dradis-qualys 4.4.0 → 4.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/dradis/plugins/qualys/gem_version.rb +1 -1
- data/lib/qualys/element.rb +18 -12
- data/spec/fixtures/files/with_ciphers.xml +64 -0
- data/spec/qualys/asset/importer_spec.rb +1 -1
- data/spec/qualys/vuln/importer_spec.rb +17 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0504ea6b549f45f867baa52b9719ede56f61334d47df0671abf7c5b3039c157a
|
|
4
|
+
data.tar.gz: f5a740f35c3544f6e8863ee920bbecb67f18516524d17d21861933d150248b54
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 00c451d247bccc3a1ee3c7a2894d49f2bc41c7ca4e1b28deb626c917ae77ee4a2614b9cdb1f5784b9cde1979a4cb7f6861cb3c0d1e75b89f9dc6e1aabd1883de
|
|
7
|
+
data.tar.gz: 535efa81757370066dfb0e5e4ef04622020fec34088dd155de0422de78a7de67e7e0230a953b3eb23342d34ef408dba67b7213b076ae61bf326c2bd51c69bcaa
|
data/CHANGELOG.md
CHANGED
data/lib/qualys/element.rb
CHANGED
|
@@ -31,6 +31,8 @@ module Qualys
|
|
|
31
31
|
# Instead of providing separate methods for each supported property we rely
|
|
32
32
|
# on Ruby's #method_missing to do most of the work.
|
|
33
33
|
class Element
|
|
34
|
+
SSL_CIPHER_VULN_IDS = %w[38140 38141 42366 86729].freeze
|
|
35
|
+
|
|
34
36
|
# Accepts an XML node from Nokogiri::XML.
|
|
35
37
|
def initialize(xml_node)
|
|
36
38
|
@xml = xml_node
|
|
@@ -91,20 +93,12 @@ module Qualys
|
|
|
91
93
|
method_name = method.to_s
|
|
92
94
|
return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
|
|
93
95
|
|
|
94
|
-
# Then we try simple children tags: TITLE, LAST_UPDATE, CVSS_BASE...
|
|
95
96
|
tag = @xml.at_xpath("./#{method_name.upcase}")
|
|
96
|
-
if tag && !tag.text.blank?
|
|
97
|
-
if tags_with_html_content.include?(method)
|
|
98
|
-
return Qualys::cleanup_html(tag.text)
|
|
99
|
-
else
|
|
100
|
-
return tag.text
|
|
101
|
-
end
|
|
102
|
-
else
|
|
103
|
-
'n/a'
|
|
104
|
-
end
|
|
105
|
-
|
|
106
97
|
if method_name == 'qualys_collection'
|
|
107
98
|
@xml.name
|
|
99
|
+
elsif tag && !tag.text.blank?
|
|
100
|
+
vuln_id = @xml.attributes['number'].to_s
|
|
101
|
+
cleanup_tag(method, vuln_id, tag.text)
|
|
108
102
|
else
|
|
109
103
|
# nothing found, the tag is valid but not present in this ReportItem
|
|
110
104
|
return nil
|
|
@@ -113,9 +107,21 @@ module Qualys
|
|
|
113
107
|
|
|
114
108
|
private
|
|
115
109
|
|
|
110
|
+
def add_bc_to_ssl_cipher_list(source)
|
|
111
|
+
result = source
|
|
112
|
+
result.gsub!(/^(.*?):!(.*?)$/) { "\nbc. #{$1}:!#{$2}\n" }
|
|
113
|
+
result
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
def cleanup_tag(method, vuln_id, text)
|
|
117
|
+
result = text
|
|
118
|
+
result = Qualys::cleanup_html(result) if tags_with_html_content.include?(method)
|
|
119
|
+
result = add_bc_to_ssl_cipher_list(result) if SSL_CIPHER_VULN_IDS.include?(vuln_id)
|
|
120
|
+
result
|
|
121
|
+
end
|
|
122
|
+
|
|
116
123
|
def tags_with_html_content
|
|
117
124
|
[:consequence, :diagnosis, :solution]
|
|
118
125
|
end
|
|
119
|
-
|
|
120
126
|
end
|
|
121
127
|
end
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8" ?>
|
|
2
|
+
|
|
3
|
+
<!DOCTYPE SCAN SYSTEM "https://qualysguard.qualys.de/scan-1.dtd">
|
|
4
|
+
<SCAN value="scan/1327124089.959">
|
|
5
|
+
|
|
6
|
+
<HEADER>
|
|
7
|
+
<KEY value="USERNAME">dradispro</KEY>
|
|
8
|
+
<KEY value="COMPANY"><![CDATA[Security Roots]]></KEY>
|
|
9
|
+
<KEY value="DATE">2011-12-20T12:00:00Z</KEY>
|
|
10
|
+
<KEY value="TITLE"><![CDATA[Sample_Test_Scan]]></KEY>
|
|
11
|
+
<KEY value="TARGET">10.0.155.157,10.0.155.160</KEY>
|
|
12
|
+
<KEY value="DURATION">03:42:36</KEY>
|
|
13
|
+
<KEY value="SCAN_HOST">62.210.136.186 (Scanner 4.14.30-1,Web 6.0 FR6 [build 6.3.94-1],Vulnsigs 1.22.62-1)</KEY>
|
|
14
|
+
<KEY value="NBHOST_ALIVE">2</KEY>
|
|
15
|
+
<KEY value="NBHOST_TOTAL">2</KEY>
|
|
16
|
+
<KEY value="REPORT_TYPE">Scheduled</KEY>
|
|
17
|
+
<KEY value="OPTIONS">Full TCP scan, Standard Password Brute Forcing, Load balancer detection OFF, Overall Performance: Custom, Hosts to Scan in Parallel - External Scanners: 1, Hosts to Scan in Parallel - Scanner Appliances: 1, Total Processes to Run in Parallel: 1, HTTP Processes to Run in Parallel: 1, Packet (Burst) Delay: Maximum</KEY>
|
|
18
|
+
<KEY value="STATUS">FINISHED</KEY>
|
|
19
|
+
<OPTION_PROFILE>
|
|
20
|
+
<OPTION_PROFILE_TITLE option_profile_default="0"><![CDATA[Payment Card Industry (PCI) Options]]></OPTION_PROFILE_TITLE>
|
|
21
|
+
</OPTION_PROFILE>
|
|
22
|
+
</HEADER>
|
|
23
|
+
|
|
24
|
+
<IP value="10.0.155.160" name="No registered hostname">
|
|
25
|
+
<OS><![CDATA[Linux 2.4-2.6]]></OS>
|
|
26
|
+
<VULNS>
|
|
27
|
+
<CAT value="Web server" port="80" protocol="tcp">
|
|
28
|
+
<VULN number="38140" severity="1">
|
|
29
|
+
<TITLE><![CDATA[Apache Web Server ETag Header Information Disclosure Weakness]]></TITLE>
|
|
30
|
+
<LAST_UPDATE><![CDATA[2007-10-18T18:42:10Z]]></LAST_UPDATE>
|
|
31
|
+
<CVSS_BASE source="service">4.3</CVSS_BASE>
|
|
32
|
+
<CVSS_TEMPORAL>3.5</CVSS_TEMPORAL>
|
|
33
|
+
<PCI_FLAG>0</PCI_FLAG>
|
|
34
|
+
<BUGTRAQ_ID_LIST>
|
|
35
|
+
<BUGTRAQ_ID>
|
|
36
|
+
<ID><![CDATA[6939]]></ID>
|
|
37
|
+
<URL><![CDATA[http://www.securityfocus.com/bid/6939]]></URL>
|
|
38
|
+
</BUGTRAQ_ID>
|
|
39
|
+
</BUGTRAQ_ID_LIST>
|
|
40
|
+
<DIAGNOSIS>
|
|
41
|
+
<![CDATA[The Apache HTTP Server is a popular, open-source HTTP server for multiple platforms, including Windows, Unix, and Linux.
|
|
42
|
+
<P>
|
|
43
|
+
A cache management feature for Apache makes use of an entity tag (ETag) header. When this option is enabled and a request is made for a document relating to a file, an ETag response header is returned containing various file attributes for caching purposes. ETag information allows subsequent file requests to contain specific information, such as the file's inode number.
|
|
44
|
+
<P>
|
|
45
|
+
A weakness has been found in the generation of ETag headers under certain configurations implementing the FileETag directive. Among the file attributes included in the header is the file inode number that is returned to a client. In Apache Versions 1.3.22 and earlier, it's not possible to disable inodes in in ETag headers. In later versions, the default behavior is to release this sensitive information.]]>
|
|
46
|
+
</DIAGNOSIS>
|
|
47
|
+
<CONSEQUENCE><![CDATA[This vulnerability poses a security risk, as the disclosure of inode information may aid in launching attacks against other network-based services. For instance, NFS uses inode numbers to generate file handles.]]></CONSEQUENCE>
|
|
48
|
+
<SOLUTION>
|
|
49
|
+
<![CDATA[OpenBSD has released a <A HREF="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch" TARGET="_blank">patch</A> that fixes this vulnerability. After installing the patch, inode numbers returned from the server are encoded using a private hash to avoid the release of sensitive information.
