dradis-plugins 3.18.0

data/lib/dradis/plugins/content_service/evidence.rb

@@ -0,0 +1,36 @@
+module Dradis::Plugins::ContentService
+  module Evidence
+    extend ActiveSupport::Concern
+
+    def create_evidence(args={})
+      content = args.fetch(:content, default_evidence_content)
+      node    = args.fetch(:node, default_node_parent)
+      issue   = args[:issue] || default_evidence_issue
+
+      evidence = node.evidence.new(issue_id: issue.id, content: content)
+
+      if evidence.valid?
+        evidence.save
+      else
+        try_rescue_from_length_validation(
+          model: evidence,
+          field: :content,
+          text: content,
+          msg: 'Error in create_evidence()'
+        )
+      end
+
+      evidence
+    end
+
+    private
+
+    def default_evidence_content
+      "create_evidence() invoked by #{plugin} without a :content parameter"
+    end
+
+    def default_evidence_issue
+      create_issue(text: "#[Title]#\nAuto-generated issue.\n\n#[Description]#\ncreate_evidence() invoked by #{plugin} without an :issue parameter")
+    end
+  end
+end

data/lib/dradis/plugins/content_service/issues.rb

@@ -0,0 +1,94 @@
+module Dradis::Plugins::ContentService
+  module Issues
+    extend ActiveSupport::Concern
+
+    def all_issues
+      project.issues.where(category_id: default_issue_category.id)
+    end
+
+    def create_issue(args={})
+      text = args.fetch(:text, default_issue_text)
+      # NOTE that ID is the unique issue identifier assigned by the plugin,
+      # and is not to be confused with the Issue#id primary key
+      id   = args.fetch(:id, default_issue_id)
+
+      # Bail if we already have this issue in the cache
+      uuid      = [plugin::Engine::plugin_name, id]
+      cache_key = uuid.join('-')
+
+      return issue_cache[cache_key] if issue_cache.key?(cache_key)
+
+      # we inject the source Plugin and unique ID into the issue's text
+      plugin_details =
+        "\n\n#[plugin]#\n#{uuid[0]}\n" \
+        "\n\n#[plugin_id]#\n#{uuid[1]}\n"
+      text << plugin_details
+
+      issue = Issue.new(text: text) do |i|
+        i.author   = default_author
+        i.node     = project.issue_library
+        i.category = default_issue_category
+      end
+
+      if issue.valid?
+        issue.save
+      else
+        try_rescue_from_length_validation(
+          model: issue,
+          field: :text,
+          text: text,
+          msg: 'Error in create_issue()',
+          tail: plugin_details
+        )
+      end
+
+      issue_cache.store(cache_key, issue)
+    end
+
+    # Create a hash with all issues where the keys correspond to the field passed
+    # as an argument.
+    #
+    # This is use by the plugins to check whether a given issue is already in
+    # the project.
+    # def all_issues_by_field(field)
+    #   # we don't memoize it because we want it to reflect recently added Issues
+    #   klass = class_for(:issue)
+    #
+    #   issues_map = klass.where(category_id: default_issue_category.id).map do |issue|
+    #     [issue.fields[field], issue]
+    #   end
+    #   Hash[issues_map]
+    # end
+
+    # Accesing the library by primary sorting key. Raise an exception unless
+    # the issue library cache has been initialized.
+    def issue_cache
+      @issue_cache ||= begin
+        issues_map = all_issues.map do |issue|
+          cache_key = [
+            issue.fields['plugin'],
+            issue.fields['plugin_id']
+          ].join('-')
+
+          [cache_key, issue]
+        end
+        Hash[issues_map]
+      end
+    end
+
+
+    private
+
+    def default_issue_category
+      @default_issue_category ||= Category.issue
+    end
+
+    def default_issue_id
+      "create_issue() invoked by #{plugin} without an :id parameter"
+    end
+
+    def default_issue_text
+      "create_issue() invoked by #{plugin} without a :text parameter"
+    end
+  end
+end

data/lib/dradis/plugins/content_service/nodes.rb

@@ -0,0 +1,88 @@
+module Dradis::Plugins::ContentService
+  module Nodes
+    extend ActiveSupport::Concern
+
+    def reporting_nodes
+      nodes = []
+
+      nodes |= nodes_from_evidence
+      nodes |= nodes_from_properties
+
+      # Note that the below sorting would the non-IP nodes first, then the IP
+      # nodes, and will sort them by each octet.
+      #
+      # See:
+      #  http://stackoverflow.com/questions/13996033/sorting-an-array-in-ruby-special-case
+      #  http://tech.maynurd.com/archives/124
+      nodes.sort_by! { |node| node.label.split('.').map(&:to_i) }
+    end
+
+    def create_node(args={})
+      label  = args[:label]  || default_node_label
+      parent = args[:parent] || default_node_parent
+
+      type_id = begin
+        if args[:type]
+          tmp_type = args[:type].to_s.upcase
+          if Node::Types::const_defined?(tmp_type)
+            "Node::Types::#{tmp_type}".constantize
+          else
+            default_node_type
+          end
+        else
+          default_node_type
+        end
+      end
+
+      new_node = parent.children.find_or_initialize_by(
+        label: label,
+        type_id: type_id
+      )
+      # `Node#project_id` method does not exist in CE. We set the project for
+      # `new_node` once it is initialized using `Node#project=`
+      new_node.project = parent.project
+      new_node.save
+      new_node
+    end
+
+    private
+
+    def default_node_label
+      "create_node() invoked by #{plugin} without a :label parameter"
+    end
+
+    def default_node_parent
+      @default_parent_node ||= project.plugin_parent_node
+    end
+
+    def default_node_type
+      @default_node_type ||= Node::Types::DEFAULT
+    end
+
+
+    # Private: this method returns a list of nodes associated with Evidence
+    # instances. When a node is affected by multiple issues, or multiple pieces
+    # of evidence, we just want a single reference to it.
+    #
+    # Returns and Array with a unique collection of Nodes.
+    def nodes_from_evidence
+      all_issues.
+        includes(:evidence, evidence: :node).
+        collect(&:evidence).
+        # Each Issue can have 0, 1 or more Evidence
+        map { |evidence_collection| evidence_collection.collect(&:node) }.
+        flatten.
+        uniq
+    end
+
+    # Private: this method returns a list of nodes in the project that have some
+    # properties associated with them. Typically properties are used for HOST
+    # type nodes, and even if they have no issues / evidence associated, we want
+    # to include them in the report.
+    #
+    # Returns and Array with a unique collection of Nodes.
+    def nodes_from_properties
+      project.nodes.user_nodes.where('properties IS NOT NULL AND properties != \'{}\'')
+    end
+  end
+end

data/lib/dradis/plugins/content_service/notes.rb

@@ -0,0 +1,43 @@
+module Dradis::Plugins::ContentService
+  module Notes
+    extend ActiveSupport::Concern
+
+    def all_notes
+      project.notes.where(category: Category.report)
+    end
+
+    def create_note(args={})
+      cat  = args.fetch(:category, default_note_category)
+      node = args.fetch(:node, default_node_parent)
+      text = args.fetch(:text, default_note_text)
+
+      note = node.notes.new(
+        text: text,
+        category: cat,
+        author: default_author
+      )
+
+      if note.valid?
+        note.save
+      else
+        try_rescue_from_length_validation(
+          model: note,
+          field: :text,
+          text: text,
+          msg: 'Error in create_note()'
+        )
+      end
+
+      note
+    end
+
+    private
+    def default_note_category
+      @default_note_category ||= Category.default
+    end
+
+    def default_note_text
+      "create_note() invoked by #{plugin} without a :text parameter"
+    end
+  end
+end

data/lib/dradis/plugins/content_service/properties.rb

@@ -0,0 +1,9 @@
+module Dradis::Plugins::ContentService
+  module Properties
+    extend ActiveSupport::Concern
+
+    def all_properties
+      project.content_library.properties
+    end
+  end
+end

data/lib/dradis/plugins/engine.rb

@@ -0,0 +1,15 @@
+module Dradis
+  module Plugins
+    class Engine < ::Rails::Engine
+      isolate_namespace Dradis::Plugins
+
+      config.dradis = ActiveSupport::OrderedOptions.new
+
+      initializer "dradis-plugins.set_configs" do |app|
+        options = app.config.dradis
+        options.base_export_controller_class_name ||= 'AuthenticatedController'
+        options.thor_helper_module ||= Dradis::Plugins::ThorHelper
+      end
+    end
+  end
+end

