dradis-plugins 4.9.0 → 4.11.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 76e20a999e5f8a6309b837043fc488dc8d7f8f6bafae273482f9f1027078aa04
4
- data.tar.gz: aa7c0068193b07f847ea8f0ddb6b7a8f2fb4705922ebb3da01df2859837fe4f7
3
+ metadata.gz: b275df2487d66dae267758c2e2d95b41fd7364769804fff82cc9221a916c031d
4
+ data.tar.gz: 806cd8a53d29ae2d43ec053c7ae2304185d3ca7ae7b419e7668144263814e978
5
5
  SHA512:
6
- metadata.gz: efcd0183333ddf9271c3ecca1a7c4793bb864c7e6172d46bc1f335e543ecbbfcedc640953230d976c5ba9e052df2988a5077921f78a61f95e6fa188782f44357
7
- data.tar.gz: 0c73436e1dd6d733a37fe4ccf10519f0d710137eab88eb6170fc44756d993c142372751e7f41dbc3ca5798ae6c2494d6d1829e9ba5d68cd4b1ed341fa7c92467
6
+ metadata.gz: dfb8b301121edb09990744c2cb43bf17d82d00055140219188f6f75123f73db112a74236be2b4302124be96b6105961f19e2d00a02497ff0f63c056039c9b690
7
+ data.tar.gz: fd04af3f6aa47766507c71d1d30331f000ec26ee65e17ac14f1e9259f822763c58238f241c02c00df7914e85f78e1fb047de098111c440c866e4ebe3aa9376b6
@@ -0,0 +1,45 @@
1
+ Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
2
+
3
+ ### Summary
4
+
5
+ Provide a general description of the code changes in your pull
6
+ request... were there any bugs you had fixed? If so, mention them. If
7
+ these bugs have open GitHub issues, be sure to tag them here as well,
8
+ to keep the conversation linked together.
9
+
10
+
11
+ ### Testing Steps
12
+
13
+ Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
14
+
15
+
16
+ ### Other Information
17
+
18
+ If there's anything else that's important and relevant to your pull
19
+ request, mention that information here. This could include
20
+ benchmarks, or other information.
21
+
22
+ Thanks for contributing to Dradis!
23
+
24
+
25
+ ### Copyright assignment
26
+
27
+ Collaboration is difficult with commercial closed source but we want
28
+ to keep as much of the OSS ethos as possible available to users
29
+ who want to fix it themselves.
30
+
31
+ In order to unambiguously own and sell Dradis Framework commercial
32
+ products, we must have the copyright associated with the entire
33
+ codebase. Any code you create which is merged must be owned by us.
34
+ That's not us trying to be a jerks, that's just the way it works.
35
+
36
+ You can delete this section, but the following sentence needs to
37
+ remain in the PR's description:
38
+
39
+ > I assign all rights, including copyright, to any future Dradis
40
+ > work by myself to Security Roots.
41
+
42
+ ### Check List
43
+
44
+ - [ ] Added a CHANGELOG entry
45
+ - [ ] Added specs
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ v4.11.0 (January 2024)
2
+ - No changes
3
+
4
+ v4.10.0 (September 2023)
5
+ - Add validations to the Export::BaseController
6
+ - Update gemspec links
7
+
1
8
  v4.9.0 (June 2023)
2
9
  - Fix deduplication of findings
3
10
  - Store engine settings encrypted
data/README.md CHANGED
@@ -13,12 +13,12 @@ The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis
13
13
 
14
14
  ## More information
15
15
 
16
- See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
16
+ See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
17
17
 
18
18
 
19
19
  ## Contributing
20
20
 
21
- See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
21
+ See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
22
22
 
23
23
 
24
24
  ## License
@@ -2,7 +2,12 @@ module Dradis
2
2
  module Plugins
3
3
  module Export
4
4
  class BaseController < Rails.application.config.dradis.base_export_controller_class_name.to_s.constantize
5
+ include ProjectScoped
6
+ include UsageTracking if defined?(Dradis::Pro)
7
+
5
8
  before_action :validate_scope
9
+ before_action :validate_template
10
+ after_action :track_export, if: -> { defined?(Dradis::Pro) }
6
11
 
7
12
  protected
8
13
 
@@ -10,11 +15,40 @@ module Dradis
10
15
  params.permit(:project_id, :scope, :template)
11
16
  end
12
17
 
18
+ def validate_template
19
+ @template_file =
20
+ File.expand_path(File.join(templates_dir, export_params[:template]))
21
+
22
+ unless @template_file.starts_with?(templates_dir) && File.exists?(@template_file)
23
+ raise 'Something fishy is going on...'
24
+ end
25
+ end
26
+
13
27
  def validate_scope
14
- unless Dradis::Plugins::ContentService::Base::VALID_SCOPES.include?(params[:scope])
28
+ unless Dradis::Plugins::ContentService::Base::VALID_SCOPES.include?(export_params[:scope])
15
29
  raise 'Something fishy is going on...'
16
30
  end
17
31
  end
32
+
33
+ private
34
+
35
+ def engine_name
36
+ "#{self.class.to_s.deconstantize}::Engine".constantize.plugin_name.to_s
37
+ end
38
+
39
+ def templates_dir
40
+ @templates_dir ||= File.join(::Configuration::paths_templates_reports, engine_name)
41
+ end
42
+
43
+ def track_export
44
+ project = Project.includes(:evidence, :nodes).find(current_project.id)
45
+ track_usage('report.exported', {
46
+ exporter: engine_name,
47
+ issue_count: project.issues.size,
48
+ evidence_count: project.evidence.size,
49
+ node_count: project.nodes.in_tree.size
50
+ })
51
+ end
18
52
  end
19
53
  end
20
54
  end
@@ -4,7 +4,7 @@ require 'dradis/plugins/version'
4
4
 
5
5
  # Describe your gem and declare its dependencies:
6
6
  Gem::Specification.new do |spec|
7
- spec.platform = Gem::Platform::RUBY
7
+ spec.platform = Gem::Platform::RUBY
8
8
  spec.name = 'dradis-plugins'
9
9
  spec.version = Dradis::Plugins::VERSION::STRING
10
10
  spec.summary = 'Plugin manager for the Dradis Framework project.'
@@ -13,11 +13,10 @@ Gem::Specification.new do |spec|
13
13
  spec.license = 'GPL-2'
14
14
 
15
15
  spec.authors = ['Daniel Martin']
16
- spec.email = ['etd@nomejortu.com']
17
- spec.homepage = 'http://dradisframework.org'
16
+ spec.homepage = 'http://dradis.com/ce/'
18
17
 
19
18
  spec.files = `git ls-files`.split($\)
20
- spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
19
+ spec.executables = spec.files.grep(%r{^bin/}).map { |f| File.basename(f) }
21
20
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
22
21
 
23
22
  spec.add_development_dependency 'bundler'
@@ -7,7 +7,7 @@ module Dradis
7
7
 
8
8
  module VERSION
9
9
  MAJOR = 4
10
- MINOR = 9
10
+ MINOR = 11
11
11
  TINY = 0
12
12
  PRE = nil
13
13
 
@@ -3,21 +3,20 @@ module Dradis
3
3
  class TemplateService
4
4
  attr_accessor :logger, :template, :templates_dir
5
5
 
6
- def initialize(args={})
6
+ def initialize(args = {})
7
7
  @plugin = args.fetch(:plugin)
8
8
  @templates_dir = args[:templates_dir] || default_templates_dir
9
9
  end
10
10
 
11
-
12
11
  # For a given entry, return a text blob resulting from applying the
13
12
  # chosen template to the supplied entry.
14
- def process_template(args={})
13
+ def process_template(args = {})
15
14
  self.template = args[:template]
16
15
  data = args[:data]
17
16
 
18
17
  processor = @plugin::FieldProcessor.new(data: data)
19
18
 
20
- template_source.gsub( /%(.*?)%/ ) do |field|
19
+ template_source.gsub(/%(\S*?)%/) do |field|
21
20
  name = field[1..-2]
22
21
  if fields.include?(name)
23
22
  processor.value(field: name)
@@ -27,7 +26,6 @@ module Dradis
27
26
  end
28
27
  end
29
28
 
30
-
31
29
  # ---------------------------------------------- Plugin Manager interface
32
30
 
33
31
  # This lists the fields defined by this plugin that can be used in the
@@ -51,7 +49,7 @@ module Dradis
51
49
 
52
50
  # Set the plugin's item template. This is used by the Plugins Manager
53
51
  # to force the plugin to use the new_template (provided by the user)
54
- def set_template(args={})
52
+ def set_template(args = {})
55
53
  template = args[:template]
56
54
  content = args[:content]
57
55
 
@@ -77,7 +75,7 @@ module Dradis
77
75
  # refresh cached version if modified since last read
78
76
  if template_mtime > @sources[template][:mtime]
79
77
  @template[template][:mtime] = template_mtime
80
- @template[template][:content] = File.read( template_file )
78
+ @template[template][:content] = File.read(template_file)
81
79
  end
82
80
  else
83
81
  @sources[template] = {
@@ -0,0 +1,28 @@
1
+ require 'rails_helper'
2
+
3
+ # To run, execute from Dradis main app folder:
4
+ # bin/rspec [dradis-plugins path]/spec/lib/dradis/plugins/template_service_spec.rb
5
+ describe Dradis::Plugins::TemplateService do
6
+ describe '#process_template' do
7
+ let(:data) { double }
8
+ let(:plugin) { Dradis::Plugins::Nessus }
9
+ let(:template_service) do
10
+ Dradis::Plugins::TemplateService.new(plugin: plugin)
11
+ end
12
+
13
+ context 'liquid' do
14
+ before do
15
+ allow(data).to receive(:name).and_return('ReportHost')
16
+ allow(template_service).to receive(:template_source).and_return(
17
+ "{% if issue.evidence %}\n{% end if %}"
18
+ )
19
+ end
20
+
21
+ it 'does not parse the liquid data as fields' do
22
+ expect(template_service).to_not receive(:fields)
23
+
24
+ template_service.process_template(data: data)
25
+ end
26
+ end
27
+ end
28
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-plugins
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.9.0
4
+ version: 4.11.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-31 00:00:00.000000000 Z
11
+ date: 2024-01-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -54,11 +54,11 @@ dependencies:
54
54
  version: '0'
55
55
  description: Required dependency for Dradis Framework.
56
56
  email:
57
- - etd@nomejortu.com
58
57
  executables: []
59
58
  extensions: []
60
59
  extra_rdoc_files: []
61
60
  files:
61
+ - ".github/pull_request_template.md"
62
62
  - ".gitignore"
63
63
  - ".rspec"
64
64
  - CHANGELOG.md
@@ -111,13 +111,14 @@ files:
111
111
  - spec/lib/dradis/plugins/content_service/content_blocks_spec.rb
112
112
  - spec/lib/dradis/plugins/content_service/issues_spec.rb
113
113
  - spec/lib/dradis/plugins/settings/adapters/encrypted_configuration_spec.rb
114
+ - spec/lib/dradis/plugins/template_service_spec.rb
114
115
  - spec/settings_spec.rb
115
116
  - spec/spec_helper.rb
116
- homepage: http://dradisframework.org
117
+ homepage: http://dradis.com/ce/
117
118
  licenses:
118
119
  - GPL-2
119
120
  metadata: {}
120
- post_install_message:
121
+ post_install_message:
121
122
  rdoc_options: []
122
123
  require_paths:
123
124
  - lib
@@ -132,8 +133,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
132
133
  - !ruby/object:Gem::Version
133
134
  version: '0'
134
135
  requirements: []
135
- rubygems_version: 3.1.4
136
- signing_key:
136
+ rubygems_version: 3.3.7
137
+ signing_key:
137
138
  specification_version: 4
138
139
  summary: Plugin manager for the Dradis Framework project.
139
140
  test_files:
@@ -143,5 +144,6 @@ test_files:
143
144
  - spec/lib/dradis/plugins/content_service/content_blocks_spec.rb
144
145
  - spec/lib/dradis/plugins/content_service/issues_spec.rb
145
146
  - spec/lib/dradis/plugins/settings/adapters/encrypted_configuration_spec.rb
147
+ - spec/lib/dradis/plugins/template_service_spec.rb
146
148
  - spec/settings_spec.rb
147
149
  - spec/spec_helper.rb