dradis-openvas 4.11.0 → 4.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/README.md +1 -1
- data/dradis-openvas.gemspec +1 -1
- data/lib/dradis/plugins/openvas/gem_version.rb +1 -1
- data/lib/dradis/plugins/openvas/importer.rb +3 -3
- data/lib/dradis/plugins/openvas/mapping.rb +49 -0
- data/lib/dradis/plugins/openvas.rb +1 -0
- metadata +8 -11
- data/templates/evidence.fields +0 -2
- data/templates/evidence.template +0 -6
- data/templates/result.fields +0 -21
- data/templates/result.template +0 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '029490c8ffeba90b915ea7dfea8cfab14accac33eabbde943080c9a50c541f4a'
|
|
4
|
+
data.tar.gz: 4596527aadd1a39f0d15d5e9dd318a9542eeb1bbfa81e6827d7f12ac8d25aae6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 72a1e6fa9d4ec10f42f9ccbff78f76219b82b6b0f0b2af8a29e5f01720ce235c6643eda9a797df4bf4b886801b0a43623c2dba2e0e44c67855f5a34de566a74d
|
|
7
|
+
data.tar.gz: 3bdbbd8a228617c479649d468ce8949232833f5169d169e050901d556a654c954ad11a7162af68f0862a50a303bcde9efd315b77dd7a762fbbcb955c9694b5ef
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
|
|
5
5
|
The OpenVAS add-on enables users to upload OpenVAS XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
|
|
6
6
|
|
|
7
|
-
The add-on requires [Dradis CE](https://
|
|
7
|
+
The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
|
|
8
8
|
|
|
9
9
|
The add-on supports OpenVAS v6 and v7 output.
|
|
10
10
|
|
data/dradis-openvas.gemspec
CHANGED
|
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
# s.add_dependency 'rails', '~> 4.1.1'
|
|
26
26
|
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
|
27
27
|
|
|
28
|
-
spec.add_development_dependency 'bundler'
|
|
28
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
|
29
29
|
spec.add_development_dependency 'rake'
|
|
30
30
|
spec.add_development_dependency 'rspec-rails'
|
|
31
31
|
spec.add_development_dependency 'combustion', '~> 0.5.2'
|
|
@@ -45,7 +45,7 @@ module Dradis::Plugins::OpenVAS
|
|
|
45
45
|
|
|
46
46
|
logger.info{ "\t\t => Creating new issue (#{nvt_oid})" }
|
|
47
47
|
|
|
48
|
-
issue_text =
|
|
48
|
+
issue_text = mapping_service.apply_mapping(source: 'result', data: xml_result)
|
|
49
49
|
issue = content_service.create_issue(text: issue_text, id: nvt_oid)
|
|
50
50
|
|
|
51
51
|
|
|
@@ -90,8 +90,8 @@ module Dradis::Plugins::OpenVAS
|
|
|
90
90
|
# doesn't provide any per-instance information.
|
|
91
91
|
#
|
|
92
92
|
# Best thing to do is to include the full <description> field and let the user deal with it.
|
|
93
|
-
|
|
94
|
-
evidence_content =
|
|
93
|
+
|
|
94
|
+
evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_result)
|
|
95
95
|
content_service.create_evidence(issue: issue, node: host_node, content: evidence_content)
|
|
96
96
|
end
|
|
97
97
|
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
module Dradis::Plugins::OpenVAS
|
|
2
|
+
module Mapping
|
|
3
|
+
DEFAULT_MAPPING = {
|
|
4
|
+
evidence: {
|
|
5
|
+
'Port' => '{{ openvas[evidence.port] }}',
|
|
6
|
+
'Description' => '{{ openvas[evidence.description] }}'
|
|
7
|
+
},
|
|
8
|
+
result: {
|
|
9
|
+
'Title' => '{{ openvas[result.name] }}',
|
|
10
|
+
'CVSSv2' => '{{ openvas[result.cvss_base] }}',
|
|
11
|
+
'AffectedSoftware' => '{{ openvas[result.affected_software] }}',
|
|
12
|
+
'Description' => '{{ openvas[result.summary] }}',
|
|
13
|
+
'Recommendation' => '{{ openvas[result.solution] }}',
|
|
14
|
+
'References' => "CVE: {{ openvas[result.cve] }}\nCVSS Vector: {{ cvss_base_vector }}\nBID: {{ openvas[result.bid] }}\nOther: {{ openvas[result.xref] }}",
|
|
15
|
+
'RawDescription' => "(note that some of the information below can change from instance to instance of this problem)\n {{ openvas[result.description] }}"
|
|
16
|
+
}
|
|
17
|
+
}.freeze
|
|
18
|
+
|
|
19
|
+
SOURCE_FIELDS = {
|
|
20
|
+
evidence: [
|
|
21
|
+
'evidence.port',
|
|
22
|
+
'evidence.description'
|
|
23
|
+
],
|
|
24
|
+
result: [
|
|
25
|
+
'result.threat',
|
|
26
|
+
'result.description',
|
|
27
|
+
'result.original_threat',
|
|
28
|
+
'result.notes',
|
|
29
|
+
'result.overrides',
|
|
30
|
+
'result.name',
|
|
31
|
+
'result.cvss_base',
|
|
32
|
+
'result.cvss_base_vector',
|
|
33
|
+
'result.risk_factor',
|
|
34
|
+
'result.cve',
|
|
35
|
+
'result.bid',
|
|
36
|
+
'result.xref',
|
|
37
|
+
'result.summary',
|
|
38
|
+
'result.insight',
|
|
39
|
+
'result.info_gathered',
|
|
40
|
+
'result.impact',
|
|
41
|
+
'result.impact_level',
|
|
42
|
+
'result.affected_software',
|
|
43
|
+
'result.solution',
|
|
44
|
+
'result.solution_type',
|
|
45
|
+
'result.vuldetect'
|
|
46
|
+
]
|
|
47
|
+
}.freeze
|
|
48
|
+
end
|
|
49
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-openvas
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.13.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-08-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -28,16 +28,16 @@ dependencies:
|
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '0'
|
|
33
|
+
version: '2.0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0'
|
|
40
|
+
version: '2.0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rake
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,6 +106,7 @@ files:
|
|
|
106
106
|
- lib/dradis/plugins/openvas/field_processor.rb
|
|
107
107
|
- lib/dradis/plugins/openvas/gem_version.rb
|
|
108
108
|
- lib/dradis/plugins/openvas/importer.rb
|
|
109
|
+
- lib/dradis/plugins/openvas/mapping.rb
|
|
109
110
|
- lib/dradis/plugins/openvas/version.rb
|
|
110
111
|
- lib/openvas/result.rb
|
|
111
112
|
- lib/openvas/v6/result.rb
|
|
@@ -119,12 +120,8 @@ files:
|
|
|
119
120
|
- spec/openvas/upload_v24_spec.rb
|
|
120
121
|
- spec/spec_helper.rb
|
|
121
122
|
- spec/support/fixture_loader.rb
|
|
122
|
-
- templates/evidence.fields
|
|
123
123
|
- templates/evidence.sample
|
|
124
|
-
- templates/evidence.template
|
|
125
|
-
- templates/result.fields
|
|
126
124
|
- templates/result.sample
|
|
127
|
-
- templates/result.template
|
|
128
125
|
homepage: https://dradis.com/integrations/openvas.html
|
|
129
126
|
licenses:
|
|
130
127
|
- GPL-2
|
|
@@ -144,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
144
141
|
- !ruby/object:Gem::Version
|
|
145
142
|
version: '0'
|
|
146
143
|
requirements: []
|
|
147
|
-
rubygems_version: 3.
|
|
144
|
+
rubygems_version: 3.5.6
|
|
148
145
|
signing_key:
|
|
149
146
|
specification_version: 4
|
|
150
147
|
summary: OpenVAS add-on for the Dradis Framework.
|
data/templates/evidence.fields
DELETED
data/templates/evidence.template
DELETED
data/templates/result.fields
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
result.threat
|
|
2
|
-
result.description
|
|
3
|
-
result.original_threat
|
|
4
|
-
result.notes
|
|
5
|
-
result.overrides
|
|
6
|
-
result.name
|
|
7
|
-
result.cvss_base
|
|
8
|
-
result.cvss_base_vector
|
|
9
|
-
result.risk_factor
|
|
10
|
-
result.cve
|
|
11
|
-
result.bid
|
|
12
|
-
result.xref
|
|
13
|
-
result.summary
|
|
14
|
-
result.insight
|
|
15
|
-
result.info_gathered
|
|
16
|
-
result.impact
|
|
17
|
-
result.impact_level
|
|
18
|
-
result.affected_software
|
|
19
|
-
result.solution
|
|
20
|
-
result.solution_type
|
|
21
|
-
result.vuldetect
|
data/templates/result.template
DELETED
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
#[Title]#
|
|
2
|
-
%result.name%
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
#[CVSSv2]#
|
|
6
|
-
%result.cvss_base%
|
|
7
|
-
|
|
8
|
-
#[AffectedSoftware]#
|
|
9
|
-
%result.affected_software%
|
|
10
|
-
|
|
11
|
-
#[Description]#
|
|
12
|
-
%result.summary%
|
|
13
|
-
|
|
14
|
-
#[Recommendation]#
|
|
15
|
-
%result.solution%
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
#[References]#
|
|
19
|
-
CVE: %result.cve%
|
|
20
|
-
CVSS Vector: %cvss_base_vector%
|
|
21
|
-
BID: %result.bid%
|
|
22
|
-
Other: %result.xref%
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
#[RawDescription]#
|
|
26
|
-
(note that some of the information below can change from instance to instance of this problem)
|
|
27
|
-
%result.description%
|