dradis-nexpose 4.0.0 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +47 -62
  3. data/CHANGELOG.template +12 -0
  4. data/dradis-nexpose.gemspec +1 -1
  5. data/lib/dradis/plugins/nexpose/gem_version.rb +1 -1
  6. data/lib/nexpose/vulnerability.rb +3 -3
  7. metadata +6 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3221e4566a6908aac405d51d9f5d165cd67229c0f8ea0f2361775d1b238eab6a
4
- data.tar.gz: c518c809aafcf83da0dc452b471a4831ce21396b7205b482f53e2bf1495d23d1
3
+ metadata.gz: 8fd614ab4ae6d76629846fcc4b4446ae557f34057bc60abee7a10e7e73859bd9
4
+ data.tar.gz: f41b9074788b7c48ee2868424cceeb0d4857499c1ed1a811920c9887cc283be8
5
5
  SHA512:
6
- metadata.gz: bfb28ff16fb0fee4d491828fff1e3e8caf8c09e2cc6ad1ddb29ed2c7c4abe0c86f5d3064c037f8773dda53d857bf61f350fe4947f49a3be55b0d726e173ae9a0
7
- data.tar.gz: 9096410b85f110249f860cd5a875cc8788a5d194519f5e78413198721e7399cd4ba5667d3ce92df61915706d848cd214850e26e3a31a070b7b490ca24b0b9425
6
+ metadata.gz: 5ee4f44de8248385c6fc0d4ced288088bc2561b7dc2ad0e5fce555f2ec86186092cd23d7d85ef790f439df3f27c731c9e78f892042aaad68a5dddedbeb5ff0f0
7
+ data.tar.gz: 076bffc61f49b676914e19f075fc23da290d4e87f88d227e4c9efcf519e8078d5f0a961e5e59785da2da86ae9b74aa18773cf7e688ddbf10f33d1eeaa29ee5e5
data/CHANGELOG.md CHANGED
@@ -1,81 +1,66 @@
1
- ## Dradis Framework 4.0.0 (July, 2021) ##
1
+ v4.1.0 (November 2021)
2
+ - Update HTML tag cleanup to better cover `UnorderedList` and `URLLink` tags in the solution field
2
3
 
3
- * Update HTML tag cleanup
4
+ v4.0.0 (July 2021)
5
+ - Expand coverage for cipher wrapping to ssl-anon-ciphers and ssl-only-weak-ciphers
6
+ - Update HTML tag cleanup
4
7
 
5
- ## Dradis Framework 3.22 (April, 2021) ##
8
+ v3.22.0 (April 2021)
9
+ - No changes
6
10
 
7
- * No changes.
11
+ v3.21.0 (February 2021)
12
+ - No changes
8
13
 
9
- ## Dradis Framework 3.21 (February, 2021) ##
14
+ v3.20.0 (December 2020)
15
+ - Expand coverage for cipher wrapping
10
16
 
11
- * No changes.
17
+ v3.19.0 (September 2020)
18
+ - No changes
12
19
 
13
- ## Dradis Framework 3.20 (December, 2020) ##
20
+ v3.18.0 (July 2020)
21
+ - No changes
14
22
 
15
- * Expand coverage for cipher wrapping
23
+ v3.17.0 (May 2020)
24
+ - Expand coverage for cipher wrapping
16
25
 
17
- ## Dradis Framework 3.19 (September, 2020) ##
26
+ v3.16.0 (February 2020)
27
+ - No changes
18
28
 
19
- * No changes.
29
+ v3.15.0 (November 2019)
30
+ - Wrap ciphers in code blocks
20
31
 
21
- ## Dradis Framework 3.18 (July, 2020) ##
32
+ v3.14.0 (August 2019)
33
+ - Add risk-score attribute to nodes
22
34
 
23
- * No changes.
35
+ v3.13.0 (June 2019)
36
+ - No changes
24
37
 
25
- ## Dradis Framework 3.17 (May, 2020) ##
38
+ v3.12.0 (March 2019)
39
+ - No changes
26
40
 
27
- * Expand coverage for cipher wrapping
41
+ v3.11.0 (November 2018)
42
+ - No changes
28
43
 
29
- ## Dradis Framework 3.16 (February, 2020) ##
44
+ v3.10.1 (October 2018)
45
+ - Fix usage of set_property(:services) to use set_service
30
46
 
31
- * No changes.
47
+ v3.10.0 (August 2018)
48
+ - Create `hostname` and `os` Node properties (if present)
49
+ - Improve parsing of `<ListItem>` tags
50
+ - Import `vulnerability.tags` field as expected
51
+ - Import `<Paragraph preformat="true">` tags as code blocks
52
+ - Import `<URLLink>` tags as textile links
53
+ - Resolve duplicate content in nested `<Paragraph>` tags
32
54
 
33
- ## Dradis Framework 3.15 (November, 2019) ##
55
+ v3.9.0 (January 2018)
56
+ - No changes
34
57
 
35
- * Wrap ciphers in code blocks
58
+ v3.8.0 (September 2017)
59
+ - No changes
36
60
 
37
- ## Dradis Framework 3.14 (August, 2019) ##
61
+ v3.7.0 (July 2017)
62
+ - Add full evidence template for exporting evidences
63
+ - Fix issue resulting in Evidence with null content
38
64
 
