Edited and renamed plugin files to reflect the tool's current name mo…

…ving from NTOSpider to APPSpider.

CHANGELOG.md

@@ -1,3 +1,8 @@
+## Dradis Framework 3.14.1 (September 3, 2019) ##
+
+*  Migration from NTOSpider to AppSpider naming convention.
+*  Expose additional fields for use in both Issue and Evidence.
+
 ## Dradis Framework 3.14 (August, 2019) ##
 
 *   No changes.

README.md

@@ -1,8 +1,8 @@
-# NTO Spider add-on for Dradis
+# AppSpider add-on for Dradis
 
-[![Build Status](https://secure.travis-ci.org/dradis/dradis-ntospider.png?branch=master)](http://travis-ci.org/dradis/dradis-ntospider) [![Code Climate](https://codeclimate.com/github/dradis/dradis-ntospider.png)](https://codeclimate.com/github/dradis/dradis-ntospider.png)
+[![Build Status](https://secure.travis-ci.org/dradis/dradis-appspider.png?branch=master)](http://travis-ci.org/dradis/dradis-appspider) [![Code Climate](https://codeclimate.com/github/dradis/dradis-appspider.png)](https://codeclimate.com/github/dradis/dradis-appspider.png)
 
-The NTO Spider add-on enables users to upload NTO Spider XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
+The AppSpider add-on enables users to upload AppSpider XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
 
 The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
 

lib/ntospider/vuln.rb → lib/appspider/vuln.rb

@@ -1,6 +1,6 @@
-module NTOSpider
+module Appspider
   # This class represents each of the vulnerabilities reported in the
-  # NTOSpider VulnerabilitiesSummary.xml file as <Vuln> entities.
+  # Appspider VulnerabilitiesSummary.xml file as <Vuln> entities.
   #
   # It provides a convenient way to access the information scattered all over
   # the XML entities.
@@ -21,11 +21,17 @@ def supported_tags
         # attributes
 
         # simple tags
-        :attack_class, :attack_score, :attack_type, :attack_value, :capec,
+        :attack_class, :attack_score, :attack_type, :capec,
         :cwe_id, :description, :dissa_asc, :normalized_url, :oval, :owasp2007,
-        :owasp2010, :owasp2013, :recommendation, :vuln_method, :vuln_param,
-        :vuln_type, :vuln_url, :web_site
+        :owasp2010, :owasp2013, :owasp2017, :recommendation, :vuln_method, :vuln_param,
+        :vuln_type, :vuln_url, :web_site, :web_site_ip, :html_entity_attacked, :page, :url, 
+        :vuln_param_type, :wasc, :scan_date, :statistically_prevalent_original_response_code, 
+        :confidence,  
         # nested tags
+        :attack_value, :attack_vuln_url, :attack_post_params, :attack_matched_string,
+        :attack_description, :attack_config_description, :benign, :attack_request, :attack_response, 
+        :pcre_regex_bl, :mod_security_bl, :snort_bl, :imperva_bl, 
+        :pcre_regex_wl, :mod_security_wl, :snort_wl, :imperva_wl
       ]
 end
 
@@ -55,13 +61,37 @@ def method_missing(method, *args)
       # First we try the attributes. In Ruby we use snake_case, but in XML
       # CamelCase is used for some attributes
       translations_table = {
+        web_site:  'WebSite',
+      	web_site_ip:	'WebSiteIP',
+      	html_entity_attacked:	'HtmlEntityAttacked',
+      	scan_date:	'ScanDate',
+      	statistically_prevalent_original_response_code:	'StatisticallyPrevalentOriginalResponseCode',
         capec:     'CAPEC',
         dissa_asc: 'DISSA_ASC',
         owasp2007: 'OWASP2007',
         owasp2010: 'OWASP2010',
         owasp2013: 'OWASP2013',
+        owasp2017: 'OWASP2017',
         oval:      'OVAL',
-        wasc:      'WASC'
+        wasc:      'WASC',
+        attack_value:          'AttackValue',
+        attack_vuln_url:       'AttackVulnUrl', 
+        attack_post_params:    'AttackPostParams', 
+        attack_description:			'AttackDescription',
+        attack_config_description:	'AttackConfigDescription',
+        attack_matched_string: 'AttackMatchedString',
+        original_value:					'OriginalValue',
+        attack_request:        'AttackRequestList/AttackRequest/Request', 
+        attack_response:       'AttackRequestList/AttackRequest/Response',
+        benign:									'AttackRequestList/AttackRequest/Benign',
+        pcre_regex_bl:					'DefenseBL/PcreRegex',
+        mod_security_bl:				'DefenseBL/ModSecurity',
+        snort_bl:								'DefenseBL/Snort',
+        imperva_bl:							'DefenseBL/Imperva',
+        pcre_regex_wl:					'DefenseWL/PcreRegex',
+        mod_security_wl:				'DefenseWL/ModSecurity',
+        snort_wl:								'DefenseWL/Snort',
+        imperva_wl:							'DefenseWL/Imperva'
       }
 
       method_name = translations_table.fetch(method, method.to_s.camelcase)

lib/dradis-appspider.rb

@@ -0,0 +1,8 @@
+# hook to the framework base clases
+require 'dradis-plugins'
+
+# load this add-on's engine
+require 'dradis/plugins/appspider'
+
+# load supporting AppSpider classes
+require 'appspider/vuln'

lib/dradis/plugins/appspider.rb

@@ -0,0 +1,11 @@
+module Dradis
+  module Plugins
+    module Appspider
+    end
+  end
+end
+
+require 'dradis/plugins/appspider/engine'
+require 'dradis/plugins/appspider/field_processor'
+require 'dradis/plugins/appspider/importer'
+require 'dradis/plugins/appspider/version'

lib/dradis/plugins/appspider/engine.rb

@@ -0,0 +1,9 @@
+module Dradis::Plugins::Appspider
+  class Engine < ::Rails::Engine
+    isolate_namespace Dradis::Plugins::Appspider
+
+    include ::Dradis::Plugins::Base
+    description 'Processes APPSpider reports'
+    provides :upload
+  end
+end

lib/dradis/plugins/ntospider/field_processor.rb → lib/dradis/plugins/appspider/field_processor.rb

@@ -1,8 +1,8 @@
-module Dradis::Plugins::NTOSpider
+module Dradis::Plugins::Appspider
   class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
 
     def post_initialize(args={})
-      @nto_object = ::NTOSpider::Vuln.new(data)
+      @app_object = ::Appspider::Vuln.new(data)
     end
 
     def value(args={})
@@ -15,7 +15,7 @@ def value(args={})
       # The XML uses a <Method> entity, but 'method' is a reserved word here so:
       name = 'vuln_method' if name == 'method'
 
-      @nto_object.try(name) || 'n/a'
+      @app_object.try(name) || 'n/a'
     end
   end
 

lib/dradis/plugins/ntospider/gem_version.rb → lib/dradis/plugins/appspider/gem_version.rb

@@ -1,6 +1,6 @@
 module Dradis
   module Plugins
-    module NTOSpider
+    module Appspider
       # Returns the version of the currently loaded NTOSpider as a <tt>Gem::Version</tt>
       def self.gem_version
         Gem::Version.new VERSION::STRING
@@ -9,7 +9,7 @@ def self.gem_version
       module VERSION
         MAJOR = 3
         MINOR = 14
-        TINY = 0
+        TINY = 1
         PRE = nil
 
         STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

lib/dradis/plugins/ntospider/importer.rb → lib/dradis/plugins/appspider/importer.rb

@@ -1,15 +1,15 @@
-module Dradis::Plugins::NTOSpider
+module Dradis::Plugins::Appspider
   class Importer < Dradis::Plugins::Upload::Importer
 
     BAD_FILENAME_ERROR_MESSAGE = \
       "The uploaded file should be named VulnerabilitiesSummary.xml. "\
-      "You'll find VulnerabilitiesSummary.xml inside the /report subdirectory in NTO Spider's output."
+      "You'll find VulnerabilitiesSummary.xml inside the /report subdirectory in APPSpider's output."
     NO_VULNSUMMARY_ERROR_MESSAGE = \
       "A proper root element (/VulnSummary) wasn't detected in the uploaded file. "\
-      "Ensure the file you uploaded comes from a NTOSpider report."
+      "Ensure the file you uploaded comes from a APPSpider report."
     NO_VULNS_ERROR_MESSAGE = \
       "No vulnerabilities were detected in the uploaded file (/VulnSummary/VulnList/Vuln). "\
-      "Ensure the file you uploaded comes from a NTOSpider report."
+      "Ensure the file you uploaded comes from a APPSpider report."
 
     # The framework will call this function if the user selects this plugin from
     # the dropdown list and uploads a file.
@@ -40,7 +40,7 @@ def import(params={})
       end
 
       @doc.xpath('/VulnSummary/VulnList/Vuln').each do |xml_vuln|
-        vuln = ::NTOSpider::Vuln.new(xml_vuln)
+        vuln = ::Appspider::Vuln.new(xml_vuln)
 
         host_node_label = xml_vuln.at_xpath('./WebSite').text
         host_node_label = URI.parse(host_node_label).host rescue host_node_label
@@ -53,13 +53,16 @@ def import(params={})
         )
         issue = content_service.create_issue text: issue_text, id: plugin_id
 
-        logger.info{ "\t\t => Creating new evidence" }
-        evidence_content = template_service.process_template(
-          template: 'evidence', data: vuln.xml
-        )
-        content_service.create_evidence(
-          issue: issue, node: host_node, content: evidence_content
-        )
+				# App Spider can provide multiple pieces of evidence for a specifgic issue.
+        xml_vuln.xpath('./AttackList/Attack').each do |attack_xml|
+          logger.info{ "\t\t => Creating new evidence" }
+          evidence_content = template_service.process_template(
+            template: 'evidence', data: attack_xml
+          )
+          content_service.create_evidence(
+            issue: issue, node: host_node, content: evidence_content
+          )
+        end
       end
 
       true
@@ -68,7 +71,7 @@ def import(params={})
     private
     def log_error_and_return(message)
       logger.fatal { message }
-      content_service.create_note text: "#[Title]#\nNTO upload error\n\n#[Description]#\n#{ message }"
+      content_service.create_note text: "#[Title]#\nAppspider upload error\n\n#[Description]#\n#{ message }"
     end
   end
 end

lib/dradis/plugins/ntospider/version.rb → lib/dradis/plugins/appspider/version.rb

@@ -1,7 +1,7 @@
 require_relative 'gem_version'
 
-module Dradis::Plugins::NTOSpider
-  # Returns the version of the currently loaded NTOSpider as a
+module Dradis::Plugins::Appspider
+  # Returns the version of the currently loaded Appspider as a
   # <tt>Gem::Version</tt>.
   def self.version
     gem_version

lib/tasks/thorfile.rb

@@ -1,9 +1,9 @@
-class NTOSpiderTasks < Thor
+class AppspiderTasks < Thor
   include Rails.application.config.dradis.thor_helper_module
 
-  namespace "dradis:plugins:ntospider"
+  namespace "dradis:plugins:appspider"
 
-  desc "upload FILE", "upload NTOSpider XML results"
+  desc "upload FILE", "upload APPSpider XML results"
   def upload(file_path)
     require 'config/environment'
 
@@ -14,7 +14,7 @@ def upload(file_path)
 
     detect_and_set_project_scope
 
-    importer = Dradis::Plugins::NTOSpider::Importer.new(task_options)
+    importer = Dradis::Plugins::Appspider::Importer.new(task_options)
     importer.import(file: file_path)
   end
 end

templates/evidence.fields

@@ -1,4 +1,13 @@
-evidence.web_site
-evidence.vuln_url
-evidence.normalized_url
+evidence.attack_config_description
+evidence.attack_description
+evidence.attack_matched_string
+evidence.attack_post_params
+evidence.attack_request
+evidence.attack_response
+evidence.attack_value
+evidence.attack_vuln_url
+evidence.benign
+evidence.original_value
 evidence.vuln_param
+evidence.vuln_url
+evidence.web_site

templates/evidence.template

@@ -2,10 +2,10 @@
 %evidence.web_site%
 
 #[URL]#
-%evidence.vuln_url%
+%evidence.attack_vuln_url%
 
 #[Normalized URL]#
-%evidence.normalized_url%
+%evidence.vuln_url%
 
 #[Param]#
 %evidence.vuln_param%

templates/vuln.fields

@@ -3,16 +3,30 @@ vuln.attack_score
 vuln.attack_type
 vuln.attack_value
 vuln.capec
+vuln.confidence
 vuln.cwe_id
 vuln.description
 vuln.dissa_asc
+vuln.html_entity_attacked
+vuln.imperva_bl
+vuln.imperva_wl
+vuln.mod_security_bl
+vuln.mod_security_wl
 vuln.normalized_url
 vuln.oval
 vuln.owasp2007
 vuln.owasp2010
 vuln.owasp2013
+vuln.owasp2017
+vuln.pcre_regex_bl
+vuln.pcre_regex_wl
 vuln.recommendation
+vuln.scan_date
+vuln.snort_bl
+vuln.snort_wl
+vuln.statistically_prevalent_original_response_code
 vuln.vuln_method
 vuln.vuln_param
 vuln.vuln_type
 vuln.vuln_url
+vuln.wasc

templates/vuln.template

@@ -31,14 +31,14 @@
 #[DISSA_ASC]#
 %vuln.dissa_asc%
 
-#[OWASP2007]#
-%vuln.owasp2007%
-
 #[OWASP2010]#
 %vuln.owasp2010%
 
 #[OWASP2013]#
 %vuln.owasp2013%
 
+#[OWASP2017]#
+%vuln.owasp2017%
+
 #[OVAL]#
 %vuln.oval%