nessus 0.1.0.beta.18 → 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 692b0f574b6c3eeccfc352fde2a9e087d0471399
+  data.tar.gz: a284de51173600bc5932275e09946318c42bb7eb
+SHA512:
+  metadata.gz: 8a49a00b597d2c1212b8f3e2a9abfb7d9d574eb709ff37384ff79461a9acb083c08043c98fad83fc7b99853e2d7527ef96731d2461a27db035f77543cb82a915
+  data.tar.gz: f676e3b92942e49d6b912df040845bca07f638e9f791695c6aa29606acadaf1b3216df5d98ff6b21235cbbd2b10ec795ae13db2fd37c86441ca3b95dbb25a788

data/lib/nessus/client.rb

@@ -29,11 +29,16 @@ module Nessus
     attr_reader :connection
 
     # @param [String] host the base URL to use when connecting to the Nessus API
-    def initialize(host, login = nil, password = nil)
-      @verify_ssl = Nessus::Client.verify_ssl.nil? ? true : false
-      @connection = Faraday.new host, :ssl => { :verify => @verify_ssl }
+    def initialize(host, login = nil, password = nil, connection_options = {})
+      connection_options[:ssl] ||= {}
+      connection_options[:ssl][:verify] ||= Nessus::Client.verify_ssl.nil? || Nessus::Client.verify_ssl
+
+      @connection = Faraday.new host, connection_options
       @connection.headers[:user_agent] = "Nessus.rb v#{Nessus::VERSION}".freeze
 
+      # Allow passing a block to Faraday::Connection
+      yield @connection if block_given?
+
       authenticate(login, password) if login && password
     end
 
@@ -42,12 +47,14 @@ module Nessus
     # @param [String] login the username of the account to use for authentication
     # @param [String] password the password of the account to use for authentication
     def authenticate(login, password)
+      @login    = login
+      @password = password
+
       payload = {
         :login => login,
-        :password => password,
-        :json => 1
+        :password => password
       }
-      resp = connection.post '/login', payload
+      resp = post '/login', payload
       resp = JSON.parse(resp.body)
 
       if resp['reply']['status'].eql? 'OK'
@@ -63,7 +70,7 @@ module Nessus
     # @param [String] login the username of the account to use for authentication
     # @param [String] password the password of the account to use for authentication
     def logout
-      resp = post '/logout', :json => 1
+      resp = post '/logout'
 
       if resp['reply']['status'].eql? 'OK'
         if connection.headers[:cookie].include? 'token='
@@ -90,17 +97,28 @@ module Nessus
     # @param [Hash] params the query parameters to send with the request
     # @param [Hash] headers the headers to send along with the request
     def get(url, params = {}, headers = {})
+      retries ||= 0
+
       unless authenticated?
-        raise Nessus::Forbidden, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
+        fail Nessus::Unauthorized, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
       end
 
       params ||= {}
-      params[:json] ||= 1
+      params[:json] = 1
 
-      params  = connection.params.merge(params)
-      headers = connection.headers.merge(headers)
       resp    = connection.get url, params, headers
+      fail Nessus::Unauthorized if resp.status == 401
+      fail Nessus::Forbidden if resp.status == 403
+
       JSON.parse(resp.body)
+    rescue Nessus::Unauthorized, Nessus::Forbidden
+      if retries < 1
+        retries += 1
+        authenticate(@login, @password) if @login && @password
+        retry
+      else
+        raise Nessus::Forbidden, 'Unable to automatically reauthenticate'
+      end
     end
 
     # @param [String] url the URL/path to send a GET request using the
@@ -108,15 +126,28 @@ module Nessus
     # @param [Hash] payload the JSON body to send with the request
     # @param [Hash] headers the headers to send along with the request
     def post(url, payload = nil, headers = nil, &block)
+      retries ||= 0
+
       unless authenticated?
-        raise Nessus::Forbidden, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
+        fail Nessus::Unauthorized, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
       end
 
       payload ||= {}
-      payload[:json] ||= 1
+      payload[:json] = 1
 
       resp = connection.post(url, payload, headers, &block)
+      fail Nessus::Unauthorized if resp.status == 401
+      fail Nessus::Forbidden if resp.status == 403
+
       JSON.parse(resp.body)
+    rescue Nessus::Unauthorized, Nessus::Forbidden
+      if retries < 1
+        retries += 1
+        authenticate(@login, @password) if @login && @password
+        retry
+      else
+        raise Nessus::Forbidden, 'Unable to automatically reauthenticate'
+      end
     end
   end
 end

data/lib/nessus/client/file.rb

@@ -10,6 +10,14 @@ module Nessus
         resp = connection.get '/file/report/download', :report => uuid
         resp.body
       end
+
+      # GET /file/xslt/list
+      #
+      # @return [Array<Hash>] an object containing a list of XSLT transformations
+      def xslt_list
+        response = post '/file/xslt/list'
+        response['reply']['contents']
+      end
     end
   end
 end

data/lib/nessus/client/report.rb

@@ -10,14 +10,6 @@ module Nessus
         response['reply']['contents']['reports']['report']
       end
 
-      # GET /file/xslt/list
-      #
-      # @return [Array<Hash>] an object containing a list of XSLT transformations
-      def xslt_list
-        response = post '/file/xslt/list'
-        response['reply']['contents']
-      end
-
       # POST /report/delete
       #
       # @param [String] report unique identifier

data/lib/nessus/client/scan.rb

@@ -15,8 +15,7 @@ module Nessus
         payload = {
           :target => target,
           :policy_id => policy_id,
-          :scan_name => scan_name,
-          :json => 1
+          :scan_name => scan_name
         }
         payload[:seq] = seq if seq
         response = post '/scan/new', payload
@@ -78,8 +77,7 @@ module Nessus
         payload = {
           :template_name => template_name,
           :policy_id => policy_id,
-          :target => target,
-          :json => 1
+          :target => target
         }
         payload[:seq] = seq if seq
         payload[:startTime] = start_time if start_time

data/lib/nessus/error.rb

@@ -1,8 +1,10 @@
 module Nessus
   # @todo add more descriptive error classes
 
-  # 403
+  # HTTP error 401
+  Unauthorized = Class.new(StandardError)
+  # HTTP error 403
   Forbidden = Class.new(StandardError)
-  # *
+  # Catch all for HTTP errors
   UnknownError = Class.new(StandardError)
 end

data/lib/nessus/version.rb

@@ -1,4 +1,4 @@
 module Nessus
   # The version of the Nessus.rb library
-  VERSION = '0.1.0.beta.18'
+  VERSION = '0.1.0'
 end

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nessus
 version: !ruby/object:Gem::Version
-  version: 0.1.0.beta.18
-  prerelease: 6
+  version: 0.1.0
 platform: ruby
 authors:
 - Erran Carey
@@ -10,86 +9,76 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-10 00:00:00.000000000 Z
+date: 2014-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: A Ruby client for the Nessus 5.x JSON REST API
@@ -100,7 +89,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - Gemfile
 - Gemfile.lock
 - LICENSE.md
@@ -123,32 +112,30 @@ files:
 - lib/nessus/client/uuid.rb
 - lib/nessus/error.rb
 - lib/nessus/version.rb
-- mjcarey@10.5.5.14
 - nessus.gemspec
 homepage: https://github.com/threatagent/nessus.rb
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>'
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.2.0
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A Ruby client for the Nessus 5.x JSON REST API. UPDATE_ME
 test_files: []
 has_rdoc: 

data/mjcarey@10.5.5.14

@@ -1,227 +0,0 @@
-#
-# This file configures the New Relic Agent.  New Relic monitors
-# Ruby, Java, .NET, PHP, and Python applications with deep visibility and low overhead.
-# For more information, visit www.newrelic.com.
-#
-# Generated January 09, 2014
-#
-# This configuration file is custom generated for Me_270
-
-
-# Here are the settings that are common to all environments
-common: &default_settings
-  # ============================== LICENSE KEY ===============================
-
-  # You must specify the license key associated with your New Relic
-  # account.  This key binds your Agent's data to your account in the
-  # New Relic service.
-  license_key: '06522801ff9ca5c1881e5494d76639ec2932adac'
-
-  # Agent Enabled (Ruby/Rails Only)
-  # Use this setting to force the agent to run or not run.
-  # Default is 'auto' which means the agent will install and run only
-  # if a valid dispatcher such as Mongrel is running.  This prevents
-  # it from running with Rake or the console.  Set to false to
-  # completely turn the agent off regardless of the other settings.
-  # Valid values are true, false and auto.
-  #
-  # agent_enabled: auto
-
-  # Application Name Set this to be the name of your application as
-  # you'd like it show up in New Relic. The service will then auto-map
-  # instances of your application into an "application" on your
-  # dashboard page. If you want to map this instance into multiple
-  # apps, like "AJAX Requests" and "All UI" then specify a semicolon
-  # separated list of up to three distinct names, or a yaml list.
-  # Defaults to the capitalized RAILS_ENV or RACK_ENV (i.e.,
-  # Production, Staging, etc)
-  #
-  # Example:
-  #
-  #   app_name:
-  #       - Ajax Service
-  #       - All Services
-  #
-  app_name: My Application
-
-  # When "true", the agent collects performance data about your
-  # application and reports this data to the New Relic service at
-  # newrelic.com. This global switch is normally overridden for each
-  # environment below. (formerly called 'enabled')
-  monitor_mode: true
-
-  # Developer mode should be off in every environment but
-  # development as it has very high overhead in memory.
-  developer_mode: false
-
-  # The newrelic agent generates its own log file to keep its logging
-  # information separate from that of your application. Specify its
-  # log level here.
-  log_level: info
-
-  # Optionally set the path to the log file This is expanded from the
-  # root directory (may be relative or absolute, e.g. 'log/' or
-  # '/var/log/') The agent will attempt to create this directory if it
-  # does not exist.
-  # log_file_path: 'log'
-
-  # Optionally set the name of the log file, defaults to 'newrelic_agent.log'
-  # log_file_name: 'newrelic_agent.log'
-
-  # The newrelic agent communicates with the service via https by default.  This
-  # prevents eavesdropping on the performance metrics transmitted by the agent.
-  # The encryption required by SSL introduces a nominal amount of CPU overhead,
-  # which is performed asynchronously in a background thread.  If you'd prefer
-  # to send your metrics over http uncomment the following line.
-  # ssl: false
-
-  #============================== Browser Monitoring ===============================
-  # New Relic Real User Monitoring gives you insight into the performance real users are
-  # experiencing with your website. This is accomplished by measuring the time it takes for
-  # your users' browsers to download and render your web pages by injecting a small amount
-  # of JavaScript code into the header and footer of each page.
-  browser_monitoring:
-      # By default the agent automatically injects the monitoring JavaScript
-      # into web pages. Set this attribute to false to turn off this behavior.
-      auto_instrument: true
-
-  # Proxy settings for connecting to the New Relic server.
-  #
-  # If a proxy is used, the host setting is required.  Other settings
-  # are optional. Default port is 8080.
-  #
-  # proxy_host: hostname
-  # proxy_port: 8080
-  # proxy_user:
-  # proxy_pass:
-
-  # The agent can optionally log all data it sends to New Relic servers to a
-  # separate log file for human inspection and auditing purposes. To enable this
-  # feature, change 'enabled' below to true.
-  # See: https://newrelic.com/docs/ruby/audit-log
-  audit_log:
-    enabled: false
-
-  # Tells transaction tracer and error collector (when enabled)
-  # whether or not to capture HTTP params.  When true, frameworks can
-  # exclude HTTP parameters from being captured.
-  # Rails: the RoR filter_parameter_logging excludes parameters
-  # Java: create a config setting called "ignored_params" and set it to
-  #     a comma separated list of HTTP parameter names.
-  #     ex: ignored_params: credit_card, ssn, password
-  capture_params: false
-
-  # Transaction tracer captures deep information about slow
-  # transactions and sends this to the New Relic service once a
-  # minute. Included in the transaction is the exact call sequence of
-  # the transactions including any SQL statements issued.
-  transaction_tracer:
-
-    # Transaction tracer is enabled by default. Set this to false to
-    # turn it off. This feature is only available at the Professional
-    # and above product levels.
-    enabled: true
-
-    # Threshold in seconds for when to collect a transaction
-    # trace. When the response time of a controller action exceeds
-    # this threshold, a transaction trace will be recorded and sent to
-    # New Relic. Valid values are any float value, or (default) "apdex_f",
-    # which will use the threshold for an dissatisfying Apdex
-    # controller action - four times the Apdex T value.
-    transaction_threshold: apdex_f
-
-    # When transaction tracer is on, SQL statements can optionally be
-    # recorded. The recorder has three modes, "off" which sends no
-    # SQL, "raw" which sends the SQL statement in its original form,
-    # and "obfuscated", which strips out numeric and string literals.
-    record_sql: obfuscated
-
-    # Threshold in seconds for when to collect stack trace for a SQL
-    # call. In other words, when SQL statements exceed this threshold,
-    # then capture and send to New Relic the current stack trace. This is
-    # helpful for pinpointing where long SQL calls originate from.
-    stack_trace_threshold: 0.500
-
-    # Determines whether the agent will capture query plans for slow
-    # SQL queries.  Only supported in mysql and postgres.  Should be
-    # set to false when using other adapters.
-    # explain_enabled: true
-
-    # Threshold for query execution time below which query plans will
-    # not be captured.  Relevant only when `explain_enabled` is true.
-    # explain_threshold: 0.5
-
-  # Error collector captures information about uncaught exceptions and
-  # sends them to New Relic for viewing
-  error_collector:
-
-    # Error collector is enabled by default. Set this to false to turn
-    # it off. This feature is only available at the Professional and above
-    # product levels.
-    enabled: true
-
-    # Rails Only - tells error collector whether or not to capture a
-    # source snippet around the place of the error when errors are View
-    # related.
-    capture_source: true
-
-    # To stop specific errors from reporting to New Relic, set this property
-    # to comma-separated values.  Default is to ignore routing errors,
-    # which are how 404's get triggered.
-    ignore_errors: "ActionController::RoutingError,Sinatra::NotFound"
-
-  # If you're interested in capturing memcache keys as though they
-  # were SQL uncomment this flag. Note that this does increase
-  # overhead slightly on every memcached call, and can have security
-  # implications if your memcached keys are sensitive
-  # capture_memcache_keys: true
-
-# Application Environments
-# ------------------------------------------
-# Environment-specific settings are in this section.
-# For Rails applications, RAILS_ENV is used to determine the environment.
-# For Java applications, pass -Dnewrelic.environment <environment> to set
-# the environment.
-
-# NOTE if your application has other named environments, you should
-# provide newrelic configuration settings for these environments here.
-
-development:
-  <<: *default_settings
-  # Turn off communication to New Relic service in development mode (also
-  # 'enabled').
-  # NOTE: for initial evaluation purposes, you may want to temporarily
-  # turn the agent on in development mode.
-  monitor_mode: false
-
-  # Rails Only - when running in Developer Mode, the New Relic Agent will
-  # present performance information on the last 100 transactions you have
-  # executed since starting the mongrel.
-  # NOTE: There is substantial overhead when running in developer mode.
-  # Do not use for production or load testing.
-  developer_mode: true
-
-  # Enable textmate links
-  # textmate: true
-
-test:
-  <<: *default_settings
-  # It almost never makes sense to turn on the agent when running
-  # unit, functional or integration tests or the like.
-  monitor_mode: false
-
-# Turn on the agent in production for 24x7 monitoring. NewRelic
-# testing shows an average performance impact of < 5 ms per
-# transaction, you can leave this on all the time without
-# incurring any user-visible performance degradation.
-production:
-  <<: *default_settings
-  monitor_mode: true
-
-# Many applications have a staging environment which behaves
-# identically to production. Support for that environment is provided
-# here.  By default, the staging environment has the agent turned on.
-staging:
-  <<: *default_settings
-  monitor_mode: true
-  # app_name: My Application (Staging)