nessus 0.2.1.beta.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 76ac1f6c86cb0cbf049142847dbdf42cc5f8a1db
-  data.tar.gz: e652f5f7f4e1982e9b9b10c867b43cec6ecd3a47
+  metadata.gz: da26219bbf327395cb4829fff768192a636efa2d
+  data.tar.gz: 23dc3fe7971f3d72c5a4c1532404b20ab0c1dcf5
 SHA512:
-  metadata.gz: e15cbca29b8ae17f2d184abbd266abf11ff7fba756b4c9bd017f3cbdb30a408e5890ad4a080c8cd906ba84578e7eec3212fddf6025ea52aec1e1cdcf15ec897b
-  data.tar.gz: aba6f4c23faf598197bf79a2fca6467a7c00b2709715cc2809aec430d9a46efdd4b5997bf6ddd6f54ea960c610130195b4da5f47aba5ffa4a500f53b7d45002b
+  metadata.gz: 867e8736cebdb0d7935fd7253a5eb364d1b67d5a520d639846dca210b8aecc9cca2beb14f5f29b519507c798c22866dae16979a0e4230d572d2eb6a024e11928
+  data.tar.gz: 42cdc8218da8593041207b36f715564cd8ab2c575e9aabc8036a4b839f2a18826299b5e3c8af1e4ff7b66337a76d5e8c5e61e9f92f7642b49f8cc11aa84ec2b3

data/.gitignore

@@ -21,9 +21,9 @@
 
 # for a library or gem, you might want to ignore these files since the code is
 # intended to run in multiple environments; otherwise, check them in:
-# Gemfile.lock
-# .ruby-version
-# .ruby-gemset
+Gemfile.lock
+.ruby-version
+.ruby-gemset
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc

data/lib/nessus/client.rb

@@ -29,11 +29,16 @@ module Nessus
     attr_reader :connection
 
     # @param [String] host the base URL to use when connecting to the Nessus API
-    def initialize(host, login = nil, password = nil)
-      @verify_ssl = Nessus::Client.verify_ssl.nil? ? true : false
-      @connection = Faraday.new host, :ssl => { :verify => @verify_ssl }
+    def initialize(host, login = nil, password = nil, connection_options = {})
+      connection_options[:ssl] ||= {}
+      connection_options[:ssl][:verify] ||= Nessus::Client.verify_ssl.nil? || Nessus::Client.verify_ssl
+
+      @connection = Faraday.new host, connection_options
       @connection.headers[:user_agent] = "Nessus.rb v#{Nessus::VERSION}".freeze
 
+      # Allow passing a block to Faraday::Connection
+      yield @connection if block_given?
+
       authenticate(login, password) if login && password
     end
 
@@ -42,10 +47,13 @@ module Nessus
     # @param [String] login the username of the account to use for authentication
     # @param [String] password the password of the account to use for authentication
     def authenticate(login, password)
+      @login    = login
+      @password = password
+
       payload = {
         :login => login,
         :password => password,
-        :json => 1
+        :json => 1,
       }
       resp = connection.post '/login', payload
       resp = JSON.parse(resp.body)
@@ -63,7 +71,7 @@ module Nessus
     # @param [String] login the username of the account to use for authentication
     # @param [String] password the password of the account to use for authentication
     def logout
-      resp = post '/logout', :json => 1
+      resp = post '/logout'
 
       if resp['reply']['status'].eql? 'OK'
         if connection.headers[:cookie].include? 'token='
@@ -90,17 +98,28 @@ module Nessus
     # @param [Hash] params the query parameters to send with the request
     # @param [Hash] headers the headers to send along with the request
     def get(url, params = {}, headers = {})
+      retries ||= 0
+
       unless authenticated?
-        raise Nessus::Forbidden, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
+        fail Nessus::Unauthorized, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
       end
 
       params ||= {}
-      params[:json] ||= 1
+      params[:json] = 1
 
-      params  = connection.params.merge(params)
-      headers = connection.headers.merge(headers)
       resp    = connection.get url, params, headers
+      fail Nessus::Unauthorized if resp.status == 401
+      fail Nessus::Forbidden if resp.status == 403
+
       JSON.parse(resp.body)
+    rescue Nessus::Unauthorized, Nessus::Forbidden
+      if retries < 1
+        retries += 1
+        authenticate(@login, @password) if @login && @password
+        retry
+      else
+        raise Nessus::Forbidden, 'Unable to automatically reauthenticate'
+      end
     end
 
