kekkan 0.0.0 → 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,49 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ #Cool random banner stuff for the CLI, based on the Metasploit random banner concept
28
+
29
+ module Kekkan
30
+ module CLI
31
+ module Banner
32
+ Banners =
33
+ [
34
+ '
35
+ _ _ _
36
+ | | _____| | _| | ____ _ _ __
37
+ | |/ / _ \ |/ / |/ / _` | \'_ \
38
+ | < __/ <| < (_| | | | |
39
+ |_|\_\___|_|\_\_|\_\__,_|_| |_|
40
+
41
+ '
42
+ ]
43
+
44
+ def self.to_s
45
+ Banners[rand(Banners.length)]
46
+ end
47
+ end
48
+ end
49
+ end
@@ -0,0 +1,38 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ module Kekkan
28
+ module Models
29
+ end
30
+ end
31
+
32
+ require 'kekkan/models/version'
33
+ require 'kekkan/models/entry'
34
+ require 'kekkan/models/cvss'
35
+ require 'kekkan/models/reference'
36
+ require 'kekkan/models/vulnerablesoftwarelist'
37
+ require 'kekkan/models/assessmentcheck'
38
+ require 'kekkan/models/scanner'
@@ -0,0 +1,35 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ module Kekkan
28
+ module Models
29
+
30
+ # AssessmentChecks Model
31
+ class AssessmentChecks < ActiveRecord::Base
32
+ belongs_to :entry
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,35 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ module Kekkan
28
+ module Models
29
+
30
+ # Cvss Model
31
+ class Cvss < ActiveRecord::Base
32
+ belongs_to :entry
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,39 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ module Kekkan
28
+ module Models
29
+
30
+ #Entry Model
31
+ class Entry < ActiveRecord::Base
32
+ has_many :cvsses
33
+ has_many :references
34
+ has_many :vulnerable_software_lists
35
+ belongs_to :assessment_check
36
+ has_many :scanners
37
+ end
38
+ end
39
+ end
@@ -0,0 +1,35 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ module Kekkan
28
+ module Models
29
+
30
+ # Reference Model
31
+ class Reference < ActiveRecord::Base
32
+ belongs_to :entry
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,35 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ module Kekkan
28
+ module Models
29
+
30
+ # Scanner Model
31
+ class Scanner < ActiveRecord::Base
32
+ belongs_to :entry
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,34 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ module Kekkan
28
+ module Models
29
+
30
+ # Version Model
31
+ class Version < ActiveRecord::Base
32
+ end
33
+ end
34
+ end
@@ -0,0 +1,35 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ module Kekkan
28
+ module Models
29
+
30
+ # VulnerableSoftwareList Model
31
+ class VulnerableSoftwareList < ActiveRecord::Base
32
+ belongs_to :entry
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,32 @@
1
+ # Copyright (c) 2010-2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ module Kekkan
28
+ module Parsers
29
+ end
30
+ end
31
+
32
+ require 'kekkan/parsers/cve_2_sax_listener'
@@ -0,0 +1,182 @@
1
+ # Copyright (c) 2012 Arxopia LLC.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are met:
6
+ #
7
+ # * Redistributions of source code must retain the above copyright
8
+ # notice, this list of conditions and the following disclaimer.
9
+ # * Redistributions in binary form must reproduce the above copyright
10
+ # notice, this list of conditions and the following disclaimer in the
11
+ # documentation and/or other materials provided with the distribution.
12
+ # * Neither the name of the Arxopia LLC nor the names of its contributors
13
+ # may be used to endorse or promote products derived from this software
14
+ # without specific prior written permission.
15
+ #
16
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17
+ # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
+ # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19
+ # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
20
+ # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
22
+ # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24
+ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25
+ #OF THE POSSIBILITY OF SUCH DAMAGE.
26
+
27
+ ActiveRecord::Migration.verbose = false
28
+
29
+ module Kekkan
30
+ module Parsers
31
+ class Cve2Document < Nokogiri::XML::SAX::Document
32
+
33
+ # Sets up a array of all valid XML fields
34
+ def initialize
35
+ @vals = Hash.new
36
+
37
+ @valid_elements = Array[
38
+ "nvd", "vuln:cve-id", "vuln:published-datetime", "vuln:last-modified-datetime",
39
+ "cvss:score", "cvss:access-vector", "cvss:access-complexity", "cvss:authentication",
40
+ "cvss:confidentiality-impact", "cvss:integrity-impact", "cvss:availability-impact",
41
+ "cvss:source", "cvss:generated-on-datetime", "cvss:base_metrics", "vuln:cvss",
42
+ "vuln:summary", "vuln:reference", " vuln:source", "vuln:references", "vuln:source",
43
+ "entry", "vuln:vulnerable-software-list", "vuln:product", "vuln:cwe",
44
+ "vuln:security-protection", "vuln:assessment_check", "vuln:definition",
45
+ "vuln:scanner"
46
+ ]
47
+
48
+ @ignored_elements = Array[
49
+ "cpe-lang:logical-test", "vuln:vulnerable-configuration", "cpe-lang:fact-ref"
50
+ ]
51
+
52
+ @valid_elements = @valid_elements + @ignored_elements
53
+
54
+ end
55
+
56
+ # Callback for when the start of a XML element is reached
57
+ #
58
+ # @param element XML element
59
+ # @param attributes Attributes for the XML element
60
+ def start_element(element, attributes = [])
61
+ @tag = element
62
+ @vals[@tag] = ""
63
+
64
+ if !@valid_elements.include?(element)
65
+ puts "New XML element detected: #{element}. Please report this to #{Kekkan::EMAIL}"
66
+ end
67
+
68
+ case element
69
+ when "entry"
70
+ @entry = Kekkan::Models::Entry.create
71
+ @entry.save
72
+
73
+ when "vuln:cvss"
74
+ @cvss = @entry.cvsses.create
75
+ @cvss.save
76
+
77
+ when "vuln:cwe"
78
+ @entry.attributes = { :cwe => Hash[attributes]["id"] }
79
+ @entry.save
80
+
81
+ when "vuln:references"
82
+ @reference = @entry.references.create
83
+ @reference.attributes = {
84
+ :ref_type => Hash[attributes]["reference_type"]
85
+ }
86
+ @reference.save
87
+
88
+ when "vuln:reference"
89
+ @reference.attributes = {
90
+ :href => Hash[attributes]["href"],
91
+ :language => Hash[attributes]["xml:lang"]
92
+ }
93
+ @reference.save
94
+
95
+ when "vuln:assessment_check "
96
+ @ass = @entry.assessment_check.create
97
+ @ass.attributes = {
98
+ :name => Hash[attributes]["name"],
99
+ :href => Hash[attributes]["href"],
100
+ :system => Hash[attributes]["system"]
101
+ }
102
+ @entry.save
103
+
104
+ when "vuln:definition"
105
+ @scanner = @entry.scanners.create
106
+ @scanner.attributes = {
107
+ :name => Hash[attributes]["name"],
108
+ :href => Hash[attributes]["href"],
109
+ :system => Hash[attributes]["system"]
110
+ }
111
+ @scanner.save
112
+ end
113
+ end
114
+
115
+ # Called when the inner text of a element is reached
116
+ #
117
+ # @param text
118
+ def characters(text)
119
+ if @vals[@tag] == nil then
120
+ @vals[@tag] = text.strip
121
+ else
122
+ @vals[@tag] << text.strip
123
+ end
124
+ end
125
+
126
+ # Called when the end of the XML element is reached
127
+ #
128
+ # @param element
129
+ def end_element(element)
130
+ #puts "End element: #{element}"
131
+ @tag = nil
132
+ case element
133
+ when "vuln:cve-id"
134
+ @entry.attributes = { :cve => @vals["vuln:cve-id"] }
135
+ @entry.save
136
+
137
+ when "vuln:published-datetime"
138
+ @entry.attributes = { :published_datetime => @vals["vuln:published-datetime"] }
139
+ @entry.save
140
+
141
+ when "vuln:last-modified-datetime"
142
+ @entry.attributes = { :last_modified_datetime => @vals["vuln:last-modified-datetime"] }
143
+ @entry.save
144
+
145
+ when "vuln:summary"
146
+ @entry.attributes = { :summary => @vals["vuln:summary"] }
147
+ @entry.save
148
+
149
+ when "vuln:security-protection"
150
+ @entry.attributes = { :security_protection => @vals["vuln:security-protection"]}
151
+ @entry.save
152
+
153
+ when "vuln:product"
154
+ @product = @entry.vulnerable_software_lists.create
155
+ @product.attributes = { :product => @vals["vuln:product"] }
156
+ @product.save
157
+
158
+ when "vuln:cvss"
159
+ @cvss.attributes = {
160
+ :score => @vals["cvss:score"],
161
+ :access_vector => @vals["cvss:access-vector"],
162
+ :access_complexity => @vals["cvss:access-complexity"],
163
+ :authenication => @vals["cvss:authentication"],
164
+ :confidentiality_impact => @vals["cvss:confidentiality-impact"],
165
+ :integrity_impact => @vals["cvss:integrity-impact"],
166
+ :availability_impact => @vals["cvss:availability-impact"],
167
+ :source => @vals["cvss:source"],
168
+ :generated_on_datetime => @vals["cvss:generated-on-datetime"]
169
+ }
170
+ @cvss.save
171
+
172
+ when "vuln:references"
173
+ @reference.attributes = {
174
+ :source => @vals["vuln:source"],
175
+ :reference => @vals["vuln:reference"]
176
+ }
177
+ @reference.save
178
+ end
179
+ end
180
+ end
181
+ end
182
+ end