dradis-nipper 4.0.0 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 94d905bbc8c8f66a9ba18750cf230611a87dc0ad6b754bfb7244212a59538063
-  data.tar.gz: 44cc3b043be1e58aa54671c1e85ed8e207a7dc67760aa8ed520436bd834214d0
+  metadata.gz: d5b3a50e0fab0b8201df36436a1c99e5a94e30c1b372aae61772d9fbbb541dcb
+  data.tar.gz: fa028894c61eb6a6b77209b496ae347dec4131bc89087b3cd056e6a469b12ab6
 SHA512:
-  metadata.gz: eabbe29f7590cbb10324dc6bdcf7ff4b166c6da2a77e29b2358c3a9dba00ea758033dffec2c7b5d8bbfe726504272ec2a63894a219c5c2336188e022bba8bc98
-  data.tar.gz: d38b4f20a2a3fa9563d6215c73be02de1c9782bb7d918555fea88fcebacbbba0192fa4fbb2e9cba4dd6396b10168f2cfaad86ece558168af3878e25fd9c65dc3
+  metadata.gz: a09e5ee41c4902b8447eb4b7dc15d10f50609eebb451f273965aad9d4cf6788a075bd1678b8daf101e30f46c07a89f6090efedd845cbed0b6f5eae4795e5985a
+  data.tar.gz: 8410ae54c6d470460df3b3070867a51f3d0db9766b86e1117a6f1b96b7836143752f23da5d05729af757da8481126b1c9c5ba660a1bef9a75179f96a5da952ff

data/CHANGELOG.md

@@ -1,15 +1,20 @@
-## Dradis Framework 4.0.0 (July, 2021) ##
+v4.3.0 (April 2022)
+  - No changes
 
-*  Include multiple paragraphs when importing fields.
+v4.2.0 (February 2022)
+  - Add Nipperv1 fields to issues
 
-## Dradis Framework 3.22 (April, 2021) ##
+v4.1.0 (November 2021)
+  - No changes
 
-*  No changes.
+v4.0.0 (July 2021)
+  - Include multiple paragraphs when importing fields
 
-## Dradis Framework 3.21 (February, 2021) ##
+v3.22.0 (April 2021)
+  - No changes
 
-*  No changes.
+v3.21.0 (February 2021)
+  - No changes
 
-## Dradis Framework 3.20 (December, 2020) ##
-
-*  Initial version.
+v3.20.0 (December 2020)
+  - Initial version

data/CHANGELOG.template

@@ -0,0 +1,12 @@
+[v#.#.#] ([month] [YYYY])
+  - [future tense verb] [feature]
+  - Upgraded gems:
+    - [gem]
+  - Bugs fixes:
+    - [future tense verb] [bug fix]
+    - Bug tracker items:
+      - [item]
+  - Security Fixes:
+    - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]

data/dradis-nipper.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.files       = `git ls-files`.split($\)
   spec.test_files  = spec.files.grep(%r{^(test|spec|features)/})
 
-  spec.add_dependency 'dradis-plugins', '~> 4.0.0'
+  spec.add_dependency 'dradis-plugins', '~> 4.0'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
   spec.add_development_dependency 'rake', '~> 13.0'

data/lib/dradis/plugins/nipper/gem_version.rb

@@ -7,7 +7,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 0
+        MINOR = 3
         TINY = 0
         PRE = nil
 

data/lib/nipper/issue.rb

@@ -9,8 +9,9 @@ module Nipper
         :cvss_base, :cvss_base_vector,
         :cvss_environmental, :cvss_environmental_vector,
         :cvss_temporal, :cvss_temporal_vector,
-        :ease, :finding, :impact, :recommendation,
-        :title
+        :ease, :finding, :impact, :nipperv1_ease, :nipperv1_fix,
+        :nipperv1_impact, :nipperv1_rating,
+        :recommendation, :title
       ]
     end
 
@@ -40,6 +41,8 @@ module Nipper
         @xml.attr('title')
       elsif method.to_s.starts_with?('cvss')
         process_cvss_field(method)
+      elsif method.to_s.starts_with?('nipperv1')
+        process_nipperv1_field(method)
       else
         collect_text(@xml.xpath("./#{translations_table[method]}"))
       end
@@ -47,9 +50,9 @@ module Nipper
 
     def process_cvss_field(method)
       translations_table = {
-        cvss_base: 'issuedetails/ratings/cvssv2-base',
-        cvss_temporal: 'issuedetails/ratings/cvssv2-temporal',
-        cvss_environmental: 'issuedetails/ratings/cvssv2-environmental',
+        cvss_base: 'issuedetails/ratings[@type="CVSSv2"]/cvssv2-base',
+        cvss_temporal: 'issuedetails/ratings[@type="CVSSv2"]/cvssv2-temporal',
+        cvss_environmental: 'issuedetails/ratings[@type="CVSSv2"]/cvssv2-environmental'
       }
 
       base_method = method.to_s.sub('_vector', '').to_sym
@@ -61,6 +64,17 @@ module Nipper
       end
     end
 
+    def process_nipperv1_field(method)
+      translations_table = {
+        nipperv1_ease: 'issuedetails/ratings[@type="Nipperv1"]/ease',
+        nipperv1_fix: 'issuedetails/ratings[@type="Nipperv1"]/fix',
+        nipperv1_impact: 'issuedetails/ratings[@type="Nipperv1"]/impact',
+        nipperv1_rating: 'issuedetails/ratings[@type="Nipperv1"]/rating'
+      }
+
+      @xml.xpath("./#{translations_table[method]}").text
+    end
+
     private
 
     def collect_text(xml_field)

data/spec/fixtures/files/sample_v2.5.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<document nipperstudio="2.5.5.5804" xmlrevision="3" xmlversion="2">
+  <information>
+    <title>Firewall Review Report</title>
+    <author>Compass IT Compliance</author>
+    <authorlogo>C:/Nipper Photos/CompassITC-logo-HiRes-TSP.png</authorlogo>
+    <date>Friday, September 11, 2020</date>
+    <generator>
+      <product>Nipper Studio</product>
+      <manufacturer>Titania</manufacturer>
+      <website>www.titania.com</website>
+      <version>2.8.0</version>
+    </generator>
+    <devices>
+      <device name="PA-200" os="PANOS" osversion="7.0.0" type="Palo Alto Firewall"/>
+    </devices>
+  </information>
+  <report>
+    <part index="2" title="Security Audit" ref="SECURITYAUDIT">
+      <section index="1.1" ref="INTRODUCTION" title="Introduction">
+        <issuedetails>
+          <devices>
+            <device name="PA-200" osversion="7.0.0" type="Palo Alto Firewall"/>
+          </devices>
+          <ratings type="Nipperv1">
+            <rating>High</rating>
+            <impact>Critical</impact>
+            <ease>Moderate</ease>
+            <fix>Quick</fix>
+          </ratings>
+        </issuedetails>
+        <section index="2.2.1" ref="FINDING" title="Finding">
+          <table index="10" ref="AUTHENTICATION.USERS.WEAKPASSWORD.1" title="Table Title">
+            <headings>
+              <heading>Heading 1</heading>
+              <heading>Heading 2</heading>
+              <heading>Heading 3</heading>
+            </headings>
+            <tablebody>
+              <tablerow>
+                <tablecell>
+                  <item>Row 1A</item>
+                </tablecell>
+                <tablecell>
+                  <item>Row 1B</item>
+                </tablecell>
+                <tablecell>
+                  <item>Row 1C</item>
+                </tablecell>
+              </tablerow>
+              <tablerow>
+                <tablecell>
+                  <item>Row 2A</item>
+                </tablecell>
+                <tablecell>
+                  <item>Row 2B</item>
+                </tablecell>
+                <tablecell>
+                  <item>Row 2C</item>
+                </tablecell>
+              </tablerow>
+            </tablebody>
+          </table>
+        </section>
+      </section>
+    </part>
+  </report>
+</document>

