dradis-wpscan 4.11.0 → 4.13.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2ae29d68f45bd66f747c8b908df0825151fff3cd63930fc575f34facd624d4d5
4
- data.tar.gz: dcfd3644a8e7548116822285d4daa25e16530f06e06bacc6634689aa6c62d220
3
+ metadata.gz: 84e74a2f6395035d66171cf3109a8568b0aa2568e312b0bdcf679d75a6c88d08
4
+ data.tar.gz: 3a133b7c552fc5fc33a5cf56b0c2447d0fef633c63d07e1a7b847d5068ad37e9
5
5
  SHA512:
6
- metadata.gz: 3df23441ee1c6af6e5e8bdd6ef388a41d61e4d2ca72dad747a054f585c313c2ee899e208467d9873095ca2622d4591199cabcb6e935122804435e7974acd497b
7
- data.tar.gz: fa06b88a2e4c91e81a4167f1e32d575a73c5083a0b0b0b6a2c837686c34f6d08441466b7388ea52797a6880df4f28a0329ba11744642c12b67cb4f85627ae48d
6
+ metadata.gz: 8acde751028e416ebdee8bd3c12ef3c928884fad9b3b8611c539e23735c63b07fd610af138e3310a42db4784d03cde67d1675f57138067b72f4bf921dae36060
7
+ data.tar.gz: 6709c992c808586e0d6b5cf74f90c43c5f145f469c6b805a31af2fd4d5564aaa5718c7192110eecd11e1d55614c4a1d882504a4e346a88466087af12e0108de6
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ v4.13.0 (July 2024)
2
+ - No changes
3
+
4
+ v4.12.0 (May 2024)
5
+ - Migrate integration to use Mappings Manager
6
+ - Update Dradis links in README
7
+
1
8
  v4.11.0 (January 2024)
2
9
  - No changes
3
10
 
data/README.md CHANGED
@@ -4,8 +4,7 @@
4
4
 
5
5
  Upload [WPScan](https://wpscan.org/) security scanner JSON output into Dradis.
6
6
 
7
- The add-on requires [Dradis CE](https://dradisframework.com/ce/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
8
-
7
+ The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
9
8
 
10
9
  ## More information
11
10
 
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
26
26
  spec.add_dependency 'dradis-plugins', '~> 4.0'
27
27
  spec.add_dependency 'multi_json'
28
28
 
29
- spec.add_development_dependency 'bundler'
29
+ spec.add_development_dependency 'bundler', '~> 2.0'
30
30
  spec.add_development_dependency 'rake', '~> 12.3.3'
31
31
  spec.add_development_dependency 'rspec-rails'
32
32
  spec.add_development_dependency 'combustion', '~> 0.5.2'
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 11
11
+ MINOR = 13
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
@@ -66,7 +66,7 @@ module Dradis::Plugins::Wpscan
66
66
  node.set_property(:scan_time, data['elapsed'])
67
67
  end
68
68
 
69
- scan_info = template_service.process_template(template: 'scan_info', data: data)
69
+ scan_info = mapping_service.apply_mapping(source: 'scan_info', data: data)
70
70
  content_service.create_note text: scan_info, node: node
71
71
 
72
72
  node
@@ -108,11 +108,11 @@ module Dradis::Plugins::Wpscan
108
108
  vulnerabilities.each do |vulnerability|
109
109
  logger.info { "Adding vulnerability: #{vulnerability['title']}" }
110
110
 
111
- vulnerability_template = template_service.process_template(template: 'vulnerability', data: vulnerability)
111
+ vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
112
112
  issue = content_service.create_issue(text: vulnerability_template, id: vulnerability['wpvulndb_id'], node: node)
113
113
 
114
114
  if vulnerability['evidence']
115
- evidence_content = template_service.process_template(template: 'evidence', data: vulnerability)
115
+ evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
116
116
  content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
117
117
  end
118
118
  end
@@ -167,11 +167,11 @@ module Dradis::Plugins::Wpscan
167
167
  vulnerabilities.each do |vulnerability|
168
168
  logger.info { "Adding vulnerability: #{vulnerability['title']}" }
169
169
 
170
- vulnerability_template = template_service.process_template(template: 'vulnerability', data: vulnerability)
170
+ vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
171
171
  issue = content_service.create_issue(text: vulnerability_template, id: "wpscan_#{rand(999999)}")
172
172
 
173
173
  if vulnerability['evidence']
174
- evidence_content = template_service.process_template(template: 'evidence', data: vulnerability)
174
+ evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
175
175
  content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
176
176
  end
177
177
  end
@@ -0,0 +1,51 @@
1
+ module Dradis::Plugins::Wpscan
2
+ module Mapping
3
+ DEFAULT_MAPPING = {
4
+ evidence: {
5
+ 'Evidence' => '{{ wpscan[evidence.evidence] }}'
6
+ },
7
+ scan_info: {
8
+ 'Title' => 'WPScan Scan Information',
9
+ 'TargetURL' => '{{ wpscan[scan_info.target_url] }}',
10
+ 'WordpressVersion' => '{{ wpscan[scan_info.wordpress_version] }}',
11
+ 'Plugins' => '{{ wpscan[scan_info.plugins_string] }}',
12
+ 'Themes' => '{{ wpscan[scan_info.themes_string] }}',
13
+ 'Users' => '{{ wpscan[scan_info.users] }}',
14
+ 'WPScanVersion' => '{{ wpscan[scan_info.wpscan_version] }}',
15
+ 'StartTime' => '{{ wpscan[scan_info.start_time] }}',
16
+ 'TotalScanTime' => '{{ wpscan[scan_info.elapsed] }}'
17
+ },
18
+ vulnerability: {
19
+ 'Title' => '{{ wpscan[vulnerability.title] }}',
20
+ 'FixedIn' => '{{ wpscan[vulnerability.fixed_in] }}',
21
+ 'CVE' => '{{ wpscan[vulnerability.cve] }}',
22
+ 'References' => '{{ wpscan[vulnerability.url] }}',
23
+ 'WPVulnDB' => '{{ wpscan[vulnerability.wpvulndb_url] }}'
24
+ }
25
+ }.freeze
26
+
27
+ SOURCE_FIELDS = {
28
+ evidence: [
29
+ 'evidence.evidence'
30
+ ],
31
+ scan_info: [
32
+ 'scan_info.target_url',
33
+ 'scan_info.wpscan_version',
34
+ 'scan_info.start_time',
35
+ 'scan_info.elapsed',
36
+ 'scan_info.wordpress_version',
37
+ 'scan_info.plugins_string',
38
+ 'scan_info.themes_string',
39
+ 'scan_info.users'
40
+ ],
41
+ vulnerability: [
42
+ 'vulnerability.title',
43
+ 'vulnerability.fixed_in',
44
+ 'vulnerability.cve',
45
+ 'vulnerability.url',
46
+ 'vulnerability.wpvulndb_url',
47
+ 'vulnerability.wpvulndb_id'
48
+ ]
49
+ }.freeze
50
+ end
51
+ end
@@ -7,5 +7,6 @@ end
7
7
 
8
8
  require 'dradis/plugins/wpscan/engine'
9
9
  require 'dradis/plugins/wpscan/field_processor'
10
+ require 'dradis/plugins/wpscan/mapping'
10
11
  require 'dradis/plugins/wpscan/importer'
11
12
  require 'dradis/plugins/wpscan/version'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.11.0
4
+ version: 4.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Christian Mehlmauer
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2024-01-17 00:00:00.000000000 Z
14
+ date: 2024-08-07 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: dradis-plugins
@@ -45,16 +45,16 @@ dependencies:
45
45
  name: bundler
46
46
  requirement: !ruby/object:Gem::Requirement
47
47
  requirements:
48
- - - ">="
48
+ - - "~>"
49
49
  - !ruby/object:Gem::Version
50
- version: '0'
50
+ version: '2.0'
51
51
  type: :development
52
52
  prerelease: false
53
53
  version_requirements: !ruby/object:Gem::Requirement
54
54
  requirements:
55
- - - ">="
55
+ - - "~>"
56
56
  - !ruby/object:Gem::Version
57
- version: '0'
57
+ version: '2.0'
58
58
  - !ruby/object:Gem::Dependency
59
59
  name: rake
60
60
  requirement: !ruby/object:Gem::Requirement
@@ -122,6 +122,7 @@ files:
122
122
  - lib/dradis/plugins/wpscan/field_processor.rb
123
123
  - lib/dradis/plugins/wpscan/gem_version.rb
124
124
  - lib/dradis/plugins/wpscan/importer.rb
125
+ - lib/dradis/plugins/wpscan/mapping.rb
125
126
  - lib/dradis/plugins/wpscan/version.rb
126
127
  - lib/tasks/thorfile.rb
127
128
  - output.json
@@ -129,15 +130,9 @@ files:
129
130
  - spec/fixtures/files/sample.json
130
131
  - spec/spec_helper.rb
131
132
  - spec/wpscan_upload_spec.rb
132
- - templates/evidence.fields
133
133
  - templates/evidence.sample
134
- - templates/evidence.template
135
- - templates/scan_info.fields
136
134
  - templates/scan_info.sample
137
- - templates/scan_info.template
138
- - templates/vulnerability.fields
139
135
  - templates/vulnerability.sample
140
- - templates/vulnerability.template
141
136
  homepage: https://dradis.com/integrations/wpscan.html
142
137
  licenses:
143
138
  - GPL-2
@@ -157,7 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
157
152
  - !ruby/object:Gem::Version
158
153
  version: '0'
159
154
  requirements: []
160
- rubygems_version: 3.3.7
155
+ rubygems_version: 3.5.6
161
156
  signing_key:
162
157
  specification_version: 4
163
158
  summary: WPScan add-on for the Dradis Framework.
@@ -1 +0,0 @@
1
- evidence.evidence
@@ -1,2 +0,0 @@
1
- #[Evidence]#
2
- %evidence.evidence%
@@ -1,8 +0,0 @@
1
- scan_info.target_url
2
- scan_info.wpscan_version
3
- scan_info.start_time
4
- scan_info.elapsed
5
- scan_info.wordpress_version
6
- scan_info.plugins_string
7
- scan_info.themes_string
8
- scan_info.users
@@ -1,34 +0,0 @@
1
- #[Title]#
2
- WPScan Scan Information
3
-
4
-
5
- #[TargetURL]#
6
- %scan_info.target_url%
7
-
8
-
9
- #[WordpressVersion]#
10
- %scan_info.wordpress_version%
11
-
12
-
13
- #[Plugins]#
14
- %scan_info.plugins_string%
15
-
16
-
17
- #[Themes]#
18
- %scan_info.themes_string%
19
-
20
-
21
- #[Users]#
22
- %scan_info.users%
23
-
24
-
25
- #[WPScanVersion]#
26
- %scan_info.wpscan_version%
27
-
28
-
29
- #[StartTime]#
30
- %scan_info.start_time%
31
-
32
-
33
- #[TotalScanTime]#
34
- %scan_info.elapsed%
@@ -1,6 +0,0 @@
1
- vulnerability.title
2
- vulnerability.fixed_in
3
- vulnerability.cve
4
- vulnerability.url
5
- vulnerability.wpvulndb_url
6
- vulnerability.wpvulndb_id
@@ -1,18 +0,0 @@
1
- #[Title]#
2
- %vulnerability.title%
3
-
4
-
5
- #[FixedIn]#
6
- %vulnerability.fixed_in%
7
-
8
-
9
- #[CVE]#
10
- %vulnerability.cve%
11
-
12
-
13
- #[References]#
14
- %vulnerability.url%
15
-
16
-
17
- #[WPVulnDB]#
18
- %vulnerability.wpvulndb_url%