dradis-nexpose 4.11.0 → 4.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +1 -2
- data/dradis-nexpose.gemspec +1 -1
- data/lib/dradis/plugins/nexpose/formats/full.rb +7 -7
- data/lib/dradis/plugins/nexpose/formats/simple.rb +1 -1
- data/lib/dradis/plugins/nexpose/gem_version.rb +1 -1
- data/lib/dradis/plugins/nexpose/mapping.rb +101 -0
- data/lib/dradis/plugins/nexpose.rb +1 -0
- data/lib/nexpose/test.rb +14 -7
- data/spec/fixtures/files/full.xml +24 -29
- data/spec/nexpose_upload_spec.rb +22 -2
- metadata +8 -19
- data/templates/full_evidence.fields +0 -5
- data/templates/full_evidence.template +0 -8
- data/templates/full_node.fields +0 -10
- data/templates/full_node.template +0 -16
- data/templates/full_scan.fields +0 -5
- data/templates/full_scan.template +0 -9
- data/templates/full_service.fields +0 -4
- data/templates/full_service.template +0 -11
- data/templates/full_vulnerability.fields +0 -14
- data/templates/full_vulnerability.template +0 -34
- data/templates/simple_port.fields +0 -2
- data/templates/simple_port.template +0 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a887a44415f052dffd7f94be06ccf8c1c0475ce57532555c814540b03e4594d3
|
|
4
|
+
data.tar.gz: 71d4e7b91e47f3ff9c389867280268b42c094edde983451f7a724c46fd2b9548
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d7571775280ca3ef11e74af4463e30aaf7b20c3206966b3bbbcbc32f12c487d2a31368053f5bafe1c3d96445a2051af8779ec8fa047f7bfbdb966d399b3a5002
|
|
7
|
+
data.tar.gz: 364816b376e44e503cf3fb26e02a7bfee3b32a6f0776ebb238babb6ff9a0d74b099f5efd98b43b17429e89d80dca9d3296a991ea286c9e8984541b89ab198324
|
data/CHANGELOG.md
CHANGED
|
@@ -1,8 +1,16 @@
|
|
|
1
|
+
v4.13.0 (July 2024)
|
|
2
|
+
- No changes
|
|
3
|
+
|
|
4
|
+
v4.12.0 (May 2024)
|
|
5
|
+
- Migrate integration to use Mappings Manager
|
|
6
|
+
- Update Dradis links in README
|
|
7
|
+
|
|
1
8
|
v4.11.0 (January 2024)
|
|
2
9
|
- Add port/protocol to evidences
|
|
3
10
|
- Use the details in <os> as the OS node property
|
|
4
11
|
- Import `vulnerability.risk_score` as a new Issue field
|
|
5
12
|
- Allow multiple evidence with the same test id & node address
|
|
13
|
+
- Add support for tests that start with `ContainerBlockElement`
|
|
6
14
|
|
|
7
15
|
v4.10.0 (September 2023)
|
|
8
16
|
- Update gemspec links
|
data/README.md
CHANGED
|
@@ -6,8 +6,7 @@ The Nexpose add-on enables users to upload Nexpose XML files to create a structu
|
|
|
6
6
|
|
|
7
7
|
This plugin supports both NeXpose-Simple and NeXpose-Full formats.
|
|
8
8
|
|
|
9
|
-
The add-on requires [Dradis CE](https://
|
|
10
|
-
|
|
9
|
+
The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
|
|
11
10
|
|
|
12
11
|
## More information
|
|
13
12
|
|
data/dradis-nexpose.gemspec
CHANGED
|
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
|
|
|
26
26
|
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
|
27
27
|
spec.add_dependency 'nokogiri', '~> 1.3'
|
|
28
28
|
|
|
29
|
-
spec.add_development_dependency 'bundler'
|
|
29
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
|
30
30
|
spec.add_development_dependency 'rake', '~> 10.0'
|
|
31
31
|
spec.add_development_dependency 'rspec-rails'
|
|
32
32
|
spec.add_development_dependency 'combustion', '~> 0.5.2'
|
|
@@ -14,7 +14,7 @@ module Dradis::Plugins::Nexpose::Formats
|
|
|
14
14
|
logger.info { "\tProcessing scan summary" }
|
|
15
15
|
|
|
16
16
|
doc.xpath('//scans/scan').each do |xml_scan|
|
|
17
|
-
note_text =
|
|
17
|
+
note_text = mapping_service.apply_mapping(source: 'full_scan', data: xml_scan)
|
|
18
18
|
content_service.create_note(node: scan_node, text: note_text)
|
|
19
19
|
end
|
|
20
20
|
|
|
@@ -26,7 +26,7 @@ module Dradis::Plugins::Nexpose::Formats
|
|
|
26
26
|
logger.info { "\tProcessing host: #{nexpose_node.address}" }
|
|
27
27
|
|
|
28
28
|
# add the summary note for this host
|
|
29
|
-
note_text =
|
|
29
|
+
note_text = mapping_service.apply_mapping(source: 'full_node', data: nexpose_node)
|
|
30
30
|
content_service.create_note(node: host_node, text: note_text)
|
|
31
31
|
|
|
32
32
|
if host_node.respond_to?(:properties)
|
|
@@ -83,7 +83,7 @@ module Dradis::Plugins::Nexpose::Formats
|
|
|
83
83
|
endpoint.services.each do |service|
|
|
84
84
|
|
|
85
85
|
# add the summary note for this service
|
|
86
|
-
note_text =
|
|
86
|
+
note_text = mapping_service.apply_mapping(source: 'full_service', data: service)
|
|
87
87
|
# content_service.create_note(node: endpoint_node, text: note_text)
|
|
88
88
|
content_service.create_note(node: host_node, text: note_text)
|
|
89
89
|
|
|
@@ -123,8 +123,8 @@ module Dradis::Plugins::Nexpose::Formats
|
|
|
123
123
|
doc.xpath('//VulnerabilityDefinitions/vulnerability').each do |xml_vulnerability|
|
|
124
124
|
id = xml_vulnerability['id'].downcase
|
|
125
125
|
# if @vuln_list.include?(id)
|
|
126
|
-
issue_text =
|
|
127
|
-
|
|
126
|
+
issue_text = mapping_service.apply_mapping(
|
|
127
|
+
source: 'full_vulnerability',
|
|
128
128
|
data: xml_vulnerability
|
|
129
129
|
)
|
|
130
130
|
|
|
@@ -148,8 +148,8 @@ module Dradis::Plugins::Nexpose::Formats
|
|
|
148
148
|
host_node = content_service.create_node(label: host_name, type: :host)
|
|
149
149
|
|
|
150
150
|
evidence[id][host_name].each do |evidence|
|
|
151
|
-
evidence_content =
|
|
152
|
-
|
|
151
|
+
evidence_content = mapping_service.apply_mapping(
|
|
152
|
+
source: 'full_evidence',
|
|
153
153
|
data: evidence
|
|
154
154
|
)
|
|
155
155
|
content_service.create_evidence(content: evidence_content, issue: issue, node: host_node)
|
|
@@ -26,7 +26,7 @@ module Dradis::Plugins::Nexpose::Formats
|
|
|
26
26
|
port_node = content_service.create_node(label: port_label, parent: host_node)
|
|
27
27
|
|
|
28
28
|
findings.each do |id, finding|
|
|
29
|
-
port_text =
|
|
29
|
+
port_text = mapping_service.apply_mapping(source: 'simple_port', data: {id: id, finding: finding})
|
|
30
30
|
port_text << "\n#[host]#\n#{host['address']}\n\n"
|
|
31
31
|
content_service.create_note node: port_node, text: port_text
|
|
32
32
|
end
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
module Dradis::Plugins::Nexpose
|
|
2
|
+
module Mapping
|
|
3
|
+
DEFAULT_MAPPING = {
|
|
4
|
+
full_evidence: {
|
|
5
|
+
'ID' => '{{ nexpose[evidence.id] }}',
|
|
6
|
+
'Status' => '{{ nexpose[evidence.status] }}',
|
|
7
|
+
'Content' => '{{ nexpose[evidence.content] }}'
|
|
8
|
+
},
|
|
9
|
+
full_node: {
|
|
10
|
+
'Title' => '{{ nexpose[node.address] }}',
|
|
11
|
+
'Hostname' => '{{ nexpose[node.site_name] }}',
|
|
12
|
+
'Details' => "Status: {{ nexpose[node.status] }}\nDevice id: {{ nexpose[node.device_id] }}\nHW address: {{ nexpose[node.hardware_address] }}",
|
|
13
|
+
'Names' => '{{ nexpose[node.names] }}',
|
|
14
|
+
'Software' => '{{ nexpose[node.software] }}'
|
|
15
|
+
},
|
|
16
|
+
full_scan: {
|
|
17
|
+
'Title' => '{{ nexpose[scan.name] }} ({{ nexpose[scan.scan_id] }})',
|
|
18
|
+
'Timing' => "Start time: {{ nexpose[scan.start_time] }}\nEnd time: {{ nexpose[scan.end_time] }}",
|
|
19
|
+
'Status' => '{{ nexpose[scan.status] }}'
|
|
20
|
+
},
|
|
21
|
+
full_service: {
|
|
22
|
+
'Title' => 'Service name: {{ nexpose[service.name] }}',
|
|
23
|
+
'Fingerprinting' => '{{ nexpose[service.fingerprints] }}',
|
|
24
|
+
'Configuration' => '{{ nexpose[service.configurations] }}',
|
|
25
|
+
'Tests' => '{{ nexpose[service.tests] }}'
|
|
26
|
+
},
|
|
27
|
+
full_vulnerability: {
|
|
28
|
+
'Title' => '{{ nexpose[vulnerability.title] }}',
|
|
29
|
+
'Nexpose Id' => '{{ nexpose[vulnerability.nexpose_id] }}',
|
|
30
|
+
'Severity' => '{{ nexpose[vulnerability.severity] }}',
|
|
31
|
+
'PCI Severity' => '{{ nexpose[vulnerability.pci_severity] }}',
|
|
32
|
+
'CVSS Score' => '{{ nexpose[vulnerability.cvss_score] }}',
|
|
33
|
+
'CVSS Vector' => '{{ nexpose[vulnerability.cvss_vector] }}',
|
|
34
|
+
'Published' => '{{ nexpose[vulnerability.published] }}',
|
|
35
|
+
'Description' => '{{ nexpose[vulnerability.description] }}',
|
|
36
|
+
'Solution' => '{{ nexpose[vulnerability.solution] }}',
|
|
37
|
+
'References' => '{{ nexpose[vulnerability.references] }}',
|
|
38
|
+
'Tags' => '{{ nexpose[vulnerability.tags] }}'
|
|
39
|
+
},
|
|
40
|
+
simple_port: {
|
|
41
|
+
'Id' => '{{ nexpose[port.id] }}',
|
|
42
|
+
'References' => '{{ nexpose[port.finding] }}'
|
|
43
|
+
}
|
|
44
|
+
}.freeze
|
|
45
|
+
|
|
46
|
+
SOURCE_FIELDS = {
|
|
47
|
+
full_evidence: [
|
|
48
|
+
'evidence.id',
|
|
49
|
+
'evidence.status',
|
|
50
|
+
'evidence.content',
|
|
51
|
+
'evidence.port',
|
|
52
|
+
'evidence.protocol'
|
|
53
|
+
],
|
|
54
|
+
full_node: [
|
|
55
|
+
'node.address',
|
|
56
|
+
'node.device_id',
|
|
57
|
+
'node.fingerprints',
|
|
58
|
+
'node.hardware_address',
|
|
59
|
+
'node.names',
|
|
60
|
+
'node.tests',
|
|
61
|
+
'node.risk_score',
|
|
62
|
+
'node.site_name',
|
|
63
|
+
'node.status',
|
|
64
|
+
'node.software'
|
|
65
|
+
],
|
|
66
|
+
full_scan: [
|
|
67
|
+
'scan.end_time',
|
|
68
|
+
'scan.name',
|
|
69
|
+
'scan.scan_id',
|
|
70
|
+
'scan.start_time',
|
|
71
|
+
'scan.status'
|
|
72
|
+
],
|
|
73
|
+
full_service: [
|
|
74
|
+
'service.configurations',
|
|
75
|
+
'service.fingerprints',
|
|
76
|
+
'service.name',
|
|
77
|
+
'service.tests'
|
|
78
|
+
],
|
|
79
|
+
full_vulnerability: [
|
|
80
|
+
'vulnerability.added',
|
|
81
|
+
'vulnerability.cvss_score',
|
|
82
|
+
'vulnerability.cvss_vector',
|
|
83
|
+
'vulnerability.description',
|
|
84
|
+
'vulnerability.modified',
|
|
85
|
+
'vulnerability.nexpose_id',
|
|
86
|
+
'vulnerability.pci_severity',
|
|
87
|
+
'vulnerability.published',
|
|
88
|
+
'vulnerability.risk_score',
|
|
89
|
+
'vulnerability.references',
|
|
90
|
+
'vulnerability.severity',
|
|
91
|
+
'vulnerability.solution',
|
|
92
|
+
'vulnerability.tags',
|
|
93
|
+
'vulnerability.title'
|
|
94
|
+
],
|
|
95
|
+
simple_port: [
|
|
96
|
+
'port.finding',
|
|
97
|
+
'port.id'
|
|
98
|
+
]
|
|
99
|
+
}.freeze
|
|
100
|
+
end
|
|
101
|
+
end
|
data/lib/nexpose/test.rb
CHANGED
|
@@ -2,13 +2,20 @@ module Nexpose
|
|
|
2
2
|
class Test
|
|
3
3
|
def self.new(xml_node)
|
|
4
4
|
content =
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
5
|
+
# get first Paragraph or ContainerBlockElement that's a direct child of <test>
|
|
6
|
+
if xml = xml_node.at_xpath('./Paragraph | ./ContainerBlockElement')
|
|
7
|
+
# get all nested paragraph elements
|
|
8
|
+
nested_paragraphs = xml.xpath('.//Paragraph')
|
|
9
|
+
|
|
10
|
+
content = nested_paragraphs.children.map do |node|
|
|
11
|
+
case node.name
|
|
12
|
+
when 'text'
|
|
13
|
+
node.text.strip
|
|
14
|
+
when 'URLLink'
|
|
15
|
+
node['LinkURL']
|
|
16
|
+
end
|
|
17
|
+
end.compact
|
|
18
|
+
content.map(&:strip).reject(&:empty?).join("\n")
|
|
12
19
|
else
|
|
13
20
|
'n/a'
|
|
14
21
|
end
|
|
@@ -20,23 +20,32 @@
|
|
|
20
20
|
<fingerprint certainty="0.90" family="NTP" product="NTP" vendor="Cisco"/>
|
|
21
21
|
</fingerprints>
|
|
22
22
|
<configuration>
|
|
23
|
-
<config name="ntp.variables">system="cisco", leap=0, stratum=5, rootdelay=88.21,
|
|
24
|
-
|
|
25
|
-
rootdispersion=108.54, peer=24960, refid=135.89.100.96,
|
|
26
|
-
|
|
27
|
-
reftime=0xD80BB6B5.715ACDD8, poll=10, clock=0xD80BB78F.8931F3F6,
|
|
28
|
-
|
|
29
|
-
phase=8.259, freq=-141.24, error=11.32</config>
|
|
23
|
+
<config name="ntp.variables">system="cisco", leap=0, stratum=5, rootdelay=88.21,rootdispersion=108.54, peer=24960, refid=135.89.100.96,reftime=0xD80BB6B5.715ACDD8, poll=10, clock=0xD80BB78F.8931F3F6,phase=8.259, freq=-141.24, error=11.32</config>
|
|
30
24
|
</configuration>
|
|
31
25
|
<tests>
|
|
32
26
|
<test id="ntp-clock-variables-disclosure" pci-compliance-status="pass" scan-id="4" status="vulnerable-exploited" vulnerable-since="20141110T161846666">
|
|
33
27
|
<Paragraph>
|
|
34
|
-
<Paragraph>The following NTP variables were found from a readvar request: system="cisco", leap=0, stratum=5, rootdelay=88.21,
|
|
35
|
-
rootdispersion=108.54, peer=24960, refid=135.89.100.96,
|
|
36
|
-
reftime=0xD80BB6B5.715ACDD8, poll=10, clock=0xD80BB78F.8931F3F6,
|
|
37
|
-
phase=8.259, freq=-141.24, error=11.32</Paragraph>
|
|
28
|
+
<Paragraph>The following NTP variables were found from a readvar request: system="cisco", leap=0, stratum=5, rootdelay=88.21, rootdispersion=108.54, peer=24960, refid=135.89.100.96, reftime=0xD80BB6B5.715ACDD8, poll=10, clock=0xD80BB78F.8931F3F6,phase=8.259, freq=-141.24, error=11.32</Paragraph>
|
|
38
29
|
</Paragraph>
|
|
39
30
|
</test>
|
|
31
|
+
<test id="test-02" pci-compliance-status="pass" scan-id="4" status="vulnerable-exploited" vulnerable-since="20141110T161846666">
|
|
32
|
+
<ContainerBlockElement>
|
|
33
|
+
<Paragraph>Vulnerable URL:
|
|
34
|
+
<URLLink LinkURL="https://1.2.3.4/" LinkTitle="https://1.2.3.4/"></URLLink>
|
|
35
|
+
More info
|
|
36
|
+
</Paragraph>
|
|
37
|
+
<Paragraph>CRAWL TRAFFIC
|
|
38
|
+
Vulnerable response matched:
|
|
39
|
+
</Paragraph>
|
|
40
|
+
<Paragraph>ATTACK TRAFFIC
|
|
41
|
+
Vulnerability proven via 1 attack
|
|
42
|
+
<Paragraph>(1) Attack proof:
|
|
43
|
+
Attack description:
|
|
44
|
+
Missing HTTP header "Content-Security-Policy"
|
|
45
|
+
Vulnerable response matched:
|
|
46
|
+
</Paragraph></Paragraph>
|
|
47
|
+
</ContainerBlockElement>
|
|
48
|
+
</test>
|
|
40
49
|
</tests>
|
|
41
50
|
</service>
|
|
42
51
|
</services>
|
|
@@ -86,7 +95,7 @@ phase=8.259, freq=-141.24, error=11.32</Paragraph>
|
|
|
86
95
|
</ContainerBlockElement>
|
|
87
96
|
</solution>
|
|
88
97
|
</vulnerability>
|
|
89
|
-
<vulnerability added="20120412T000000000" cvssScore="4.3" cvssVector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" id="
|
|
98
|
+
<vulnerability added="20120412T000000000" cvssScore="4.3" cvssVector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" id="test-02" modified="20130828T000000000" pciSeverity="3" published="20031231T000000000" riskScore="549.07043" severity="4" title="Apache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)">
|
|
90
99
|
<malware/>
|
|
91
100
|
<exploits/>
|
|
92
101
|
<description>
|
|
@@ -110,33 +119,19 @@ phase=8.259, freq=-141.24, error=11.32</Paragraph>
|
|
|
110
119
|
<UnorderedList>
|
|
111
120
|
<ListItem>
|
|
112
121
|
<Paragraph>
|
|
113
|
-
<Paragraph>You can remove inode information from the ETag header by adding the
|
|
114
|
-
following directive to your Apache config:</Paragraph>
|
|
122
|
+
<Paragraph>You can remove inode information from the ETag header by adding the following directive to your Apache config:</Paragraph>
|
|
115
123
|
<Paragraph preformat="true">FileETag MTime Size</Paragraph>
|
|
116
124
|
</Paragraph>
|
|
117
125
|
</ListItem>
|
|
118
126
|
<ListItem>
|
|
119
127
|
<Paragraph>OpenBSD</Paragraph>
|
|
120
128
|
<Paragraph>Download and apply the patch from:
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
129
|
<URLLink LinkTitle="http://www.openbsd.org/errata32.html#httpd" LinkURL="http://www.openbsd.org/errata32.html#httpd"/></Paragraph>
|
|
127
130
|
<Paragraph>
|
|
128
131
|
<Paragraph>The OpenBSD team has released a
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
132
|
<URLLink LinkTitle="http://www.openbsd.org/errata32.html#httpd" LinkURL="http://www.openbsd.org/errata32.html#httpd" href="http://www.openbsd.org/errata32.html#httpd">
|
|
135
|
-
patch</URLLink>for the Apache inode and pid leak problem. This patch can be applied
|
|
136
|
-
|
|
137
|
-
take effect. OpenBSD 3.3 will ship with the patched httpd by default.
