dradis-netsparker 4.10.0 → 4.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/pull_request_template.md +12 -3
- data/CHANGELOG.md +7 -0
- data/README.md +3 -3
- data/lib/dradis/plugins/netsparker/gem_version.rb +1 -1
- data/lib/dradis/plugins/netsparker/importer.rb +4 -4
- data/lib/dradis/plugins/netsparker/mapping.rb +68 -0
- data/lib/dradis/plugins/netsparker.rb +1 -0
- metadata +7 -10
- data/templates/evidence.fields +0 -6
- data/templates/evidence.template +0 -17
- data/templates/issue.fields +0 -34
- data/templates/issue.template +0 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1851daa2e0c46884ce33fa62481992a231ff87927d2c3e1a1f0c395f7c93e570
|
4
|
+
data.tar.gz: f8c2d842927e1626eca34daed2a5cdd454d1cea5c8a0216ca1d2358066c4b24e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a3c6d372b877dea68b90da9296371885aa14f91529679cba9b513208a7d9b63decbfc7bc597a406fe6d0d904b2991dc47101584617f62c929d08483b3ba82cd9
|
7
|
+
data.tar.gz: 581a1fd4a787aaa47ebd8700ec18fca92fa15e22e129ab5131cdd624604d7ec4edcbf83cacad8c33d818777fa403285fab198fa216ae39782e4fb9a25fdd75e2
|
@@ -1,3 +1,5 @@
|
|
1
|
+
Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
|
2
|
+
|
1
3
|
### Summary
|
2
4
|
|
3
5
|
Provide a general description of the code changes in your pull
|
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
|
|
6
8
|
to keep the conversation linked together.
|
7
9
|
|
8
10
|
|
11
|
+
### Testing Steps
|
12
|
+
|
13
|
+
Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
|
14
|
+
|
15
|
+
|
9
16
|
### Other Information
|
10
17
|
|
11
18
|
If there's anything else that's important and relevant to your pull
|
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
|
|
26
33
|
codebase. Any code you create which is merged must be owned by us.
|
27
34
|
That's not us trying to be a jerks, that's just the way it works.
|
28
35
|
|
29
|
-
Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
|
30
|
-
file for the details.
|
31
|
-
|
32
36
|
You can delete this section, but the following sentence needs to
|
33
37
|
remain in the PR's description:
|
34
38
|
|
35
39
|
> I assign all rights, including copyright, to any future Dradis
|
36
40
|
> work by myself to Security Roots.
|
41
|
+
|
42
|
+
### Check List
|
43
|
+
|
44
|
+
- [ ] Added a CHANGELOG entry
|
45
|
+
- [ ] Added specs
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -4,17 +4,17 @@
|
|
4
4
|
|
5
5
|
The Netsparker add-on enables users to upload Netsparker XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
|
6
6
|
|
7
|
-
The add-on requires [Dradis CE](https://
|
7
|
+
The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
|
8
8
|
|
9
9
|
|
10
10
|
## More information
|
11
11
|
|
12
|
-
See the Dradis Framework's [README.md](https://github.com/dradis/
|
12
|
+
See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
|
13
13
|
|
14
14
|
|
15
15
|
## Contributing
|
16
16
|
|
17
|
-
See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/
|
17
|
+
See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
|
18
18
|
|
19
19
|
|
20
20
|
## License
|
@@ -40,7 +40,7 @@ module Dradis::Plugins::Netsparker
|
|
40
40
|
@doc.xpath('/netsparker/vulnerability').each do |xml_vuln|
|
41
41
|
process_vuln(xml_vuln, host_node)
|
42
42
|
end
|
43
|
-
|
43
|
+
|
44
44
|
end
|
45
45
|
|
46
46
|
def process_vuln(xml_vuln, host_node)
|
@@ -49,14 +49,14 @@ module Dradis::Plugins::Netsparker
|
|
49
49
|
# Create Issues using the Issue template
|
50
50
|
logger.info{ "\t\t => Creating new Issue: #{type}" }
|
51
51
|
|
52
|
-
issue_text =
|
52
|
+
issue_text = mapping_service.apply_mapping(source: 'issue', data: xml_vuln)
|
53
53
|
issue = content_service.create_issue(text: issue_text, id: type)
|
54
54
|
|
55
55
|
# Create Evidence using the Evidence template
|
56
56
|
# Associate the Evidence with the Node and Issue
|
57
57
|
logger.info{ "\t\t => Creating new evidence" }
|
58
|
-
evidence_content =
|
59
|
-
|
58
|
+
evidence_content = mapping_service.apply_mapping(
|
59
|
+
source: 'evidence', data: xml_vuln
|
60
60
|
)
|
61
61
|
content_service.create_evidence(
|
62
62
|
issue: issue, node: host_node, content: evidence_content
|
@@ -0,0 +1,68 @@
|
|
1
|
+
module Dradis::Plugins::Netsparker
|
2
|
+
module Mapping
|
3
|
+
DEFAULT_MAPPING = {
|
4
|
+
evidence: {
|
5
|
+
'URL' => '{{ netsparker[evidence.url] }}',
|
6
|
+
'Request' => 'bc.. {{ netsparker[evidence.rawrequest] }}',
|
7
|
+
'Response' => 'bc.. {{ netsparker[evidence.rawresponse] }}',
|
8
|
+
'VulnerableParameter' => 'bc. {{ netsparker[evidence.vulnerableparameter] }}',
|
9
|
+
'VulnerableParameterType' => 'bc. {{ netsparker[evidence.vulnerableparametertype] }}',
|
10
|
+
'VulnerableParameterValue' => 'bc. {{ netsparker[evidence.vulnerableparametervalue] }}'
|
11
|
+
},
|
12
|
+
issue: {
|
13
|
+
'Title' => '{{ netsparker[issue.title] }}',
|
14
|
+
'Severity' => '{{ netsparker[issue.severity] }}',
|
15
|
+
'Certainty' => '{{ netsparker[issue.certainty] }}',
|
16
|
+
'Description' => '{{ netsparker[issue.description] }}',
|
17
|
+
'Remedy' => '{{ netsparker[issue.remedy] }}'
|
18
|
+
}
|
19
|
+
}.freeze
|
20
|
+
|
21
|
+
SOURCE_FIELDS = {
|
22
|
+
evidence: [
|
23
|
+
'evidence.rawrequest',
|
24
|
+
'evidence.rawresponse',
|
25
|
+
'evidence.url',
|
26
|
+
'evidence.vulnerableparameter',
|
27
|
+
'evidence.vulnerableparametertype',
|
28
|
+
'evidence.vulnerableparametervalue'
|
29
|
+
],
|
30
|
+
issue: [
|
31
|
+
'issue.actions_to_take',
|
32
|
+
'issue.certainty',
|
33
|
+
'issue.classification_asvs40',
|
34
|
+
'issue.classification_capec',
|
35
|
+
'issue.classification_cvss_vector',
|
36
|
+
'issue.classification_cvss_base_value',
|
37
|
+
'issue.classification_cvss_base_severity',
|
38
|
+
'issue.classification_cvss_environmental_value',
|
39
|
+
'issue.classification_cvss_environmental_severity',
|
40
|
+
'issue.classification_cvss_temporal_value',
|
41
|
+
'issue.classification_cvss_temporal_severity',
|
42
|
+
'issue.classification_cwe',
|
43
|
+
'issue.classification_disastig',
|
44
|
+
'issue.classification_hipaa',
|
45
|
+
'issue.classification_iso27001',
|
46
|
+
'issue.classification_nistsp80053',
|
47
|
+
'issue.classification_owasp2013',
|
48
|
+
'issue.classification_owasp2017',
|
49
|
+
'issue.classification_owasp2021',
|
50
|
+
'issue.classification_owasppc',
|
51
|
+
'issue.classification_pci31',
|
52
|
+
'issue.classification_pci32',
|
53
|
+
'issue.classification_wasc',
|
54
|
+
'issue.description',
|
55
|
+
'issue.external_references',
|
56
|
+
'issue.extrainformation',
|
57
|
+
'issue.impact',
|
58
|
+
'issue.knownvulnerabilities',
|
59
|
+
'issue.remedy',
|
60
|
+
'issue.remedy_references',
|
61
|
+
'issue.required_skills_for_exploitation',
|
62
|
+
'issue.severity',
|
63
|
+
'issue.title',
|
64
|
+
'issue.type'
|
65
|
+
]
|
66
|
+
}.freeze
|
67
|
+
end
|
68
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-netsparker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Martin
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-05-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dradis-plugins
|
@@ -96,7 +96,7 @@ dependencies:
|
|
96
96
|
version: 0.5.2
|
97
97
|
description: This add-on allows you to upload and parse output produced from Netsparker
|
98
98
|
Web Vulnerability Scanner into Dradis.
|
99
|
-
email:
|
99
|
+
email:
|
100
100
|
executables: []
|
101
101
|
extensions: []
|
102
102
|
extra_rdoc_files: []
|
@@ -118,6 +118,7 @@ files:
|
|
118
118
|
- lib/dradis/plugins/netsparker/field_processor.rb
|
119
119
|
- lib/dradis/plugins/netsparker/gem_version.rb
|
120
120
|
- lib/dradis/plugins/netsparker/importer.rb
|
121
|
+
- lib/dradis/plugins/netsparker/mapping.rb
|
121
122
|
- lib/dradis/plugins/netsparker/version.rb
|
122
123
|
- lib/netsparker/vulnerability.rb
|
123
124
|
- lib/tasks/thorfile.rb
|
@@ -128,17 +129,13 @@ files:
|
|
128
129
|
- spec/fixtures/files/testsparker.xml
|
129
130
|
- spec/spec_helper.rb
|
130
131
|
- spec/vulnerability_spec.rb
|
131
|
-
- templates/evidence.fields
|
132
132
|
- templates/evidence.sample
|
133
|
-
- templates/evidence.template
|
134
|
-
- templates/issue.fields
|
135
133
|
- templates/issue.sample
|
136
|
-
- templates/issue.template
|
137
134
|
homepage: https://dradis.com/integrations/netsparker.html
|
138
135
|
licenses:
|
139
136
|
- GPL-2
|
140
137
|
metadata: {}
|
141
|
-
post_install_message:
|
138
|
+
post_install_message:
|
142
139
|
rdoc_options: []
|
143
140
|
require_paths:
|
144
141
|
- lib
|
@@ -154,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
154
151
|
version: '0'
|
155
152
|
requirements: []
|
156
153
|
rubygems_version: 3.1.4
|
157
|
-
signing_key:
|
154
|
+
signing_key:
|
158
155
|
specification_version: 4
|
159
156
|
summary: Netsparker add-on for the Dradis Framework.
|
160
157
|
test_files:
|
data/templates/evidence.fields
DELETED
data/templates/evidence.template
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
#[URL]#
|
2
|
-
%evidence.url%
|
3
|
-
|
4
|
-
#[Request]#
|
5
|
-
bc.. %evidence.rawrequest%
|
6
|
-
|
7
|
-
#[Response]#
|
8
|
-
bc.. %evidence.rawresponse%
|
9
|
-
|
10
|
-
#[VulnerableParameter]#
|
11
|
-
bc. %evidence.vulnerableparameter%
|
12
|
-
|
13
|
-
#[VulnerableParameterType]#
|
14
|
-
bc. %evidence.vulnerableparametertype%
|
15
|
-
|
16
|
-
#[VulnerableParameterValue]#
|
17
|
-
bc. %evidence.vulnerableparametervalue%
|
data/templates/issue.fields
DELETED
@@ -1,34 +0,0 @@
|
|
1
|
-
issue.actions_to_take
|
2
|
-
issue.certainty
|
3
|
-
issue.classification_asvs40
|
4
|
-
issue.classification_capec
|
5
|
-
issue.classification_cvss_vector
|
6
|
-
issue.classification_cvss_base_value
|
7
|
-
issue.classification_cvss_base_severity
|
8
|
-
issue.classification_cvss_environmental_value
|
9
|
-
issue.classification_cvss_environmental_severity
|
10
|
-
issue.classification_cvss_temporal_value
|
11
|
-
issue.classification_cvss_temporal_severity
|
12
|
-
issue.classification_cwe
|
13
|
-
issue.classification_disastig
|
14
|
-
issue.classification_hipaa
|
15
|
-
issue.classification_iso27001
|
16
|
-
issue.classification_nistsp80053
|
17
|
-
issue.classification_owasp2013
|
18
|
-
issue.classification_owasp2017
|
19
|
-
issue.classification_owasp2021
|
20
|
-
issue.classification_owasppc
|
21
|
-
issue.classification_pci31
|
22
|
-
issue.classification_pci32
|
23
|
-
issue.classification_wasc
|
24
|
-
issue.description
|
25
|
-
issue.external_references
|
26
|
-
issue.extrainformation
|
27
|
-
issue.impact
|
28
|
-
issue.knownvulnerabilities
|
29
|
-
issue.remedy
|
30
|
-
issue.remedy_references
|
31
|
-
issue.required_skills_for_exploitation
|
32
|
-
issue.severity
|
33
|
-
issue.title
|
34
|
-
issue.type
|