data/lib/dradis/plugins/export.rb

@@ -0,0 +1 @@
+require 'dradis/plugins/export/base'

data/lib/dradis/plugins/export/base.rb

@@ -0,0 +1,57 @@
+# This module contains basic Export plugin functions.
+#
+
+module Dradis
+  module Plugins
+    module Export
+      class Base
+        attr_accessor :content_service, :logger, :options, :plugin, :project
+
+        def initialize(args={})
+          # Save everything just in case the implementing class needs any of it.
+          @options = args
+
+          # Can't use :fetch for :plugin or :default_plugin gets evaluated
+          @logger  = args.fetch(:logger, Rails.logger)
+          @plugin  = args[:plugin] || default_plugin
+          @project = args.key?(:project_id) ? Project.find(args[:project_id]) : nil
+
+          @content_service = args.fetch(:content_service, default_content_service)
+
+          post_initialize(args)
+        end
+
+        def export(args={})
+          raise "The export() method is not implemented in this plugin [#{self.class.name}]."
+        end
+
+        # This method can be overwriten by plugins to do initialization tasks.
+        def post_initialize(args={})
+        end
+
+        private
+        def default_content_service
+          @content ||= Dradis::Plugins::ContentService::Base.new(
+            logger: logger,
+            plugin: plugin,
+            project: project
+          )
+        end
+
+        # This assumes the plugin's Exporter class is directly nexted into the
+        # plugin's namespace (e.g. Dradis::Plugins::HtmlExport::Exporter)
+        def default_plugin
+          plugin_module   = self.class.name.deconstantize
+          plugin_constant = plugin_module.constantize
+          plugin_engine   = plugin_constant::Engine
+          if Dradis::Plugins.registered?(plugin_engine)
+            plugin_constant
+          else
+            raise "You need to pass a :plugin value to your Exporter or define it under your plugin's root namespace."
+          end
+        end
+
+      end # Base
+    end # Export
+  end # Plugins
+end # Core

data/lib/dradis/plugins/gem_version.rb

@@ -0,0 +1,17 @@
+module Dradis
+  module Plugins
+    # Returns the version of the currently loaded Frontend as a <tt>Gem::Version</tt>
+    def self.gem_version
+      Gem::Version.new VERSION::STRING
+    end
+
+    module VERSION
+      MAJOR = 3
+      MINOR = 18
+      TINY  = 0
+      PRE   = nil
+
+      STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
+    end
+  end
+end

data/lib/dradis/plugins/import.rb

@@ -0,0 +1,3 @@
+require 'dradis/plugins/import/filters'
+require 'dradis/plugins/import/filters/base'
+require 'dradis/plugins/import/result'

data/lib/dradis/plugins/import/filters.rb

@@ -0,0 +1,51 @@
+module Dradis
+  module Plugins
+    module Import
+
+      module Filters
+        class << self
+          # -- Class Methods --------------------------------------------------------
+          # One Import plugin can define several filters (e.g. to query different
+          # endpoints of a remote API).
+          #
+          # Use this method in your Importer to register different filters, pass a
+          # block or a class.
+          #
+          # Examples:
+          #
+          # register_filter :by_osvdb_id do
+          #   def c
+          # end
+          def add(plugin, label, filter, &block)
+            filter ||= Class.new(Dradis::Plugins::Import::Filters::Base)
+            filter.class_eval(&block) if block_given?
+
+            unless filter.method_defined?(:query)
+              raise NoMethodError, "query() is not declared in the #{label.inspect} filter"
+            end
+
+            base = Dradis::Plugins::Import::Filters::Base
+            unless filter.ancestors.include?(base)
+              raise "#{label.inspect} is not a #{base}"
+            end
+
+            _filters[plugin]        = {} unless _filters.key?(plugin)
+            _filters[plugin][label] = filter
+          end
+
+          # Provides access to filters by plugin
+          # :api: public
+          def [](plugin)
+            _filters[plugin]
+          end
+
+          # :api: private
+          def _filters
+            @filters ||= {}
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/dradis/plugins/import/filters/base.rb

@@ -0,0 +1,16 @@
+module Dradis
+  module Plugins
+    module Import
+      module Filters
+
+        class Base
+          def self.query(args={})
+            instance = self.new
+            instance.query(args)
+          end
+        end
+
+      end
+    end
+  end
+end