dradis-nexpose 4.10.0 → 4.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b11c2f3efeb75d866e704afc1654be7901c80233d4c25ecf3796170c6217dd12
-  data.tar.gz: 18e1f93496c8badc29df962c48a7285d56ad5a5b5d3e3faa366f63e001081178
+  metadata.gz: fefa5d899cb4a34cead8f685c4bd13efdea29d034ddb7a505ce0e00f23b9b17d
+  data.tar.gz: 713ae33f6884e7c75393055f4cf68932a4ec9ef310e722d333b34c83df8b65ba
 SHA512:
-  metadata.gz: bafe0d744722c9dfb00170857fea3bad6c5f8cd2fcc571867ac0bfb86639f0dc700ea58134ab6f05556aa750dd51072b506a411452f4c7b796955b331916b57f
-  data.tar.gz: 3dc33c2ba56abe1ba7ce2d715cb63826b51d140fa702be9543078a803b6a5a0665b582a695a7e24c933957e3e413b27e1cc6b8a2170b392ba8e44bc89231eeaa
+  metadata.gz: 7a07af401d0dbe92e6d488244502eae76d2404482429190b8e7a68117c97e79e850905b0ab71954024137e9144125de3169866ef2749343c9b0d909c7e3027e1
+  data.tar.gz: 69b31e47e60b9ee6bbd6771222ea1a8f5940bf9d40c6700e789bee6a546a2b296d087b9a75fc850c32f827c9ac917bd22cbc16ebffed2ed6449f5ac8ca77023b

data/.github/pull_request_template.md

@@ -1,3 +1,5 @@
+Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
+
 ### Summary
 
 Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
 to keep the conversation linked together.
 
 
+### Testing Steps
+
+Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
+
+
 ### Other Information
 
 If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
 codebase. Any code you create which is merged must be owned by us.
 That's not us trying to be a jerks, that's just the way it works.
 
-Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
-file for the details.
-
 You can delete this section, but the following sentence needs to
 remain in the PR's description:
 
 > I assign all rights, including copyright, to any future Dradis
 > work by myself to Security Roots.
+
+### Check List
+
+- [ ] Added a CHANGELOG entry
+- [ ] Added specs

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+v4.11.0 (January 2024)
+  - Add port/protocol to evidences
+  - Use the details in <os> as the OS node property
+  - Import `vulnerability.risk_score` as a new Issue field
+  - Allow multiple evidence with the same test id & node address
+
 v4.10.0 (September 2023)
   - Update gemspec links
 

data/README.md

@@ -11,12 +11,12 @@ The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis
 
 ## More information
 
-See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
 
 
 ## Contributing
 
-See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
 
 
 ## License

data/lib/dradis/plugins/nexpose/formats/full.rb

@@ -1,5 +1,4 @@
 module Dradis::Plugins::Nexpose::Formats
-
   # This module knows how to parse Nexpose Ful XML format.
   module Full
     private
@@ -12,30 +11,29 @@ module Dradis::Plugins::Nexpose::Formats
 
       # First, extract scans
       scan_node = content_service.create_node(label: 'Nexpose Scan Summary')
-      logger.info{ "\tProcessing scan summary" }
+      logger.info { "\tProcessing scan summary" }
 
       doc.xpath('//scans/scan').each do |xml_scan|
         note_text = template_service.process_template(template: 'full_scan', data: xml_scan)
         content_service.create_note(node: scan_node, text: note_text)
       end
 
-
       # Second, we parse the nodes
       doc.xpath('//nodes/node').each do |xml_node|
         nexpose_node = Nexpose::Node.new(xml_node)
 
         host_node = content_service.create_node(label: nexpose_node.address, type: :host)
-        logger.info{ "\tProcessing host: #{nexpose_node.address}" }
+        logger.info { "\tProcessing host: #{nexpose_node.address}" }
 
         # add the summary note for this host
         note_text = template_service.process_template(template: 'full_node', data: nexpose_node)
         content_service.create_note(node: host_node, text: note_text)
 
         if host_node.respond_to?(:properties)
-          logger.info{ "\tAdding host properties to #{nexpose_node.address}"}
+          logger.info { "\tAdding host properties to #{nexpose_node.address}" }
           host_node.set_property(:ip, nexpose_node.address)
           host_node.set_property(:hostname, nexpose_node.names)
-          host_node.set_property(:os, nexpose_node.software)
+          host_node.set_property(:os, nexpose_node.fingerprints)
           host_node.set_property(:risk_score, nexpose_node.risk_score)
           host_node.save
         end
@@ -54,21 +52,22 @@ module Dradis::Plugins::Nexpose::Formats
           # See:
           #   http://stackoverflow.com/questions/1625446/problem-with-upper-case-and-lower-case-xpath-functions-in-selenium-ide/1625859#1625859
           xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[translate(@id,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='#{test_id}']").first
-          xml_vuln.add_child("<hosts/>") unless xml_vuln.last_element_child.name == "hosts"
+          xml_vuln.add_child('<hosts/>') unless xml_vuln.last_element_child.name == 'hosts'
 
           if xml_vuln.xpath("./hosts/host[text()='#{nexpose_node.address}']").empty?
             xml_vuln.last_element_child.add_child("<host>#{nexpose_node.address}</host>")
           end
 
-          evidence[test_id][nexpose_node.address] = node_test
+          evidence[test_id][nexpose_node.address] ||= []
+          evidence[test_id][nexpose_node.address] << node_test
         end
 
         nexpose_node.endpoints.each do |endpoint|
           # endpoint_node = content_service.create_node(label: endpoint.label, parent: host_node)
-          logger.info{ "\t\tEndpoint: #{endpoint.label}" }
+          logger.info { "\t\tEndpoint: #{endpoint.label}" }
 
           if host_node.respond_to?(:properties)
-            logger.info{ "\t\tAdding to Services table" }
+            logger.info { "\t\tAdding to Services table" }
             host_node.set_service(
               port: endpoint.port.to_i,
               protocol: endpoint.protocol,
@@ -102,13 +101,14 @@ module Dradis::Plugins::Nexpose::Formats
               #   http://stackoverflow.com/questions/1625446/problem-with-upper-case-and-lower-case-xpath-functions-in-selenium-ide/1625859#1625859
               #
               xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[translate(@id,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='#{test_id}']").first
-              xml_vuln.add_child("<hosts/>") unless xml_vuln.last_element_child.name == "hosts"
+              xml_vuln.add_child('<hosts/>') unless xml_vuln.last_element_child.name == 'hosts'
 
               if xml_vuln.xpath("./hosts/host[text()='#{nexpose_node.address}']").empty?
                 xml_vuln.last_element_child.add_child("<host>#{nexpose_node.address}</host>")
               end
 
-              evidence[test_id][nexpose_node.address] = service_test
+              evidence[test_id][nexpose_node.address] ||= []
+              evidence[test_id][nexpose_node.address] << service_test
             end
           end
         end
@@ -118,42 +118,43 @@ module Dradis::Plugins::Nexpose::Formats
       end
 
       # Third, parse vulnerability definitions
-      logger.info{ "\tProcessing issue definitions:" }
+      logger.info { "\tProcessing issue definitions:" }
 
       doc.xpath('//VulnerabilityDefinitions/vulnerability').each do |xml_vulnerability|
         id = xml_vulnerability['id'].downcase
         # if @vuln_list.include?(id)
-          issue_text = template_service.process_template(
-            template: 'full_vulnerability',
-            data: xml_vulnerability
-          )
-
-          # retrieve hosts affected by this issue (injected in step 2)
-          #
-          # There is no need for the below as Issues are linked to hosts via the
-          # corresponding Evidence instance
-          #
-          # note_text << "\n\n#[host]#\n"
-          # note_text << xml_vulnerability.xpath('./hosts/host').collect(&:text).join("\n")
-          # note_text << "\n\n"
-
-          # 3.1 create the Issue
-          issue = content_service.create_issue(text: issue_text, id: id)
-          logger.info{ "\tIssue: #{issue.fields ? issue.fields['Title'] : id}" }
-
-
-          # 3.2 associate with the nodes via Evidence.
-          #   TODO: there is room for improvement here by providing proper Evidence content
-          xml_vulnerability.xpath('./hosts/host').collect(&:text).each do |host_name|
-            # if the node exists, this just returns it
-            host_node = content_service.create_node(label: host_name, type: :host)
+        issue_text = template_service.process_template(
+          template: 'full_vulnerability',
+          data: xml_vulnerability
+        )
+
+        # retrieve hosts affected by this issue (injected in step 2)
+        #
+        # There is no need for the below as Issues are linked to hosts via the
+        # corresponding Evidence instance
+        #
+        # note_text << "\n\n#[host]#\n"
+        # note_text << xml_vulnerability.xpath('./hosts/host').collect(&:text).join("\n")
+        # note_text << "\n\n"
+
+        # 3.1 create the Issue
+        issue = content_service.create_issue(text: issue_text, id: id)
+        logger.info { "\tIssue: #{issue.fields ? issue.fields['Title'] : id}" }
 
+        # 3.2 associate with the nodes via Evidence.
+        #   TODO: there is room for improvement here by providing proper Evidence content
+        xml_vulnerability.xpath('./hosts/host').map(&:text).each do |host_name|
+          # if the node exists, this just returns it
+          host_node = content_service.create_node(label: host_name, type: :host)
+
+          evidence[id][host_name].each do |evidence|
             evidence_content = template_service.process_template(
               template: 'full_evidence',
-              data: evidence[id][host_name]
+              data: evidence
             )
             content_service.create_evidence(content: evidence_content, issue: issue, node: host_node)
           end
+        end
 
         # end
       end

data/lib/dradis/plugins/nexpose/gem_version.rb

@@ -8,11 +8,11 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 10
+        MINOR = 11
         TINY = 0
         PRE = nil
 
-        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
       end
     end
   end

data/lib/nexpose/endpoint.rb

@@ -8,7 +8,6 @@ module Nexpose
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class Endpoint
-
     # Accepts an XML node from Nokogiri::XML.
     def initialize(xml_node)
       @xml = xml_node
@@ -39,13 +38,14 @@ module Nexpose
     # Each of the services associated with this endpoint. Returns an array of
     # Nexpose::Service objects
     def services
-      @xml.xpath('./services/service').collect { |xml_service| Service.new(xml_service) }
+      @xml.xpath('./services/service').map do |xml_service|
+        Service.new(xml_service, endpoint: { port: port, protocol: protocol })
+      end
     end
 
-
     # This allows external callers (and specs) to check for implemented
     # properties
-    def respond_to?(method, include_private=false)
+    def respond_to?(method, include_private = false)
       return true if supported_tags.include?(method.to_sym)
       super
     end
@@ -57,7 +57,6 @@ module Nexpose
     # attribute, simple descendent or collection that it maps to in the XML
     # tree.
     def method_missing(method, *args)
-
       # We could remove this check and return nil for any non-recognized tag.
       # The problem would be that it would make tricky to debug problems with
       # typos. For instance: <>.potr would return nil instead of raising an
@@ -69,8 +68,7 @@ module Nexpose
 
       # First we try the attributes. In Ruby we use snake_case, but in XML
       # CamelCase is used for some attributes
-      translations_table = {
-      }
+      translations_table = {}
 
       method_name = translations_table.fetch(method, method.to_s)
       return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)

data/lib/nexpose/node.rb

@@ -43,10 +43,9 @@ module Nexpose
       @xml.xpath('./endpoints/endpoint').collect { |xml_endpoint| Endpoint.new(xml_endpoint) }
     end
 
-
     # This allows external callers (and specs) to check for implemented
     # properties
-    def respond_to?(method, include_private=false)
+    def respond_to?(method, include_private = false)
       return true if supported_tags.include?(method.to_sym)
       super
     end
@@ -58,7 +57,6 @@ module Nexpose
     # attribute, simple descendent or collection that it maps to in the XML
     # tree.
     def method_missing(method, *args)
-
       # We could remove this check and return nil for any non-recognized tag.
       # The problem would be that it would make tricky to debug problems with
       # typos. For instance: <>.potr would return nil instead of raising an
@@ -84,7 +82,7 @@ module Nexpose
 
       # Finally the enumerations: names
       if method_name == 'names'
-        @xml.xpath("./names/name").collect(&:text)
+        @xml.xpath('./names/name').collect(&:text)
 
       elsif ['fingerprints', 'software'].include?(method_name)
 
@@ -93,14 +91,10 @@ module Nexpose
           'software' => './software/fingerprint'
         }[method_name]
 
-        @xml.xpath(xpath_selector).collect do |xml_os|
-          Hash[
-            xml_os.attributes.collect do |name, xml_attribute|
-              next if name == 'arch'
-              [name.sub(/-/,'_').to_sym, xml_attribute.value]
-            end
-          ]
-        end
+        xml_os = @xml.at_xpath(xpath_selector)
+        return '' if xml_os.nil?
+
+        xml_os.attributes['product'].value
       else
         # nothing found, the tag is valid but not present in this ReportItem
         return nil

data/lib/nexpose/service.rb

@@ -8,9 +8,15 @@ module Nexpose
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class Service
+    attr_accessor :endpoint, :xml
+
     # Accepts an XML node from Nokogiri::XML.
-    def initialize(xml_node)
+    #
+    # endpoint - If the Service is instantiated from the Endpoint class (e.g.
+    # from <endpoint><services>...) , it will have access to the parent data.
+    def initialize(xml_node, endpoint: nil)
       @xml = xml_node
+      @endpoint = endpoint
     end
 
     # List of supported tags. They can be attributes, simple descendans or
@@ -29,15 +35,18 @@ module Nexpose
 
     # Convert each ./test/test entry into a simple hash
     def tests(*args)
-      @xml.xpath('./tests/test').map do |xml_test|
+      xml.xpath('./tests/test').map do |xml_test|
+        # Inject evidence with data from the node
+        xml_test['port'] = endpoint[:port]
+        xml_test['protocol'] = endpoint[:protocol]
+
         Nexpose::Test.new(xml_test)
       end
     end
 
-
     # This allows external callers (and specs) to check for implemented
     # properties
-    def respond_to?(method, include_private=false)
+    def respond_to?(method, include_private = false)
       return true if supported_tags.include?(method.to_sym)
       super
     end
@@ -49,7 +58,6 @@ module Nexpose
     # attribute, simple descendent or collection that it maps to in the XML
     # tree.
     def method_missing(method, *args)
-
       # We could remove this check and return nil for any non-recognized tag.
       # The problem would be that it would make tricky to debug problems with
       # typos. For instance: <>.potr would return nil instead of raising an
@@ -61,11 +69,10 @@ module Nexpose
 
