dradis-nexpose 4.13.0 → 4.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a887a44415f052dffd7f94be06ccf8c1c0475ce57532555c814540b03e4594d3
-  data.tar.gz: 71d4e7b91e47f3ff9c389867280268b42c094edde983451f7a724c46fd2b9548
+  metadata.gz: fed2206ffe5931c65cc3b1ae1c9007091b99b3f9134a9b81b4ae8b4d5496fc5f
+  data.tar.gz: bf34162969ecdd0d105d551149b51f7c20795a2bfa9b1f97c741b36e5711cfe5
 SHA512:
-  metadata.gz: d7571775280ca3ef11e74af4463e30aaf7b20c3206966b3bbbcbc32f12c487d2a31368053f5bafe1c3d96445a2051af8779ec8fa047f7bfbdb966d399b3a5002
-  data.tar.gz: 364816b376e44e503cf3fb26e02a7bfee3b32a6f0776ebb238babb6ff9a0d74b099f5efd98b43b17429e89d80dca9d3296a991ea286c9e8984541b89ab198324
+  metadata.gz: 9fa49ed385686a5910de33e05f09caafbb624e5227af713c5defd4d0485b38b0d446194bd652b03b77d43861440e1d08a2eb597ea7b13b2f8ccae9a8f1440510
+  data.tar.gz: d84b92cc9d54926f788d78dda9b87e7f1a4262ad7682278f72af62dc4917ca4877ea9e0a8754a3d4a117bee44633dbd4ce2e539e197069b523a5c7615b2d1acf

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+v4.14.0 (October 2024)
+- Separate general importer into Full & Simple importers
+
 v4.13.0 (July 2024)
   - No changes
 

data/lib/dradis/plugins/nexpose/engine.rb

@@ -5,5 +5,17 @@ module Dradis::Plugins::Nexpose
     include ::Dradis::Plugins::Base
     description 'Processes Nexpose XML format'
     provides :upload
+
+    # Because this plugin provides two export modules, we have to overwrite
+    # the default .uploaders() method.
+    #
+    # See:
+    #  Dradis::Plugins::Upload::Base in dradis-plugins
+    def self.uploaders
+      [
+        Dradis::Plugins::Nexpose::Full,
+        Dradis::Plugins::Nexpose::Simple
+      ]
+    end
   end
 end

