dradis-netsparker 3.9.0 → 3.10.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -1
  3. data/lib/dradis/plugins/netsparker/gem_version.rb +1 -1
  4. data/lib/netsparker/vulnerability.rb +23 -9
  5. data/templates/issue.fields +7 -0
  6. data/templates/issue.sample +19 -0
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 111b23309632c1734251d532511e3dff4123003a
4
- data.tar.gz: 65fd07a0535397833f083d57fbfa38d7fe237177
3
+ metadata.gz: db0b2e3287dbbdf15998ec049fb84cf1bdc0f000
4
+ data.tar.gz: e24c47605feb87b87812f51476702679d6423413
5
5
  SHA512:
6
- metadata.gz: b51723f5b1ca3f8d19caa7cddeea146f2657cb71dbdc8743bd1adc7b99baa70fe008004217df1536c1a4853d6b489fff1d914e813f03df3b389947488e3eeb5c
7
- data.tar.gz: 959cde85f8daf2cfa7b0e2c681cef99011e51d49906a62a509c4abe8a359d50b81e5c71bf2aec23ba78bf67433e161cdf997d88597e29ad6519c8c8712fdfb35
6
+ metadata.gz: d6150246bfbb9b4f6a04647bc5c28bcde26a0bb0712fd468d827fdb660081fcdff18544580906063e9356a60633d22bb6a2f0f4a886a104bba143ab8da27aac3
7
+ data.tar.gz: 199ea5fa09712a8b470a6243bc7eba7af6be972b0fa165b13791ea8a4782fbea1a1cf2406190770f09ef92e415b3dad23eb9a1589bf9c769657b40a5244682b0
data/CHANGELOG.md CHANGED
@@ -1,8 +1,11 @@
1
+ ## Dradis Framework 3.10 (August, 2018) ##
2
+
3
+ * Add CVSS fields for Issues.
4
+
1
5
  ## Dradis Framework 3.9 (January, 2018) ##
2
6
 
3
7
  * No changes.
4
8
 
5
-
6
9
  ## Dradis Framework 3.8 (September, 2017) ##
7
10
 
8
11
  * Initial release.
data/lib/dradis/plugins/netsparker/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 3
11
- MINOR = 9
11
+ MINOR = 10
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
data/lib/netsparker/vulnerability.rb CHANGED
@@ -29,7 +29,14 @@ module Netsparker
29
29
  # tags that correspond to Evidence
30
30
 
31
31
  # nested tags
32
- :classification_capec, :classification_cwe, :classification_hipaa,
32
+ :classification_capec,
33
+
34
+ :classification_cvss_vector,
35
+ :classification_cvss_base_value, :classification_cvss_base_severity,
36
+ :classification_cvss_environmental_value, :classification_cvss_environmental_severity,
37
+ :classification_cvss_temporal_value, :classification_cvss_temporal_severity,
38
+
39
+ :classification_cwe, :classification_hipaa,
33
40
  :classification_owasp2013, :classification_owasppc,
34
41
  :classification_pci31, :classification_pci32, :classification_wasc,
35
42
 
@@ -65,14 +72,21 @@ module Netsparker
65
72
  # this includes acronyms (e.g. :cwe would become 'Cwe') and simple nested
66
73
  # tags.
67
74
  translations_table = {
68
- classification_capec: 'classification/CAPEC',
69
- classification_cwe: 'classification/CWE',
70
- classification_hipaa: 'classification/HIPAA',
71
- classification_owasp2013: 'classification/OWASP2013',
72
- classification_owasppc: 'classification/OWASPPC',
73
- classification_pci31: 'classification/PCI31',
74
- classification_pci32: 'classification/PCI32',
75
- classification_wasc: 'classification/WASC'
75
+ classification_capec: 'classification/CAPEC',
76
+ classification_cwe: 'classification/CWE',
77
+ classification_cvss_vector: 'classification/CVSS/vector',
78
+ classification_cvss_base_value: "classification/CVSS/score/type[text()='Base']/../value",
79
+ classification_cvss_base_severity: "classification/CVSS/score/type[text()='Base']/../severity",
80
+ classification_cvss_environmental_value: "classification/CVSS/score/type[text()='Environmental']/../value",
81
+ classification_cvss_environmental_severity: "classification/CVSS/score/type[text()='Environmental']/../severity",
82
+ classification_cvss_temporal_value: "classification/CVSS/score/type[text()='Temporal']/../value",
83
+ classification_cvss_temporal_severity: "classification/CVSS/score/type[text()='Temporal']/../severity",
84
+ classification_hipaa: 'classification/HIPAA',
85
+ classification_owasp2013: 'classification/OWASP2013',
86
+ classification_owasppc: 'classification/OWASPPC',
87
+ classification_pci31: 'classification/PCI31',
88
+ classification_pci32: 'classification/PCI32',
89
+ classification_wasc: 'classification/WASC'
76
90
  }
77
91
  method_name = translations_table.fetch(method, method.to_s)
78
92
 
data/templates/issue.fields CHANGED
@@ -1,5 +1,12 @@
1
1
  issue.certainty
2
2
  issue.classification_capec
3
+ issue.classification_cvss_vector
4
+ issue.classification_cvss_base_value
5
+ issue.classification_cvss_base_severity
6
+ issue.classification_cvss_environmental_value
7
+ issue.classification_cvss_environmental_severity
8
+ issue.classification_cvss_temporal_value
9
+ issue.classification_cvss_temporal_severity
3
10
  issue.classification_cwe
4
11
  issue.classification_hipaa
5
12
  issue.classification_owasp2013
data/templates/issue.sample CHANGED
@@ -50,6 +50,25 @@ function openFlyout() {
50
50
  <PCI32></PCI32>
51
51
  <HIPAA>164.308(a)</HIPAA>
52
52
  <OWASPPC>C9</OWASPPC>
53
+ <CVSS>
54
+ <vector>CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</vector>
55
+
56
+ <score>
57
+ <type>Base</type>
58
+ <value>5.7</value>
59
+ <severity>Medium</severity>
60
+ </score>
61
+ <score>
62
+ <type>Temporal</type>
63
+ <value>5.7</value>
64
+ <severity>Medium</severity>
65
+ </score>
66
+ <score>
67
+ <type>Environmental</type>
68
+ <value>5.7</value>
69
+ <severity>Medium</severity>
70
+ </score>
71
+ </CVSS>
53
72
  </classification>
54
73
 
55
74
  </vulnerability>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-netsparker
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.9.0
4
+ version: 3.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-11 00:00:00.000000000 Z
11
+ date: 2018-08-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins