RubyGems - dradis-nexpose - Versions diffs - 4.0.0 → 4.3.0 - Mend

dradis-nexpose 4.0.0 → 4.3.0

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +51 -60
data/CHANGELOG.template +12 -0
data/dradis-nexpose.gemspec +1 -1
data/lib/dradis/plugins/nexpose/formats/full.rb +1 -1
data/lib/dradis/plugins/nexpose/gem_version.rb +1 -1
data/lib/nexpose/vulnerability.rb +4 -3
data/spec/fixtures/files/full.xml +3 -0
data/spec/nexpose_upload_spec.rb +8 -1
metadata +5 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3221e4566a6908aac405d51d9f5d165cd67229c0f8ea0f2361775d1b238eab6a
-  data.tar.gz: c518c809aafcf83da0dc452b471a4831ce21396b7205b482f53e2bf1495d23d1
+  metadata.gz: 0c51805184f0768194c6847137daf88038647c86332c2d9939b936fff4255ba1
+  data.tar.gz: 7ecd5e769dcc1c27eb268b0d1326df19e9dd6fe4c8209c8e15bde379839a5368
 SHA512:
-  metadata.gz: bfb28ff16fb0fee4d491828fff1e3e8caf8c09e2cc6ad1ddb29ed2c7c4abe0c86f5d3064c037f8773dda53d857bf61f350fe4947f49a3be55b0d726e173ae9a0
-  data.tar.gz: 9096410b85f110249f860cd5a875cc8788a5d194519f5e78413198721e7399cd4ba5667d3ce92df61915706d848cd214850e26e3a31a070b7b490ca24b0b9425
+  metadata.gz: dea870174817b843f104047b2382b3049bb485d0ecfee949f75960ce410ab04326d49f9e5f22b52e433d001ac886ec04bd03a9c26396b8457c4662ba28fc389f
+  data.tar.gz: 240cba4c9a281adcf6bb2733119ecd6f373b19c385fff18c6fe4d69754b646f4b172f7111225de797cd23e8bc3da653f3be81162d93b6b82de00fda2f3aa69f9

