dradis-nexpose 4.14.0 → 4.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/dradis/plugins/nexpose/gem_version.rb +1 -1
- data/lib/nexpose/node.rb +13 -11
- data/spec/fixtures/files/full.xml +9 -0
- data/spec/fixtures/files/full_with_duplicate_node.xml +4 -1
- data/spec/nexpose_upload_spec.rb +58 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 741c488c76cb9554ce3b2a61997374262453a38e3256cad93c1885602d872bca
|
|
4
|
+
data.tar.gz: c896b751650744b60e8ddfeae40c4cba4277901d404e95bdb594674024227038
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 93068f684c000bcf4cb4f5944b38dd3e57ae7152c7c9f046b8db9e65c46a76323f5b399feffa47474cb62af5da17e26746af419c4a9eacd824437d5f6d0cae0e
|
|
7
|
+
data.tar.gz: e812c05c84e2b12e36fdb858eadd2daf02bd87b5c69cf5cc7b4cbaa9cbc8fe7eb213e12d58c8518a0c631fcb08bb0ff78973cdbd264d8f741021a84817adee8c
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
v4.15.0 (December 2024)
|
|
2
|
+
- No changes
|
|
3
|
+
|
|
1
4
|
v4.14.0 (October 2024)
|
|
2
5
|
- Separate general importer into Full & Simple importers
|
|
3
6
|
|
|
@@ -7,6 +10,7 @@ v4.13.0 (July 2024)
|
|
|
7
10
|
v4.12.0 (May 2024)
|
|
8
11
|
- Migrate integration to use Mappings Manager
|
|
9
12
|
- Update Dradis links in README
|
|
13
|
+
- Use 'n/a' as OS node property if there is no product value
|
|
10
14
|
|
|
11
15
|
v4.11.0 (January 2024)
|
|
12
16
|
- Add port/protocol to evidences
|
data/lib/nexpose/node.rb
CHANGED
|
@@ -83,22 +83,24 @@ module Nexpose
|
|
|
83
83
|
# Finally the enumerations: names
|
|
84
84
|
if method_name == 'names'
|
|
85
85
|
@xml.xpath('./names/name').collect(&:text)
|
|
86
|
-
|
|
87
86
|
elsif ['fingerprints', 'software'].include?(method_name)
|
|
88
|
-
|
|
89
|
-
xpath_selector = {
|
|
90
|
-
'fingerprints' => './fingerprints/os',
|
|
91
|
-
'software' => './software/fingerprint'
|
|
92
|
-
}[method_name]
|
|
93
|
-
|
|
94
|
-
xml_os = @xml.at_xpath(xpath_selector)
|
|
95
|
-
return '' if xml_os.nil?
|
|
96
|
-
|
|
97
|
-
xml_os.attributes['product'].value
|
|
87
|
+
get_fingerprint_product(method_name)
|
|
98
88
|
else
|
|
99
89
|
# nothing found, the tag is valid but not present in this ReportItem
|
|
100
90
|
return nil
|
|
101
91
|
end
|
|
102
92
|
end
|
|
93
|
+
|
|
94
|
+
private
|
|
95
|
+
|
|
96
|
+
# returns the first 'product' value from the <fingerprints> or <software> element
|
|
97
|
+
def get_fingerprint_product(method_name)
|
|
98
|
+
xpath_selector = {
|
|
99
|
+
'fingerprints' => './fingerprints/os',
|
|
100
|
+
'software' => './software/fingerprint'
|
|
101
|
+
}[method_name]
|
|
102
|
+
|
|
103
|
+
@xml.at_xpath(xpath_selector + '/@product')&.value || 'n/a'
|
|
104
|
+
end
|
|
103
105
|
end
|
|
104
106
|
end
|
|
@@ -11,6 +11,15 @@
|
|
|
11
11
|
<fingerprints>
|
|
12
12
|
<os certainty="0.80" family="IOS" product="IOS" vendor="Cisco" arch="x86_64"/>
|
|
13
13
|
</fingerprints>
|
|
14
|
+
<software>
|
|
15
|
+
<fingerprint
|
|
16
|
+
certainty="1.00"
|
|
17
|
+
software-class="General"
|
|
18
|
+
vendor="Sun"
|
|
19
|
+
family="Java"
|
|
20
|
+
product="JRE"
|
|
21
|
+
version="1.6.0.22"/>
|
|
22
|
+
</software>
|
|
14
23
|
<tests/>
|
|
15
24
|
<endpoints>
|
|
16
25
|
<endpoint port="123" protocol="udp" status="open">
|
|
@@ -9,8 +9,11 @@
|
|
|
9
9
|
<name>localhost:5000</name>
|
|
10
10
|
</names>
|
|
11
11
|
<fingerprints>
|
|
12
|