data/lib/dradis/plugins/nexpose/full/importer.rb

@@ -0,0 +1,204 @@
+module Dradis::Plugins::Nexpose
+  module Full
+    def self.meta
+      package = Dradis::Plugins::Nexpose
+      {
+        name: package::Engine::plugin_name,
+        description: 'Upload Full NeXpose output file (.xml)',
+        version: package.version
+      }
+    end
+
+    class Importer < Dradis::Plugins::Upload::Importer
+
+      def self.templates
+        { evidence: 'full_evidence', issue: 'full_vulnerability' }
+      end
+
+      def initialize(args = {})
+        args[:plugin] = Dradis::Plugins::Nexpose
+        super(args)
+      end
+
+      # The framework will call this function if the user selects this plugin from
+      # the dropdown list and uploads a file.
+      # @returns true if the operation was successful, false otherwise
+      def import(params = {})
+        file_content = File.read(params[:file])
+
+        logger.info { 'Parsing NeXpose-Full XML output file...' }
+        doc = Nokogiri::XML(file_content)
+        logger.info { 'Done.' }
+
+        unless doc.root.name == 'NexposeReport'
+          error = "The document doesn't seem to be in NeXpose-Full XML format. Ensure you uploaded a NeXpose-Full XML report."
+          logger.fatal{ error }
+          content_service.create_note text: error
+          return false
+        end
+
+        process_full(doc)
+
+        logger.info { 'NeXpose-Full format successfully imported' }
+        true
+      end
+
+      private
+
+      def process_full(doc)
+        note_text = nil
+
+        @vuln_list = []
+        evidence = Hash.new { |h, k| h[k] = {} }
+
+        # First, extract scans
+        scan_node = content_service.create_node(label: 'Nexpose Scan Summary')
+        logger.info { "\tProcessing scan summary" }
+
+        doc.xpath('//scans/scan').each do |xml_scan|
+          note_text = mapping_service.apply_mapping(source: 'full_scan', data: xml_scan)
+          content_service.create_note(node: scan_node, text: note_text)
+        end
+
+        # Second, we parse the nodes
+        doc.xpath('//nodes/node').each do |xml_node|
+          nexpose_node = Nexpose::Node.new(xml_node)
+
+          host_node = content_service.create_node(label: nexpose_node.address, type: :host)
+          logger.info { "\tProcessing host: #{nexpose_node.address}" }
+
+          # add the summary note for this host
+          note_text = mapping_service.apply_mapping(source: 'full_node', data: nexpose_node)
+          content_service.create_note(node: host_node, text: note_text)
+
+          if host_node.respond_to?(:properties)
+            logger.info { "\tAdding host properties to #{nexpose_node.address}" }
+            host_node.set_property(:ip, nexpose_node.address)
+            host_node.set_property(:hostname, nexpose_node.names)
+            host_node.set_property(:os, nexpose_node.fingerprints)
+            host_node.set_property(:risk_score, nexpose_node.risk_score)
+            host_node.save
+          end
+
+          # inject this node's address into any vulnerabilities identified
+          #
+          # TODO: There is room for improvement here, we could have a hash that
+          # linked vulns with test/service and host to create proper content for
+          # Evidence.
+          nexpose_node.tests.each do |node_test|
+            test_id = node_test[:id].to_s.downcase
+
+            # We can't use the straightforward version below because Nexpose uses
+            # mixed-case some times (!)
+            #   xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[@id='#{node_test[:id]}']").first
+            # See:
+            #   http://stackoverflow.com/questions/1625446/problem-with-upper-case-and-lower-case-xpath-functions-in-selenium-ide/1625859#1625859
+            xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[translate(@id,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='#{test_id}']").first
+            xml_vuln.add_child('<hosts/>') unless xml_vuln.last_element_child.name == 'hosts'
+
+            if xml_vuln.xpath("./hosts/host[text()='#{nexpose_node.address}']").empty?
+              xml_vuln.last_element_child.add_child("<host>#{nexpose_node.address}</host>")
+            end
+
+            evidence[test_id][nexpose_node.address] ||= []
+            evidence[test_id][nexpose_node.address] << node_test
+          end
+
+          nexpose_node.endpoints.each do |endpoint|
+            # endpoint_node = content_service.create_node(label: endpoint.label, parent: host_node)
+            logger.info { "\t\tEndpoint: #{endpoint.label}" }
+
+            if host_node.respond_to?(:properties)
+              logger.info { "\t\tAdding to Services table" }
+              host_node.set_service(
+                port: endpoint.port.to_i,
+                protocol: endpoint.protocol,
+                state: endpoint.status,
+                name: endpoint.services.map(&:name).join(', '),
+                source: :nexpose,
+                # reason: port.reason,
+                # product: port.try('service').try('product'),
+                # version: port.try('service').try('version')
+              )
+            end
+
+            endpoint.services.each do |service|
+
+              # add the summary note for this service
+              note_text = mapping_service.apply_mapping(source: 'full_service', data: service)
+              # content_service.create_note(node: endpoint_node, text: note_text)
+              content_service.create_note(node: host_node, text: note_text)
+
+              # inject this node's address into any vulnerabilities identified
+              service.tests.each do |service_test|
+                test_id = service_test[:id].to_s.downcase
+
+                # For some reason Nexpose fails to include the 'http-iis-0011' vulnerability definition
+                next if test_id == 'http-iis-0011'
+
+                # We can't use the straightforward version below because Nexpose uses
+                # mixed-case some times (!)
+                #   xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[@id='#{service_test[:id]}']").first
+                # See:
+                #   http://stackoverflow.com/questions/1625446/problem-with-upper-case-and-lower-case-xpath-functions-in-selenium-ide/1625859#1625859
+                #
+                xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[translate(@id,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='#{test_id}']").first
+                xml_vuln.add_child('<hosts/>') unless xml_vuln.last_element_child.name == 'hosts'
+
+                if xml_vuln.xpath("./hosts/host[text()='#{nexpose_node.address}']").empty?
+                  xml_vuln.last_element_child.add_child("<host>#{nexpose_node.address}</host>")
+                end
+
+                evidence[test_id][nexpose_node.address] ||= []
+                evidence[test_id][nexpose_node.address] << service_test
+              end
+            end
+          end
+
+          # add note under this node for each vulnerable ./node/test/
+          host_node.save
+        end
+
+        # Third, parse vulnerability definitions
+        logger.info { "\tProcessing issue definitions:" }
+
+        doc.xpath('//VulnerabilityDefinitions/vulnerability').each do |xml_vulnerability|
+          id = xml_vulnerability['id'].downcase
+          # if @vuln_list.include?(id)
+          issue_text = mapping_service.apply_mapping(
+            source: 'full_vulnerability',
+            data: xml_vulnerability
+          )
+
+          # retrieve hosts affected by this issue (injected in step 2)
+          #
+          # There is no need for the below as Issues are linked to hosts via the
+          # corresponding Evidence instance
+          #
+          # note_text << "\n\n#[host]#\n"
+          # note_text << xml_vulnerability.xpath('./hosts/host').collect(&:text).join("\n")
+          # note_text << "\n\n"
+
+          # 3.1 create the Issue
+          issue = content_service.create_issue(text: issue_text, id: id)
+          logger.info { "\tIssue: #{issue.fields ? issue.fields['Title'] : id}" }
+
+          # 3.2 associate with the nodes via Evidence.
+          #   TODO: there is room for improvement here by providing proper Evidence content
+          xml_vulnerability.xpath('./hosts/host').map(&:text).each do |host_name|
+            # if the node exists, this just returns it
+            host_node = content_service.create_node(label: host_name, type: :host)
+
+            evidence[id][host_name].each do |evidence|
+              evidence_content = mapping_service.apply_mapping(
+                source: 'full_evidence',
+                data: evidence
+              )
+              content_service.create_evidence(content: evidence_content, issue: issue, node: host_node)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dradis/plugins/nexpose/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 13
+        MINOR = 14
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/nexpose/mapping.rb

@@ -11,7 +11,8 @@ module Dradis::Plugins::Nexpose
         'Hostname' => '{{ nexpose[node.site_name] }}',
         'Details' => "Status: {{ nexpose[node.status] }}\nDevice id: {{ nexpose[node.device_id] }}\nHW address: {{ nexpose[node.hardware_address] }}",
         'Names' => '{{ nexpose[node.names] }}',
-        'Software' => '{{ nexpose[node.software] }}'
+        'Software' => '{{ nexpose[node.software] }}',
+        'Fingerprints' => '{{ nexpose[node.fingerprints] }}'
       },
       full_scan: {
         'Title' => '{{ nexpose[scan.name] }} ({{ nexpose[scan.scan_id] }})',

data/lib/dradis/plugins/nexpose/simple/importer.rb

@@ -0,0 +1,117 @@
+module Dradis::Plugins::Nexpose
+  module Simple
+    def self.meta
+      package = Dradis::Plugins::Nexpose
+      {
+        name: package::Engine::plugin_name,
+        description: 'Upload Simple NeXpose output file (.xml)',
+        version: package.version
+      }
+    end
+
+    class Importer < Dradis::Plugins::Upload::Importer
+      def self.templates
+        {}
+      end
+
+      def initialize(args = {})
+        args[:plugin] = Dradis::Plugins::Nexpose
+        super(args)
+      end
+
+      # The framework will call this function if the user selects this plugin from
+      # the dropdown list and uploads a file.
+      # @returns true if the operation was successful, false otherwise
+      def import(params = {})
+        file_content = File.read( params[:file] )
+
+        logger.info { 'Parsing NeXpose output file...' }
+        doc = Nokogiri::XML(file_content)
+        logger.info { 'Done.' }
+
+        unless doc.root.name == 'NeXposeSimpleXML'
+          error = "The document doesn't seem to be in either NeXpose-Simple or NeXpose-Full XML format. Ensure you uploaded a Nexpose XML report."
+          logger.fatal{ error }
+          content_service.create_note text: error
+          return false
+        end
+
+        process_simple(doc)
+
+        logger.info { 'NeXpose-Simple format uploaded successfully' }
+        true
+      end
+
+      private
+
+      def process_simple(doc)
+        hosts = process_nexpose_simple_xml(doc)
+        notes_simple(hosts)
+      end
+
+      def notes_simple(hosts)
+        return if hosts.nil?
+
+        hosts.each do |host|
+          host_node = content_service.create_node(label: host['address'], type: :host)
+          content_service.create_note node: host_node, text: "Host Description : #{host['description']} \nScanner Fingerprint certainty : #{host['fingerprint']}"
+
+          generic_findings_node = content_service.create_node(label: 'Generic Findings', parent: host_node)
+          host['generic_vulns'].each do |id, finding|
+            content_service.create_note node: generic_findings_node, text: "Finding ID : #{id} \n \n Finding Refs :\n-------\n #{finding}"
+          end
+
+          port_text = nil
+          host['ports'].each do |port_label, findings|
+            port_node = content_service.create_node(label: port_label, parent: host_node)
+
+            findings.each do |id, finding|
+              port_text = mapping_service.apply_mapping(source: 'simple_port', data: {id: id, finding: finding})
+              port_text << "\n#[host]#\n#{host['address']}\n\n"
+              content_service.create_note node: port_node, text: port_text
+            end
+          end
+        end
+      end
+
+      def process_nexpose_simple_xml(doc)
+        results = doc.search('device')
+        hosts = Array.new
+        results.each do |host|
+          current_host = Hash.new
+          current_host['address'] = host['address']
+          current_host['fingerprint'] = host.search('fingerprint')[0].nil? ? "N/A" : host.search('fingerprint')[0]['certainty']
+          current_host['description'] = host.search('description')[0].nil? ? "N/A" : host.search('description')[0].text
+          #So there's two sets of vulns in a NeXpose simple XML report for each host
+          #Theres some generic ones at the top of the report
+          #And some service specific ones further down the report.
+          #So we need to get the generic ones before moving on
+          current_host['generic_vulns'] = Hash.new
+          host.xpath('vulnerabilities/vulnerability').each do |vuln|
+            current_host['generic_vulns'][vuln['id']] = ''
+            vuln.xpath('id').each do |id|
+              current_host['generic_vulns'][vuln['id']] << id['type'] + " : " + id.text + "\n"
+            end
+          end
+
+          current_host['ports'] = Hash.new
+          host.xpath('services/service').each do |service|
+            protocol = service['protocol']
+            portid = service['port']
+            port_label = protocol + '-' + portid
+            current_host['ports'][port_label] = Hash.new
+            service.xpath('vulnerabilities/vulnerability').each do |vuln|
+              current_host['ports'][port_label][vuln['id']] = ''
+              vuln.xpath('id').each do |id|
+                current_host['ports'][port_label][vuln['id']] << id['type'] + " : " + id.text + "\n"
+              end
+            end
+          end
+
+          hosts << current_host
+        end
+        return hosts
+      end
+    end
+  end
+end

data/lib/dradis/plugins/nexpose.rb

@@ -7,6 +7,7 @@ end
 
 require 'dradis/plugins/nexpose/engine'
 require 'dradis/plugins/nexpose/field_processor'
-require 'dradis/plugins/nexpose/importer'
+require 'dradis/plugins/nexpose/full/importer'
 require 'dradis/plugins/nexpose/mapping'
+require 'dradis/plugins/nexpose/simple/importer'
 require 'dradis/plugins/nexpose/version'

data/lib/tasks/thorfile.rb

@@ -1,10 +1,27 @@
 class NexposeTasks < Thor
   include Rails.application.config.dradis.thor_helper_module
 
-  namespace "dradis:plugins:nexpose"
+  namespace 'dradis:plugins:nexpose:upload'
 
-  desc "upload FILE", "upload NeXpose results"
-  def upload(file_path)
+  desc 'full FILE', 'upload NeXpose full results'
+  def full(file_path)
+    detect_and_set_project_scope
+
+    importer = Dradis::Plugins::Nexpose::Full::Importer.new(task_options)
+    importer.import(file: file_path)
+  end
+
+  desc 'simple FILE', 'upload NeXpose simple results'
+  def simple(file_path)
+    detect_and_set_project_scope
+
+    importer = Dradis::Plugins::Nexpose::Simple::Importer.new(task_options)
+    importer.import(file: file_path)
+  end
+
+  private
+
+  def process_upload(importer, file_path)
     require 'config/environment'
 
     unless File.exists?(file_path)
@@ -12,10 +29,6 @@ class NexposeTasks < Thor
       exit -1
     end
 
-    detect_and_set_project_scope
-
-    importer = Dradis::Plugins::Nexpose::Importer.new(task_options)
     importer.import(file: file_path)
   end
-
 end

data/spec/nexpose/full/importer_spec.rb

@@ -0,0 +1,108 @@
+# To run, execute from Dradis main app folder:
+# bin/rspec [dradis-nexpose path]/spec/nexpose/full/importer_spec.rb
+require 'rails_helper'
+require 'ostruct'
+require File.expand_path('../../../../../dradis-plugins/spec/support/spec_macros.rb', __FILE__)
+
+include Dradis::Plugins::SpecMacros
+
+module Dradis::Plugins
+  describe Nexpose::Full::Importer do
+    before do
+      @fixtures_dir = File.expand_path('../../../fixtures/files/', __FILE__)
+    end
+
+    before(:each) do
+      stub_content_service
+      @importer = described_class.new(content_service: @content_service)
+    end
+
+    def run_import!
+      @importer.import(file: @fixtures_dir + '/full.xml')
+    end
+
+    it 'creates nodes and associated notes as needed' do
+      expect(@content_service).to receive(:create_node).with(hash_including label: 'Nexpose Scan Summary').once
+
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:text]).to include("#[Title]#\nUSDA_Internal (4)")
+        expect(args[:node].label).to eq('Nexpose Scan Summary')
+      end.once
+
+      expect(@content_service).to receive(:create_node) do |args|
+        expect(args[:label]).to eq('1.1.1.1')
+        expect(args[:type]).to eq(:host)
+        create(:node, args.except(:type))
+      end
+
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:text]).to include("#[Title]#\n1.1.1.1")
+        expect(args[:text]).to include("#[Fingerprints]#\nIOS")
+        expect(args[:node].label).to eq('1.1.1.1')
+      end.once
+
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:text]).to include("#[Title]#\nService name: NTP")
+        expect(args[:node].label).to eq('1.1.1.1')
+      end.once
+
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:text]).to include("#[Title]#\nService name: SNMP")
+        expect(args[:node].label).to eq('1.1.1.1')
+      end.once
+
+      run_import!
+    end
+
+    it 'creates issues from vulnerability elements as needed' do
+      expect(@content_service).to receive(:create_issue) do |args|
+        expect(args[:text]).to include("#[Title]#\nApache HTTPD: error responses can expose cookies (CVE-2012-0053)")
+        expect(args[:id]).to eq('ntp-clock-variables-disclosure')
+        OpenStruct.new(args)
+      end.once
+
+      expect(@content_service).to receive(:create_issue) do |args|
+        expect(args[:text]).to include("#[Title]#\nApache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)")
+        expect(args[:id]).to eq('test-02')
+        OpenStruct.new(args)
+      end.once
+
+      run_import!
+    end
+
+    it 'creates evidence as needed' do
+      expect(@content_service).to receive(:create_evidence) do |args|
+        expect(args[:content]).to include('The following NTP variables were found from a readvar')
+        expect(args[:issue].id).to eq('ntp-clock-variables-disclosure')
+        expect(args[:node].label).to eq('1.1.1.1')
+      end.once
+
+      expect(@content_service).to receive(:create_evidence) do |args|
+        expect(args[:content]).to include('Missing HTTP header "Content-Security-Policy"')
+        expect(args[:issue].id).to eq('test-02')
+        expect(args[:node].label).to eq('1.1.1.1')
+      end
+
+      run_import!
+    end
+
+    describe 'With duplicate nodes' do
+      it 'creates evidence for each instance of the node' do
+        expect(@content_service).to receive(:create_node).with(hash_including label: 'Nexpose Scan Summary').once
+        expect(@content_service).to receive(:create_node) do |args|
+          expect(args[:label]).to eq('1.1.1.1')
+          expect(args[:type]).to eq(:host)
+          create(:node, args.except(:type))
+        end
+
+        expect(@content_service).to receive(:create_evidence) do |args|
+          expect(args[:content]).to include("#[ID]#\nntp-clock-variables-disclosure\n\n")
+          expect(args[:issue].id).to eq('ntp-clock-variables-disclosure')
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.twice
+
+        @importer.import(file: @fixtures_dir + '/full_with_duplicate_node.xml')
+      end
+    end
+  end
+end

data/spec/nexpose/simple/importer_spec.rb

@@ -0,0 +1,60 @@
+# To run, execute from Dradis main app folder:
+# bin/rspec [dradis-nexpose path]/spec/nexpose/simple/importer_spec.rb
+require 'rails_helper'
+require 'ostruct'
+require File.expand_path('../../../../../dradis-plugins/spec/support/spec_macros.rb', __FILE__)
+
+include Dradis::Plugins::SpecMacros
+
+module Dradis::Plugins
+  describe Nexpose::Simple::Importer do
+    before do
+      @fixtures_dir = File.expand_path('../../../fixtures/files/', __FILE__)
+    end
+
+    before(:each) do
+      stub_content_service
+      @importer = described_class.new(content_service: @content_service)
+    end
+
+    def run_import!
+      @importer.import(file: @fixtures_dir + '/simple.xml')
+    end
+
+    it 'creates nodes and associated notes as needed' do
+      expect(@content_service).to receive(:create_node).with(hash_including label: '1.1.1.1', type: :host).once
+
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:text]).to include('Host Description : Linux 2.6.9-89.ELsmp')
+        expect(args[:text]).to include('Scanner Fingerprint certainty : 0.80')
+        expect(args[:node].label).to eq('1.1.1.1')
+      end.once
+
+      expect(@content_service).to receive(:create_node) do |args|
+        expect(args[:label]).to eq('Generic Findings')
+        expect(args[:parent].label).to eq('1.1.1.1')
+        OpenStruct.new(args)
+      end.once
+
+      expect(@content_service).to receive(:create_node) do |args|
+        expect(args[:label]).to eq('udp-000')
+        expect(args[:parent].label).to eq('1.1.1.1')
+        OpenStruct.new(args)
+      end.once
+
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:text]).to include("#[Id]#\nntpd-crypto")
+        expect(args[:text]).to include("#[host]#\n1.1.1.1")
+        expect(args[:node].label).to eq('udp-000')
+      end.once
+
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:text]).to include("#[Id]#\nntp-clock-radio")
+        expect(args[:text]).to include("#[host]#\n1.1.1.1")
+        expect(args[:node].label).to eq('udp-000')
+      end.once
+
+      run_import!
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nexpose
 version: !ruby/object:Gem::Version
-  version: 4.13.0
+  version: 4.14.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-07 00:00:00.000000000 Z
+date: 2024-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -117,11 +117,10 @@ files:
 - lib/dradis/plugins/nexpose.rb
 - lib/dradis/plugins/nexpose/engine.rb
 - lib/dradis/plugins/nexpose/field_processor.rb
-- lib/dradis/plugins/nexpose/formats/full.rb
-- lib/dradis/plugins/nexpose/formats/simple.rb
+- lib/dradis/plugins/nexpose/full/importer.rb
 - lib/dradis/plugins/nexpose/gem_version.rb
-- lib/dradis/plugins/nexpose/importer.rb
 - lib/dradis/plugins/nexpose/mapping.rb
+- lib/dradis/plugins/nexpose/simple/importer.rb
 - lib/dradis/plugins/nexpose/version.rb
 - lib/nexpose/endpoint.rb
 - lib/nexpose/node.rb
@@ -134,7 +133,8 @@ files:
 - spec/fixtures/files/full_with_duplicate_node.xml
 - spec/fixtures/files/simple.xml
 - spec/fixtures/files/ssl.xml
-- spec/nexpose_upload_spec.rb
+- spec/nexpose/full/importer_spec.rb
+- spec/nexpose/simple/importer_spec.rb
 - spec/spec_helper.rb
 - templates/full_evidence.sample
 - templates/full_node.sample
@@ -170,5 +170,6 @@ test_files:
 - spec/fixtures/files/full_with_duplicate_node.xml
 - spec/fixtures/files/simple.xml
 - spec/fixtures/files/ssl.xml
-- spec/nexpose_upload_spec.rb
+- spec/nexpose/full/importer_spec.rb
+- spec/nexpose/simple/importer_spec.rb
 - spec/spec_helper.rb

