RubyGems - dradis-wpscan - Versions diffs - 4.10.0 → 4.12.0 - Mend

dradis-wpscan 4.10.0 → 4.12.0

Files changed (15) hide show

checksums.yaml +4 -4
data/.github/pull_request_template.md +12 -3
data/CHANGELOG.md +7 -0
data/README.md +3 -4
data/lib/dradis/plugins/wpscan/gem_version.rb +1 -1
data/lib/dradis/plugins/wpscan/importer.rb +5 -5
data/lib/dradis/plugins/wpscan/mapping.rb +51 -0
data/lib/dradis/plugins/wpscan.rb +1 -0
metadata +7 -12
data/templates/evidence.fields +0 -1
data/templates/evidence.template +0 -2
data/templates/scan_info.fields +0 -8
data/templates/scan_info.template +0 -34
data/templates/vulnerability.fields +0 -6
data/templates/vulnerability.template +0 -18

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 04053fb23a9bd7d39c7c5640b0a3d8a9bac576de9f09a4d5ac163de670975887
-  data.tar.gz: 4bd01d6905569d04ddf5934744af6036cbce3f55b9cdfb0656163b8fb56d828e
+  metadata.gz: 812a679e762e731665a5f795b3ff2848573f6dd454703cea6bb8b94a765b2fc7
+  data.tar.gz: 2754978e12588efb5418e718fbb4aa7322bb516b26549596617e86730583846b
 SHA512:
-  metadata.gz: 8becfb81a6b67a4ccf52ac15e8a38b071416d14e4f07a3cee77893cd24a84f89badf549a0acc6f82127f28d34b44dcb1ba40659d06ba3bbd036c4d68eca6fedb
-  data.tar.gz: 48ee083ec5ad44ead933671b8593cd14189dbd55a750516361df2ebaa02f99ac856b783d7b668d9afcb165f4d4e48143c70650d8609560c38e8b39c1d6a620bd
+  metadata.gz: '052689636604d9fc6c4b205485ee555cb317109e3b90506215e7c99b9642d1a70ec2f406d87e655d954104a31299d93bd0bd33a994a035e38a43d4909603d837'
+  data.tar.gz: 56754118a893197ba264459444065704f5b53f9e84592356ebb6877d630ea2270ddf96290e4078ed36e27754718b069c63771281083ed7632159bfe61d977f56

data/.github/pull_request_template.md CHANGED Viewed

@@ -1,3 +1,5 @@
+Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
 ### Summary
 Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
 to keep the conversation linked together.
+### Testing Steps
+Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
 ### Other Information
 If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
 codebase. Any code you create which is merged must be owned by us.
 That's not us trying to be a jerks, that's just the way it works.
-Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
-file for the details.
 You can delete this section, but the following sentence needs to
 remain in the PR's description:
 > I assign all rights, including copyright, to any future Dradis
 > work by myself to Security Roots.
+### Check List
+- [ ] Added a CHANGELOG entry
+- [ ] Added specs

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,10 @@
+v4.12.0 (May 2024)
+ - Migrate integration to use Mappings Manager
+ - Update Dradis links in README
+v4.11.0 (January 2024)
+  - No changes
 v4.10.0 (September 2023)
   - Import "version" findings with status: outdated
   - Update gemspec links

data/README.md CHANGED Viewed

@@ -4,17 +4,16 @@
 Upload [WPScan](https://wpscan.org/) security scanner JSON output into Dradis.
-The add-on requires [Dradis CE](https://dradisframework.com/ce/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 ## More information
-See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
 ## Contributing
-See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
 ## License

data/lib/dradis/plugins/wpscan/gem_version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 10
+        MINOR = 12
         TINY = 0
         PRE = nil

data/lib/dradis/plugins/wpscan/importer.rb CHANGED Viewed

@@ -66,7 +66,7 @@ module Dradis::Plugins::Wpscan
         node.set_property(:scan_time, data['elapsed'])
       end
-      scan_info = template_service.process_template(template: 'scan_info', data: data)
+      scan_info = mapping_service.apply_mapping(source: 'scan_info', data: data)
       content_service.create_note text: scan_info, node: node
       node
@@ -108,11 +108,11 @@ module Dradis::Plugins::Wpscan
       vulnerabilities.each do |vulnerability|
         logger.info { "Adding vulnerability: #{vulnerability['title']}" }
-        vulnerability_template = template_service.process_template(template: 'vulnerability', data: vulnerability)
+        vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
         issue = content_service.create_issue(text: vulnerability_template, id: vulnerability['wpvulndb_id'], node: node)
         if vulnerability['evidence']
-          evidence_content = template_service.process_template(template: 'evidence', data: vulnerability)
+          evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
           content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
         end
       end
@@ -167,11 +167,11 @@ module Dradis::Plugins::Wpscan
       vulnerabilities.each do |vulnerability|
         logger.info { "Adding vulnerability: #{vulnerability['title']}" }
-        vulnerability_template = template_service.process_template(template: 'vulnerability', data: vulnerability)
+        vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
         issue = content_service.create_issue(text: vulnerability_template, id: "wpscan_#{rand(999999)}")
         if vulnerability['evidence']
-          evidence_content = template_service.process_template(template: 'evidence', data: vulnerability)
+          evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
           content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
         end
       end

data/lib/dradis/plugins/wpscan/mapping.rb ADDED Viewed

@@ -0,0 +1,51 @@
+module Dradis::Plugins::Wpscan
+  module Mapping
+    DEFAULT_MAPPING = {
+      evidence: {
+        'Evidence' => '{{ wpscan[evidence.evidence] }}'
+      },
+      scan_info: {
+        'Title' => 'WPScan Scan Information',
+        'TargetURL' => '{{ wpscan[scan_info.target_url] }}',
+        'WordpressVersion' => '{{ wpscan[scan_info.wordpress_version] }}',
+        'Plugins' => '{{ wpscan[scan_info.plugins_string] }}',
+        'Themes' => '{{ wpscan[scan_info.themes_string] }}',
+        'Users' => '{{ wpscan[scan_info.users] }}',
+        'WPScanVersion' => '{{ wpscan[scan_info.wpscan_version] }}',
+        'StartTime' => '{{ wpscan[scan_info.start_time] }}',
+        'TotalScanTime' => '{{ wpscan[scan_info.elapsed] }}'
+      },
+      vulnerability: {
+        'Title' => '{{ wpscan[vulnerability.title] }}',
+        'FixedIn' => '{{ wpscan[vulnerability.fixed_in] }}',
+        'CVE' => '{{ wpscan[vulnerability.cve] }}',
+        'References' => '{{ wpscan[vulnerability.url] }}',
+        'WPVulnDB' => '{{ wpscan[vulnerability.wpvulndb_url] }}'
+      }
+    }.freeze
+    SOURCE_FIELDS = {
+      evidence: [
+        'evidence.evidence'
+      ],
+      scan_info: [
+        'scan_info.target_url',
+        'scan_info.wpscan_version',
+        'scan_info.start_time',
+        'scan_info.elapsed',
+        'scan_info.wordpress_version',
+        'scan_info.plugins_string',
+        'scan_info.themes_string',
+        'scan_info.users'
+      ],
+      vulnerability: [
+        'vulnerability.title',
+        'vulnerability.fixed_in',
+        'vulnerability.cve',
+        'vulnerability.url',
+        'vulnerability.wpvulndb_url',
+        'vulnerability.wpvulndb_id'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/wpscan.rb CHANGED Viewed

@@ -7,5 +7,6 @@ end
 require 'dradis/plugins/wpscan/engine'
 require 'dradis/plugins/wpscan/field_processor'
+require 'dradis/plugins/wpscan/mapping'
 require 'dradis/plugins/wpscan/importer'
 require 'dradis/plugins/wpscan/version'

metadata CHANGED Viewed

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: dradis-wpscan
 version: !ruby/object:Gem::Version
-  version: 4.10.0
+  version: 4.12.0
 platform: ruby
 authors:
 - Christian Mehlmauer
 - Daniel Martin
 - Erwan
 - Ryan Dewhurst
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-07 00:00:00.000000000 Z
+date: 2024-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -99,7 +99,7 @@ dependencies:
         version: 0.5.2
 description: This add-on allows you to upload and parse output produced from the WPScan
   WordPress security scanner into Dradis.
-email:
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -122,6 +122,7 @@ files:
 - lib/dradis/plugins/wpscan/field_processor.rb
 - lib/dradis/plugins/wpscan/gem_version.rb
 - lib/dradis/plugins/wpscan/importer.rb
+- lib/dradis/plugins/wpscan/mapping.rb
 - lib/dradis/plugins/wpscan/version.rb
 - lib/tasks/thorfile.rb
 - output.json
@@ -129,20 +130,14 @@ files:
 - spec/fixtures/files/sample.json
 - spec/spec_helper.rb
 - spec/wpscan_upload_spec.rb
-- templates/evidence.fields
 - templates/evidence.sample
-- templates/evidence.template
-- templates/scan_info.fields
 - templates/scan_info.sample
-- templates/scan_info.template
-- templates/vulnerability.fields
 - templates/vulnerability.sample
-- templates/vulnerability.template
 homepage: https://dradis.com/integrations/wpscan.html
 licenses:
 - GPL-2
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -158,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.4
-signing_key:
+signing_key:
 specification_version: 4
 summary: WPScan add-on for the Dradis Framework.
 test_files:

data/templates/evidence.fields DELETED Viewed

	@@ -1 +0,0 @@
1	- evidence.evidence

data/templates/evidence.template DELETED Viewed

	@@ -1,2 +0,0 @@
1	- #[Evidence]#
2	- %evidence.evidence%

data/templates/scan_info.fields DELETED Viewed

@@ -1,8 +0,0 @@
-scan_info.target_url
-scan_info.wpscan_version
-scan_info.start_time
-scan_info.elapsed
-scan_info.wordpress_version
-scan_info.plugins_string
-scan_info.themes_string
-scan_info.users

data/templates/scan_info.template DELETED Viewed

@@ -1,34 +0,0 @@
-#[Title]#
-WPScan Scan Information
-#[TargetURL]#
-%scan_info.target_url%
-#[WordpressVersion]#
-%scan_info.wordpress_version%
-#[Plugins]#
-%scan_info.plugins_string%
-#[Themes]#
-%scan_info.themes_string%
-#[Users]#
-%scan_info.users%
-#[WPScanVersion]#
-%scan_info.wpscan_version%
-#[StartTime]#
-%scan_info.start_time%
-#[TotalScanTime]#
-%scan_info.elapsed%

data/templates/vulnerability.fields DELETED Viewed

@@ -1,6 +0,0 @@
-vulnerability.title
-vulnerability.fixed_in
-vulnerability.cve
-vulnerability.url
-vulnerability.wpvulndb_url
-vulnerability.wpvulndb_id

data/templates/vulnerability.template DELETED Viewed

@@ -1,18 +0,0 @@
-#[Title]#
-%vulnerability.title%
-#[FixedIn]#
-%vulnerability.fixed_in%
-#[CVE]#
-%vulnerability.cve%
-#[References]#
-%vulnerability.url%
-#[WPVulnDB]#
-%vulnerability.wpvulndb_url%