dradis-nexpose 3.21.0 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f1de1e41082e7f355ce1766ed41f57c8947149c9e1cd2ec1d196a74822faff2e
-  data.tar.gz: 8c06efe488c691851d9cbc2b1d9acad05fb44dfbdff9a7aab128a2d39e586ced
+  metadata.gz: 9104388051c4619bfa547e1dcf8c4a7694ddf40f280ecd835efbd207e7af45c0
+  data.tar.gz: a46345dbb5776757b6a213dbba8c31eabef4e73c1800095710f0cfa18f86221e
 SHA512:
-  metadata.gz: 87c4525413af035952db3bd001bfee45a4f7885fd5587f6409aacf714365bb128d80d17cf62f4e2d972d4cefee8f1967981a2d1bce4c3b93e1a2807606f65814
-  data.tar.gz: 23528190a046f03337385f3dacea148412ca15c812102bb52449422fcadbaca54a679a2df0091d6196af4487027dcbb198eb16a71026e744aff4bb79cbd62a17
+  metadata.gz: eb9dfec8eadb11c646c838566424b3f240f53e8f52fff3433bc85efae8d23fc7cef12fdd336d04554369b95111c5b4e1f37bcf83f8136edf68d459505534f801
+  data.tar.gz: 4f905810edd2168aba965ad15f14516c93bdd3ae6f418e2eed03af41c53c998e56a5607eb86a19c740cb0dfc84ddd92c409bc92c6a4467e03fd956c327c963ff

data/CHANGELOG.md

@@ -1,73 +1,69 @@
-## Dradis Framework 3.21 (February, 2021) ##
+v4.2.0 (February 2022)
+  - Pull the Hostname Node property from the `name` rather than `site-name` tag
 
-*   No changes.
+v4.1.0 (November 2021)
+  - Update HTML tag cleanup to better cover `UnorderedList` and `URLLink` tags in the solution field
 
-## Dradis Framework 3.20 (December, 2020) ##
+v4.0.0 (July 2021)
+  - Expand coverage for cipher wrapping to ssl-anon-ciphers and ssl-only-weak-ciphers
+  - Update HTML tag cleanup
 
-*   Expand coverage for cipher wrapping
+v3.22.0 (April 2021)
+  - No changes
 
-## Dradis Framework 3.19 (September, 2020) ##
+v3.21.0 (February 2021)
+  - No changes
 
-*   No changes.
+v3.20.0 (December 2020)
+  - Expand coverage for cipher wrapping
 
-## Dradis Framework 3.18 (July, 2020) ##
+v3.19.0 (September 2020)
+  - No changes
 
-*   No changes.
+v3.18.0 (July 2020)
+  - No changes
 
-## Dradis Framework 3.17 (May, 2020) ##
+v3.17.0 (May 2020)
+  - Expand coverage for cipher wrapping
 
-*   Expand coverage for cipher wrapping
+v3.16.0 (February 2020)
+  - No changes
 
-## Dradis Framework 3.16 (February, 2020) ##
+v3.15.0 (November 2019)
+  - Wrap ciphers in code blocks
 
-*   No changes.
+v3.14.0 (August 2019)
+  - Add risk-score attribute to nodes
 
-## Dradis Framework 3.15 (November, 2019) ##
+v3.13.0 (June 2019)
+  - No changes
 
-*   Wrap ciphers in code blocks
+v3.12.0 (March 2019)
+  - No changes
 
-## Dradis Framework 3.14 (August, 2019) ##
+v3.11.0 (November 2018)
+  - No changes
 
-*   Add risk-score attribute to nodes
+v3.10.1 (October 2018)
+  - Fix usage of set_property(:services) to use set_service
 
-## Dradis Framework 3.13 (June, 2019) ##
+v3.10.0 (August 2018)
+  - Create `hostname` and `os` Node properties (if present)
+  - Improve parsing of `<ListItem>` tags
+  - Import `vulnerability.tags` field as expected
+  - Import `<Paragraph preformat="true">` tags as code blocks
+  - Import `<URLLink>` tags as textile links
+  - Resolve duplicate content in nested `<Paragraph>` tags
 
-*   No changes.
+v3.9.0 (January 2018)
+  - No changes
 
-## Dradis Framework 3.12 (March, 2019) ##
+v3.8.0 (September 2017)
+  - No changes
 
-*   No changes.
+v3.7.0 (July 2017)
+  - Add full evidence template for exporting evidences
+  - Fix issue resulting in Evidence with null content
 
-## Dradis Framework 3.11 (November, 2018) ##
-
-*   No changes.
-
-## Dradis Framework 3.10.1 (October, 2018) ##
-
-*   Fix usage of set_property(:services) to use set_service
-
-## Dradis Framework 3.10 (August, 2018) ##
-
-*   Resolve duplicate content in nested `<Paragraph>` tags
-*   Import `<URLLink>` tags as textile links
-*   Import `<Paragraph preformat="true">` tags as code blocks
-*   Improve parsing of `<ListItem>` tags
-*   Import `vulnerability.tags` field as expected
-*   Create `hostname` and `os` Node properties (if present)
-
-## Dradis Framework 3.9 (January, 2018) ##
-
-*   No changes.
-
-## Dradis Framework 3.8 (September, 2017) ##
-
-*   No changes.
-
-## Dradis Framework 3.7 (July, 2017) ##
-
-*   Add full evidence template for exporting evidences.
-*   Fix issue resulting in Evidence with null content.
-
-## Dradis Framework 3.6 (March, 2017) ##
-
-*   No changes.
+v3.6.0 (March 2017)
+  - No changes

data/CHANGELOG.template

@@ -0,0 +1,12 @@
+[v#.#.#] ([month] [YYYY])
+  - [future tense verb] [feature]
+  - Upgraded gems:
+    - [gem]
+  - Bugs fixes:
+    - [future tense verb] [bug fix]
+    - Bug tracker items:
+      - [item]
+  - Security Fixes:
+    - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]

data/dradis-nexpose.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
   # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
   # until we bump Dradis Pro to 4.1.
   # s.add_dependency 'rails', '~> 4.1.1'
-  spec.add_dependency 'dradis-plugins', '~> 3.6'
+  spec.add_dependency 'dradis-plugins', '~> 4.0'
   spec.add_dependency 'nokogiri', '~> 1.3'
 
   spec.add_development_dependency 'bundler'

data/lib/dradis/plugins/nexpose/formats/full.rb

@@ -34,7 +34,7 @@ module Dradis::Plugins::Nexpose::Formats
         if host_node.respond_to?(:properties)
           logger.info{ "\tAdding host properties to #{nexpose_node.address}"}
           host_node.set_property(:ip, nexpose_node.address)
-          host_node.set_property(:hostname, nexpose_node.site_name)
+          host_node.set_property(:hostname, nexpose_node.names)
           host_node.set_property(:os, nexpose_node.software)
           host_node.set_property(:risk_score, nexpose_node.risk_score)
           host_node.save

data/lib/dradis/plugins/nexpose/gem_version.rb

@@ -7,8 +7,8 @@ module Dradis
       end
 
       module VERSION
-        MAJOR = 3
-        MINOR = 21
+        MAJOR = 4
+        MINOR = 2
         TINY = 0
         PRE = nil
 

data/lib/nexpose/vulnerability.rb

@@ -8,7 +8,7 @@ module Nexpose
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class Vulnerability
-    SSL_CIPHER_VULN_IDS = %w[ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
+    SSL_CIPHER_VULN_IDS = %w[ssl-anon-ciphers ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-only-weak-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
 
     # Accepts an XML node from Nokogiri::XML.
     def initialize(xml_node)
@@ -112,17 +112,18 @@ module Nexpose
     def cleanup_html(source)
       result = source.to_s
       result.gsub!(/<ContainerBlockElement>(.*?)<\/ContainerBlockElement>/m){|m| "#{ $1 }"}
-      result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/m){|m| "\nbc. #{ $1 }\n\n"}
+      result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/mi){|m| "\nbc. #{ $1 }\n\n"}
       result.gsub!(/<Paragraph>(.*?)<\/Paragraph>/m){|m| "#{ $1 }\n"}
-      result.gsub!(/<Paragraph>/, '')
-      result.gsub!(/<\/Paragraph>/, '')
-      result.gsub!(/<UnorderedList>(.*?)<\/UnorderedList>/m){|m| "#{ $1 }"}
-      result.gsub!(/<ListItem>(.*?)<\/ListItem>/m){|m| "#{ $1 }\n"}
+      result.gsub!(/<Paragraph>|<\/Paragraph>/, '')
+      result.gsub!(/<UnorderedList (.*?)>(.*?)<\/UnorderedList>/m){|m| "#{ $2 }"}
+      result.gsub!(/<OrderedList(.*?)>(.*?)<\/OrderedList>/m){|m| "#{ $2 }"}
+      result.gsub!(/<ListItem>|<\/ListItem>/, '')
       result.gsub!(/          /, '')
+      result.gsub!(/   /, '')
       result.gsub!(/\t\t/, '')
-      result.gsub!(/<URLLink LinkTitle=\"(.*?)\" LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$2.strip} " }
-      result.gsub!(/<URLLink LinkURL=\"(.*?)\" LinkTitle=\"(.*?)\"\/>/i) { "\"#{$2.strip}\":#{$1.strip} " }
-      result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/m) {|m| "\"#{$4.strip}\":#{$2.strip} " }
+      result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/im) { "\"#{$4.strip}\":#{$2.strip} " }
+      result.gsub!(/<URLLink LinkTitle=\"(.*?)\"(.*?)LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$3.strip} " }
+      result.gsub!(/<URLLink LinkURL=\"(.*?)\"(.*?)LinkTitle=\"(.*?)\"\/>/i) { "\"#{$3.strip}\":#{$1.strip} " }
       result.gsub!(/&gt;/, '>')
       result.gsub!(/&lt;/, '<')
       result

data/spec/fixtures/files/full.xml

@@ -5,6 +5,9 @@
   </scans>
   <nodes>
     <node address="1.1.1.1" device-id="75" risk-score="0.0" scan-template="Edge Standard" site-importance="Normal" site-name="USDA_Internal" status="alive">
+      <names>
+        <name>localhost:5000</name>
+      </names>
       <fingerprints>
         <os certainty="0.80" family="IOS" product="IOS" vendor="Cisco"/>
       </fingerprints>

data/spec/nexpose_upload_spec.rb

@@ -79,7 +79,6 @@ describe 'Nexpose upload plugin' do
 
   describe "Importer: Full" do
     it "creates nodes, issues, notes and an evidences as needed" do
-
       expect(@content_service).to receive(:create_node).with(hash_including label: "Nexpose Scan Summary").once
       expect(@content_service).to receive(:create_note) do |args|
         expect(args[:text]).to include("#[Title]#\nUSDA_Internal (4)")
@@ -123,6 +122,14 @@ describe 'Nexpose upload plugin' do
         expect(args[:node].label).to eq("1.1.1.1")
       end.once
 
+      allow_any_instance_of(OpenStruct).to receive(:respond_to?).with(:properties).and_return(true)
+      allow_any_instance_of(OpenStruct).to receive(:set_service).and_return(true)
+
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:hostname, ['localhost:5000'])
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:ip, '1.1.1.1')
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:os, [])
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:risk_score, '0.0')
+
       @importer.import(file: 'spec/fixtures/files/full.xml')
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nexpose
 version: !ruby/object:Gem::Version
-  version: 3.21.0
+  version: 4.2.0
 platform: ruby
 authors:
 - Daniel Martin
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-02-12 00:00:00.000000000 Z
+date: 2022-02-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -107,6 +107,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
+- CHANGELOG.template
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE
@@ -156,7 +157,7 @@ homepage: http://dradisframework.org
 licenses:
 - GPL-2
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -171,8 +172,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.4
-signing_key:
+rubygems_version: 3.1.4
+signing_key: 
 specification_version: 4
 summary: Nexpose add-on for the Dradis Framework.
 test_files: