dradis-wpscan 4.10.0 → 4.12.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 04053fb23a9bd7d39c7c5640b0a3d8a9bac576de9f09a4d5ac163de670975887
4
- data.tar.gz: 4bd01d6905569d04ddf5934744af6036cbce3f55b9cdfb0656163b8fb56d828e
3
+ metadata.gz: 812a679e762e731665a5f795b3ff2848573f6dd454703cea6bb8b94a765b2fc7
4
+ data.tar.gz: 2754978e12588efb5418e718fbb4aa7322bb516b26549596617e86730583846b
5
5
  SHA512:
6
- metadata.gz: 8becfb81a6b67a4ccf52ac15e8a38b071416d14e4f07a3cee77893cd24a84f89badf549a0acc6f82127f28d34b44dcb1ba40659d06ba3bbd036c4d68eca6fedb
7
- data.tar.gz: 48ee083ec5ad44ead933671b8593cd14189dbd55a750516361df2ebaa02f99ac856b783d7b668d9afcb165f4d4e48143c70650d8609560c38e8b39c1d6a620bd
6
+ metadata.gz: '052689636604d9fc6c4b205485ee555cb317109e3b90506215e7c99b9642d1a70ec2f406d87e655d954104a31299d93bd0bd33a994a035e38a43d4909603d837'
7
+ data.tar.gz: 56754118a893197ba264459444065704f5b53f9e84592356ebb6877d630ea2270ddf96290e4078ed36e27754718b069c63771281083ed7632159bfe61d977f56
@@ -1,3 +1,5 @@
1
+ Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
2
+
1
3
  ### Summary
2
4
 
3
5
  Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
6
8
  to keep the conversation linked together.
7
9
 
8
10
 
11
+ ### Testing Steps
12
+
13
+ Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
14
+
15
+
9
16
  ### Other Information
10
17
 
11
18
  If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
26
33
  codebase. Any code you create which is merged must be owned by us.
27
34
  That's not us trying to be a jerks, that's just the way it works.
28
35
 
29
- Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
30
- file for the details.
31
-
32
36
  You can delete this section, but the following sentence needs to
33
37
  remain in the PR's description:
34
38
 
35
39
  > I assign all rights, including copyright, to any future Dradis
36
40
  > work by myself to Security Roots.
41
+
42
+ ### Check List
43
+
44
+ - [ ] Added a CHANGELOG entry
45
+ - [ ] Added specs
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ v4.12.0 (May 2024)
2
+ - Migrate integration to use Mappings Manager
3
+ - Update Dradis links in README
4
+
5
+ v4.11.0 (January 2024)
6
+ - No changes
7
+
1
8
  v4.10.0 (September 2023)
2
9
  - Import "version" findings with status: outdated
3
10
  - Update gemspec links
data/README.md CHANGED
@@ -4,17 +4,16 @@
4
4
 
5
5
  Upload [WPScan](https://wpscan.org/) security scanner JSON output into Dradis.
6
6
 
7
- The add-on requires [Dradis CE](https://dradisframework.com/ce/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
8
-
7
+ The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
9
8
 
10
9
  ## More information
11
10
 
12
- See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
11
+ See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
13
12
 
14
13
 
15
14
  ## Contributing
16
15
 
17
- See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
16
+ See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
18
17
 
19
18
 
20
19
  ## License
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 10
11
+ MINOR = 12
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -66,7 +66,7 @@ module Dradis::Plugins::Wpscan
66
66
  node.set_property(:scan_time, data['elapsed'])
67
67
  end
68
68
 
69
- scan_info = template_service.process_template(template: 'scan_info', data: data)
69
+ scan_info = mapping_service.apply_mapping(source: 'scan_info', data: data)
70
70
  content_service.create_note text: scan_info, node: node
71
71
 
72
72
  node
@@ -108,11 +108,11 @@ module Dradis::Plugins::Wpscan
108
108
  vulnerabilities.each do |vulnerability|
109
109
  logger.info { "Adding vulnerability: #{vulnerability['title']}" }
110
110
 