39
- * Add risk-score attribute to nodes
40
-
41
- ## Dradis Framework 3.13 (June, 2019) ##
42
-
43
- * No changes.
44
-
45
- ## Dradis Framework 3.12 (March, 2019) ##
46
-
47
- * No changes.
48
-
49
- ## Dradis Framework 3.11 (November, 2018) ##
50
-
51
- * No changes.
52
-
53
- ## Dradis Framework 3.10.1 (October, 2018) ##
54
-
55
- * Fix usage of set_property(:services) to use set_service
56
-
57
- ## Dradis Framework 3.10 (August, 2018) ##
58
-
59
- * Resolve duplicate content in nested `<Paragraph>` tags
60
- * Import `<URLLink>` tags as textile links
61
- * Import `<Paragraph preformat="true">` tags as code blocks
62
- * Improve parsing of `<ListItem>` tags
63
- * Import `vulnerability.tags` field as expected
64
- * Create `hostname` and `os` Node properties (if present)
65
-
66
- ## Dradis Framework 3.9 (January, 2018) ##
67
-
68
- * No changes.
69
-
70
- ## Dradis Framework 3.8 (September, 2017) ##
71
-
72
- * No changes.
73
-
74
- ## Dradis Framework 3.7 (July, 2017) ##
75
-
76
- * Add full evidence template for exporting evidences.
77
- * Fix issue resulting in Evidence with null content.
78
-
79
- ## Dradis Framework 3.6 (March, 2017) ##
80
-
81
- * No changes.
65
+ v3.6.0 (March 2017)
66
+ - No changes
data/CHANGELOG.template ADDED
@@ -0,0 +1,12 @@
1
+ [v#.#.#] ([month] [YYYY])
2
+ - [future tense verb] [feature]
3
+ - Upgraded gems:
4
+ - [gem]
5
+ - Bugs fixes:
6
+ - [future tense verb] [bug fix]
7
+ - Bug tracker items:
8
+ - [item]
9
+ - Security Fixes:
10
+ - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
11
+ - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
12
+ - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
data/dradis-nexpose.gemspec CHANGED
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
25
25
  # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
26
26
  # until we bump Dradis Pro to 4.1.
27
27
  # s.add_dependency 'rails', '~> 4.1.1'
28
- spec.add_dependency 'dradis-plugins', '~> 4.0.0'
28
+ spec.add_dependency 'dradis-plugins', '~> 4.0'
29
29
  spec.add_dependency 'nokogiri', '~> 1.3'
30
30
 
31
31
  spec.add_development_dependency 'bundler'
data/lib/dradis/plugins/nexpose/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 0
11
+ MINOR = 1
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
data/lib/nexpose/vulnerability.rb CHANGED
@@ -8,7 +8,7 @@ module Nexpose
8
8
  # Instead of providing separate methods for each supported property we rely
9
9
  # on Ruby's #method_missing to do most of the work.
10
10
  class Vulnerability
11
- SSL_CIPHER_VULN_IDS = %w[ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
11
+ SSL_CIPHER_VULN_IDS = %w[ssl-anon-ciphers ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-only-weak-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
12
12
 
13
13
  # Accepts an XML node from Nokogiri::XML.
14
14
  def initialize(xml_node)
@@ -115,13 +115,13 @@ module Nexpose
115
115
  result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/mi){|m| "\nbc. #{ $1 }\n\n"}
116
116
  result.gsub!(/<Paragraph>(.*?)<\/Paragraph>/m){|m| "#{ $1 }\n"}
117
117
  result.gsub!(/<Paragraph>|<\/Paragraph>/, '')
118
- result.gsub!(/<UnorderedList>(.*?)<\/UnorderedList>/m){|m| "#{ $1 }"}
118
+ result.gsub!(/<UnorderedList (.*?)>(.*?)<\/UnorderedList>/m){|m| "#{ $2 }"}
119
119
  result.gsub!(/<OrderedList(.*?)>(.*?)<\/OrderedList>/m){|m| "#{ $2 }"}
120
120
  result.gsub!(/<ListItem>|<\/ListItem>/, '')
121
121
  result.gsub!(/ /, '')
122
122
  result.gsub!(/ /, '')
123
123
  result.gsub!(/\t\t/, '')
124
- result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/i) { "\"#{$4.strip}\":#{$2.strip} " }
124
+ result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/im) { "\"#{$4.strip}\":#{$2.strip} " }
125
125
  result.gsub!(/<URLLink LinkTitle=\"(.*?)\"(.*?)LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$3.strip} " }
126
126
  result.gsub!(/<URLLink LinkURL=\"(.*?)\"(.*?)LinkTitle=\"(.*?)\"\/>/i) { "\"#{$3.strip}\":#{$1.strip} " }
127
127
  result.gsub!(/&gt;/, '>')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-nexpose
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-03 00:00:00.000000000 Z
11
+ date: 2021-11-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 4.0.0
19
+ version: '4.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 4.0.0
26
+ version: '4.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -107,6 +107,7 @@ files:
107
107
  - ".gitignore"
108
108
  - ".rspec"
109
109
  - CHANGELOG.md
110
+ - CHANGELOG.template
110
111
  - CONTRIBUTING.md
111
112
  - Gemfile
112
113
  - LICENSE
@@ -171,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
171
172
  - !ruby/object:Gem::Version
172
173
  version: '0'
173
174
  requirements: []
174
- rubygems_version: 3.1.4
175
+ rubygems_version: 3.1.6
175
176
  signing_key:
176
177
  specification_version: 4
177
178
  summary: Nexpose add-on for the Dradis Framework.