data/CHANGELOG.md CHANGED Viewed

@@ -1,81 +1,72 @@
-## Dradis Framework 4.0.0 (July, 2021) ##
+v4.3.0 (April 2022)
+  - Update HTML tag cleanup to cover `UnorderedList` tags without spaces and double `Paragraph preformat` tags
-*   Update HTML tag cleanup
+v4.2.0 (February 2022)
+  - Pull the Hostname Node property from the `name` rather than `site-name` tag
-## Dradis Framework 3.22 (April, 2021) ##
+v4.1.0 (November 2021)
+  - Update HTML tag cleanup to better cover `UnorderedList` and `URLLink` tags in the solution field
-*   No changes.
+v4.0.0 (July 2021)
+  - Expand coverage for cipher wrapping to ssl-anon-ciphers and ssl-only-weak-ciphers
+  - Update HTML tag cleanup
-## Dradis Framework 3.21 (February, 2021) ##
+v3.22.0 (April 2021)
+  - No changes
-*   No changes.
+v3.21.0 (February 2021)
+  - No changes
-## Dradis Framework 3.20 (December, 2020) ##
+v3.20.0 (December 2020)
+  - Expand coverage for cipher wrapping
-*   Expand coverage for cipher wrapping
+v3.19.0 (September 2020)
+  - No changes
-## Dradis Framework 3.19 (September, 2020) ##
+v3.18.0 (July 2020)
+  - No changes
-*   No changes.
+v3.17.0 (May 2020)
+  - Expand coverage for cipher wrapping
-## Dradis Framework 3.18 (July, 2020) ##
+v3.16.0 (February 2020)
+  - No changes
-*   No changes.
+v3.15.0 (November 2019)
+  - Wrap ciphers in code blocks
-## Dradis Framework 3.17 (May, 2020) ##
+v3.14.0 (August 2019)
+  - Add risk-score attribute to nodes
-*   Expand coverage for cipher wrapping
+v3.13.0 (June 2019)
+  - No changes
-## Dradis Framework 3.16 (February, 2020) ##
+v3.12.0 (March 2019)
+  - No changes
-*   No changes.
+v3.11.0 (November 2018)
+  - No changes
-## Dradis Framework 3.15 (November, 2019) ##
+v3.10.1 (October 2018)
+  - Fix usage of set_property(:services) to use set_service
-*   Wrap ciphers in code blocks
+v3.10.0 (August 2018)
+  - Create `hostname` and `os` Node properties (if present)
+  - Improve parsing of `<ListItem>` tags
+  - Import `vulnerability.tags` field as expected
+  - Import `<Paragraph preformat="true">` tags as code blocks
+  - Import `<URLLink>` tags as textile links
+  - Resolve duplicate content in nested `<Paragraph>` tags
-## Dradis Framework 3.14 (August, 2019) ##
+v3.9.0 (January 2018)
+  - No changes
-*   Add risk-score attribute to nodes
+v3.8.0 (September 2017)
+  - No changes
-## Dradis Framework 3.13 (June, 2019) ##
+v3.7.0 (July 2017)
+  - Add full evidence template for exporting evidences
+  - Fix issue resulting in Evidence with null content
-*   No changes.
-## Dradis Framework 3.12 (March, 2019) ##
-*   No changes.
-## Dradis Framework 3.11 (November, 2018) ##
-*   No changes.
-## Dradis Framework 3.10.1 (October, 2018) ##
-*   Fix usage of set_property(:services) to use set_service
-## Dradis Framework 3.10 (August, 2018) ##
-*   Resolve duplicate content in nested `<Paragraph>` tags
-*   Import `<URLLink>` tags as textile links
-*   Import `<Paragraph preformat="true">` tags as code blocks
-*   Improve parsing of `<ListItem>` tags
-*   Import `vulnerability.tags` field as expected
-*   Create `hostname` and `os` Node properties (if present)
-## Dradis Framework 3.9 (January, 2018) ##
-*   No changes.
-## Dradis Framework 3.8 (September, 2017) ##
-*   No changes.
-## Dradis Framework 3.7 (July, 2017) ##
-*   Add full evidence template for exporting evidences.
-*   Fix issue resulting in Evidence with null content.
-## Dradis Framework 3.6 (March, 2017) ##
-*   No changes.
+v3.6.0 (March 2017)
+  - No changes

data/CHANGELOG.template ADDED Viewed

@@ -0,0 +1,12 @@
+[v#.#.#] ([month] [YYYY])
+  - [future tense verb] [feature]
+  - Upgraded gems:
+    - [gem]
+  - Bugs fixes:
+    - [future tense verb] [bug fix]
+    - Bug tracker items:
+      - [item]
+  - Security Fixes:
+    - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]

data/dradis-nexpose.gemspec CHANGED Viewed

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
   # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
   # until we bump Dradis Pro to 4.1.
   # s.add_dependency 'rails', '~> 4.1.1'
-  spec.add_dependency 'dradis-plugins', '~> 4.0.0'
+  spec.add_dependency 'dradis-plugins', '~> 4.0'
   spec.add_dependency 'nokogiri', '~> 1.3'
   spec.add_development_dependency 'bundler'

data/lib/dradis/plugins/nexpose/formats/full.rb CHANGED Viewed

@@ -34,7 +34,7 @@ module Dradis::Plugins::Nexpose::Formats
         if host_node.respond_to?(:properties)
           logger.info{ "\tAdding host properties to #{nexpose_node.address}"}
           host_node.set_property(:ip, nexpose_node.address)
-          host_node.set_property(:hostname, nexpose_node.site_name)
+          host_node.set_property(:hostname, nexpose_node.names)
           host_node.set_property(:os, nexpose_node.software)
           host_node.set_property(:risk_score, nexpose_node.risk_score)
           host_node.save

