dradis-netsparker 4.11.0 → 4.13.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/README.md +1 -1
  4. data/dradis-netsparker.gemspec +1 -1
  5. data/lib/dradis/plugins/netsparker/gem_version.rb +1 -1
  6. data/lib/dradis/plugins/netsparker/importer.rb +4 -4
  7. data/lib/dradis/plugins/netsparker/mapping.rb +70 -0
  8. data/lib/dradis/plugins/netsparker.rb +1 -0
  9. metadata +8 -11
  10. data/templates/evidence.fields +0 -6
  11. data/templates/evidence.template +0 -17
  12. data/templates/issue.fields +0 -34
  13. data/templates/issue.template +0 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8bac10565fd7c0cbf146cc2f2fab93aab43b722da037bb5853dbc074ae98e274
4
- data.tar.gz: 9d4cba5cdeaba7056f6a73f177f04be32e8bb0d1cb9d3d1acc19a6ac01a532c6
3
+ metadata.gz: c83d2255173caac9b11aff3ce1539336ff0e264eb82ea9428cb5c25817426303
4
+ data.tar.gz: b5d53ddf4e82a0a0aec75752c20fd434c142cf5545fd898b3b1f6c7611c7bbe8
5
5
  SHA512:
6
- metadata.gz: 495da9ac19d01fc8daef87568877013194166d206992905d3ecb19af7ea6fff7393e995145935983b734c5c5f62a542731d00ad73aba7b06ca9e6ea50c89c29a
7
- data.tar.gz: a84c2bbdffbbc508d82e58c2c2ff56381e4576ed72611895a609048fae630de3434aa16b760102922416f84df78298c92900660a2375c50478224d07d894329e
6
+ metadata.gz: ea20d0a1e159599ec877390f3c3da928ccc2392573f482274ce2208eabc7154d4719d192791cc38de21ac37e781e4e1260e6271b6430f2b094709030c8fa44de
7
+ data.tar.gz: 280c4df3c8293aa16513deaf31a1efd797c6d0ce584a8fea3a4fb5984c3036fca4589d06c7a9b4c8e2a3e220b89bf308219448b82641610693c1fd5ba0e8bd1c
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ v4.13.0 (July 2024)
2
+ - Add extrainformation as an available evidence field
3
+
4
+ v4.12.0 (May 2024)
5
+ - Migrate integration to use Mappings Manager
6
+ - Update Dradis links in README
7
+
1
8
  v4.11.0 (January 2024)
2
9
  - No changes
3
10
 
data/README.md CHANGED
@@ -4,7 +4,7 @@
4
4
 
5
5
  The Netsparker add-on enables users to upload Netsparker XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
6
6
 
7
- The add-on requires [Dradis CE](https://dradisframework.com/ce/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
7
+ The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
8
8
 
9
9
 
10
10
  ## More information
data/dradis-netsparker.gemspec CHANGED
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
26
26
  spec.add_dependency 'dradis-plugins', '~> 4.0'
27
27
  spec.add_dependency 'nokogiri', '>= 1.12.5'
28
28
 
29
- spec.add_development_dependency 'bundler'
29
+ spec.add_development_dependency 'bundler', '~> 2.0'
30
30
  spec.add_development_dependency 'rake', '~> 10.0'
31
31
  spec.add_development_dependency 'rspec-rails'
32
32
  spec.add_development_dependency 'combustion', '~> 0.5.2'
data/lib/dradis/plugins/netsparker/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 11
11
+ MINOR = 13
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
data/lib/dradis/plugins/netsparker/importer.rb CHANGED
@@ -40,7 +40,7 @@ module Dradis::Plugins::Netsparker
40
40
  @doc.xpath('/netsparker/vulnerability').each do |xml_vuln|
41
41
  process_vuln(xml_vuln, host_node)
42
42
  end
43
-
43
+
44
44
  end
45
45
 
46
46
  def process_vuln(xml_vuln, host_node)
@@ -49,14 +49,14 @@ module Dradis::Plugins::Netsparker
49
49
  # Create Issues using the Issue template
50
50
  logger.info{ "\t\t => Creating new Issue: #{type}" }
51
51
 
52
- issue_text = template_service.process_template(template: 'issue', data: xml_vuln)
52
+ issue_text = mapping_service.apply_mapping(source: 'issue', data: xml_vuln)
53
53
  issue = content_service.create_issue(text: issue_text, id: type)
54
54
 
55
55
  # Create Evidence using the Evidence template
56
56
  # Associate the Evidence with the Node and Issue
57
57
  logger.info{ "\t\t => Creating new evidence" }
58
- evidence_content = template_service.process_template(
59
- template: 'evidence', data: xml_vuln
58
+ evidence_content = mapping_service.apply_mapping(
59
+ source: 'evidence', data: xml_vuln
60
60
  )
61
61
  content_service.create_evidence(
62
62
  issue: issue, node: host_node, content: evidence_content
data/lib/dradis/plugins/netsparker/mapping.rb ADDED
@@ -0,0 +1,70 @@
1
+ module Dradis::Plugins::Netsparker
2
+ module Mapping
3
+ DEFAULT_MAPPING = {
4
+ evidence: {
5
+ 'ExtraInformation' => '{{ netsparker[evidence.extrainformation] }}',
6
+ 'URL' => '{{ netsparker[evidence.url] }}',
7
+ 'Request' => 'bc.. {{ netsparker[evidence.rawrequest] }}',
8
+ 'Response' => 'bc.. {{ netsparker[evidence.rawresponse] }}',
9
+ 'VulnerableParameter' => 'bc. {{ netsparker[evidence.vulnerableparameter] }}',
10
+ 'VulnerableParameterType' => 'bc. {{ netsparker[evidence.vulnerableparametertype] }}',
11
+ 'VulnerableParameterValue' => 'bc. {{ netsparker[evidence.vulnerableparametervalue] }}'
12
+ },
13
+ issue: {
14
+ 'Title' => '{{ netsparker[issue.title] }}',
15
+ 'Severity' => '{{ netsparker[issue.severity] }}',
16
+ 'Certainty' => '{{ netsparker[issue.certainty] }}',
17
+ 'Description' => '{{ netsparker[issue.description] }}',
18
+ 'Remedy' => '{{ netsparker[issue.remedy] }}'
19
+ }
20
+ }.freeze
21
+
22
+ SOURCE_FIELDS = {
23
+ evidence: [
24
+ 'evidence.extrainformation',
25
+ 'evidence.rawrequest',
26
+ 'evidence.rawresponse',
27
+ 'evidence.url',
28
+ 'evidence.vulnerableparameter',
29
+ 'evidence.vulnerableparametertype',
30
+ 'evidence.vulnerableparametervalue'
31
+ ],
32
+ issue: [
33
+ 'issue.actions_to_take',
34
+ 'issue.certainty',
35
+ 'issue.classification_asvs40',
36
+ 'issue.classification_capec',
37
+ 'issue.classification_cvss_vector',
38
+ 'issue.classification_cvss_base_value',
39
+ 'issue.classification_cvss_base_severity',
40
+ 'issue.classification_cvss_environmental_value',
41
+ 'issue.classification_cvss_environmental_severity',
42
+ 'issue.classification_cvss_temporal_value',
43
+ 'issue.classification_cvss_temporal_severity',
44
+ 'issue.classification_cwe',
45
+ 'issue.classification_disastig',
46
+ 'issue.classification_hipaa',
47
+ 'issue.classification_iso27001',
48
+ 'issue.classification_nistsp80053',
49
+ 'issue.classification_owasp2013',
50
+ 'issue.classification_owasp2017',
51
+ 'issue.classification_owasp2021',
52
+ 'issue.classification_owasppc',
53
+ 'issue.classification_pci31',
54
+ 'issue.classification_pci32',
55
+ 'issue.classification_wasc',
56
+ 'issue.description',
57
+ 'issue.external_references',
58
+ 'issue.extrainformation',
59
+ 'issue.impact',
60
+ 'issue.knownvulnerabilities',
61
+ 'issue.remedy',
62
+ 'issue.remedy_references',
63
+ 'issue.required_skills_for_exploitation',
64
+ 'issue.severity',
65
+ 'issue.title',
66
+ 'issue.type'
67
+ ]
68
+ }.freeze
69
+ end
70
+ end
data/lib/dradis/plugins/netsparker.rb CHANGED
@@ -7,5 +7,6 @@ end
7
7
 
8
8
  require 'dradis/plugins/netsparker/engine'
9
9
  require 'dradis/plugins/netsparker/field_processor'
10
+ require 'dradis/plugins/netsparker/mapping'
10
11
  require 'dradis/plugins/netsparker/importer'
11
12
  require 'dradis/plugins/netsparker/version'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-netsparker
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.11.0
4
+ version: 4.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-17 00:00:00.000000000 Z
11
+ date: 2024-08-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -42,16 +42,16 @@ dependencies:
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ">="
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '0'
47
+ version: '2.0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ">="
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '0'
54
+ version: '2.0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rake
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -118,6 +118,7 @@ files:
118
118
  - lib/dradis/plugins/netsparker/field_processor.rb
119
119
  - lib/dradis/plugins/netsparker/gem_version.rb
120
120
  - lib/dradis/plugins/netsparker/importer.rb
121
+ - lib/dradis/plugins/netsparker/mapping.rb
121
122
  - lib/dradis/plugins/netsparker/version.rb
122
123
  - lib/netsparker/vulnerability.rb
123
124
  - lib/tasks/thorfile.rb
@@ -128,12 +129,8 @@ files:
128
129
  - spec/fixtures/files/testsparker.xml
129
130
  - spec/spec_helper.rb
130
131
  - spec/vulnerability_spec.rb
131
- - templates/evidence.fields
132
132
  - templates/evidence.sample
133
- - templates/evidence.template
134
- - templates/issue.fields
135
133
  - templates/issue.sample
136
- - templates/issue.template
137
134
  homepage: https://dradis.com/integrations/netsparker.html
138
135
  licenses:
139
136
  - GPL-2
@@ -153,7 +150,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
153
150
  - !ruby/object:Gem::Version
154
151
  version: '0'
155
152
  requirements: []
156
- rubygems_version: 3.3.7
153
+ rubygems_version: 3.5.6
157
154
  signing_key:
158
155
  specification_version: 4
159
156
  summary: Netsparker add-on for the Dradis Framework.
data/templates/evidence.fields DELETED
@@ -1,6 +0,0 @@
1
- evidence.rawrequest
2
- evidence.rawresponse
3
- evidence.url
4
- evidence.vulnerableparameter
5
- evidence.vulnerableparametertype
6
- evidence.vulnerableparametervalue
data/templates/evidence.template DELETED
@@ -1,17 +0,0 @@
1
- #[URL]#
2
- %evidence.url%
3
-
4
- #[Request]#
5
- bc.. %evidence.rawrequest%
6
-
7
- #[Response]#
8
- bc.. %evidence.rawresponse%
9
-
10
- #[VulnerableParameter]#
11
- bc. %evidence.vulnerableparameter%
12
-
13
- #[VulnerableParameterType]#
14
- bc. %evidence.vulnerableparametertype%
15
-
16
- #[VulnerableParameterValue]#
17
- bc. %evidence.vulnerableparametervalue%
data/templates/issue.fields DELETED
@@ -1,34 +0,0 @@
1
- issue.actions_to_take
2
- issue.certainty
3
- issue.classification_asvs40
4
- issue.classification_capec
5
- issue.classification_cvss_vector
6
- issue.classification_cvss_base_value
7
- issue.classification_cvss_base_severity
8
- issue.classification_cvss_environmental_value
9
- issue.classification_cvss_environmental_severity
10
- issue.classification_cvss_temporal_value
11
- issue.classification_cvss_temporal_severity
12
- issue.classification_cwe
13
- issue.classification_disastig
14
- issue.classification_hipaa
15
- issue.classification_iso27001
16
- issue.classification_nistsp80053
17
- issue.classification_owasp2013
18
- issue.classification_owasp2017
19
- issue.classification_owasp2021
20
- issue.classification_owasppc
21
- issue.classification_pci31
22
- issue.classification_pci32
23
- issue.classification_wasc
24
- issue.description
25
- issue.external_references
26
- issue.extrainformation
27
- issue.impact
28
- issue.knownvulnerabilities
29
- issue.remedy
30
- issue.remedy_references
31
- issue.required_skills_for_exploitation
32
- issue.severity
33
- issue.title
34
- issue.type
data/templates/issue.template DELETED
@@ -1,14 +0,0 @@
1
- #[Title]#
2
- %issue.title%
3
-
4
- #[Severity]#
5
- %issue.severity%
6
-
7
- #[Certainty]#
8
- %issue.certainty%
9
-
10
- #[Description]#
11
- %issue.description%
12
-
13
- #[Remedy]#
14
- %issue.remedy%