[develop] Release 4.10

CHANGELOG

@@ -1,31 +1,15 @@
-[v#.#.#] ([month] [YYYY])
-  - Tylium: Consolidate sidebars
+v4.10.0 (September 2023)
+  - Tylium: 
+    - Consolidate sidebars
+    - Add issue.author to liquid issue drop
   - Upgraded gems:
     - font-awesome-sass, nokogiri, puma, rails, sanitize, selenium-webdriver
   - Bugs fixes:
-    - QA:
-      - Enable @mentions and formatting toolbar for comments in QA show views
-      - Updated link to QA guide
-    - [entity]:
-      - [future tense verb] [bug fix]
-    - Bug tracker items:
-      - [item]
-  - New integrations:
-    - [integration]
-  - Integration enhancements:
-    - [integration]:
-      - [future tense verb] [integration enhancement]
-      - [integration bug fixes]:
-        - [future tense verb] [integration bug fix]
-  - Reporting enhancements:
-    - [report type]:
-      - [future tense verb] [reporting enhancement]
+    - QA: Enable @mentions and formatting toolbar for comments in QA show views
   - REST/JSON API enhancements:
     - Boards, Lists, Cards: add initial implementation
   - Security Fixes:
-    - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
-    - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
-    - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Medium: Authenticated (author) broken access control: read access to system files
 
 v4.9.0 (June 2023)
   - Tylium: Extend support for Liquid Dynamic Content
@@ -219,6 +203,8 @@ v4.1.0 (November 2021)
       - Remove orphaned <b> tags
   - Security Fixes:
     - High: Authenticated author broken access control: read access to issue content
+    - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
 
 v4.0.0 (July 2021)
   * Dynamic content across the app

Gemfile

@@ -215,12 +215,12 @@ end
 #
 
 # Base framework classes required by other plugins
-gem 'dradis-plugins', '~> 4.9.0'
+gem 'dradis-plugins', '~> 4.10.0'
 
 gem 'dradis-api', path: 'engines/dradis-api'
 
 # Import / export project data
-gem 'dradis-projects', '~> 4.9.0'
+gem 'dradis-projects', '~> 4.10.0'
 
 plugins_file = 'Gemfile.plugins'
 if File.exists?(plugins_file)
@@ -232,33 +232,32 @@ end
 
 # ----------------------------------------------------------------- Calculators
 
-# Update these to v4.10.0 before release
-gem 'dradis-calculator_cvss', github: 'dradis/dradis-calculator_cvss'
-gem 'dradis-calculator_dread', github: 'dradis/dradis-calculator_dread'
+gem 'dradis-calculator_cvss', '~> 4.10.0'
+gem 'dradis-calculator_dread', '~> 4.10.0'
 
 # ---------------------------------------------------------------------- Export
-gem 'dradis-csv_export', '~> 4.9.0'
-gem 'dradis-html_export', '~> 4.9.1'
+gem 'dradis-csv_export', '~> 4.10.0'
+gem 'dradis-html_export', '~> 4.10.1'
 
 # ---------------------------------------------------------------------- Import
-gem 'dradis-csv', '~> 4.9.0'
+gem 'dradis-csv', '~> 4.10.0'
 
 # ---------------------------------------------------------------------- Upload
-gem 'dradis-acunetix', '~> 4.9.0'
-gem 'dradis-brakeman', '~> 4.9.0'
-gem 'dradis-burp', '~> 4.9.0'
-gem 'dradis-coreimpact', '~> 4.9.0'
-gem 'dradis-metasploit', '~> 4.9.0'
-gem 'dradis-nessus', '~> 4.9.0'
-gem 'dradis-netsparker', '~> 4.9.0'
-gem 'dradis-nexpose', '~> 4.9.0'
-gem 'dradis-nikto', '~> 4.9.0'
-gem 'dradis-nipper', '~> 4.9.0'
-gem 'dradis-nmap', '~> 4.9.0'
-gem 'dradis-ntospider', '~> 4.9.0'
-gem 'dradis-openvas', '~> 4.9.0'
-gem 'dradis-qualys', '~> 4.9.0'
-gem 'dradis-saint', '~> 4.9.0'
-gem 'dradis-veracode', '~> 4.9.0'
-gem 'dradis-wpscan', '~> 4.9.0'
-gem 'dradis-zap', '~> 4.9.0'
+gem 'dradis-acunetix', '~> 4.10.0'
+gem 'dradis-brakeman', '~> 4.10.0'
+gem 'dradis-burp', '~> 4.10.0'
+gem 'dradis-coreimpact', '~> 4.10.0'
+gem 'dradis-metasploit', '~> 4.10.0'
+gem 'dradis-nessus', '~> 4.10.0'
+gem 'dradis-netsparker', '~> 4.10.0'
+gem 'dradis-nexpose', '~> 4.10.0'
+gem 'dradis-nikto', '~> 4.10.0'
+gem 'dradis-nipper', '~> 4.10.0'
+gem 'dradis-nmap', '~> 4.10.0'
+gem 'dradis-ntospider', '~> 4.10.0'
+gem 'dradis-openvas', '~> 4.10.0'
+gem 'dradis-qualys', '~> 4.10.0'
+gem 'dradis-saint', '~> 4.10.0'
+gem 'dradis-veracode', '~> 4.10.0'
+gem 'dradis-wpscan', '~> 4.10.0'
+gem 'dradis-zap', '~> 4.10.0'

Gemfile.lock

@@ -1,21 +1,7 @@
-GIT
-  remote: https://github.com/dradis/dradis-calculator_cvss.git
-  revision: 8d2ffb5047b03b1ef015c450597a4828f80209b5
-  specs:
-    dradis-calculator_cvss (4.9.0)
-      dradis-plugins (~> 4.0)
-
-GIT
-  remote: https://github.com/dradis/dradis-calculator_dread.git
-  revision: 241855179610221f021d065427515e4df7057f22
-  specs:
-    dradis-calculator_dread (4.9.0)
-      dradis-plugins (~> 4.0)
-
 PATH
   remote: engines/dradis-api
   specs:
-    dradis-api (4.9.0)
+    dradis-api (4.10.0)
       jbuilder
 
 GEM
@@ -131,67 +117,71 @@ GEM
     date (3.3.3)
     diff-lcs (1.5.0)
     differ (0.1.2)
-    dradis-acunetix (4.9.0)
+    dradis-acunetix (4.10.0)
       dradis-plugins (~> 4.0)
       nokogiri (~> 1.3)
-    dradis-brakeman (4.9.0)
+    dradis-brakeman (4.10.0)
       dradis-plugins (~> 4.0)
-    dradis-burp (4.9.0)
+    dradis-burp (4.10.0)
       dradis-plugins (~> 4.0)
       nokogiri (~> 1.3)
-    dradis-coreimpact (4.9.0)
+    dradis-calculator_cvss (4.10.0)
+      dradis-plugins (~> 4.0)
+    dradis-calculator_dread (4.10.0)
+      dradis-plugins (~> 4.0)
+    dradis-coreimpact (4.10.0)
       dradis-plugins (~> 4.0)
-    dradis-csv (4.9.0)
+    dradis-csv (4.10.0)
       dradis-plugins (~> 4.0)
-    dradis-csv_export (4.9.0)
+    dradis-csv_export (4.10.0)
       dradis-plugins (>= 4.8.0)
-    dradis-html_export (4.9.1)
+    dradis-html_export (4.10.1)
       RedCloth (~> 4.3.2)
       dradis-plugins (>= 4.8.0)
       rails_autolink (~> 1.1)
-    dradis-metasploit (4.9.0)
+    dradis-metasploit (4.10.0)
       dradis-plugins (~> 4.0)
       nokogiri (~> 1.3)
-    dradis-nessus (4.9.0)
+    dradis-nessus (4.10.0)
       dradis-plugins (~> 4.0)
       nokogiri
-    dradis-netsparker (4.9.0)
+    dradis-netsparker (4.10.0)
       dradis-plugins (~> 4.0)
       nokogiri (>= 1.12.5)
-    dradis-nexpose (4.9.0)
+    dradis-nexpose (4.10.0)
       dradis-plugins (~> 4.0)
       nokogiri (~> 1.3)
-    dradis-nikto (4.9.0)
+    dradis-nikto (4.10.0)
       dradis-plugins (~> 4.0)
       nokogiri (~> 1.3)
-    dradis-nipper (4.9.0)
+    dradis-nipper (4.10.0)
       dradis-plugins (~> 4.0)
-    dradis-nmap (4.9.0)
+    dradis-nmap (4.10.0)
       dradis-plugins (~> 4.0)
       ruby-nmap (~> 0.7)
-    dradis-ntospider (4.9.0)
+    dradis-ntospider (4.10.0)
       dradis-plugins (~> 4.0)
-    dradis-openvas (4.9.0)
+    dradis-openvas (4.10.0)
       dradis-plugins (~> 4.0)
-    dradis-plugins (4.9.0)
-    dradis-projects (4.9.0)
+    dradis-plugins (4.10.0)
+    dradis-projects (4.10.0)
       dradis-plugins (>= 4.8.0)
       rubyzip
-    dradis-qualys (4.9.0)
+    dradis-qualys (4.10.0)
       dradis-plugins (~> 4.0)
       nokogiri (~> 1.3)
-    dradis-saint (4.9.0)
+    dradis-saint (4.10.0)
       combustion (~> 0.6.0)
       dradis-plugins (~> 4.0)
       nokogiri
       rake (~> 13.0)
       rspec-rails
-    dradis-veracode (4.9.0)
+    dradis-veracode (4.10.0)
       dradis-plugins (~> 4.0)
-    dradis-wpscan (4.9.0)
+    dradis-wpscan (4.10.0)
       dradis-plugins (~> 4.0)
       multi_json
-    dradis-zap (4.9.0)
+    dradis-zap (4.10.0)
       dradis-plugins (~> 4.0)
       nokogiri (~> 1.3)
     erubi (1.12.0)
@@ -530,32 +520,32 @@ DEPENDENCIES
   coffee-rails (~> 5.0)
   database_cleaner
   differ (~> 0.1.2)
-  dradis-acunetix (~> 4.9.0)
+  dradis-acunetix (~> 4.10.0)
   dradis-api!
-  dradis-brakeman (~> 4.9.0)
-  dradis-burp (~> 4.9.0)
-  dradis-calculator_cvss!
-  dradis-calculator_dread!
-  dradis-coreimpact (~> 4.9.0)
-  dradis-csv (~> 4.9.0)
-  dradis-csv_export (~> 4.9.0)
-  dradis-html_export (~> 4.9.1)
-  dradis-metasploit (~> 4.9.0)
-  dradis-nessus (~> 4.9.0)
-  dradis-netsparker (~> 4.9.0)
-  dradis-nexpose (~> 4.9.0)
-  dradis-nikto (~> 4.9.0)
-  dradis-nipper (~> 4.9.0)
-  dradis-nmap (~> 4.9.0)
-  dradis-ntospider (~> 4.9.0)
-  dradis-openvas (~> 4.9.0)
-  dradis-plugins (~> 4.9.0)
-  dradis-projects (~> 4.9.0)
-  dradis-qualys (~> 4.9.0)
-  dradis-saint (~> 4.9.0)
-  dradis-veracode (~> 4.9.0)
-  dradis-wpscan (~> 4.9.0)
-  dradis-zap (~> 4.9.0)
+  dradis-brakeman (~> 4.10.0)
+  dradis-burp (~> 4.10.0)
+  dradis-calculator_cvss (~> 4.10.0)
+  dradis-calculator_dread (~> 4.10.0)
+  dradis-coreimpact (~> 4.10.0)
+  dradis-csv (~> 4.10.0)
+  dradis-csv_export (~> 4.10.0)
+  dradis-html_export (~> 4.10.1)
+  dradis-metasploit (~> 4.10.0)
+  dradis-nessus (~> 4.10.0)
+  dradis-netsparker (~> 4.10.0)
+  dradis-nexpose (~> 4.10.0)
+  dradis-nikto (~> 4.10.0)
+  dradis-nipper (~> 4.10.0)
+  dradis-nmap (~> 4.10.0)
+  dradis-ntospider (~> 4.10.0)
+  dradis-openvas (~> 4.10.0)
+  dradis-plugins (~> 4.10.0)
+  dradis-projects (~> 4.10.0)
+  dradis-qualys (~> 4.10.0)
+  dradis-saint (~> 4.10.0)
+  dradis-veracode (~> 4.10.0)
+  dradis-wpscan (~> 4.10.0)
+  dradis-zap (~> 4.10.0)
   factory_bot_rails
   font-awesome-sass (~> 6.4.0)
   foreman

app/drops/issue_drop.rb

@@ -1,5 +1,5 @@
 class IssueDrop < BaseDrop
-  delegate :fields, :text, :title, to: :@record
+  delegate :author, :fields, :text, :title, to: :@record
 
   def affected
     @affected ||= @record.affected.map { |node| NodeDrop.new(node) }

app/views/export/_no_templates.html.erb

@@ -0,0 +1,11 @@
+<div class="alert alert-warning m-0">
+  <p>
+    This exporter doesn't have any report templates yet.
+    <% if current_user.respond_to?(:role?) && current_user.role?(:admin) %>
+      <%= link_to 'Upload a template', main_app.admin_templates_reports_path(tab: plugin_name) %>, then try again.
+    <% else %>
+      Please contact your administrator.
+    <% end %>
+  </p>
+  <p>Read more about <%= link_to 'report templates', 'https://dradisframework.com/support/guides/administration/report_templates.html', target: '_blank' %>.</p>
+</div>

lib/dradis/ce/version.rb

@@ -2,7 +2,7 @@ module Dradis
   module CE #:nodoc:
     module VERSION #:nodoc:
       MAJOR = 4
-      MINOR = 9
+      MINOR = 10
       TINY  = 0
       PRE = nil