dradis-plugins 3.18.0

data/README.md

@@ -0,0 +1,31 @@
+# Plugin manager for the Dradis Framework
+
+[![Build Status](https://secure.travis-ci.org/dradis/dradis-plugins.png?branch=master)](http://travis-ci.org/dradis/dradis-plugins) [![Code Climate](https://codeclimate.com/github/dradis/dradis-plugins.png)](https://codeclimate.com/github/dradis/dradis-plugins.png)
+
+This gem contains the base classes needed to manage the plugins in Dradis.
+
+The Dradis 3 gemified plugin Engines need to include Dradis::Plugins::Base which is defined in this class.
+
+Warning, we may end up merging this gem with Dradis::Core!!
+
+The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+
+
+## More information
+
+See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+
+
+## Contributing
+
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+
+
+## License
+
+Dradis Framework and all its components are released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the Free Software Foundation and appearing in the file LICENSE included in the packaging of this file.
+
+
+## Feature requests and bugs
+
+Please use the [Dradis Framework issue tracker](https://github.com/dradis/dradis-ce/issues) for add-on improvements and bug reports.

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/app/controllers/concerns/dradis/plugins/persistent_permissions.rb

@@ -0,0 +1,43 @@
+module Dradis
+  module Plugins
+    module PersistentPermissions
+      extend ActiveSupport::Concern
+
+      def update
+        @user = User.authors.find(params[:id])
+
+        Permission.transaction do
+          Permission.where(component: self.class.component_name, user_id: params[:id]).destroy_all
+
+          permissions_params[:permissions]&.each do |permission|
+            # Validate the permission being created is a valid value
+            next unless self.class.permissions_validation.call(permission) if self.class.permissions_validation
+
+            Permission.create!(
+              component: self.class.component_name,
+              name: permission,
+              user_id: params[:id]
+            )
+          end
+        end
+
+        redirect_to main_app.edit_admin_user_permissions_path(params[:id]), notice: "#{@user.name}'s permissions have been updated."
+      end
+
+      private
+
+      def permissions_params
+        params.require(self.class.component_name).permit(permissions: [])
+      end
+
+      class_methods do
+        attr_accessor :component_name, :permissions_validation
+
+        def permissible_tool(component_name, opts = {})
+          self.component_name = component_name
+          self.permissions_validation = opts[:validation]
+        end
+      end
+    end
+  end
+end

data/app/controllers/dradis/plugins/export/base_controller.rb

@@ -0,0 +1,18 @@
+module Dradis
+  module Plugins
+    module Export
+      class BaseController < Rails.application.config.dradis.base_export_controller_class_name.to_s.constantize
+
+        protected
+
+        # Protected: allows export plugins to access the options sent from the
+        # framework via the session object (see Export#create).
+        #
+        # Returns a Hash with indifferent access.
+        def export_options
+          @export_options ||= session[:export_manager].with_indifferent_access
+        end
+      end
+    end
+  end
+end

data/dradis-plugins.gemspec

@@ -0,0 +1,31 @@
+$:.push File.expand_path('../lib', __FILE__)
+
+require 'dradis/plugins/version'
+
+# Describe your gem and declare its dependencies:
+Gem::Specification.new do |spec|
+  spec.platform      = Gem::Platform::RUBY
+  spec.name = 'dradis-plugins'
+  spec.version = Dradis::Plugins::VERSION::STRING
+  spec.summary = 'Plugin manager for the Dradis Framework project.'
+  spec.description = 'Required dependency for Dradis Framework.'
+
+  spec.license = 'GPL-2'
+
+  spec.authors = ['Daniel Martin']
+  spec.email = ['etd@nomejortu.com']
+  spec.homepage = 'http://dradisframework.org'
+
+  spec.files = `git ls-files`.split($\)
+  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec-rails'
+
+  # By not including Rails as a dependency, we can use the gem with different
+  # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
+  # until we bump Dradis Pro to 4.1.
+  # s.add_dependency 'rails', '~> 4.1.1'
+end

data/lib/dradis-plugins.rb

@@ -0,0 +1 @@
+require 'dradis/plugins'

data/lib/dradis/plugins.rb

@@ -0,0 +1,80 @@
+module Dradis
+  module Plugins
+    class << self
+      @@extensions = []
+
+      # Returns an array of modules representing currently registered Dradis Plugins / engines
+      #
+      # Example:
+      #   Dradis::Core::Plugins.list  =>  [Dradis::Core, Dradis::Frontend]
+      def list
+        @@extensions
+      end
+
+      # Filters the list of plugins and only returns those that provide the
+      # requested feature.
+      def with_feature(feature)
+        @@extensions.select do |plugin|
+          # engine = "#{plugin}::Engine".constantize
+          plugin.provides?(feature)
+        end
+      end
+
+      # Register a plugin with the framework
+      #
+      # Example:
+      #   Dradis::Core::Plugins.register(Dradis::Core)
+      def register(const)
+        return if registered?(const)
+
+        validate_plugin!(const)
+
+        @@extensions << const
+      end
+
+      # Unregister a plugin from the framework
+      #
+      # Example:
+      #   Dradis::Core::Plugins.unregister(Dradis::Core)
+      def unregister(const)
+        @@extensions.delete(const)
+      end
+
+      # Returns true if a plugin is currently registered with the framework
+      #
+      # Example:
+      #   Dradis::Core::Plugins.registered?(Dradis::Core)
+      def registered?(const)
+        @@extensions.include?(const)
+      end
+
+      private
+
+      # Use this to ensure the Extension conforms with some expected interface
+      def validate_plugin!(const)
+        # unless const.respond_to?(:root) && const.root.is_a?(Pathname)
+        #   raise InvalidEngineError, "Engine must define a root accessor that returns a pathname to its root"
+        # end
+      end
+    end
+  end
+end
+
+
+require 'dradis/plugins/engine'
+require 'dradis/plugins/version'
+
+require 'dradis/plugins/content_service/base'
+require 'dradis/plugins/template_service'
+
+require 'dradis/plugins/base'
+require 'dradis/plugins/export'
+require 'dradis/plugins/import'
+require 'dradis/plugins/upload'
+
+# Common functionality
+require 'dradis/plugins/configurable'
+require 'dradis/plugins/settings'
+require 'dradis/plugins/templates'
+require 'dradis/plugins/thor'
+require 'dradis/plugins/thor_helper'

data/lib/dradis/plugins/base.rb

@@ -0,0 +1,45 @@
+module Dradis
+  module Plugins
+    module Base
+      extend ActiveSupport::Concern
+
+      included do
+        # mattr_accessor :plugin_name
+
+        @features = []
+        @name = 'Use plugin_info(args) with :name to provide a name for this plugin.'
+        Plugins::register(self)
+
+        # Extend the engine with other functionality
+        include Dradis::Plugins::Configurable
+        include Dradis::Plugins::Templates
+        include Dradis::Plugins::Thor
+      end
+
+      module ClassMethods
+        def description(new_description)
+          @description = new_description
+        end
+
+        def plugin_description
+          @description ||= "This plugin doesn't provide a :description"
+        end
+
+        def plugin_name
+          @plugin_name ||= self.name.split('::')[-2].underscore.to_sym
+        end
+
+        def provides(*list)
+          @features = list
+          if list.include?(:upload)
+            include Dradis::Plugins::Upload::Base
+          end
+        end
+
+        def provides?(feature)
+          @features.include?(feature)
+        end
+      end
+    end
+  end
+end

data/lib/dradis/plugins/configurable.rb

@@ -0,0 +1,26 @@
+module Dradis::Plugins
+  module Configurable
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      delegate :settings, to: :instance
+
+      def settings_namespace
+        @settings_namespace || plugin_name
+      end
+
+      def addon_settings(namespace = nil, &block)
+        @settings_namespace = namespace if namespace
+        yield self if block_given?
+      end
+
+      def instance
+        @instance ||= new
+      end
+    end
+
+    def settings
+      @settings ||= Dradis::Plugins::Settings.new(self.class.settings_namespace)
+    end
+  end
+end

data/lib/dradis/plugins/content_service/base.rb

@@ -0,0 +1,26 @@
+require 'dradis/plugins/content_service/boards'
+require 'dradis/plugins/content_service/categories'
+require 'dradis/plugins/content_service/content_blocks'
+require 'dradis/plugins/content_service/core'
+require 'dradis/plugins/content_service/evidence'
+require 'dradis/plugins/content_service/issues'
+require 'dradis/plugins/content_service/nodes'
+require 'dradis/plugins/content_service/notes'
+require 'dradis/plugins/content_service/properties'
+
+module Dradis::Plugins::ContentService
+  class Base
+    include Core
+
+    include Boards
+    include Categories
+    include ContentBlocks if defined?(Dradis::Pro)
+    include Evidence
+    include Issues
+    include Nodes
+    include Notes
+    include Properties    if defined?(Dradis::Pro)
+
+     ActiveSupport.run_load_hooks(:content_service, self)
+  end
+end

