dradis-openvas 4.11.0 → 4.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e6ba9c0b434fc631c7f31f64bf581d3f1848eba26246018ed5107d369387a07
4
- data.tar.gz: 67a14dd80414111363511307006c8525713bd91625357069cebb0d6a13b316cb
3
+ metadata.gz: 4fa4fbffa0f998d065c001f81f7ab5186e7f491892898b5be7a2ac2de056d97a
4
+ data.tar.gz: 0facc466254d5984274a65e75f7c3d099bb8615cd5e9f18fdc05e56843440d07
5
5
  SHA512:
6
- metadata.gz: 0b89ff03623592e9fbfae324c2d10168d157766f307b7438c1c6faf5a1d2e6dd9907a06dea5557b59f1ee4e89e8dfa3a3cb3693bf7375bfa609f305dbbbe15c7
7
- data.tar.gz: 51ebd021ae0f2e72b30e192d5a7a4fc8acaeb1c5b99130b23120a244aeeb5f133902ae2548819a024c8c512ee6a681b2fe9d9e4ae2b2c0e477527ca1d416a878
6
+ metadata.gz: 3a43b28e4daf9a3d8d68d3dc9e70e91cbe7eedd4e71f9cd64528545dabf7f29482c9ac73733d3d01f6c5cc6729891748ad2176983284845631b90a77c4b2fefb
7
+ data.tar.gz: 1acc1ab81acc196fa9b00651e6c06c870b65a76c82c6784f209ec16aaf02f76f2a8fe3e04c73482f7b0774197e39d6a44f1098d7a619bcb39e6d66960d74bc1f
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ v4.12.0 (May 2024)
2
+ - Migrate integration to use Mappings Manager
3
+ - Update Dradis links in README
4
+
1
5
  v4.11.0 (January 2024)
2
6
  - No changes
3
7
 
data/README.md CHANGED
@@ -4,7 +4,7 @@
4
4
 
5
5
  The OpenVAS add-on enables users to upload OpenVAS XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
6
6
 
7
- The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
7
+ The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
8
8
 
9
9
  The add-on supports OpenVAS v6 and v7 output.
10
10
 
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 11
11
+ MINOR = 12
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -45,7 +45,7 @@ module Dradis::Plugins::OpenVAS
45
45
 
46
46
  logger.info{ "\t\t => Creating new issue (#{nvt_oid})" }
47
47
 
48
- issue_text = template_service.process_template(template: 'result', data: xml_result)
48
+ issue_text = mapping_service.apply_mapping(source: 'result', data: xml_result)
49
49
  issue = content_service.create_issue(text: issue_text, id: nvt_oid)
50
50
 
51
51
 
@@ -90,8 +90,8 @@ module Dradis::Plugins::OpenVAS
90
90
  # doesn't provide any per-instance information.
91
91
  #
92
92
  # Best thing to do is to include the full <description> field and let the user deal with it.
93
-
94
- evidence_content = template_service.process_template(template: 'evidence', data: xml_result)
93
+
94
+ evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_result)
95
95
  content_service.create_evidence(issue: issue, node: host_node, content: evidence_content)
96
96
  end
97
97
 
@@ -0,0 +1,49 @@
1
+ module Dradis::Plugins::OpenVAS
2
+ module Mapping
3
+ DEFAULT_MAPPING = {
4
+ evidence: {
5
+ 'Port' => '{{ openvas[evidence.port] }}',
6
+ 'Description' => '{{ openvas[evidence.description] }}'
7
+ },
8
+ result: {
9
+ 'Title' => '{{ openvas[result.name] }}',
10
+ 'CVSSv2' => '{{ openvas[result.cvss_base] }}',
11
+ 'AffectedSoftware' => '{{ openvas[result.affected_software] }}',
12
+ 'Description' => '{{ openvas[result.summary] }}',
13
+ 'Recommendation' => '{{ openvas[result.solution] }}',
14
+ 'References' => "CVE: {{ openvas[result.cve] }}\nCVSS Vector: {{ cvss_base_vector }}\nBID: {{ openvas[result.bid] }}\nOther: {{ openvas[result.xref] }}",
15
+ 'RawDescription' => "(note that some of the information below can change from instance to instance of this problem)\n {{ openvas[result.description] }}"
16
+ }
17
+ }.freeze
18
+
19
+ SOURCE_FIELDS = {
20
+ evidence: [
21
+ 'evidence.port',
22
+ 'evidence.description'
23
+ ],
24
+ result: [
25
+ 'result.threat',
26
+ 'result.description',
27
+ 'result.original_threat',
28
+ 'result.notes',
29
+ 'result.overrides',
30
+ 'result.name',
31
+ 'result.cvss_base',
32
+ 'result.cvss_base_vector',
33
+ 'result.risk_factor',
34
+ 'result.cve',
35
+ 'result.bid',
36
+ 'result.xref',
37
+ 'result.summary',
38
+ 'result.insight',
39
+ 'result.info_gathered',
40
+ 'result.impact',
41
+ 'result.impact_level',
42
+ 'result.affected_software',
43
+ 'result.solution',
44
+ 'result.solution_type',
45
+ 'result.vuldetect'
46
+ ]
47
+ }.freeze
48
+ end
49
+ end
@@ -7,5 +7,6 @@ end
7
7
 
8
8
  require 'dradis/plugins/openvas/engine'
9
9
  require 'dradis/plugins/openvas/field_processor'
10
+ require 'dradis/plugins/openvas/mapping'
10
11
  require 'dradis/plugins/openvas/importer'
11
12
  require 'dradis/plugins/openvas/version'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-openvas
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.11.0
4
+ version: 4.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-17 00:00:00.000000000 Z
11
+ date: 2024-05-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -106,6 +106,7 @@ files:
106
106
  - lib/dradis/plugins/openvas/field_processor.rb
107
107
  - lib/dradis/plugins/openvas/gem_version.rb
108
108
  - lib/dradis/plugins/openvas/importer.rb
109
+ - lib/dradis/plugins/openvas/mapping.rb
109
110
  - lib/dradis/plugins/openvas/version.rb
110
111
  - lib/openvas/result.rb
111
112
  - lib/openvas/v6/result.rb
@@ -119,12 +120,8 @@ files:
119
120
  - spec/openvas/upload_v24_spec.rb
120
121
  - spec/spec_helper.rb
121
122
  - spec/support/fixture_loader.rb
122
- - templates/evidence.fields
123
123
  - templates/evidence.sample
124
- - templates/evidence.template
125
- - templates/result.fields
126
124
  - templates/result.sample
127
- - templates/result.template
128
125
  homepage: https://dradis.com/integrations/openvas.html
129
126
  licenses:
130
127
  - GPL-2
@@ -144,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
144
141
  - !ruby/object:Gem::Version
145
142
  version: '0'
146
143
  requirements: []
147
- rubygems_version: 3.3.7
144
+ rubygems_version: 3.1.4
148
145
  signing_key:
149
146
  specification_version: 4
150
147
  summary: OpenVAS add-on for the Dradis Framework.
@@ -1,2 +0,0 @@
1
- evidence.port
2
- evidence.description
@@ -1,6 +0,0 @@
1
- #[Port]#
2
- %evidence.port%
3
-
4
-
5
- #[Description]#
6
- %evidence.description%
@@ -1,21 +0,0 @@
1
- result.threat
2
- result.description
3
- result.original_threat
4
- result.notes
5
- result.overrides
6
- result.name
7
- result.cvss_base
8
- result.cvss_base_vector
9
- result.risk_factor
10
- result.cve
11
- result.bid
12
- result.xref
13
- result.summary
14
- result.insight
15
- result.info_gathered
16
- result.impact
17
- result.impact_level
18
- result.affected_software
19
- result.solution
20
- result.solution_type
21
- result.vuldetect
@@ -1,27 +0,0 @@
1
- #[Title]#
2
- %result.name%
3
-
4
-
5
- #[CVSSv2]#
6
- %result.cvss_base%
7
-
8
- #[AffectedSoftware]#
9
- %result.affected_software%
10
-
11
- #[Description]#
12
- %result.summary%
13
-
14
- #[Recommendation]#
15
- %result.solution%
16
-
17
-
18
- #[References]#
19
- CVE: %result.cve%
20
- CVSS Vector: %cvss_base_vector%
21
- BID: %result.bid%
22
- Other: %result.xref%
23
-
24
-
25
- #[RawDescription]#
26
- (note that some of the information below can change from instance to instance of this problem)
27
- %result.description%