dradis-plugins 4.9.0 → 4.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 76e20a999e5f8a6309b837043fc488dc8d7f8f6bafae273482f9f1027078aa04
-  data.tar.gz: aa7c0068193b07f847ea8f0ddb6b7a8f2fb4705922ebb3da01df2859837fe4f7
+  metadata.gz: b275df2487d66dae267758c2e2d95b41fd7364769804fff82cc9221a916c031d
+  data.tar.gz: 806cd8a53d29ae2d43ec053c7ae2304185d3ca7ae7b419e7668144263814e978
 SHA512:
-  metadata.gz: efcd0183333ddf9271c3ecca1a7c4793bb864c7e6172d46bc1f335e543ecbbfcedc640953230d976c5ba9e052df2988a5077921f78a61f95e6fa188782f44357
-  data.tar.gz: 0c73436e1dd6d733a37fe4ccf10519f0d710137eab88eb6170fc44756d993c142372751e7f41dbc3ca5798ae6c2494d6d1829e9ba5d68cd4b1ed341fa7c92467
+  metadata.gz: dfb8b301121edb09990744c2cb43bf17d82d00055140219188f6f75123f73db112a74236be2b4302124be96b6105961f19e2d00a02497ff0f63c056039c9b690
+  data.tar.gz: fd04af3f6aa47766507c71d1d30331f000ec26ee65e17ac14f1e9259f822763c58238f241c02c00df7914e85f78e1fb047de098111c440c866e4ebe3aa9376b6

data/.github/pull_request_template.md

@@ -0,0 +1,45 @@
+Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
+
+### Summary
+
+Provide a general description of the code changes in your pull
+request... were there any bugs you had fixed? If so, mention them. If
+these bugs have open GitHub issues, be sure to tag them here as well,
+to keep the conversation linked together.
+
+
+### Testing Steps
+
+Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
+
+
+### Other Information
+
+If there's anything else that's important and relevant to your pull
+request, mention that information here. This could include
+benchmarks, or other information.
+
+Thanks for contributing to Dradis!
+
+
+### Copyright assignment
+
+Collaboration is difficult with commercial closed source but we want
+to keep as much of the OSS ethos as possible available to users
+who want to fix it themselves.
+
+In order to unambiguously own and sell Dradis Framework commercial
+products, we must have the copyright associated with the entire
+codebase. Any code you create which is merged must be owned by us.
+That's not us trying to be a jerks, that's just the way it works.
+
+You can delete this section, but the following sentence needs to
+remain in the PR's description:
+
+> I assign all rights, including copyright, to any future Dradis
+> work by myself to Security Roots.
+
+### Check List
+
+- [ ] Added a CHANGELOG entry
+- [ ] Added specs

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+v4.11.0 (January 2024)
+  - No changes
+
+v4.10.0 (September 2023)
+  - Add validations to the Export::BaseController
+  - Update gemspec links
+
 v4.9.0 (June 2023)
   - Fix deduplication of findings
   - Store engine settings encrypted

data/README.md

@@ -13,12 +13,12 @@ The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis
 
 ## More information
 
-See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
 
 
 ## Contributing
 
-See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
 
 
 ## License

data/app/controllers/dradis/plugins/export/base_controller.rb

@@ -2,7 +2,12 @@ module Dradis
   module Plugins
     module Export
       class BaseController < Rails.application.config.dradis.base_export_controller_class_name.to_s.constantize
+        include ProjectScoped
+        include UsageTracking if defined?(Dradis::Pro)
+
         before_action :validate_scope
+        before_action :validate_template
+        after_action :track_export, if: -> { defined?(Dradis::Pro) }
 
         protected
 
@@ -10,11 +15,40 @@ module Dradis
           params.permit(:project_id, :scope, :template)
         end
 
+        def validate_template
+          @template_file =
+            File.expand_path(File.join(templates_dir, export_params[:template]))
+
+          unless @template_file.starts_with?(templates_dir) && File.exists?(@template_file)
+            raise 'Something fishy is going on...'
+          end
+        end
+
         def validate_scope
-          unless Dradis::Plugins::ContentService::Base::VALID_SCOPES.include?(params[:scope])
+          unless Dradis::Plugins::ContentService::Base::VALID_SCOPES.include?(export_params[:scope])
             raise 'Something fishy is going on...'
           end
         end
+
+        private
+
+        def engine_name
+          "#{self.class.to_s.deconstantize}::Engine".constantize.plugin_name.to_s
+        end
+
+        def templates_dir
+          @templates_dir ||= File.join(::Configuration::paths_templates_reports, engine_name)
+        end
+
+        def track_export
+          project = Project.includes(:evidence, :nodes).find(current_project.id)
+          track_usage('report.exported', {
+            exporter: engine_name,
+            issue_count: project.issues.size,
+            evidence_count: project.evidence.size,
+            node_count: project.nodes.in_tree.size
+          })
+        end
       end
     end
   end

data/dradis-plugins.gemspec

@@ -4,7 +4,7 @@ require 'dradis/plugins/version'
 
 # Describe your gem and declare its dependencies:
 Gem::Specification.new do |spec|
-  spec.platform      = Gem::Platform::RUBY
+  spec.platform = Gem::Platform::RUBY
   spec.name = 'dradis-plugins'
   spec.version = Dradis::Plugins::VERSION::STRING
   spec.summary = 'Plugin manager for the Dradis Framework project.'
@@ -13,11 +13,10 @@ Gem::Specification.new do |spec|
   spec.license = 'GPL-2'
 
   spec.authors = ['Daniel Martin']
-  spec.email = ['etd@nomejortu.com']
-  spec.homepage = 'http://dradisframework.org'
+  spec.homepage = 'http://dradis.com/ce/'
 
   spec.files = `git ls-files`.split($\)
-  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.executables = spec.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
 
   spec.add_development_dependency 'bundler'

data/lib/dradis/plugins/gem_version.rb

@@ -7,7 +7,7 @@ module Dradis
 
     module VERSION
       MAJOR = 4
-      MINOR = 9
+      MINOR = 11
       TINY  = 0
       PRE   = nil
 

data/lib/dradis/plugins/template_service.rb

@@ -3,21 +3,20 @@ module Dradis
     class TemplateService
       attr_accessor :logger, :template, :templates_dir
 
-      def initialize(args={})
+      def initialize(args = {})
         @plugin        = args.fetch(:plugin)
         @templates_dir = args[:templates_dir] || default_templates_dir
       end
 
-
       # For a given entry, return a text blob resulting from applying the
       # chosen template to the supplied entry.
-      def process_template(args={})
+      def process_template(args = {})
         self.template = args[:template]
         data          = args[:data]
 
         processor = @plugin::FieldProcessor.new(data: data)
 
-        template_source.gsub( /%(.*?)%/ ) do |field|
+        template_source.gsub(/%(\S*?)%/) do |field|
           name = field[1..-2]
           if fields.include?(name)
             processor.value(field: name)
@@ -27,7 +26,6 @@ module Dradis
         end
       end
 
-
       # ---------------------------------------------- Plugin Manager interface
 
       # This lists the fields defined by this plugin that can be used in the
@@ -51,7 +49,7 @@ module Dradis
 
       # Set the plugin's item template. This is used by the Plugins Manager
       # to force the plugin to use the new_template (provided by the user)
-      def set_template(args={})
+      def set_template(args = {})
         template = args[:template]
         content  = args[:content]
 
@@ -77,7 +75,7 @@ module Dradis
           # refresh cached version if modified since last read
           if template_mtime > @sources[template][:mtime]
             @template[template][:mtime] = template_mtime
-            @template[template][:content] = File.read( template_file )
+            @template[template][:content] = File.read(template_file)
           end
         else
           @sources[template] = {

data/spec/lib/dradis/plugins/template_service_spec.rb

@@ -0,0 +1,28 @@
+require 'rails_helper'
+
+# To run, execute from Dradis main app folder:
+#   bin/rspec [dradis-plugins path]/spec/lib/dradis/plugins/template_service_spec.rb
+describe Dradis::Plugins::TemplateService do
+  describe '#process_template' do
+    let(:data) { double }
+    let(:plugin) { Dradis::Plugins::Nessus }
+    let(:template_service) do
+      Dradis::Plugins::TemplateService.new(plugin: plugin)
+    end
+
+    context 'liquid' do
+      before do
+        allow(data).to receive(:name).and_return('ReportHost')
+        allow(template_service).to receive(:template_source).and_return(
+          "{% if issue.evidence %}\n{% end if %}"
+        )
+      end
+
+      it 'does not parse the liquid data as fields' do
+        expect(template_service).to_not receive(:fields)
+
+        template_service.process_template(data: data)
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-plugins
 version: !ruby/object:Gem::Version
-  version: 4.9.0
+  version: 4.11.0
 platform: ruby
 authors:
 - Daniel Martin
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-31 00:00:00.000000000 Z
+date: 2024-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -54,11 +54,11 @@ dependencies:
         version: '0'
 description: Required dependency for Dradis Framework.
 email:
-- etd@nomejortu.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/pull_request_template.md"
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
@@ -111,13 +111,14 @@ files:
 - spec/lib/dradis/plugins/content_service/content_blocks_spec.rb
 - spec/lib/dradis/plugins/content_service/issues_spec.rb
 - spec/lib/dradis/plugins/settings/adapters/encrypted_configuration_spec.rb
+- spec/lib/dradis/plugins/template_service_spec.rb
 - spec/settings_spec.rb
 - spec/spec_helper.rb
-homepage: http://dradisframework.org
+homepage: http://dradis.com/ce/
 licenses:
 - GPL-2
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -132,8 +133,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Plugin manager for the Dradis Framework project.
 test_files:
@@ -143,5 +144,6 @@ test_files:
 - spec/lib/dradis/plugins/content_service/content_blocks_spec.rb
 - spec/lib/dradis/plugins/content_service/issues_spec.rb
 - spec/lib/dradis/plugins/settings/adapters/encrypted_configuration_spec.rb
+- spec/lib/dradis/plugins/template_service_spec.rb
 - spec/settings_spec.rb
 - spec/spec_helper.rb