dradis-ntospider 4.1.0 → 4.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 462b272f60203287ea64642734c5440e5c21e7818b33803aaf2303684d601729
-  data.tar.gz: 3d86613d130b9e70be4c511ae323327f927565634f26a1df7ce2e89bfe149bcf
+  metadata.gz: 3117488d6f07db5cb0ac0576964e327a7a3638b22b556ffb09fd420dcec5065a
+  data.tar.gz: 49145bba6c515b62b02d6214f41a7c25d19f3df6ec124cc0e02035d71de2739d
 SHA512:
-  metadata.gz: 74e3c7d8322074c711b50ce87d9f98d214a63c7784dc228b6753eb52854b4e052814d47761664b8ca5b8f35c10e45e700ea87c469c887f0afe5af398b5198c30
-  data.tar.gz: 563eae622360407308d0d7a986dc4fafb0e7112f9ca97a5715910795c65a1a592cff2a6618759ac40f20b70c8afd8b59d95fc9b8d35cddae0cefeb00cd050ce4
+  metadata.gz: 8f44c3e5678451dc9807d88bc070807c46c77f0395a3e74acbe49b99c6c827c1c9ad729dc836fa9c3dc125716738f17b609495d7ee4ca7be466af0a3db3975ee
+  data.tar.gz: 1182841c0206177851e10b3c1f88d622724bf5046fc15b32761c9c620d15915ba28d9b32c8fbb68fb8b51e3af89a928331f986f1375643f2780fb8fc01d87efe

data/.gitignore

@@ -5,3 +5,7 @@ Gemfile.lock
 
 # Gem artifacts
 /pkg/
+/spec/internal/
+
+# byebug
+.byebug_history

data/.rspec

@@ -0,0 +1,2 @@
+--color
+-f d

data/CHANGELOG.md

@@ -1,3 +1,12 @@
+v4.4.0 (June 2022)
+  - Registers template mappings locally
+
+v4.3.0 (April 2022)
+  - Expose additional fields for use in both Issue and Evidence.
+
+v4.2.0 (February 2022)
+  - No changes
+
 v4.1.0 (November 2021)
   - No changes
 

data/README.md

@@ -17,6 +17,11 @@ See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework
 See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
 
 
+## Contributors
+
+ - Michael Gargiullo
+
+
 ## License
 
 Dradis Framework and all its components are released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the Free Software Foundation and appearing in the file LICENSE included in the packaging of this file.

data/dradis-ntospider.gemspec

@@ -27,6 +27,9 @@ Gem::Specification.new do |spec|
   # s.add_dependency 'rails', '~> 4.1.1'
   spec.add_dependency 'dradis-plugins', '~> 4.0'
 
-  spec.add_development_dependency 'bundler', '~> 1.6'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec-rails'
+  spec.add_development_dependency 'combustion'
 end

data/lib/dradis/plugins/ntospider/field_processor.rb

@@ -2,7 +2,11 @@ module Dradis::Plugins::NTOSpider
   class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
 
     def post_initialize(args={})
-      @nto_object = ::NTOSpider::Vuln.new(data)
+      if data.name == 'Vuln'
+        @nto_object = ::NTOSpider::Vuln.new(data)
+      else
+        @nto_object = ::NTOSpider::Attack.new(data)
+      end
     end
 
     def value(args={})

data/lib/dradis/plugins/ntospider/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 1
+        MINOR = 4
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/ntospider/importer.rb

@@ -11,6 +11,10 @@ module Dradis::Plugins::NTOSpider
       "No vulnerabilities were detected in the uploaded file (/VulnSummary/VulnList/Vuln). "\
       "Ensure the file you uploaded comes from a NTOSpider report."
 
+    def self.templates
+      { evidence: 'evidence', issue: 'vuln' }
+    end
+
     # The framework will call this function if the user selects this plugin from
     # the dropdown list and uploads a file.
     # @returns true if the operation was successful, false otherwise
@@ -53,13 +57,16 @@ module Dradis::Plugins::NTOSpider
         )
         issue = content_service.create_issue text: issue_text, id: plugin_id
 
-        logger.info{ "\t\t => Creating new evidence" }
-        evidence_content = template_service.process_template(
-          template: 'evidence', data: vuln.xml
-        )
-        content_service.create_evidence(
-          issue: issue, node: host_node, content: evidence_content
-        )
+        # App Spider can provide multiple pieces of evidence for an issue.
+        xml_vuln.xpath('./AttackList/Attack').each do |attack_xml|
+          logger.info{ "\t\t => Creating new evidence" }
+          evidence_content = template_service.process_template(
+            template: 'evidence', data: attack_xml
+          )
+          content_service.create_evidence(
+            issue: issue, node: host_node, content: evidence_content
+          )
+        end
       end
 
       true

data/lib/dradis-ntospider.rb

@@ -5,4 +5,5 @@ require 'dradis-plugins'
 require 'dradis/plugins/ntospider'
 
