RubyGems - dradis-zap - Versions diffs - 4.11.0 → 4.13.0 - Mend

dradis-zap 4.11.0 → 4.13.0

Files changed (13) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +7 -0
data/README.md +1 -1
data/dradis-zap.gemspec +1 -1
data/lib/dradis/plugins/zap/gem_version.rb +1 -1
data/lib/dradis/plugins/zap/importer.rb +2 -2
data/lib/dradis/plugins/zap/mapping.rb +40 -0
data/lib/dradis/plugins/zap.rb +1 -0
metadata +6 -9
data/templates/evidence.fields +0 -3
data/templates/evidence.template +0 -7
data/templates/issue.fields +0 -12
data/templates/issue.template +0 -30

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20b8911c8e59c334f80cbf67282fcaa1f7396c95286b9381f55b46e71b5f3d6e
-  data.tar.gz: db24f9c6ddaa7d61c501c94d4dc4c38c9742678f9cd0b89dd8fd95e331733193
+  metadata.gz: 4dca0b6936b06bfdaeab0c866347a47fba5006c8b63b6fcd63a16326be964070
+  data.tar.gz: a229faabb74aa2439c4dfdb07e2c67355710c0cb90da02096fec4f8e38dee111
 SHA512:
-  metadata.gz: ddca75afed67f91f852479363b9d7ce647a31d34240bd5ed1032f63733201702e94d7ffa118b228ec1360dec4ef6495317bcf163a30b8667cfa212fd8c88060d
-  data.tar.gz: a7c58dedfb9ffaa647bccc212c008655539f692edd8cdd00113938743fc697ec1734140386dff34bbd6021b0b0990f14bfb044d1cd1fa50878e1a9d28e0d02a9
+  metadata.gz: 832febde89fa15564a3a9a126b543fa187f566020e68bf8693bd0cda32e6b7f2af4c0a9c4121815c53964599af8cbf7b5b608c0310d0fdc950f1524c57474610
+  data.tar.gz: 18c69602a5ba93479d8886b7d658908b00b47c71d5a1867e0d0c26cb78f3374dc8ad3d2013f93daf519d5a29561c3fb2136b4031f27b33314f1815ff0073b98e

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,10 @@
+v4.13.0 (July 2024)
+  - No changes
+v4.12.0 (May 2024)
+ - Update Dradis links in README
+ - Migrate integration to use Mappings Manager
 v4.11.0 (January 2024)
   - No changes

data/README.md CHANGED Viewed

@@ -5,7 +5,7 @@
 The ZAP add-on enables users to upload ZAP Proxy [i] report XML files.
-The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 [i]
 https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

data/dradis-zap.gemspec CHANGED Viewed

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'dradis-plugins', '~> 4.0'
   spec.add_dependency 'nokogiri', '~> 1.3'
-  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec-rails'
   spec.add_development_dependency 'combustion', '~> 0.5.2'

data/lib/dradis/plugins/zap/gem_version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 11
+        MINOR = 13
         TINY = 0
         PRE = nil

data/lib/dradis/plugins/zap/importer.rb CHANGED Viewed

@@ -49,14 +49,14 @@ module Dradis::Plugins::Zap
       plugin_id = xml_alert_item.at_xpath('./pluginid').text()
       logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
-      issue_text = template_service.process_template(template: 'issue', data: xml_alert_item)
+      issue_text = mapping_service.apply_mapping(source: 'issue', data: xml_alert_item)
       issue = content_service.create_issue(text: issue_text, id: plugin_id)
       xml_alert_item.xpath('./instances/instance').each do |xml_instance|
         logger.info{ "\t\t => Creating new evidence" }
-        evidence_content = template_service.process_template(template: 'evidence', data: xml_instance)
+        evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_instance)
         content_service.create_evidence(issue: issue, node: site_node, content: evidence_content)
       end
     end

data/lib/dradis/plugins/zap/mapping.rb ADDED Viewed

@@ -0,0 +1,40 @@
+module Dradis::Plugins::Zap
+  module Mapping
+    DEFAULT_MAPPING = {
+      evidence: {
+        'Description' => "URI: {{ zap[evidence.uri] }}\nParam: {{ zap[evidence.param] }}\nAttack:\nbc.. {{ zap[evidence.attack] }}"
+      },
+      issue: {
+        'Title' => '{{ zap[issue.alert] }}',
+        'Risk' => '{{ zap[issue.riskdesc] }}',
+        'Confidence' => '{{ zap[issue.confidence] }}',
+        'Description' => '{{ zap[issue.desc] }}',
+        'Solution' => '{{ zap[issue.solution] }}',
+        'OtherInfo' => '{{ zap[issue.otherinfo] }}',
+        'References' => "{{ zap[issue.reference] }}\nCWE: {{ zap[issue.cweid] }}\nWASC: {{ zap[issue.wascid] }}"
+      }
+    }.freeze
+    SOURCE_FIELDS = {
+      evidence: [
+        'evidence.uri',
+        'evidence.param',
+        'evidence.attack'
+      ],
+      issue: [
+        'issue.pluginid',
+        'issue.alert',
+        'issue.riskcode',
+        'issue.confidence',
+        'issue.riskdesc',
+        'issue.desc',
+        'issue.count',
+        'issue.solution',
+        'issue.otherinfo',
+        'issue.reference',
+        'issue.cweid',
+        'issue.wascid'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/zap.rb CHANGED Viewed

@@ -7,5 +7,6 @@ end
 require 'dradis/plugins/zap/engine'
 require 'dradis/plugins/zap/field_processor'
+require 'dradis/plugins/zap/mapping'
 require 'dradis/plugins/zap/importer'
 require 'dradis/plugins/zap/version'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-zap
 version: !ruby/object:Gem::Version
-  version: 4.11.0
+  version: 4.13.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-17 00:00:00.000000000 Z
+date: 2024-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -118,16 +118,13 @@ files:
 - lib/dradis/plugins/zap/field_processor.rb
 - lib/dradis/plugins/zap/gem_version.rb
 - lib/dradis/plugins/zap/importer.rb
+- lib/dradis/plugins/zap/mapping.rb
 - lib/dradis/plugins/zap/version.rb
 - lib/tasks/thorfile.rb
 - spec/fixtures/files/ZAP_2.4.3_report-merged.xml
 - spec/fixtures/files/ZAP_2.4.3_report-unmerged.xml
-- templates/evidence.fields
 - templates/evidence.sample
-- templates/evidence.template
-- templates/issue.fields
 - templates/issue.sample
-- templates/issue.template
 homepage: https://dradis.com/integrations/zap.html
 licenses:
 - GPL-2
@@ -147,7 +144,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.5.6
 signing_key:
 specification_version: 4
 summary: ZAP add-on for the Dradis Framework.

data/templates/evidence.fields DELETED Viewed

@@ -1,3 +0,0 @@
-evidence.uri
-evidence.param
-evidence.attack

data/templates/evidence.template DELETED Viewed

@@ -1,7 +0,0 @@
-#[Description]#
-URI: %evidence.uri%
-Param: %evidence.param%
-Attack:
-bc.. %evidence.attack%

data/templates/issue.fields DELETED Viewed

@@ -1,12 +0,0 @@
-issue.pluginid
-issue.alert
-issue.riskcode
-issue.confidence
-issue.riskdesc
-issue.desc
-issue.count
-issue.solution
-issue.otherinfo
-issue.reference
-issue.cweid
-issue.wascid

data/templates/issue.template DELETED Viewed

@@ -1,30 +0,0 @@
-#[Title]#
-%issue.alert%
-#[Risk]#
-%issue.riskdesc%
-#[Confidence]#
-%issue.confidence%
-#[Description]#
-%issue.desc%
-#[Solution]#
-%issue.solution%
-#[OtherInfo]#
-%issue.otherinfo%
-#[References]#
-%issue.reference%
-CWE: %issue.cweid%
-WASC: %issue.wascid%