       # First we try the attributes. In Ruby we use snake_case, but in XML
       # CamelCase is used for some attributes
-      translations_table = {
-      }
+      translations_table = {}
 
       method_name = translations_table.fetch(method, method.to_s)
-      return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
+      return xml.attributes[method_name].value if xml.attributes.key?(method_name)
 
       # Finally the enumerations: references, tags
       if ['fingerprints', 'configurations'].include?(method_name)
@@ -74,11 +81,11 @@ module Nexpose
           'configurations' => './configuration/config'
         }[method_name]
 
-        @xml.xpath(xpath_selector).collect do |xml_item|
-          {:text => xml_item.text}.merge(
+        xml.xpath(xpath_selector).collect do |xml_item|
+          { text: xml_item.text }.merge(
             Hash[
               xml_item.attributes.collect do |name, xml_attribute|
-                [name.sub(/-/,'_').to_sym, xml_attribute.value]
+                [name.sub(/-/, '_').to_sym, xml_attribute.value]
               end
             ]
           )

data/lib/nexpose/test.rb

@@ -16,7 +16,9 @@ module Nexpose
       {
         id: xml_node.attributes['id'],
         status: xml_node.attributes['status'],
-        content: content
+        content: content,
+        port: xml_node.attributes['port'],
+        protocol: xml_node.attributes['protocol']
       }
     end
   end

data/lib/nexpose/vulnerability.rb

@@ -20,8 +20,8 @@ module Nexpose
     def supported_tags
       [
         # attributes
-        :nexpose_id, :title, :severity, :pci_severity, :cvss_score, :cvss_vector,
-        :published, :added, :modified,
+        :added, :cvss_score, :cvss_vector, :modified, :nexpose_id, :pci_severity, 
+        :published, :risk_score, :severity, :title,
 
         # simple tags
         :description, :solution,
@@ -64,6 +64,7 @@ module Nexpose
       translations_table = {
         :nexpose_id => 'id',
         :pci_severity => 'pciSeverity',
+        :risk_score => 'riskScore',
         :cvss_score => 'cvssScore',
         :cvss_vector =>'cvssVector'
       }

data/spec/fixtures/files/full.xml

@@ -9,7 +9,7 @@
         <name>localhost:5000</name>
       </names>
       <fingerprints>
-        <os certainty="0.80" family="IOS" product="IOS" vendor="Cisco"/>
+        <os certainty="0.80" family="IOS" product="IOS" vendor="Cisco" arch="x86_64"/>
       </fingerprints>
       <tests/>
       <endpoints>

data/spec/fixtures/files/full_with_duplicate_node.xml

@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<NexposeReport version="2.0">
+  <scans>
+    <scan endTime="20141110T175832478" id="4" name="USDA_Internal" startTime="20141110T094538362" status="finished"/>
+  </scans>
+  <nodes>
+    <node address="1.1.1.1" device-id="75" risk-score="0.0" scan-template="Edge Standard" site-importance="Normal" site-name="USDA_Internal" status="alive">
+      <names>
+        <name>localhost:5000</name>
+      </names>
+      <fingerprints>
+        <os certainty="0.80" family="IOS" product="IOS" vendor="Cisco" arch="x86_64"/>
+      </fingerprints>
+      <tests/>
+      <endpoints>
+        <endpoint port="123" protocol="udp" status="open">
+          <services>
+            <service name="NTP">
+              <fingerprints>
+                <fingerprint certainty="0.90" family="NTP" product="NTP" vendor="Cisco"/>
+              </fingerprints>
+              <configuration>
+                <config name="ntp.variables">system=&quot;cisco&quot;, leap=0, stratum=5, rootdelay=88.21,
+
+rootdispersion=108.54, peer=24960, refid=135.89.100.96,
+
+reftime=0xD80BB6B5.715ACDD8, poll=10, clock=0xD80BB78F.8931F3F6,
+
+phase=8.259, freq=-141.24, error=11.32</config>
+              </configuration>
+              <tests>
+                <test id="ntp-clock-variables-disclosure" pci-compliance-status="pass" scan-id="4" status="vulnerable-exploited" vulnerable-since="20141110T161846666">
+                  <Paragraph>
+                    <Paragraph>The following NTP variables were found from a readvar request: system=&quot;cisco&quot;, leap=0, stratum=5, rootdelay=88.21,
+rootdispersion=108.54, peer=24960, refid=135.89.100.96,
+reftime=0xD80BB6B5.715ACDD8, poll=10, clock=0xD80BB78F.8931F3F6,
+phase=8.259, freq=-141.24, error=11.32</Paragraph>
+                  </Paragraph>
+                </test>
+              </tests>
+            </service>
+          </services>
+        </endpoint>
+        <endpoint port="161" protocol="udp" status="open">
+          <services>
+            <service name="SNMP">
+              <tests/>
+            </service>
+          </services>
+        </endpoint>
+      </endpoints>
+    </node>
+    <node address="1.1.1.1" device-id="75" risk-score="0.0" scan-template="Edge Standard" site-importance="Normal" site-name="USDA_Internal" status="alive">
+      <names>
+        <name>localhost:6000</name>
+      </names>
+      <fingerprints>
+        <os certainty="0.80" family="IOS" product="IOS" vendor="Cisco" arch="x86_64"/>
+      </fingerprints>
+      <tests/>
+      <endpoints>
+        <endpoint port="123" protocol="udp" status="open">
+          <services>
+            <service name="NTP">
+              <fingerprints>
+                <fingerprint certainty="0.90" family="NTP" product="NTP" vendor="Cisco"/>
+              </fingerprints>
+              <configuration>
+                <config name="ntp.variables">system=&quot;cisco&quot;, leap=0, stratum=5, rootdelay=88.21,
+
+rootdispersion=108.54, peer=24960, refid=135.89.100.96,
+
+reftime=0xD80BB6B5.715ACDD8, poll=10, clock=0xD80BB78F.8931F3F6,
+
+phase=8.259, freq=-141.24, error=11.32</config>
+              </configuration>
+              <tests>
+                <test id="ntp-clock-variables-disclosure" pci-compliance-status="pass" scan-id="4" status="vulnerable-exploited" vulnerable-since="20141110T161846666">
+                  <Paragraph>
+                    <Paragraph>The following NTP variables were found from a readvar request: system=&quot;cisco&quot;, leap=0, stratum=5, rootdelay=88.21,
+rootdispersion=108.54, peer=24960, refid=135.89.100.96,
+reftime=0xD80BB6B5.715ACDD8, poll=10, clock=0xD80BB78F.8931F3F6,
+phase=8.259, freq=-141.24, error=11.32</Paragraph>
+                  </Paragraph>
+                </test>
+              </tests>
+            </service>
+          </services>
+        </endpoint>
+        <endpoint port="161" protocol="udp" status="open">
+          <services>
+            <service name="SNMP">
+              <tests/>
+            </service>
+          </services>
+        </endpoint>
+      </endpoints>
+    </node>
+  </nodes>
+  <VulnerabilityDefinitions>
+    <vulnerability added="20120412T000000000" cvssScore="4.3" cvssVector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" id="ntp-clock-variables-disclosure" modified="20131205T000000000" pciSeverity="3" published="20120127T000000000" riskScore="378.27377" severity="4" title="Apache HTTPD: error responses can expose cookies (CVE-2012-0053)">
+      <malware/>
+      <exploits>
+        <exploit id="3479" link="http://www.exploit-db.com/exploits/18442" skillLevel="Expert" title="Apache httpOnly Cookie Disclosure" type="exploitdb"/>
+      </exploits>
+      <description>
+        <ContainerBlockElement>
+          <Paragraph>A flaw was found in the default error response for status code 400.  This flaw could be used by an attacker to expose &quot;httpOnly&quot; cookies when no custom ErrorDocument is specified.</Paragraph>
+        </ContainerBlockElement>
+      </description>
+      <references>
+        <reference source="APPLE">APPLE-SA-2012-09-19-2</reference>
+        <reference source="BID">51706</reference>
+        <reference source="CVE">CVE-2012-0053</reference>
+        <reference source="REDHAT">RHSA-2012:0128</reference>
+        <reference source="SECUNIA">48551</reference>
+        <reference source="URL">http://httpd.apache.org/security/vulnerabilities_20.html</reference>
+        <reference source="URL">http://httpd.apache.org/security/vulnerabilities_22.html</reference>
+      </references>
+      <tags>
+        <tag>Apache</tag>
+        <tag>Apache HTTP Server</tag>
+        <tag>Web</tag>
+      </tags>
+      <solution>
+        <ContainerBlockElement>
+          <Paragraph>Apache HTTPD &gt;= 2.0 and &lt; 2.0.65</Paragraph>
+          <Paragraph>Download and apply the upgrade from:
+
+            <URLLink LinkTitle="http://archive.apache.org/dist/httpd/httpd-2.0.65.tar.gz" LinkURL="http://archive.apache.org/dist/httpd/httpd-2.0.65.tar.gz"/></Paragraph>
+          <Paragraph>Many platforms and distributions provide pre-built binary packages for Apache HTTP server.  These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system.</Paragraph>
+        </ContainerBlockElement>
+      </solution>
+    </vulnerability>
+  </VulnerabilityDefinitions>
+</NexposeReport>

data/spec/nexpose_upload_spec.rb

@@ -1,170 +1,201 @@
-require 'spec_helper'
+require 'rails_helper'
 require 'ostruct'
 
