RubyGems - dradis-netsparker - Versions diffs - 4.10.0 → 4.12.0 - Mend

dradis-netsparker 4.10.0 → 4.12.0

Files changed (13) hide show

checksums.yaml +4 -4
data/.github/pull_request_template.md +12 -3
data/CHANGELOG.md +7 -0
data/README.md +3 -3
data/lib/dradis/plugins/netsparker/gem_version.rb +1 -1
data/lib/dradis/plugins/netsparker/importer.rb +4 -4
data/lib/dradis/plugins/netsparker/mapping.rb +68 -0
data/lib/dradis/plugins/netsparker.rb +1 -0
metadata +7 -10
data/templates/evidence.fields +0 -6
data/templates/evidence.template +0 -17
data/templates/issue.fields +0 -34
data/templates/issue.template +0 -14

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 16a61288d0f7b22123df06ee74606838c2ed0660779bc044d143bf76283d9b84
-  data.tar.gz: cb06d7008203f442cb5c715a03fc87fe9df555587a24cbdc8c0ef0075d43c8f1
+  metadata.gz: 1851daa2e0c46884ce33fa62481992a231ff87927d2c3e1a1f0c395f7c93e570
+  data.tar.gz: f8c2d842927e1626eca34daed2a5cdd454d1cea5c8a0216ca1d2358066c4b24e
 SHA512:
-  metadata.gz: 9555fa3b40e8661b8fd5e8347270d38e344851dba7c707ad833d8d450c8cc593e08849de71dfed35eea65c2e420c55fa1af3d573f71aa9877a1e61ddf8951aff
-  data.tar.gz: f89f80f6eb398892ad38aa554f441997747c893b29e8b2873045b3466f82b1f50ef225e8a7424d74fba8be50241c8f063c7fcabd2868cbfc185ea3bf102d6429
+  metadata.gz: a3c6d372b877dea68b90da9296371885aa14f91529679cba9b513208a7d9b63decbfc7bc597a406fe6d0d904b2991dc47101584617f62c929d08483b3ba82cd9
+  data.tar.gz: 581a1fd4a787aaa47ebd8700ec18fca92fa15e22e129ab5131cdd624604d7ec4edcbf83cacad8c33d818777fa403285fab198fa216ae39782e4fb9a25fdd75e2

data/.github/pull_request_template.md CHANGED Viewed

@@ -1,3 +1,5 @@
+Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
 ### Summary
 Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
 to keep the conversation linked together.
+### Testing Steps
+Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
 ### Other Information
 If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
 codebase. Any code you create which is merged must be owned by us.
 That's not us trying to be a jerks, that's just the way it works.
-Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
-file for the details.
 You can delete this section, but the following sentence needs to
 remain in the PR's description:
 > I assign all rights, including copyright, to any future Dradis
 > work by myself to Security Roots.
+### Check List
+- [ ] Added a CHANGELOG entry
+- [ ] Added specs

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,10 @@
+v4.12.0 (May 2024)
+ - Migrate integration to use Mappings Manager
+ - Update Dradis links in README
+v4.11.0 (January 2024)
+  - No changes
 v4.10.0 (September 2023)
   - Update gemspec links

data/README.md CHANGED Viewed

@@ -4,17 +4,17 @@
 The Netsparker add-on enables users to upload Netsparker XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
-The add-on requires [Dradis CE](https://dradisframework.com/ce/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 ## More information
-See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
 ## Contributing
-See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
 ## License

data/lib/dradis/plugins/netsparker/gem_version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 10
+        MINOR = 12
         TINY = 0
         PRE = nil

data/lib/dradis/plugins/netsparker/importer.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Dradis::Plugins::Netsparker
       @doc.xpath('/netsparker/vulnerability').each do |xml_vuln|
         process_vuln(xml_vuln, host_node)
       end
     end
     def process_vuln(xml_vuln, host_node)
@@ -49,14 +49,14 @@ module Dradis::Plugins::Netsparker
       # Create Issues using the Issue template
       logger.info{ "\t\t => Creating new Issue: #{type}" }
-      issue_text = template_service.process_template(template: 'issue', data: xml_vuln)
+      issue_text = mapping_service.apply_mapping(source: 'issue', data: xml_vuln)
       issue = content_service.create_issue(text: issue_text, id: type)
       # Create Evidence using the Evidence template
       # Associate the Evidence with the Node and Issue
       logger.info{ "\t\t => Creating new evidence" }
-      evidence_content = template_service.process_template(
-        template: 'evidence', data: xml_vuln
+      evidence_content = mapping_service.apply_mapping(
+        source: 'evidence', data: xml_vuln
       )
       content_service.create_evidence(
         issue: issue, node: host_node, content: evidence_content

data/lib/dradis/plugins/netsparker/mapping.rb ADDED Viewed

@@ -0,0 +1,68 @@
+module Dradis::Plugins::Netsparker
+  module Mapping
+    DEFAULT_MAPPING = {
+      evidence: {
+        'URL' => '{{ netsparker[evidence.url] }}',
+        'Request' => 'bc.. {{ netsparker[evidence.rawrequest] }}',
+        'Response' => 'bc.. {{ netsparker[evidence.rawresponse] }}',
+        'VulnerableParameter' => 'bc. {{ netsparker[evidence.vulnerableparameter] }}',
+        'VulnerableParameterType' => 'bc. {{ netsparker[evidence.vulnerableparametertype] }}',
+        'VulnerableParameterValue' => 'bc. {{ netsparker[evidence.vulnerableparametervalue] }}'
+      },
+      issue: {
+        'Title' => '{{ netsparker[issue.title] }}',
+        'Severity' => '{{ netsparker[issue.severity] }}',
+        'Certainty' => '{{ netsparker[issue.certainty] }}',
+        'Description' => '{{ netsparker[issue.description] }}',
+        'Remedy' => '{{ netsparker[issue.remedy] }}'
+      }
+    }.freeze
+    SOURCE_FIELDS = {
+      evidence: [
+        'evidence.rawrequest',
+        'evidence.rawresponse',
+        'evidence.url',
+        'evidence.vulnerableparameter',
+        'evidence.vulnerableparametertype',
+        'evidence.vulnerableparametervalue'
+      ],
+      issue: [
+        'issue.actions_to_take',
+        'issue.certainty',
+        'issue.classification_asvs40',
+        'issue.classification_capec',
+        'issue.classification_cvss_vector',
+        'issue.classification_cvss_base_value',
+        'issue.classification_cvss_base_severity',
+        'issue.classification_cvss_environmental_value',
+        'issue.classification_cvss_environmental_severity',
+        'issue.classification_cvss_temporal_value',
+        'issue.classification_cvss_temporal_severity',
+        'issue.classification_cwe',
+        'issue.classification_disastig',
+        'issue.classification_hipaa',
+        'issue.classification_iso27001',
+        'issue.classification_nistsp80053',
+        'issue.classification_owasp2013',
+        'issue.classification_owasp2017',
+        'issue.classification_owasp2021',
+        'issue.classification_owasppc',
+        'issue.classification_pci31',
+        'issue.classification_pci32',
+        'issue.classification_wasc',
+        'issue.description',
+        'issue.external_references',
+        'issue.extrainformation',
+        'issue.impact',
+        'issue.knownvulnerabilities',
+        'issue.remedy',
+        'issue.remedy_references',
+        'issue.required_skills_for_exploitation',
+        'issue.severity',
+        'issue.title',
+        'issue.type'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/netsparker.rb CHANGED Viewed

@@ -7,5 +7,6 @@ end
 require 'dradis/plugins/netsparker/engine'
 require 'dradis/plugins/netsparker/field_processor'
+require 'dradis/plugins/netsparker/mapping'
 require 'dradis/plugins/netsparker/importer'
 require 'dradis/plugins/netsparker/version'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-netsparker
 version: !ruby/object:Gem::Version
-  version: 4.10.0
+  version: 4.12.0
 platform: ruby
 authors:
 - Daniel Martin
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-07 00:00:00.000000000 Z
+date: 2024-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -96,7 +96,7 @@ dependencies:
         version: 0.5.2
 description: This add-on allows you to upload and parse output produced from Netsparker
   Web Vulnerability Scanner into Dradis.
-email:
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -118,6 +118,7 @@ files:
 - lib/dradis/plugins/netsparker/field_processor.rb
 - lib/dradis/plugins/netsparker/gem_version.rb
 - lib/dradis/plugins/netsparker/importer.rb
+- lib/dradis/plugins/netsparker/mapping.rb
 - lib/dradis/plugins/netsparker/version.rb
 - lib/netsparker/vulnerability.rb
 - lib/tasks/thorfile.rb
@@ -128,17 +129,13 @@ files:
 - spec/fixtures/files/testsparker.xml
 - spec/spec_helper.rb
 - spec/vulnerability_spec.rb
-- templates/evidence.fields
 - templates/evidence.sample
-- templates/evidence.template
-- templates/issue.fields
 - templates/issue.sample
-- templates/issue.template
 homepage: https://dradis.com/integrations/netsparker.html
 licenses:
 - GPL-2
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -154,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.4
-signing_key:
+signing_key:
 specification_version: 4
 summary: Netsparker add-on for the Dradis Framework.
 test_files:

data/templates/evidence.fields DELETED Viewed

@@ -1,6 +0,0 @@
-evidence.rawrequest
-evidence.rawresponse
-evidence.url
-evidence.vulnerableparameter
-evidence.vulnerableparametertype
-evidence.vulnerableparametervalue

data/templates/evidence.template DELETED Viewed

@@ -1,17 +0,0 @@
-#[URL]#
-%evidence.url%
-#[Request]#
-bc.. %evidence.rawrequest%
-#[Response]#
-bc.. %evidence.rawresponse%
-#[VulnerableParameter]#
-bc. %evidence.vulnerableparameter%
-#[VulnerableParameterType]#
-bc. %evidence.vulnerableparametertype%
-#[VulnerableParameterValue]#
-bc. %evidence.vulnerableparametervalue%

data/templates/issue.fields DELETED Viewed

@@ -1,34 +0,0 @@
-issue.actions_to_take
-issue.certainty
-issue.classification_asvs40
-issue.classification_capec
-issue.classification_cvss_vector
-issue.classification_cvss_base_value
-issue.classification_cvss_base_severity
-issue.classification_cvss_environmental_value
-issue.classification_cvss_environmental_severity
-issue.classification_cvss_temporal_value
-issue.classification_cvss_temporal_severity
-issue.classification_cwe
-issue.classification_disastig
-issue.classification_hipaa
-issue.classification_iso27001
-issue.classification_nistsp80053
-issue.classification_owasp2013
-issue.classification_owasp2017
-issue.classification_owasp2021
-issue.classification_owasppc
-issue.classification_pci31
-issue.classification_pci32
-issue.classification_wasc
-issue.description
-issue.external_references
-issue.extrainformation
-issue.impact
-issue.knownvulnerabilities
-issue.remedy
-issue.remedy_references
-issue.required_skills_for_exploitation
-issue.severity
-issue.title
-issue.type

data/templates/issue.template DELETED Viewed

@@ -1,14 +0,0 @@
-#[Title]#
-%issue.title%
-#[Severity]#
-%issue.severity%
-#[Certainty]#
-%issue.certainty%
-#[Description]#
-%issue.description%
-#[Remedy]#
-%issue.remedy%