lib/netsparker/vulnerability.rb in dradis-netsparker-3.10.0 vs lib/netsparker/vulnerability.rb in dradis-netsparker-3.11.0
- old
+ new
@@ -21,11 +21,13 @@
[
# made-up tags
:title,
# simple tags
- :certainty, :description, :rawrequest, :rawresponse, :remedy, :severity,
+ :actions_to_take, :certainty, :description, :external_references,
+ :extrainformation, :impact, :rawrequest, :rawresponse, :remedy,
+ :remedy_references, :required_skills_for_exploitation, :severity,
:type, :url,
# tags that correspond to Evidence
# nested tags
@@ -70,10 +72,11 @@
# Any fields where a simple .camelcase() won't work we need to translate,
# this includes acronyms (e.g. :cwe would become 'Cwe') and simple nested
# tags.
translations_table = {
+ actions_to_take: 'actionsToTake',
classification_capec: 'classification/CAPEC',
classification_cwe: 'classification/CWE',
classification_cvss_vector: 'classification/CVSS/vector',
classification_cvss_base_value: "classification/CVSS/score/type[text()='Base']/../value",
classification_cvss_base_severity: "classification/CVSS/score/type[text()='Base']/../severity",
@@ -84,11 +87,14 @@
classification_hipaa: 'classification/HIPAA',
classification_owasp2013: 'classification/OWASP2013',
classification_owasppc: 'classification/OWASPPC',
classification_pci31: 'classification/PCI31',
classification_pci32: 'classification/PCI32',
- classification_wasc: 'classification/WASC'
+ classification_wasc: 'classification/WASC',
+ external_references: 'externalReferences',
+ remedy_references: 'remedyReferences',
+ required_skills_for_exploitation: 'requiredSkillsForExploitation'
}
method_name = translations_table.fetch(method, method.to_s)
# We've got a virtual method :title which isn't provided by Netsparker
# but that most users will be expecting.
@@ -116,29 +122,47 @@
result = source.dup
result.gsub!(/"/, '"')
result.gsub!(/&/, '&')
result.gsub!(/</, '<')
result.gsub!(/>/, '>')
+ result.gsub!(/'/, '\'')
- result.gsub!(/<b>(.*?)<\/b>/) { "*#{$1.strip}*" }
- result.gsub!(/<br\/>/, "\n")
- result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m){|m| "\n\nbc.. #{$1.strip}\n\np. \n" }
- result.gsub!(/<div>(.*?)<\/div>/, '\1 ')
- result.gsub!(/<em>(.*?)<\/em>/, '\1')
+ result.gsub!(/\<\!\[CDATA\[(.*?)\]\]\>/m, '\1')
+
+ result.gsub!(/<b>(.*?)<\/b>/) { "*#{$1}*" }
+ result.gsub!(/<i>(.*?)<\/i>/) { "_#{$1}_" }
+ result.gsub!(/<em>(.*?)<\/em>/) { "*#{$1}*" }
+ result.gsub!(/<h2>(.*?)<\/h2>/) { "*#{$1}*" }
+ result.gsub!(/<strong>(.*?)<\/strong>/) { "*#{$1}*" }
+
+ result.gsub!(/(<br>)|(<br\/>)/, "\n")
+ result.gsub!(/(<div>)|(<\/div>)/, "")
result.gsub!(/<font.*?>(.*?)<\/font>/m, '\1')
- result.gsub!(/<h2>(.*?)<\/h2>/) { "*#{$1.strip}*" }
- result.gsub!(/<i>(.*?)<\/i>/, '\1')
- result.gsub!(/<li.*>(.*)?<\/li>/, '* \1')
- result.gsub!(/<p>(.*?)<\/p>/, '\1 ')
- result.gsub!(/<pre.*?>(.*?)<\/pre>/m){|m| "\n\nbc.. #{$1.strip}\n\np. \n" }
- result.gsub!(/<span.*>(.*?)<\/span>/, '\1')
- result.gsub!(/<ul>(.*?)<\/ul>/m, '\1')
+ result.gsub!(/<p (.*?)>(.*?)<\/p>/) { "\n#{$2}\n" }
+ result.gsub!(/<span(.*?)>(.*?)<\/span>/, '\2')
+ result.gsub!(/(<p>)|(<\/p>)/, "\n")
+ result.gsub!(/\n[a-z]\. /, "\n\# ")
+ result.gsub!(/<a href=\"(.*?)\" (.*?)>(.*?)<\/a>/i) { "\"#{$3.strip}\":#{$1.strip}" }
+ result.gsub!(/<a href=\'(.*?)\'>(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
+
+ result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
+ result.gsub!(/<pre.*?>(.*?)<\/pre>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
+ result.gsub!(/<code>(.*?)<\/code>/m) {|m| "\n\nbc.. #{$1}\n\np. \n" }
+
+ result.gsub!(/(<ul>)|(<\/ul>|(<ol>)|(<\/ol>))/, "\n")
+ result.gsub!(/<li(.*?)>(.*?)<\/li>/m) {"\n* #{$2}\n" }
+ result.gsub!(/<li>/, "\n* ")
+ result.gsub!(/<\/li>/, "\n")
+
result
end
# Some of the values have embedded HTML conent that we need to strip
def tags_with_html_content
- [:description, :remedy]
+ [
+ :actions_to_take, :description, :external_references, :extrainformation,
+ :impact, :remedy, :remedy_references, :required_skills_for_exploitation
+ ]
end
end
end