RubyGems - dradis-nikto - Versions diffs - 4.3.0 → 4.4.0 - Mend

dradis-nikto 4.3.0 → 4.4.0

Files changed (13) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/dradis/plugins/nikto/gem_version.rb +1 -1
data/lib/dradis/plugins/nikto/importer.rb +4 -0
data/lib/nikto/item.rb +15 -5
data/spec/fixtures/files/{localhost.xml → sample_v2.1.4.xml} +0 -0
data/spec/fixtures/files/sample_v2.5.0.xml +21 -0
data/spec/{nikto_upload_spec.rb → upload_v2.1.4_spec.rb} +6 -13
data/spec/upload_v2.5.0_spec.rb +50 -0
data/templates/item.fields +5 -4
data/templates/item.sample +1 -0
data/templates/item.template +2 -2
metadata +11 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 873c7ffeaafbdf3d8cad66c9a7c7ccf0f1868c27dc95c92b2c62cd6ec1856304
-  data.tar.gz: ae4cc8298a9b0f7c3abac6cea199c728d4bf3a8fa47f5761013564224d1445a2
+  metadata.gz: 81abf71c15931472ac651ec4dd01fc69e36ffd52196fc873d134aaf27c19b1f0
+  data.tar.gz: a4a804e20ab07bea1e818ca5ab65768952c55534b6398b5f577a890ad1c9572e
 SHA512:
-  metadata.gz: 8539703ca1e23979d64a9cefefa96b0fa0216486fb1527c973037ca2a1ec82194ceeeb2b837e2bb55713c32a49ecd6d91c904a118faf63f4710ab662172b79e1
-  data.tar.gz: 342d326925513fc2037ce114cde8d346f5b9019922b897e6b4fab7f1659eca6ba05746e34d12a188b4b29219f1d4cc9377ca349f938848340c088b707e915e7d
+  metadata.gz: df52be70b4c064738986a7e30fad64502733365cf74cc0a2a371d3d41bdf74f41e73f94f5146db13f1852fbb56bba8d6541d037163cf477e514e15730cbcd657
+  data.tar.gz: 9b56e2e0e6a334cff3261e839d5767dc43bc0175d46c164838f28a8df52ab3548c9baabe7e74bc0cc087fcc9477e198c73220f09bb289abe39663673a1c9d2f8

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+v4.4.0 (June 2022)
+  - Make references available as an issue field
+  - Registers template mappings locally
 v4.3.0 (April 2022)
   - No changes

data/lib/dradis/plugins/nikto/gem_version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 3
+        MINOR = 4
         TINY = 0
         PRE = nil

data/lib/dradis/plugins/nikto/importer.rb CHANGED Viewed

@@ -1,5 +1,9 @@
 module Dradis::Plugins::Nikto
   class Importer < Dradis::Plugins::Upload::Importer
+    def self.templates
+      { evidence: 'evidence', issue: 'item' }
+    end
     # The framework will call this function if the user selects this plugin from
     # the dropdown list and uploads a file.
     # @returns true if the operation was successful, false otherwise

data/lib/nikto/item.rb CHANGED Viewed

@@ -8,6 +8,8 @@ module Nikto
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class Item
+    TAGS_WITH_CSV_CONTENT = %i[references].freeze
     # Accepts an XML node from Nokogiri::XML.
     def initialize(xml_node)
       @xml = xml_node
@@ -18,10 +20,10 @@ module Nikto
     def supported_tags
       [
         # attributes
-        :id, :request_method, :osvdblink, :osvdbid,
+        :id, :osvdbid, :osvdblink, :request_method,
         # simple tags
-        :description, :uri, :namelink, :iplink
+        :description, :iplink, :namelink, :uri, :references
       ]
     end
@@ -57,10 +59,18 @@ module Nikto
       return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
       # Then we try simple children tags
-      tag = @xml.xpath("./#{ method_name }").first
-      if tag
-        return tag.text
+      tag = @xml.xpath("./#{method_name}").first
+      if tag && tag.text.present?
+        text = tag.text
+        TAGS_WITH_CSV_CONTENT.include?(method) ? cleanup_csv(text) : text
       end
     end
+    private
+    def cleanup_csv(text)
+      CSV.parse(text).join("\n")
+    end
   end
 end

data/spec/fixtures/files/{localhost.xml → sample_v2.1.4.xml} RENAMED Viewed

File without changes

data/spec/fixtures/files/sample_v2.5.0.xml ADDED Viewed

@@ -0,0 +1,21 @@
+<?xml version="1.0" ?>
+<!DOCTYPE niktoscan SYSTEM "docs/nikto.dtd">
+<niktoscan>
+<niktoscan hoststest="0" options="-h localhost -p 80 -out /tmp/localhost.xml" version="2.1.4" scanstart="Sun Jul 17 19:54:10 2011" scanend="Thu Jan  1 01:00:00 1970" scanelapsed=" seconds" nxmlversion="1.1">
+<scandetails targetip="127.0.0.1" targethostname="localhost" targetport="80" targetbanner="Apache/2.2.16 (Debian)" starttime="2011-07-18 19:54:10" sitename="http://localhost:80/" siteip="http://127.0.0.1:80/" hostheader="localhost">
+<ssl ciphers="DHE-RSA-AES256-SHA" issuers="/C=GB/ST=Berks/L=Ruscombe/O=XXXXXX/OU=XXXX/CN=asdf.com/emailAddress=someoneatasdf.com" info="/C=GB/ST=Berkshire/L=Ruscombe/O=Company/OU=UK/CN=vmx098" />
+<item id="750000" osvdbid="3268" osvdblink="3268_LINK" method="GET">
+<description><![CDATA[/: Directory indexing found.]]></description>
+<uri><![CDATA[/]]></uri>
+<namelink><![CDATA[http://localhost:80/]]></namelink>
+<iplink><![CDATA[http://127.0.0.1:80/]]></iplink>
+<references><![CDATA["000000","CVE-2006-6133","https://example.com/"]]></references>
+</item>
+<statistics elapsed="10" itemsfound="44" itemstested="6456" endtime="2011-07-18 19:54:20" />
+</scandetails>
+</niktoscan>
+</niktoscan>

