dradis-nipper 4.10.0 → 4.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d230592d6c1cf72d39f82356a2a8c8f97957ec11f91ccf4cfd853fcef7061447
-  data.tar.gz: 65595ca4b1682a577675cd8c13c7e0dbb4d6e78cd7bc32a28eba9f465bd9b08f
+  metadata.gz: 3f8377871f64d9ed5b124dfae754181bd176235c414d29646e8bb08c6b7eb7ea
+  data.tar.gz: 215f41bb92b6f369eb9ebefba2ff0af8bb78dda2404558db71babb818aa05860
 SHA512:
-  metadata.gz: b2fb4b5ab93470ee4421cf22419ee23eef45be7e81502b5239bd5ba4e334b41fb26afa753017a45cbb1ae2bbe51f362473cffaa01149f8b81c6ccf3f5fe95478
-  data.tar.gz: 0b9d8bf9f3135708f31363224bd39d0db55b0045f40286a56cc2582f04ed67394e27d26d2e18503fc27350c40292b5fedafc181134a5f59d43506779f8cb8b19
+  metadata.gz: 869085b2efc2c60ea8223434e60c72fa7a7a66f84f2f3aff3775a848c5ffe4a71a6e37deff7ea5050e338c9ba489a58f5e05bcdee25c953cc732f0d46e00d768
+  data.tar.gz: 709dc9d2ca85726bb7965e1596274bc692d1bbd554bffa2883c4de78d94407467e010aeb4f5f266f0d9030038c59caa12fb24cccbfe71f0ef164ab51a86c4eb9

data/.github/pull_request_template.md

@@ -0,0 +1,45 @@
+Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
+
+### Summary
+
+Provide a general description of the code changes in your pull
+request... were there any bugs you had fixed? If so, mention them. If
+these bugs have open GitHub issues, be sure to tag them here as well,
+to keep the conversation linked together.
+
+
+### Testing Steps
+
+Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
+
+
+### Other Information
+
+If there's anything else that's important and relevant to your pull
+request, mention that information here. This could include
+benchmarks, or other information.
+
+Thanks for contributing to Dradis!
+
+
+### Copyright assignment
+
+Collaboration is difficult with commercial closed source but we want
+to keep as much of the OSS ethos as possible available to users
+who want to fix it themselves.
+
+In order to unambiguously own and sell Dradis Framework commercial
+products, we must have the copyright associated with the entire
+codebase. Any code you create which is merged must be owned by us.
+That's not us trying to be a jerks, that's just the way it works.
+
+You can delete this section, but the following sentence needs to
+remain in the PR's description:
+
+> I assign all rights, including copyright, to any future Dradis
+> work by myself to Security Roots.
+
+### Check List
+
+- [ ] Added a CHANGELOG entry
+- [ ] Added specs

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+v4.12.0 (May 2024)
+ - Migrate integration to use Mappings Manager
+ - Update Dradis links in README
+
+v4.11.0 (January 2024)
+  - No changes
+
 v4.10.0 (September 2023)
   - Update gemspec links
 

data/README.md

@@ -2,8 +2,7 @@
 
 This add-on will enable the user to upload Nipper output files in the XML format (.xml) to create a structure of Dradis nodes, issues, and evidences that contain the same information about the hosts and vulnerabilities in the original file.
 
-The add-on requires Dradis 3.0 or higher.
-
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 
 ## More information
 

data/lib/dradis/plugins/nipper/gem_version.rb

@@ -7,7 +7,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 10
+        MINOR = 12
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/nipper/importer.rb

@@ -48,7 +48,7 @@ module Dradis::Plugins::Nipper
     def process_evidence(xml_evidence, issue)
       logger.info { 'Creating evidence...' }
 
-      evidence_text = template_service.process_template(template: 'evidence', data: xml_evidence)
+      evidence_text = mapping_service.apply_mapping(source: 'evidence', data: xml_evidence)
       content_service.create_evidence(issue: issue, node: @host_node, content: evidence_text)
     end
 
@@ -57,7 +57,7 @@ module Dradis::Plugins::Nipper
 
       logger.info { "Creating issue: #{plugin_id}" }
 
-      issue_text = template_service.process_template(template: 'issue', data: xml_issue)
+      issue_text = mapping_service.apply_mapping(source: 'issue', data: xml_issue)
       issue = content_service.create_issue(text: issue_text, id: plugin_id)
 
       xml_evidence = xml_issue.at_xpath('./issuedetails/devices')

