dradis-nipper 4.1.0 → 4.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fe1aee104430cbceb735c5fc028d86410bb1eb2d7d42af4115c4288cedd94a55
-  data.tar.gz: 8e40d9506778255333b47a863d56d5c09c9808df6ee50588067fb75f7cf5ea85
+  metadata.gz: 57bb0aec2967a467508b701013fe4fd3b6ee87480da0041871b793977265b68c
+  data.tar.gz: 2a8501baa7bce97a988826201c9fd7f5c77724e6266b035e6c0bd655f5735ac1
 SHA512:
-  metadata.gz: bd8429fba3ae24a4bf41b69895b1d329f946ea68d2731722942eaf66dd5c88ad04f60b01427c7ee7859602a80a4b9c93950ef16abf0f79210edf641c2420098c
-  data.tar.gz: 06a77726e511b800383992b5b33c005208f1b5867a2ac599ea8631e56dc3c281fb3ca2c8b4a4553df5d77b9aac44844818d39678bb2e097a73b4f7a7312b213a
+  metadata.gz: 9a2c9c9e17ab57816e189f6d97ab903c100a3882960c9beee2db408bc6971ed141321c0d2a0b8a64fd908da6a40df4abcfc7c819b9aae7177a25dbfe657c5de1
+  data.tar.gz: 9bf1da5bb95545502df5d7e7da5f9e0db16d3631588cf04ddc12885ea85648d8a5fc83b35a58295dac66d858818b57a94c0bd3bfd7e85353284f2973405f1b62

data/CHANGELOG.md

@@ -1,3 +1,12 @@
+v4.4.0 (June 2022)
+  - No changes
+
+v4.3.0 (April 2022)
+  - No changes
+
+v4.2.0 (February 2022)
+  - Add Nipperv1 fields to issues
+
 v4.1.0 (November 2021)
   - No changes
 

data/lib/dradis/plugins/nipper/gem_version.rb

@@ -7,7 +7,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 1
+        MINOR = 4
         TINY = 0
         PRE = nil
 

data/lib/nipper/issue.rb

@@ -9,8 +9,9 @@ module Nipper
         :cvss_base, :cvss_base_vector,
         :cvss_environmental, :cvss_environmental_vector,
         :cvss_temporal, :cvss_temporal_vector,
-        :ease, :finding, :impact, :recommendation,
-        :title
+        :ease, :finding, :impact, :nipperv1_ease, :nipperv1_fix,
+        :nipperv1_impact, :nipperv1_rating,
+        :recommendation, :title
       ]
     end
 
@@ -40,6 +41,8 @@ module Nipper
         @xml.attr('title')
       elsif method.to_s.starts_with?('cvss')
         process_cvss_field(method)
+      elsif method.to_s.starts_with?('nipperv1')
+        process_nipperv1_field(method)
       else
         collect_text(@xml.xpath("./#{translations_table[method]}"))
       end
@@ -47,9 +50,9 @@ module Nipper
 
     def process_cvss_field(method)
       translations_table = {
-        cvss_base: 'issuedetails/ratings/cvssv2-base',
-        cvss_temporal: 'issuedetails/ratings/cvssv2-temporal',
-        cvss_environmental: 'issuedetails/ratings/cvssv2-environmental',
+        cvss_base: 'issuedetails/ratings[@type="CVSSv2"]/cvssv2-base',
+        cvss_temporal: 'issuedetails/ratings[@type="CVSSv2"]/cvssv2-temporal',
+        cvss_environmental: 'issuedetails/ratings[@type="CVSSv2"]/cvssv2-environmental'
       }
 
       base_method = method.to_s.sub('_vector', '').to_sym
@@ -61,6 +64,17 @@ module Nipper
       end
     end
 
+    def process_nipperv1_field(method)
+      translations_table = {
+        nipperv1_ease: 'issuedetails/ratings[@type="Nipperv1"]/ease',
+        nipperv1_fix: 'issuedetails/ratings[@type="Nipperv1"]/fix',
+        nipperv1_impact: 'issuedetails/ratings[@type="Nipperv1"]/impact',
+        nipperv1_rating: 'issuedetails/ratings[@type="Nipperv1"]/rating'
+      }
+
+      @xml.xpath("./#{translations_table[method]}").text
+    end
+
     private
 
     def collect_text(xml_field)

data/spec/fixtures/files/sample_v2.5.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<document nipperstudio="2.5.5.5804" xmlrevision="3" xmlversion="2">
+  <information>
+    <title>Firewall Review Report</title>
+    <author>Compass IT Compliance</author>
+    <authorlogo>C:/Nipper Photos/CompassITC-logo-HiRes-TSP.png</authorlogo>
+    <date>Friday, September 11, 2020</date>
+    <generator>
+      <product>Nipper Studio</product>
+      <manufacturer>Titania</manufacturer>
+      <website>www.titania.com</website>
+      <version>2.8.0</version>
+    </generator>
+    <devices>
+      <device name="PA-200" os="PANOS" osversion="7.0.0" type="Palo Alto Firewall"/>
+    </devices>
+  </information>
+  <report>
+    <part index="2" title="Security Audit" ref="SECURITYAUDIT">
+      <section index="1.1" ref="INTRODUCTION" title="Introduction">
+        <issuedetails>
+          <devices>
+            <device name="PA-200" osversion="7.0.0" type="Palo Alto Firewall"/>
+          </devices>
+          <ratings type="Nipperv1">
+            <rating>High</rating>
+            <impact>Critical</impact>
+            <ease>Moderate</ease>
+            <fix>Quick</fix>
+          </ratings>
+        </issuedetails>
+        <section index="2.2.1" ref="FINDING" title="Finding">
+          <table index="10" ref="AUTHENTICATION.USERS.WEAKPASSWORD.1" title="Table Title">
+            <headings>
+              <heading>Heading 1</heading>
+              <heading>Heading 2</heading>
+              <heading>Heading 3</heading>
+            </headings>
+            <tablebody>
+              <tablerow>
+                <tablecell>
+                  <item>Row 1A</item>
+                </tablecell>
+                <tablecell>
+                  <item>Row 1B</item>
+                </tablecell>
+                <tablecell>
+                  <item>Row 1C</item>
+                </tablecell>
+              </tablerow>
+              <tablerow>
+                <tablecell>
+                  <item>Row 2A</item>
+                </tablecell>
+                <tablecell>
+                  <item>Row 2B</item>
+                </tablecell>
+                <tablecell>
+                  <item>Row 2C</item>
+                </tablecell>
+              </tablerow>
+            </tablebody>
+          </table>
+        </section>
+      </section>
+    </part>
+  </report>
+</document>