 describe 'Nexpose upload plugin' do
-  before(:each) do
-    # Stub template service
-    templates_dir = File.expand_path('../../templates', __FILE__)
-    expect_any_instance_of(Dradis::Plugins::TemplateService)
-    .to receive(:default_templates_dir).and_return(templates_dir)
-
-    # Init services
-    plugin = Dradis::Plugins::Nexpose
-
-    @content_service = Dradis::Plugins::ContentService::Base.new(
-      logger: Logger.new(STDOUT),
-      plugin: plugin
-    )
-
-    @importer = plugin::Importer.new(
-      content_service: @content_service,
-    )
-
-    # Stub dradis-plugins methods
-    #
-    # They return their argument hashes as objects mimicking
-    # Nodes, Issues, etc
-    allow(@content_service).to receive(:create_node) do |args|
-      OpenStruct.new(args)
-    end
-    allow(@content_service).to receive(:create_note) do |args|
-      OpenStruct.new(args)
-    end
-    allow(@content_service).to receive(:create_issue) do |args|
-      OpenStruct.new(args)
-    end
-    allow(@content_service).to receive(:create_evidence) do |args|
-      OpenStruct.new(args)
-    end
+  before do
+    @fixtures_dir = File.expand_path('../fixtures/files/', __FILE__)
   end
 
-  describe "Importer: Simple" do
-    it "creates nodes, issues, notes and an evidences as needed" do
-
-      expect(@content_service).to receive(:create_node).with(hash_including label: '1.1.1.1', type: :host).once
-
-      expect(@content_service).to receive(:create_note) do |args|
-        expect(args[:text]).to include("Host Description : Linux 2.6.9-89.ELsmp")
-        expect(args[:text]).to include("Scanner Fingerprint certainty : 0.80")
-        expect(args[:node].label).to eq("1.1.1.1")
-      end.once
-
-      expect(@content_service).to receive(:create_node) do |args|
-        expect(args[:label]).to eq('Generic Findings')
-        expect(args[:parent].label).to eq("1.1.1.1")
+  describe 'importer' do
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+        .to receive(:default_templates_dir).and_return(templates_dir)
+
+      # Init services
+      plugin = Dradis::Plugins::Nexpose
+
+      @content_service = Dradis::Plugins::ContentService::Base.new(
+        logger: Logger.new(STDOUT),
+        plugin: plugin
+      )
+
+      @importer = plugin::Importer.new(
+        content_service: @content_service,
+      )
+
+      # Stub dradis-plugins methods
+      #
+      # They return their argument hashes as objects mimicking
+      # Nodes, Issues, etc
+      allow(@content_service).to receive(:create_node) do |args|
         OpenStruct.new(args)
-      end.once
-
-      expect(@content_service).to receive(:create_node) do |args|
-        expect(args[:label]).to eq('udp-000')
-        expect(args[:parent].label).to eq("1.1.1.1")
+      end
+      allow(@content_service).to receive(:create_note) do |args|
         OpenStruct.new(args)
-      end.once
-
-      expect(@content_service).to receive(:create_note) do |args|
-        expect(args[:text]).to include("#[Id]#\nntpd-crypto")
-        expect(args[:text]).to include("#[host]#\n1.1.1.1")
-        expect(args[:node].label).to eq("udp-000")
-      end.once
-
-      expect(@content_service).to receive(:create_note) do |args|
-        expect(args[:text]).to include("#[Id]#\nntp-clock-radio")
-        expect(args[:text]).to include("#[host]#\n1.1.1.1")
-        expect(args[:node].label).to eq("udp-000")
-      end.once
-
-      @importer.import(file: 'spec/fixtures/files/simple.xml')
-    end
-  end
-
-  describe "Importer: Full" do
-    it "creates nodes, issues, notes and an evidences as needed" do
-      expect(@content_service).to receive(:create_node).with(hash_including label: "Nexpose Scan Summary").once
-      expect(@content_service).to receive(:create_note) do |args|
-        expect(args[:text]).to include("#[Title]#\nUSDA_Internal (4)")
-        expect(args[:node].label).to eq("Nexpose Scan Summary")
-      end.once
-
-      expect(@content_service).to receive(:create_node).with(
-        hash_including label: "1.1.1.1", type: :host
-      ).twice
-
-      expect(@content_service).to receive(:create_note) do |args|
-        expect(args[:text]).to include("#[Title]#\n1.1.1.1")
-        expect(args[:node].label).to eq("1.1.1.1")
-      end.once
-
-      expect(@content_service).to receive(:create_note) do |args|
-        expect(args[:text]).to include("#[Title]#\nService name: NTP")
-        expect(args[:node].label).to eq("1.1.1.1")
-      end.once
-
-      expect(@content_service).to receive(:create_note) do |args|
-        expect(args[:text]).to include("#[Title]#\nService name: SNMP")
-        expect(args[:node].label).to eq("1.1.1.1")
-      end.once
-
-      expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Title]#\nApache HTTPD: error responses can expose cookies (CVE-2012-0053)")
-        expect(args[:id]).to eq("ntp-clock-variables-disclosure")
+      end
+      allow(@content_service).to receive(:create_issue) do |args|
         OpenStruct.new(args)
-      end.once
-
-      expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Title]#\nApache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)")
-        expect(args[:id]).to eq("ntp-clock-variables-disclosure")
+      end
+      allow(@content_service).to receive(:create_evidence) do |args|
         OpenStruct.new(args)
-      end.once
+      end
+    end
 
