dradis-openvas 3.18.0 → 3.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3c740875769deab8ec0349db4c535233efa70bee16fc37e7757dcbcee5d00c2d
-  data.tar.gz: c4bb6bfb91a8bf60fe4df300ead689947b177eea05fbff961205a25e30d6ab19
+  metadata.gz: 3ff8ac94cd9fe7854ddb310a760590cca2de6d44058c8f03e405901c9c8f0c39
+  data.tar.gz: c72e9c2f5e19eb409a2c08ad301a6821c44db21bf61be8f4b500d93a96062f03
 SHA512:
-  metadata.gz: 8b7f1403a4336c01696d5bcbb260369d99158c97bacdda2da2c283005cd57971df757f3675e29250a1ff7b352a6e2b863edd988b422cd87da405f3d82d4a068d
-  data.tar.gz: 7bdde853e3c8597aa3f4adf2803b3e957df226941f08214a9fd9d531ddd0fb69911ca86e4bbf75e15385550167ba272fa19c1deea133f35653e2c7fbf09de983
+  metadata.gz: cc1861ffabe1790c375a78b73fb3f0e02c5deb4150036e48f95647ce7be99fe13476fe0cde98bdf27bd16e7ab76677400877993987b13acfe4d47157f2bb90d8
+  data.tar.gz: 325b648b82b10b4f0dd5975fcad37421deb781f4821044e258d6f6bec0af1423195e0c452bf7046c0fc7146dc199d8874c5d4af553e999230ff321bfdfe77ea7

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## Dradis Framework 3.19 (September, 2020) ##
+
+*   Added `result.vuldetect` and `result.solution_type` fields
+
 ## Dradis Framework 3.18 (July, 2020) ##
 
 *   No changes.

data/dradis-openvas.gemspec

@@ -27,6 +27,9 @@ Gem::Specification.new do |spec|
   # s.add_dependency 'rails', '~> 4.1.1'
   spec.add_dependency 'dradis-plugins', '~> 3.6'
 
-  spec.add_development_dependency 'bundler', '~> 1.6'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec-rails'
+  spec.add_development_dependency 'combustion', '~> 0.5.2'
+
 end

data/lib/dradis/plugins/openvas/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 3
-        MINOR = 18
+        MINOR = 19
         TINY = 0
         PRE = nil
 

data/lib/openvas/result.rb

@@ -28,7 +28,8 @@ module OpenVAS
         :name, :cvss_base, :risk_factor, :cve, :bid, :xref,
 
         # fields inside :tags
-        :summary, :info_gathered, :cvss_base_vector, :insight, :impact, :impact_level, :affected_software, :solution
+        :summary, :info_gathered, :cvss_base_vector, :insight, :impact,
+        :impact_level, :affected_software, :solution, :solution_type, :vuldetect
       ]
     end
 

data/lib/openvas/v7/result.rb

@@ -18,13 +18,14 @@ module OpenVAS::V7
           # Not supported via .fields
           'cvss_base_vector=' => :cvss_base_vector,
           'impact=' => :impact,
+          'solution_type=' => :solution_type,
 
           # Not supported via .fields
-          # 'vuldetect='
+          'affected=' => :affected_software,
           'insight=' => :insight,
           'solution=' => :solution,
           'summary=' => :summary,
-          'affected=' => :affected_software
+          'vuldetect=' => :vuldetect
 
           # Missing fields, these used to be available under <description> but it
           # doesn't look like they are under <tags>

data/spec/openvas/result_spec.rb

@@ -1,12 +1,12 @@
 require 'spec_helper'
 
-describe Openvas::Result do
+describe OpenVAS::Result do
   include FixtureLoader
 
   it "splits the <description> tag in its component fields" do
     xml_doc = load_fixture_file('result.xml')
-    result = Openvas::Result.new( xml_doc.at_xpath('/result') )
-    result.description.should eq(xml_doc.at_xpath('/result/description').text)
+    result = OpenVAS::Result.new( xml_doc.at_xpath('/result') )
+    expect(result.description).to eq(xml_doc.at_xpath('/result/description').text)
 
     expect(result.summary).to eq("This host is installed with Oracle Java SE JRE and is prone to\nmultiple vulnerabilities.\n\n")
     expect(result.insight).to eq("Multiple flaws are caused by unspecified errors in the following\ncomponents:\n- 2D\n- AWT\n- Sound\n- I18n\n- CORBA\n- Serialization\n\n")
@@ -14,22 +14,22 @@ describe Openvas::Result do
 
   it "respects paragraphs within the component fields of the <description> value" do
     xml_doc = load_fixture_file('result2.xml')
-    result = Openvas::Result.new( xml_doc.at_xpath('/result') )
-    result.summary.should eq("A weakness has been discovered in Apache web servers that are\nconfigured to use the FileETag directive. Due to the way in which\nApache generates ETag response headers, it may be possible for an\nattacker to obtain sensitive information regarding server files.\nSpecifically, ETag header fields returned to a client contain the\nfile's inode number.\n\nExploitation of this issue may provide an attacker with information\nthat may be used to launch further attacks against a target network.\n\nOpenBSD has released a patch that addresses this issue. Inode numbers\nreturned from the server are now encoded using a private hash to avoid\nthe release of sensitive information.\n")
+    result = OpenVAS::Result.new( xml_doc.at_xpath('/result') )
+    expect(result.summary).to eq("A weakness has been discovered in Apache web servers that are\nconfigured to use the FileETag directive. Due to the way in which\nApache generates ETag response headers, it may be possible for an\nattacker to obtain sensitive information regarding server files.\nSpecifically, ETag header fields returned to a client contain the\nfile's inode number.\n\nExploitation of this issue may provide an attacker with information\nthat may be used to launch further attacks against a target network.\n\nOpenBSD has released a patch that addresses this issue. Inode numbers\nreturned from the server are now encoded using a private hash to avoid\nthe release of sensitive information.\n")
   end
 
   it "correctly parses the fringe 'Impact Level' case" do
     xml_doc = load_fixture_file('result.xml')
-    result = Openvas::Result.new( xml_doc.at_xpath('/result') )
+    result = OpenVAS::Result.new( xml_doc.at_xpath('/result') )
 
-    result.impact_level.should eq('System/Application')
+    expect(result.impact_level).to eq('System/Application')
   end
 
 
   it "correctly parses the last component field in the <description>" do
     xml_doc = load_fixture_file('result2.xml')
-    result = Openvas::Result.new( xml_doc.at_xpath('/result') )
+    result = OpenVAS::Result.new( xml_doc.at_xpath('/result') )
 
-    result.info_gathered.should eq("Inode: 1050855\nSize: 177\n\n")
+    expect(result.info_gathered).to eq("Inode: 1050855\nSize: 177\n\n")
   end
-end
+end

data/spec/spec_helper.rb

@@ -1,35 +1,12 @@
-ENV["RAILS_ENV"] ||= 'test'
-require File.expand_path("../../../../../config/environment", __FILE__)
-require 'rspec/rails'
+require 'rubygems'
+require 'bundler/setup'
+require 'nokogiri'
 
-# Requires supporting ruby files with custom matchers and macros, etc,
-# in spec/support/ and its subdirectories.
-require 'support/fixture_loader'
-
-RSpec.configure do |config|
-  # CLI niceties
-  config.order = :random
-
-  # Filter which specs to run
-  config.treat_symbols_as_metadata_keys_with_true_values = true
-  config.filter_run :focus => true
-  config.run_all_when_everything_filtered = true
-
-  # If you're not using ActiveRecord, or you'd prefer not to run each of your
-  # examples within a transaction, remove the following line or assign false
-  # instead of true.
-  config.use_transactional_fixtures = false
+require 'combustion'
 
-  config.before(:suite) do
-    DatabaseCleaner.strategy = :transaction
-    DatabaseCleaner.clean_with(:truncation)
-  end
+Combustion.initialize!
 
-  config.before(:each) do
-    DatabaseCleaner.start
-  end
-
-  config.after(:each) do
-    DatabaseCleaner.clean
-  end
+RSpec.configure do |config|
 end
+
+require 'support/fixture_loader'

data/templates/result.fields

@@ -16,4 +16,6 @@ result.info_gathered
 result.impact
 result.impact_level
 result.affected_software
-result.solution
+result.solution
+result.solution_type
+result.vuldetect

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-openvas
 version: !ruby/object:Gem::Version
-  version: 3.18.0
+  version: 3.19.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-22 00:00:00.000000000 Z
+date: 2020-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -28,30 +28,58 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: combustion
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 0.5.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 0.5.2
 description: This add-on allows you to upload and parse output produced from OpenVAS
   Scanner (v6 and v7) into Dradis.
 email:
@@ -114,7 +142,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: OpenVAS add-on for the Dradis Framework.