update formatting to deal with HTML tags and entities
|
|
51
|
-
|
|
52
|
-
## Dradis Framework 3.10 (September, 2018) ##
|
|
53
|
-
|
|
54
|
-
* Add CSS classification fields to Issues
|
|
55
|
-
|
|
56
|
-
## Dradis Framework 3.9 (January, 2018) ##
|
|
57
|
-
|
|
58
|
-
* No changes.
|
|
59
|
-
|
|
60
|
-
## Dradis Framework 3.8 (September, 2017) ##
|
|
61
|
-
|
|
62
|
-
* Initial release.
|
|
59
|
+
v3.8.0 (September 2017)
|
|
60
|
+
- Initial release
|
data/CHANGELOG.template
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
[v#.#.#] ([month] [YYYY])
|
|
2
|
+
- [future tense verb] [feature]
|
|
3
|
+
- Upgraded gems:
|
|
4
|
+
- [gem]
|
|
5
|
+
- Bugs fixes:
|
|
6
|
+
- [future tense verb] [bug fix]
|
|
7
|
+
- Bug tracker items:
|
|
8
|
+
- [item]
|
|
9
|
+
- Security Fixes:
|
|
10
|
+
- High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
|
11
|
+
- Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
|
12
|
+
- Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
data/dradis-netsparker.gemspec
CHANGED
|
@@ -25,8 +25,8 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
# versions of Rails (a sure recipe for disaster, I'm sure), which is needed
|
|
26
26
|
# until we bump Dradis Pro to 4.1.
|
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
|
28
|
-
spec.add_dependency 'dradis-plugins', '~>
|
|
29
|
-
spec.add_dependency 'nokogiri', '
|
|
28
|
+
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
|
29
|
+
spec.add_dependency 'nokogiri', '>= 1.12.5'
|
|
30
30
|
|
|
31
31
|
spec.add_development_dependency 'bundler'
|
|
32
32
|
spec.add_development_dependency 'rake', '~> 10.0'
|
|
@@ -30,14 +30,15 @@ module Netsparker
|
|
|
30
30
|
:vulnerableparameter, :vulnerableparametertype, :vulnerableparametervalue,
|
|
31
31
|
|
|
32
32
|
# nested tags
|
|
33
|
-
:classification_capec,
|
|
33
|
+
:classification_asvs40, :classification_capec,
|
|
34
34
|
|
|
35
35
|
:classification_cvss_vector,
|
|
36
36
|
:classification_cvss_base_value, :classification_cvss_base_severity,
|
|
37
37
|
:classification_cvss_environmental_value, :classification_cvss_environmental_severity,
|
|
38
38
|
:classification_cvss_temporal_value, :classification_cvss_temporal_severity,
|
|
39
39
|
|
|
40
|
-
:classification_cwe, :classification_hipaa,
|
|
40
|
+
:classification_cwe, :classification_disastig, :classification_hipaa,
|
|
41
|
+
:classification_iso27001, :classification_nistsp80053,
|
|
41
42
|
:classification_owasp2013, :classification_owasp2017, :classification_owasppc,
|
|
42
43
|
:classification_pci31, :classification_pci32, :classification_wasc,
|
|
43
44
|
|
|
@@ -74,6 +75,7 @@ module Netsparker
|
|
|
74
75
|
# tags.
|
|
75
76
|
translations_table = {
|
|
76
77
|
actions_to_take: 'actionsToTake',
|
|
78
|
+
classification_asvs40: 'classification/ASVS40',
|
|
77
79
|
classification_capec: 'classification/CAPEC',
|
|
78
80
|
classification_cwe: 'classification/CWE',
|
|
79
81
|
classification_cvss_vector: 'classification/CVSS/vector',
|
|
@@ -83,7 +85,10 @@ module Netsparker
|
|
|
83
85
|
classification_cvss_environmental_severity: "classification/CVSS/score/type[text()='Environmental']/../severity",
|
|
84
86
|
classification_cvss_temporal_value: "classification/CVSS/score/type[text()='Temporal']/../value",
|
|
85
87
|
classification_cvss_temporal_severity: "classification/CVSS/score/type[text()='Temporal']/../severity",
|
|
88
|
+
classification_disastig: 'classification/DISASTIG',
|
|
86
89
|
classification_hipaa: 'classification/HIPAA',
|
|
90
|
+
classification_iso27001: 'classification/ISO27001',
|
|
91
|
+
classification_nistsp80053: 'classification/NISTSP80053',
|
|
87
92
|
classification_owasp2013: 'classification/OWASP2013',
|
|
88
93
|
classification_owasp2017: 'classification/OWASP2017',
|
|
89
94
|
classification_owasppc: 'classification/OWASPPC',
|
|
@@ -128,13 +133,14 @@ module Netsparker
|
|
|
128
133
|
result.gsub!(/<i>(.*?)<\/i>/) { "_#{$1}_" }
|
|
129
134
|
result.gsub!(/<em>(.*?)<\/em>/) { "*#{$1}*" }
|
|
130
135
|
result.gsub!(/<h2>(.*?)<\/h2>/) { "*#{$1}*" }
|
|
131
|
-
result.gsub!(/<strong>(.*?)<\/strong>/) { "*#{$1}*" }
|
|
136
|
+
result.gsub!(/<strong>(.*?)<\/strong>/) { "*#{$1}* " }
|
|
132
137
|
|
|
133
|
-
result.gsub!(/(<br>)|(<br\/>)/, "\n")
|
|
138
|
+
result.gsub!(/(<br>)|(<br(\s*)\/>)/, "\n")
|
|
134
139
|
result.gsub!(/(<div>)|(<\/div>)/, "")
|
|
135
140
|
result.gsub!(/<font.*?>(.*?)<\/font>/m, '\1')
|
|
136
141
|
result.gsub!(/<p (.*?)>(.*?)<\/p>/) { "\n#{$2}\n" }
|
|
137
142
|
result.gsub!(/<span(.*?)>(.*?)<\/span>/, '\2')
|
|
143
|
+
result.gsub!(/<span(.*?)>|<\/span>/, "")
|
|
138
144
|
result.gsub!(/(<p>)|(<\/p>)/, "\n")
|
|
139
145
|
result.gsub!(/\n[a-z]\. /, "\n\* ")
|
|
140
146
|
|
data/templates/issue.fields
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
issue.actions_to_take
|
|
2
2
|
issue.certainty
|
|
3
|
+
issue.classification_asvs40
|
|
3
4
|
issue.classification_capec
|
|
4
5
|
issue.classification_cvss_vector
|
|
5
6
|
issue.classification_cvss_base_value
|
|
@@ -9,7 +10,10 @@ issue.classification_cvss_environmental_severity
|
|
|
9
10
|
issue.classification_cvss_temporal_value
|
|
10
11
|
issue.classification_cvss_temporal_severity
|
|
11
12
|
issue.classification_cwe
|
|
13
|
+
issue.classification_disastig
|
|
12
14
|
issue.classification_hipaa
|
|
15
|
+
issue.classification_iso27001
|
|
16
|
+
issue.classification_nistsp80053
|
|
13
17
|
issue.classification_owasp2013
|
|
14
18
|
issue.classification_owasp2017
|
|
15
19
|
issue.classification_owasppc
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-netsparker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '
|
|
19
|
+
version: '4.0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
26
|
+
version: '4.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: nokogiri
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 1.
|
|
33
|
+
version: 1.12.5
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 1.
|
|
40
|
+
version: 1.12.5
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: bundler
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,6 +106,7 @@ files:
|
|
|
106
106
|
- ".github/pull_request_template.md"
|
|
107
107
|
- ".gitignore"
|
|
108
108
|
- CHANGELOG.md
|
|
109
|
+
- CHANGELOG.template
|
|
109
110
|
- CONTRIBUTING.md
|
|
110
111
|
- Gemfile
|
|
111
112
|
- LICENSE
|
|
@@ -153,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
153
154
|
- !ruby/object:Gem::Version
|
|
154
155
|
version: '0'
|
|
155
156
|
requirements: []
|
|
156
|
-
rubygems_version: 3.1.
|
|
157
|
+
rubygems_version: 3.1.6
|
|
157
158
|
signing_key:
|
|
158
159
|
specification_version: 4
|
|
159
160
|
summary: Netsparker add-on for the Dradis Framework.
|