nexpose 0.1.8 → 0.1.9

data/lib/nexpose.rb

@@ -75,31 +75,10 @@ require 'nexpose/group'
 
 module Nexpose
 
-  # TODO add
-  def self.site_device_scan(connection, site_id, device_array, host_array, debug = false)
-
-    request_xml = '<SiteDevicesScanRequest session-id="' + connection.session_id.to_s + '" site-id="' + site_id.to_s + '">'
-    request_xml += '<Devices>'
-    device_array.each do |d|
-      request_xml += '<device id="' + d.to_s + '"/>'
-    end
-    request_xml += '</Devices>'
-    request_xml += '<Hosts>'
-    # The host array can only by single IP addresses for now. TODO: Expand to full API Spec.
-    host_array.each do |h|
-      request_xml += '<range from="' + h.to_s + '"/>'
-    end
-    request_xml += '</Hosts>'
-    request_xml += '</SiteDevicesScanRequest>'
-
-    r = connection.execute(request_xml)
-    r.success ? {:engine_id => r.attributes['engine_id'], :scan_id => r.attributes['scan-id']} : nil
-  end
-
   # ==== Description
   # Echos the last XML API request and response for the specified object.  (Useful for debugging)
-  def self.printXML(object)
-    puts "request" + object.request_xml.to_s
-    puts "response is " + object.response_xml.to_s
+  def self.print_xml(object)
+    puts 'request: ' + object.request_xml.to_s
+    puts 'response: ' + object.response_xml.to_s
   end
 end

data/lib/nexpose/common.rb

@@ -39,8 +39,8 @@ module Nexpose
     def initialize(to_all_authorized, send_to_owner_as, send_to_acl_as, send_as)
       @to_all_authorized = to_all_authorized
       @send_to_owner_as = send_to_owner_as
-      @send_to_acl_as = send_to_acl_as 
-      @send_as = send_as 
+      @send_to_acl_as = send_to_acl_as
+      @send_as = send_as
 
       @recipients = []
     end

data/lib/nexpose/connection.rb

@@ -105,7 +105,7 @@ module Nexpose
       http.use_ssl = true
       http.verify_mode = OpenSSL::SSL::VERIFY_NONE # XXX: security issue
       headers = {'Cookie' => "nexposeCCSessionID=#{@session_id}"}
-      resp = http.get(uri.path, headers)
+      resp = http.get(uri.to_s, headers)
 
       if file_name
         File.open(file_name, 'w') { |file| file.write(resp.body) }

data/lib/nexpose/group.rb

@@ -79,7 +79,7 @@ module Nexpose
       scans = []
       sites_ids.each do |id|
         dev_ids = @devices.select { |d| d.site_id == id }.map { |d| d.id }
-        scans << connection.site_device_scan_start(id, dev_ids)
+        scans << connection.site_device_scan_start(id, dev_ids).merge(:site_id => id)
       end
       scans
     end

data/lib/nexpose/manage.rb

@@ -5,7 +5,7 @@ module Nexpose
 
     # Execute an arbitrary console command that is supplied as text via the
     # supplied parameter. Console commands are documented in the
-    # administrator's guide. If you use a command that is not listed in the 
+    # administrator's guide. If you use a command that is not listed in the
     # administrator's guide, the application will return the XMLResponse.
     def console_command(cmd_string)
       xml = make_xml('ConsoleCommandRequest', {})
@@ -14,8 +14,7 @@ module Nexpose
       xml << cmd
 
       r = execute(xml)
-      if (r.success)
-        res = ''
+      if r.success
         r.res.elements.each('//Output') do |out|
           return out.text.to_s
         end
@@ -30,9 +29,9 @@ module Nexpose
     def system_information
       r = execute(make_xml('SystemInformationRequest', {}))
 
-      if (r.success)
+      if r.success
         res = {}
-        r.res.elements.each("//Statistic") do |stat|
+        r.res.elements.each('//Statistic') do |stat|
           res[stat.attributes['name'].to_s] = stat.text.to_s
         end
         res
@@ -48,7 +47,7 @@ module Nexpose
     end
 