     # @param [String] url the URL/path to send a GET request using the
@@ -108,15 +127,28 @@ module Nessus
     # @param [Hash] payload the JSON body to send with the request
     # @param [Hash] headers the headers to send along with the request
     def post(url, payload = nil, headers = nil, &block)
+      retries ||= 0
+
       unless authenticated?
-        raise Nessus::Forbidden, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
+        fail Nessus::Unauthorized, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
       end
 
       payload ||= {}
-      payload[:json] ||= 1
+      payload[:json] = 1
 
       resp = connection.post(url, payload, headers, &block)
+      fail Nessus::Unauthorized if resp.status == 401
+      fail Nessus::Forbidden if resp.status == 403
+
       JSON.parse(resp.body)
+    rescue Nessus::Unauthorized, Nessus::Forbidden
+      if retries < 1
+        retries += 1
+        authenticate(@login, @password) if @login && @password
+        retry
+      else
+        raise Nessus::Forbidden, 'Unable to automatically reauthenticate'
+      end
     end
   end
 end

data/lib/nessus/client/file.rb

@@ -10,6 +10,14 @@ module Nessus
         resp = connection.get '/file/report/download', :report => uuid
         resp.body
       end
+
+      # GET /file/xslt/list
+      #
+      # @return [Array<Hash>] an object containing a list of XSLT transformations
+      def xslt_list
+        response = post '/file/xslt/list'
+        response['reply']['contents']
+      end
     end
   end
 end

data/lib/nessus/client/report.rb

@@ -10,14 +10,6 @@ module Nessus
         response['reply']['contents']['reports']['report']
       end
 
-      # GET /file/xslt/list
-      #
-      # @return [Array<Hash>] an object containing a list of XSLT transformations
-      def xslt_list
-        response = post '/file/xslt/list'
-        response['reply']['contents']
-      end
-
       # POST /report/delete
       #
       # @param [String] report unique identifier

data/lib/nessus/client/scan.rb

@@ -15,8 +15,7 @@ module Nessus
         payload = {
           :target => target,
           :policy_id => policy_id,
-          :scan_name => scan_name,
-          :json => 1
+          :scan_name => scan_name
         }
         payload[:seq] = seq if seq
         response = post '/scan/new', payload
@@ -78,8 +77,7 @@ module Nessus
         payload = {
           :template_name => template_name,
           :policy_id => policy_id,
-          :target => target,
-          :json => 1
+          :target => target
         }
         payload[:seq] = seq if seq
         payload[:startTime] = start_time if start_time

data/lib/nessus/error.rb

@@ -1,8 +1,10 @@
 module Nessus
   # @todo add more descriptive error classes
 
-  # 403
+  # HTTP error 401
+  Unauthorized = Class.new(StandardError)
+  # HTTP error 403
   Forbidden = Class.new(StandardError)
-  # *
+  # Catch all for HTTP errors
   UnknownError = Class.new(StandardError)
 end

data/lib/nessus/version.rb

@@ -1,4 +1,4 @@
 module Nessus
   # The version of the Nessus.rb library
-  VERSION = '0.2.1.beta.1'
+  VERSION = '0.3.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nessus
 version: !ruby/object:Gem::Version
-  version: 0.2.1.beta.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Erran Carey
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-24 00:00:00.000000000 Z
+date: 2014-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -91,7 +91,6 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - Gemfile
-- Gemfile.lock
 - LICENSE.md
 - README.md
 - Rakefile
@@ -112,7 +111,6 @@ files:
 - lib/nessus/client/uuid.rb
 - lib/nessus/error.rb
 - lib/nessus/version.rb
-- mjcarey@10.5.5.14
 - nessus.gemspec
 homepage: https://github.com/threatagent/nessus.rb
 licenses:
@@ -129,9 +127,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.2.0

data/Gemfile.lock

@@ -1,31 +0,0 @@
-PATH
-  remote: .
-  specs:
-    nessus (0.1.0.beta.18)
-      faraday
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    coderay (1.1.0)
-    faraday (0.8.9)
-      multipart-post (~> 1.2.0)
-    method_source (0.8.2)
-    multipart-post (1.2.0)
-    pry (0.9.12.3)
-      coderay (~> 1.0)
-      method_source (~> 0.8)
-      slop (~> 3.4)
-    rake (10.1.0)
-    slop (3.4.6)
-    yard (0.8.7.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.3)
-  nessus!
-  pry
-  rake
-  yard