-      expect(@content_service).to receive(:create_evidence) do |args|
-        expect(args[:content]).to include("#[ID]#\nntp-clock-variables-disclosure\n\n")
-        expect(args[:issue].id).to eq("ntp-clock-variables-disclosure")
-        expect(args[:node].label).to eq("1.1.1.1")
-      end.once
+    describe 'Importer: Simple' do
+      it 'creates nodes, issues, notes and an evidences as needed' do
+
+        expect(@content_service).to receive(:create_node).with(hash_including label: '1.1.1.1', type: :host).once
+
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include('Host Description : Linux 2.6.9-89.ELsmp')
+          expect(args[:text]).to include('Scanner Fingerprint certainty : 0.80')
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        expect(@content_service).to receive(:create_node) do |args|
+          expect(args[:label]).to eq('Generic Findings')
+          expect(args[:parent].label).to eq('1.1.1.1')
+          OpenStruct.new(args)
+        end.once
+
+        expect(@content_service).to receive(:create_node) do |args|
+          expect(args[:label]).to eq('udp-000')
+          expect(args[:parent].label).to eq('1.1.1.1')
+          OpenStruct.new(args)
+        end.once
+
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Id]#\nntpd-crypto")
+          expect(args[:text]).to include("#[host]#\n1.1.1.1")
+          expect(args[:node].label).to eq('udp-000')
+        end.once
+
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Id]#\nntp-clock-radio")
+          expect(args[:text]).to include("#[host]#\n1.1.1.1")
+          expect(args[:node].label).to eq('udp-000')
+        end.once
+
+        @importer.import(file: @fixtures_dir + '/simple.xml')
+      end
+    end
 
-      allow_any_instance_of(OpenStruct).to receive(:respond_to?).with(:properties).and_return(true)
-      allow_any_instance_of(OpenStruct).to receive(:set_service).and_return(true)
+    describe 'Importer: Full' do
+      it 'creates nodes, issues, notes and an evidences as needed' do
+        expect(@content_service).to receive(:create_node).with(hash_including label: 'Nexpose Scan Summary').once
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Title]#\nUSDA_Internal (4)")
+          expect(args[:node].label).to eq('Nexpose Scan Summary')
+        end.once
+
+        expect(@content_service).to receive(:create_node) do |args|
+          expect(args[:label]).to eq('1.1.1.1')
+          expect(args[:type]).to eq(:host)
+          create(:node, args.except(:type))
+        end
+
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Title]#\n1.1.1.1")
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Title]#\nService name: NTP")
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Title]#\nService name: SNMP")
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Title]#\nApache HTTPD: error responses can expose cookies (CVE-2012-0053)")
+          expect(args[:id]).to eq('ntp-clock-variables-disclosure')
+          OpenStruct.new(args)
+        end.once
+
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Title]#\nApache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)")
+          expect(args[:id]).to eq('ntp-clock-variables-disclosure')
+          OpenStruct.new(args)
+        end.once
+
+        expect(@content_service).to receive(:create_evidence) do |args|
+          expect(args[:content]).to include("#[ID]#\nntp-clock-variables-disclosure\n\n")
+          expect(args[:issue].id).to eq('ntp-clock-variables-disclosure')
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        @importer.import(file: @fixtures_dir + '/full.xml')
+
+        expect(Node.find_by(label: '1.1.1.1').properties[:os]).to eq('IOS')
+      end
 
-      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:hostname, ['localhost:5000'])
-      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:ip, '1.1.1.1')
-      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:os, [])
-      expect_any_instance_of(OpenStruct).to receive(:set_property).with(:risk_score, '0.0')
+      it 'wraps ciphers inside ssl issues in code blocks' do
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include('bc. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256')
+          OpenStruct.new(args)
+        end.once
 
-      @importer.import(file: 'spec/fixtures/files/full.xml')
-    end
+        @importer.import(file: @fixtures_dir + '/ssl.xml')
+      end
 
-    it "wraps ciphers inside ssl issues in code blocks" do
-      expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("bc. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256")
-        OpenStruct.new(args)
-      end.once
+      # Regression test for github.com/dradis/dradis-nexpose/issues/1
+      it 'populates solutions regardless they are wrapped in paragraphs or lists' do
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
+          OpenStruct.new(args)
+        end.once
 
-      @importer.import(file: 'spec/fixtures/files/ssl.xml')
-    end
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Solution]#\n")
+          expect(args[:text]).to include('You can remove inode information from the ETag header')
+          OpenStruct.new(args)
+        end.once
 