111
- vulnerability_template = template_service.process_template(template: 'vulnerability', data: vulnerability)
111
+ vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
112
112
  issue = content_service.create_issue(text: vulnerability_template, id: vulnerability['wpvulndb_id'], node: node)
113
113
 
114
114
  if vulnerability['evidence']
115
- evidence_content = template_service.process_template(template: 'evidence', data: vulnerability)
115
+ evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
116
116
  content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
117
117
  end
118
118
  end
@@ -167,11 +167,11 @@ module Dradis::Plugins::Wpscan
167
167
  vulnerabilities.each do |vulnerability|
168
168
  logger.info { "Adding vulnerability: #{vulnerability['title']}" }
169
169
 
170
- vulnerability_template = template_service.process_template(template: 'vulnerability', data: vulnerability)
170
+ vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
171
171
  issue = content_service.create_issue(text: vulnerability_template, id: "wpscan_#{rand(999999)}")
172
172
 
173
173
  if vulnerability['evidence']
174
- evidence_content = template_service.process_template(template: 'evidence', data: vulnerability)
174
+ evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
175
175
  content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
176
176
  end
177
177
  end
@@ -0,0 +1,51 @@
1
+ module Dradis::Plugins::Wpscan
2
+ module Mapping
3
+ DEFAULT_MAPPING = {
4
+ evidence: {
5
+ 'Evidence' => '{{ wpscan[evidence.evidence] }}'
6
+ },
7
+ scan_info: {
8
+ 'Title' => 'WPScan Scan Information',
9
+ 'TargetURL' => '{{ wpscan[scan_info.target_url] }}',
10
+ 'WordpressVersion' => '{{ wpscan[scan_info.wordpress_version] }}',
11
+ 'Plugins' => '{{ wpscan[scan_info.plugins_string] }}',
12
+ 'Themes' => '{{ wpscan[scan_info.themes_string] }}',
13
+ 'Users' => '{{ wpscan[scan_info.users] }}',
14
+ 'WPScanVersion' => '{{ wpscan[scan_info.wpscan_version] }}',
15
+ 'StartTime' => '{{ wpscan[scan_info.start_time] }}',
16
+ 'TotalScanTime' => '{{ wpscan[scan_info.elapsed] }}'
17
+ },
18
+ vulnerability: {
19
+ 'Title' => '{{ wpscan[vulnerability.title] }}',
20
+ 'FixedIn' => '{{ wpscan[vulnerability.fixed_in] }}',
21
+ 'CVE' => '{{ wpscan[vulnerability.cve] }}',
22
+ 'References' => '{{ wpscan[vulnerability.url] }}',
23
+ 'WPVulnDB' => '{{ wpscan[vulnerability.wpvulndb_url] }}'
24
+ }
25
+ }.freeze
26
+
27
+ SOURCE_FIELDS = {
28
+ evidence: [
29
+ 'evidence.evidence'
30
+ ],
31
+ scan_info: [
32
+ 'scan_info.target_url',
33
+ 'scan_info.wpscan_version',
34
+ 'scan_info.start_time',
35
+ 'scan_info.elapsed',
36
+ 'scan_info.wordpress_version',
37
+ 'scan_info.plugins_string',
38
+ 'scan_info.themes_string',
39
+ 'scan_info.users'
40
+ ],
41
+ vulnerability: [
42
+ 'vulnerability.title',
43
+ 'vulnerability.fixed_in',
44
+ 'vulnerability.cve',
45
+ 'vulnerability.url',
46
+ 'vulnerability.wpvulndb_url',
47
+ 'vulnerability.wpvulndb_id'
48
+ ]
49
+ }.freeze
50
+ end
51
+ end
@@ -7,5 +7,6 @@ end
7
7
 