data/spec/upload_v2.5_spec.rb

@@ -0,0 +1,44 @@
+require 'rails_helper'
+
+describe 'Nipper upload plugin' do
+  describe 'importer' do
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:default_templates_dir).and_return(templates_dir)
+
+      plugin = Dradis::Plugins::Nipper
+
+      @content_service = Dradis::Plugins::ContentService::Base.new(plugin: plugin)
+
+      @importer = plugin::Importer.new(
+        content_service: @content_service
+      )
+    end
+
+    context 'nipper v2.5 output' do
+      it 'imports Nipperv1 fields and findings table' do
+        expect(@content_service).to receive(:create_node) do |args|
+          expect(args[:label]).to eq('PA-200')
+          expect(args[:type]).to eq(:host)
+          @node = Node.create(label: args[:label])
+        end.once
+        expect(@content_service).to receive(:create_issue) do |args|
+          OpenStruct.new(args)
+          @issue = Issue.create(text: args[:text])
+        end.exactly(1).times
+        expect(@content_service).to receive(:create_evidence) do |args|
+          OpenStruct.new(args)
+        end.exactly(1).times
+
+        @importer.import(file: File.expand_path('../spec/fixtures/files/sample_v2.5.xml', __dir__))
+
+        expect(@issue.fields['Nipperv1.Ease']).to eq('Moderate')
+        expect(@issue.fields['Nipperv1.Fix']).to eq('Quick')
+        expect(@issue.fields['Nipperv1.Impact']).to eq('Critical')
+        expect(@issue.fields['Nipperv1.Rating']).to eq('High')
+      end
+    end
+  end
+end

data/templates/issue.fields

@@ -8,4 +8,8 @@ issue.cvss_environmental_vector
 issue.finding
 issue.impact
 issue.ease
+issue.nipperv1_ease
+issue.nipperv1_fix
+issue.nipperv1_impact
+issue.nipperv1_rating
 issue.recommendation

data/templates/issue.sample

@@ -10,6 +10,12 @@
       <cvssv2-environmental score="5.6">CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND</cvssv2-environmental>
       <FindingID>TEST-ISSUE</FindingID>
     </ratings>
+    <ratings type="Nipperv1">
+      <rating>Test Nipperv1 Rating</rating>
+      <impact>Test Nipperv1 Impact</impact>
+      <ease>Test Nipperv1 Ease</ease>
+      <fix>Test Nipperv1 Fix</fix>
+    </ratings>
   </issuedetails>
   <section index="2.3.1" title="Finding" ref="FINDING">
     <text>Test Finding</text>

data/templates/issue.template

@@ -19,5 +19,17 @@
 #[Ease]#
 %issue.ease%
 
+#[Nipperv1.Ease]#
+%issue.nipperv1_ease%
+
+#[Nipperv1.Fix]#
+%issue.nipperv1_fix%
+
+#[Nipperv1.Impact]#
+%issue.nipperv1_impact%
+
+#[Nipperv1.Rating]#
+%issue.nipperv1_rating%
+
 #[Recommendation]#
 %issue.recommendation%

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nipper
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 4.4.0
 platform: ruby
 authors:
 - Dradis Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-18 00:00:00.000000000 Z
+date: 2022-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -107,9 +107,11 @@ files:
 - lib/nipper/issue.rb
 - lib/tasks/thorfile.rb
 - spec/fixtures/files/invalid.xml
-- spec/fixtures/files/sample.xml
+- spec/fixtures/files/sample_v2.5.xml
+- spec/fixtures/files/sample_v2.8.xml
 - spec/spec_helper.rb
-- spec/upload_spec.rb
+- spec/upload_v2.5_spec.rb
+- spec/upload_v2.8_spec.rb
 - templates/evidence.fields
 - templates/evidence.sample
 - templates/evidence.template
@@ -135,12 +137,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.2.32
 signing_key: 
 specification_version: 4
 summary: Nipper upload add-on for Dradis Framework.
 test_files:
 - spec/fixtures/files/invalid.xml
-- spec/fixtures/files/sample.xml
+- spec/fixtures/files/sample_v2.5.xml
+- spec/fixtures/files/sample_v2.8.xml
 - spec/spec_helper.rb
-- spec/upload_spec.rb
+- spec/upload_v2.5_spec.rb
+- spec/upload_v2.8_spec.rb