 # load supporting NTOSpider classes
+require 'ntospider/attack'
 require 'ntospider/vuln'

data/lib/ntospider/attack.rb

@@ -0,0 +1,75 @@
+module NTOSpider
+  # This class represents each of the vulnerabilities reported in the
+  # AppSpider VulnerabilitiesSummary.xml file as
+  # <AttackList/Attack> entities.
+  class Attack
+    attr_accessor :xml
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They can be attributes, simple descendants or
+    # collections (e.g. <references/>, <tags/>)
+    def supported_tags
+      [
+        # attributes
+
+        # simple tags
+        :attack_config_description, :attack_description, :attack_id,
+        :attack_matched_string, :attack_post_params, :attack_user_notes,
+        :attack_value, :attack_vuln_url, :original_response_code,
+        :original_value,
+
+        # nested tags
+        :attack_request, :attack_response, :benign
+      ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+
+      # First we try the attributes. In Ruby we use snake_case, but in XML
+      # CamelCase is used for some attributes
+      translations_table = {
+         attack_request: 'AttackRequestList/AttackRequest/Request',
+        attack_response: 'AttackRequestList/AttackRequest/Response',
+                 benign: 'AttackRequestList/AttackRequest/Benign'
+      }
+
+      method_name = translations_table.fetch(method, method.to_s.camelcase)
+
+      # no attributes in the <attack> node
+      # return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
+
+      # Then we try simple children tags: name, type, ...
+      tag = @xml.at_xpath("./#{method_name}")
+      if tag && !tag.text.blank?
+        return tag.text
+      else
+        # nothing found, the tag is valid but not present in this Attack
+        return nil
+      end
+    end
+  end
+end

data/lib/ntospider/vuln.rb

@@ -22,12 +22,18 @@ module NTOSpider
 
         # simple tags
         :attack_class, :attack_score, :attack_type, :attack_value, :capec,
-        :cwe_id, :description, :dissa_asc, :normalized_url, :oval, :owasp2007,
-        :owasp2010, :owasp2013, :recommendation, :vuln_method, :vuln_param,
-        :vuln_type, :vuln_url, :web_site
+        :confidence, :cwe_id, :description, :dissa_asc, :html_entity_attacked,
+        :normalized_url, :oval, :owasp2007, :owasp2010, :owasp2013, :owasp2017,
+        :page, :recommendation, :scan_date,
+        :statistically_prevalent_original_response_code, :url, :vuln_method,
+        :vuln_param, :vuln_param_type, :vuln_type, :vuln_url, :wasc, :web_site,
+        :web_site_ip,
+
         # nested tags
+        :imperva_bl, :imperva_wl, :mod_security_bl, :mod_security_wl,
+        :pcre_regex_bl, :pcre_regex_wl, :snort_bl, :snort_wl
       ]
-end
+    end
 
     # This allows external callers (and specs) to check for implemented
     # properties
@@ -55,18 +61,28 @@ end
       # First we try the attributes. In Ruby we use snake_case, but in XML
       # CamelCase is used for some attributes
       translations_table = {
-        capec:     'CAPEC',
+        capec: 'CAPEC',
         dissa_asc: 'DISSA_ASC',
+        imperva_bl: 'DefenseBL/Imperva',
+        imperva_wl: 'DefenseWL/Imperva',
+        mod_security_bl: 'DefenseBL/ModSecurity',
+        mod_security_wl: 'DefenseWL/ModSecurity',
+        oval: 'OVAL',
         owasp2007: 'OWASP2007',
         owasp2010: 'OWASP2010',
         owasp2013: 'OWASP2013',
-        oval:      'OVAL',
-        wasc:      'WASC'
+        owasp2017: 'OWASP2017',
+        pcre_regex_bl: 'DefenseBL/PcreRegex',
+        pcre_regex_wl: 'DefenseWL/PcreRegex',
+        snort_bl: 'DefenseBL/Snort',
+        snort_wl: 'DefenseWL/Snort',
+        wasc: 'WASC',
+        web_site_ip: 'WebSiteIP'
       }
 
       method_name = translations_table.fetch(method, method.to_s.camelcase)
 
-      # no attributes in the <issue> node
+      # no attributes in the <Vuln> node
       # return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
 
       # Then we try simple children tags: name, type, ...
@@ -113,6 +129,5 @@ end
     def tags_with_html_content
       [:description, :recommendation]
     end
-
   end
 end