dradis-zap 4.10.0 → 4.12.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/.github/pull_request_template.md +12 -3
  3. data/CHANGELOG.md +7 -0
  4. data/README.md +3 -3
  5. data/lib/dradis/plugins/zap/gem_version.rb +1 -1
  6. data/lib/dradis/plugins/zap/importer.rb +2 -2
  7. data/lib/dradis/plugins/zap/mapping.rb +40 -0
  8. data/lib/dradis/plugins/zap.rb +1 -0
  9. metadata +7 -10
  10. data/templates/evidence.fields +0 -3
  11. data/templates/evidence.template +0 -7
  12. data/templates/issue.fields +0 -12
  13. data/templates/issue.template +0 -30
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8c503ea5eda29d80aca4c69a84eef0baede44d3ddc707db6103af9fb09dbd486
4
- data.tar.gz: 1a3c64fd246cb90a5cc0b86a2d271d6d7a8fd8320b3545d7080454b2f4708d1e
3
+ metadata.gz: 693621bf19bf437de46f16e118f86667137b68ba180d4674072d838feb051d68
4
+ data.tar.gz: ede97be3217d4addf17ba74b6ffe1d10adad7aa80909ce44594221b57e9a78b0
5
5
  SHA512:
6
- metadata.gz: 25ecf0d4f772d67cdd33b94a7d89ba8a6c98ef25fc4dc15a84dc1347ca2634243107f1671ba85bfdf7db2a9bac6d93b247de58aa9925a0fbf908e3d8f36642a3
7
- data.tar.gz: f35782908e4d412ad2b57ef05e051435d26368530e23e2f5d349d6a8dc2cd369327993ff93c2db68e445139eddf90d847f422e1665798139bfd634004eff088b
6
+ metadata.gz: 2e673c3b5484dfbafbff6789a74be708a3cbb40c73535e36d4c70f4e43fb6d5a0be191ca2e7b36abf5b78dfcd4a93f630b542f0f4e972402736348a5c17eb72d
7
+ data.tar.gz: '0473628bcec0389476f9950b67d31674232eb5a4e721154b6e168b3bae5c8ff2b220a62962b6dbf7eaee786ec0a6633900d17fde1a5ca72955fa1bc1605a1d11'
data/.github/pull_request_template.md CHANGED
@@ -1,3 +1,5 @@
1
+ Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
2
+
1
3
  ### Summary
2
4
 
3
5
  Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
6
8
  to keep the conversation linked together.
7
9
 
8
10
 
11
+ ### Testing Steps
12
+
13
+ Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
14
+
15
+
9
16
  ### Other Information
10
17
 
11
18
  If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
26
33
  codebase. Any code you create which is merged must be owned by us.
27
34
  That's not us trying to be a jerks, that's just the way it works.
28
35
 
29
- Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
30
- file for the details.
31
-
32
36
  You can delete this section, but the following sentence needs to
33
37
  remain in the PR's description:
34
38
 
35
39
  > I assign all rights, including copyright, to any future Dradis
36
40
  > work by myself to Security Roots.
41
+
42
+ ### Check List
43
+
44
+ - [ ] Added a CHANGELOG entry
45
+ - [ ] Added specs
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ v4.12.0 (May 2024)
2
+ - Update Dradis links in README
3
+ - Migrate integration to use Mappings Manager
4
+
5
+ v4.11.0 (January 2024)
6
+ - No changes
7
+
1
8
  v4.10.0 (September 2023)
2
9
  - Update gemspec links
3
10
 
data/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  The ZAP add-on enables users to upload ZAP Proxy [i] report XML files.
7
7
 
8
- The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
8
+ The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
9
9
 
10
10
  [i]
11
11
  https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
@@ -18,12 +18,12 @@ https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
18
18
 
19
19
  ## More information
20
20
 
21
- See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
21
+ See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
22
22
 
23
23
 
24
24
  ## Contributing
25
25
 
26
- See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
26
+ See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
27
27
 
28
28
 
29
29
  ## License
data/lib/dradis/plugins/zap/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 10
11
+ MINOR = 12
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
data/lib/dradis/plugins/zap/importer.rb CHANGED
@@ -49,14 +49,14 @@ module Dradis::Plugins::Zap
49
49
  plugin_id = xml_alert_item.at_xpath('./pluginid').text()
50
50
  logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
51
51
 
52
- issue_text = template_service.process_template(template: 'issue', data: xml_alert_item)
52
+ issue_text = mapping_service.apply_mapping(source: 'issue', data: xml_alert_item)
53
53
  issue = content_service.create_issue(text: issue_text, id: plugin_id)
54
54
 
55
55
 
56
56
  xml_alert_item.xpath('./instances/instance').each do |xml_instance|
57
57
  logger.info{ "\t\t => Creating new evidence" }
58
58
 
59
- evidence_content = template_service.process_template(template: 'evidence', data: xml_instance)
59
+ evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_instance)
60
60
  content_service.create_evidence(issue: issue, node: site_node, content: evidence_content)
61
61
  end
62
62
  end
data/lib/dradis/plugins/zap/mapping.rb ADDED
@@ -0,0 +1,40 @@
1
+ module Dradis::Plugins::Zap
2
+ module Mapping
3
+ DEFAULT_MAPPING = {
4
+ evidence: {
5
+ 'Description' => "URI: {{ zap[evidence.uri] }}\nParam: {{ zap[evidence.param] }}\nAttack:\nbc.. {{ zap[evidence.attack] }}"
6
+ },
7
+ issue: {
8
+ 'Title' => '{{ zap[issue.alert] }}',
9
+ 'Risk' => '{{ zap[issue.riskdesc] }}',
10
+ 'Confidence' => '{{ zap[issue.confidence] }}',
11
+ 'Description' => '{{ zap[issue.desc] }}',
12
+ 'Solution' => '{{ zap[issue.solution] }}',
13
+ 'OtherInfo' => '{{ zap[issue.otherinfo] }}',
14
+ 'References' => "{{ zap[issue.reference] }}\nCWE: {{ zap[issue.cweid] }}\nWASC: {{ zap[issue.wascid] }}"
15
+ }
16
+ }.freeze
17
+
18
+ SOURCE_FIELDS = {
19
+ evidence: [
20
+ 'evidence.uri',
21
+ 'evidence.param',
22
+ 'evidence.attack'
23
+ ],
24
+ issue: [
25
+ 'issue.pluginid',
26
+ 'issue.alert',
27
+ 'issue.riskcode',
28
+ 'issue.confidence',
29
+ 'issue.riskdesc',
30
+ 'issue.desc',
31
+ 'issue.count',
32
+ 'issue.solution',
33
+ 'issue.otherinfo',
34
+ 'issue.reference',
35
+ 'issue.cweid',
36
+ 'issue.wascid'
37
+ ]
38
+ }.freeze
39
+ end
40
+ end
data/lib/dradis/plugins/zap.rb CHANGED
@@ -7,5 +7,6 @@ end
7
7
 
8
8
  require 'dradis/plugins/zap/engine'
9
9
  require 'dradis/plugins/zap/field_processor'
10
+ require 'dradis/plugins/zap/mapping'
10
11
  require 'dradis/plugins/zap/importer'
11
12
  require 'dradis/plugins/zap/version'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-zap
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.10.0
4
+ version: 4.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-07 00:00:00.000000000 Z
11
+ date: 2024-05-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -96,7 +96,7 @@ dependencies:
96
96
  version: 0.5.2
97
97
  description: This add-on allows you to upload and parse output produced from the Zed
98
98
  Attack Proxy (ZAP) into Dradis.
99
- email:
99
+ email:
100
100
  executables: []
101
101
  extensions: []
102
102
  extra_rdoc_files: []
@@ -118,21 +118,18 @@ files:
118
118
  - lib/dradis/plugins/zap/field_processor.rb
119
119
  - lib/dradis/plugins/zap/gem_version.rb
120
120
  - lib/dradis/plugins/zap/importer.rb
121
+ - lib/dradis/plugins/zap/mapping.rb
121
122
  - lib/dradis/plugins/zap/version.rb
122
123
  - lib/tasks/thorfile.rb
123
124
  - spec/fixtures/files/ZAP_2.4.3_report-merged.xml
124
125
  - spec/fixtures/files/ZAP_2.4.3_report-unmerged.xml
125
- - templates/evidence.fields
126
126
  - templates/evidence.sample
127
- - templates/evidence.template
128
- - templates/issue.fields
129
127
  - templates/issue.sample
130
- - templates/issue.template
131
128
  homepage: https://dradis.com/integrations/zap.html
132
129
  licenses:
133
130
  - GPL-2
134
131
  metadata: {}
135
- post_install_message:
132
+ post_install_message:
136
133
  rdoc_options: []
137
134
  require_paths:
138
135
  - lib
@@ -148,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
148
145
  version: '0'
149
146
  requirements: []
150
147
  rubygems_version: 3.1.4
151
- signing_key:
148
+ signing_key:
152
149
  specification_version: 4
153
150
  summary: ZAP add-on for the Dradis Framework.
154
151
  test_files:
data/templates/evidence.fields DELETED
@@ -1,3 +0,0 @@
1
- evidence.uri
2
- evidence.param
3
- evidence.attack
data/templates/evidence.template DELETED
@@ -1,7 +0,0 @@
1
- #[Description]#
2
- URI: %evidence.uri%
3
- Param: %evidence.param%
4
-
5
- Attack:
6
-
7
- bc.. %evidence.attack%
data/templates/issue.fields DELETED
@@ -1,12 +0,0 @@
1
- issue.pluginid
2
- issue.alert
3
- issue.riskcode
4
- issue.confidence
5
- issue.riskdesc
6
- issue.desc
7
- issue.count
8
- issue.solution
9
- issue.otherinfo
10
- issue.reference
11
- issue.cweid
12
- issue.wascid
data/templates/issue.template DELETED
@@ -1,30 +0,0 @@
1
- #[Title]#
2
- %issue.alert%
3
-
4
-
5
- #[Risk]#
6
- %issue.riskdesc%
7
-
8
-
9
- #[Confidence]#
10
- %issue.confidence%
11
-
12
-
13
- #[Description]#
14
- %issue.desc%
15
-
16
-
17
- #[Solution]#
18
- %issue.solution%
19
-
20
-
21
-
22
- #[OtherInfo]#
23
- %issue.otherinfo%
24
-
25
-
26
- #[References]#
27
- %issue.reference%
28
-
29
- CWE: %issue.cweid%
30
- WASC: %issue.wascid%