|
|
50
|
+
<P>
|
|
51
|
+
Customers are advised to upgrade to the latest version of Apache. In Apache Version <A HREF="http://httpd.apache.org/docs/1.3/mod/core.html#fileetag" TARGET="_blank">1.3.23</A> and later, it's possible to configure the FileETag directive to generate ETag headers without inode information.
|
|
52
|
+
To do so, include "FileETag -INode" in the Apache server configuration file for a specific subdirectory.<P>
|
|
53
|
+
In order to fix this vulnerability globally, for the Web server, use the option "FileETag None". Use the option "FileETag
|
|
54
|
+
MTime Size" if you just want to remove the Inode information.
|
|
55
|
+
<P>SSLCipherSuite RC4-SHA:HIGH:!ADH<P>
|
|
56
|
+
]]>
|
|
57
|
+
</SOLUTION>
|
|
58
|
+
<RESULT><![CDATA["3bee-4f12-00794aef"]]></RESULT>
|
|
59
|
+
</VULN>
|
|
60
|
+
</CAT>
|
|
61
|
+
</VULNS>
|
|
62
|
+
</IP>
|
|
63
|
+
</SCAN>
|
|
64
|
+
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2008, Qualys, Inc. //-->
|
|
@@ -143,5 +143,22 @@ module Dradis::Plugins
|
|
|
143
143
|
@importer.import(file: 'spec/fixtures/files/no_result.xml')
|
|
144
144
|
end
|
|
145
145
|
end
|
|
146
|
+
|
|
147
|
+
context 'VULN with ciphers' do
|
|
148
|
+
it 'wraps cipher in code block' do
|
|
149
|
+
expect_to_create_issue_with(
|
|
150
|
+
text: "\nbc. SSLCipherSuite RC4-SHA:HIGH:!ADH"
|
|
151
|
+
)
|
|
152
|
+
|
|
153
|
+
@importer.import(file: 'spec/fixtures/files/with_ciphers.xml')
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
def expect_to_create_issue_with(text:)
|
|
158
|
+
expect(@content_service).to receive(:create_issue) do |args|
|
|
159
|
+
expect(args[:text]).to include text
|
|
160
|
+
OpenStruct.new(args)
|
|
161
|
+
end.once
|
|
162
|
+
end
|
|
146
163
|
end
|
|
147
164
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-qualys
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-08-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -135,6 +135,7 @@ files:
|
|
|
135
135
|
- spec/fixtures/files/simple_asset.xml
|
|
136
136
|
- spec/fixtures/files/simple_was.xml
|
|
137
137
|
- spec/fixtures/files/two_hosts_common_issue.xml
|
|
138
|
+
- spec/fixtures/files/with_ciphers.xml
|
|
138
139
|
- spec/qualys/asset/importer_spec.rb
|
|
139
140
|
- spec/qualys/element_spec.rb
|
|
140
141
|
- spec/qualys/vuln/importer_spec.rb
|
|
@@ -178,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
178
179
|
- !ruby/object:Gem::Version
|
|
179
180
|
version: '0'
|
|
180
181
|
requirements: []
|
|
181
|
-
rubygems_version: 3.2.
|
|
182
|
+
rubygems_version: 3.2.28
|
|
182
183
|
signing_key:
|
|
183
184
|
specification_version: 4
|
|
184
185
|
summary: Qualys add-on for the Dradis Framework.
|
|
@@ -189,6 +190,7 @@ test_files:
|
|
|
189
190
|
- spec/fixtures/files/simple_asset.xml
|
|
190
191
|
- spec/fixtures/files/simple_was.xml
|
|
191
192
|
- spec/fixtures/files/two_hosts_common_issue.xml
|
|
193
|
+
- spec/fixtures/files/with_ciphers.xml
|
|
192
194
|
- spec/qualys/asset/importer_spec.rb
|
|
193
195
|
- spec/qualys/element_spec.rb
|
|
194
196
|
- spec/qualys/vuln/importer_spec.rb
|