dradis-nipper 4.0.0 → 4.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 94d905bbc8c8f66a9ba18750cf230611a87dc0ad6b754bfb7244212a59538063
4
- data.tar.gz: 44cc3b043be1e58aa54671c1e85ed8e207a7dc67760aa8ed520436bd834214d0
3
+ metadata.gz: d5b3a50e0fab0b8201df36436a1c99e5a94e30c1b372aae61772d9fbbb541dcb
4
+ data.tar.gz: fa028894c61eb6a6b77209b496ae347dec4131bc89087b3cd056e6a469b12ab6
5
5
  SHA512:
6
- metadata.gz: eabbe29f7590cbb10324dc6bdcf7ff4b166c6da2a77e29b2358c3a9dba00ea758033dffec2c7b5d8bbfe726504272ec2a63894a219c5c2336188e022bba8bc98
7
- data.tar.gz: d38b4f20a2a3fa9563d6215c73be02de1c9782bb7d918555fea88fcebacbbba0192fa4fbb2e9cba4dd6396b10168f2cfaad86ece558168af3878e25fd9c65dc3
6
+ metadata.gz: a09e5ee41c4902b8447eb4b7dc15d10f50609eebb451f273965aad9d4cf6788a075bd1678b8daf101e30f46c07a89f6090efedd845cbed0b6f5eae4795e5985a
7
+ data.tar.gz: 8410ae54c6d470460df3b3070867a51f3d0db9766b86e1117a6f1b96b7836143752f23da5d05729af757da8481126b1c9c5ba660a1bef9a75179f96a5da952ff
data/CHANGELOG.md CHANGED
@@ -1,15 +1,20 @@
1
- ## Dradis Framework 4.0.0 (July, 2021) ##
1
+ v4.3.0 (April 2022)
2
+ - No changes
2
3
 
3
- * Include multiple paragraphs when importing fields.
4
+ v4.2.0 (February 2022)
5
+ - Add Nipperv1 fields to issues
4
6
 
5
- ## Dradis Framework 3.22 (April, 2021) ##
7
+ v4.1.0 (November 2021)
8
+ - No changes
6
9
 
7
- * No changes.
10
+ v4.0.0 (July 2021)
11
+ - Include multiple paragraphs when importing fields
8
12
 
9
- ## Dradis Framework 3.21 (February, 2021) ##
13
+ v3.22.0 (April 2021)
14
+ - No changes
10
15
 
11
- * No changes.
16
+ v3.21.0 (February 2021)
17
+ - No changes
12
18
 
13
- ## Dradis Framework 3.20 (December, 2020) ##
14
-
15
- * Initial version.
19
+ v3.20.0 (December 2020)
20
+ - Initial version
@@ -0,0 +1,12 @@
1
+ [v#.#.#] ([month] [YYYY])
2
+ - [future tense verb] [feature]
3
+ - Upgraded gems:
4
+ - [gem]
5
+ - Bugs fixes:
6
+ - [future tense verb] [bug fix]
7
+ - Bug tracker items:
8
+ - [item]
9
+ - Security Fixes:
10
+ - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
11
+ - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
12
+ - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
18
18
  spec.files = `git ls-files`.split($\)
19
19
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
20
20
 
21
- spec.add_dependency 'dradis-plugins', '~> 4.0.0'
21
+ spec.add_dependency 'dradis-plugins', '~> 4.0'
22
22
 
23
23
  spec.add_development_dependency 'bundler', '~> 2.1'
24
24
  spec.add_development_dependency 'rake', '~> 13.0'
@@ -7,7 +7,7 @@ module Dradis
7
7
 
8
8
  module VERSION
9
9
  MAJOR = 4
10
- MINOR = 0
10
+ MINOR = 3
11
11
  TINY = 0
12
12
  PRE = nil
13
13
 
data/lib/nipper/issue.rb CHANGED
@@ -9,8 +9,9 @@ module Nipper
9
9
  :cvss_base, :cvss_base_vector,
10
10
  :cvss_environmental, :cvss_environmental_vector,
11
11
  :cvss_temporal, :cvss_temporal_vector,
12
- :ease, :finding, :impact, :recommendation,
13
- :title
12
+ :ease, :finding, :impact, :nipperv1_ease, :nipperv1_fix,
13
+ :nipperv1_impact, :nipperv1_rating,
14
+ :recommendation, :title
14
15
  ]
15
16
  end
16
17
 
@@ -40,6 +41,8 @@ module Nipper
40
41
  @xml.attr('title')
41
42
  elsif method.to_s.starts_with?('cvss')
42
43
  process_cvss_field(method)
44
+ elsif method.to_s.starts_with?('nipperv1')
45
+ process_nipperv1_field(method)
43
46
  else
44
47
  collect_text(@xml.xpath("./#{translations_table[method]}"))
45
48
  end
@@ -47,9 +50,9 @@ module Nipper
47
50
 