data/lib/dradis/plugins/nexpose/formats/full.rb

@@ -1,163 +0,0 @@
-module Dradis::Plugins::Nexpose::Formats
-  # This module knows how to parse Nexpose Ful XML format.
-  module Full
-    private
-
-    def process_full(doc)
-      note_text = nil
-
-      @vuln_list = []
-      evidence = Hash.new { |h, k| h[k] = {} }
-
-      # First, extract scans
-      scan_node = content_service.create_node(label: 'Nexpose Scan Summary')
-      logger.info { "\tProcessing scan summary" }
-
-      doc.xpath('//scans/scan').each do |xml_scan|
-        note_text = mapping_service.apply_mapping(source: 'full_scan', data: xml_scan)
-        content_service.create_note(node: scan_node, text: note_text)
-      end
-
-      # Second, we parse the nodes
-      doc.xpath('//nodes/node').each do |xml_node|
-        nexpose_node = Nexpose::Node.new(xml_node)
-
-        host_node = content_service.create_node(label: nexpose_node.address, type: :host)
-        logger.info { "\tProcessing host: #{nexpose_node.address}" }
-
-        # add the summary note for this host
-        note_text = mapping_service.apply_mapping(source: 'full_node', data: nexpose_node)
-        content_service.create_note(node: host_node, text: note_text)
-
-        if host_node.respond_to?(:properties)
-          logger.info { "\tAdding host properties to #{nexpose_node.address}" }
-          host_node.set_property(:ip, nexpose_node.address)
-          host_node.set_property(:hostname, nexpose_node.names)
-          host_node.set_property(:os, nexpose_node.fingerprints)
-          host_node.set_property(:risk_score, nexpose_node.risk_score)
-          host_node.save
-        end
-
-        # inject this node's address into any vulnerabilities identified
-        #
-        # TODO: There is room for improvement here, we could have a hash that
-        # linked vulns with test/service and host to create proper content for
-        # Evidence.
-        nexpose_node.tests.each do |node_test|
-          test_id = node_test[:id].to_s.downcase
-
-          # We can't use the straightforward version below because Nexpose uses
-          # mixed-case some times (!)
-          #   xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[@id='#{node_test[:id]}']").first
-          # See:
-          #   http://stackoverflow.com/questions/1625446/problem-with-upper-case-and-lower-case-xpath-functions-in-selenium-ide/1625859#1625859
-          xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[translate(@id,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='#{test_id}']").first
-          xml_vuln.add_child('<hosts/>') unless xml_vuln.last_element_child.name == 'hosts'
-
-          if xml_vuln.xpath("./hosts/host[text()='#{nexpose_node.address}']").empty?
-            xml_vuln.last_element_child.add_child("<host>#{nexpose_node.address}</host>")
-          end
-
-          evidence[test_id][nexpose_node.address] ||= []
-          evidence[test_id][nexpose_node.address] << node_test
-        end
-
-        nexpose_node.endpoints.each do |endpoint|
-          # endpoint_node = content_service.create_node(label: endpoint.label, parent: host_node)
-          logger.info { "\t\tEndpoint: #{endpoint.label}" }
-
-          if host_node.respond_to?(:properties)
-            logger.info { "\t\tAdding to Services table" }
-            host_node.set_service(
-              port: endpoint.port.to_i,
-              protocol: endpoint.protocol,
-              state: endpoint.status,
-              name: endpoint.services.map(&:name).join(', '),
-              source: :nexpose,
-              # reason: port.reason,
-              # product: port.try('service').try('product'),
-              # version: port.try('service').try('version')
-            )
-          end
-
-          endpoint.services.each do |service|
-
-            # add the summary note for this service
-            note_text = mapping_service.apply_mapping(source: 'full_service', data: service)
-            # content_service.create_note(node: endpoint_node, text: note_text)
-            content_service.create_note(node: host_node, text: note_text)
-
-            # inject this node's address into any vulnerabilities identified
-            service.tests.each do |service_test|
-              test_id = service_test[:id].to_s.downcase
-
-              # For some reason Nexpose fails to include the 'http-iis-0011' vulnerability definition
-              next if test_id == 'http-iis-0011'
-
-              # We can't use the straightforward version below because Nexpose uses
-              # mixed-case some times (!)
-              #   xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[@id='#{service_test[:id]}']").first
-              # See:
-              #   http://stackoverflow.com/questions/1625446/problem-with-upper-case-and-lower-case-xpath-functions-in-selenium-ide/1625859#1625859
-              #
-              xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[translate(@id,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='#{test_id}']").first
-              xml_vuln.add_child('<hosts/>') unless xml_vuln.last_element_child.name == 'hosts'
-
-              if xml_vuln.xpath("./hosts/host[text()='#{nexpose_node.address}']").empty?
-                xml_vuln.last_element_child.add_child("<host>#{nexpose_node.address}</host>")
-              end
-
-              evidence[test_id][nexpose_node.address] ||= []
-              evidence[test_id][nexpose_node.address] << service_test
-            end
-          end
-        end
-
-        # add note under this node for each vulnerable ./node/test/
-        host_node.save
-      end
-
-      # Third, parse vulnerability definitions
-      logger.info { "\tProcessing issue definitions:" }
-
-      doc.xpath('//VulnerabilityDefinitions/vulnerability').each do |xml_vulnerability|
-        id = xml_vulnerability['id'].downcase
-        # if @vuln_list.include?(id)
-        issue_text = mapping_service.apply_mapping(
-          source: 'full_vulnerability',
-          data: xml_vulnerability
-        )
-
-        # retrieve hosts affected by this issue (injected in step 2)
-        #
-        # There is no need for the below as Issues are linked to hosts via the
-        # corresponding Evidence instance
-        #
-        # note_text << "\n\n#[host]#\n"
-        # note_text << xml_vulnerability.xpath('./hosts/host').collect(&:text).join("\n")
-        # note_text << "\n\n"
-
-        # 3.1 create the Issue
-        issue = content_service.create_issue(text: issue_text, id: id)
-        logger.info { "\tIssue: #{issue.fields ? issue.fields['Title'] : id}" }
-
-        # 3.2 associate with the nodes via Evidence.
-        #   TODO: there is room for improvement here by providing proper Evidence content
-        xml_vulnerability.xpath('./hosts/host').map(&:text).each do |host_name|
-          # if the node exists, this just returns it
-          host_node = content_service.create_node(label: host_name, type: :host)
-
-          evidence[id][host_name].each do |evidence|
-            evidence_content = mapping_service.apply_mapping(
-              source: 'full_evidence',
-              data: evidence
-            )
-            content_service.create_evidence(content: evidence_content, issue: issue, node: host_node)
-          end
-        end
-
-        # end
-      end
-    end # /parse_nexpose_full_xml
-  end
-end

data/lib/dradis/plugins/nexpose/formats/simple.rb

@@ -1,76 +0,0 @@
-module Dradis::Plugins::Nexpose::Formats
-
-  # This module knows how to parse Nexpose Simple XML format.
-  module Simple
-    private
-
-    def process_simple(doc)
-      hosts = process_nexpose_simple_xml(doc)
-      notes_simple(hosts)
-    end
-
-    def notes_simple(hosts)
-      return if hosts.nil?
-
-      hosts.each do |host|
-        host_node = content_service.create_node(label: host['address'], type: :host)
-        content_service.create_note node: host_node, text: "Host Description : #{host['description']} \nScanner Fingerprint certainty : #{host['fingerprint']}"
-
-        generic_findings_node = content_service.create_node(label: 'Generic Findings', parent: host_node)
-        host['generic_vulns'].each do |id, finding|
-          content_service.create_note node: generic_findings_node, text: "Finding ID : #{id} \n \n Finding Refs :\n-------\n #{finding}"
-        end
-
-        port_text = nil
-        host['ports'].each do |port_label, findings|
-          port_node = content_service.create_node(label: port_label, parent: host_node)
-
-          findings.each do |id, finding|
-            port_text = mapping_service.apply_mapping(source: 'simple_port', data: {id: id, finding: finding})
-            port_text << "\n#[host]#\n#{host['address']}\n\n"
-            content_service.create_note node: port_node, text: port_text
-          end
-        end
-      end
-    end
-
-    def process_nexpose_simple_xml(doc)
-      results = doc.search('device')
-      hosts = Array.new
-      results.each do |host|
-        current_host = Hash.new
-        current_host['address'] = host['address']
-        current_host['fingerprint'] = host.search('fingerprint')[0].nil? ? "N/A" : host.search('fingerprint')[0]['certainty']
-        current_host['description'] = host.search('description')[0].nil? ? "N/A" : host.search('description')[0].text
-        #So there's two sets of vulns in a NeXpose simple XML report for each host
-        #Theres some generic ones at the top of the report
-        #And some service specific ones further down the report.
-        #So we need to get the generic ones before moving on
-        current_host['generic_vulns'] = Hash.new
-        host.xpath('vulnerabilities/vulnerability').each do |vuln|
-          current_host['generic_vulns'][vuln['id']] = ''
-          vuln.xpath('id').each do |id|
-            current_host['generic_vulns'][vuln['id']] << id['type'] + " : " + id.text + "\n"
-          end
-        end
-
-        current_host['ports'] = Hash.new
-        host.xpath('services/service').each do |service|
-          protocol = service['protocol']
-          portid = service['port']
-          port_label = protocol + '-' + portid
-          current_host['ports'][port_label] = Hash.new
-          service.xpath('vulnerabilities/vulnerability').each do |vuln|
-            current_host['ports'][port_label][vuln['id']] = ''
-            vuln.xpath('id').each do |id|
-              current_host['ports'][port_label][vuln['id']] << id['type'] + " : " + id.text + "\n"
-            end
-          end
-        end
-
-        hosts << current_host
-      end
-      return hosts
-    end
-  end
-end