     # Restart the application.
-    # 
+    #
     # There is no response to a RestartRequest. When the application
     # shuts down as part of the restart process, it terminates any active
     # connections. Therefore, the application cannot issue a response when it

data/lib/nexpose/report.rb

@@ -6,7 +6,6 @@ module Nexpose
     def generate_report(report_id, wait = false)
       xml = make_xml('ReportGenerateRequest', {'report-id' => report_id})
       response = execute(xml)
-      summary = nil
       if response.success
         response.res.elements.each('//ReportSummary') do |summary|
           summary = ReportSummary.parse(summary)
@@ -58,7 +57,7 @@ module Nexpose
     def report_template_listing
       r = execute(make_xml('ReportTemplateListingRequest', {}))
       templates = []
-      if (r.success)
+      if r.success
         r.res.elements.each('//ReportTemplateSummary') do |template|
           templates << ReportTemplateSummary.parse(template)
         end
@@ -77,7 +76,7 @@ module Nexpose
     def report_listing
       r = execute(make_xml('ReportListingRequest', {}))
       reports = []
-      if (r.success)
+      if r.success
         r.res.elements.each('//ReportConfigSummary') do |report|
           reports << ReportConfigSummary.parse(report)
         end
@@ -113,10 +112,10 @@ module Nexpose
     def initialize(config_id, template_id, status, generated_on, uri, scope)
       @config_id = config_id
       @template_id = template_id
-      @status = status 
-      @generated_on = generated_on 
-      @uri = uri 
-      @scope = scope 
+      @status = status
+      @generated_on = generated_on
+      @uri = uri
+      @scope = scope
     end
 
     def self.parse(xml)
@@ -162,7 +161,7 @@ module Nexpose
 
     def self.parse_all(response)
       summaries = []
-      if (response.success)
+      if response.success
         response.res.elements.each('//ReportSummary') do |summary|
           summaries << ReportSummary.parse(summary)
         end
@@ -193,8 +192,8 @@ module Nexpose
     attr_accessor :baseline
 
     def initialize(template_id, format, site_id = nil, owner = nil, time_zone = nil)
-      @template_id = template_id 
-      @format = format 
+      @template_id = template_id
+      @format = format
       @owner = owner
       @time_zone = time_zone
 
@@ -385,7 +384,7 @@ module Nexpose
 
   # Object that represents a report filter which determines which sites, asset
   # groups, and/or devices that a report is run against.
-  # 
+  #
   # The configuration must include at least one of device (asset), site,
   # group (asset group) or scan filter to define the scope of report.
   # The vuln-status filter can be used only with raw report formats: csv
@@ -416,7 +415,7 @@ module Nexpose
     def self.parse(xml)
       filters = []
       xml.res.elements.each('//Filters/filter') do |filter|
-        filters << Filter.new(filter.attributes['type'], filter.attributes['id']) 
+        filters << Filter.new(filter.attributes['type'], filter.attributes['id'])
       end
       filters
     end
@@ -485,7 +484,7 @@ module Nexpose
     end
 
     def self.parse(xml)
-      xml.elements.each('//Delivery') do |delivery|
+      xml.elements.each('//Delivery') do
         on_server = false
         location = nil
         xml.elements.each('//Storage') do |storage|
@@ -529,7 +528,7 @@ module Nexpose
     def self.parse(xml)
       xml.elements.each('//DBExport') do |dbexport|
         config = DBExport.new(dbexport.attributes['type'])
-        config.credentials = ExportCredential.parse(xml) 
+        config.credentials = ExportCredential.parse(xml)
         xml.elements.each('//param') do |param|
           config.parameters[param.attributes['name']] = param.text
         end

data/lib/nexpose/scan.rb

@@ -57,8 +57,8 @@ module Nexpose
     def scan_activity
       r = execute(make_xml('ScanActivityRequest', {}))
       res = []
-      if (r.success)
-        r.res.elements.each("//ScanSummary") do |scan|
+      if r.success
+        r.res.elements.each('//ScanSummary') do |scan|
           res << ScanSummary.parse(scan)
         end
       end
@@ -139,7 +139,7 @@ module Nexpose
       return ScanSummary.new(rexml.attributes['scan-id'].to_i,
                              rexml.attributes['site-id'].to_i,
                              rexml.attributes['engine-id'].to_i,
-                             rexml.attributes['status'], 
+                             rexml.attributes['status'],
                              start_time,
                              end_time,
                              msg,
@@ -211,7 +211,7 @@ module Nexpose
           not_vuln_exploit, not_vuln_version,
           error, disabled, other
       end
-      
+
       # Parse REXML to Vulnerabilities object.
       #
       # @param [FixNum] scan_id Scan ID to collect vulnerability data for.
@@ -269,42 +269,19 @@ module Nexpose
     end
   end
 
