Merge branch 'develop' into my-tasks-scaffold

dradis · Jun 26, 2024 · 32413a7 · 32413a7
2 parents f4001ba + 8f1ed61
commit 32413a7
Show file tree

Hide file tree

Showing 23 changed files with 242 additions and 117 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,6 +5,7 @@ on:
     branches: ['*']
   push:
     branches: [develop, main]
+  workflow_dispatch:
 
 jobs:
   audits:

diff --git a/CHANGELOG b/CHANGELOG
@@ -1,11 +1,8 @@
 [v#.#.#] ([month] [YYYY])
-  - [entity]:
-    - [future tense verb] [feature]
-  - Upgraded gems:
-    - [gem]
+  - Liquid: Make project-level collections available for Liquid syntax
+  - Upgraded gems: nokogiri, rails, rexml
   - Bugs fixes:
-    - [entity]:
-      - [future tense verb] [bug fix]
+    - Navigation: Restore functionality of native browser back/forward buttons
     - Bug tracker items:
       - [item]
   - New integrations:

diff --git a/Gemfile b/Gemfile
@@ -5,7 +5,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby '3.1.2'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 7.0.8'
+gem 'rails', '~> 7.0.8.4'
 
 # Use SCSS for stylesheets
 gem 'sass-rails', '~> 6.0'
@@ -254,6 +254,7 @@ gem 'dradis-nipper', '~> 4.12.0'
 gem 'dradis-nmap', '~> 4.12.0'
 gem 'dradis-ntospider', '~> 4.12.0'
 gem 'dradis-openvas', '~> 4.12.0'
+gem 'dradis-pentera', '~> 4.12.0'
 gem 'dradis-qualys', '~> 4.12.0'
 gem 'dradis-saint', '~> 4.12.0'
 gem 'dradis-veracode', '~> 4.12.0'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -8,67 +8,67 @@ GEM
   remote: https://rubygems.org/
   specs:
     RedCloth (4.3.2)
-    actioncable (7.0.8.1)
-      actionpack (= 7.0.8.1)
-      activesupport (= 7.0.8.1)
+    actioncable (7.0.8.4)
+      actionpack (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.8.1)
-      actionpack (= 7.0.8.1)
-      activejob (= 7.0.8.1)
-      activerecord (= 7.0.8.1)
-      activestorage (= 7.0.8.1)
-      activesupport (= 7.0.8.1)
+    actionmailbox (7.0.8.4)
+      actionpack (= 7.0.8.4)
+      activejob (= 7.0.8.4)
+      activerecord (= 7.0.8.4)
+      activestorage (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.8.1)
-      actionpack (= 7.0.8.1)
-      actionview (= 7.0.8.1)
-      activejob (= 7.0.8.1)
-      activesupport (= 7.0.8.1)
+    actionmailer (7.0.8.4)
+      actionpack (= 7.0.8.4)
+      actionview (= 7.0.8.4)
+      activejob (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (7.0.8.1)
-      actionview (= 7.0.8.1)
-      activesupport (= 7.0.8.1)
+    actionpack (7.0.8.4)
+      actionview (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
       rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.8.1)
-      actionpack (= 7.0.8.1)
-      activerecord (= 7.0.8.1)
-      activestorage (= 7.0.8.1)
-      activesupport (= 7.0.8.1)
+    actiontext (7.0.8.4)
+      actionpack (= 7.0.8.4)
+      activerecord (= 7.0.8.4)
+      activestorage (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.8.1)
-      activesupport (= 7.0.8.1)
+    actionview (7.0.8.4)
+      activesupport (= 7.0.8.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.8.1)
-      activesupport (= 7.0.8.1)
+    activejob (7.0.8.4)
+      activesupport (= 7.0.8.4)
       globalid (>= 0.3.6)
-    activemodel (7.0.8.1)
-      activesupport (= 7.0.8.1)
-    activerecord (7.0.8.1)
-      activemodel (= 7.0.8.1)
-      activesupport (= 7.0.8.1)
-    activestorage (7.0.8.1)
-      actionpack (= 7.0.8.1)
-      activejob (= 7.0.8.1)
-      activerecord (= 7.0.8.1)
-      activesupport (= 7.0.8.1)
+    activemodel (7.0.8.4)
+      activesupport (= 7.0.8.4)
+    activerecord (7.0.8.4)
+      activemodel (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
+    activestorage (7.0.8.4)
+      actionpack (= 7.0.8.4)
+      activejob (= 7.0.8.4)
+      activerecord (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (7.0.8.1)
+    activesupport (7.0.8.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -119,7 +119,7 @@ GEM
       activesupport (>= 3.0.0)
       railties (>= 3.0.0)
       thor (>= 0.14.6)
-    concurrent-ruby (1.2.3)
+    concurrent-ruby (1.3.1)
     crass (1.0.6)
     database_cleaner (1.8.2)
     date (3.3.4)
@@ -171,6 +171,8 @@ GEM
       dradis-plugins (~> 4.0)
     dradis-openvas (4.12.0)
       dradis-plugins (~> 4.0)
+    dradis-pentera (4.12.0)
+      dradis-plugins (~> 4.0)
     dradis-plugins (4.12.1)
     dradis-projects (4.12.0)
       dradis-plugins (>= 4.8.0)
@@ -223,7 +225,7 @@ GEM
     html-pipeline (2.12.3)
       activesupport (>= 2)
       nokogiri (>= 1.4)
-    i18n (1.14.1)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
     image_size (1.3.1)
     importmap-rails (1.2.1)
@@ -275,38 +277,38 @@ GEM
       net-imap
       net-pop
       net-smtp
-    marcel (1.0.2)
+    marcel (1.0.4)
     matrix (0.4.2)
     method_source (0.9.2)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.5)
+    mini_portile2 (2.8.7)
     mini_racer (0.6.2)
       libv8-node (~> 16.10.0.0)
-    minitest (5.22.2)
+    minitest (5.23.1)
     mono_logger (1.1.1)
     msgpack (1.5.2)
     multi_json (1.15.0)
     mustermann (2.0.2)
       ruby2_keywords (~> 0.0.1)
     nenv (0.3.0)
-    net-imap (0.4.10)
+    net-imap (0.4.12)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
     net-protocol (0.2.2)
       timeout
-    net-smtp (0.4.0.1)
+    net-smtp (0.5.0)
       net-protocol
-    nio4r (2.7.0)
-    nokogiri (1.16.2)
+    nio4r (2.7.3)
+    nokogiri (1.16.5)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.16.2-arm64-darwin)
+    nokogiri (1.16.5-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.2-x86_64-darwin)
+    nokogiri (1.16.5-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.2-x86_64-linux)
+    nokogiri (1.16.5-x86_64-linux)
       racc (~> 1.4)
     notiffany (0.1.3)
       nenv (~> 0.1)
@@ -327,28 +329,28 @@ GEM
     public_suffix (5.0.3)
     puma (6.4.2)
       nio4r (~> 2.0)
-    racc (1.7.3)
-    rack (2.2.8.1)
+    racc (1.8.0)
+    rack (2.2.9)
     rack-mini-profiler (2.3.0)
       rack (>= 1.2.0)
     rack-protection (2.2.3)
       rack
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (7.0.8.1)
-      actioncable (= 7.0.8.1)
-      actionmailbox (= 7.0.8.1)
-      actionmailer (= 7.0.8.1)
-      actionpack (= 7.0.8.1)
-      actiontext (= 7.0.8.1)
-      actionview (= 7.0.8.1)
-      activejob (= 7.0.8.1)
-      activemodel (= 7.0.8.1)
-      activerecord (= 7.0.8.1)
-      activestorage (= 7.0.8.1)
-      activesupport (= 7.0.8.1)
+    rails (7.0.8.4)
+      actioncable (= 7.0.8.4)
+      actionmailbox (= 7.0.8.4)
+      actionmailer (= 7.0.8.4)
+      actionpack (= 7.0.8.4)
+      actiontext (= 7.0.8.4)
+      actionview (= 7.0.8.4)
+      activejob (= 7.0.8.4)
+      activemodel (= 7.0.8.4)
+      activerecord (= 7.0.8.4)
+      activestorage (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
       bundler (>= 1.15.0)
-      railties (= 7.0.8.1)
+      railties (= 7.0.8.4)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
@@ -359,15 +361,15 @@ GEM
       actionview (> 3.1)
       activesupport (> 3.1)
       railties (> 3.1)
-    railties (7.0.8.1)
-      actionpack (= 7.0.8.1)
-      activesupport (= 7.0.8.1)
+    railties (7.0.8.4)
+      actionpack (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
-    rake (13.1.0)
+    rake (13.2.1)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
@@ -389,7 +391,8 @@ GEM
       vegas (~> 0.1.2)
     resque-status (0.5.0)
       resque (~> 1.19)
-    rexml (3.2.5)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
     rinku (2.0.6)
     rprogram (0.3.2)
     rspec (3.10.0)
@@ -471,6 +474,7 @@ GEM
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
     sqlite3 (1.4.2)
+    strscan (3.1.0)
     terser (1.1.15)
       execjs (>= 0.3.0, < 3)
     thor (1.2.2)
@@ -502,7 +506,7 @@ GEM
       chronic (>= 0.6.3)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.13)
+    zeitwerk (2.6.15)
 
 PLATFORMS
   arm64-darwin
@@ -544,6 +548,7 @@ DEPENDENCIES
   dradis-nmap (~> 4.12.0)
   dradis-ntospider (~> 4.12.0)
   dradis-openvas (~> 4.12.0)
+  dradis-pentera (~> 4.12.0)
   dradis-plugins (~> 4.12.1)
   dradis-projects (~> 4.12.0)
   dradis-qualys (~> 4.12.0)
@@ -579,7 +584,7 @@ DEPENDENCIES
   pg
   puma (>= 6.4.2)
   rack-mini-profiler (~> 2.0)
-  rails (~> 7.0.8)
+  rails (~> 7.0.8.4)
   rails-html-sanitizer (~> 1.4.4)
   record_tag_helper
   rerun

diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
 # Welcome to the Dradis Framework
 
-[ ![CI](https://github.com/dradis/dradis-ce/actions/workflows/ci.yml/badge.svg)](https://github.com/dradis/dradis-ce/actions/workflows/ci.yml)
-[ ![Code quality](https://codeclimate.com/github/dradis/dradis-ce/badges/gpa.svg)](https://codeclimate.com/github/dradis/dradis-ce)
-[ ![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2016.svg)](https://www.blackhat.com/us-16/arsenal.html#dradis-framework)
+[![CI](https://github.com/dradis/dradis-ce/actions/workflows/ci.yml/badge.svg)](https://github.com/dradis/dradis-ce/actions/workflows/ci.yml)
+[![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2016.svg)](https://www.blackhat.com/us-16/arsenal.html#dradis-framework)
+[![@dradisfw on X](https://img.shields.io/twitter/follow/dradisfw?style=social)](https://twitter.com/dradisfw)
 
 Dradis is an open-source collaboration framework, tailored to InfoSec teams.
 

diff --git a/app/assets/javascripts/shared/behaviors.js b/app/assets/javascripts/shared/behaviors.js
@@ -81,11 +81,18 @@
     }
 
     // Update address bar with current tab param
-    $('[data-bs-toggle~=tab]').on('shown.bs.tab', function (e) {
-      let currentTab = $(e.target).attr('href').substring(1);
-      searchParams.set('tab', currentTab);
-      history.pushState(null, null, `?${searchParams.toString()}`);
-    });
+    $(parentElement)
+      .find('[data-bs-toggle~=tab]')
+      .on('shown.bs.tab', function (e) {
+        let currentTab = $(e.target).attr('href').substring(1);
+        searchParams.set('tab', currentTab);
+        let urlWithTab = `?${searchParams.toString()}`;
+        history.pushState(
+          { turbolinks: true, url: urlWithTab },
+          '',
+          urlWithTab
+        );
+      });
   }
 
   document.addEventListener('turbolinks:load', function () {

diff --git a/app/assets/javascripts/tylium.js b/app/assets/javascripts/tylium.js
@@ -51,6 +51,7 @@
 //= require tylium/modules/export
 //= require tylium/modules/fileupload
 //= require tylium/modules/issues
+//= require tylium/modules/liquid_async
 //= require tylium/modules/nodes
 //= require tylium/modules/search
 //= require tylium/modules/sidebar

diff --git a/app/assets/javascripts/tylium/modules/liquid_async.js b/app/assets/javascripts/tylium/modules/liquid_async.js
@@ -0,0 +1,22 @@
+document.addEventListener('turbolinks:load', function () {
+  $('[data-behavior~=liquid-async]').each(function () {
+    const that = this,
+      data = { text: $(that).attr('data-content') },
+      $spinner = $(that).prev().find('[data-behavior~=liquid-spinner');
+
+    fetch($(that).attr('data-path'), {
+      method: 'POST',
+      headers: {
+        Accept: 'text/html',
+        'Content-Type': 'application/json',
+        'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content'),
+      },
+      body: JSON.stringify(data),
+    })
+      .then((response) => response.text())
+      .then(function (html) {
+        $(that).html(html);
+        $spinner.addClass('d-none');
+      });
+  });
+});