data/spec/upload_v2.5_spec.rb

@@ -0,0 +1,44 @@
+require 'rails_helper'
+
+describe 'Nipper upload plugin' do
+  describe 'importer' do
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:default_templates_dir).and_return(templates_dir)
+
+      plugin = Dradis::Plugins::Nipper
+
+      @content_service = Dradis::Plugins::ContentService::Base.new(plugin: plugin)
+
+      @importer = plugin::Importer.new(
+        content_service: @content_service
+      )
+    end
+
+    context 'nipper v2.5 output' do
+      it 'imports Nipperv1 fields and findings table' do
+        expect(@content_service).to receive(:create_node) do |args|
+          expect(args[:label]).to eq('PA-200')
+          expect(args[:type]).to eq(:host)
+          @node = Node.create(label: args[:label])
+        end.once
+        expect(@content_service).to receive(:create_issue) do |args|
+          OpenStruct.new(args)
+          @issue = Issue.create(text: args[:text])
+        end.exactly(1).times
+        expect(@content_service).to receive(:create_evidence) do |args|
+          OpenStruct.new(args)
+        end.exactly(1).times
+
+        @importer.import(file: File.expand_path('../spec/fixtures/files/sample_v2.5.xml', __dir__))
+
+        expect(@issue.fields['Nipperv1.Ease']).to eq('Moderate')
+        expect(@issue.fields['Nipperv1.Fix']).to eq('Quick')
+        expect(@issue.fields['Nipperv1.Impact']).to eq('Critical')
+        expect(@issue.fields['Nipperv1.Rating']).to eq('High')
+      end
+    end
+  end
+end

data/templates/issue.fields

@@ -8,4 +8,8 @@ issue.cvss_environmental_vector
 issue.finding
 issue.impact
 issue.ease
+issue.nipperv1_ease
+issue.nipperv1_fix
+issue.nipperv1_impact
+issue.nipperv1_rating
 issue.recommendation

data/templates/issue.sample

@@ -10,6 +10,12 @@
       <cvssv2-environmental score="5.6">CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND</cvssv2-environmental>
       <FindingID>TEST-ISSUE</FindingID>
     </ratings>
+    <ratings type="Nipperv1">
+      <rating>Test Nipperv1 Rating</rating>
+      <impact>Test Nipperv1 Impact</impact>
+      <ease>Test Nipperv1 Ease</ease>
+      <fix>Test Nipperv1 Fix</fix>
+    </ratings>
   </issuedetails>
   <section index="2.3.1" title="Finding" ref="FINDING">
     <text>Test Finding</text>

data/templates/issue.template

@@ -19,5 +19,17 @@
 #[Ease]#
 %issue.ease%
 
+#[Nipperv1.Ease]#
+%issue.nipperv1_ease%
+
+#[Nipperv1.Fix]#
+%issue.nipperv1_fix%
+
+#[Nipperv1.Impact]#
+%issue.nipperv1_impact%
+
+#[Nipperv1.Rating]#
+%issue.nipperv1_rating%
+
 #[Recommendation]#
 %issue.recommendation%

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nipper
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.3.0
 platform: ruby
 authors:
 - Dradis Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-03 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -89,6 +89,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - CHANGELOG.md
+- CHANGELOG.template
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE
@@ -106,9 +107,11 @@ files:
 - lib/nipper/issue.rb
 - lib/tasks/thorfile.rb
 - spec/fixtures/files/invalid.xml
-- spec/fixtures/files/sample.xml
+- spec/fixtures/files/sample_v2.5.xml
+- spec/fixtures/files/sample_v2.8.xml
 - spec/spec_helper.rb
-- spec/upload_spec.rb
+- spec/upload_v2.5_spec.rb
+- spec/upload_v2.8_spec.rb
 - templates/evidence.fields
 - templates/evidence.sample
 - templates/evidence.template
@@ -140,6 +143,8 @@ specification_version: 4
 summary: Nipper upload add-on for Dradis Framework.
 test_files:
 - spec/fixtures/files/invalid.xml
-- spec/fixtures/files/sample.xml
+- spec/fixtures/files/sample_v2.5.xml
+- spec/fixtures/files/sample_v2.8.xml
 - spec/spec_helper.rb
-- spec/upload_spec.rb
+- spec/upload_v2.5_spec.rb
+- spec/upload_v2.8_spec.rb