RubyGems - nexpose - Versions diffs - 0.8.7 → 0.8.8 - Mend

nexpose 0.8.7 → 0.8.8

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4a34cdeb971857fcd6f7de262b1cd30823039f96
-  data.tar.gz: 3cca7ce023e3826cef57e3ddd41280b20af48a8e
+  metadata.gz: 0895452fa39e68f031ad27edc40a94cef8337730
+  data.tar.gz: 051981f1f5ef5a0e04977c3a7f5bc1447b2cee3c
 SHA512:
-  metadata.gz: d281a778836d4a11e1726dc8bd9c570025279cef9cf70f6ef056451ea45c995179f59d87abb648b3c4b22be4bd166c0bcd0052ed7b661c78e1bf7462c5cef729
-  data.tar.gz: 47d847fbba3c67b893a033bc56ffd25cc9b6c57edcdbb07d015959109da46fa199d5e0fa16eb8d2c9e438c8a42da9d423b830d86cf7da24d0690079ba06160be
+  metadata.gz: 9ebb703fbacc51a22fc0d60e18b1ac063fe853406b22c6ee2b7b3d77b0f9feda1e2441f07d0cb8b5dfeb8cb96937451cc94a5088e24485a34a7e078a98d37187
+  data.tar.gz: 4f7c7f467df77177e2762f5bf927548fe67e70c641855e7108a0219e1761bb9f1996664862edaaeb2a017ebd3df252bccfaf71163ba80053a9147dd609b030b9

data/lib/nexpose/data_table.rb CHANGED

@@ -28,13 +28,19 @@ module Nexpose
     #                               'table-id' => 'site-assets',
     #                               'siteID' => site_id })
     #
-    def _get_json_table(console, address, parameters = {}, page_size = 500, records = nil)
+    def _get_json_table(console, address, parameters = {}, page_size = 500, records = nil, post = true)
       parameters['dir'] = 'DESC'
       parameters['startIndex'] = -1
       parameters['results'] = -1
-      post = AJAX.form_post(console, address, parameters)
-      data = JSON.parse(post)
+      if post
+        request = lambda { |p| AJAX.form_post(console, address, p) }
+      else
+        request = lambda { |p| AJAX.get(console, address.dup, AJAX::CONTENT_TYPE::JSON, p) }
+      end
+      response = request.(parameters)
+      data = JSON.parse(response)
       total = records || data['totalRecords']
       return [] if total == 0
@@ -43,7 +49,7 @@ module Nexpose
       while rows.length < total
         parameters['startIndex'] = rows.length
-        data = JSON.parse(AJAX.form_post(console, address, parameters))
+        data = JSON.parse(request.(parameters))
         rows.concat data['records']
       end
       rows

data/lib/nexpose/filter.rb CHANGED

@@ -58,6 +58,10 @@ module Nexpose
       # Valid Operators: IS, IS_NOT, STARTS_WITH, ENDS_WITH, CONTAINS, NOT_CONTAINS
       ASSET = 'ASSET'
+      # Search for an Asset by CVE ID
+      # Valid Operators: IS, IS_NOT, CONTAINS, NOT_CONTAINS
+      CVE_ID = 'CVE_ID'
       # Valid Operators: IS, IS_NOT
       # Valid Values (See Value::AccessComplexity): LOW, MEDIUM, HIGH
       CVSS_ACCESS_COMPLEXITY = 'CVSS_ACCESS_COMPLEXITY'
@@ -158,6 +162,10 @@ module Nexpose
       # Valid Operators: INCLUDE, DO_NOT_INCLUDE
       # Valid Values (See Value::VulnerabilityExposure): MALWARE, METASPLOIT, DATABASE
       VULNERABILITY_EXPOSURES = 'VULNERABILITY_EXPOSURES'
+      # Search by VULNERABILITY CATEGORY
+      # Valid Operators: IS, IS_NOT, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH
+      VULN_CATEGORY = 'VULN_CATEGORY'
     end
     # List of acceptable operators. Not all fields accept all operators.

data/lib/nexpose/pool.rb CHANGED

@@ -36,7 +36,7 @@ module Nexpose
     attr_reader :scope
     def initialize(id, name, scope = 'silo')
-      @id = id
+      @id = id.to_i
       @name = name
       @scope = scope
     end

data/lib/nexpose/scan.rb CHANGED

@@ -166,7 +166,7 @@ module Nexpose
     #
     def resume_scan(scan_id)
       r = execute(make_xml('ScanResumeRequest', { 'scan-id' => scan_id }), '1.1', timeout: 60)
-      r.success ? r.attributes['success'] : nil
+      r.success ? r.attributes['success'] == '1' : false
     end
     # Pauses a scan.
@@ -175,7 +175,25 @@ module Nexpose
     #
     def pause_scan(scan_id)
       r = execute(make_xml('ScanPauseRequest', { 'scan-id' => scan_id }))
-      r.success ? r.attributes['success'] : nil
+      r.success ? r.attributes['success'] == '1' : false
+    end
+    # Retrieve a list of current scan activities across all Scan Engines
+    # managed by Nexpose. This method returns lighter weight objects than
+    # scan_activity.
+    #
+    # @return [Array[ScanData]] Array of ScanData objects associated with
+    #   each active scan on the engines.
+    #
+    def activity
+      r = execute(make_xml('ScanActivityRequest'))
+      res = []
+      if r.success
+        r.res.elements.each('//ScanSummary') do |scan|
+          res << ScanData.parse(scan)
+        end
+      end
+      res
     end
     # Retrieve a list of current scan activities across all Scan Engines
@@ -293,9 +311,11 @@ module Nexpose
     end
   end
-  # Object that represents a summary of a scan.
+  # Minimal scan data object.
+  # Unlike ScanSummary, these objects don't collect vulnerability data, which
+  # can be rather verbose and isn't useful for many automation scenarios.
   #
-  class ScanSummary
+  class ScanData
     # The Scan ID of the Scan
     attr_reader :scan_id
@@ -311,6 +331,40 @@ module Nexpose
     # One of: running|finished|stopped|error|dispatched|paused|aborted|uknown
     attr_reader :status
+    # Constructor
+    def initialize(scan_id, site_id, engine_id, status, start_time, end_time)
+      @scan_id, @site_id, @engine_id, @status, @start_time, @end_time = scan_id, site_id, engine_id, status, start_time, end_time
+    end
+    def self.parse(xml)
+      # Start time can be empty in some error conditions.
+      start_time = nil
+      unless xml.attributes['startTime'] == ''
+        start_time = DateTime.parse(xml.attributes['startTime'].to_s).to_time
+        # Timestamp is UTC, but parsed as local time.
+        start_time -= start_time.gmt_offset
+      end
+      # End time is often not present, since reporting on running scans.
+      end_time = nil
+      if xml.attributes['endTime']
+        end_time = DateTime.parse(xml.attributes['endTime'].to_s).to_time
+        # Timestamp is UTC, but parsed as local time.
+        end_time -= end_time.gmt_offset
+      end
+      ScanData.new(xml.attributes['scan-id'].to_i,
+                   xml.attributes['site-id'].to_i,
+                   xml.attributes['engine-id'].to_i,
+                   xml.attributes['status'],
+                   start_time,
+                   end_time)
+    end
+  end
+  # Object that represents a summary of a scan.
+  #
+  class ScanSummary < ScanData
     # The reason the scan was stopped or failed, if applicable.
     attr_reader :message

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.8.7
+  version: 0.8.8
 platform: ruby
 authors:
 - HD Moore
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-10-14 00:00:00.000000000 Z
+date: 2014-10-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rex
@@ -19,20 +19,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement