Merge pull request #67 from dradis/cwe

Add cwe_entries as available Issue field
dradis · Jul 11, 2024 · 14052fa · 14052fa
2 parents 7211ba9 + 71b6fdc
commit 14052fa
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
-v4.13.0 (XXXX 2024)
-  - Support the new vulnerability_priority_rating tag
+v4.13.0 (Mmmm 2024)
+ - Add `cwe_entries` as an available Issue field
+ - Add `vulnerability_priority_rating` as an available Issue field
 
 v4.12.0 (May 2024)
  - Migrate integration to use Mappings Manager

diff --git a/lib/dradis/plugins/nessus/gem_version.rb b/lib/dradis/plugins/nessus/gem_version.rb
@@ -8,7 +8,7 @@ def self.gem_version
 
       module VERSION
         MAJOR = 4
-        MINOR = 12
+        MINOR = 13
         TINY = 0
         PRE = nil
 

diff --git a/lib/dradis/plugins/nessus/mapping.rb b/lib/dradis/plugins/nessus/mapping.rb
@@ -55,6 +55,7 @@ module Mapping
         'report_item.age_of_vuln',
         'report_item.bid_entries',
         'report_item.cve_entries',
+        'report_item.cwe_entries',
         'report_item.cvss3_base_score',
         'report_item.cvss3_impact_score',
         'report_item.cvss3_temporal_score',

diff --git a/lib/nessus/report_item.rb b/lib/nessus/report_item.rb
@@ -31,7 +31,7 @@ def supported_tags
         :risk_factor, :solution, :synopsis, :threat_intensity_last_28, :threat_recency, 
         :threat_sources_last_28, :vpr_score, :vuln_publication_date,
         # multiple tags
-        :bid_entries, :cve_entries, :see_also_entries, :xref_entries,
+        :bid_entries, :cve_entries, :cwe_entries, :see_also_entries, :xref_entries,
         # compliance tags
         :cm_actual_value, :cm_audit_file, :cm_check_id, :cm_check_name, :cm_info,
         :cm_output, :cm_policy_value, :cm_reference, :cm_result, :cm_see_also,
@@ -113,6 +113,7 @@ def method_missing(method, *args)
       translations_table = {
         :bid_entries => 'bid',
         :cve_entries => 'cve',
+        :cwe_entries => 'cwe',
         :see_also_entries => 'see_also',
         :xref_entries  => 'xref'
       }

diff --git a/spec/dradis/plugins/nessus/importer_spec.rb b/spec/dradis/plugins/nessus/importer_spec.rb
@@ -2,12 +2,10 @@
 require 'ostruct'
 
 describe Dradis::Plugins::Nessus::Importer do
-
   before(:each) do
-    # Stub template service
-    templates_dir = File.expand_path('../../../../../templates', __FILE__)
-    expect_any_instance_of(Dradis::Plugins::TemplateService)
-    .to receive(:default_templates_dir).and_return(templates_dir)
+    mapping_service = double('Dradis::Plugins::MappingService')
+    allow(mapping_service).to receive(:apply_mapping).and_return('')
+    allow(Dradis::Plugins::MappingService).to receive(:new).and_return(mapping_service)
 
     # Init services
     plugin = Dradis::Plugins::Nessus

diff --git a/templates/report_item.sample b/templates/report_item.sample
@@ -46,6 +46,7 @@ If safe checks are enabled, this may be a false positive since it is based on th
   <product_coverage>Low</product_coverage>
   <canvas_package>CANVAS</canvas_package>
   <cve>CVE-2002-0392</cve>
+  <cwe>123</cwe>
   <bid>5033</bid>
   <xref>IAVA:2002-a-0003</xref>
   <xref>OSVDB:838</xref>