|
|
138
|
-
The patch can be applied to earlier 3.x versions of OpenBSD, but it
|
|
139
|
-
may require editing of the source code.</Paragraph>
|
|
133
|
+
patch</URLLink>for the Apache inode and pid leak problem. This patch can be applied cleanly to 3.2 stable and rebuilt. Restart httpd for the changes to take effect. OpenBSD 3.3 will ship with the patched httpd by default. The patch can be applied to earlier 3.x versions of OpenBSD, but it may require editing of the source code.
|
|
134
|
+
</Paragraph>
|
|
140
135
|
</Paragraph>
|
|
141
136
|
</ListItem>
|
|
142
137
|
</UnorderedList>
|
data/spec/nexpose_upload_spec.rb
CHANGED
|
@@ -119,7 +119,7 @@ describe 'Nexpose upload plugin' do
|
|
|
119
119
|
|
|
120
120
|
expect(@content_service).to receive(:create_issue) do |args|
|
|
121
121
|
expect(args[:text]).to include("#[Title]#\nApache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)")
|
|
122
|
-
expect(args[:id]).to eq('
|
|
122
|
+
expect(args[:id]).to eq('test-02')
|
|
123
123
|
OpenStruct.new(args)
|
|
124
124
|
end.once
|
|
125
125
|
|
|
@@ -129,6 +129,12 @@ describe 'Nexpose upload plugin' do
|
|
|
129
129
|
expect(args[:node].label).to eq('1.1.1.1')
|
|
130
130
|
end.once
|
|
131
131
|
|
|
132
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
|
133
|
+
expect(args[:content]).to include("#[ID]#\ntest-02\n\n")
|
|
134
|
+
expect(args[:issue].id).to eq('test-02')
|
|
135
|
+
expect(args[:node].label).to eq('1.1.1.1')
|
|
136
|
+
end.once
|
|
137
|
+
|
|
132
138
|
@importer.import(file: @fixtures_dir + '/full.xml')
|
|
133
139
|
|
|
134
140
|
expect(Node.find_by(label: '1.1.1.1').properties[:os]).to eq('IOS')
|
|
@@ -144,7 +150,7 @@ describe 'Nexpose upload plugin' do
|
|
|
144
150
|
end
|
|
145
151
|
|
|
146
152
|
# Regression test for github.com/dradis/dradis-nexpose/issues/1
|
|
147
|
-
it 'populates solutions regardless they are wrapped in paragraphs or lists' do
|
|
153
|
+
it 'populates solutions regardless of if they are wrapped in paragraphs or lists' do
|
|
148
154
|
expect(@content_service).to receive(:create_issue) do |args|
|
|
149
155
|
expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
|
|
150
156
|
OpenStruct.new(args)
|
|
@@ -159,6 +165,20 @@ describe 'Nexpose upload plugin' do
|
|
|
159
165
|
@importer.import(file: @fixtures_dir + '/full.xml')
|
|
160
166
|
end
|
|
161
167
|
|
|
168
|
+
it 'populates tests regardless of if they contain paragraphs or containerblockelements' do
|
|
169
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
|
170
|
+
expect(args[:content]).to include("#[Content]#\nThe following NTP variables")
|
|
171
|
+
OpenStruct.new(args)
|
|
172
|
+
end.once
|
|
173
|
+
|
|
174
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
|
175
|
+
expect(args[:content]).to include("#[Content]#\nVulnerable URL:")
|
|
176
|
+
OpenStruct.new(args)
|
|
177
|
+
end.once
|
|
178
|
+
|
|
179
|
+
@importer.import(file: @fixtures_dir + '/full.xml')
|
|
180
|
+
end
|
|
181
|
+
|
|
162
182
|
it 'transforms html entities (< and >)' do
|
|
163
183
|
expect(@content_service).to receive(:create_issue) do |args|
|
|
164
184
|
expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-nexpose
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.13.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-08-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -42,16 +42,16 @@ dependencies:
|
|
|
42
42
|
name: bundler
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - "
|
|
45
|
+
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '0'
|
|
47
|
+