data/lib/dradis/plugins/nexpose/importer.rb

@@ -1,38 +0,0 @@
-require 'dradis/plugins/nexpose/formats/full'
-require 'dradis/plugins/nexpose/formats/simple'
-
-module Dradis::Plugins::Nexpose
-  class Importer < Dradis::Plugins::Upload::Importer
-
-    include Formats::Full
-    include Formats::Simple
-
-    def self.templates
-      { evidence: 'full_evidence', issue: 'full_vulnerability' }
-    end
-
-    # The framework will call this function if the user selects this plugin from
-    # the dropdown list and uploads a file.
-    # @returns true if the operation was successful, false otherwise
-    def import(params={})
-      file_content = File.read( params[:file] )
-
-      logger.info { 'Parsing NeXpose output file...' }
-      doc = Nokogiri::XML(file_content)
-      logger.info { 'Done.' }
-
-      if doc.root.name == 'NeXposeSimpleXML'
-        logger.info { 'NeXpose-Simple format detected' }
-        process_simple(doc)
-      elsif doc.root.name == 'NexposeReport'
-        logger.info { 'NeXpose-Full format detected' }
-        process_full(doc)
-      else
-        error = "The document doesn't seem to be in either NeXpose-Simple or NeXpose-Full XML format. Ensure you uploaded a Nexpose XML report."
-        logger.fatal{ error }
-        content_service.create_note text: error
-        return false
-      end
-    end
-  end
-end

