RubyGems - dradis-nexpose - Versions diffs - 4.0.0 → 4.3.0 - Mend

dradis-nexpose 4.0.0 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +51 -60
data/CHANGELOG.template +12 -0
data/dradis-nexpose.gemspec +1 -1
data/lib/dradis/plugins/nexpose/formats/full.rb +1 -1
data/lib/dradis/plugins/nexpose/gem_version.rb +1 -1
data/lib/nexpose/vulnerability.rb +4 -3
data/spec/fixtures/files/full.xml +3 -0
data/spec/nexpose_upload_spec.rb +8 -1
metadata +5 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3221e4566a6908aac405d51d9f5d165cd67229c0f8ea0f2361775d1b238eab6a
-  data.tar.gz: c518c809aafcf83da0dc452b471a4831ce21396b7205b482f53e2bf1495d23d1
+  metadata.gz: 0c51805184f0768194c6847137daf88038647c86332c2d9939b936fff4255ba1
+  data.tar.gz: 7ecd5e769dcc1c27eb268b0d1326df19e9dd6fe4c8209c8e15bde379839a5368
 SHA512:
-  metadata.gz: bfb28ff16fb0fee4d491828fff1e3e8caf8c09e2cc6ad1ddb29ed2c7c4abe0c86f5d3064c037f8773dda53d857bf61f350fe4947f49a3be55b0d726e173ae9a0
-  data.tar.gz: 9096410b85f110249f860cd5a875cc8788a5d194519f5e78413198721e7399cd4ba5667d3ce92df61915706d848cd214850e26e3a31a070b7b490ca24b0b9425
+  metadata.gz: dea870174817b843f104047b2382b3049bb485d0ecfee949f75960ce410ab04326d49f9e5f22b52e433d001ac886ec04bd03a9c26396b8457c4662ba28fc389f
+  data.tar.gz: 240cba4c9a281adcf6bb2733119ecd6f373b19c385fff18c6fe4d69754b646f4b172f7111225de797cd23e8bc3da653f3be81162d93b6b82de00fda2f3aa69f9

data/CHANGELOG.md CHANGED Viewed

@@ -1,81 +1,72 @@
-## Dradis Framework 4.0.0 (July, 2021) ##
+v4.3.0 (April 2022)
+  - Update HTML tag cleanup to cover `UnorderedList` tags without spaces and double `Paragraph preformat` tags
-*   Update HTML tag cleanup
+v4.2.0 (February 2022)
+  - Pull the Hostname Node property from the `name` rather than `site-name` tag
-## Dradis Framework 3.22 (April, 2021) ##
+v4.1.0 (November 2021)
+  - Update HTML tag cleanup to better cover `UnorderedList` and `URLLink` tags in the solution field
-*   No changes.
+v4.0.0 (July 2021)
+  - Expand coverage for cipher wrapping to ssl-anon-ciphers and ssl-only-weak-ciphers
+  - Update HTML tag cleanup
-## Dradis Framework 3.21 (February, 2021) ##
+v3.22.0 (April 2021)
+  - No changes
-*   No changes.
+v3.21.0 (February 2021)
+  - No changes
-## Dradis Framework 3.20 (December, 2020) ##
+v3.20.0 (December 2020)
+  - Expand coverage for cipher wrapping
-*   Expand coverage for cipher wrapping
+v3.19.0 (September 2020)
+  - No changes
-## Dradis Framework 3.19 (September, 2020) ##
+v3.18.0 (July 2020)
+  - No changes
-*   No changes.
+v3.17.0 (May 2020)
+  - Expand coverage for cipher wrapping
-## Dradis Framework 3.18 (July, 2020) ##
+v3.16.0 (February 2020)
+  - No changes
-*   No changes.
+v3.15.0 (November 2019)
+  - Wrap ciphers in code blocks
-## Dradis Framework 3.17 (May, 2020) ##
+v3.14.0 (August 2019)
+  - Add risk-score attribute to nodes
-*   Expand coverage for cipher wrapping
+v3.13.0 (June 2019)
+  - No changes
-## Dradis Framework 3.16 (February, 2020) ##
+v3.12.0 (March 2019)
+  - No changes
-*   No changes.
+v3.11.0 (November 2018)
+  - No changes
-## Dradis Framework 3.15 (November, 2019) ##
+v3.10.1 (October 2018)
+  - Fix usage of set_property(:services) to use set_service
-*   Wrap ciphers in code blocks
+v3.10.0 (August 2018)
+  - Create `hostname` and `os` Node properties (if present)
+  - Improve parsing of `<ListItem>` tags
+  - Import `vulnerability.tags` field as expected
+  - Import `<Paragraph preformat="true">` tags as code blocks
+  - Import `<URLLink>` tags as textile links
+  - Resolve duplicate content in nested `<Paragraph>` tags
-## Dradis Framework 3.14 (August, 2019) ##
+v3.9.0 (January 2018)
+  - No changes
-*   Add risk-score attribute to nodes
+v3.8.0 (September 2017)
+  - No changes
-## Dradis Framework 3.13 (June, 2019) ##
+v3.7.0 (July 2017)
+  - Add full evidence template for exporting evidences
+  - Fix issue resulting in Evidence with null content
-*   No changes.
-## Dradis Framework 3.12 (March, 2019) ##
-*   No changes.
-## Dradis Framework 3.11 (November, 2018) ##
-*   No changes.
-## Dradis Framework 3.10.1 (October, 2018) ##
-*   Fix usage of set_property(:services) to use set_service
-## Dradis Framework 3.10 (August, 2018) ##
-*   Resolve duplicate content in nested `<Paragraph>` tags
-*   Import `<URLLink>` tags as textile links
-*   Import `<Paragraph preformat="true">` tags as code blocks
-*   Improve parsing of `<ListItem>` tags
-*   Import `vulnerability.tags` field as expected
-*   Create `hostname` and `os` Node properties (if present)
-## Dradis Framework 3.9 (January, 2018) ##
-*   No changes.
-## Dradis Framework 3.8 (September, 2017) ##
-*   No changes.
-## Dradis Framework 3.7 (July, 2017) ##
-*   Add full evidence template for exporting evidences.
-*   Fix issue resulting in Evidence with null content.
-## Dradis Framework 3.6 (March, 2017) ##
-*   No changes.
+v3.6.0 (March 2017)
+  - No changes

data/CHANGELOG.template ADDED Viewed

@@ -0,0 +1,12 @@
+[v#.#.#] ([month] [YYYY])
+  - [future tense verb] [feature]
+  - Upgraded gems:
+    - [gem]
+  - Bugs fixes:
+    - [future tense verb] [bug fix]
+    - Bug tracker items:
+      - [item]
+  - Security Fixes:
+    - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]

data/dradis-nexpose.gemspec CHANGED Viewed

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
   # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
   # until we bump Dradis Pro to 4.1.
   # s.add_dependency 'rails', '~> 4.1.1'
-  spec.add_dependency 'dradis-plugins', '~> 4.0.0'
+  spec.add_dependency 'dradis-plugins', '~> 4.0'
   spec.add_dependency 'nokogiri', '~> 1.3'
   spec.add_development_dependency 'bundler'

data/lib/dradis/plugins/nexpose/formats/full.rb CHANGED Viewed

@@ -34,7 +34,7 @@ module Dradis::Plugins::Nexpose::Formats
         if host_node.respond_to?(:properties)
           logger.info{ "\tAdding host properties to #{nexpose_node.address}"}
           host_node.set_property(:ip, nexpose_node.address)
-          host_node.set_property(:hostname, nexpose_node.site_name)
+          host_node.set_property(:hostname, nexpose_node.names)
           host_node.set_property(:os, nexpose_node.software)
           host_node.set_property(:risk_score, nexpose_node.risk_score)
           host_node.save

data/lib/dradis/plugins/nexpose/gem_version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 0
+        MINOR = 3
         TINY = 0
         PRE = nil

data/lib/nexpose/vulnerability.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Nexpose
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class Vulnerability
-    SSL_CIPHER_VULN_IDS = %w[ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
+    SSL_CIPHER_VULN_IDS = %w[ssl-anon-ciphers ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-only-weak-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
     # Accepts an XML node from Nokogiri::XML.
     def initialize(xml_node)
@@ -112,16 +112,17 @@ module Nexpose
     def cleanup_html(source)
       result = source.to_s
       result.gsub!(/<ContainerBlockElement>(.*?)<\/ContainerBlockElement>/m){|m| "#{ $1 }"}
+      result.gsub!(/<Paragraph preformat=\"true\">(\s*)<Paragraph preformat=\"true\">(.*?)<\/Paragraph>(\s*)<\/Paragraph>/mi){|m| "\nbc. #{ $2 }\n\n"}
       result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/mi){|m| "\nbc. #{ $1 }\n\n"}
       result.gsub!(/<Paragraph>(.*?)<\/Paragraph>/m){|m| "#{ $1 }\n"}
       result.gsub!(/<Paragraph>|<\/Paragraph>/, '')
-      result.gsub!(/<UnorderedList>(.*?)<\/UnorderedList>/m){|m| "#{ $1 }"}
+      result.gsub!(/<UnorderedList(.*?)>(.*?)<\/UnorderedList>/m){|m| "#{ $2 }"}
       result.gsub!(/<OrderedList(.*?)>(.*?)<\/OrderedList>/m){|m| "#{ $2 }"}
       result.gsub!(/<ListItem>|<\/ListItem>/, '')
       result.gsub!(/          /, '')
       result.gsub!(/   /, '')
       result.gsub!(/\t\t/, '')
-      result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/i) { "\"#{$4.strip}\":#{$2.strip} " }
+      result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/im) { "\"#{$4.strip}\":#{$2.strip} " }
       result.gsub!(/<URLLink LinkTitle=\"(.*?)\"(.*?)LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$3.strip} " }
       result.gsub!(/<URLLink LinkURL=\"(.*?)\"(.*?)LinkTitle=\"(.*?)\"\/>/i) { "\"#{$3.strip}\":#{$1.strip} " }
       result.gsub!(/&gt;/, '>')

data/spec/fixtures/files/full.xml CHANGED Viewed

@@ -5,6 +5,9 @@
   </scans>
   <nodes>
     <node address="1.1.1.1" device-id="75" risk-score="0.0" scan-template="Edge Standard" site-importance="Normal" site-name="USDA_Internal" status="alive">
+      <names>
+        <name>localhost:5000</name>
+      </names>
       <fingerprints>
         <os certainty="0.80" family="IOS" product="IOS" vendor="Cisco"/>
       </fingerprints>

data/spec/nexpose_upload_spec.rb CHANGED Viewed

@@ -79,7 +79,6 @@ describe 'Nexpose upload plugin' do
   describe "Importer: Full" do
     it "creates nodes, issues, notes and an evidences as needed" do
       expect(@content_service).to receive(:create_node).with(hash_including label: "Nexpose Scan Summary").once
       expect(@content_service).to receive(:create_note) do |args|
         expect(args[:text]).to include("#[Title]#\nUSDA_Internal (4)")
@@ -123,6 +122,14 @@ describe 'Nexpose upload plugin' do
         expect(args[:node].label).to eq("1.1.1.1")
       end.once
+      allow_any_instance_of(OpenStruct).to receive(:respond_to?).with(:properties).and_return(true)
+      allow_any_instance_of(OpenStruct).to receive(:set_service).and_return(true)
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:hostname, ['localhost:5000'])
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:ip, '1.1.1.1')
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:os, [])
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:risk_score, '0.0')
       @importer.import(file: 'spec/fixtures/files/full.xml')
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nexpose
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.3.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-03 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -107,6 +107,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
+- CHANGELOG.template
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE