dradis-openvas 3.18.0 → 3.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/dradis-openvas.gemspec +5 -2
  4. data/lib/dradis/plugins/openvas/gem_version.rb +1 -1
  5. data/lib/openvas/result.rb +2 -1
  6. data/lib/openvas/v7/result.rb +3 -2
  7. data/spec/openvas/result_spec.rb +10 -10
  8. data/spec/spec_helper.rb +8 -31
  9. data/templates/result.fields +3 -1
  10. metadata +37 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3c740875769deab8ec0349db4c535233efa70bee16fc37e7757dcbcee5d00c2d
4
- data.tar.gz: c4bb6bfb91a8bf60fe4df300ead689947b177eea05fbff961205a25e30d6ab19
3
+ metadata.gz: 3ff8ac94cd9fe7854ddb310a760590cca2de6d44058c8f03e405901c9c8f0c39
4
+ data.tar.gz: c72e9c2f5e19eb409a2c08ad301a6821c44db21bf61be8f4b500d93a96062f03
5
5
  SHA512:
6
- metadata.gz: 8b7f1403a4336c01696d5bcbb260369d99158c97bacdda2da2c283005cd57971df757f3675e29250a1ff7b352a6e2b863edd988b422cd87da405f3d82d4a068d
7
- data.tar.gz: 7bdde853e3c8597aa3f4adf2803b3e957df226941f08214a9fd9d531ddd0fb69911ca86e4bbf75e15385550167ba272fa19c1deea133f35653e2c7fbf09de983
6
+ metadata.gz: cc1861ffabe1790c375a78b73fb3f0e02c5deb4150036e48f95647ce7be99fe13476fe0cde98bdf27bd16e7ab76677400877993987b13acfe4d47157f2bb90d8
7
+ data.tar.gz: 325b648b82b10b4f0dd5975fcad37421deb781f4821044e258d6f6bec0af1423195e0c452bf7046c0fc7146dc199d8874c5d4af553e999230ff321bfdfe77ea7
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## Dradis Framework 3.19 (September, 2020) ##
2
+
3
+ * Added `result.vuldetect` and `result.solution_type` fields
4
+
1
5
  ## Dradis Framework 3.18 (July, 2020) ##
2
6
 
3
7
  * No changes.
data/dradis-openvas.gemspec CHANGED
@@ -27,6 +27,9 @@ Gem::Specification.new do |spec|
27
27
  # s.add_dependency 'rails', '~> 4.1.1'
28
28
  spec.add_dependency 'dradis-plugins', '~> 3.6'
29
29
 
30
- spec.add_development_dependency 'bundler', '~> 1.6'
31
- spec.add_development_dependency 'rake', '~> 10.0'
30
+ spec.add_development_dependency 'bundler'
31
+ spec.add_development_dependency 'rake'
32
+ spec.add_development_dependency 'rspec-rails'
33
+ spec.add_development_dependency 'combustion', '~> 0.5.2'
34
+
32
35
  end
data/lib/dradis/plugins/openvas/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 3
11
- MINOR = 18
11
+ MINOR = 19
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
data/lib/openvas/result.rb CHANGED
@@ -28,7 +28,8 @@ module OpenVAS
28
28
  :name, :cvss_base, :risk_factor, :cve, :bid, :xref,
29
29
 
30
30
  # fields inside :tags
31
- :summary, :info_gathered, :cvss_base_vector, :insight, :impact, :impact_level, :affected_software, :solution
31
+ :summary, :info_gathered, :cvss_base_vector, :insight, :impact,
32
+ :impact_level, :affected_software, :solution, :solution_type, :vuldetect
32
33
  ]
33
34
  end
34
35
 
data/lib/openvas/v7/result.rb CHANGED
@@ -18,13 +18,14 @@ module OpenVAS::V7
18
18
  # Not supported via .fields
19
19
  'cvss_base_vector=' => :cvss_base_vector,
20
20
  'impact=' => :impact,
21
+ 'solution_type=' => :solution_type,
21
22
 
22
23
  # Not supported via .fields
23
- # 'vuldetect='
24
+ 'affected=' => :affected_software,
24
25
  'insight=' => :insight,
25
26
  'solution=' => :solution,
26
27
  'summary=' => :summary,
27
- 'affected=' => :affected_software
28
+ 'vuldetect=' => :vuldetect
28
29
 
29
30
  # Missing fields, these used to be available under <description> but it
30
31
  # doesn't look like they are under <tags>
data/spec/openvas/result_spec.rb CHANGED
@@ -1,12 +1,12 @@
1
1
  require 'spec_helper'
2
2
 
3
- describe Openvas::Result do
3
+ describe OpenVAS::Result do
4
4
  include FixtureLoader
5
5
 
6
6
  it "splits the <description> tag in its component fields" do
7
7
  xml_doc = load_fixture_file('result.xml')
8
- result = Openvas::Result.new( xml_doc.at_xpath('/result') )
9
- result.description.should eq(xml_doc.at_xpath('/result/description').text)
8
+ result = OpenVAS::Result.new( xml_doc.at_xpath('/result') )
9
+ expect(result.description).to eq(xml_doc.at_xpath('/result/description').text)
10
10
 
11
11
  expect(result.summary).to eq("This host is installed with Oracle Java SE JRE and is prone to\nmultiple vulnerabilities.\n\n")
12
12
  expect(result.insight).to eq("Multiple flaws are caused by unspecified errors in the following\ncomponents:\n- 2D\n- AWT\n- Sound\n- I18n\n- CORBA\n- Serialization\n\n")
@@ -14,22 +14,22 @@ describe Openvas::Result do
14
14
 
15
15
  it "respects paragraphs within the component fields of the <description> value" do
16
16
  xml_doc = load_fixture_file('result2.xml')
17
- result = Openvas::Result.new( xml_doc.at_xpath('/result') )
18
- result.summary.should eq("A weakness has been discovered in Apache web servers that are\nconfigured to use the FileETag directive. Due to the way in which\nApache generates ETag response headers, it may be possible for an\nattacker to obtain sensitive information regarding server files.\nSpecifically, ETag header fields returned to a client contain the\nfile's inode number.\n\nExploitation of this issue may provide an attacker with information\nthat may be used to launch further attacks against a target network.\n\nOpenBSD has released a patch that addresses this issue. Inode numbers\nreturned from the server are now encoded using a private hash to avoid\nthe release of sensitive information.\n")
17
+ result = OpenVAS::Result.new( xml_doc.at_xpath('/result') )
18
+ expect(result.summary).to eq("A weakness has been discovered in Apache web servers that are\nconfigured to use the FileETag directive. Due to the way in which\nApache generates ETag response headers, it may be possible for an\nattacker to obtain sensitive information regarding server files.\nSpecifically, ETag header fields returned to a client contain the\nfile's inode number.\n\nExploitation of this issue may provide an attacker with information\nthat may be used to launch further attacks against a target network.\n\nOpenBSD has released a patch that addresses this issue. Inode numbers\nreturned from the server are now encoded using a private hash to avoid\nthe release of sensitive information.\n")
19
19
  end
20
20
 
21
21
  it "correctly parses the fringe 'Impact Level' case" do
22
22
  xml_doc = load_fixture_file('result.xml')
23
- result = Openvas::Result.new( xml_doc.at_xpath('/result') )
23
+ result = OpenVAS::Result.new( xml_doc.at_xpath('/result') )
24
24
 
25
- result.impact_level.should eq('System/Application')
25
+ expect(result.impact_level).to eq('System/Application')
26
26
  end
27
27
 
28
28
 
29
29
  it "correctly parses the last component field in the <description>" do
30
30
  xml_doc = load_fixture_file('result2.xml')
31
- result = Openvas::Result.new( xml_doc.at_xpath('/result') )
31
+ result = OpenVAS::Result.new( xml_doc.at_xpath('/result') )
32
32
 
33
- result.info_gathered.should eq("Inode: 1050855\nSize: 177\n\n")
33
+ expect(result.info_gathered).to eq("Inode: 1050855\nSize: 177\n\n")
34
34
  end
35
- end
35
+ end
data/spec/spec_helper.rb CHANGED
@@ -1,35 +1,12 @@
1
- ENV["RAILS_ENV"] ||= 'test'
2
- require File.expand_path("../../../../../config/environment", __FILE__)
3
- require 'rspec/rails'
1
+ require 'rubygems'
2
+ require 'bundler/setup'
3
+ require 'nokogiri'
4
4
 
5
- # Requires supporting ruby files with custom matchers and macros, etc,
6
- # in spec/support/ and its subdirectories.
7
- require 'support/fixture_loader'
8
-
9
- RSpec.configure do |config|
10
- # CLI niceties
11
- config.order = :random
12
-
13
- # Filter which specs to run
14
- config.treat_symbols_as_metadata_keys_with_true_values = true
15
- config.filter_run :focus => true
16
- config.run_all_when_everything_filtered = true
17
-
18
- # If you're not using ActiveRecord, or you'd prefer not to run each of your
19
- # examples within a transaction, remove the following line or assign false
20
- # instead of true.
21
- config.use_transactional_fixtures = false
5
+ require 'combustion'
22
6
 
23
- config.before(:suite) do
24
- DatabaseCleaner.strategy = :transaction
25
- DatabaseCleaner.clean_with(:truncation)
26
- end
7
+ Combustion.initialize!
27
8
 
28
- config.before(:each) do
29
- DatabaseCleaner.start
30
- end
31
-
32
- config.after(:each) do
33
- DatabaseCleaner.clean
34
- end
9
+ RSpec.configure do |config|
35
10
  end
11
+
12
+ require 'support/fixture_loader'
data/templates/result.fields CHANGED
@@ -16,4 +16,6 @@ result.info_gathered
16
16
  result.impact
17
17
  result.impact_level
18
18
  result.affected_software
19
- result.solution
19
+ result.solution
20
+ result.solution_type
21
+ result.vuldetect
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-openvas
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.18.0
4
+ version: 3.19.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-22 00:00:00.000000000 Z
11
+ date: 2020-09-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -28,30 +28,58 @@ dependencies:
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '1.6'
33
+ version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '1.6'
40
+ version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec-rails
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: combustion
43
71
  requirement: !ruby/object:Gem::Requirement
44
72
  requirements:
45
73
  - - "~>"
46
74
  - !ruby/object:Gem::Version
47
- version: '10.0'
75
+ version: 0.5.2
48
76
  type: :development
49
77
  prerelease: false
50
78
  version_requirements: !ruby/object:Gem::Requirement
51
79
  requirements:
52
80
  - - "~>"
53
81
  - !ruby/object:Gem::Version
54
- version: '10.0'
82
+ version: 0.5.2
55
83
  description: This add-on allows you to upload and parse output produced from OpenVAS
56
84
  Scanner (v6 and v7) into Dradis.
57
85
  email:
@@ -114,7 +142,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
114
142
  - !ruby/object:Gem::Version
115
143
  version: '0'
116
144
  requirements: []
117
- rubygems_version: 3.1.2
145
+ rubygems_version: 3.0.1
118
146
  signing_key:
119
147
  specification_version: 4
120
148
  summary: OpenVAS add-on for the Dradis Framework.