version: '2.0'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - "
|
|
52
|
+
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '0'
|
|
54
|
+
version: '2.0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rake
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -121,6 +121,7 @@ files:
|
|
|
121
121
|
- lib/dradis/plugins/nexpose/formats/simple.rb
|
|
122
122
|
- lib/dradis/plugins/nexpose/gem_version.rb
|
|
123
123
|
- lib/dradis/plugins/nexpose/importer.rb
|
|
124
|
+
- lib/dradis/plugins/nexpose/mapping.rb
|
|
124
125
|
- lib/dradis/plugins/nexpose/version.rb
|
|
125
126
|
- lib/nexpose/endpoint.rb
|
|
126
127
|
- lib/nexpose/node.rb
|
|
@@ -135,24 +136,12 @@ files:
|
|
|
135
136
|
- spec/fixtures/files/ssl.xml
|
|
136
137
|
- spec/nexpose_upload_spec.rb
|
|
137
138
|
- spec/spec_helper.rb
|
|
138
|
-
- templates/full_evidence.fields
|
|
139
139
|
- templates/full_evidence.sample
|
|
140
|
-
- templates/full_evidence.template
|
|
141
|
-
- templates/full_node.fields
|
|
142
140
|
- templates/full_node.sample
|
|
143
|
-
- templates/full_node.template
|
|
144
|
-
- templates/full_scan.fields
|
|
145
141
|
- templates/full_scan.sample
|
|
146
|
-
- templates/full_scan.template
|
|
147
|
-
- templates/full_service.fields
|
|
148
142
|
- templates/full_service.sample
|
|
149
|
-
- templates/full_service.template
|
|
150
|
-
- templates/full_vulnerability.fields
|
|
151
143
|
- templates/full_vulnerability.sample
|
|
152
|
-
- templates/full_vulnerability.template
|
|
153
|
-
- templates/simple_port.fields
|
|
154
144
|
- templates/simple_port.sample
|
|
155
|
-
- templates/simple_port.template
|
|
156
145
|
homepage: https://dradis.com/integrations/nexpose.html
|
|
157
146
|
licenses:
|
|
158
147
|
- GPL-2
|
|
@@ -172,7 +161,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
172
161
|
- !ruby/object:Gem::Version
|
|
173
162
|
version: '0'
|
|
174
163
|
requirements: []
|
|
175
|
-
rubygems_version: 3.
|
|
164
|
+
rubygems_version: 3.5.6
|
|
176
165
|
signing_key:
|
|
177
166
|
specification_version: 4
|
|
178
167
|
summary: Nexpose add-on for the Dradis Framework.
|
data/templates/full_node.fields
DELETED
data/templates/full_scan.fields
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
vulnerability.added
|
|
2
|
-
vulnerability.cvss_score
|
|
3
|
-
vulnerability.cvss_vector
|
|
4
|
-
vulnerability.description
|
|
5
|
-
vulnerability.modified
|
|
6
|
-
vulnerability.nexpose_id
|
|
7
|
-
vulnerability.pci_severity
|
|
8
|
-
vulnerability.published
|
|
9
|
-
vulnerability.risk_score
|
|
10
|
-
vulnerability.references
|
|
11
|
-
vulnerability.severity
|
|
12
|
-
vulnerability.solution
|
|
13
|
-
vulnerability.tags
|
|
14
|
-
vulnerability.title
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
#[Title]#
|
|
2
|
-
%vulnerability.title%
|
|
3
|
-
|
|
4
|
-
#[Nexpose Id]#
|
|
5
|
-
%vulnerability.nexpose_id%
|
|
6
|
-
|
|
7
|
-
#[Severity]#
|
|
8
|
-
%vulnerability.severity%
|
|
9
|
-
|
|
10
|
-
#[PCI Severity]#
|
|
11
|
-
%vulnerability.pci_severity%
|
|
12
|
-
|
|
13
|
-
#[CVSS Score]#
|
|
14
|
-
%vulnerability.cvss_score%
|
|
15
|
-
|
|
16
|
-
#[CVSS Vector]#
|
|
17
|
-
%vulnerability.cvss_vector%
|
|
18
|
-
|
|
19
|
-
#[Published]#
|
|
20
|
-
%vulnerability.published%
|
|
21
|
-
|
|
22
|
-
#[Description]#
|
|
23
|
-
%vulnerability.description%
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
#[Solution]#
|
|
27
|
-
%vulnerability.solution%
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
#[References]#
|
|
31
|
-
%vulnerability.references%
|
|
32
|
-
|
|
33
|
-
#[Tags]#
|
|
34
|
-
%vulnerability.tags%
|