data/mjcarey@10.5.5.14

@@ -1,227 +0,0 @@
-#
-# This file configures the New Relic Agent.  New Relic monitors
-# Ruby, Java, .NET, PHP, and Python applications with deep visibility and low overhead.
-# For more information, visit www.newrelic.com.
-#
-# Generated January 09, 2014
-#
-# This configuration file is custom generated for Me_270
-
-
-# Here are the settings that are common to all environments
-common: &default_settings
-  # ============================== LICENSE KEY ===============================
-
-  # You must specify the license key associated with your New Relic
-  # account.  This key binds your Agent's data to your account in the
-  # New Relic service.
-  license_key: '06522801ff9ca5c1881e5494d76639ec2932adac'
-
-  # Agent Enabled (Ruby/Rails Only)
-  # Use this setting to force the agent to run or not run.
-  # Default is 'auto' which means the agent will install and run only
-  # if a valid dispatcher such as Mongrel is running.  This prevents
-  # it from running with Rake or the console.  Set to false to
-  # completely turn the agent off regardless of the other settings.
-  # Valid values are true, false and auto.
-  #
-  # agent_enabled: auto
-
-  # Application Name Set this to be the name of your application as
-  # you'd like it show up in New Relic. The service will then auto-map
-  # instances of your application into an "application" on your
-  # dashboard page. If you want to map this instance into multiple
-  # apps, like "AJAX Requests" and "All UI" then specify a semicolon
-  # separated list of up to three distinct names, or a yaml list.
-  # Defaults to the capitalized RAILS_ENV or RACK_ENV (i.e.,
-  # Production, Staging, etc)
-  #
-  # Example:
-  #
-  #   app_name:
-  #       - Ajax Service
-  #       - All Services
-  #
-  app_name: My Application
-
-  # When "true", the agent collects performance data about your
-  # application and reports this data to the New Relic service at
-  # newrelic.com. This global switch is normally overridden for each
-  # environment below. (formerly called 'enabled')
-  monitor_mode: true
-
-  # Developer mode should be off in every environment but
-  # development as it has very high overhead in memory.
-  developer_mode: false
-
-  # The newrelic agent generates its own log file to keep its logging
-  # information separate from that of your application. Specify its
-  # log level here.
-  log_level: info
-
-  # Optionally set the path to the log file This is expanded from the
-  # root directory (may be relative or absolute, e.g. 'log/' or
-  # '/var/log/') The agent will attempt to create this directory if it
-  # does not exist.
-  # log_file_path: 'log'
-
-  # Optionally set the name of the log file, defaults to 'newrelic_agent.log'
-  # log_file_name: 'newrelic_agent.log'
-
-  # The newrelic agent communicates with the service via https by default.  This
-  # prevents eavesdropping on the performance metrics transmitted by the agent.
-  # The encryption required by SSL introduces a nominal amount of CPU overhead,
-  # which is performed asynchronously in a background thread.  If you'd prefer
-  # to send your metrics over http uncomment the following line.
-  # ssl: false
-
-  #============================== Browser Monitoring ===============================
-  # New Relic Real User Monitoring gives you insight into the performance real users are
-  # experiencing with your website. This is accomplished by measuring the time it takes for
-  # your users' browsers to download and render your web pages by injecting a small amount
-  # of JavaScript code into the header and footer of each page.
-  browser_monitoring:
-      # By default the agent automatically injects the monitoring JavaScript
-      # into web pages. Set this attribute to false to turn off this behavior.
-      auto_instrument: true
-
-  # Proxy settings for connecting to the New Relic server.
-  #
-  # If a proxy is used, the host setting is required.  Other settings
-  # are optional. Default port is 8080.
-  #
-  # proxy_host: hostname
-  # proxy_port: 8080
-  # proxy_user:
-  # proxy_pass:
-
-  # The agent can optionally log all data it sends to New Relic servers to a
-  # separate log file for human inspection and auditing purposes. To enable this
-  # feature, change 'enabled' below to true.
-  # See: https://newrelic.com/docs/ruby/audit-log
-  audit_log:
-    enabled: false
-
-  # Tells transaction tracer and error collector (when enabled)
-  # whether or not to capture HTTP params.  When true, frameworks can
-  # exclude HTTP parameters from being captured.
-  # Rails: the RoR filter_parameter_logging excludes parameters
-  # Java: create a config setting called "ignored_params" and set it to
-  #     a comma separated list of HTTP parameter names.
-  #     ex: ignored_params: credit_card, ssn, password
-  capture_params: false
-
