dradis-plugins 4.9.0 → 4.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 76e20a999e5f8a6309b837043fc488dc8d7f8f6bafae273482f9f1027078aa04
4
- data.tar.gz: aa7c0068193b07f847ea8f0ddb6b7a8f2fb4705922ebb3da01df2859837fe4f7
3
+ metadata.gz: b275df2487d66dae267758c2e2d95b41fd7364769804fff82cc9221a916c031d
4
+ data.tar.gz: 806cd8a53d29ae2d43ec053c7ae2304185d3ca7ae7b419e7668144263814e978
5
5
  SHA512:
6
- metadata.gz: efcd0183333ddf9271c3ecca1a7c4793bb864c7e6172d46bc1f335e543ecbbfcedc640953230d976c5ba9e052df2988a5077921f78a61f95e6fa188782f44357
7
- data.tar.gz: 0c73436e1dd6d733a37fe4ccf10519f0d710137eab88eb6170fc44756d993c142372751e7f41dbc3ca5798ae6c2494d6d1829e9ba5d68cd4b1ed341fa7c92467
6
+ metadata.gz: dfb8b301121edb09990744c2cb43bf17d82d00055140219188f6f75123f73db112a74236be2b4302124be96b6105961f19e2d00a02497ff0f63c056039c9b690
7
+ data.tar.gz: fd04af3f6aa47766507c71d1d30331f000ec26ee65e17ac14f1e9259f822763c58238f241c02c00df7914e85f78e1fb047de098111c440c866e4ebe3aa9376b6
@@ -0,0 +1,45 @@
1
+ Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
2
+
3
+ ### Summary
4
+
5
+ Provide a general description of the code changes in your pull
6
+ request... were there any bugs you had fixed? If so, mention them. If
7
+ these bugs have open GitHub issues, be sure to tag them here as well,
8
+ to keep the conversation linked together.
9
+
10
+
11
+ ### Testing Steps
12
+
13
+ Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
14
+
15
+
16
+ ### Other Information
17
+
18
+ If there's anything else that's important and relevant to your pull
19
+ request, mention that information here. This could include
20
+ benchmarks, or other information.
21
+
22
+ Thanks for contributing to Dradis!
23
+
24
+
25
+ ### Copyright assignment
26
+
27
+ Collaboration is difficult with commercial closed source but we want
28
+ to keep as much of the OSS ethos as possible available to users
29
+ who want to fix it themselves.
30
+
31
+ In order to unambiguously own and sell Dradis Framework commercial
32
+ products, we must have the copyright associated with the entire
33
+ codebase. Any code you create which is merged must be owned by us.
34
+ That's not us trying to be a jerks, that's just the way it works.
35
+
36
+ You can delete this section, but the following sentence needs to
37
+ remain in the PR's description:
38
+
39
+ > I assign all rights, including copyright, to any future Dradis
40
+ > work by myself to Security Roots.
41
+
42
+ ### Check List
43
+
44
+ - [ ] Added a CHANGELOG entry
45
+ - [ ] Added specs
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ v4.11.0 (January 2024)
2
+ - No changes
3
+
4
+ v4.10.0 (September 2023)
5
+ - Add validations to the Export::BaseController
6
+ - Update gemspec links
7
+
1
8
  v4.9.0 (June 2023)
2
9
  - Fix deduplication of findings
3
10
  - Store engine settings encrypted
data/README.md CHANGED
@@ -13,12 +13,12 @@ The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis
13
13
 
14
14
  ## More information
15
15
 
16
- See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
16
+ See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
17
17
 
18
18
 
19
19
  ## Contributing
20
20
 
21
- See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
21
+ See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
22
22
 
23
23
 
24
24
  ## License
@@ -2,7 +2,12 @@ module Dradis
2
2
  module Plugins
3
3
  module Export
4
4
  class BaseController < Rails.application.config.dradis.base_export_controller_class_name.to_s.constantize
5
+ include ProjectScoped
6
+ include UsageTracking if defined?(Dradis::Pro)
7
+
5
8
  before_action :validate_scope
9
+ before_action :validate_template
10
+ after_action :track_export, if: -> { defined?(Dradis::Pro) }
6
11
 
7
12
  protected
8
13
 
@@ -10,11 +15,40 @@ module Dradis
10
15
  params.permit(:project_id, :scope, :template)
11
16
  end
12
17
 
18
+ def validate_template
19
+ @template_file =
20
+ File.expand_path(File.join(templates_dir, export_params[:template]))
21
+
22
+ unless @template_file.starts_with?(templates_dir) && File.exists?(@template_file)
23
+ raise 'Something fishy is going on...'
24
+ end
25
+ end
26
+
13
27
  def validate_scope
14
- unless Dradis::Plugins::ContentService::Base::VALID_SCOPES.include?(params[:scope])
28
+ unless Dradis::Plugins::ContentService::Base::VALID_SCOPES.include?(export_params[:scope])
15
29
  raise 'Something fishy is going on...'
16
30
  end
17
31
  end
32
+
33
+ private
34
+
35
+ def engine_name
36
+ "#{self.class.to_s.deconstantize}::Engine".constantize.plugin_name.to_s
37
+ end
38
+
39
+ def templates_dir
40
+ @templates_dir ||= File.join(::Configuration::paths_templates_reports, engine_name)
41
+ end
42
+
43
+ def track_export
44
+ project = Project.includes(:evidence, :nodes).find(current_project.id)
45
+ track_usage('report.exported', {
46
+ exporter: engine_name,
47
+ issue_count: project.issues.size,
48
+ evidence_count: project.evidence.size,
49
+ node_count: project.nodes.in_tree.size
50
+ })
51
+ end
18
52
  end
19
53
  end
20
54
  end
@@ -4,7 +4,7 @@ require 'dradis/plugins/version'
4
4
 
5
5
  # Describe your gem and declare its dependencies:
6
6
  Gem::Specification.new do |spec|
7
- spec.platform = Gem::Platform::RUBY
7
+ spec.platform = Gem::Platform::RUBY
8
8
  spec.name = 'dradis-plugins'
9
9
  spec.version = Dradis::Plugins::VERSION::STRING
10
10
  spec.summary = 'Plugin manager for the Dradis Framework project.'
@@ -13,11 +13,10 @@ Gem::Specification.new do |spec|
13
13
  spec.license = 'GPL-2'
14
14
 
15
15
  spec.authors = ['Daniel Martin']
16
- spec.email = ['etd@nomejortu.com']
17
- spec.homepage = 'http://dradisframework.org'
16
+ spec.homepage = 'http://dradis.com/ce/'
18
17
 
19
18
  spec.files = `git ls-files`.split($\)
20
- spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
19
+ spec.executables = spec.files.grep(%r{^bin/}).map { |f| File.basename(f) }
21
20
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
22
21
 
23
22
  spec.add_development_dependency 'bundler'
@@ -7,7 +7,7 @@ module Dradis
7
7
 
8
8
  module VERSION
9
9
  MAJOR = 4
10
- MINOR = 9
10
+ MINOR = 11
11
11
  TINY = 0
12
12
  PRE = nil
13
13
 
@@ -3,21 +3,20 @@ module Dradis
3
3
  class TemplateService
4
4
  attr_accessor :logger, :template, :templates_dir
5
5
 
6
- def initialize(args={})
6
+ def initialize(args = {})
7
7
  @plugin = args.fetch(:plugin)
8
8
  @templates_dir = args[:templates_dir] || default_templates_dir
9
9
  end
10
10
 
11
-
12
11
  # For a given entry, return a text blob resulting from applying the
13
12
  # chosen template to the supplied entry.
14
- def process_template(args={})
13
+ def process_template(args = {})
15
14
  self.template = args[:template]
16
15
  data = args[:data]
17
16
 
18
17
  processor = @plugin::FieldProcessor.new(data: data)
19
18
 
20
- template_source.gsub( /%(.*?)%/ ) do |field|
19
+ template_source.gsub(/%(\S*?)%/) do |field|
21
20
  name = field[1..-2]
22
21
  if fields.include?(name)
23
22
  processor.value(field: name)
@@ -27,7 +26,6 @@ module Dradis
27
26
  end
28
27
  end
29
28
 
30
-
31
29
  # ---------------------------------------------- Plugin Manager interface
32
30
 
33
31
  # This lists the fields defined by this plugin that can be used in the
@@ -51,7 +49,7 @@ module Dradis
51
49
 
52
50
  # Set the plugin's item template. This is used by the Plugins Manager
53
51
  # to force the plugin to use the new_template (provided by the user)
54
- def set_template(args={})
52
+ def set_template(args = {})
55
53
  template = args[:template]
56
54
  content = args[:content]
57
55
 
@@ -77,7 +75,7 @@ module Dradis
77
75
  # refresh cached version if modified since last read
78
76
  if template_mtime > @sources[template][:mtime]
79
77
  @template[template][:mtime] = template_mtime
80
- @template[template][:content] = File.read( template_file )
78
+ @template[template][:content] = File.read(template_file)
81
79
  end
82
80
  else
83
81
  @sources[template] = {
@@ -0,0 +1,28 @@
1
+ require 'rails_helper'
2
+
3
+ # To run, execute from Dradis main app folder:
4
+ # bin/rspec [dradis-plugins path]/spec/lib/dradis/plugins/template_service_spec.rb
5
+ describe Dradis::Plugins::TemplateService do
6
+ describe '#process_template' do
7
+ let(:data) { double }
8
+ let(:plugin) { Dradis::Plugins::Nessus }
9
+ let(:template_service) do
10
+ Dradis::Plugins::TemplateService.new(plugin: plugin)
11
+ end
12
+
13
+ context 'liquid' do
14
+ before do
15
+ allow(data).to receive(:name).and_return('ReportHost')
16
+ allow(template_service).to receive(:template_source).and_return(
17
+ "{% if issue.evidence %}\n{% end if %}"
18
+ )
19
+ end
20
+
21
+ it 'does not parse the liquid data as fields' do
22
+ expect(template_service).to_not receive(:fields)
23
+
24
+ template_service.process_template(data: data)
25
+ end
26
+ end
27
+ end
28
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-plugins
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.9.0
4
+ version: 4.11.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-31 00:00:00.000000000 Z
11
+ date: 2024-01-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -54,11 +54,11 @@ dependencies:
54
54
  version: '0'
55
55
  description: Required dependency for Dradis Framework.
56
56
  email:
57
- - etd@nomejortu.com
58
57
  executables: []
59
58
  extensions: []
60
59
  extra_rdoc_files: []
61
60
  files:
61
+ - ".github/pull_request_template.md"
62
62
  - ".gitignore"
63
63
  - ".rspec"
64
64
  - CHANGELOG.md
@@ -111,13 +111,14 @@ files:
111
111
  - spec/lib/dradis/plugins/content_service/content_blocks_spec.rb
112
112
  - spec/lib/dradis/plugins/content_service/issues_spec.rb
113
113
  - spec/lib/dradis/plugins/settings/adapters/encrypted_configuration_spec.rb
114
+ - spec/lib/dradis/plugins/template_service_spec.rb
114
115
  - spec/settings_spec.rb
115
116
  - spec/spec_helper.rb
116
- homepage: http://dradisframework.org
117
+ homepage: http://dradis.com/ce/
117
118
  licenses:
118
119
  - GPL-2
119
120
  metadata: {}
120
- post_install_message:
121
+ post_install_message:
121
122
  rdoc_options: []
122
123
  require_paths:
123
124
  - lib
@@ -132,8 +133,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
132
133
  - !ruby/object:Gem::Version
133
134
  version: '0'
134
135
  requirements: []
135
- rubygems_version: 3.1.4
136
- signing_key:
136
+ rubygems_version: 3.3.7
137
+ signing_key:
137
138
  specification_version: 4
138
139
  summary: Plugin manager for the Dradis Framework project.
139
140
  test_files:
@@ -143,5 +144,6 @@ test_files:
143
144
  - spec/lib/dradis/plugins/content_service/content_blocks_spec.rb
144
145
  - spec/lib/dradis/plugins/content_service/issues_spec.rb
145
146
  - spec/lib/dradis/plugins/settings/adapters/encrypted_configuration_spec.rb
147
+ - spec/lib/dradis/plugins/template_service_spec.rb
146
148
  - spec/settings_spec.rb
147
149
  - spec/spec_helper.rb