Merge branch 'develop' into fix-heroku-1-click

dradis · Apr 27, 2023 · 182c8f6 · 182c8f6
2 parents 5fce6c3 + d88f80e
commit 182c8f6
Show file tree

Hide file tree

Showing 114 changed files with 2,563 additions and 932 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,7 +7,6 @@
 /db/*.sqlite3
 /db/*.sqlite3-*
 /config/database.yml
-/config/secrets.yml
 /config/smtp.yml
 /log/*
 /tmp/*

diff --git a/.rubocop.yml b/.rubocop.yml
@@ -6,6 +6,7 @@ AllCops:
   Exclude:
     - '**/templates/**/*'
     - '**/vendor/**/*'
+    - 'db/schema.rb'
 
 # Prefer &&/|| over and/or.
 Style/AndOr:

diff --git a/CHANGELOG b/CHANGELOG
@@ -1,18 +1,11 @@
 [v#.#.#] ([month] [YYYY])
   - [entity]:
     - [future tense verb] [feature]
-  - Rubocop CI:
-    - disable EnforcedShorthandSyntax rule under Style/HashSyntax cop
-  - Issues: Display the results from importers in a datatable
-  - Tylium:
-    - Add breadcrumbs to Revision History view
-    - Remove `Recent Activity` tabs and add `View History` link to the dots menu
   - Upgraded gems:
-    - nokogiri, pg, rails-html-sanitizer, sinatra
+    - [gem]
   - Bugs fixes:
     - [entity]:
       - [future tense verb] [bug fix]
-    - Methodologies: Ensure params are validated when moving list/card
     - Bug tracker items:
       - [item]
   - New integrations:
@@ -33,6 +26,32 @@
     - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
     - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
 
+v4.8.0 (April 2023)
+  - Sessions: Store :secret_key_base in encrypted configuration file
+  - Quality Assurance: Review/approve Issues and Content Blocks before including them in reports
+  - Upgraded gems:
+    - nokogiri, rack, rails, time
+
+v4.7.0 (February 2023)
+  - Rubocop CI:
+    - disable EnforcedShorthandSyntax rule under Style/HashSyntax cop
+  - Issues: Display the results from importers in a datatable
+  - Tylium:
+    - Add breadcrumbs to Revision History view
+    - Add secondary sidebar toggling functionality
+    - Remove `Recent Activity` tabs and add `View History` link to the dots menu
+    - Tags: Add tag management
+  - Integration enhancements:
+    - Burp: Add support for large base64 response
+    - Nessus: Clean up code tags in description fields
+    - Netsparker: Add issue.classification_owasp2021 as a new avaiable field
+  - Upgraded gems:
+    - nokogiri, pg, rails, rails-html-sanitizer, sanitize, sinatra
+  - Bugs fixes:
+    - Methodologies: Ensure params are validated when moving list/card
+  - REST/JSON API enhancements:
+    - Author: Add author field for notes, issues, and evidence
+
 v4.6.0 (November 2022)
   - Kit Import: allow import of kit with no templates
   - Notes: remove category selection from form UI.

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -20,15 +20,14 @@ top of things.
 ## Making Changes
 
 * Create a topic branch from where you want to base your work.
-  * This is usually the master branch.
+  * This is usually the develop branch.
   * Only target release branches if you are certain your fix must be on that
     branch.
-  * To quickly create a topic branch based on master; `git branch
-    fix/master/my_contribution master` then checkout the new branch with `git
-    checkout fix/master/my_contribution`.  Please avoid working directly on the
-    `master` branch.
+  * To quickly create a topic branch based on develop; `git branch
+    my_contribution develop` then checkout the new branch with `git
+    checkout my_contribution`.  Please avoid working directly on the
+    `develop` branch.
 * Make commits of logical units.
-* Check for unnecessary whitespace with `git diff --check` before committing.
 * Make sure your commit messages are in the proper format.
 
 ````
@@ -52,6 +51,8 @@ top of things.
 
 * Make sure you have added the necessary tests for your changes.
 * Run _all_ the tests to assure nothing else was accidentally broken.
+* Adhere to our [style guides](https://github.com/dradis/dradis-ce/wiki).
+* Ensure all GH checks have passed.
 
 ## Submitting Changes
 

diff --git a/Gemfile b/Gemfile
@@ -5,7 +5,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby '3.1.2'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 6.1.6.1'
+gem 'rails', '~> 6.1.7.3'
 
 # Use SCSS for stylesheets
 gem 'sass-rails', '~> 6.0'
@@ -64,6 +64,9 @@ gem 'rubyzip', '>= 1.2.2'
 
 gem 'thor', '~> 1.2.1'
 
+# Ruby dependency, version specified here due to CVE-2023-28756
+gem 'time', '>= 0.2.2'
+
 # ------------------------------------------------------ With native extensions
 # These require native extensions.
 # Ensure Traveling Ruby provides an appropriate version before bumping.
@@ -78,7 +81,7 @@ gem 'bcrypt', '3.1.12'
 gem 'json', '2.3.0'
 
 # XML manipulation
-gem 'nokogiri', '1.13.10'
+gem 'nokogiri', '>= 1.14.3'
 
 # MySQL backend
 # gem 'mysql2', '~> 0.5.1'
@@ -96,7 +99,7 @@ gem 'RedCloth', '~> 4.3.2', require: 'redcloth'
 gem 'rinku'
 
 # html-pipeline dependency for html sanitization
-gem 'sanitize', '5.2.1'
+gem 'sanitize', '6.0.1'
 
 # SQLite3 DB driver
 gem 'sqlite3'
@@ -194,6 +197,9 @@ group :test do
   gem 'shoulda-matchers', '~> 3.1'
   gem 'timecop'
   gem 'webdrivers'
+
+  # Required by capybara
+  gem 'matrix'
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
@@ -211,12 +217,12 @@ end
 #
 
 # Base framework classes required by other plugins
-gem 'dradis-plugins', '~> 4.6.1'
+gem 'dradis-plugins', '~> 4.8.0'
 
 gem 'dradis-api', path: 'engines/dradis-api'
 
 # Import / export project data
-gem 'dradis-projects', '~> 4.6.0'
+gem 'dradis-projects', '~> 4.8.0'
 
 plugins_file = 'Gemfile.plugins'
 if File.exists?(plugins_file)
@@ -227,32 +233,32 @@ end
 # effective.
 
 # ----------------------------------------------------------------- Calculators
-gem 'dradis-calculator_cvss', '~> 4.6.0'
-gem 'dradis-calculator_dread', '~> 4.6.0'
+gem 'dradis-calculator_cvss', '~> 4.8.0'
+gem 'dradis-calculator_dread', '~> 4.8.0'
 
 # ---------------------------------------------------------------------- Export
-gem 'dradis-csv_export', '~> 4.6.0'
-gem 'dradis-html_export', '~> 4.6.0'
+gem 'dradis-csv_export', '~> 4.8.0'
+gem 'dradis-html_export', '~> 4.8.0'
 
 # ---------------------------------------------------------------------- Import
-gem 'dradis-csv', '~> 4.6.0'
+gem 'dradis-csv', '~> 4.8.0'
 
 # ---------------------------------------------------------------------- Upload
-gem 'dradis-acunetix', '~> 4.6.0'
-gem 'dradis-brakeman', '~> 4.6.0'
-gem 'dradis-burp', '~> 4.6.0'
-gem 'dradis-coreimpact', '~> 4.6.0'
-gem 'dradis-metasploit', '~> 4.6.0'
-gem 'dradis-nessus', '~> 4.6.0'
-gem 'dradis-netsparker', '~> 4.6.0'
-gem 'dradis-nexpose', '~> 4.6.0'
-gem 'dradis-nikto', '~> 4.6.0'
-gem 'dradis-nipper', '~> 4.6.0'
-gem 'dradis-nmap', '~> 4.6.0'
-gem 'dradis-ntospider', '~> 4.6.0'
-gem 'dradis-openvas', '~> 4.6.0'
-gem 'dradis-qualys', '~> 4.6.0'
-gem 'dradis-saint', '~> 4.6.0'
-gem 'dradis-veracode', '~> 4.6.0'
-gem 'dradis-wpscan', '~> 4.6.0'
-gem 'dradis-zap', '~> 4.6.0'
+gem 'dradis-acunetix', '~> 4.8.0'
+gem 'dradis-brakeman', '~> 4.8.0'
+gem 'dradis-burp', '~> 4.8.0'
+gem 'dradis-coreimpact', '~> 4.8.0'
+gem 'dradis-metasploit', '~> 4.8.0'
+gem 'dradis-nessus', '~> 4.8.0'
+gem 'dradis-netsparker', '~> 4.8.0'
+gem 'dradis-nexpose', '~> 4.8.0'
+gem 'dradis-nikto', '~> 4.8.0'
+gem 'dradis-nipper', '~> 4.8.0'
+gem 'dradis-nmap', '~> 4.8.0'
+gem 'dradis-ntospider', '~> 4.8.0'
+gem 'dradis-openvas', '~> 4.8.0'
+gem 'dradis-qualys', '~> 4.8.0'
+gem 'dradis-saint', '~> 4.8.0'
+gem 'dradis-veracode', '~> 4.8.0'
+gem 'dradis-wpscan', '~> 4.8.0'
+gem 'dradis-zap', '~> 4.8.0'