data/spec/nexpose_upload_spec.rb

@@ -1,221 +0,0 @@
-require 'rails_helper'
-require 'ostruct'
-
-describe 'Nexpose upload plugin' do
-  before do
-    @fixtures_dir = File.expand_path('../fixtures/files/', __FILE__)
-  end
-
-  describe 'importer' do
-    before(:each) do
-      # Stub template service
-      templates_dir = File.expand_path('../../templates', __FILE__)
-      expect_any_instance_of(Dradis::Plugins::TemplateService)
-        .to receive(:default_templates_dir).and_return(templates_dir)
-
-      # Init services
-      plugin = Dradis::Plugins::Nexpose
-
-      @content_service = Dradis::Plugins::ContentService::Base.new(
-        logger: Logger.new(STDOUT),
-        plugin: plugin
-      )
-
-      @importer = plugin::Importer.new(
-        content_service: @content_service,
-      )
-
-      # Stub dradis-plugins methods
-      #
-      # They return their argument hashes as objects mimicking
-      # Nodes, Issues, etc
-      allow(@content_service).to receive(:create_node) do |args|
-        OpenStruct.new(args)
-      end
-      allow(@content_service).to receive(:create_note) do |args|
-        OpenStruct.new(args)
-      end
-      allow(@content_service).to receive(:create_issue) do |args|
-        OpenStruct.new(args)
-      end
-      allow(@content_service).to receive(:create_evidence) do |args|
-        OpenStruct.new(args)
-      end
-    end
-
-    describe 'Importer: Simple' do
-      it 'creates nodes, issues, notes and an evidences as needed' do
-
-        expect(@content_service).to receive(:create_node).with(hash_including label: '1.1.1.1', type: :host).once
-
-        expect(@content_service).to receive(:create_note) do |args|
-          expect(args[:text]).to include('Host Description : Linux 2.6.9-89.ELsmp')
-          expect(args[:text]).to include('Scanner Fingerprint certainty : 0.80')
-          expect(args[:node].label).to eq('1.1.1.1')
-        end.once
-
-        expect(@content_service).to receive(:create_node) do |args|
-          expect(args[:label]).to eq('Generic Findings')
-          expect(args[:parent].label).to eq('1.1.1.1')
-          OpenStruct.new(args)
-        end.once
-
-        expect(@content_service).to receive(:create_node) do |args|
-          expect(args[:label]).to eq('udp-000')
-          expect(args[:parent].label).to eq('1.1.1.1')
-          OpenStruct.new(args)
-        end.once
-
-        expect(@content_service).to receive(:create_note) do |args|
-          expect(args[:text]).to include("#[Id]#\nntpd-crypto")
-          expect(args[:text]).to include("#[host]#\n1.1.1.1")
-          expect(args[:node].label).to eq('udp-000')
-        end.once
-
-        expect(@content_service).to receive(:create_note) do |args|
-          expect(args[:text]).to include("#[Id]#\nntp-clock-radio")
-          expect(args[:text]).to include("#[host]#\n1.1.1.1")
-          expect(args[:node].label).to eq('udp-000')
-        end.once
-
-        @importer.import(file: @fixtures_dir + '/simple.xml')
-      end
-    end
-
-    describe 'Importer: Full' do
-      it 'creates nodes, issues, notes and an evidences as needed' do
-        expect(@content_service).to receive(:create_node).with(hash_including label: 'Nexpose Scan Summary').once
-        expect(@content_service).to receive(:create_note) do |args|
-          expect(args[:text]).to include("#[Title]#\nUSDA_Internal (4)")
-          expect(args[:node].label).to eq('Nexpose Scan Summary')
-        end.once
-
-        expect(@content_service).to receive(:create_node) do |args|
-          expect(args[:label]).to eq('1.1.1.1')
-          expect(args[:type]).to eq(:host)
-          create(:node, args.except(:type))
-        end
-
-        expect(@content_service).to receive(:create_note) do |args|
-          expect(args[:text]).to include("#[Title]#\n1.1.1.1")
-          expect(args[:node].label).to eq('1.1.1.1')
-        end.once
-
-        expect(@content_service).to receive(:create_note) do |args|
-          expect(args[:text]).to include("#[Title]#\nService name: NTP")
-          expect(args[:node].label).to eq('1.1.1.1')
-        end.once
-
-        expect(@content_service).to receive(:create_note) do |args|
-          expect(args[:text]).to include("#[Title]#\nService name: SNMP")
-          expect(args[:node].label).to eq('1.1.1.1')
-        end.once
-
-        expect(@content_service).to receive(:create_issue) do |args|
-          expect(args[:text]).to include("#[Title]#\nApache HTTPD: error responses can expose cookies (CVE-2012-0053)")
-          expect(args[:id]).to eq('ntp-clock-variables-disclosure')
-          OpenStruct.new(args)
-        end.once
-
-        expect(@content_service).to receive(:create_issue) do |args|
-          expect(args[:text]).to include("#[Title]#\nApache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)")
-          expect(args[:id]).to eq('test-02')
-          OpenStruct.new(args)
-        end.once
-
-        expect(@content_service).to receive(:create_evidence) do |args|
-          expect(args[:content]).to include("#[ID]#\nntp-clock-variables-disclosure\n\n")
-          expect(args[:issue].id).to eq('ntp-clock-variables-disclosure')
-          expect(args[:node].label).to eq('1.1.1.1')
-        end.once
-
-        expect(@content_service).to receive(:create_evidence) do |args|
-          expect(args[:content]).to include("#[ID]#\ntest-02\n\n")
-          expect(args[:issue].id).to eq('test-02')
-          expect(args[:node].label).to eq('1.1.1.1')
-        end.once
-
-        @importer.import(file: @fixtures_dir + '/full.xml')
-
-        expect(Node.find_by(label: '1.1.1.1').properties[:os]).to eq('IOS')
-      end
-
-      it 'wraps ciphers inside ssl issues in code blocks' do
-        expect(@content_service).to receive(:create_issue) do |args|
-          expect(args[:text]).to include('bc. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256')
-          OpenStruct.new(args)
-        end.once
-
-        @importer.import(file: @fixtures_dir + '/ssl.xml')
-      end
-
-      # Regression test for github.com/dradis/dradis-nexpose/issues/1
-      it 'populates solutions regardless of if they are wrapped in paragraphs or lists' do
-        expect(@content_service).to receive(:create_issue) do |args|
-          expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
-          OpenStruct.new(args)
-        end.once
-
-        expect(@content_service).to receive(:create_issue) do |args|
-          expect(args[:text]).to include("#[Solution]#\n")
-          expect(args[:text]).to include('You can remove inode information from the ETag header')
-          OpenStruct.new(args)
-        end.once
-
-        @importer.import(file: @fixtures_dir + '/full.xml')
-      end
-
-      it 'populates tests regardless of if they contain paragraphs or containerblockelements' do
-        expect(@content_service).to receive(:create_evidence) do |args|
-          expect(args[:content]).to include("#[Content]#\nThe following NTP variables")
-          OpenStruct.new(args)
-        end.once
-  
-        expect(@content_service).to receive(:create_evidence) do |args|
-          expect(args[:content]).to include("#[Content]#\nVulnerable URL:")
-          OpenStruct.new(args)
-        end.once
-
-        @importer.import(file: @fixtures_dir + '/full.xml')
-      end
-
-      it 'transforms html entities (&lt; and &gt;)' do
-        expect(@content_service).to receive(:create_issue) do |args|
-          expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
-          OpenStruct.new(args)
-        end
-
-        @importer.import(file: @fixtures_dir + '/full.xml')
-      end
-    end
-
-    describe 'Importer: Full with duplicate nodes' do
-      it 'creates evidence for each instance of the node' do
-        expect(@content_service).to receive(:create_node).with(hash_including label: 'Nexpose Scan Summary').once
-        expect(@content_service).to receive(:create_node) do |args|
-          expect(args[:label]).to eq('1.1.1.1')
-          expect(args[:type]).to eq(:host)
-          create(:node, args.except(:type))
-        end
-
-        expect(@content_service).to receive(:create_evidence) do |args|
-          expect(args[:content]).to include("#[ID]#\nntp-clock-variables-disclosure\n\n")
-          expect(args[:issue].id).to eq('ntp-clock-variables-disclosure')
-          expect(args[:node].label).to eq('1.1.1.1')
-        end.twice
-
-        @importer.import(file: @fixtures_dir + '/full_with_duplicate_node.xml')
-      end
-    end
-  end
-
-  it 'parses the fingerprints field' do
-    doc = Nokogiri::XML(File.read(@fixtures_dir + '/full.xml'))
-
-    ts = Dradis::Plugins::TemplateService.new(plugin: Dradis::Plugins::Nexpose)
-    ts.set_template(template: 'full_node', content: "#[Fingerprints]#\n%node.fingerprints%\n")
-    result = ts.process_template(data: doc.at_xpath('//nodes/node'), template: 'full_node')
-
-    expect(result).to include('IOS')
-  end
-end