8
8
  require 'dradis/plugins/wpscan/engine'
9
9
  require 'dradis/plugins/wpscan/field_processor'
10
+ require 'dradis/plugins/wpscan/mapping'
10
11
  require 'dradis/plugins/wpscan/importer'
11
12
  require 'dradis/plugins/wpscan/version'
metadata CHANGED
@@ -1,17 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.10.0
4
+ version: 4.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Christian Mehlmauer
8
8
  - Daniel Martin
9
9
  - Erwan
10
10
  - Ryan Dewhurst
11
- autorequire:
11
+ autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2023-09-07 00:00:00.000000000 Z
14
+ date: 2024-05-07 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: dradis-plugins
@@ -99,7 +99,7 @@ dependencies:
99
99
  version: 0.5.2
100
100
  description: This add-on allows you to upload and parse output produced from the WPScan
101
101
  WordPress security scanner into Dradis.
102
- email:
102
+ email:
103
103
  executables: []
104
104
  extensions: []
105
105
  extra_rdoc_files: []
@@ -122,6 +122,7 @@ files:
122
122
  - lib/dradis/plugins/wpscan/field_processor.rb
123
123
  - lib/dradis/plugins/wpscan/gem_version.rb
124
124
  - lib/dradis/plugins/wpscan/importer.rb
125
+ - lib/dradis/plugins/wpscan/mapping.rb
125
126
  - lib/dradis/plugins/wpscan/version.rb
126
127
  - lib/tasks/thorfile.rb
127
128
  - output.json
@@ -129,20 +130,14 @@ files:
129
130
  - spec/fixtures/files/sample.json
130
131
  - spec/spec_helper.rb
131
132
  - spec/wpscan_upload_spec.rb
132
- - templates/evidence.fields
133
133
  - templates/evidence.sample
134
- - templates/evidence.template
135
- - templates/scan_info.fields
136
134
  - templates/scan_info.sample
137
- - templates/scan_info.template
138
- - templates/vulnerability.fields
139
135
  - templates/vulnerability.sample
140
- - templates/vulnerability.template
141
136
  homepage: https://dradis.com/integrations/wpscan.html
142
137
  licenses:
143
138
  - GPL-2
144
139
  metadata: {}
145
- post_install_message:
140
+ post_install_message:
146
141
  rdoc_options: []
147
142
  require_paths:
148
143
  - lib
@@ -158,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
158
153
  version: '0'
159
154
  requirements: []
160
155
  rubygems_version: 3.1.4
161
- signing_key:
156
+ signing_key:
162
157
  specification_version: 4
163
158
  summary: WPScan add-on for the Dradis Framework.
164
159
  test_files:
@@ -1 +0,0 @@
1
- evidence.evidence
@@ -1,2 +0,0 @@
1
- #[Evidence]#
2
- %evidence.evidence%
@@ -1,8 +0,0 @@
1
- scan_info.target_url
2
- scan_info.wpscan_version
3
- scan_info.start_time
4
- scan_info.elapsed
5
- scan_info.wordpress_version
6
- scan_info.plugins_string
7
- scan_info.themes_string
8
- scan_info.users
@@ -1,34 +0,0 @@
1
- #[Title]#
2
- WPScan Scan Information
3
-
4
-
5
- #[TargetURL]#
6
- %scan_info.target_url%
7
-
8
-
9
- #[WordpressVersion]#
10
- %scan_info.wordpress_version%
11
-
12
-
13
- #[Plugins]#
14
- %scan_info.plugins_string%
15
-
16
-
17
- #[Themes]#
18
- %scan_info.themes_string%
19
-
20
-
21
- #[Users]#
22
- %scan_info.users%
23
-
24
-
25
- #[WPScanVersion]#
26
- %scan_info.wpscan_version%
27
-
28
-
29
- #[StartTime]#
30
- %scan_info.start_time%
31
-
32
-
33
- #[TotalScanTime]#
34
- %scan_info.elapsed%
@@ -1,6 +0,0 @@
1
- vulnerability.title
2
- vulnerability.fixed_in
3
- vulnerability.cve
4
- vulnerability.url
5
- vulnerability.wpvulndb_url
6
- vulnerability.wpvulndb_id
@@ -1,18 +0,0 @@
1
- #[Title]#
2
- %vulnerability.title%
3
-
4
-
5
- #[FixedIn]#
6
- %vulnerability.fixed_in%
7
-
8
-
9
- #[CVE]#
10
- %vulnerability.cve%
11
-
12
-
13
- #[References]#
14
- %vulnerability.url%
15
-
16
-
17
- #[WPVulnDB]#
18
- %vulnerability.wpvulndb_url%