dradis-zap 4.11.0 → 4.12.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +1 -1
  4. data/lib/dradis/plugins/zap/gem_version.rb +1 -1
  5. data/lib/dradis/plugins/zap/importer.rb +2 -2
  6. data/lib/dradis/plugins/zap/mapping.rb +40 -0
  7. data/lib/dradis/plugins/zap.rb +1 -0
  8. metadata +4 -7
  9. data/templates/evidence.fields +0 -3
  10. data/templates/evidence.template +0 -7
  11. data/templates/issue.fields +0 -12
  12. data/templates/issue.template +0 -30
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 20b8911c8e59c334f80cbf67282fcaa1f7396c95286b9381f55b46e71b5f3d6e
4
- data.tar.gz: db24f9c6ddaa7d61c501c94d4dc4c38c9742678f9cd0b89dd8fd95e331733193
3
+ metadata.gz: 693621bf19bf437de46f16e118f86667137b68ba180d4674072d838feb051d68
4
+ data.tar.gz: ede97be3217d4addf17ba74b6ffe1d10adad7aa80909ce44594221b57e9a78b0
5
5
  SHA512:
6
- metadata.gz: ddca75afed67f91f852479363b9d7ce647a31d34240bd5ed1032f63733201702e94d7ffa118b228ec1360dec4ef6495317bcf163a30b8667cfa212fd8c88060d
7
- data.tar.gz: a7c58dedfb9ffaa647bccc212c008655539f692edd8cdd00113938743fc697ec1734140386dff34bbd6021b0b0990f14bfb044d1cd1fa50878e1a9d28e0d02a9
6
+ metadata.gz: 2e673c3b5484dfbafbff6789a74be708a3cbb40c73535e36d4c70f4e43fb6d5a0be191ca2e7b36abf5b78dfcd4a93f630b542f0f4e972402736348a5c17eb72d
7
+ data.tar.gz: '0473628bcec0389476f9950b67d31674232eb5a4e721154b6e168b3bae5c8ff2b220a62962b6dbf7eaee786ec0a6633900d17fde1a5ca72955fa1bc1605a1d11'
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ v4.12.0 (May 2024)
2
+ - Update Dradis links in README
3
+ - Migrate integration to use Mappings Manager
4
+
1
5
  v4.11.0 (January 2024)
2
6
  - No changes
3
7
 
data/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  The ZAP add-on enables users to upload ZAP Proxy [i] report XML files.
7
7
 
8
- The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
8
+ The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
9
9
 
10
10
  [i]
11
11
  https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
data/lib/dradis/plugins/zap/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 11
11
+ MINOR = 12
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
data/lib/dradis/plugins/zap/importer.rb CHANGED
@@ -49,14 +49,14 @@ module Dradis::Plugins::Zap
49
49
  plugin_id = xml_alert_item.at_xpath('./pluginid').text()
50
50
  logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
51
51
 
52
- issue_text = template_service.process_template(template: 'issue', data: xml_alert_item)
52
+ issue_text = mapping_service.apply_mapping(source: 'issue', data: xml_alert_item)
53
53
  issue = content_service.create_issue(text: issue_text, id: plugin_id)
54
54
 
55
55
 
56
56
  xml_alert_item.xpath('./instances/instance').each do |xml_instance|
57
57
  logger.info{ "\t\t => Creating new evidence" }
58
58
 
59
- evidence_content = template_service.process_template(template: 'evidence', data: xml_instance)
59
+ evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_instance)
60
60
  content_service.create_evidence(issue: issue, node: site_node, content: evidence_content)
61
61
  end
62
62
  end
data/lib/dradis/plugins/zap/mapping.rb ADDED
@@ -0,0 +1,40 @@
1
+ module Dradis::Plugins::Zap
2
+ module Mapping
3
+ DEFAULT_MAPPING = {
4
+ evidence: {
5
+ 'Description' => "URI: {{ zap[evidence.uri] }}\nParam: {{ zap[evidence.param] }}\nAttack:\nbc.. {{ zap[evidence.attack] }}"
6
+ },
7
+ issue: {
8
+ 'Title' => '{{ zap[issue.alert] }}',
9
+ 'Risk' => '{{ zap[issue.riskdesc] }}',
10
+ 'Confidence' => '{{ zap[issue.confidence] }}',
11
+ 'Description' => '{{ zap[issue.desc] }}',
12
+ 'Solution' => '{{ zap[issue.solution] }}',
13
+ 'OtherInfo' => '{{ zap[issue.otherinfo] }}',
14
+ 'References' => "{{ zap[issue.reference] }}\nCWE: {{ zap[issue.cweid] }}\nWASC: {{ zap[issue.wascid] }}"
15
+ }
16
+ }.freeze
17
+
18
+ SOURCE_FIELDS = {
19
+ evidence: [
20
+ 'evidence.uri',
21
+ 'evidence.param',
22
+ 'evidence.attack'
23
+ ],
24
+ issue: [
25
+ 'issue.pluginid',
26
+ 'issue.alert',
27
+ 'issue.riskcode',
28
+ 'issue.confidence',
29
+ 'issue.riskdesc',
30
+ 'issue.desc',
31
+ 'issue.count',
32
+ 'issue.solution',
33
+ 'issue.otherinfo',
34
+ 'issue.reference',
35
+ 'issue.cweid',
36
+ 'issue.wascid'
37
+ ]
38
+ }.freeze
39
+ end
40
+ end
data/lib/dradis/plugins/zap.rb CHANGED
@@ -7,5 +7,6 @@ end
7
7
 
8
8
  require 'dradis/plugins/zap/engine'
9
9
  require 'dradis/plugins/zap/field_processor'
10
+ require 'dradis/plugins/zap/mapping'
10
11
  require 'dradis/plugins/zap/importer'
11
12
  require 'dradis/plugins/zap/version'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-zap
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.11.0
4
+ version: 4.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-17 00:00:00.000000000 Z
11
+ date: 2024-05-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -118,16 +118,13 @@ files:
118
118
  - lib/dradis/plugins/zap/field_processor.rb
119
119
  - lib/dradis/plugins/zap/gem_version.rb
120
120
  - lib/dradis/plugins/zap/importer.rb
121
+ - lib/dradis/plugins/zap/mapping.rb
121
122
  - lib/dradis/plugins/zap/version.rb
122
123
  - lib/tasks/thorfile.rb
123
124
  - spec/fixtures/files/ZAP_2.4.3_report-merged.xml
124
125
  - spec/fixtures/files/ZAP_2.4.3_report-unmerged.xml
125
- - templates/evidence.fields
126
126
  - templates/evidence.sample
127
- - templates/evidence.template
128
- - templates/issue.fields
129
127
  - templates/issue.sample
130
- - templates/issue.template
131
128
  homepage: https://dradis.com/integrations/zap.html
132
129
  licenses:
133
130
  - GPL-2
@@ -147,7 +144,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
147
144
  - !ruby/object:Gem::Version
148
145
  version: '0'
149
146
  requirements: []
150
- rubygems_version: 3.3.7
147
+ rubygems_version: 3.1.4
151
148
  signing_key:
152
149
  specification_version: 4
153
150
  summary: ZAP add-on for the Dradis Framework.
data/templates/evidence.fields DELETED
@@ -1,3 +0,0 @@
1
- evidence.uri
2
- evidence.param
3
- evidence.attack
data/templates/evidence.template DELETED
@@ -1,7 +0,0 @@
1
- #[Description]#
2
- URI: %evidence.uri%
3
- Param: %evidence.param%
4
-
5
- Attack:
6
-
7
- bc.. %evidence.attack%
data/templates/issue.fields DELETED
@@ -1,12 +0,0 @@
1
- issue.pluginid
2
- issue.alert
3
- issue.riskcode
4
- issue.confidence
5
- issue.riskdesc
6
- issue.desc
7
- issue.count
8
- issue.solution
9
- issue.otherinfo
10
- issue.reference
11
- issue.cweid
12
- issue.wascid
data/templates/issue.template DELETED
@@ -1,30 +0,0 @@
1
- #[Title]#
2
- %issue.alert%
3
-
4
-
5
- #[Risk]#
6
- %issue.riskdesc%
7
-
8
-
9
- #[Confidence]#
10
- %issue.confidence%
11
-
12
-
13
- #[Description]#
14
- %issue.desc%
15
-
16
-
17
- #[Solution]#
18
- %issue.solution%
19
-
20
-
21
-
22
- #[OtherInfo]#
23
- %issue.otherinfo%
24
-
25
-
26
- #[References]#
27
- %issue.reference%
28
-
29
- CWE: %issue.cweid%
30
- WASC: %issue.wascid%