dradis-ntospider 4.2.0 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +4 -0
- data/.rspec +2 -0
- data/CHANGELOG.md +3 -0
- data/README.md +5 -0
- data/dradis-ntospider.gemspec +5 -2
- data/lib/dradis/plugins/ntospider/field_processor.rb +5 -1
- data/lib/dradis/plugins/ntospider/gem_version.rb +1 -1
- data/lib/dradis/plugins/ntospider/importer.rb +10 -7
- data/lib/dradis-ntospider.rb +1 -0
- data/lib/ntospider/attack.rb +75 -0
- data/lib/ntospider/vuln.rb +24 -9
- data/spec/fixtures/files/VulnerabilitiesSummary.xml +484 -379
- data/spec/ntospider_import_spec.rb +87 -0
- data/spec/spec_helper.rb +10 -0
- data/templates/evidence.fields +13 -4
- data/templates/evidence.sample +28 -198
- data/templates/evidence.template +11 -8
- data/templates/vuln.fields +14 -0
- data/templates/vuln.sample +134 -197
- data/templates/vuln.template +3 -3
- metadata +58 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1987331dcc279d1c8dd41c450b72c73c89f6b3f1b40db57ab432875367543016
|
|
4
|
+
data.tar.gz: 07e3f53cf6f9f99f3c311293b2b00bf309860973ee3c6e768b0471fd5abc42c4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 97be744805f078429d5a7767cf345d44094ada49a08c9ee40b51ac26d33a956a29cd73be89df0d7b043b16ff71a77bebaf050dcf6884fbb68a08895232b6ab32
|
|
7
|
+
data.tar.gz: 7bc9eb986d36009dc49bcdb194edcaa4a1b6d92f263f0127db7468033156035f2c03622608395061670597abb43d9512471a9580abab2ce1dc97a564daf1f7c4
|
data/.gitignore
CHANGED
data/.rspec
ADDED
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -17,6 +17,11 @@ See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework
|
|
|
17
17
|
See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
|
|
18
18
|
|
|
19
19
|
|
|
20
|
+
## Contributors
|
|
21
|
+
|
|
22
|
+
- Michael Gargiullo
|
|
23
|
+
|
|
24
|
+
|
|
20
25
|
## License
|
|
21
26
|
|
|
22
27
|
Dradis Framework and all its components are released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the Free Software Foundation and appearing in the file LICENSE included in the packaging of this file.
|
data/dradis-ntospider.gemspec
CHANGED
|
@@ -27,6 +27,9 @@ Gem::Specification.new do |spec|
|
|
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
|
28
28
|
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
|
29
29
|
|
|
30
|
-
spec.add_development_dependency 'bundler'
|
|
31
|
-
spec.add_development_dependency '
|
|
30
|
+
spec.add_development_dependency 'bundler'
|
|
31
|
+
spec.add_development_dependency 'byebug'
|
|
32
|
+
spec.add_development_dependency 'rake'
|
|
33
|
+
spec.add_development_dependency 'rspec-rails'
|
|
34
|
+
spec.add_development_dependency 'combustion'
|
|
32
35
|
end
|
|
@@ -2,7 +2,11 @@ module Dradis::Plugins::NTOSpider
|
|
|
2
2
|
class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
|
|
3
3
|
|
|
4
4
|
def post_initialize(args={})
|
|
5
|
-
|
|
5
|
+
if data.name == 'Vuln'
|
|
6
|
+
@nto_object = ::NTOSpider::Vuln.new(data)
|
|
7
|
+
else
|
|
8
|
+
@nto_object = ::NTOSpider::Attack.new(data)
|
|
9
|
+
end
|
|
6
10
|
end
|
|
7
11
|
|
|
8
12
|
def value(args={})
|
|
@@ -53,13 +53,16 @@ module Dradis::Plugins::NTOSpider
|
|
|
53
53
|
)
|
|
54
54
|
issue = content_service.create_issue text: issue_text, id: plugin_id
|
|
55
55
|
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
56
|
+
# App Spider can provide multiple pieces of evidence for an issue.
|
|
57
|
+
xml_vuln.xpath('./AttackList/Attack').each do |attack_xml|
|
|
58
|
+
logger.info{ "\t\t => Creating new evidence" }
|
|
59
|
+
evidence_content = template_service.process_template(
|
|
60
|
+
template: 'evidence', data: attack_xml
|
|
61
|
+
)
|
|
62
|
+
content_service.create_evidence(
|
|
63
|
+
issue: issue, node: host_node, content: evidence_content
|
|
64
|
+
)
|
|
65
|
+
end
|
|
63
66
|
end
|
|
64
67
|
|
|
65
68
|
true
|
data/lib/dradis-ntospider.rb
CHANGED
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
module NTOSpider
|
|
2
|
+
# This class represents each of the vulnerabilities reported in the
|
|
3
|
+
# AppSpider VulnerabilitiesSummary.xml file as
|
|
4
|
+
# <AttackList/Attack> entities.
|
|
5
|
+
class Attack
|
|
6
|
+
attr_accessor :xml
|
|
7
|
+
# Accepts an XML node from Nokogiri::XML.
|
|
8
|
+
def initialize(xml_node)
|
|
9
|
+
@xml = xml_node
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# List of supported tags. They can be attributes, simple descendants or
|
|
13
|
+
# collections (e.g. <references/>, <tags/>)
|
|
14
|
+
def supported_tags
|
|
15
|
+
[
|
|
16
|
+
# attributes
|
|
17
|
+
|
|
18
|
+
# simple tags
|
|
19
|
+
:attack_config_description, :attack_description, :attack_id,
|
|
20
|
+
:attack_matched_string, :attack_post_params, :attack_user_notes,
|
|
21
|
+
:attack_value, :attack_vuln_url, :original_response_code,
|
|
22
|
+
:original_value,
|
|
23
|
+
|
|
24
|
+
# nested tags
|
|
25
|
+
:attack_request, :attack_response, :benign
|
|
26
|
+
]
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
# This allows external callers (and specs) to check for implemented
|
|
30
|
+
# properties
|
|
31
|
+
def respond_to?(method, include_private=false)
|
|
32
|
+
return true if supported_tags.include?(method.to_sym)
|
|
33
|
+
super
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# This method is invoked by Ruby when a method that is not defined in this
|
|
37
|
+
# instance is called.
|
|
38
|
+
#
|
|
39
|
+
# In our case we inspect the @method@ parameter and try to find the
|
|
40
|
+
# attribute, simple descendent or collection that it maps to in the XML
|
|
41
|
+
# tree.
|
|
42
|
+
def method_missing(method, *args)
|
|
43
|
+
# We could remove this check and return nil for any non-recognized tag.
|
|
44
|
+
# The problem would be that it would make tricky to debug problems with
|
|
45
|
+
# typos. For instance: <>.potr would return nil instead of raising an
|
|
46
|
+
# exception
|
|
47
|
+
unless supported_tags.include?(method)
|
|
48
|
+
super
|
|
49
|
+
return
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# First we try the attributes. In Ruby we use snake_case, but in XML
|
|
53
|
+
# CamelCase is used for some attributes
|
|
54
|
+
translations_table = {
|
|
55
|
+
attack_request: 'AttackRequestList/AttackRequest/Request',
|
|
56
|
+
attack_response: 'AttackRequestList/AttackRequest/Response',
|
|
57
|
+
benign: 'AttackRequestList/AttackRequest/Benign'
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
method_name = translations_table.fetch(method, method.to_s.camelcase)
|
|
61
|
+
|
|
62
|
+
# no attributes in the <attack> node
|
|
63
|
+
# return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
|
|
64
|
+
|
|
65
|
+
# Then we try simple children tags: name, type, ...
|
|
66
|
+
tag = @xml.at_xpath("./#{method_name}")
|
|
67
|
+
if tag && !tag.text.blank?
|
|
68
|
+
return tag.text
|
|
69
|
+
else
|
|
70
|
+
# nothing found, the tag is valid but not present in this Attack
|
|
71
|
+
return nil
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
data/lib/ntospider/vuln.rb
CHANGED
|
@@ -22,12 +22,18 @@ module NTOSpider
|
|
|
22
22
|
|
|
23
23
|
# simple tags
|
|
24
24
|
:attack_class, :attack_score, :attack_type, :attack_value, :capec,
|
|
25
|
-
:cwe_id, :description, :dissa_asc, :
|
|
26
|
-
:
|
|
27
|
-
:
|
|
25
|
+
:confidence, :cwe_id, :description, :dissa_asc, :html_entity_attacked,
|
|
26
|
+
:normalized_url, :oval, :owasp2007, :owasp2010, :owasp2013, :owasp2017,
|
|
27
|
+
:page, :recommendation, :scan_date,
|
|
28
|
+
:statistically_prevalent_original_response_code, :url, :vuln_method,
|
|
29
|
+
:vuln_param, :vuln_param_type, :vuln_type, :vuln_url, :wasc, :web_site,
|
|
30
|
+
:web_site_ip,
|
|
31
|
+
|
|
28
32
|
# nested tags
|
|
33
|
+
:imperva_bl, :imperva_wl, :mod_security_bl, :mod_security_wl,
|
|
34
|
+
:pcre_regex_bl, :pcre_regex_wl, :snort_bl, :snort_wl
|
|
29
35
|
]
|
|
30
|
-
end
|
|
36
|
+
end
|
|
31
37
|
|
|
32
38
|
# This allows external callers (and specs) to check for implemented
|
|
33
39
|
# properties
|
|
@@ -55,18 +61,28 @@ end
|
|
|
55
61
|
# First we try the attributes. In Ruby we use snake_case, but in XML
|
|
56
62
|
# CamelCase is used for some attributes
|
|
57
63
|
translations_table = {
|
|
58
|
-
capec:
|
|
64
|
+
capec: 'CAPEC',
|
|
59
65
|
dissa_asc: 'DISSA_ASC',
|
|
66
|
+
imperva_bl: 'DefenseBL/Imperva',
|
|
67
|
+
imperva_wl: 'DefenseWL/Imperva',
|
|
68
|
+
mod_security_bl: 'DefenseBL/ModSecurity',
|
|
69
|
+
mod_security_wl: 'DefenseWL/ModSecurity',
|
|
70
|
+
oval: 'OVAL',
|
|
60
71
|
owasp2007: 'OWASP2007',
|
|
61
72
|
owasp2010: 'OWASP2010',
|
|
62
73
|
owasp2013: 'OWASP2013',
|
|
63
|
-
|
|
64
|
-
|
|
74
|
+
owasp2017: 'OWASP2017',
|
|
75
|
+
pcre_regex_bl: 'DefenseBL/PcreRegex',
|
|
76
|
+
pcre_regex_wl: 'DefenseWL/PcreRegex',
|
|
77
|
+
snort_bl: 'DefenseBL/Snort',
|
|
78
|
+
snort_wl: 'DefenseWL/Snort',
|
|
79
|
+
wasc: 'WASC',
|
|
80
|
+
web_site_ip: 'WebSiteIP'
|
|
65
81
|
}
|
|
66
82
|
|
|
67
83
|
method_name = translations_table.fetch(method, method.to_s.camelcase)
|
|
68
84
|
|
|
69
|
-
# no attributes in the <
|
|
85
|
+
# no attributes in the <Vuln> node
|
|
70
86
|
# return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
|
|
71
87
|
|
|
72
88
|
# Then we try simple children tags: name, type, ...
|
|
@@ -113,6 +129,5 @@ end
|
|
|
113
129
|
def tags_with_html_content
|
|
114
130
|
[:description, :recommendation]
|
|
115
131
|
end
|
|
116
|
-
|
|
117
132
|
end
|
|
118
133
|
end
|