-
<os certainty="0.80" family="IOS"
|
|
12
|
+
<os certainty="0.80" family="IOS" vendor="Cisco" arch="x86_64"/>
|
|
13
13
|
</fingerprints>
|
|
14
|
+
<software>
|
|
15
|
+
<fingerprint certainty="1.00" vendor="Sun" family="Java"/>
|
|
16
|
+
</software>
|
|
14
17
|
<tests/>
|
|
15
18
|
<endpoints>
|
|
16
19
|
<endpoint port="123" protocol="udp" status="open">
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
require 'rails_helper'
|
|
2
|
+
require 'ostruct'
|
|
3
|
+
|
|
4
|
+
describe 'Nexpose upload plugin' do
|
|
5
|
+
before do
|
|
6
|
+
@fixtures_dir = File.expand_path('../fixtures/files/', __FILE__)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
describe 'Importer: Full with fingerprints elements' do
|
|
10
|
+
def apply_mapping(doc, field)
|
|
11
|
+
ms = Dradis::Plugins::MappingService.new(
|
|
12
|
+
integration: Dradis::Plugins::Nexpose
|
|
13
|
+
)
|
|
14
|
+
mapping_fields = [OpenStruct.new(
|
|
15
|
+
destination_field: 'Fingerprints',
|
|
16
|
+
content: "{{ nexpose[#{field}] }}"
|
|
17
|
+
)]
|
|
18
|
+
|
|
19
|
+
@result = ms.apply_mapping(
|
|
20
|
+
data: doc.at_xpath('//nodes/node'),
|
|
21
|
+
mapping_fields: mapping_fields,
|
|
22
|
+
source: 'full_node'
|
|
23
|
+
)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
describe 'with fingerprints > OS elements' do
|
|
27
|
+
it 'uses the os product value' do
|
|
28
|
+
doc = Nokogiri::XML(File.read(@fixtures_dir + '/full.xml'))
|
|
29
|
+
apply_mapping(doc, 'node.fingerprints')
|
|
30
|
+
|
|
31
|
+
expect(@result).to include('IOS')
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
it 'defaults to n/a if there is no os product value' do
|
|
35
|
+
doc = Nokogiri::XML(File.read(@fixtures_dir + '/full_with_duplicate_node.xml'))
|
|
36
|
+
apply_mapping(doc, 'node.fingerprints')
|
|
37
|
+
|
|
38
|
+
expect(@result).to include('n/a')
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
describe 'with software > fingerprint elements' do
|
|
43
|
+
it 'uses the product value given software/fingerprints' do
|
|
44
|
+
doc = Nokogiri::XML(File.read(@fixtures_dir + '/full.xml'))
|
|
45
|
+
apply_mapping(doc, 'node.software')
|
|
46
|
+
|
|
47
|
+
expect(@result).to include('JRE')
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
it 'defaults to n/a if there is no os product value' do
|
|
51
|
+
doc = Nokogiri::XML(File.read(@fixtures_dir + '/full_with_duplicate_node.xml'))
|
|
52
|
+
apply_mapping(doc, 'node.software')
|
|
53
|
+
|
|
54
|
+
expect(@result).to include('n/a')
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-nexpose
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.15.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-12-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -135,6 +135,7 @@ files:
|
|
|
135
135
|
- spec/fixtures/files/ssl.xml
|
|
136
136
|
- spec/nexpose/full/importer_spec.rb
|
|
137
137
|
- spec/nexpose/simple/importer_spec.rb
|
|
138
|
+
- spec/nexpose_upload_spec.rb
|
|
138
139
|
- spec/spec_helper.rb
|
|
139
140
|
- templates/full_evidence.sample
|
|
140
141
|
- templates/full_node.sample
|
|
@@ -172,4 +173,5 @@ test_files:
|
|
|
172
173
|
- spec/fixtures/files/ssl.xml
|
|
173
174
|
- spec/nexpose/full/importer_spec.rb
|
|
174
175
|
- spec/nexpose/simple/importer_spec.rb
|
|
176
|
+
- spec/nexpose_upload_spec.rb
|
|
175
177
|
- spec/spec_helper.rb
|