RubyGems - dradis-netsparker - Versions diffs - 4.11.0 → 4.12.0 - Mend

dradis-netsparker 4.11.0 → 4.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/README.md +1 -1
data/lib/dradis/plugins/netsparker/gem_version.rb +1 -1
data/lib/dradis/plugins/netsparker/importer.rb +4 -4
data/lib/dradis/plugins/netsparker/mapping.rb +68 -0
data/lib/dradis/plugins/netsparker.rb +1 -0
metadata +4 -7
data/templates/evidence.fields +0 -6
data/templates/evidence.template +0 -17
data/templates/issue.fields +0 -34
data/templates/issue.template +0 -14

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8bac10565fd7c0cbf146cc2f2fab93aab43b722da037bb5853dbc074ae98e274
-  data.tar.gz: 9d4cba5cdeaba7056f6a73f177f04be32e8bb0d1cb9d3d1acc19a6ac01a532c6
+  metadata.gz: 1851daa2e0c46884ce33fa62481992a231ff87927d2c3e1a1f0c395f7c93e570
+  data.tar.gz: f8c2d842927e1626eca34daed2a5cdd454d1cea5c8a0216ca1d2358066c4b24e
 SHA512:
-  metadata.gz: 495da9ac19d01fc8daef87568877013194166d206992905d3ecb19af7ea6fff7393e995145935983b734c5c5f62a542731d00ad73aba7b06ca9e6ea50c89c29a
-  data.tar.gz: a84c2bbdffbbc508d82e58c2c2ff56381e4576ed72611895a609048fae630de3434aa16b760102922416f84df78298c92900660a2375c50478224d07d894329e
+  metadata.gz: a3c6d372b877dea68b90da9296371885aa14f91529679cba9b513208a7d9b63decbfc7bc597a406fe6d0d904b2991dc47101584617f62c929d08483b3ba82cd9
+  data.tar.gz: 581a1fd4a787aaa47ebd8700ec18fca92fa15e22e129ab5131cdd624604d7ec4edcbf83cacad8c33d818777fa403285fab198fa216ae39782e4fb9a25fdd75e2

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+v4.12.0 (May 2024)
+ - Migrate integration to use Mappings Manager
+ - Update Dradis links in README
 v4.11.0 (January 2024)
   - No changes

data/README.md CHANGED Viewed

@@ -4,7 +4,7 @@
 The Netsparker add-on enables users to upload Netsparker XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
-The add-on requires [Dradis CE](https://dradisframework.com/ce/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 ## More information

data/lib/dradis/plugins/netsparker/gem_version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 11
+        MINOR = 12
         TINY = 0
         PRE = nil

data/lib/dradis/plugins/netsparker/importer.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Dradis::Plugins::Netsparker
       @doc.xpath('/netsparker/vulnerability').each do |xml_vuln|
         process_vuln(xml_vuln, host_node)
       end
     end
     def process_vuln(xml_vuln, host_node)
@@ -49,14 +49,14 @@ module Dradis::Plugins::Netsparker
       # Create Issues using the Issue template
       logger.info{ "\t\t => Creating new Issue: #{type}" }
-      issue_text = template_service.process_template(template: 'issue', data: xml_vuln)
+      issue_text = mapping_service.apply_mapping(source: 'issue', data: xml_vuln)
       issue = content_service.create_issue(text: issue_text, id: type)
       # Create Evidence using the Evidence template
       # Associate the Evidence with the Node and Issue
       logger.info{ "\t\t => Creating new evidence" }
-      evidence_content = template_service.process_template(
-        template: 'evidence', data: xml_vuln
+      evidence_content = mapping_service.apply_mapping(
+        source: 'evidence', data: xml_vuln
       )
       content_service.create_evidence(
         issue: issue, node: host_node, content: evidence_content

data/lib/dradis/plugins/netsparker/mapping.rb ADDED Viewed

@@ -0,0 +1,68 @@
+module Dradis::Plugins::Netsparker
+  module Mapping
+    DEFAULT_MAPPING = {
+      evidence: {
+        'URL' => '{{ netsparker[evidence.url] }}',
+        'Request' => 'bc.. {{ netsparker[evidence.rawrequest] }}',
+        'Response' => 'bc.. {{ netsparker[evidence.rawresponse] }}',
+        'VulnerableParameter' => 'bc. {{ netsparker[evidence.vulnerableparameter] }}',
+        'VulnerableParameterType' => 'bc. {{ netsparker[evidence.vulnerableparametertype] }}',
+        'VulnerableParameterValue' => 'bc. {{ netsparker[evidence.vulnerableparametervalue] }}'
+      },
+      issue: {
+        'Title' => '{{ netsparker[issue.title] }}',
+        'Severity' => '{{ netsparker[issue.severity] }}',
+        'Certainty' => '{{ netsparker[issue.certainty] }}',
+        'Description' => '{{ netsparker[issue.description] }}',
+        'Remedy' => '{{ netsparker[issue.remedy] }}'
+      }
+    }.freeze
+    SOURCE_FIELDS = {
+      evidence: [
+        'evidence.rawrequest',
+        'evidence.rawresponse',
+        'evidence.url',
+        'evidence.vulnerableparameter',
+        'evidence.vulnerableparametertype',
+        'evidence.vulnerableparametervalue'
+      ],
+      issue: [
+        'issue.actions_to_take',
+        'issue.certainty',
+        'issue.classification_asvs40',
+        'issue.classification_capec',
+        'issue.classification_cvss_vector',
+        'issue.classification_cvss_base_value',
+        'issue.classification_cvss_base_severity',
+        'issue.classification_cvss_environmental_value',
+        'issue.classification_cvss_environmental_severity',
+        'issue.classification_cvss_temporal_value',
+        'issue.classification_cvss_temporal_severity',
+        'issue.classification_cwe',
+        'issue.classification_disastig',
+        'issue.classification_hipaa',
+        'issue.classification_iso27001',
+        'issue.classification_nistsp80053',
+        'issue.classification_owasp2013',
+        'issue.classification_owasp2017',
+        'issue.classification_owasp2021',
+        'issue.classification_owasppc',
+        'issue.classification_pci31',
+        'issue.classification_pci32',
+        'issue.classification_wasc',
+        'issue.description',
+        'issue.external_references',
+        'issue.extrainformation',
+        'issue.impact',
+        'issue.knownvulnerabilities',
+        'issue.remedy',
+        'issue.remedy_references',
+        'issue.required_skills_for_exploitation',
+        'issue.severity',
+        'issue.title',
+        'issue.type'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/netsparker.rb CHANGED Viewed

@@ -7,5 +7,6 @@ end
 require 'dradis/plugins/netsparker/engine'
 require 'dradis/plugins/netsparker/field_processor'
+require 'dradis/plugins/netsparker/mapping'
 require 'dradis/plugins/netsparker/importer'
 require 'dradis/plugins/netsparker/version'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-netsparker
 version: !ruby/object:Gem::Version
-  version: 4.11.0
+  version: 4.12.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-17 00:00:00.000000000 Z
+date: 2024-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -118,6 +118,7 @@ files:
 - lib/dradis/plugins/netsparker/field_processor.rb
 - lib/dradis/plugins/netsparker/gem_version.rb
 - lib/dradis/plugins/netsparker/importer.rb
+- lib/dradis/plugins/netsparker/mapping.rb
 - lib/dradis/plugins/netsparker/version.rb
 - lib/netsparker/vulnerability.rb
 - lib/tasks/thorfile.rb
@@ -128,12 +129,8 @@ files:
 - spec/fixtures/files/testsparker.xml
 - spec/spec_helper.rb
 - spec/vulnerability_spec.rb
-- templates/evidence.fields
 - templates/evidence.sample
-- templates/evidence.template
-- templates/issue.fields
 - templates/issue.sample
-- templates/issue.template
 homepage: https://dradis.com/integrations/netsparker.html
 licenses:
 - GPL-2
@@ -153,7 +150,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Netsparker add-on for the Dradis Framework.

data/templates/evidence.fields DELETED Viewed

@@ -1,6 +0,0 @@
-evidence.rawrequest
-evidence.rawresponse
-evidence.url
-evidence.vulnerableparameter
-evidence.vulnerableparametertype
-evidence.vulnerableparametervalue

data/templates/evidence.template DELETED Viewed

@@ -1,17 +0,0 @@
-#[URL]#
-%evidence.url%
-#[Request]#
-bc.. %evidence.rawrequest%
-#[Response]#
-bc.. %evidence.rawresponse%
-#[VulnerableParameter]#
-bc. %evidence.vulnerableparameter%
-#[VulnerableParameterType]#
-bc. %evidence.vulnerableparametertype%
-#[VulnerableParameterValue]#
-bc. %evidence.vulnerableparametervalue%

data/templates/issue.fields DELETED Viewed

@@ -1,34 +0,0 @@
-issue.actions_to_take
-issue.certainty
-issue.classification_asvs40
-issue.classification_capec
-issue.classification_cvss_vector
-issue.classification_cvss_base_value
-issue.classification_cvss_base_severity
-issue.classification_cvss_environmental_value
-issue.classification_cvss_environmental_severity
-issue.classification_cvss_temporal_value
-issue.classification_cvss_temporal_severity
-issue.classification_cwe
-issue.classification_disastig
-issue.classification_hipaa
-issue.classification_iso27001
-issue.classification_nistsp80053
-issue.classification_owasp2013
-issue.classification_owasp2017
-issue.classification_owasp2021
-issue.classification_owasppc
-issue.classification_pci31
-issue.classification_pci32
-issue.classification_wasc
-issue.description
-issue.external_references
-issue.extrainformation
-issue.impact
-issue.knownvulnerabilities
-issue.remedy
-issue.remedy_references
-issue.required_skills_for_exploitation
-issue.severity
-issue.title
-issue.type

data/templates/issue.template DELETED Viewed

@@ -1,14 +0,0 @@
-#[Title]#
-%issue.title%
-#[Severity]#
-%issue.severity%
-#[Certainty]#
-%issue.certainty%
-#[Description]#
-%issue.description%
-#[Remedy]#
-%issue.remedy%