Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add report_host fields to evidence #41

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add report_host fields to evidence #41

wants to merge 3 commits into from

Conversation

aapomm
Copy link
Contributor

@aapomm aapomm commented Sep 1, 2021
edited
Loading

Spec

Several other plugins have fields like:

  • evidence.url (Netsparker)
  • issue.host (Burp)

But, Nessus does not.

We can't pull something like the "evidence.fqdn" into Nessus because the FQDN is stored within the

<ReportHost>
  <HostProperties>

tag (example: https://github.com/dradis/dradis-nessus/blob/master/spec/fixtures/files/example_v2.nessus#L1379) while the Issues/Evidence come from the tags: https://github.com/dradis/dradis-nessus/blob/master/spec/fixtures/files/example_v2.nessus#L1394

Is there any good way to pull the FQDN into the Evidence template in the Plugin Manager as an available field?

Proposed solution
Use the xml_host for building the evidence content instead of the xml_report_item. This makes the evidence content similar to the ReportHost and gives access to the HostProperties in the XML.

Other Information

If there's anything else that's important and relevant to your pull
request, mention that information here. This could include
benchmarks, or other information.

Thanks for contributing to Dradis!

Copyright assignment

Collaboration is difficult with commercial closed source but we want
to keep as much of the OSS ethos as possible available to users
who want to fix it themselves.

In order to unambiguously own and sell Dradis Framework commercial
products, we must have the copyright associated with the entire
codebase. Any code you create which is merged must be owned by us.
That's not us trying to be a jerks, that's just the way it works.

Please review the CONTRIBUTING.md
file for the details.

You can delete this section, but the following sentence needs to
remain in the PR's description:

I assign all rights, including copyright, to any future Dradis
work by myself to Security Roots.

@aapomm aapomm mentioned this pull request Sep 1, 2021
Closed
@randomactsofsecurity
Copy link

randomactsofsecurity commented Feb 10, 2022
edited
Loading

It would be nice if you could access the values already set in the host node process_report_host, such as the ip & fqdn. Since this function already parses the main <HostProperties>, these values are already set within this host and every piece of evidence could have these same properties.

Instead, it parses the nessus hostproperties once, then when process_report_item is called it will process the hostproperties again so that the evidence can have the same values.

While you can use %report_host.fqdn in the evidence template, this value will be overwritten with whatever value it finds due to the second stage xml parsing inside of process_report_item.

The use case for this is, just like the original issue, if someone wants to set a default value or modify one of the properties (fqdn,ip, netbios) (e.g., if a FQDN is not actually in the nessus file) they still have to modify the process_report_item for a second time, since no edits into the original host "stick" due to the multiple XML parsing issues.

evidence_content = template_service.process_template(template: 'evidence', data: xml_host_dup) has no awareness of the host_node object

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@aapomm @randomactsofsecurity