dradis-ntospider 4.1.0 → 4.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +4 -0
- data/.rspec +2 -0
- data/CHANGELOG.md +9 -0
- data/README.md +5 -0
- data/dradis-ntospider.gemspec +5 -2
- data/lib/dradis/plugins/ntospider/field_processor.rb +5 -1
- data/lib/dradis/plugins/ntospider/gem_version.rb +1 -1
- data/lib/dradis/plugins/ntospider/importer.rb +14 -7
- data/lib/dradis-ntospider.rb +1 -0
- data/lib/ntospider/attack.rb +75 -0
- data/lib/ntospider/vuln.rb +24 -9
- data/spec/fixtures/files/VulnerabilitiesSummary.xml +484 -379
- data/spec/ntospider_import_spec.rb +87 -0
- data/spec/spec_helper.rb +10 -0
- data/templates/evidence.fields +13 -4
- data/templates/evidence.sample +28 -198
- data/templates/evidence.template +11 -8
- data/templates/vuln.fields +14 -0
- data/templates/vuln.sample +134 -197
- data/templates/vuln.template +3 -3
- metadata +59 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3117488d6f07db5cb0ac0576964e327a7a3638b22b556ffb09fd420dcec5065a
|
4
|
+
data.tar.gz: 49145bba6c515b62b02d6214f41a7c25d19f3df6ec124cc0e02035d71de2739d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8f44c3e5678451dc9807d88bc070807c46c77f0395a3e74acbe49b99c6c827c1c9ad729dc836fa9c3dc125716738f17b609495d7ee4ca7be466af0a3db3975ee
|
7
|
+
data.tar.gz: 1182841c0206177851e10b3c1f88d622724bf5046fc15b32761c9c620d15915ba28d9b32c8fbb68fb8b51e3af89a928331f986f1375643f2780fb8fc01d87efe
|
data/.gitignore
CHANGED
data/.rspec
ADDED
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -17,6 +17,11 @@ See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework
|
|
17
17
|
See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
|
18
18
|
|
19
19
|
|
20
|
+
## Contributors
|
21
|
+
|
22
|
+
- Michael Gargiullo
|
23
|
+
|
24
|
+
|
20
25
|
## License
|
21
26
|
|
22
27
|
Dradis Framework and all its components are released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the Free Software Foundation and appearing in the file LICENSE included in the packaging of this file.
|
data/dradis-ntospider.gemspec
CHANGED
@@ -27,6 +27,9 @@ Gem::Specification.new do |spec|
|
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
28
28
|
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
29
29
|
|
30
|
-
spec.add_development_dependency 'bundler'
|
31
|
-
spec.add_development_dependency '
|
30
|
+
spec.add_development_dependency 'bundler'
|
31
|
+
spec.add_development_dependency 'byebug'
|
32
|
+
spec.add_development_dependency 'rake'
|
33
|
+
spec.add_development_dependency 'rspec-rails'
|
34
|
+
spec.add_development_dependency 'combustion'
|
32
35
|
end
|
@@ -2,7 +2,11 @@ module Dradis::Plugins::NTOSpider
|
|
2
2
|
class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
|
3
3
|
|
4
4
|
def post_initialize(args={})
|
5
|
-
|
5
|
+
if data.name == 'Vuln'
|
6
|
+
@nto_object = ::NTOSpider::Vuln.new(data)
|
7
|
+
else
|
8
|
+
@nto_object = ::NTOSpider::Attack.new(data)
|
9
|
+
end
|
6
10
|
end
|
7
11
|
|
8
12
|
def value(args={})
|
@@ -11,6 +11,10 @@ module Dradis::Plugins::NTOSpider
|
|
11
11
|
"No vulnerabilities were detected in the uploaded file (/VulnSummary/VulnList/Vuln). "\
|
12
12
|
"Ensure the file you uploaded comes from a NTOSpider report."
|
13
13
|
|
14
|
+
def self.templates
|
15
|
+
{ evidence: 'evidence', issue: 'vuln' }
|
16
|
+
end
|
17
|
+
|
14
18
|
# The framework will call this function if the user selects this plugin from
|
15
19
|
# the dropdown list and uploads a file.
|
16
20
|
# @returns true if the operation was successful, false otherwise
|
@@ -53,13 +57,16 @@ module Dradis::Plugins::NTOSpider
|
|
53
57
|
)
|
54
58
|
issue = content_service.create_issue text: issue_text, id: plugin_id
|
55
59
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
60
|
+
# App Spider can provide multiple pieces of evidence for an issue.
|
61
|
+
xml_vuln.xpath('./AttackList/Attack').each do |attack_xml|
|
62
|
+
logger.info{ "\t\t => Creating new evidence" }
|
63
|
+
evidence_content = template_service.process_template(
|
64
|
+
template: 'evidence', data: attack_xml
|
65
|
+
)
|
66
|
+
content_service.create_evidence(
|
67
|
+
issue: issue, node: host_node, content: evidence_content
|
68
|
+
)
|
69
|
+
end
|
63
70
|
end
|
64
71
|
|
65
72
|
true
|
data/lib/dradis-ntospider.rb
CHANGED
@@ -0,0 +1,75 @@
|
|
1
|
+
module NTOSpider
|
2
|
+
# This class represents each of the vulnerabilities reported in the
|
3
|
+
# AppSpider VulnerabilitiesSummary.xml file as
|
4
|
+
# <AttackList/Attack> entities.
|
5
|
+
class Attack
|
6
|
+
attr_accessor :xml
|
7
|
+
# Accepts an XML node from Nokogiri::XML.
|
8
|
+
def initialize(xml_node)
|
9
|
+
@xml = xml_node
|
10
|
+
end
|
11
|
+
|
12
|
+
# List of supported tags. They can be attributes, simple descendants or
|
13
|
+
# collections (e.g. <references/>, <tags/>)
|
14
|
+
def supported_tags
|
15
|
+
[
|
16
|
+
# attributes
|
17
|
+
|
18
|
+
# simple tags
|
19
|
+
:attack_config_description, :attack_description, :attack_id,
|
20
|
+
:attack_matched_string, :attack_post_params, :attack_user_notes,
|
21
|
+
:attack_value, :attack_vuln_url, :original_response_code,
|
22
|
+
:original_value,
|
23
|
+
|
24
|
+
# nested tags
|
25
|
+
:attack_request, :attack_response, :benign
|
26
|
+
]
|
27
|
+
end
|
28
|
+
|
29
|
+
# This allows external callers (and specs) to check for implemented
|
30
|
+
# properties
|
31
|
+
def respond_to?(method, include_private=false)
|
32
|
+
return true if supported_tags.include?(method.to_sym)
|
33
|
+
super
|
34
|
+
end
|
35
|
+
|
36
|
+
# This method is invoked by Ruby when a method that is not defined in this
|
37
|
+
# instance is called.
|
38
|
+
#
|
39
|
+
# In our case we inspect the @method@ parameter and try to find the
|
40
|
+
# attribute, simple descendent or collection that it maps to in the XML
|
41
|
+
# tree.
|
42
|
+
def method_missing(method, *args)
|
43
|
+
# We could remove this check and return nil for any non-recognized tag.
|
44
|
+
# The problem would be that it would make tricky to debug problems with
|
45
|
+
# typos. For instance: <>.potr would return nil instead of raising an
|
46
|
+
# exception
|
47
|
+
unless supported_tags.include?(method)
|
48
|
+
super
|
49
|
+
return
|
50
|
+
end
|
51
|
+
|
52
|
+
# First we try the attributes. In Ruby we use snake_case, but in XML
|
53
|
+
# CamelCase is used for some attributes
|
54
|
+
translations_table = {
|
55
|
+
attack_request: 'AttackRequestList/AttackRequest/Request',
|
56
|
+
attack_response: 'AttackRequestList/AttackRequest/Response',
|
57
|
+
benign: 'AttackRequestList/AttackRequest/Benign'
|
58
|
+
}
|
59
|
+
|
60
|
+
method_name = translations_table.fetch(method, method.to_s.camelcase)
|
61
|
+
|
62
|
+
# no attributes in the <attack> node
|
63
|
+
# return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
|
64
|
+
|
65
|
+
# Then we try simple children tags: name, type, ...
|
66
|
+
tag = @xml.at_xpath("./#{method_name}")
|
67
|
+
if tag && !tag.text.blank?
|
68
|
+
return tag.text
|
69
|
+
else
|
70
|
+
# nothing found, the tag is valid but not present in this Attack
|
71
|
+
return nil
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
data/lib/ntospider/vuln.rb
CHANGED
@@ -22,12 +22,18 @@ module NTOSpider
|
|
22
22
|
|
23
23
|
# simple tags
|
24
24
|
:attack_class, :attack_score, :attack_type, :attack_value, :capec,
|
25
|
-
:cwe_id, :description, :dissa_asc, :
|
26
|
-
:
|
27
|
-
:
|
25
|
+
:confidence, :cwe_id, :description, :dissa_asc, :html_entity_attacked,
|
26
|
+
:normalized_url, :oval, :owasp2007, :owasp2010, :owasp2013, :owasp2017,
|
27
|
+
:page, :recommendation, :scan_date,
|
28
|
+
:statistically_prevalent_original_response_code, :url, :vuln_method,
|
29
|
+
:vuln_param, :vuln_param_type, :vuln_type, :vuln_url, :wasc, :web_site,
|
30
|
+
:web_site_ip,
|
31
|
+
|
28
32
|
# nested tags
|
33
|
+
:imperva_bl, :imperva_wl, :mod_security_bl, :mod_security_wl,
|
34
|
+
:pcre_regex_bl, :pcre_regex_wl, :snort_bl, :snort_wl
|
29
35
|
]
|
30
|
-
end
|
36
|
+
end
|
31
37
|
|
32
38
|
# This allows external callers (and specs) to check for implemented
|
33
39
|
# properties
|
@@ -55,18 +61,28 @@ end
|
|
55
61
|
# First we try the attributes. In Ruby we use snake_case, but in XML
|
56
62
|
# CamelCase is used for some attributes
|
57
63
|
translations_table = {
|
58
|
-
capec:
|
64
|
+
capec: 'CAPEC',
|
59
65
|
dissa_asc: 'DISSA_ASC',
|
66
|
+
imperva_bl: 'DefenseBL/Imperva',
|
67
|
+
imperva_wl: 'DefenseWL/Imperva',
|
68
|
+
mod_security_bl: 'DefenseBL/ModSecurity',
|
69
|
+
mod_security_wl: 'DefenseWL/ModSecurity',
|
70
|
+
oval: 'OVAL',
|
60
71
|
owasp2007: 'OWASP2007',
|
61
72
|
owasp2010: 'OWASP2010',
|
62
73
|
owasp2013: 'OWASP2013',
|
63
|
-
|
64
|
-
|
74
|
+
owasp2017: 'OWASP2017',
|
75
|
+
pcre_regex_bl: 'DefenseBL/PcreRegex',
|
76
|
+
pcre_regex_wl: 'DefenseWL/PcreRegex',
|
77
|
+
snort_bl: 'DefenseBL/Snort',
|
78
|
+
snort_wl: 'DefenseWL/Snort',
|
79
|
+
wasc: 'WASC',
|
80
|
+
web_site_ip: 'WebSiteIP'
|
65
81
|
}
|
66
82
|
|
67
83
|
method_name = translations_table.fetch(method, method.to_s.camelcase)
|
68
84
|
|
69
|
-
# no attributes in the <
|
85
|
+
# no attributes in the <Vuln> node
|
70
86
|
# return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
|
71
87
|
|
72
88
|
# Then we try simple children tags: name, type, ...
|
@@ -113,6 +129,5 @@ end
|
|
113
129
|
def tags_with_html_content
|
114
130
|
[:description, :recommendation]
|
115
131
|
end
|
116
|
-
|
117
132
|
end
|
118
133
|
end
|