data/lib/dradis/plugins/nexpose/gem_version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 0
+        MINOR = 3
         TINY = 0
         PRE = nil

data/lib/nexpose/vulnerability.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Nexpose
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class Vulnerability
-    SSL_CIPHER_VULN_IDS = %w[ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
+    SSL_CIPHER_VULN_IDS = %w[ssl-anon-ciphers ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-only-weak-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
     # Accepts an XML node from Nokogiri::XML.
     def initialize(xml_node)
@@ -112,16 +112,17 @@ module Nexpose
     def cleanup_html(source)
       result = source.to_s
       result.gsub!(/<ContainerBlockElement>(.*?)<\/ContainerBlockElement>/m){|m| "#{ $1 }"}
+      result.gsub!(/<Paragraph preformat=\"true\">(\s*)<Paragraph preformat=\"true\">(.*?)<\/Paragraph>(\s*)<\/Paragraph>/mi){|m| "\nbc. #{ $2 }\n\n"}
       result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/mi){|m| "\nbc. #{ $1 }\n\n"}
       result.gsub!(/<Paragraph>(.*?)<\/Paragraph>/m){|m| "#{ $1 }\n"}
       result.gsub!(/<Paragraph>|<\/Paragraph>/, '')
-      result.gsub!(/<UnorderedList>(.*?)<\/UnorderedList>/m){|m| "#{ $1 }"}
+      result.gsub!(/<UnorderedList(.*?)>(.*?)<\/UnorderedList>/m){|m| "#{ $2 }"}
       result.gsub!(/<OrderedList(.*?)>(.*?)<\/OrderedList>/m){|m| "#{ $2 }"}
       result.gsub!(/<ListItem>|<\/ListItem>/, '')
       result.gsub!(/          /, '')
       result.gsub!(/   /, '')
       result.gsub!(/\t\t/, '')
-      result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/i) { "\"#{$4.strip}\":#{$2.strip} " }
+      result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/im) { "\"#{$4.strip}\":#{$2.strip} " }
       result.gsub!(/<URLLink LinkTitle=\"(.*?)\"(.*?)LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$3.strip} " }
       result.gsub!(/<URLLink LinkURL=\"(.*?)\"(.*?)LinkTitle=\"(.*?)\"\/>/i) { "\"#{$3.strip}\":#{$1.strip} " }
       result.gsub!(/&gt;/, '>')

data/spec/fixtures/files/full.xml CHANGED Viewed

@@ -5,6 +5,9 @@
   </scans>
   <nodes>
     <node address="1.1.1.1" device-id="75" risk-score="0.0" scan-template="Edge Standard" site-importance="Normal" site-name="USDA_Internal" status="alive">
+      <names>
+        <name>localhost:5000</name>
+      </names>
       <fingerprints>
         <os certainty="0.80" family="IOS" product="IOS" vendor="Cisco"/>
       </fingerprints>

data/spec/nexpose_upload_spec.rb CHANGED Viewed

@@ -79,7 +79,6 @@ describe 'Nexpose upload plugin' do
   describe "Importer: Full" do
     it "creates nodes, issues, notes and an evidences as needed" do
       expect(@content_service).to receive(:create_node).with(hash_including label: "Nexpose Scan Summary").once
       expect(@content_service).to receive(:create_note) do |args|
         expect(args[:text]).to include("#[Title]#\nUSDA_Internal (4)")
@@ -123,6 +122,14 @@ describe 'Nexpose upload plugin' do
         expect(args[:node].label).to eq("1.1.1.1")
       end.once
+      allow_any_instance_of(OpenStruct).to receive(:respond_to?).with(:properties).and_return(true)
+      allow_any_instance_of(OpenStruct).to receive(:set_service).and_return(true)
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:hostname, ['localhost:5000'])
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:ip, '1.1.1.1')
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:os, [])
+      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:risk_score, '0.0')
       @importer.import(file: 'spec/fixtures/files/full.xml')
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nexpose
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.3.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-03 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -107,6 +107,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
+- CHANGELOG.template
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE