dradis-qualys 4.0.0 → 4.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +40 -55
  3. data/CHANGELOG.template +12 -0
  4. data/dradis-qualys.gemspec +1 -1
  5. data/lib/dradis/plugins/qualys/gem_version.rb +1 -1
  6. data/lib/qualys/element.rb +7 -2
  7. data/spec/qualys/importer_spec.rb +5 -3
  8. metadata +6 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cfe14be5c9945751d3c77fcfff264b5a78c9ed73088e6279ed2f15548b6e0a8b
4
- data.tar.gz: bbb630a25f91486e55a07105f15826cc84e3aa8f8ce68b56c565218d7a974dea
3
+ metadata.gz: 953114d5501cf866740c9ab4657191ab2fc123998bf29a5c7303292740b6a3c9
4
+ data.tar.gz: 3cb44c03b7a3ac23d8a07e73cae291ffb9a5cdf8f5f8f27b57739788da164204
5
5
  SHA512:
6
- metadata.gz: b24bba307807b3b6e3fc4284d770b5526bdec667815fbc9c36a2a2dd1497653342c3fb1cc5c8f9cf71efa208d73784d826a1979b0ee8df63730118904fd9d9e9
7
- data.tar.gz: a701e7d3ffa1fb57080a6311f7f692715d19ea36af0bc19da3d5897e15909e119d93f6d7bd084fa89c7cffbb77a384c20c0276c92f69cca599b74ff0bc0be3d8
6
+ metadata.gz: c98b9d282b4b7fc7dd74e70a9755b8df60776f3a918a9283f1ce5081ec9cbcffee16e63566ade648405d44f56fae635d2d94baeed949fe08e211fc6c4efaf2a1
7
+ data.tar.gz: 835a5c1e0f1956b61354c72fe821ddd31c455a69c8a8df2393514f3c80a663c4365d821ee424383af9268a534cced11c22a4477b03770a7f0fc0461e8631d712
data/CHANGELOG.md CHANGED
@@ -1,73 +1,58 @@
1
- ## Dradis Framework 4.0.0 (July, 2021) ##
1
+ v4.1.0 (November 2021)
2
+ - Add <dd>, <dt> support
3
+ - Remove orphaned <b> tags
2
4
 
3
- * No changes.
5
+ v4.0.0 (July 2021)
6
+ - No changes
4
7
 
5
- ## Dradis Framework 3.22 (April, 2021) ##
8
+ v3.22.0 (April 2021)
9
+ - No changes
6
10
 
7
- * No changes.
11
+ v3.21.0 (February 2021)
12
+ - No changes
8
13
 
9
- ## Dradis Framework 3.21 (February, 2021) ##
14
+ v3.20.0 (December 2020)
15
+ - No changes
10
16
 
11
- * No changes.
17
+ v3.19.0 (September 2020)
18
+ - No changes
12
19
 
13
- ## Dradis Framework 3.20 (December, 2020) ##
20
+ v3.18.0 (July 2020)
21
+ - No changes
14
22
 
15
- * No changes.
23
+ v3.17.0 (May 2020)
24
+ - No changes
16
25
 
17
- ## Dradis Framework 3.19 (September, 2020) ##
26
+ v3.16.0 (February 2020)
27
+ - No changes
18
28
 
19
- * No changes.
29
+ v3.15.0 (November 2019)
30
+ - No changes
20
31
 
21
- ## Dradis Framework 3.18 (July, 2020) ##
32
+ v3.14.0 (August 2019)
33
+ - No changes
22
34
 
23
- * No changes.
35
+ v3.13.0 (June 2019)
36
+ - No changes
24
37
 
25
- ## Dradis Framework 3.17 (May, 2020) ##
38
+ v3.12.0 (March 2019)
39
+ - No changes
26
40
 
27
- * No changes.
41
+ v3.11.0 (November 2018)
42
+ - No changes
28
43
 
29
- ## Dradis Framework 3.16 (February, 2020) ##
44
+ v3.10.0 (August 2018)
45
+ - No changes
30
46
 
31
- * No changes.
47
+ v3.9.0 (January 2018)
48
+ - Add `os`, `hostname`, and `ip` as Node properties instead of a `Basic host info` Note
32
49
 
33
- ## Dradis Framework 3.15 (November, 2019) ##
50
+ v3.8.0 (September 2017)
51
+ - No changes
34
52
 
35
- * No changes.
53
+ v3.7.0 (July 2017)
54
+ - Better HTML entity translation (thanks @leesoh)
55
+ - Import INFOS, SERVICES, etc as Issues #7 (thanks @rachkor)
36
56
 
37
- ## Dradis Framework 3.14 (August, 2019) ##
38
-
39
- * No changes.
40
-
41
- ## Dradis Framework 3.13 (June, 2019) ##
42
-
43
- * No changes.
44
-
45
- ## Dradis Framework 3.12 (March, 2019) ##
46
-
47
- * No changes.
48
-
49
- ## Dradis Framework 3.11 (November, 2018) ##
50
-
51
- * No changes.
52
-
53
- ## Dradis Framework 3.10 (August, 2018) ##
54
-
55
- * No changes.
56
-
57
- ## Dradis Framework 3.9 (January, 2018) ##
58
-
59
- * Add `os`, `hostname`, and `ip` as Node properties
60
- instead of a `Basic host info` Note (v3.8.1)
61
-
62
- ## Dradis Framework 3.8 (September, 2017) ##
63
-
64
- * No changes.
65
-
66
- ## Dradis Framework 3.7 (July, 2017) ##
67
-
68
- * Better HTML entity translation (thanks @leesoh).
69
- * Import INFOS, SERVICES, etc as Issues #7 (thanks @rachkor).
70
-
71
- ## Dradis Framework 3.6 (March, 2017) ##
72
-
73
- * No changes.
57
+ v3.6.0 (March 2017)
58
+ - No changes
data/CHANGELOG.template ADDED
@@ -0,0 +1,12 @@
1
+ [v#.#.#] ([month] [YYYY])
2
+ - [future tense verb] [feature]
3
+ - Upgraded gems:
4
+ - [gem]
5
+ - Bugs fixes:
6
+ - [future tense verb] [bug fix]
7
+ - Bug tracker items:
8
+ - [item]
9
+ - Security Fixes:
10
+ - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
11
+ - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
12
+ - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
data/dradis-qualys.gemspec CHANGED
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
24
24
  # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
25
25
  # until we bump Dradis Pro to 4.1.
26
26
  # s.add_dependency 'rails', '~> 4.1.1'
27
- spec.add_dependency 'dradis-plugins', '~> 4.0.0'
27
+ spec.add_dependency 'dradis-plugins', '~> 4.0'
28
28
  spec.add_dependency 'nokogiri', '~> 1.3'
29
29
 
30
30
  spec.add_development_dependency 'bundler', '~> 1.6'
data/lib/dradis/plugins/qualys/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 0
11
+ MINOR = 1
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
data/lib/qualys/element.rb CHANGED
@@ -99,15 +99,20 @@ module Qualys
99
99
  result.gsub!(/<p>/i, "\n\n")
100
100
  result.gsub!(/<br>/i, "\n")
101
101
  result.gsub!(/ /, "")
102
- result.gsub!(/<a href=\"(.*?)\" target=\"_blank\">(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
102
+ result.gsub!(/<a href=\"(.*?)\"\s?target=\"_blank\">(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
103
103
  result.gsub!(/<pre>(.*?)<\/pre>/im) { |m| "\n\nbc.. #{$1.strip}\n\np. \n" }
104
104
  result.gsub!(/<b>(.*?)<\/b>/i) { "*#{$1.strip}*" }
105
+ result.gsub!(/<b>|<\/b>/i, "")
105
106
  result.gsub!(/<i>(.*?)<\/i>/i) { "_#{$1.strip}_" }
107
+
108
+ result.gsub!(/<dl>|<\/dl>/i, "\n")
109
+ result.gsub!(/<dt>(.*?)<\/dt>/i) { "* #{$1.strip}" }
110
+ result.gsub!(/<dd>(.*?)<\/dd>/i) { "** #{$1.strip}" }
106
111
  result
107
112
  end
108
113
 
109
114
  def tags_with_html_content
110
- [:diagnosis, :solution]
115
+ [:consequence, :diagnosis, :solution]
111
116
  end
112
117
 
113
118
  end
data/spec/qualys/importer_spec.rb CHANGED
@@ -86,7 +86,8 @@ module Dradis::Plugins
86
86
  )
87
87
 
88
88
  expect_to_create_issue_with(
89
- text: "Apache Web Server ETag Header Information Disclosure Weakness"
89
+ text: "Apache Web Server ETag Header Information Disclosure Weakness",
90
+ text: "OpenBSD has released a \"patch\":ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch that fixes this vulnerability. After installing the patch, inode numbers returned from the server are encoded using a private hash to avoid the release of sensitive information.\n\n\n\nCustomers"
90
91
  )
91
92
 
92
93
  run_import!
@@ -143,7 +144,7 @@ module Dradis::Plugins
143
144
  context "when an issue has no RESULT element" do
144
145
  #let(:example_xml) { 'spec/fixtures/files/no_result.xml' }
145
146
 
146
- it "detects an issue without a RESULT element and applies (n/a)" do
147
+ it "detects an issue without a RESULT element and applies (n/a) and strips/replaces formatting tags" do
147
148
  # 1 node should be created:
148
149
  expect_to_create_node_with(label: '10.0.155.160')
149
150
 
@@ -151,7 +152,8 @@ module Dradis::Plugins
151
152
  # - TCP/IP: Sequence number in both hosts
152
153
  # Each one should create 1 issue and 1 evidence
153
154
  expect_to_create_issue_with(
154
- text: "Sequence Number Approximation Based Denial of Service"
155
+ text: "Sequence Number Approximation Based Denial of Service",
156
+ text: "Please first check the results section below for the port number on which this vulnerability was detected. If that port number is known to be used for port-forwarding, then it is the backend host that is really vulnerable.\n\n\n\nVarious implementations and products including Check Point, Cisco, Cray Inc, Hitachi, Internet Initiative Japan, Inc (IIJ), Juniper Networks, NEC, Polycom, and Yamaha are currently undergoing review. Contact the vendors to obtain more information about affected products and fixes. \"NISCC Advisory 236929 - Vulnerability Issues in TCP\":http://packetstormsecurity.org/0404-advisories/246929.html details the vendor patch status as of the time of the advisory, and identifies resolutions and workarounds."
155
157
  )
156
158
 
157
159
  expect_to_create_evidence_with(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-qualys
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-03 00:00:00.000000000 Z
11
+ date: 2021-11-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 4.0.0
19
+ version: '4.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 4.0.0
26
+ version: '4.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -107,6 +107,7 @@ files:
107
107
  - ".gitignore"
108
108
  - ".rspec"
109
109
  - CHANGELOG.md
110
+ - CHANGELOG.template
110
111
  - CONTRIBUTING.md
111
112
  - Gemfile
112
113
  - LICENSE
@@ -154,7 +155,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
154
155
  - !ruby/object:Gem::Version
155
156
  version: '0'
156
157
  requirements: []
157
- rubygems_version: 3.1.4
158
+ rubygems_version: 3.1.6
158
159
  signing_key:
159
160
  specification_version: 4
160
161
  summary: Qualys add-on for the Dradis Framework.