-    # Regression test for github.com/dradis/dradis-nexpose/issues/1
-    it "populates solutions regardless they are wrapped in paragraphs or lists" do
-      expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
-        OpenStruct.new(args)
-      end.once
+        @importer.import(file: @fixtures_dir + '/full.xml')
+      end
 
-      expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Solution]#\n")
-        expect(args[:text]).to include("You can remove inode information from the ETag header")
-        OpenStruct.new(args)
-      end.once
+      it 'transforms html entities (&lt; and &gt;)' do
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
+          OpenStruct.new(args)
+        end
 
-      @importer.import(file: 'spec/fixtures/files/full.xml')
+        @importer.import(file: @fixtures_dir + '/full.xml')
+      end
     end
 
-    it "transforms html entities (&lt; and &gt;)" do
-      expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
-        OpenStruct.new(args)
+    describe 'Importer: Full with duplicate nodes' do
+      it 'creates evidence for each instance of the node' do
+        expect(@content_service).to receive(:create_node).with(hash_including label: 'Nexpose Scan Summary').once
+        expect(@content_service).to receive(:create_node) do |args|
+          expect(args[:label]).to eq('1.1.1.1')
+          expect(args[:type]).to eq(:host)
+          create(:node, args.except(:type))
+        end
+
+        expect(@content_service).to receive(:create_evidence) do |args|
+          expect(args[:content]).to include("#[ID]#\nntp-clock-variables-disclosure\n\n")
+          expect(args[:issue].id).to eq('ntp-clock-variables-disclosure')
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.twice
+
+        @importer.import(file: @fixtures_dir + '/full_with_duplicate_node.xml')
       end
-
-      @importer.import(file: 'spec/fixtures/files/full.xml')
     end
   end
+
+  it 'parses the fingerprints field' do
+    doc = Nokogiri::XML(File.read(@fixtures_dir + '/full.xml'))
+
+    ts = Dradis::Plugins::TemplateService.new(plugin: Dradis::Plugins::Nexpose)
+    ts.set_template(template: 'full_node', content: "#[Fingerprints]#\n%node.fingerprints%\n")
+    result = ts.process_template(data: doc.at_xpath('//nodes/node'), template: 'full_node')
+
+    expect(result).to include('IOS')
+  end
 end

data/templates/full_evidence.fields

@@ -1,3 +1,5 @@
 evidence.id
 evidence.status
 evidence.content
+evidence.port
+evidence.protocol

data/templates/full_evidence.sample

@@ -1,4 +1,4 @@
-<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminapi/base.cfc?wsdl" status="vulnerable-exploited" scan-id="4" vulnerable-since="20141110T165124356" pci-compliance-status="fail">
+<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminapi/base.cfc?wsdl" status="vulnerable-exploited" scan-id="4" vulnerable-since="20141110T165124356" pci-compliance-status="fail" port="123" protocol="udp">
   <Paragraph>
     <UnorderedList>
       <ListItem>Running HTTP service</ListItem>

data/templates/full_service.fields

@@ -1,4 +1,4 @@
 service.configurations
 service.fingerprints
 service.name
-service.tests
+service.tests

data/templates/full_service.sample

@@ -14,4 +14,4 @@
 
   <tests>
   </tests>
-</service>
+</service>

data/templates/full_vulnerability.fields

@@ -6,6 +6,7 @@ vulnerability.modified
 vulnerability.nexpose_id
 vulnerability.pci_severity
 vulnerability.published
+vulnerability.risk_score
 vulnerability.references
 vulnerability.severity
 vulnerability.solution

data/templates/full_vulnerability.sample

@@ -6,6 +6,7 @@
   cvssScore="7.5"
   cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)"
   published="19970101T000000000"
+  riskScore="123.4567"
   added="20041101T000000000"
   modified="20111117T000000000">
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nexpose
 version: !ruby/object:Gem::Version
-  version: 4.10.0
+  version: 4.11.0
 platform: ruby
 authors:
 - Daniel Martin
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-07 00:00:00.000000000 Z
+date: 2024-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -96,7 +96,7 @@ dependencies:
         version: 0.5.2
 description: This add-on allows you to upload and parse output produced from Nexpose
   scanner into Dradis.
-email: 
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -130,6 +130,7 @@ files:
 - lib/nexpose/vulnerability.rb
 - lib/tasks/thorfile.rb
 - spec/fixtures/files/full.xml
+- spec/fixtures/files/full_with_duplicate_node.xml
 - spec/fixtures/files/simple.xml
 - spec/fixtures/files/ssl.xml
 - spec/nexpose_upload_spec.rb
@@ -156,7 +157,7 @@ homepage: https://dradis.com/integrations/nexpose.html
 licenses:
 - GPL-2
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -171,12 +172,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Nexpose add-on for the Dradis Framework.
 test_files:
 - spec/fixtures/files/full.xml
+- spec/fixtures/files/full_with_duplicate_node.xml
 - spec/fixtures/files/simple.xml
 - spec/fixtures/files/ssl.xml
 - spec/nexpose_upload_spec.rb