-  # Transaction tracer captures deep information about slow
-  # transactions and sends this to the New Relic service once a
-  # minute. Included in the transaction is the exact call sequence of
-  # the transactions including any SQL statements issued.
-  transaction_tracer:
-
-    # Transaction tracer is enabled by default. Set this to false to
-    # turn it off. This feature is only available at the Professional
-    # and above product levels.
-    enabled: true
-
-    # Threshold in seconds for when to collect a transaction
-    # trace. When the response time of a controller action exceeds
-    # this threshold, a transaction trace will be recorded and sent to
-    # New Relic. Valid values are any float value, or (default) "apdex_f",
-    # which will use the threshold for an dissatisfying Apdex
-    # controller action - four times the Apdex T value.
-    transaction_threshold: apdex_f
-
-    # When transaction tracer is on, SQL statements can optionally be
-    # recorded. The recorder has three modes, "off" which sends no
-    # SQL, "raw" which sends the SQL statement in its original form,
-    # and "obfuscated", which strips out numeric and string literals.
-    record_sql: obfuscated
-
-    # Threshold in seconds for when to collect stack trace for a SQL
-    # call. In other words, when SQL statements exceed this threshold,
-    # then capture and send to New Relic the current stack trace. This is
-    # helpful for pinpointing where long SQL calls originate from.
-    stack_trace_threshold: 0.500
-
-    # Determines whether the agent will capture query plans for slow
-    # SQL queries.  Only supported in mysql and postgres.  Should be
-    # set to false when using other adapters.
-    # explain_enabled: true
-
-    # Threshold for query execution time below which query plans will
-    # not be captured.  Relevant only when `explain_enabled` is true.
-    # explain_threshold: 0.5
-
-  # Error collector captures information about uncaught exceptions and
-  # sends them to New Relic for viewing
-  error_collector:
-
-    # Error collector is enabled by default. Set this to false to turn
-    # it off. This feature is only available at the Professional and above
-    # product levels.
-    enabled: true
-
-    # Rails Only - tells error collector whether or not to capture a
-    # source snippet around the place of the error when errors are View
-    # related.
-    capture_source: true
-
-    # To stop specific errors from reporting to New Relic, set this property
-    # to comma-separated values.  Default is to ignore routing errors,
-    # which are how 404's get triggered.
-    ignore_errors: "ActionController::RoutingError,Sinatra::NotFound"
-
-  # If you're interested in capturing memcache keys as though they
-  # were SQL uncomment this flag. Note that this does increase
-  # overhead slightly on every memcached call, and can have security
-  # implications if your memcached keys are sensitive
-  # capture_memcache_keys: true
-
-# Application Environments
-# ------------------------------------------
-# Environment-specific settings are in this section.
-# For Rails applications, RAILS_ENV is used to determine the environment.
-# For Java applications, pass -Dnewrelic.environment <environment> to set
-# the environment.
-
-# NOTE if your application has other named environments, you should
-# provide newrelic configuration settings for these environments here.
-
-development:
-  <<: *default_settings
-  # Turn off communication to New Relic service in development mode (also
-  # 'enabled').
-  # NOTE: for initial evaluation purposes, you may want to temporarily
-  # turn the agent on in development mode.
-  monitor_mode: false
-
-  # Rails Only - when running in Developer Mode, the New Relic Agent will
-  # present performance information on the last 100 transactions you have
-  # executed since starting the mongrel.
-  # NOTE: There is substantial overhead when running in developer mode.
-  # Do not use for production or load testing.
-  developer_mode: true
-
-  # Enable textmate links
-  # textmate: true
-
-test:
-  <<: *default_settings
-  # It almost never makes sense to turn on the agent when running
-  # unit, functional or integration tests or the like.
-  monitor_mode: false
-
-# Turn on the agent in production for 24x7 monitoring. NewRelic
-# testing shows an average performance impact of < 5 ms per
-# transaction, you can leave this on all the time without
-# incurring any user-visible performance degradation.
-production:
-  <<: *default_settings
-  monitor_mode: true
-
-# Many applications have a staging environment which behaves
-# identically to production. Support for that environment is provided
-# here.  By default, the staging environment has the agent turned on.
-staging:
-  <<: *default_settings
-  monitor_mode: true
-  # app_name: My Application (Staging)