dradis-netsparker 4.10.0 → 4.12.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 16a61288d0f7b22123df06ee74606838c2ed0660779bc044d143bf76283d9b84
4
- data.tar.gz: cb06d7008203f442cb5c715a03fc87fe9df555587a24cbdc8c0ef0075d43c8f1
3
+ metadata.gz: 1851daa2e0c46884ce33fa62481992a231ff87927d2c3e1a1f0c395f7c93e570
4
+ data.tar.gz: f8c2d842927e1626eca34daed2a5cdd454d1cea5c8a0216ca1d2358066c4b24e
5
5
  SHA512:
6
- metadata.gz: 9555fa3b40e8661b8fd5e8347270d38e344851dba7c707ad833d8d450c8cc593e08849de71dfed35eea65c2e420c55fa1af3d573f71aa9877a1e61ddf8951aff
7
- data.tar.gz: f89f80f6eb398892ad38aa554f441997747c893b29e8b2873045b3466f82b1f50ef225e8a7424d74fba8be50241c8f063c7fcabd2868cbfc185ea3bf102d6429
6
+ metadata.gz: a3c6d372b877dea68b90da9296371885aa14f91529679cba9b513208a7d9b63decbfc7bc597a406fe6d0d904b2991dc47101584617f62c929d08483b3ba82cd9
7
+ data.tar.gz: 581a1fd4a787aaa47ebd8700ec18fca92fa15e22e129ab5131cdd624604d7ec4edcbf83cacad8c33d818777fa403285fab198fa216ae39782e4fb9a25fdd75e2
@@ -1,3 +1,5 @@
1
+ Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
2
+
1
3
  ### Summary
2
4
 
3
5
  Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
6
8
  to keep the conversation linked together.
7
9
 
8
10
 
11
+ ### Testing Steps
12
+
13
+ Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
14
+
15
+
9
16
  ### Other Information
10
17
 
11
18
  If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
26
33
  codebase. Any code you create which is merged must be owned by us.
27
34
  That's not us trying to be a jerks, that's just the way it works.
28
35
 
29
- Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
30
- file for the details.
31
-
32
36
  You can delete this section, but the following sentence needs to
33
37
  remain in the PR's description:
34
38
 
35
39
  > I assign all rights, including copyright, to any future Dradis
36
40
  > work by myself to Security Roots.
41
+
42
+ ### Check List
43
+
44
+ - [ ] Added a CHANGELOG entry
45
+ - [ ] Added specs
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ v4.12.0 (May 2024)
2
+ - Migrate integration to use Mappings Manager
3
+ - Update Dradis links in README
4
+
5
+ v4.11.0 (January 2024)
6
+ - No changes
7
+
1
8
  v4.10.0 (September 2023)
2
9
  - Update gemspec links
3
10
 
data/README.md CHANGED
@@ -4,17 +4,17 @@
4
4
 
5
5
  The Netsparker add-on enables users to upload Netsparker XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
6
6
 
7
- The add-on requires [Dradis CE](https://dradisframework.com/ce/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
7
+ The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
8
8
 
9
9
 
10
10
  ## More information
11
11
 
12
- See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
12
+ See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
13
13
 
14
14
 
15
15
  ## Contributing
16
16
 
17
- See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
17
+ See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
18
18
 
19
19
 
20
20
  ## License
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 10
11
+ MINOR = 12
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -40,7 +40,7 @@ module Dradis::Plugins::Netsparker
40
40
  @doc.xpath('/netsparker/vulnerability').each do |xml_vuln|
41
41
  process_vuln(xml_vuln, host_node)
42
42
  end
43
-
43
+
44
44
  end
45
45
 
46
46
  def process_vuln(xml_vuln, host_node)
@@ -49,14 +49,14 @@ module Dradis::Plugins::Netsparker
49
49
  # Create Issues using the Issue template
50
50
  logger.info{ "\t\t => Creating new Issue: #{type}" }
51
51
 
52
- issue_text = template_service.process_template(template: 'issue', data: xml_vuln)
52
+ issue_text = mapping_service.apply_mapping(source: 'issue', data: xml_vuln)
53
53
  issue = content_service.create_issue(text: issue_text, id: type)
54
54
 
55
55
  # Create Evidence using the Evidence template
56
56
  # Associate the Evidence with the Node and Issue
57
57
  logger.info{ "\t\t => Creating new evidence" }
58
- evidence_content = template_service.process_template(
59
- template: 'evidence', data: xml_vuln
58
+ evidence_content = mapping_service.apply_mapping(
59
+ source: 'evidence', data: xml_vuln
60
60
  )
61
61
  content_service.create_evidence(
62
62
  issue: issue, node: host_node, content: evidence_content
@@ -0,0 +1,68 @@
1
+ module Dradis::Plugins::Netsparker
2
+ module Mapping
3
+ DEFAULT_MAPPING = {
4
+ evidence: {
5
+ 'URL' => '{{ netsparker[evidence.url] }}',
6
+ 'Request' => 'bc.. {{ netsparker[evidence.rawrequest] }}',
7
+ 'Response' => 'bc.. {{ netsparker[evidence.rawresponse] }}',
8
+ 'VulnerableParameter' => 'bc. {{ netsparker[evidence.vulnerableparameter] }}',
9
+ 'VulnerableParameterType' => 'bc. {{ netsparker[evidence.vulnerableparametertype] }}',
10
+ 'VulnerableParameterValue' => 'bc. {{ netsparker[evidence.vulnerableparametervalue] }}'
11
+ },
12
+ issue: {
13
+ 'Title' => '{{ netsparker[issue.title] }}',
14
+ 'Severity' => '{{ netsparker[issue.severity] }}',
15
+ 'Certainty' => '{{ netsparker[issue.certainty] }}',
16
+ 'Description' => '{{ netsparker[issue.description] }}',
17
+ 'Remedy' => '{{ netsparker[issue.remedy] }}'
18
+ }
19
+ }.freeze
20
+
21
+ SOURCE_FIELDS = {
22
+ evidence: [
23
+ 'evidence.rawrequest',
24
+ 'evidence.rawresponse',
25
+ 'evidence.url',
26
+ 'evidence.vulnerableparameter',
27
+ 'evidence.vulnerableparametertype',
28
+ 'evidence.vulnerableparametervalue'
29
+ ],
30
+ issue: [
31
+ 'issue.actions_to_take',
32
+ 'issue.certainty',
33
+ 'issue.classification_asvs40',
34
+ 'issue.classification_capec',
35
+ 'issue.classification_cvss_vector',
36
+ 'issue.classification_cvss_base_value',
37
+ 'issue.classification_cvss_base_severity',
38
+ 'issue.classification_cvss_environmental_value',
39
+ 'issue.classification_cvss_environmental_severity',
40
+ 'issue.classification_cvss_temporal_value',
41
+ 'issue.classification_cvss_temporal_severity',
42
+ 'issue.classification_cwe',
43
+ 'issue.classification_disastig',
44
+ 'issue.classification_hipaa',
45
+ 'issue.classification_iso27001',
46
+ 'issue.classification_nistsp80053',
47
+ 'issue.classification_owasp2013',
48
+ 'issue.classification_owasp2017',
49
+ 'issue.classification_owasp2021',
50
+ 'issue.classification_owasppc',
51
+ 'issue.classification_pci31',
52
+ 'issue.classification_pci32',
53
+ 'issue.classification_wasc',
54
+ 'issue.description',
55
+ 'issue.external_references',
56
+ 'issue.extrainformation',
57
+ 'issue.impact',
58
+ 'issue.knownvulnerabilities',
59
+ 'issue.remedy',
60
+ 'issue.remedy_references',
61
+ 'issue.required_skills_for_exploitation',
62
+ 'issue.severity',
63
+ 'issue.title',
64
+ 'issue.type'
65
+ ]
66
+ }.freeze
67
+ end
68
+ end
@@ -7,5 +7,6 @@ end
7
7
 
8
8
  require 'dradis/plugins/netsparker/engine'
9
9
  require 'dradis/plugins/netsparker/field_processor'
10
+ require 'dradis/plugins/netsparker/mapping'
10
11
  require 'dradis/plugins/netsparker/importer'
11
12
  require 'dradis/plugins/netsparker/version'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-netsparker
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.10.0
4
+ version: 4.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-07 00:00:00.000000000 Z
11
+ date: 2024-05-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -96,7 +96,7 @@ dependencies:
96
96
  version: 0.5.2
97
97
  description: This add-on allows you to upload and parse output produced from Netsparker
98
98
  Web Vulnerability Scanner into Dradis.
99
- email:
99
+ email:
100
100
  executables: []
101
101
  extensions: []
102
102
  extra_rdoc_files: []
@@ -118,6 +118,7 @@ files:
118
118
  - lib/dradis/plugins/netsparker/field_processor.rb
119
119
  - lib/dradis/plugins/netsparker/gem_version.rb
120
120
  - lib/dradis/plugins/netsparker/importer.rb
121
+ - lib/dradis/plugins/netsparker/mapping.rb
121
122
  - lib/dradis/plugins/netsparker/version.rb
122
123
  - lib/netsparker/vulnerability.rb
123
124
  - lib/tasks/thorfile.rb
@@ -128,17 +129,13 @@ files:
128
129
  - spec/fixtures/files/testsparker.xml
129
130
  - spec/spec_helper.rb
130
131
  - spec/vulnerability_spec.rb
131
- - templates/evidence.fields
132
132
  - templates/evidence.sample
133
- - templates/evidence.template
134
- - templates/issue.fields
135
133
  - templates/issue.sample
136
- - templates/issue.template
137
134
  homepage: https://dradis.com/integrations/netsparker.html
138
135
  licenses:
139
136
  - GPL-2
140
137
  metadata: {}
141
- post_install_message:
138
+ post_install_message:
142
139
  rdoc_options: []
143
140
  require_paths:
144
141
  - lib
@@ -154,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
154
151
  version: '0'
155
152
  requirements: []
156
153
  rubygems_version: 3.1.4
157
- signing_key:
154
+ signing_key:
158
155
  specification_version: 4
159
156
  summary: Netsparker add-on for the Dradis Framework.
160
157
  test_files:
@@ -1,6 +0,0 @@
1
- evidence.rawrequest
2
- evidence.rawresponse
3
- evidence.url
4
- evidence.vulnerableparameter
5
- evidence.vulnerableparametertype
6
- evidence.vulnerableparametervalue
@@ -1,17 +0,0 @@
1
- #[URL]#
2
- %evidence.url%
3
-
4
- #[Request]#
5
- bc.. %evidence.rawrequest%
6
-
7
- #[Response]#
8
- bc.. %evidence.rawresponse%
9
-
10
- #[VulnerableParameter]#
11
- bc. %evidence.vulnerableparameter%
12
-
13
- #[VulnerableParameterType]#
14
- bc. %evidence.vulnerableparametertype%
15
-
16
- #[VulnerableParameterValue]#
17
- bc. %evidence.vulnerableparametervalue%
@@ -1,34 +0,0 @@
1
- issue.actions_to_take
2
- issue.certainty
3
- issue.classification_asvs40
4
- issue.classification_capec
5
- issue.classification_cvss_vector
6
- issue.classification_cvss_base_value
7
- issue.classification_cvss_base_severity
8
- issue.classification_cvss_environmental_value
9
- issue.classification_cvss_environmental_severity
10
- issue.classification_cvss_temporal_value
11
- issue.classification_cvss_temporal_severity
12
- issue.classification_cwe
13
- issue.classification_disastig
14
- issue.classification_hipaa
15
- issue.classification_iso27001
16
- issue.classification_nistsp80053
17
- issue.classification_owasp2013
18
- issue.classification_owasp2017
19
- issue.classification_owasp2021
20
- issue.classification_owasppc
21
- issue.classification_pci31
22
- issue.classification_pci32
23
- issue.classification_wasc
24
- issue.description
25
- issue.external_references
26
- issue.extrainformation
27
- issue.impact
28
- issue.knownvulnerabilities
29
- issue.remedy
30
- issue.remedy_references
31
- issue.required_skills_for_exploitation
32
- issue.severity
33
- issue.title
34
- issue.type
@@ -1,14 +0,0 @@
1
- #[Title]#
2
- %issue.title%
3
-
4
- #[Severity]#
5
- %issue.severity%
6
-
7
- #[Certainty]#
8
- %issue.certainty%
9
-
10
- #[Description]#
11
- %issue.description%
12
-
13
- #[Remedy]#
14
- %issue.remedy%