dradis-netsparker 3.9.0 → 3.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 111b23309632c1734251d532511e3dff4123003a
-  data.tar.gz: 65fd07a0535397833f083d57fbfa38d7fe237177
+  metadata.gz: db0b2e3287dbbdf15998ec049fb84cf1bdc0f000
+  data.tar.gz: e24c47605feb87b87812f51476702679d6423413
 SHA512:
-  metadata.gz: b51723f5b1ca3f8d19caa7cddeea146f2657cb71dbdc8743bd1adc7b99baa70fe008004217df1536c1a4853d6b489fff1d914e813f03df3b389947488e3eeb5c
-  data.tar.gz: 959cde85f8daf2cfa7b0e2c681cef99011e51d49906a62a509c4abe8a359d50b81e5c71bf2aec23ba78bf67433e161cdf997d88597e29ad6519c8c8712fdfb35
+  metadata.gz: d6150246bfbb9b4f6a04647bc5c28bcde26a0bb0712fd468d827fdb660081fcdff18544580906063e9356a60633d22bb6a2f0f4a886a104bba143ab8da27aac3
+  data.tar.gz: 199ea5fa09712a8b470a6243bc7eba7af6be972b0fa165b13791ea8a4782fbea1a1cf2406190770f09ef92e415b3dad23eb9a1589bf9c769657b40a5244682b0

data/CHANGELOG.md

@@ -1,8 +1,11 @@
+## Dradis Framework 3.10 (August, 2018) ##
+
+*   Add CVSS fields for Issues.
+
 ## Dradis Framework 3.9 (January, 2018) ##
 
 *   No changes.
 
-
 ## Dradis Framework 3.8 (September, 2017) ##
 
 *   Initial release.

data/lib/dradis/plugins/netsparker/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 3
-        MINOR = 9
+        MINOR = 10
         TINY = 0
         PRE = nil
 

data/lib/netsparker/vulnerability.rb

@@ -29,7 +29,14 @@ module Netsparker
         # tags that correspond to Evidence
 
         # nested tags
-        :classification_capec, :classification_cwe, :classification_hipaa,
+        :classification_capec,
+
+        :classification_cvss_vector,
+        :classification_cvss_base_value, :classification_cvss_base_severity,
+        :classification_cvss_environmental_value, :classification_cvss_environmental_severity,
+        :classification_cvss_temporal_value, :classification_cvss_temporal_severity,
+
+        :classification_cwe, :classification_hipaa,
         :classification_owasp2013, :classification_owasppc,
         :classification_pci31, :classification_pci32, :classification_wasc,
 
@@ -65,14 +72,21 @@ module Netsparker
       # this includes acronyms (e.g. :cwe would become 'Cwe') and simple nested
       # tags.
       translations_table = {
-            classification_capec: 'classification/CAPEC',
-              classification_cwe: 'classification/CWE',
-            classification_hipaa: 'classification/HIPAA',
-        classification_owasp2013: 'classification/OWASP2013',
-          classification_owasppc: 'classification/OWASPPC',
-            classification_pci31: 'classification/PCI31',
-            classification_pci32: 'classification/PCI32',
-             classification_wasc: 'classification/WASC'
+        classification_capec:                       'classification/CAPEC',
+        classification_cwe:                         'classification/CWE',
+        classification_cvss_vector:                 'classification/CVSS/vector',
+        classification_cvss_base_value:             "classification/CVSS/score/type[text()='Base']/../value",
+        classification_cvss_base_severity:          "classification/CVSS/score/type[text()='Base']/../severity",
+        classification_cvss_environmental_value:    "classification/CVSS/score/type[text()='Environmental']/../value",
+        classification_cvss_environmental_severity: "classification/CVSS/score/type[text()='Environmental']/../severity",
+        classification_cvss_temporal_value:         "classification/CVSS/score/type[text()='Temporal']/../value",
+        classification_cvss_temporal_severity:      "classification/CVSS/score/type[text()='Temporal']/../severity",
+        classification_hipaa:                       'classification/HIPAA',
+        classification_owasp2013:                   'classification/OWASP2013',
+        classification_owasppc:                     'classification/OWASPPC',
+        classification_pci31:                       'classification/PCI31',
+        classification_pci32:                       'classification/PCI32',
+        classification_wasc:                        'classification/WASC'
       }
       method_name = translations_table.fetch(method, method.to_s)
 

data/templates/issue.fields

@@ -1,5 +1,12 @@
 issue.certainty
 issue.classification_capec
+issue.classification_cvss_vector
+issue.classification_cvss_base_value
+issue.classification_cvss_base_severity
+issue.classification_cvss_environmental_value
+issue.classification_cvss_environmental_severity
+issue.classification_cvss_temporal_value
+issue.classification_cvss_temporal_severity
 issue.classification_cwe
 issue.classification_hipaa
 issue.classification_owasp2013

data/templates/issue.sample

@@ -50,6 +50,25 @@ function openFlyout() {
     <PCI32></PCI32>
     <HIPAA>164.308(a)</HIPAA>
     <OWASPPC>C9</OWASPPC>
+    <CVSS>
+      <vector>CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</vector>
+
+      <score>
+        <type>Base</type>
+        <value>5.7</value>
+        <severity>Medium</severity>
+      </score>
+      <score>
+        <type>Temporal</type>
+        <value>5.7</value>
+        <severity>Medium</severity>
+      </score>
+      <score>
+        <type>Environmental</type>
+        <value>5.7</value>
+        <severity>Medium</severity>
+      </score>
+    </CVSS>
   </classification>
 
 </vulnerability>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-netsparker
 version: !ruby/object:Gem::Version
-  version: 3.9.0
+  version: 3.10.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-11 00:00:00.000000000 Z
+date: 2018-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins