NexposeRunner 0.0.8 → 0.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/NexposeRunner/version.rb +1 -1
- data/lib/nexpose-runner/constants.rb +8 -1
- data/lib/nexpose-runner/scan.rb +7 -4
- data/spec/scan_spec.rb +18 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 13adebf5deaf318e68db7a8965cd1aaddbe75003
|
|
4
|
+
data.tar.gz: 44ccda32d83f9aa9064fb26f63072935033b0812
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a98f08b066853cc72dac0b4378b0ab6a8dba85f70896528a6c338069822424b23dd4165a5beabbbc0e3fe22f735447abbbe8ff82414e6ee8d757db0eecc27457
|
|
7
|
+
data.tar.gz: 888df0a298044649828885df63b90c7596b2c853bb5f7a45ab520af376d9e03ca8d3c277c00c11d85ec142a7f99b1d6b412920c1490504f383aae8d33d3ae206
|
|
@@ -10,7 +10,14 @@ module CONSTANTS
|
|
|
10
10
|
VULNERABILITY_REPORT_NAME = 'nexpose-vulnerability-report.csv'
|
|
11
11
|
SOFTWARE_REPORT_NAME = 'nexpose-software-report.csv'
|
|
12
12
|
POLICY_REPORT_NAME = 'nexpose-policy-report.csv'
|
|
13
|
-
|
|
13
|
+
|
|
14
|
+
AUDIT_REPORT_FILE_NAME = 'nexpose-audit-report.html'
|
|
15
|
+
AUDIT_REPORT_NAME = 'audit-report'
|
|
16
|
+
AUDIT_REPORT_FORMAT = 'html'
|
|
17
|
+
|
|
18
|
+
XML_REPORT_FILE_NAME = 'nexpose-xml-report.xml'
|
|
19
|
+
XML_REPORT_NAME = 'audit-report'
|
|
20
|
+
XML_REPORT_FORMAT = 'raw-xml'
|
|
14
21
|
|
|
15
22
|
VULNERABILITY_REPORT_QUERY = 'SELECT DISTINCT
|
|
16
23
|
ip_address,
|
data/lib/nexpose-runner/scan.rb
CHANGED
|
@@ -36,7 +36,10 @@ module NexposeRunner
|
|
|
36
36
|
generate_csv(policies, CONSTANTS::POLICY_REPORT_NAME)
|
|
37
37
|
|
|
38
38
|
puts "Scan complete for #{run_details.site_name}, Generating Audit Report"
|
|
39
|
-
|
|
39
|
+
generate_template_report(nsc, site.id, CONSTANTS::AUDIT_REPORT_FILE_NAME, CONSTANTS::AUDIT_REPORT_NAME, CONSTANTS::AUDIT_REPORT_FORMAT)
|
|
40
|
+
|
|
41
|
+
puts "Scan complete for #{run_details.site_name}, Generating Xml Report"
|
|
42
|
+
generate_template_report(nsc, site.id, CONSTANTS::XML_REPORT_FILE_NAME, CONSTANTS::XML_REPORT_NAME, CONSTANTS::XML_REPORT_FORMAT)
|
|
40
43
|
|
|
41
44
|
[vulnerbilities, software, policies]
|
|
42
45
|
end
|
|
@@ -90,10 +93,10 @@ module NexposeRunner
|
|
|
90
93
|
CSV.parse(report_output.chomp, {:headers => :first_row})
|
|
91
94
|
end
|
|
92
95
|
|
|
93
|
-
def self.
|
|
94
|
-
adhoc = Nexpose::AdhocReportConfig.new(
|
|
96
|
+
def self.generate_template_report(nsc, site, file_name, report_name, report_format)
|
|
97
|
+
adhoc = Nexpose::AdhocReportConfig.new(report_name, report_format, site)
|
|
95
98
|
data = adhoc.generate(nsc)
|
|
96
|
-
File.open(
|
|
99
|
+
File.open(file_name, 'w') { |file| file.write(data) }
|
|
97
100
|
end
|
|
98
101
|
|
|
99
102
|
def self.generate_csv(csv_output, name)
|
data/spec/scan_spec.rb
CHANGED
|
@@ -209,7 +209,7 @@ describe 'nexpose-runner' do
|
|
|
209
209
|
|
|
210
210
|
describe 'it should create reports' do
|
|
211
211
|
it 'should generate, download, and parse an adhoc reports for Vulnerability, Software, and Policies' do
|
|
212
|
-
|
|
212
|
+
expect(Nexpose::AdhocReportConfig).to receive(:new)
|
|
213
213
|
.with(nil, 'sql')
|
|
214
214
|
.and_return(@mock_report)
|
|
215
215
|
|
|
@@ -217,6 +217,17 @@ describe 'nexpose-runner' do
|
|
|
217
217
|
expect_report_to_be_called_with(CONSTANTS::SOFTWARE_REPORT_NAME, CONSTANTS::SOFTWARE_REPORT_QUERY, @mock_software_report)
|
|
218
218
|
expect_report_to_be_called_with(CONSTANTS::POLICY_REPORT_NAME, CONSTANTS::POLICY_REPORT_QUERY, @mock_policy_report)
|
|
219
219
|
|
|
220
|
+
expect(Nexpose::AdhocReportConfig).to receive(:new)
|
|
221
|
+
.with(CONSTANTS::AUDIT_REPORT_NAME, CONSTANTS::AUDIT_REPORT_FORMAT, @mock_site_id)
|
|
222
|
+
.and_return(@mock_report)
|
|
223
|
+
|
|
224
|
+
expect(Nexpose::AdhocReportConfig).to receive(:new)
|
|
225
|
+
.with(CONSTANTS::XML_REPORT_NAME, CONSTANTS::XML_REPORT_FORMAT, @mock_site_id)
|
|
226
|
+
.and_return(@mock_report)
|
|
227
|
+
|
|
228
|
+
expect_template_report_to_be_called_with(CONSTANTS::AUDIT_REPORT_FILE_NAME)
|
|
229
|
+
expect_template_report_to_be_called_with(CONSTANTS::XML_REPORT_FILE_NAME)
|
|
230
|
+
|
|
220
231
|
expect {
|
|
221
232
|
NexposeRunner::Scan.start(@options)
|
|
222
233
|
}.to raise_error(StandardError, CONSTANTS::VULNERABILITY_FOUND_MESSAGE)
|
|
@@ -252,6 +263,11 @@ def expect_report_to_be_called_with(report_name, report_query, report_response)
|
|
|
252
263
|
expect(CSV).to receive(:open).with(report_name, 'w').ordered
|
|
253
264
|
end
|
|
254
265
|
|
|
266
|
+
def expect_template_report_to_be_called_with(report_file_name)
|
|
267
|
+
expect(@mock_report).to receive(:generate).with(@mock_nexpose_client).ordered
|
|
268
|
+
expect(File).to receive(:open).with(report_file_name, 'w').ordered
|
|
269
|
+
end
|
|
270
|
+
|
|
255
271
|
def get_mock_nexpose_client
|
|
256
272
|
mock_nexpose_client = double(Nexpose::Connection)
|
|
257
273
|
|
|
@@ -333,6 +349,7 @@ def get_mock_report
|
|
|
333
349
|
.and_return(mock_report)
|
|
334
350
|
|
|
335
351
|
allow(CSV).to receive(:open).with(any_args)
|
|
352
|
+
allow(File).to receive(:open).with(any_args)
|
|
336
353
|
|
|
337
354
|
mock_report
|
|
338
355
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: NexposeRunner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nathan Gibson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-01-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nexpose
|