data/lib/dradis/plugins/content_service/boards.rb

@@ -0,0 +1,32 @@
+module Dradis::Plugins::ContentService
+  module Boards
+    extend ActiveSupport::Concern
+
+    def all_boards
+      project.boards
+    end
+
+    def project_boards
+      project.methodology_library.boards
+    end
+
+    def create_board(args={})
+      name    = args.fetch(:name, default_board_name)
+      node_id = args.fetch(:node_id, default_node_id)
+      Board.create(
+        name: name,
+        node_id: node_id,
+        project: project
+      )
+    end
+
+    private
+    def default_board_name
+      "create_board() invoked by #{plugin} without a :name parameter"
+    end
+
+    def default_node_id
+      project.methodology_library.id
+    end
+  end
+end

data/lib/dradis/plugins/content_service/categories.rb

@@ -0,0 +1,9 @@
+module Dradis::Plugins::ContentService
+  module Categories
+    extend ActiveSupport::Concern
+
+    def report_category
+      Category.report
+    end
+  end
+end

data/lib/dradis/plugins/content_service/content_blocks.rb

@@ -0,0 +1,44 @@
+module Dradis::Plugins::ContentService
+  module ContentBlocks
+    extend ActiveSupport::Concern
+
+    def all_content_blocks
+      project.content_blocks
+    end
+
+    def create_content_block(args={})
+      block_group    = args.fetch(:block_group, default_content_block_group)
+      content        = args.fetch(:content, default_content_block_content)
+      user_id        = args.fetch(:user_id)
+
+      content_block = ContentBlock.new(
+        content: content,
+        block_group: block_group,
+        project_id: project.id,
+        user_id: user_id
+      )
+
+      if content_block.valid?
+        content_block.save
+      else
+        try_rescue_from_length_validation(
+          model: content_block,
+          field: :content,
+          text: content,
+          msg: 'Error in create_content_block()',
+          tail: plugin_details
+        )
+      end
+    end
+
+    private
+
+    def default_content_block_content
+      "create_content_block() invoked by #{plugin} without a :content parameter"
+    end
+
+    def default_content_block_group
+      "create_content_block() invoked by #{plugin} without a :block_group parameter"
+    end
+  end
+end

data/lib/dradis/plugins/content_service/core.rb

@@ -0,0 +1,53 @@
+module Dradis::Plugins::ContentService
+  module Core
+    extend ActiveSupport::Concern
+
+    included do
+      attr_accessor :logger, :plugin, :project
+    end
+
+    # ----------------------------------------------------------- Initializer
+    #
+
+    # @option plugin [Class] the 'wrapper' module of a plugin, e.g.
+    #     Dradis::Plugins::Nessus
+    def initialize(args={})
+      @logger  = args.fetch(:logger, Rails.logger)
+      @plugin  = args.fetch(:plugin)
+      @project = args[:project]
+    end
+
+    private
+
+    def default_author
+      @default_author ||= "#{plugin::Engine.plugin_name.to_s.humanize} upload plugin"
+    end
+
+    def try_rescue_from_length_validation(args={})
+      model = args[:model]
+      field = args[:field]
+      text  = args[:text]
+      msg   = args[:msg]
+      tail  = "..." + args[:tail].to_s
+
+      logger.error{ "Trying to rescue from a :length error" }
+
+      if model.errors[field]
+        # the plugin tried to store too much information
+        msg = "#[Title]#\nTruncation warning!\n\n"
+        msg << "#[Error]#\np(alert alert-error). The plugin tried to store content that was too big for the DB. Review the source to ensure no important data was lost.\n\n"
+        msg << text
+        model.send("#{field}=", msg.truncate(65300, omission: tail))
+      else
+        # bail
+        msg = "#[Title]#\n#{msg}\n\n"
+        msg << "#[Description]#\nbc. #{model.errors.inspect}\n\n"
+        model.send("#{field}=", msg)
+      end
+      if model.valid?
+        model.save
+      end
+    end
+
+  end
+end