dradis-nexpose 4.8.0 → 4.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e44d720fddfe5c5d13f9771c558d3d29ee3cd8c64001d81903616f32fadf09b7
-  data.tar.gz: 61f8ad62cf1197c13ac785a1506b0c731888ef0dd8b70582088bd55fc1bf8f2f
+  metadata.gz: c51cb9c78fc398a2d25cf84f5e24c1b005f6e0da7f23c042ffdea3c2b4c994fb
+  data.tar.gz: dba981353382bcfb6a31951d7726dcfd046257b9e6beeb7432b851f733c3609a
 SHA512:
-  metadata.gz: 536521fbca96e0a24494395e1a87c45cd8810c8e8ca7712f65a9b369147f68bd8a0cb27d3f1efcc527fffcb151c7137f3c72baff15931cb5624dbf8f54c1df47
-  data.tar.gz: d9fa33d0eaf4c92a740dc18a237000da5620047ee75dcdd5f714e7fe97d1027fcf952d735ecb978a40729acf2b50152ce13649bf683f1edc37c8718eb814a70a
+  metadata.gz: 5ed17ede86157d31fe5f1d080ede9e396c8e17669232a1e6e8b40c87a5490d8870f3652f6941bf7ce435eb1615ca6cc81ebe5d6400bde60afd0b6457a90bddd1
+  data.tar.gz: 87049dca0c73c307389d7664cd639ff84ffbbf1305cbe86691924d9e8493289a046f8237601c6e54ea806c32231ea28854343330d66c28d2f1f601657615c1ec

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+v4.9.0 (June 2023)
+  - Parse inline code, not just code blocks
+  - Wrap ciphers in the `ssl-weak-message-authentication-code-algorithms` finding
+
 v4.8.0 (April 2023)
   - No changes
 

data/lib/dradis/plugins/nexpose/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 8
+        MINOR = 9
         TINY = 0
         PRE = nil
 

data/lib/nexpose/vulnerability.rb

@@ -8,7 +8,7 @@ module Nexpose
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class Vulnerability
-    SSL_CIPHER_VULN_IDS = %w[ssl-anon-ciphers ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-only-weak-ciphers ssl-static-key-ciphers rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
+    SSL_CIPHER_VULN_IDS = %w[ssl-anon-ciphers ssl-des-ciphers ssl-3des-ciphers ssl-export-ciphers ssl-null-ciphers ssl-only-weak-ciphers ssl-static-key-ciphers ssl-weak-message-authentication-code-algorithms rc4-cve-2013-2566 ssl-cve-2016-2183-sweet32 tls-dhe-export-ciphers-cve-2015-4000].freeze
 
     # Accepts an XML node from Nokogiri::XML.
     def initialize(xml_node)
@@ -112,8 +112,14 @@ module Nexpose
     def cleanup_html(source)
       result = source.to_s
       result.gsub!(/<ContainerBlockElement>(.*?)<\/ContainerBlockElement>/m){|m| "#{ $1 }"}
-      result.gsub!(/<Paragraph preformat=\"true\">(\s*)<Paragraph preformat=\"true\">(.*?)<\/Paragraph>(\s*)<\/Paragraph>/mi){|m| "\nbc. #{ $2 }\n\n"}
-      result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/mi){|m| "\nbc. #{ $1 }\n\n"}
+      result.gsub!(/<Paragraph preformat=\"true\">(\s*)<Paragraph preformat=\"true\">(.*?)<\/Paragraph>(\s*)<\/Paragraph>/mi) do
+        text = $2
+        text[/\n/] ? "\nbc.. #{ text }\n\np. " : "@#{text}@"
+      end
+      result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/mi) do
+        text = $1
+        text[/\n/] ? "\nbc.. #{ text }\n\np. " : "@#{text}@"
+      end
       result.gsub!(/<Paragraph>(.*?)<\/Paragraph>/m){|m| "#{ $1 }\n"}
       result.gsub!(/<Paragraph>|<\/Paragraph>/, '')
       result.gsub!(/<UnorderedList(.*?)>(.*?)<\/UnorderedList>/m){|m| "#{ $2 }"}

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nexpose
 version: !ruby/object:Gem::Version
-  version: 4.8.0
+  version: 4.9.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-04-12 00:00:00.000000000 Z
+date: 2023-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins