dradis-projects 3.9.0 → 3.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0b132456fc52c60a49be0e8fcb92b42d05874c1d
-  data.tar.gz: d240988d1166f96509d3c483a6cc2179dad5d86c
+  metadata.gz: 0256537152511bdd57bd8bda059eecd5adfaf3d4
+  data.tar.gz: a456a38a9168d70a77266162a18844308314c479
 SHA512:
-  metadata.gz: 7ac336d9eb5203fd73f23b3ccc2ef60d78c3f401fc4d8401b3e5c4cbd88090893fefea25fced73dcf08dcccd5a57ce43a83ef8e4a7f11cd24c404a4b2be241b4
-  data.tar.gz: b6da1f393598f2cac694b55955c17117b4d7cccb2e2a2de1f8bc6a3c786604119fc8f692c2c64c8a7e2d1c7465f41906b848a025b8bff343b12fd415a9a03ce9
+  metadata.gz: 603efc920654a2a403a74094f036f742a0b02250e4fc030f10a4d25acdcce08b138b510fca6bfc30a82071a87f308990969e7cdf3a659cd0ed66bd1a09848432
+  data.tar.gz: 460caa7831aa233b2ada3e90333c1f2e4e9bdcaf7ee61b6ba323bf8b226722b1a4daf44062cdc5a5b6d0a477cebd9ffe156151cff381cdad0a28d79395a3324b

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## Dradis Framework 3.10 (August, 2018) ##
+
+*   Use project scopes
+
+*   Check project existence for default user id
+
+*   Comments export import
+
+*   Replace Node methods that are now Project methods
+
 ## Dradis Framework 3.9 (January, 2018) ##
 
 *   Fix nodes upload   

data/dradis-projects.gemspec

@@ -26,5 +26,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec'
 
   spec.add_dependency 'dradis-plugins', '~> 3.7'
-  spec.add_dependency 'rubyzip', '~> 1.2.1'
+  spec.add_dependency 'rubyzip', '~> 1.2.2'
 end

data/lib/dradis/plugins/projects/engine.rb

@@ -18,8 +18,8 @@ module Dradis
 
         initializer "dradis-projects.set_configs" do |app|
           options = app.config.dradis.projects
-          options.template_exporter ||= Dradis::Plugins::Projects::Export::V1::Template
-          options.template_uploader ||= Dradis::Plugins::Projects::Upload::V1::Template::Importer
+          options.template_exporter ||= Dradis::Plugins::Projects::Export::V2::Template
+          options.template_uploader ||= Dradis::Plugins::Projects::Upload::V2::Template::Importer
         end
 
 

data/lib/dradis/plugins/projects/export/package.rb

@@ -15,7 +15,7 @@ module Dradis::Plugins::Projects::Export
       logger.debug{ "Creating a new Zip file in #{filename}..." }
 
       Zip::File.open(filename, Zip::File::CREATE) do |zipfile|
-        Node.all.each do |node|
+        @project.nodes.each do |node|
           node_path = Attachment.pwd.join(node.id.to_s)
 
           Dir["#{node_path}/**/**"].each do |file|

data/lib/dradis/plugins/projects/export/template.rb

@@ -28,3 +28,4 @@ module Dradis::Plugins::Projects::Export
 end
 
 require_relative 'v1/template'
+require_relative 'v2/template'

data/lib/dradis/plugins/projects/export/v1/template.rb

@@ -50,7 +50,7 @@ module Dradis::Plugins::Projects::Export::V1
     end
 
     def build_issues(builder)
-      @issues = Issue.where(node_id: Node.issue_library).includes(:activities)
+      @issues = Issue.where(node_id: project.issue_library).includes(:activities)
 
       builder.issues do |issues_builder|
         @issues.each do |issue|
@@ -67,7 +67,7 @@ module Dradis::Plugins::Projects::Export::V1
     end
 
     def build_methodologies(builder)
-      methodologies = Node.methodology_library.notes
+      methodologies = project.methodology_library.notes
       builder.methodologies do |methodologies_builder|
         methodologies.each do |methodology|
           methodologies_builder.methodology(version: VERSION) do |methodology_builder|
@@ -80,7 +80,7 @@ module Dradis::Plugins::Projects::Export::V1
     end
 
     def build_nodes(builder)
-      @nodes = Node.includes(:activities, :evidence, :notes, evidence: [:activities], notes: [:activities, :category]).all.reject do |node|
+      @nodes = project.nodes.includes(:activities, :evidence, :notes, evidence: [:activities], notes: [:activities, :category]).all.reject do |node|
         [Node::Types::METHODOLOGY,
           Node::Types::ISSUELIB].include?(node.type_id)
       end
@@ -125,7 +125,7 @@ module Dradis::Plugins::Projects::Export::V1
     def build_report_content(builder); end
 
     def build_tags(builder)
-      tags = Tag.all
+      tags = project.tags
       builder.tags do |tags_builder|
         tags.each do |tag|
           tags_builder.tag do |tag_builder|

data/lib/dradis/plugins/projects/export/v2/template.rb

@@ -0,0 +1,40 @@
+module Dradis::Plugins::Projects::Export::V2
+  class Template < Dradis::Plugins::Projects::Export::V1::Template
+    VERSION = 2
+
+    protected
+
+    def build_comments_for(builder, commentable)
+      builder.comments do |comments_builder|
+        commentable.comments.each do |comment|
+          comments_builder.comment do |comment_builder|
+            comment_builder.content do
+              comment_builder.cdata!(comment.content)
+            end
+            comment_builder.author(comment.user.email)
+            comment_builder.created_at(comment.created_at.to_i)
+          end
+        end
+      end
+    end
+
+    def build_issues(builder)
+      @issues = Issue.where(node_id: project.issue_library).includes(:activities)
+
+      builder.issues do |issues_builder|
+        @issues.each do |issue|
+          issues_builder.issue do |issue_builder|
+            issue_builder.id(issue.id)
+            issue_builder.author(issue.author)
+            issue_builder.text do
+              issue_builder.cdata!(issue.text)
+            end
+            build_activities_for(issue_builder, issue)
+            build_comments_for(issue_builder, issue)
+          end
+        end
+      end
+    end
+
+  end
+end

data/lib/dradis/plugins/projects/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 3
-        MINOR = 9
+        MINOR = 10
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/projects/upload/template.rb

@@ -88,3 +88,4 @@ module Dradis::Plugins::Projects::Upload
 end
 
 require_relative 'v1/template'
+require_relative 'v2/template'

data/lib/dradis/plugins/projects/upload/v1/template.rb

@@ -5,6 +5,8 @@ module Dradis::Plugins::Projects::Upload::V1
 
       attr_accessor :attachment_notes, :logger, :pending_changes
 
+      ATTACHMENT_URL = %r{^!(/[a-z]+)?/(?:projects/\d+/)?nodes/(\d+)/attachments/(.+)!$}
+
       def post_initialize(args={})
         @lookup_table = {
           categories: {},
@@ -50,11 +52,28 @@ module Dradis::Plugins::Projects::Upload::V1
           created_at: Time.at(xml_activity.at_xpath("created_at").text.to_i)
         )
 
+        activity.project_id = project.id if activity.respond_to?(:project)
+
         set_activity_user(activity, xml_activity.at_xpath("user_email").text)
 
         validate_and_save(activity)
       end
 
+      def create_issue(issue, xml_issue)
+        # TODO: Need to find some way of checking for dups
+        # May be combination of text, category_id and created_at
+        issue.author   = xml_issue.at_xpath('author').text.strip
+        issue.text     = xml_issue.at_xpath('text').text
+        issue.node     = project.issue_library
+        issue.category = Category.issue
+
+        return false unless validate_and_save(issue)
+
+        return false unless create_activities(issue, xml_issue)
+
+        true
+      end
+
       def finalize(template)
         logger.info { 'Wrapping up...' }
 
