Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
Checking mergeability… Don't worry, you can still create the pull request.
Commits on Apr 19, 2011
Daniel Martin Life goes on! 77a85d3
Daniel Martin We seed after we have cleared the database. Otherwise we would undo t…
…he seeding
Commits on Apr 20, 2011
Daniel Martin Upgrade to Rails 3.0.7 534a426
Daniel Martin keeping track of the changes from the very begining 7def493
Commits on Apr 28, 2011
Daniel Martin Ensure that when a node is deleted all the associated attachments are…
… deleted too
Daniel Martin Implement the first spec for the AttachmentController to upload a sim…
…ple file.

There are two gotchas:
* :before and :after every spec we have to create and destroy the corresponding Node
* we need a dummy upload file that we've implemented through ActionDispatch::Http::UploadedFile
Daniel Martin To use NodesController with the ExtJS client-side libs, we are going …
…to follow

a similar approach to what we do in NotesController.

The :node_id is only used inside the nested resources (see rake routes), when
performing operations against nodes, we have to use :id.

We are going to send an Ajax call and the easiest way to send the data in the
request is through a JSON-encoded value in the :data parameter (this is also
the default approach in ExtJS REST stores).
Daniel Martin We are finally going to implement different icons for different node …
…types in th

e tree.
Daniel Martin Add a new submenu to the nodes tree to change a node type so it can h…
…ave a

different icon.

This is implemented by an Ajax call to /nodes/<id>.json (nodes#update) passing
the :type_id as a parameter.

Next we need to use a different icon depending on each node's :type_id when
drawing the tree.
Daniel Martin Send the node type as part of the JSON-encoded version of the Node model 1d3ba40
Daniel Martin When loading the tree, use different icon classess (@iconCls@) for di…
…fferent node types
Daniel Martin When changing the node type, make a local change so the icon is updat…
…ed before sending the Ajax request to persist the change in the DB
Commits on Apr 29, 2011
Daniel Martin Instead of killing the old insterface and start from scratch or creat…
…ing a brand

new layout we can start by creating a new tab that will display the notes in a 
more pure HTML + CSS way as opposed to the current 'grid + preview' view.o

I have also updated the @nodeclick@ event handler to update the contents of the
new tab. Ideally this will invoke the REST /nodes/<id>/notes route to pull a
standard Rails view from the server.
Daniel Martin * Every time a node is clicked, load the /nodes/<id>/notes view (note…
…s#index) from the server.

* In @NotesController@ allow requests in HTML format

* Create a simple view that at least shows the list of available notes
Daniel Martin Create a new @notes/summary@ partial to display each notes in the lis…
…t of all the notes associated with a node.

Add some raw styles at least to see each note in a separate block.
Daniel Martin Add a few styles to the note header and footer 98c4d2c
Commits on May 09, 2011
Daniel Martin Stop using the deprecated Rails 2.x RAILS_DEFAULT_LOGGER and use Rail…
…s.looger introduced in Rails 3
Commits on May 11, 2011
Daniel Martin When calling ProjectTemplateUpload.import() pass the file name of the…
… template instead of a File object. Closes #4.
Daniel Martin Replace logger .debug() calls with .info() calls in the upload plugins
Full details can be found in issue #3 in the tracker [i] but the gist of it is
that Rails.logger wouldn't log traces under info() in production mode.

Our solution was to use @@logger.level = Logger.DEBUG to try to output the
traces but the truth is that most of the times it would make sense to use info()
instead of debug().

The other point is that when running through the Upload Manager, uploads are
processed in the background (using bj) and a custom logger (app/models/log.rb)
that logs the traces into the database (instead of STDOUT) is provided to the
plugins. To keep things simple, this logger doesn't support levels - i.e. level=()

Commits on May 18, 2011
Daniel Martin Merge branch 'RB-2.7' of etdsoftgit:dradis/dradisframework 50204b9
Daniel Martin Merge branch 'RB-2.7'
Commits on May 21, 2011
Daniel Martin Add a README page to be displayed in the GitHub repository page d889b74
Commits on May 22, 2011
Daniel Martin Add some bits and pieces of information to the README 4e47d2c
Daniel Martin Add some empty lines to separate paragraphs and ensure Markdown picks…
… up the desired styles
Daniel Martin Add links for every tool in the README 919faee
Daniel Martin Ultra-short getting started instructions 6bd6407
Daniel Martin Initial instructions on how to contribute a feature / patch 3526180
Commits on May 23, 2011
Daniel Martin Provide more space and less Ajax to the Note Editor
When editting long notes the old editor window (horizontal split of editor and
preview) was a bit uncomfortable. We are splitting the the editor and preview
widgets in two tabs, so you can focus on editing or previewing your work.

The changes required:

* Switch from a Border layout Panel to a TabPanel (each widget provides a Title
attribute that will be used in the corresponding tab)

* Instead of updating the preview widget on every `keypress` just update when
the user clicks on the _Preview_ tab.

More info at:
Commits on May 29, 2011
Daniel Martin Merge pending changes from 2.7.x release branch d2738eb
Daniel Martin For some reason the date of release was not in the CHANGELOG 85cdb36
Daniel Martin Replace the hard-coded path with Attachment::pwd
It's better to have a single place in the app specifying the attachments folder
so we can change it there if it has to be modified globally (for instance when
running under Heroku's read-only file system)
Commits on Jun 08, 2011
Daniel Martin Upgrade Rails (3.0.8 fixes the XSS/safe_buffer issue ) 1efc65b
Commits on Jun 10, 2011
Daniel Martin Disable the tabbed panel until the user clicks on a node
In order to prevent the situation when a user clicks on 'add note' after
reseting the database without having created a node (which breaks) we now
start with the right-hand side tab panel disabled.

This commit closes #16
Commits on Jun 11, 2011
Siebert Lubbe Adding a task to display the server version e11f98e
Siebert Lubbe A simple attempt to wrap the thor tasks into a binary 9ea33be
@etdsoft etdsoft Merge pull request #21 from siebertlubbe/master
A commit to resolve issue #13 and wrap thor tasks in dradis binary
Daniel Martin Update the CHANGELOG with the fix of #16 e20130d
Daniel Martin Refresh the vendor/cache/ after upgrading to Rails 3.0.8 822fabe
Daniel Martin We have a new dradis:version task 9c2f56c
Daniel Martin Make the stand-alone binary compatible with Ruby 1.9 4068250
Commits on Jun 16, 2011
Daniel Martin Update: Rails 3.0.8 and improved startup scripts 7b62409
Daniel Martin Don't refresh the Preview unless there is new content
To avoid making pointless Ajax calls to 'textilize' the note's source and
refresh the preview. Store the note's text in a new property (rawText) and check
whether the new text is different from the old one before making the Ajax call.

This commit closes issue #15
Daniel Martin Reflect we have closed #15 27169c2
Daniel Martin Refactor the HTMLExport plugin
* Move the code that generates the report into a separate HTMLExport::Processor class
* Replace the (empty) Rake tasks file with a new thorfile.rb
* Implement the dradis:export:html Thor task to generate HTML reports from the command line

This commit referencess #15
Daniel Martin Refactor SurecheckUpload to use Thor
Stop using Rake tasks and embrace Thor

Along with:


This commit closes #9
Daniel Martin Another closed issue d8e7ba0
Daniel Martin Cleanup this empty Rake file fa87886
Commits on Jun 21, 2011
Daniel Martin Typo in property name f6d1f54
Commits on Jun 23, 2011
Daniel Martin Make the need of RAILS_ENV explicit
Until we have a proper Thor-binary to take care of this for us, better be
explicit about using RAILS_ENV and 'bundler exec'
Commits on Jun 26, 2011
Daniel Martin Update to the latest Rails once again b797c0e
Commits on Jun 28, 2011
Daniel Martin Update the changelog. How many more versions of Rails before we release? 18fe742
Commits on Jul 05, 2011
Daniel Martin Support attachments names with multiple dots
Due to the way in which Rails default routes work (trying to figure out the
request's format by inspecting the :format parameter) attachments with multiple
dots in their name where not properly handled.

A couple of changes were required:

* A better route mapping that lets the :id parameter (attachment name) contain
any character including multiple dots
* The AttachmentsController needs to return valid JSON in order for the
attachmentsviewer.js#160 code to either commit or discard the current record.

This commit closes #19
Daniel Martin One more bug out of the way 8e640d0
Daniel Martin Cleanup the AttachmentsController
Now that we have a cleaner way of handling multiple dots in attachment
filenames (see 8803395) we no longer need to be messing around with
params[:id] and params[:format].

The other change affecting the **destination** variable cleans up the code and
makes use of the fact that Attachment.pwd is in fact a Pathname object
resulting in a cleaner code.
Daniel Martin Stop using updatenode and the JsonController
Instead of using a separate file on the client-side (thebrain.js) and an ad-hoc
controller like JsonController, make the client-side code call the
NodesController directly which already supports JSON operations.
Daniel Martin New section in README: how to get started from git
As Ken pointed out in the mailing list, it would be useful to have a quick
start guide for people wanting to clone the repo and start using it.

So apart from the cloning step just added some info on where to download the
verify, reset and startup scripts.
Daniel Martin When dropping a node, use NodesController#update
* There is no need to pass the node's :id or :label as the node is found by
the URL parameter

* Make sure any parameters are JSON-encoded and wrapped in the data field as
expected by the NodesController.
Daniel Martin Move the Ajax call to delete a node to a function
To keep the code cleaner and try to concentrate all the Ajax requests at the
bottom of the file in separate instance methods.
Daniel Martin New updateNode Ajax method in dradis.NodesTree
Instead of making an Ext.Ajax call every time we need to update a node within
the class, create a helper method that lets us send updates to the server (that
will be processed by NodesController#update).

Make use of the new updateNode method after the user changes the label of a
Daniel Martin Use the new updateNode in the nodedrop handler
Instead of a separate Ajax call, just use the updateNode method and pass the
new :parent_id for the node.
Daniel Martin Remove the delnode method as no-one uses it
The NodesTree is using it's own Ajax helper methods to communicate with
Daniel Martin Keep removing duplicated Ajax calls in NodesTree
Use updateNode in the changeNodeType method instead of creating an Ajax call
Daniel Martin Load JSON parameters for the Nodes#create action
When creating a new node (no :id has been sent), try to load the node parameters
from JSON as we already did in the Nodes#update action
Daniel Martin Stop using thebrain's addnode function
Implement a new NodesTree.createNode() method that uses NodesController#create
and sends data through JSON.
Daniel Martin Remove the addnode method for once and for all
Stop using the JsonController and talk to each controller directly in a RESTful
Daniel Martin Remove the JsonController and all associated files
This controller was created back in the day when we didn't have a good
understanding of how to make things RESTful.
Commits on Jul 06, 2011
Daniel Martin Stop using dradis.ajax and use Ext.Ajax
dradis.ajax is a legacy function used back in the day to pass the CSRF tokens
during Ajax calls. This is now handled in interface.js#279 for every Ajax call
made through ExtJS so we should be good to use the standard functions.
Daniel Martin No reason to use dradis.ajax instead of Ext.Ajax cd11a4b
Daniel Martin Remove the dradis.ajax function definition
This was deprecated long time ago and should have been removed back then.
Daniel Martin Merging upstream changes d746c57
Daniel Martin Implement new import filter for MediaWiki 1.15
The MediaWiki API has changed significantly between versions 1.14 and 1.15,
this commit adds a new import filter to support MediaWiki 1.15.

Kudos to Justing Hohner for submitting the patch.
Daniel Martin Create separate MediaWiki 1.14 and 1.15 tasks 7ca1a8d
Commits on Jul 07, 2011
Daniel Martin Use Attachment.pwd instead of File.join
Make use of the fact that Attachment.pwd is a Pathname object and use to join
the required paths and file names during the db seeding phase.
Commits on Jul 09, 2011
Daniel Martin Listen for 'selectionchange' instead of 'click'
In order for the node change to be picked up both when you click on a node and
when you use the keyboard to navigate through the trees we have to listen for a
different event, the 'selectionchange' event of the tree's seleciton model

This commit closes #20
Daniel Martin Another feature request implemented f15537a
Commits on Jul 11, 2011
Daniel Martin Add some styling for JS-disabled browsers
The old <noscript> message was a bit dull. Give it some margin and add Dradis'
Daniel Martin Auto-focus the editor when showing the edit Window
After showing the window, always default to the editor (instead of presenting
the last tab that was active when the window was closed).

This commit closes feature request #14
Daniel Martin Another feature request implemented (#14) 73d021f
Commits on Jul 17, 2011
Daniel Martin Upload a Nikto sample file to test the plugin
See if we can figure out the best way to test the plugins and ensure they keep
working after every update.
Commits on Jul 21, 2011
Daniel Martin Add a named route to access the Wizard
This lets us use the wizard_path inside the views which will correctly detect
if we are running from a sub-folder behind apache (e.g. /dradis/wizard).

I have also updated the link to the Wizard in the login page.

This commit refs #5
Daniel Martin Make the Wizard layout location-independent
* Use the favicon_link_tag rails helper for the favicon.ico
* Use the image_path helper for every CSS background image
* Replace the hard-coded link to "/" with a link to root_path

This commit refs #5
Daniel Martin Replace hard-coded links in the Wizard tabstrip with wizard_path() li…
…nks. This commit refs #5
Daniel Martin Update the Wizard views to make them location-independent
Use rails helpers for image tags and hyperlinks across all views in the Wizard.

This commit refs #5
Daniel Martin Avoid the hard-coded "/" and use a route.
This commit refs #5
Daniel Martin Make the Ajax path relative so we can deploy to URIs
A bunch of widgets were still using absolute paths (mainly to /nodes/..) which
would break if we are running behind Apache under a folder (e.g. /dradis/nodes/..)

This commit closes #5
Daniel Martin Closing another bug 595de90
Daniel Martin Refresh the Gem cache after running bundle update 00b23d9
Commits on Jul 26, 2011
Daniel Martin New Metasploit controller
We are going to transform the Metasploit Import plugin into a Rails engine with
its own views and actions. This is the first step, two actions have been

* _index_ to render the main layout that will present all the info available in
the remote Metasploit instance.

* _hosts_ will use the Msf RPC client to pull hosts and services from the
remote Metasploit. At the moment it is just a skeleton.

The MetasploitController inherits from AuthenticatedController, a new helper
class that buffers plugins from the authentication implementation.
Daniel Martin New AuthenticatedController to require auth
This controller can be a handy one to inherit from if we are building
functionality that requires the user to be authenticated.

It isolates the code from the authentication implementation as we will be able
to change the details of the filter without the inheriting classes noticing.

Any third-party code (e.g. plugins) should inherit from this class instead of
calling the authentication filters directly.

It also sets the new default layout to whatever 'dradis3' will look like (at
the moment this is pretty much the clean layout of the Configuration and Upload
Daniel Martin The new standard layout for the HTML-based views
This will replace the separate Configuration and Upload manager layouts and
will hopefully evolve into what it will become the Dradis 3 look-and-feel.
Daniel Martin Layout helpers from the nifty-layout package
Useful for the new HTML-based views and layouts (Configuration Manager, Upload
Manager and 'dradis3')
Daniel Martin New Metasploit#index for the Msf Import Wizard
Presents the current configuration and instructions on how to start pulling
data from a remote Metasploit instance.

Data loading into the view will be done through Ajax and jQuery.
Daniel Martin Placeholder Metasploit#hosts JavaScript template
This jQuery code will be used to modify the Msf Wizard's interface with the
results pulled from the remote Metasploit instance.
Daniel Martin Keep the flash[] styles consistent throughout the pure HTML views 15a28be
Commits on Jul 27, 2011
Daniel Martin Merge branch 'master' of etdsoftgit:dradis/dradisframework ba1d891
Commits on Jul 29, 2011
Daniel Martin Replace absolute paths with relative paths
This will ensure that Dradis can be deployed to a subfolder (behind Apache).

This commit closes #30
Daniel Martin Two more instances of absolute URLs in the code
Convert two additional instances from absolute URLs to relative URLs.

This commit refs #30
Daniel Martin Use window.location.href instead of window.locaiton
This enables us to use relative paths. window.locaiton seems to use its value
as an absolute URL even if the value doesn't have a leading "/".

This commit closes #30.
Commits on Jul 30, 2011
Daniel Martin Merge branch 'master' into RB-2.7
Once again, we (I) screwed the git workflow by committing bug fixes and new
bits and pieces of functionality to 'master' instead of 'RB-2.7'. I started ok
but at some point decided that it wasn't worth it to keep committing to RB-2.7
because we would be releasing 2.8 pretty soon. Two months down the line, no
2.8 is in sight and bug fixes are piling. Time for a 2.7.2.

Instead of trying to cherry-pick the bug fixing bugs from the new features
(e.g. 'New notes' tab, Metasploit import wizard, etc.) I opted for merging the
master branch back to RB-2.7.

Hopefully this will be the last time this happens and we'll commit bug fixes to
the release branch in the future and merge them to master (and not the wrong
way around).
Daniel Martin Finally include the Gemfile.lock in the repo
It seems that it is the right thing to do for apps. It will also help to
prevent vendor/cache/ madness when moving from one branch to another.

Commits on Jul 31, 2011
Daniel Martin Refresh vendor/cache/ after a bundle update f319a4b
Daniel Martin Merge branch 'master' into RB-2.7 1a83150
Daniel Martin Bump version to 2.7.2 e8a9f87
Daniel Martin Update the What's new page with changes in 2.7.2 1e2405b
Commits on Aug 02, 2011
Daniel Martin We are releasing 2.7.2 today! 3b00ecc