data/lib/dradis/plugins/nipper/mapping.rb

@@ -0,0 +1,50 @@
+module Dradis::Plugins::Nipper
+  module Mapping
+    DEFAULT_MAPPING = {
+      evidence: {
+        'DeviceName' => '{{ nipper[evidence.device_name] }}',
+        'DeviceType' => '{{ nipper[evidence.device_type] }}',
+        'OS' => '{{ nipper[evidence.device_osversion] }}'
+      },
+      issue: {
+        'Title' => '{{ nipper[issue.title] }}',
+        'CVSSv2.Base' => '{{ nipper[issue.cvss_base] }}',
+        'CVSSv2.Temporal' => '{{ nipper[issue.cvss_temporal] }}',
+        'CVSSv2.Environmental' => '{{ nipper[issue.cvss_environmental] }}',
+        'Finding' => '{{ nipper[issue.finding] }}',
+        'Impact' => '{{ nipper[issue.impact] }}',
+        'Ease' => '{{ nipper[issue.ease] }}',
+        'Nipperv1.Ease' => '{{ nipper[issue.nipperv1_ease] }}',
+        'Nipperv1.Fix' => '{{ nipper[issue.nipperv1_fix] }}',
+        'Nipperv1.Impact' => '{{ nipper[issue.nipperv1_impact] }}',
+        'Nipperv1.Rating' => '{{ nipper[issue.nipperv1_rating] }}',
+        'Recommendation' => '{{ nipper[issue.recommendation] }}'
+      }
+    }.freeze
+
+    SOURCE_FIELDS = {
+      evidence: [
+        'evidence.device_name',
+        'evidence.device_type',
+        'evidence.device_osversion'
+      ],
+      issue: [
+        'issue.title',
+        'issue.cvss_base',
+        'issue.cvss_base_vector',
+        'issue.cvss_temporal',
+        'issue.cvss_temporal_vector',
+        'issue.cvss_environmental',
+        'issue.cvss_environmental_vector',
+        'issue.finding',
+        'issue.impact',
+        'issue.ease',
+        'issue.nipperv1_ease',
+        'issue.nipperv1_fix',
+        'issue.nipperv1_impact',
+        'issue.nipperv1_rating',
+        'issue.recommendation'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/nipper.rb

@@ -7,5 +7,6 @@ end
 
 require 'dradis/plugins/nipper/engine'
 require 'dradis/plugins/nipper/field_processor'
+require 'dradis/plugins/nipper/mapping'
 require 'dradis/plugins/nipper/importer'
 require 'dradis/plugins/nipper/version'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nipper
 version: !ruby/object:Gem::Version
-  version: 4.10.0
+  version: 4.12.0
 platform: ruby
 authors:
 - Dradis Team
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-07 00:00:00.000000000 Z
+date: 2024-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -81,11 +81,12 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.5.2
 description: This add-on allows you to upload and parse reports from Nipper.
-email: 
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/pull_request_template.md"
 - ".gitignore"
 - CHANGELOG.md
 - CHANGELOG.template
@@ -101,6 +102,7 @@ files:
 - lib/dradis/plugins/nipper/field_processor.rb
 - lib/dradis/plugins/nipper/gem_version.rb
 - lib/dradis/plugins/nipper/importer.rb
+- lib/dradis/plugins/nipper/mapping.rb
 - lib/dradis/plugins/nipper/version.rb
 - lib/nipper/evidence.rb
 - lib/nipper/issue.rb
@@ -111,17 +113,13 @@ files:
 - spec/spec_helper.rb
 - spec/upload_v2.5_spec.rb
 - spec/upload_v2.8_spec.rb
-- templates/evidence.fields
 - templates/evidence.sample
-- templates/evidence.template
-- templates/issue.fields
 - templates/issue.sample
-- templates/issue.template
 homepage: https://dradis.com/integrations/nipper.html
 licenses:
 - Commercial - Dradis Pro
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -137,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.4
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Nipper upload add-on for Dradis Framework.
 test_files:

data/templates/evidence.fields

@@ -1,3 +0,0 @@
-evidence.device_name
-evidence.device_type
-evidence.device_osversion

data/templates/evidence.template

@@ -1,8 +0,0 @@
-#[DeviceName]#
-%evidence.device_name%
-
-#[DeviceType]#
-%evidence.device_type%
-
-#[OS]#
-%evidence.device_osversion%

data/templates/issue.fields

@@ -1,15 +0,0 @@
-issue.title
-issue.cvss_base
-issue.cvss_base_vector
-issue.cvss_temporal
-issue.cvss_temporal_vector
-issue.cvss_environmental
-issue.cvss_environmental_vector
-issue.finding
-issue.impact
-issue.ease
-issue.nipperv1_ease
-issue.nipperv1_fix
-issue.nipperv1_impact
-issue.nipperv1_rating
-issue.recommendation

data/templates/issue.template

@@ -1,35 +0,0 @@
-#[Title]#
-%issue.title%
-
-#[CVSSv2.Base]#
-%issue.cvss_base%
-
-#[CVSSv2.Temporal]#
-%issue.cvss_temporal%
-
-#[CVSSv2.Environmental]#
-%issue.cvss_environmental%
-
-#[Finding]#
-%issue.finding%
-
-#[Impact]#
-%issue.impact%
-
-#[Ease]#
-%issue.ease%
-
-#[Nipperv1.Ease]#
-%issue.nipperv1_ease%
-
-#[Nipperv1.Fix]#
-%issue.nipperv1_fix%
-
-#[Nipperv1.Impact]#
-%issue.nipperv1_impact%
-
-#[Nipperv1.Rating]#
-%issue.nipperv1_rating%
-
-#[Recommendation]#
-%issue.recommendation%