-  # TODO add engineID
-  # === Description
-  # Object that represents the scanning configuration for a Site.
-  #
-  class ScanConfig
-
-    def self.parse(xml)
-      config = ScanConfig.new(xml.attributes['configID'],
-                              xml.attributes['name'],
-                              xml.attributes['templateID'],
-                              xml.attributes['configVersion'],
-                              xml.attributes['engineID'])
-      xml.elements.each('Schedules/Schedule') do |sched|
-        schedule = Schedule.new(sched.attributes['type'],
-                                sched.attributes['interval'],
-                                sched.attributes['start'],
-                                sched.attributes['enabled'])
-        config.addSchedule(schedule)
-      end
-      config
-    end
-  end
-
   # TODO: review
   # <scanFilter scanStop='0' scanFailed='0' scanStart='1'/>
   # === Description
   #
   class ScanFilter
-    attr_reader :scanStop
-    attr_reader :scanFailed
-    attr_reader :scanStart
+    attr_reader :scan_stop
+    attr_reader :scan_failed
+    attr_reader :scan_start
 
     def initialize(scan_stop, scan_failed, scan_start)
-      @scanStop = scan_stop
-      @scanFailed = scan_failed
-      @scanStart = scan_start
+      @scan_stop = scan_stop
+      @scan_failed = scan_failed
+      @scan_start = scan_start
     end
   end
 end

data/lib/nexpose/scan_engine.rb

@@ -18,7 +18,7 @@ module Nexpose
       r = execute(xml)
       arr = []
       if r.success
-        r.res.elements.each("//ScanSummary") do |scan_event|
+        r.res.elements.each('//ScanSummary') do |scan_event|
           arr << ScanSummary.parse(scan_event)
         end
       end
@@ -34,7 +34,7 @@ module Nexpose
       response = execute(make_xml('EngineListingRequest'))
       arr = []
       if response.success
-        response.res.elements.each("//EngineSummary") do |engine|
+        response.res.elements.each('//EngineSummary') do |engine|
           arr << EngineSummary.new(engine.attributes['id'].to_i,
                                    engine.attributes['name'],
                                    engine.attributes['address'],
@@ -202,7 +202,7 @@ module Nexpose
     # Creates a new engine pool, and adds scan engines to the pool.
     def create(connection)
       xml = '<EnginePoolCreateRequest session-id="' + connection.session_id + '">'
-      xml << %Q{<EnginePool name="#@name" scope="#@scope">}
+      xml << %Q{<EnginePool name="#{@name}" scope="#{@scope}">}
       @engines.each do |engine|
         xml << %Q{<Engine name="#{engine.name}" />}
       end
@@ -214,7 +214,7 @@ module Nexpose
         r.res.elements.each('EnginePoolCreateResponse') do |v|
           @id = v.attributes['id']
         end
-      else 
+      else
         @error = true
         @error_msg = 'EnginePoolCreateResponse Parse Error'
       end
@@ -223,7 +223,7 @@ module Nexpose
     # Deletes an engine pool
     def delete(connection)
       xml = '<EnginePoolDeleteRequest session-id="' + connection.session_id + '">'
-      xml << %Q{<EnginePool name="#@name" scope="#@scope" />}
+      xml << %Q{<EnginePool name="#{@name}" scope="#{@scope}" />}
       xml << '</EnginePoolDeleteRequest>'
 
       r = connection.execute(xml, '1.2')
@@ -239,7 +239,7 @@ module Nexpose
     # the EnginePoolUpdateRequest.
     def update(connection)
       xml = '<EnginePoolUpdateRequest session-id="' + connection.session_id + '">'
-      xml << %Q{<EnginePool id="#@id" name="#@name" scope="#@scope">}
+      xml << %Q{<EnginePool id="#{@id}" name="#{@name}" scope="#{@scope}">}
       @engines.each do |engine|
         xml << %Q{<Engine name="#{engine.name}" />}
       end
@@ -251,7 +251,7 @@ module Nexpose
         r.res.elements.each('EnginePoolUpdateResponse') do |v|
           @id = v.attributes['id']
         end
-      else 
+      else
         @error = true
         @error_msg = 'EnginePoolCreateResponse Parse Error'
       end
@@ -260,7 +260,7 @@ module Nexpose
     # Returns detailed information about a single engine pool.
     def load_details(connection)
       xml = '<EnginePoolDetailsRequest session-id="' + connection.session_id + '">'
-      xml << %Q{<EnginePool name="#@name" scope="#@scope" />}
+      xml << %Q{<EnginePool name="#{@name}" scope="#{@scope}" />}
       xml << '</EnginePoolDetailsRequest>'
 
       r = connection.execute(xml, '1.2')
@@ -279,14 +279,14 @@ module Nexpose
                                             summary.attributes['scope']))
           end
         end
-      else 
+      else
         @error = true
         @error_msg = 'EnginePoolListingResponse Parse Error'
       end
     end
 
     def to_s
-      "Engine Pool: #@name [ID: #@id], Scope: #@scope\n" + @engines.map { |engine| "  #{engine}" }.join("\n")
+      "Engine Pool: #{@name} [ID: #{@id}], Scope: #{@scope}\n" + @engines.map { |engine| "  #{engine}" }.join("\n")
     end
   end
 
@@ -303,7 +303,7 @@ module Nexpose
     end
 
     def to_s
-      "Engine Pool: #@name [ID: #@id], scope: #@scope"
+      "Engine Pool: #{@name} [ID: #{@id}], scope: #{@scope}"
     end
 
     # Returns a summary list of all engine pools.
@@ -316,7 +316,7 @@ module Nexpose
           list << EnginePoolSummary.new(eps.attributes['id'], eps.attributes['name'], eps.attributes['scope'])
         end
         list
-      else 
+      else
         @error = true
         @error_msg = 'EnginePoolListingResponse Parse Error'
       end

data/lib/nexpose/site.rb

@@ -90,8 +90,7 @@ module Nexpose
     # @param [FixNum] site_id Site ID to find latest scan for.
     #
     def last_scan(site_id)
-      site_scan_history(site_id).select { |scan| scan.end_time }
-                                .max_by { |scan| scan.end_time }
+      site_scan_history(site_id).select { |scan| scan.end_time }.max_by { |scan| scan.end_time }
     end
 
     #-----------------------------------------------------------------------
@@ -103,7 +102,7 @@ module Nexpose
     def site_device_scan_start(site_id, devices, hosts = nil)
 
       if hosts == nil and devices == nil
-        raise ArgumentError.new("Both the device and host list is nil")
+        raise ArgumentError.new('Both the device and host list is nil.')
       end
 
       xml = make_xml('SiteDevicesScanRequest', {'site-id' => site_id})
@@ -148,6 +147,9 @@ module Nexpose
         false
       end
     end
+
+    alias_method :site_device_scan, :site_device_scan_start
+    alias_method :adhoc_device_scan, :site_device_scan_start
   end
 
   # Configuration object representing a Nexpose site.
@@ -208,7 +210,7 @@ module Nexpose
     # @param [String] name Unique name of the site.
     # @param [String] scan_template ID of the scan template to use.
     def initialize(name = nil, scan_template = 'full-audit')
-      @name = name;
+      @name = name
       @scan_template = scan_template
 
       @id = -1
@@ -285,9 +287,8 @@ module Nexpose
     # @return [Fixnum] Site ID assigned to this configuration, if successful.
     def save(connection)
       r = connection.execute('<SiteSaveRequest session-id="' + connection.session_id + '">' + to_xml + ' </SiteSaveRequest>')
-      if (r.success)
+      if r.success
         @id = r.attributes['site-id']
-        return @id
       end
     end
 
@@ -296,14 +297,14 @@ module Nexpose
     # @param [Connection] connection Connection to console where this site will be saved.
     # @return [Boolean] Whether or not the site was successfully deleted.
     def delete(connection)
-      r = connection.execute(%Q{<SiteDeleteRequest session-id="#{connection.session_id}" site-id="#@id"/>})
+      r = connection.execute(%Q{<SiteDeleteRequest session-id="#{connection.session_id}" site-id="#{@id}"/>})
       r.success
     end
 
     # Scan this site.
     #
     # @param [Connection] connection Connection to console where scan will be launched.
-    # @param [String] sync_id Optional syncronization token.
+    # @param [String] sync_id Optional synchronization token.
     # @return [Fixnum, Fixnum] Scan ID and engine ID where the scan was launched.
     def scan(connection, sync_id = nil)
       xml = REXML::Element.new('SiteScanRequest')
@@ -389,16 +390,16 @@ module Nexpose
           end
         end
 
-        s.elements.each('Credentials') do |cred|
-          # TODO
-        end
+        #s.elements.each('Credentials') do |cred|
+        #  # TODO
+        #end
 
         s.elements.each('Alerting/Alert') do |a|
           a.elements.each('smtpAlert') do |smtp|
             smtp_alert = SMTPAlert.new(a.attributes['name'], smtp.attributes['sender'], smtp.attributes['limitText'], a.attributes['enabled'])
 
             smtp.elements.each('recipient') do |recipient|
-              smtp_alert.addRecipient(recipient.text)
+              smtp_alert.add_recipient(recipient.text)
             end
             site.alerts << smtp_alert
           end
@@ -413,24 +414,23 @@ module Nexpose
             site.alerts << syslog_alert
           end
 
-          a.elements.each('vulnFilter') do |vulnFilter|
-
-            #vulnfilter = new VulnFilter.new(a.attributes["typemask"], a.attributes["severityThreshold"], $attrs["MAXALERTS"])
-            # Pop off the top alert on the stack
-            #$alert = @alerts.pop()
-            # Add the new recipient string to the Alert Object
-            #$alert.setVulnFilter($vulnfilter)
-            # Push the alert back on to the alert stack
-            #array_push($this->alerts, $alert)
-          end
-
-          a.elements.each('scanFilter') do |scanFilter|
-            #<scanFilter scanStop='0' scanFailed='0' scanStart='1'/>
-            #scanfilter = ScanFilter.new(scanFilter.attributes['scanStop'],scanFilter.attributes['scanFailed'],scanFilter.attributes['scanStart'])
-            #alert = @alerts.pop()
-            #alert.setScanFilter(scanfilter)
-            #@alerts.push(alert)
-          end
+          #a.elements.each('vuln_filter') do |vulnFilter|
+          #  vulnfilter = new VulnFilter.new(a.attributes["typemask"], a.attributes["severityThreshold"], $attrs["MAXALERTS"])
+          #  Pop off the top alert on the stack
+          #  $alert = @alerts.pop()
+          #  Add the new recipient string to the Alert Object
+          #  $alert.setVulnFilter($vulnfilter)
+          #  Push the alert back on to the alert stack
+          #  array_push($this->alerts, $alert)
+          #end
+
+          #a.elements.each('scanFilter') do |scanFilter|
+          #  <scanFilter scanStop='0' scanFailed='0' scanStart='1'/>
+          #  scanfilter = ScanFilter.new(scanFilter.attributes['scanStop'],scanFilter.attributes['scanFailed'],scanFilter.attributes['scanStart'])
+          #  alert = @alerts.pop()
+          #  alert.setScanFilter(scanfilter)
+          #  @alerts.push(alert)
+          #end
         end
 
         return site
@@ -456,14 +456,7 @@ module Nexpose
   #   end
   #
   class SiteListing
-    # true if an error condition exists; false otherwise
-    attr_reader :error
-    # Error message string
-    attr_reader :error_msg
-    # The last XML request sent by this object
-    attr_reader :request_xml
-    # The last XML response received by this object
-    attr_reader :response_xml
+
     # The NSC Connection associated with this object
     attr_reader :connection
     # Array containing SiteSummary objects for each site in the connection
@@ -480,10 +473,10 @@ module Nexpose
 
       r = @connection.execute('<SiteListingRequest session-id="' + @connection.session_id.to_s + '"/>')
 
-      if (r.success)
+      if r.success
         parse(r.res)
       else
-        raise APIError.new(r, "Failed to get site listing")
+        raise APIError.new(r, 'Failed to get site listing.')
       end
     end
 
@@ -565,7 +558,7 @@ module Nexpose
     # The Syslog server to sent this alert
     attr_reader :server
     # The vulnerability filter to trigger the alert
-    attr_reader :vulnFilter
+    attr_accessor :vuln_filter
     # The alert type
     attr_reader :type
 
@@ -575,24 +568,19 @@ module Nexpose
       @server = server
       @enabled = enabled
       # Sets default vuln filter - All Events
-      setVulnFilter(VulnFilter.new("50790400", 1))
-
-    end
+      @vuln_filter = VulnFilter.new('50790400', 1)
 
-    # Sets the Vulnerability Filter for this alert.
-    def setVulnFilter(vulnFilter)
-      @vulnFilter = vulnFilter
     end
 
     include Sanitize
 
     def to_xml
-      xml = "<syslogAlert"
+      xml = '<syslogAlert'
       xml << %Q{ name="#{replace_entities(name)}"}
       xml << %Q{ enabled="#{replace_entities(enabled)}"}
       xml << %Q{ server="#{replace_entities(server)}">}
-      xml << vulnFilter.to_xml
-      xml << "</syslogAlert>"
+      xml << vuln_filter.to_xml
+      xml << '</syslogAlert>'
       xml
     end
 
@@ -613,7 +601,7 @@ module Nexpose
     # The SNMP server to sent this alert
     attr_reader :server
     # The vulnerability filter to trigger the alert
-    attr_reader :vulnFilter
+    attr_reader :vuln_filter
     # The alert type
     attr_reader :type
 
@@ -624,22 +612,17 @@ module Nexpose
       @server = server
       @enabled = enabled
       # Sets default vuln filter - All Events
-      setVulnFilter(VulnFilter.new("50790400", 1))
-    end
-
-    # Sets the Vulnerability Filter for this alert.
-    def setVulnFilter(vulnFilter)
-      @vulnFilter = vulnFilter
+      @vuln_filter = VulnFilter.new('50790400', 1)
     end
 
     def to_xml
-      xml = "<snmpAlert"
+      xml = '<snmpAlert'
       xml << %Q{ name="#{replace_entities(name)}"}
       xml << %Q{ enabled="#{replace_entities(enabled)}"}
       xml << %Q{ community="#{replace_entities(community)}"}
       xml << %Q{ server="#{replace_entities(server)}">}
-      xml << vulnFilter.to_xml
-      xml << "</snmpAlert>"
+      xml << vuln_filter.to_xml
+      xml << '</snmpAlert>'
       xml
     end
 
@@ -656,49 +639,44 @@ module Nexpose
     # The email address of the sender
     attr_reader :sender
     # Limit the text for mobile devices
-    attr_reader :limitText
+    attr_reader :limit_text
     # Array containing Strings of email addresses
     # Array of strings with the email addresses of the intended recipients
     attr_reader :recipients
     # The vulnerability filter to trigger the alert
-    attr_reader :vulnFilter
+    attr_accessor :vuln_filter
     # The alert type
     attr_reader :type
 
-    def initialize(name, sender, limitText, enabled = 1)
+    def initialize(name, sender, limit_text, enabled = 1)
       @type = :smtp
       @name = name
       @sender = sender
       @enabled = enabled
-      @limitText = limitText
+      @limit_text = limit_text
       @recipients = []
       # Sets default vuln filter - All Events
-      setVulnFilter(VulnFilter.new("50790400", 1))
+      @vuln_filter = VulnFilter.new('50790400', 1)
     end
 
     # Adds a new Recipient to the recipients array
-    def addRecipient(recipient)
+    def add_recipient(recipient)
       @recipients.push(recipient)
     end
 
-    # Sets the Vulnerability Filter for this alert.
-    def setVulnFilter(vulnFilter)
-      @vulnFilter = vulnFilter
-    end
-
     include Sanitize
 
     def to_xml
-      xml = "<smtpAlert"
+      xml = '<smtpAlert'
       xml << %Q{ name="#{replace_entities(name)}"}
       xml << %Q{ enabled="#{replace_entities(enabled)}"}
       xml << %Q{ sender="#{replace_entities(sender)}"}
-      xml << %Q{ limitText="#{replace_entities(limitText)}">}
+      xml << %Q{ limitText="#{replace_entities(limit_text)}">}
       recipients.each do |recpt|
         xml << "<recipient>#{replace_entities(recpt)}</recipient>"
       end
-      xml << vulnFilter.to_xml
-      xml << "</smtpAlert>"
+      xml << vuln_filter.to_xml
+      xml << '</smtpAlert>'
       xml
     end
   end

data/lib/nexpose/ticket.rb

@@ -16,7 +16,7 @@ module Nexpose
     #
     # @return The ticket ID if the ticket creation was successful, {@code false} otherwise
     #
-    def create_ticket ticket_info
+    def create_ticket(ticket_info)
       ticket_name = ticket_info[:name]
       unless ticket_name
         raise ArgumentError.new 'Ticket name is required'
@@ -46,10 +46,10 @@ module Nexpose
       base_xml = make_xml 'TicketCreateRequest'
 
       required_attributes = {
-        'name' => ticket_name,
-        'priority' => priority,
-        'device-id' => device_id,
-        'assigned-to' => assigned_to
+          'name' => ticket_name,
+          'priority' => priority,
+          'device-id' => device_id,
+          'assigned-to' => assigned_to
       }
 
       create_request_xml = REXML::Element.new 'TicketCreate'

data/lib/nexpose/user.rb

@@ -22,9 +22,9 @@ module Nexpose
     def to_s
       out = "#{@user_name} (#{@full_name}) [ID: #{@id}]"
       out << " e-mail: #{@email}" unless @email.empty?
-      out << " Administrator" if @is_admin
-      out << " Disabled" if @is_disabled
-      out << " Locked" if @is_locked
+      out << ' Administrator' if @is_admin
+      out << ' Disabled' if @is_disabled
+      out << ' Locked' if @is_locked
       out << ", sites: #{@site_count}"
       out << ", groups: #{@group_count}"
     end
@@ -104,16 +104,16 @@ module Nexpose
     end
 
     def to_s
-      out = "#{@user_name} (#{@full_name}) [ID: #{@id}, Role: #{@role_name}]"
-      out << " Disabled" unless @enabled
-      out << " All-Sites" if @all_sites
-      out << " All-Groups" if @all_groups
+      out = "#{@name} (#{@full_name}) [ID: #{@id}, Role: #{@role_name}]"
+      out << ' Disabled' unless @enabled
+      out << ' All-Sites' if @all_sites
+      out << ' All-Groups' if @all_groups
       out << " e-mail: #{@email}" unless @email.nil? || @email.empty?
       out
     end
 
     def to_xml
-      xml = "<UserConfig"
+      xml = '<UserConfig'
       xml << %Q{ id="#{@id}"}
       xml << %Q{ authsrcid="#{@authsrcid}"}
       xml << %Q{ name="#{@name}"}
@@ -125,7 +125,7 @@ module Nexpose
       # These two fields are keying off role_name to work around a defect.
       xml << %Q{ allGroups="#{@all_groups || @role_name == 'global-admin'}"}
       xml << %Q{ allSites="#{@all_sites || @role_name == 'global-admin'}"}
-      xml << ">"
+      xml << '>'
       @sites.each do |site|
         xml << %Q{<site id="#{site}" />}
       end
@@ -142,7 +142,6 @@ module Nexpose
       xml << '</UserSaveRequest>'
       r = connection.execute(xml, '1.1')
       if r.success
-        res = []
         r.res.elements.each('UserSaveResponse') do |attr|
           @id = attr.attributes['id'].to_i
         end
@@ -162,7 +161,7 @@ module Nexpose
         r.res.elements.each('UserConfigResponse/UserConfig') do |config|
           id = config.attributes['id']
           role_name = config.attributes['role-name']
-          authsrcid = config.attributes['authsrcid']
+          #authsrcid = config.attributes['authsrcid']
           name = config.attributes['name']
           fullname = config.attributes['fullname']
 