48
51
  def process_cvss_field(method)
49
52
  translations_table = {
50
- cvss_base: 'issuedetails/ratings/cvssv2-base',
51
- cvss_temporal: 'issuedetails/ratings/cvssv2-temporal',
52
- cvss_environmental: 'issuedetails/ratings/cvssv2-environmental',
53
+ cvss_base: 'issuedetails/ratings[@type="CVSSv2"]/cvssv2-base',
54
+ cvss_temporal: 'issuedetails/ratings[@type="CVSSv2"]/cvssv2-temporal',
55
+ cvss_environmental: 'issuedetails/ratings[@type="CVSSv2"]/cvssv2-environmental'
53
56
  }
54
57
 
55
58
  base_method = method.to_s.sub('_vector', '').to_sym
@@ -61,6 +64,17 @@ module Nipper
61
64
  end
62
65
  end
63
66
 
67
+ def process_nipperv1_field(method)
68
+ translations_table = {
69
+ nipperv1_ease: 'issuedetails/ratings[@type="Nipperv1"]/ease',
70
+ nipperv1_fix: 'issuedetails/ratings[@type="Nipperv1"]/fix',
71
+ nipperv1_impact: 'issuedetails/ratings[@type="Nipperv1"]/impact',
72
+ nipperv1_rating: 'issuedetails/ratings[@type="Nipperv1"]/rating'
73
+ }
74
+
75
+ @xml.xpath("./#{translations_table[method]}").text
76
+ end
77
+
64
78
  private
65
79
 
66
80
  def collect_text(xml_field)
@@ -0,0 +1,68 @@
1
+ <?xml version="1.0" encoding="utf-8"?>
2
+ <document nipperstudio="2.5.5.5804" xmlrevision="3" xmlversion="2">
3
+ <information>
4
+ <title>Firewall Review Report</title>
5
+ <author>Compass IT Compliance</author>
6
+ <authorlogo>C:/Nipper Photos/CompassITC-logo-HiRes-TSP.png</authorlogo>
7
+ <date>Friday, September 11, 2020</date>
8
+ <generator>
9
+ <product>Nipper Studio</product>
10
+ <manufacturer>Titania</manufacturer>
11
+ <website>www.titania.com</website>
12
+ <version>2.8.0</version>
13
+ </generator>
14
+ <devices>
15
+ <device name="PA-200" os="PANOS" osversion="7.0.0" type="Palo Alto Firewall"/>
16
+ </devices>
17
+ </information>
18
+ <report>
19
+ <part index="2" title="Security Audit" ref="SECURITYAUDIT">
20
+ <section index="1.1" ref="INTRODUCTION" title="Introduction">
21
+ <issuedetails>
22
+ <devices>
23
+ <device name="PA-200" osversion="7.0.0" type="Palo Alto Firewall"/>
24
+ </devices>
25
+ <ratings type="Nipperv1">
26
+ <rating>High</rating>
27
+ <impact>Critical</impact>
28
+ <ease>Moderate</ease>
29
+ <fix>Quick</fix>
30
+ </ratings>
31
+ </issuedetails>
32
+ <section index="2.2.1" ref="FINDING" title="Finding">
33
+ <table index="10" ref="AUTHENTICATION.USERS.WEAKPASSWORD.1" title="Table Title">
34
+ <headings>
35
+ <heading>Heading 1</heading>
36
+ <heading>Heading 2</heading>
37
+ <heading>Heading 3</heading>
38
+ </headings>
39
+ <tablebody>
40
+ <tablerow>
41
+ <tablecell>
42
+ <item>Row 1A</item>
43
+ </tablecell>
44
+ <tablecell>
45
+ <item>Row 1B</item>
46
+ </tablecell>
47
+ <tablecell>
48
+ <item>Row 1C</item>
49
+ </tablecell>
50
+ </tablerow>
51
+ <tablerow>
52
+ <tablecell>
53
+ <item>Row 2A</item>
54
+ </tablecell>
55
+ <tablecell>
56
+ <item>Row 2B</item>
57
+ </tablecell>
58
+ <tablecell>
59
+ <item>Row 2C</item>
60
+ </tablecell>
61
+ </tablerow>
62
+ </tablebody>
63
+ </table>
64
+ </section>
65
+ </section>
66
+ </part>
67
+ </report>
68
+ </document>
File without changes
@@ -0,0 +1,44 @@
1
+ require 'rails_helper'
2
+
3
+ describe 'Nipper upload plugin' do
4
+ describe 'importer' do
5
+ before(:each) do
6
+ # Stub template service
7
+ templates_dir = File.expand_path('../../templates', __FILE__)
8
+ expect_any_instance_of(Dradis::Plugins::TemplateService)
9
+ .to receive(:default_templates_dir).and_return(templates_dir)
10
+
11
+ plugin = Dradis::Plugins::Nipper
12
+
13
+ @content_service = Dradis::Plugins::ContentService::Base.new(plugin: plugin)
14
+
15
+ @importer = plugin::Importer.new(
16
+ content_service: @content_service
17
+ )
18
+ end
19
+
20
+ context 'nipper v2.5 output' do
21
+ it 'imports Nipperv1 fields and findings table' do
22
+ expect(@content_service).to receive(:create_node) do |args|
23
+ expect(args[:label]).to eq('PA-200')
24
+ expect(args[:type]).to eq(:host)
25
+ @node = Node.create(label: args[:label])
26
+ end.once
27
+ expect(@content_service).to receive(:create_issue) do |args|
28
+ OpenStruct.new(args)
29
+ @issue = Issue.create(text: args[:text])
30
+ end.exactly(1).times
31
+ expect(@content_service).to receive(:create_evidence) do |args|
32
+ OpenStruct.new(args)
33
+ end.exactly(1).times
34
+
35
+ @importer.import(file: File.expand_path('../spec/fixtures/files/sample_v2.5.xml', __dir__))
36
+
37
+ expect(@issue.fields['Nipperv1.Ease']).to eq('Moderate')
38
+ expect(@issue.fields['Nipperv1.Fix']).to eq('Quick')
39
+ expect(@issue.fields['Nipperv1.Impact']).to eq('Critical')
40
+ expect(@issue.fields['Nipperv1.Rating']).to eq('High')
41
+ end
42
+ end
43
+ end
44
+ end
File without changes
@@ -8,4 +8,8 @@ issue.cvss_environmental_vector
8
8
  issue.finding
9
9
  issue.impact
10
10
  issue.ease
11
+ issue.nipperv1_ease
12
+ issue.nipperv1_fix
13
+ issue.nipperv1_impact
14
+ issue.nipperv1_rating
11
15
  issue.recommendation
@@ -10,6 +10,12 @@
10
10
  <cvssv2-environmental score="5.6">CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND</cvssv2-environmental>
11
11
  <FindingID>TEST-ISSUE</FindingID>
12
12
  </ratings>
13
+ <ratings type="Nipperv1">
14
+ <rating>Test Nipperv1 Rating</rating>
15
+ <impact>Test Nipperv1 Impact</impact>
16
+ <ease>Test Nipperv1 Ease</ease>
17
+ <fix>Test Nipperv1 Fix</fix>
18
+ </ratings>
13
19
  </issuedetails>
14
20
  <section index="2.3.1" title="Finding" ref="FINDING">
15
21
  <text>Test Finding</text>
@@ -19,5 +19,17 @@
19
19
  #[Ease]#
20
20
  %issue.ease%
21
21
 
22
+ #[Nipperv1.Ease]#
23
+ %issue.nipperv1_ease%
24
+
25
+ #[Nipperv1.Fix]#
26
+ %issue.nipperv1_fix%
27
+
28
+ #[Nipperv1.Impact]#
29
+ %issue.nipperv1_impact%
30
+
31
+ #[Nipperv1.Rating]#
32
+ %issue.nipperv1_rating%
33
+
22
34
  #[Recommendation]#
23
35
  %issue.recommendation%
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-nipper
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dradis Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-03 00:00:00.000000000 Z
11
+ date: 2022-04-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 4.0.0
19
+ version: '4.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 4.0.0
26
+ version: '4.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -89,6 +89,7 @@ extra_rdoc_files: []
89
89
  files:
90
90
  - ".gitignore"
91
91
  - CHANGELOG.md
92
+ - CHANGELOG.template
92
93
  - CONTRIBUTING.md
93
94
  - Gemfile
94
95
  - LICENSE
@@ -106,9 +107,11 @@ files:
106
107
  - lib/nipper/issue.rb
107
108
  - lib/tasks/thorfile.rb
108
109
  - spec/fixtures/files/invalid.xml
109
- - spec/fixtures/files/sample.xml
110
+ - spec/fixtures/files/sample_v2.5.xml
111
+ - spec/fixtures/files/sample_v2.8.xml
110
112
  - spec/spec_helper.rb
111
- - spec/upload_spec.rb
113
+ - spec/upload_v2.5_spec.rb
114
+ - spec/upload_v2.8_spec.rb
112
115
  - templates/evidence.fields
113
116
  - templates/evidence.sample
114
117
  - templates/evidence.template
@@ -140,6 +143,8 @@ specification_version: 4
140
143
  summary: Nipper upload add-on for Dradis Framework.
141
144
  test_files:
142
145
  - spec/fixtures/files/invalid.xml
143
- - spec/fixtures/files/sample.xml
146
+ - spec/fixtures/files/sample_v2.5.xml
147
+ - spec/fixtures/files/sample_v2.8.xml
144
148
  - spec/spec_helper.rb
145
- - spec/upload_spec.rb
149
+ - spec/upload_v2.5_spec.rb
150
+ - spec/upload_v2.8_spec.rb