@@ -72,10 +91,9 @@ module Dradis::Plugins::Projects::Upload::V1
 
           logger.info { "Adjusting screenshot URLs: #{item.class.name} ##{item.id}" }
 
-          new_text = item.send(text_attr).gsub(%r{^!(.*)/nodes/(\d+)/attachments/(.+)!$}) do |_|
-            "!%s/nodes/%d/attachments/%s!" % [$1, lookup_table[:nodes][$2], $3]
+          new_text = item.send(text_attr).gsub(ATTACHMENT_URL) do |_|
+            "!%s/projects/%d/nodes/%d/attachments/%s!" % [$1, project.id, lookup_table[:nodes][$2], $3]
           end
-
           item.send(text_attr.to_s + "=", new_text)
 
           raise "Couldn't save note attachment URL for #{item.class.name} ##{item.id}" unless validate_and_save(item)
@@ -89,8 +107,8 @@ module Dradis::Plugins::Projects::Upload::V1
           logger.info { "Setting issue_id for evidence" }
           evidence.issue_id = lookup_table[:issues][evidence.issue_id.to_s]
 
-          new_content      = evidence.content.gsub(%r{^!(.*)/nodes/(\d+)/attachments/(.+)!$}) do |_|
-            "!%s/nodes/%d/attachments/%s!" % [$1, lookup_table[:nodes][$2], $3]
+          new_content = evidence.content.gsub(ATTACHMENT_URL) do |_|
+            "!%s/projects/%d/nodes/%d/attachments/%s!" % [$1, project.id, lookup_table[:nodes][$2], $3]
           end
           evidence.content = new_content
 
@@ -137,30 +155,19 @@ module Dradis::Plugins::Projects::Upload::V1
       # Will need to adjust node ID after generating node structure
       def parse_issues(template)
         issue = nil
-        issue_category = Category.issue
-        issue_library  = Node.issue_library
 
         logger.info { 'Processing Issues...' }
 
         template.xpath('dradis-template/issues/issue').each do |xml_issue|
-          old_id = xml_issue.at_xpath('id').text.strip
-
-          # TODO: Need to find some way of checking for dups
-          # May be combination of text, category_id and created_at
           issue = Issue.new
-          issue.author   = xml_issue.at_xpath('author').text.strip
-          issue.text     = xml_issue.at_xpath('text').text
-          issue.node     = issue_library
-          issue.category = issue_category
-
-          return false unless validate_and_save(issue)
 
-          return false unless create_activities(issue, xml_issue)
+          return false unless create_issue(issue, xml_issue)
 
           if issue.text =~ %r{^!(.*)/nodes/(\d+)/attachments/(.+)!$}
             pending_changes[:attachment_notes] << issue
           end
 
+          old_id = xml_issue.at_xpath('id').text.strip
           lookup_table[:issues][old_id] = issue.id
           logger.info{ "New issue detected: #{issue.title}" }
         end
@@ -171,7 +178,7 @@ module Dradis::Plugins::Projects::Upload::V1
 
       def parse_methodologies(template)
         methodology_category = Category.default
-        methodology_library  = Node.methodology_library
+        methodology_library  = project.methodology_library
 
         logger.info { 'Processing Methodologies...' }
 
@@ -220,10 +227,10 @@ module Dradis::Plugins::Projects::Upload::V1
         # - the Configuration.uploadsNode node (detected by its label)
         # - any nodes with type different from DEFAULT or HOST
         if label == Configuration.plugin_uploads_node
-          node = Node.create_with(type_id: type_id, parent_id: parent_id)
+          node = project.nodes.create_with(type_id: type_id, parent_id: parent_id)
               .find_or_create_by!(label: label)
         elsif Node::Types::USER_TYPES.exclude?(type_id.to_i)
-          node = Node.create_with(label: label)
+          node = project.nodes.create_with(label: label)
               .find_or_create_by!(type_id: type_id)
         else
           # We don't want to validate child nodes here yet since they always
@@ -231,14 +238,14 @@ module Dradis::Plugins::Projects::Upload::V1
           # finalize_nodes method.
           has_nil_parent = !parent_id
           node =
-            Node.new(
+            project.nodes.new(
               type_id:   type_id,
               label:     label,
               parent_id: parent_id,
               position:  position
             )
           node.save!(validate: has_nil_parent)
-          pending_changes[:orphan_nodes] << node if parent_id
+          pending_changes[:orphan_nodes]  << node if parent_id
         end
 
         if properties
@@ -291,7 +298,7 @@ module Dradis::Plugins::Projects::Upload::V1
             evidence.update_attribute(:updated_at, updated_at.text.strip) if updated_at
 
             pending_changes[:evidence]          << evidence
-            pending_changes[:evidence_activity] << xml_evidence.xpath("activities/activity")
+            pending_changes[:evidence_activity] << xml_evidence.xpath('activities/activity')
 
             logger.info { "\tNew evidence added." }
           end
@@ -339,7 +346,9 @@ module Dradis::Plugins::Projects::Upload::V1
 
         template.xpath('dradis-template/tags/tag').each do |xml_tag|
           name = xml_tag.at_xpath('name').text()
-          tag  = Tag.find_or_create_by!(name: name)
+          tag_params = { name: name }
+          tag_params[:project_id] = project.id if Tag.has_attribute?(:project_id)
+          tag = Tag.where(tag_params).first_or_create
           logger.info { "New tag detected: #{name}" }
 
           xml_tag.xpath('./taggings/tagging').each do |xml_tagging|

data/lib/dradis/plugins/projects/upload/v2/template.rb

@@ -0,0 +1,37 @@
+module Dradis::Plugins::Projects::Upload::V2
+  module Template
+    class Importer < Dradis::Plugins::Projects::Upload::V1::Template::Importer
+      private
+
+      def create_comments(commentable, xml_comments)
+        return true if xml_comments.empty?
+
+        xml_comments.each do |xml_comment|
+          author_email = xml_comment.at_xpath('author').text
+          comment = Comment.new(
+            commentable_id: commentable.id,
+            commentable_type: commentable.class.to_s,
+            content: xml_comment.at_xpath('content').text,
+            created_at: Time.at(xml_comment.at_xpath('created_at').text.to_i),
+            user_id: user_id_for_email(author_email)
+          )
+
+          if comment.user.email != author_email
+            comment.content = comment.content +
+              "\n\nOriginal author not available in this Dradis instance: "\
+              "#{author_email}."
+          end
+
+          return false unless validate_and_save(comment)
+        end
+      end
+
+      def create_issue(issue, xml_issue)
+        return false unless super
+        return false unless create_comments(issue, xml_issue.xpath('comments/comment'))
+
+        true
+      end
+    end
+  end
+end

data/lib/tasks/thorfile.rb

@@ -79,7 +79,7 @@ class UploadTasks < Thor
 
     detect_and_set_project_scope
 
-    default_user_id = @project.owners.first.id
+    default_user_id = @project ? @project.owners.first.id : User.first.id
 
     task_options.merge!({
       plugin: Dradis::Plugins::Projects::Upload::Template,
@@ -105,7 +105,7 @@ class UploadTasks < Thor
 
     detect_and_set_project_scope
 
-    default_user_id = @project.owners.first.id
+    default_user_id = @project ? @project.owners.first.id : User.first.id
 
     task_options.merge!({
       plugin: Dradis::Plugins::Projects::Upload::Package,

data/spec/fixtures/files/attachments_url.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?><dradis-template version="2"><nodes><node><id>5</id><label>Uploaded files</label><parent-id/><position>0</position><properties><![CDATA[{
+}]]></properties><type-id>0</type-id><notes></notes><evidence></evidence><activities></activities></node></nodes><issues><issue><id>2</id><author>admin@securityroots.com</author><text><![CDATA[#[Title]#
+Test Issue
+
+#[Description]#
+!/pro/projects/222/nodes/5/attachments/hello.jpg!
+
+!/projects/222/nodes/5/attachments/hello.jpg!
+
+!/pro/nodes/5/attachments/hello.jpg!
+
+!/nodes/5/attachments/hello.jpg!
+
+]]></text><activities></activities><comments></comments></issue></issues><methodologies></methodologies><categories>
+<category><id>2</id><name>Issue description</name></category></categories><tags><tag><id>1</id><name>!9467bd_critical</name><taggings></taggings></tag><tag><id>2</id><name>!d62728_high</name><taggings></taggings></tag><tag><id>3</id><name>!ff7f0e_medium</name><taggings></taggings></tag><tag><id>4</id><name>!6baed6_low</name><taggings></taggings></tag><tag><id>5</id><name>!2ca02c_info</name><taggings></taggings></tag></tags></dradis-template>

data/spec/lib/dradis/plugins/projects/upload/v1/template_spec.rb

@@ -0,0 +1,33 @@
+require 'rails_helper'
+
+describe Dradis::Plugins::Projects::Upload::V1::Template::Importer do
+
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+  let(:importer_class) { Dradis::Plugins::Projects::Upload::Template }
+  let(:file_path) {
+    File.join(File.dirname(__FILE__), '../../../../../../', 'fixtures', 'files', 'attachments_url.xml')
+  }
+
+  context 'uploading a template with attachments url' do
+    it 'converts the urls' do
+      importer = importer_class::Importer.new(
+        default_user_id: user.id,
+        plugin: importer_class,
+        project_id: project.id
+      )
+
+      importer.import(file: file_path)
+
+      p_id = project.id
+      n_id = project.plugin_uploads_node.id
+
+      expect(project.issues.first.text).to include(
+        "!/pro/projects/#{p_id}/nodes/#{n_id}/attachments/hello.jpg!\n\n" +
+        "!/projects/#{p_id}/nodes/#{n_id}/attachments/hello.jpg!\n\n" +
+        "!/pro/projects/#{p_id}/nodes/#{n_id}/attachments/hello.jpg!\n\n" +
+        "!/projects/#{p_id}/nodes/#{n_id}/attachments/hello.jpg!"
+      )
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-projects
 version: !ruby/object:Gem::Version
-  version: 3.9.0
+  version: 3.10.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-08 00:00:00.000000000 Z
+date: 2018-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.2.2
 description: This plugin allows you to dump the contents of the repo into a zip archive
   and restore the state from one of them.
 email:
@@ -120,12 +120,16 @@ files:
 - lib/dradis/plugins/projects/export/package.rb
 - lib/dradis/plugins/projects/export/template.rb
 - lib/dradis/plugins/projects/export/v1/template.rb
+- lib/dradis/plugins/projects/export/v2/template.rb
 - lib/dradis/plugins/projects/gem_version.rb
 - lib/dradis/plugins/projects/upload/package.rb
 - lib/dradis/plugins/projects/upload/template.rb
 - lib/dradis/plugins/projects/upload/v1/template.rb
+- lib/dradis/plugins/projects/upload/v2/template.rb
 - lib/dradis/plugins/projects/version.rb
 - lib/tasks/thorfile.rb
+- spec/fixtures/files/attachments_url.xml
+- spec/lib/dradis/plugins/projects/upload/v1/template_spec.rb
 homepage: http://dradisframework.org
 licenses:
 - GPL-2
@@ -146,8 +150,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: Project export/upload for the Dradis Framework.
-test_files: []
+test_files:
+- spec/fixtures/files/attachments_url.xml
+- spec/lib/dradis/plugins/projects/upload/v1/template_spec.rb