dradis-qualys 4.8.0 → 4.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/dradis/plugins/qualys/gem_version.rb +1 -1
- data/lib/qualys/was/vulnerability.rb +37 -7
- data/templates/was-evidence.fields +5 -0
- data/templates/was-evidence.template +13 -8
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ef14a4a46502ad8ac98818f7b04d8cbe31f44c15c4773ff522dd7ee902493b5
|
|
4
|
+
data.tar.gz: 8474cc15162e1a000fd8479ad3e17c4afa68652792815e24eea6fa309c799b49
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fb173d9b80fa0f7a3f272d79e54a3d1f250bebca49eaacfd3909144cf470bbcdd50055b6b19346664aacc080d9cf6289c8942361504654af065e1ed4296dd16d
|
|
7
|
+
data.tar.gz: 0bc1694d295160eacf438c82c541301868b90ebf9c0a70e3f4da5beefb4d7fd09a4cc966fedd60732505e4a0880d8bbe8621c09f41151c430ca3366fe121e5a0
|
data/CHANGELOG.md
CHANGED
|
@@ -18,7 +18,10 @@ module Qualys::WAS
|
|
|
18
18
|
def supported_tags
|
|
19
19
|
[
|
|
20
20
|
# simple tags
|
|
21
|
-
:access_paths,
|
|
21
|
+
:access_paths, :ajax, :authentication, :ignored, :potential, :url,
|
|
22
|
+
|
|
23
|
+
# nested tags
|
|
24
|
+
:response_contents, :response_evidence, :request_headers, :request_method, :request_url
|
|
22
25
|
]
|
|
23
26
|
end
|
|
24
27
|
|
|
@@ -45,24 +48,51 @@ module Qualys::WAS
|
|
|
45
48
|
return
|
|
46
49
|
end
|
|
47
50
|
|
|
48
|
-
|
|
51
|
+
# Any fields where a simple .camelcase() won't work we need to translate,
|
|
52
|
+
# this includes acronyms (e.g. :cwe would become 'Cwe') and simple nested
|
|
53
|
+
# tags.
|
|
54
|
+
translations_table = {
|
|
55
|
+
access_paths: 'ACCESS_PATH/URL',
|
|
56
|
+
request_headers: 'PAYLOADS/PAYLOAD/REQUEST/HEADERS',
|
|
57
|
+
request_method: 'PAYLOADS/PAYLOAD/REQUEST/METHOD',
|
|
58
|
+
request_url: 'PAYLOADS/PAYLOAD/REQUEST/URL',
|
|
59
|
+
response_contents: 'PAYLOADS/PAYLOAD/RESPONSE/CONTENTS',
|
|
60
|
+
response_evidence: 'PAYLOADS/PAYLOAD/RESPONSE/EVIDENCE'
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
method_name = translations_table.fetch(method, method.to_s.upcase)
|
|
49
64
|
|
|
50
65
|
# Then we try simple children tags: TITLE, LAST_UPDATE, CVSS_BASE...
|
|
51
|
-
tag = @xml.at_xpath("./#{method_name
|
|
66
|
+
tag = @xml.at_xpath("./#{method_name}")
|
|
52
67
|
if tag && !tag.text.blank?
|
|
53
|
-
if
|
|
54
|
-
return
|
|
68
|
+
if tags_with_base64.include?(method)
|
|
69
|
+
return decode_base64(tag)
|
|
55
70
|
else
|
|
56
71
|
return tag.text
|
|
57
72
|
end
|
|
58
73
|
else
|
|
59
74
|
'n/a'
|
|
60
75
|
end
|
|
76
|
+
|
|
61
77
|
end
|
|
62
78
|
|
|
63
79
|
private
|
|
64
|
-
|
|
65
|
-
|
|
80
|
+
|
|
81
|
+
def tags_with_base64
|
|
82
|
+
[:response_contents, :response_evidence]
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def decode_base64(tag)
|
|
86
|
+
return 'n/a' unless tag
|
|
87
|
+
|
|
88
|
+
if tag['base64'] == 'true'
|
|
89
|
+
# The force_encoding is necessary as there is non-UTF content in the strings like \xE2
|
|
90
|
+
Base64.decode64(tag.text).force_encoding('UTF-8')
|
|
91
|
+
else
|
|
92
|
+
tag.text
|
|
93
|
+
end
|
|
66
94
|
end
|
|
95
|
+
|
|
96
|
+
|
|
67
97
|
end
|
|
68
98
|
end
|
|
@@ -3,4 +3,9 @@ was-evidence.ajax
|
|
|
3
3
|
was-evidence.authentication
|
|
4
4
|
was-evidence.ignored
|
|
5
5
|
was-evidence.potential
|
|
6
|
+
was-evidence.request_headers
|
|
7
|
+
was-evidence.request_method
|
|
8
|
+
was-evidence.request_url
|
|
9
|
+
was-evidence.response_contents
|
|
10
|
+
was-evidence.response_evidence
|
|
6
11
|
was-evidence.url
|
|
@@ -1,11 +1,16 @@
|
|
|
1
1
|
#[Location]#
|
|
2
2
|
%was-evidence.url%
|
|
3
3
|
|
|
4
|
-
#[
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
4
|
+
#[Output]#
|
|
5
|
+
*Request*
|
|
6
|
+
|
|
7
|
+
Method: %was-evidence.request_method%
|
|
8
|
+
URL: %was-evidence.request_url%
|
|
9
|
+
|
|
10
|
+
bc.. %was-evidence.request_headers%
|
|
11
|
+
|
|
12
|
+
p. *Response*
|
|
13
|
+
|
|
14
|
+
Evidence: %was-evidence.response_evidence%
|
|
15
|
+
|
|
16
|
+
bc.. %was-evidence.response_contents%
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-qualys
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-05-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -164,7 +164,7 @@ homepage: http://dradisframework.org
|
|
|
164
164
|
licenses:
|
|
165
165
|
- GPL-2
|
|
166
166
|
metadata: {}
|
|
167
|
-
post_install_message:
|
|
167
|
+
post_install_message:
|
|
168
168
|
rdoc_options: []
|
|
169
169
|
require_paths:
|
|
170
170
|
- lib
|
|
@@ -179,8 +179,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
179
179
|
- !ruby/object:Gem::Version
|
|
180
180
|
version: '0'
|
|
181
181
|
requirements: []
|
|
182
|
-
rubygems_version: 3.
|
|
183
|
-
signing_key:
|
|
182
|
+
rubygems_version: 3.1.4
|
|
183
|
+
signing_key:
|
|
184
184
|
specification_version: 4
|
|
185
185
|
summary: Qualys add-on for the Dradis Framework.
|
|
186
186
|
test_files:
|