data/lib/nexpose/util.rb

@@ -2,23 +2,24 @@ module Nexpose
   module Sanitize
     def replace_entities(str)
       ret = str.dup
-      ret.gsub!(/&/, "&")
-      ret.gsub!(/'/, "'")
-      ret.gsub!(/"/, """)
-      ret.gsub!(/</, "&lt;")
-      ret.gsub!(/>/, "&gt;")
+      ret.gsub!(/&/, '&amp;')
+      ret.gsub!(/'/, '&apos;')
+      ret.gsub!(/"/, '&quot;')
+      ret.gsub!(/</, '&lt;')
+      ret.gsub!(/>/, '&gt;')
       ret
     end
   end
 
   module XMLUtils
+
     def parse_xml(xml)
       ::REXML::Document.new(xml.to_s)
     end
 
     def make_xml(name, opts={}, data='', append_session_id=true)
       xml = REXML::Element.new(name)
-      if (@session_id and append_session_id)
+      if @session_id and append_session_id
         xml.attributes['session-id'] = @session_id
       end
 

data/lib/nexpose/vuln.rb

@@ -29,7 +29,7 @@ module Nexpose
 
       if r.success
         res = []
-        r.res.elements.each("//VulnerabilityException") do |ve|
+        r.res.elements.each('//VulnerabilityException') do |ve|
           submitter_comment = ve.elements['submitter-comment']
           reviewer_comment = ve.elements['reviewer-comment']
           res << {
@@ -112,7 +112,7 @@ module Nexpose
         end
 
         if scope =~ /All Instances on a Specific Asset/ && (vuln_key || port)
-          raise ArgumentError.new "Vulnerability key or port cannot be used with the scope specified"
+          raise ArgumentError.new 'Vulnerability key or port cannot be used with the scope specified'
         end
 
         if vuln_key
@@ -137,7 +137,7 @@ module Nexpose
 
       r = execute xml, '1.2'
       if r.success
-        r.res.elements.each("//VulnerabilityExceptionCreateResponse") do |vecr|
+        r.res.elements.each('//VulnerabilityExceptionCreateResponse') do |vecr|
           return vecr.attributes['exception-id']
         end
       else
@@ -355,7 +355,7 @@ module Nexpose
 
       if r.success
         r.res.elements.each('VulnerabilityListingResponse/VulnerabilitySummary') do |v|
-          @vulnerability_summaries.push(VulnerabilitySummary.new(v.attributes['id'], v.attributes["title"], v.attributes["severity"]))
+          @vulnerability_summaries.push(VulnerabilitySummary.new(v.attributes['id'], v.attributes['title'], v.attributes['severity']))
         end
       else
         @error = true
@@ -438,8 +438,8 @@ module Nexpose
       if r.success
         r.res.elements.each('VulnerabilityDetailsResponse/Vulnerability') do |v|
           @id = v.attributes['id']
-          @title = v.attributes["title"]
-          @severity = v.attributes["severity"]
+          @title = v.attributes['title']
+          @severity = v.attributes['severity']
           @pciSeverity = v.attributes['pciSeverity']
           @cvssScore = v.attributes['cvssScore']
           @cvssVector = v.attributes['cvssVector']
@@ -498,13 +498,12 @@ module Nexpose
     include Sanitize
 
     def to_xml
-      xml = '<vulnFilter '
+      xml = '<vuln_filter '
       xml << %Q{ type_mask="#{replace_entities(typeMask)}"}
       xml << %Q{ maxAlerts="#{replace_entities(maxAlerts)}"}
       xml << %Q{ severity_threshold="#{replace_entities(severityThreshold)}"}
       xml << '/>'
       xml
     end
-
   end
 end

metadata

@@ -1,16 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.1.9
   prerelease: 
 platform: ruby
 authors:
 - HD Moore
 - Chris Lee
+- Michael Daines
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-01 00:00:00.000000000 Z
+date: 2013-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: librex