New ZAP Proxy upload plugin

First version of the new upload plugin to parse OWASP Zed Attack Proxy
XML reports.

See also:
  https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
  http://dradisframework.uservoice.com/forums/38386-general/suggestions/2314108-zap-import-plugin?ref=title
  http://guides.dradisframework.org/plugins_upload.html

vendor/plugins/zap_upload/README

@@ -0,0 +1,12 @@
+ZapUpload
+=========
+
+The ZAP upload plugin will allow users to upload ZAP Proxy [i] report XML files.
+
+[i]
+https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
+
+Console use
+===========
+
+$ bundle exec thor dradis:upload:zap /path/to/ZAP_report.xml

vendor/plugins/zap_upload/Rakefile

@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the zap_upload plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the zap_upload plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ZapUpload'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

vendor/plugins/zap_upload/init.rb

@@ -0,0 +1 @@
+require 'zap_upload'

vendor/plugins/zap_upload/install.rb

@@ -0,0 +1 @@
+# Install hook code here

vendor/plugins/zap_upload/lib/tasks/thorfile.rb

@@ -0,0 +1,26 @@
+class DradisTasks < Thor
+  class Upload < Thor
+    namespace "dradis:upload"
+
+   desc  "zap FILE", "upload ZAP results"
+   long_desc "This will appear if the user runs 'thor help dradis:upload:zap'"
+   def zap(file_path)
+     require 'config/environment'
+
+     logger = Logger.new(STDOUT)
+     logger.level = Logger::DEBUG
+
+     unless File.exists?(file_path)
+       $stderr.puts "** the file [#{file_path}] does not exist"
+       exit -1
+     end
+
+     ZapUpload.import(
+       :file => file_path,
+       :logger => logger)
+
+     logger.close
+   end
+
+  end
+end

vendor/plugins/zap_upload/lib/zap_upload.rb

@@ -0,0 +1,20 @@
+# ZapUpload
+
+require 'zap_upload/filters'
+require 'zap_upload/meta'
+
+module ZapUpload
+  class Configuration < Core::Configurator
+    configure :namespace => 'zap_upload'
+    setting :category, :default => 'ZAP output'
+    setting :author, :default => 'ZAP plugin'
+    setting :parent_node, :default => 'plugin.zap'
+  end
+end
+
+# This includes the import plugin module in the dradis import plugin repository
+module Plugins
+  module Upload 
+    include ZapUpload
+  end
+end

vendor/plugins/zap_upload/lib/zap_upload/filters.rb

@@ -0,0 +1,48 @@
+module ZapUpload  
+  private
+  @@logger=nil
+
+  public
+
+  # This method will be called by the framework when the user selects your 
+  # plugin from the drop down list of the 'Import from file' dialog
+  def self.import(params={})
+    file_content = File.read( params[:file] )
+    @@logger = params.fetch(:logger, Rails.logger)
+
+    # create the parent node early so we can use it to provide feedback on errors
+    parent = Node.find_or_create_by_label( Configuration.parent_node)
+    # every note we create will be assigned to this author
+    author = Configuration.author
+    # get the note category instance or create it if it does not exist
+    category = Category.find_or_create_by_name( Configuration.category )
+
+    @@logger.info{ 'Parsing ZAP output...' }
+    doc = Nokogiri::XML(file_content)
+    @@logger.info{ 'Done.' }
+
+    # Add a note to the plugin root folder with the file name and report date
+    file_name = File.basename(params[:file])
+    report_date = doc.root.children.first.text
+    parent.notes.create(
+      :author => author,
+      :category => category,
+      :text => "#[Title]#\nZAP upload: #{file_name}\n\n#[Report_date]##{report_date}")
+
+    # Process the report contents
+    doc.xpath('/report/alertitem').each do |alert|
+      alert_name = alert.xpath('alert').text
+      alert_text = alert.elements.collect{ |attribute|
+        "#[#{attribute.name.capitalize}]#\n#{attribute.text}\n\n"
+      }.join("\n")
+
+      @@logger.info{ "Parsing alert item: #{alert_name}" }
+
+      alert_node = parent.children.find_or_create_by_label(alert_name)
+      alert_node.notes.create(
+        :author => author,
+        :category => category,
+        :text => alert_text)
+    end
+  end
+end

vendor/plugins/zap_upload/lib/zap_upload/meta.rb

@@ -0,0 +1,14 @@
+module ZapUpload  
+  module Meta
+    NAME = "ZAP Upload plugin"
+    EXPECTS = "ZAP Proxy XML reports. Generate through  Report > Generate XML Report ..."
+    # change this to the appropriate version
+    module VERSION #:nodoc:
+      MAJOR = 2
+      MINOR = 9
+      TINY = 0
+
+      STRING = [MAJOR, MINOR, TINY].join('.')
+    end
+  end
+end

vendor/plugins/zap_upload/test/zap_upload_test.rb

@@ -0,0 +1,16 @@
+require 'test/unit'
+
+# require Rails testing framework
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+
+# require this plugin
+$:.unshift File.dirname(__FILE__) + '/../lib'
+require File.dirname(__FILE__) + '/../init'
+
+
+class ZapUploadTest < Test::Unit::TestCase
+  # Replace this with your real tests.
+  def test_this_plugin
+    flunk
+  end
+end

vendor/plugins/zap_upload/uninstall.rb

@@ -0,0 +1 @@
+# Uninstall hook code here