dradis-openvas 4.10.0 → 4.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 56300ef970e155017d685e4970cf3b75725d399770a97ef0e5eb7631255ee8ad
-  data.tar.gz: 7e8fec73e811712816262cfdbe41be556159e08f8954a51e0bf2dd1f7bd66140
+  metadata.gz: 4fa4fbffa0f998d065c001f81f7ab5186e7f491892898b5be7a2ac2de056d97a
+  data.tar.gz: 0facc466254d5984274a65e75f7c3d099bb8615cd5e9f18fdc05e56843440d07
 SHA512:
-  metadata.gz: 8ecfa737970116a1752acee94a073efbe5056a35ff5937ae7d334b9cb41c2ac8305f9d87d573bf8c7c3f75ed8cfad3cd0d2188839496e2e6a64e929f1ea91b32
-  data.tar.gz: 4293b4d34e6b4d06303e35531c4f86e54c3e495da7e0119acbcb594d7807c60a52e0fcbb125d28d0eddc80572b0f11d7ee763a43720c01375c24be83511bb614
+  metadata.gz: 3a43b28e4daf9a3d8d68d3dc9e70e91cbe7eedd4e71f9cd64528545dabf7f29482c9ac73733d3d01f6c5cc6729891748ad2176983284845631b90a77c4b2fefb
+  data.tar.gz: 1acc1ab81acc196fa9b00651e6c06c870b65a76c82c6784f209ec16aaf02f76f2a8fe3e04c73482f7b0774197e39d6a44f1098d7a619bcb39e6d66960d74bc1f

data/.github/pull_request_template.md

@@ -1,3 +1,5 @@
+Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
+
 ### Summary
 
 Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
 to keep the conversation linked together.
 
 
+### Testing Steps
+
+Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
+
+
 ### Other Information
 
 If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
 codebase. Any code you create which is merged must be owned by us.
 That's not us trying to be a jerks, that's just the way it works.
 
-Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
-file for the details.
-
 You can delete this section, but the following sentence needs to
 remain in the PR's description:
 
 > I assign all rights, including copyright, to any future Dradis
 > work by myself to Security Roots.
+
+### Check List
+
+- [ ] Added a CHANGELOG entry
+- [ ] Added specs

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+v4.12.0 (May 2024)
+ - Migrate integration to use Mappings Manager
+ - Update Dradis links in README
+
+v4.11.0 (January 2024)
+  - No changes
+
 v4.10.0 (September 2023)
   - Update gemspec links
 

data/README.md

@@ -4,19 +4,19 @@
 
 The OpenVAS add-on enables users to upload OpenVAS XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
 
-The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 
 The add-on supports OpenVAS v6 and v7 output.
 
 
 ## More information
 
-See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
 
 
 ## Contributing
 
-See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
 
 
 ## License

data/lib/dradis/plugins/openvas/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 10
+        MINOR = 12
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/openvas/importer.rb

@@ -45,7 +45,7 @@ module Dradis::Plugins::OpenVAS
 
       logger.info{ "\t\t => Creating new issue (#{nvt_oid})" }
 
-      issue_text = template_service.process_template(template: 'result', data: xml_result)
+      issue_text = mapping_service.apply_mapping(source: 'result', data: xml_result)
       issue = content_service.create_issue(text: issue_text, id: nvt_oid)
 
 
@@ -90,8 +90,8 @@ module Dradis::Plugins::OpenVAS
       # doesn't provide any per-instance information.
       #
       # Best thing to do is to include the full <description> field and let the user deal with it.
-      
-      evidence_content = template_service.process_template(template: 'evidence', data: xml_result)
+
+      evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_result)
       content_service.create_evidence(issue: issue, node: host_node, content: evidence_content)
     end
 

data/lib/dradis/plugins/openvas/mapping.rb

@@ -0,0 +1,49 @@
+module Dradis::Plugins::OpenVAS
+  module Mapping
+    DEFAULT_MAPPING = {
+      evidence: {
+        'Port' => '{{ openvas[evidence.port] }}',
+        'Description' => '{{ openvas[evidence.description] }}'
+      },
+      result: {
+        'Title' => '{{ openvas[result.name] }}',
+        'CVSSv2' => '{{ openvas[result.cvss_base] }}',
+        'AffectedSoftware' => '{{ openvas[result.affected_software] }}',
+        'Description' => '{{ openvas[result.summary] }}',
+        'Recommendation' => '{{ openvas[result.solution] }}',
+        'References' => "CVE: {{ openvas[result.cve] }}\nCVSS Vector: {{ cvss_base_vector }}\nBID: {{ openvas[result.bid] }}\nOther: {{ openvas[result.xref] }}",
+        'RawDescription' => "(note that some of the information below can change from instance to instance of this problem)\n {{ openvas[result.description] }}"
+      }
+    }.freeze
+
+    SOURCE_FIELDS = {
+      evidence: [
+        'evidence.port',
+        'evidence.description'
+      ],
+      result: [
+        'result.threat',
+        'result.description',
+        'result.original_threat',
+        'result.notes',
+        'result.overrides',
+        'result.name',
+        'result.cvss_base',
+        'result.cvss_base_vector',
+        'result.risk_factor',
+        'result.cve',
+        'result.bid',
+        'result.xref',
+        'result.summary',
+        'result.insight',
+        'result.info_gathered',
+        'result.impact',
+        'result.impact_level',
+        'result.affected_software',
+        'result.solution',
+        'result.solution_type',
+        'result.vuldetect'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/openvas.rb

@@ -7,5 +7,6 @@ end
 
 require 'dradis/plugins/openvas/engine'
 require 'dradis/plugins/openvas/field_processor'
+require 'dradis/plugins/openvas/mapping'
 require 'dradis/plugins/openvas/importer'
 require 'dradis/plugins/openvas/version'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-openvas
 version: !ruby/object:Gem::Version
-  version: 4.10.0
+  version: 4.12.0
 platform: ruby
 authors:
 - Daniel Martin
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-07 00:00:00.000000000 Z
+date: 2024-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -82,7 +82,7 @@ dependencies:
         version: 0.5.2
 description: This add-on allows you to upload and parse output produced from OpenVAS
   Scanner (v6 and v7) into Dradis.
-email: 
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -106,6 +106,7 @@ files:
 - lib/dradis/plugins/openvas/field_processor.rb
 - lib/dradis/plugins/openvas/gem_version.rb
 - lib/dradis/plugins/openvas/importer.rb
+- lib/dradis/plugins/openvas/mapping.rb
 - lib/dradis/plugins/openvas/version.rb
 - lib/openvas/result.rb
 - lib/openvas/v6/result.rb
@@ -119,17 +120,13 @@ files:
 - spec/openvas/upload_v24_spec.rb
 - spec/spec_helper.rb
 - spec/support/fixture_loader.rb
-- templates/evidence.fields
 - templates/evidence.sample
-- templates/evidence.template
-- templates/result.fields
 - templates/result.sample
-- templates/result.template
 homepage: https://dradis.com/integrations/openvas.html
 licenses:
 - GPL-2
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -145,7 +142,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.4
-signing_key: 
+signing_key:
 specification_version: 4
 summary: OpenVAS add-on for the Dradis Framework.
 test_files:

data/templates/evidence.fields

@@ -1,2 +0,0 @@
-evidence.port
-evidence.description

data/templates/evidence.template

@@ -1,6 +0,0 @@
-#[Port]#
-%evidence.port%
-
-
-#[Description]#
-%evidence.description%

data/templates/result.fields

@@ -1,21 +0,0 @@
-result.threat
-result.description
-result.original_threat
-result.notes
-result.overrides
-result.name
-result.cvss_base
-result.cvss_base_vector
-result.risk_factor
-result.cve
-result.bid
-result.xref
-result.summary
-result.insight
-result.info_gathered
-result.impact
-result.impact_level
-result.affected_software
-result.solution
-result.solution_type
-result.vuldetect

data/templates/result.template

@@ -1,27 +0,0 @@
-#[Title]#
-%result.name%
-
-
-#[CVSSv2]#
-%result.cvss_base%
-
-#[AffectedSoftware]#
-%result.affected_software%
-
-#[Description]#
-%result.summary%
-
-#[Recommendation]#
-%result.solution%
-
-
-#[References]#
-CVE: %result.cve%
-CVSS Vector: %cvss_base_vector%
-BID: %result.bid%
-Other: %result.xref%
-
-
-#[RawDescription]#
-(note that some of the information below can change from instance to instance of this problem)
-%result.description%