data/spec/{nikto_upload_spec.rb → upload_v2.1.4_spec.rb} RENAMED Viewed

@@ -1,7 +1,7 @@
 require 'spec_helper'
 module Dradis::Plugins
-  describe 'Nikto upload plugin' do
+  describe 'Nikto v2.1.4 upload plugin' do
     before(:each) do
       # Stub template service
       templates_dir = File.expand_path('../../templates', __FILE__)
@@ -24,21 +24,14 @@ module Dradis::Plugins
       #
       # They return their argument hashes as objects mimicking
       # Nodes, Issues, etc
-      allow(@content_service).to receive(:create_node) do |args|
-        OpenStruct.new(args)
-      end
-      allow(@content_service).to receive(:create_note) do |args|
-        OpenStruct.new(args)
-      end
-      allow(@content_service).to receive(:create_issue) do |args|
-        OpenStruct.new(args)
-      end
-      allow(@content_service).to receive(:create_evidence) do |args|
-        OpenStruct.new(args)
+      %w[evidence issue node note].each do |resource|
+        allow(@content_service).to receive("create_#{resource}") do |args|
+          OpenStruct.new(args)
+        end
       end
     end
-    let(:example_xml) { 'spec/fixtures/files/localhost.xml' }
+    let(:example_xml) { 'spec/fixtures/files/sample_v2.1.4.xml' }
     def run_import!
       @importer.import(file: example_xml)

data/spec/upload_v2.5.0_spec.rb ADDED Viewed

@@ -0,0 +1,50 @@
+require 'spec_helper'
+module Dradis::Plugins
+  describe 'Nikto v2.5.0 upload plugin' do
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:default_templates_dir).and_return(templates_dir)
+      # Init services
+      plugin = Dradis::Plugins::Nikto
+      @content_service = Dradis::Plugins::ContentService::Base.new(
+        logger: Logger.new(STDOUT),
+        plugin: plugin
+      )
+      @importer = Dradis::Plugins::Nikto::Importer.new(
+        content_service: @content_service,
+      )
+      # Stub dradis-plugins methods
+      #
+      # They return their argument hashes as objects mimicking
+      # Nodes, Issues, etc
+      %w[evidence issue node note].each do |resource|
+        allow(@content_service).to receive("create_#{resource}") do |args|
+          OpenStruct.new(args)
+        end
+      end
+    end
+    let(:example_xml) { 'spec/fixtures/files/sample_v2.5.0.xml' }
+    def run_import!
+      @importer.import(file: example_xml)
+    end
+    it 'creates issue with references' do
+      expect(@content_service).to receive(:create_issue) do |args|
+        expect(args[:text]).to include("#[Title]#\n\/\: Directory indexing found.")
+        expect(args[:text]).to include("#[References]#\n000000\nCVE-2006-6133\nhttps://example.com/")
+        OpenStruct.new(args)
+      end
+      run_import!
+    end
+  end
+end

data/templates/item.fields CHANGED Viewed

@@ -1,8 +1,9 @@
+item.description
 item.id
-item.request_method
+item.iplink
+item.namelink
 item.osvdbid
 item.osvdblink
-item.description
+item.references
+item.request_method
 item.uri
-item.namelink
-item.iplink

data/templates/item.sample CHANGED Viewed

@@ -3,4 +3,5 @@
   <uri><![CDATA[/]]></uri>
   <namelink><![CDATA[http://localhost:80/]]></namelink>
   <iplink><![CDATA[http://127.0.0.1:80/]]></iplink>
+  <references><![CDATA[http://example.com]]></references>
 </item>

data/templates/item.template CHANGED Viewed

@@ -4,5 +4,5 @@
 #[Details]#
 %item.description%
-#[OSVDB]#
-"%item.osvdbid%":%item.osvdblink%
+#[References]#
+%item.references%

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nikto
 version: !ruby/object:Gem::Version
-  version: 4.3.0
+  version: 4.4.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-29 00:00:00.000000000 Z
+date: 2022-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -125,9 +125,11 @@ files:
 - lib/nikto/scan.rb
 - lib/nikto/ssl.rb
 - lib/tasks/thorfile.rb
-- spec/fixtures/files/localhost.xml
-- spec/nikto_upload_spec.rb
+- spec/fixtures/files/sample_v2.1.4.xml
+- spec/fixtures/files/sample_v2.5.0.xml
 - spec/spec_helper.rb
+- spec/upload_v2.1.4_spec.rb
+- spec/upload_v2.5.0_spec.rb
 - templates/evidence.fields
 - templates/evidence.sample
 - templates/evidence.template
@@ -159,11 +161,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: Nikto add-on for the Dradis Framework.
 test_files:
-- spec/fixtures/files/localhost.xml
-- spec/nikto_upload_spec.rb
+- spec/fixtures/files/sample_v2.1.4.xml
+- spec/fixtures/files/sample_v2.5.0.xml
 - spec/spec_helper.rb
+- spec/upload_v2.1.4_spec.rb
+- spec/upload_v2.5.0_spec.rb