RubyGems - nexpose - Versions diffs - 0.8.7 → 0.8.8 - Mend

nexpose 0.8.7 → 0.8.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4a34cdeb971857fcd6f7de262b1cd30823039f96
-  data.tar.gz: 3cca7ce023e3826cef57e3ddd41280b20af48a8e
+  metadata.gz: 0895452fa39e68f031ad27edc40a94cef8337730
+  data.tar.gz: 051981f1f5ef5a0e04977c3a7f5bc1447b2cee3c
 SHA512:
-  metadata.gz: d281a778836d4a11e1726dc8bd9c570025279cef9cf70f6ef056451ea45c995179f59d87abb648b3c4b22be4bd166c0bcd0052ed7b661c78e1bf7462c5cef729
-  data.tar.gz: 47d847fbba3c67b893a033bc56ffd25cc9b6c57edcdbb07d015959109da46fa199d5e0fa16eb8d2c9e438c8a42da9d423b830d86cf7da24d0690079ba06160be
+  metadata.gz: 9ebb703fbacc51a22fc0d60e18b1ac063fe853406b22c6ee2b7b3d77b0f9feda1e2441f07d0cb8b5dfeb8cb96937451cc94a5088e24485a34a7e078a98d37187
+  data.tar.gz: 4f7c7f467df77177e2762f5bf927548fe67e70c641855e7108a0219e1761bb9f1996664862edaaeb2a017ebd3df252bccfaf71163ba80053a9147dd609b030b9

data/lib/nexpose/data_table.rb CHANGED

@@ -28,13 +28,19 @@ module Nexpose
     #                               'table-id' => 'site-assets',
     #                               'siteID' => site_id })
     #
-    def _get_json_table(console, address, parameters = {}, page_size = 500, records = nil)
+    def _get_json_table(console, address, parameters = {}, page_size = 500, records = nil, post = true)
       parameters['dir'] = 'DESC'
       parameters['startIndex'] = -1
       parameters['results'] = -1
-      post = AJAX.form_post(console, address, parameters)
-      data = JSON.parse(post)
+      if post
+        request = lambda { |p| AJAX.form_post(console, address, p) }
+      else
+        request = lambda { |p| AJAX.get(console, address.dup, AJAX::CONTENT_TYPE::JSON, p) }
+      end
+      response = request.(parameters)
+      data = JSON.parse(response)
       total = records || data['totalRecords']
       return [] if total == 0
@@ -43,7 +49,7 @@ module Nexpose
       while rows.length < total
         parameters['startIndex'] = rows.length
-        data = JSON.parse(AJAX.form_post(console, address, parameters))
+        data = JSON.parse(request.(parameters))
         rows.concat data['records']
       end
       rows

data/lib/nexpose/filter.rb CHANGED

@@ -58,6 +58,10 @@ module Nexpose
       # Valid Operators: IS, IS_NOT, STARTS_WITH, ENDS_WITH, CONTAINS, NOT_CONTAINS
       ASSET = 'ASSET'
+      # Search for an Asset by CVE ID
+      # Valid Operators: IS, IS_NOT, CONTAINS, NOT_CONTAINS
+      CVE_ID = 'CVE_ID'
       # Valid Operators: IS, IS_NOT
       # Valid Values (See Value::AccessComplexity): LOW, MEDIUM, HIGH
       CVSS_ACCESS_COMPLEXITY = 'CVSS_ACCESS_COMPLEXITY'
@@ -158,6 +162,10 @@ module Nexpose
       # Valid Operators: INCLUDE, DO_NOT_INCLUDE
       # Valid Values (See Value::VulnerabilityExposure): MALWARE, METASPLOIT, DATABASE
       VULNERABILITY_EXPOSURES = 'VULNERABILITY_EXPOSURES'
+      # Search by VULNERABILITY CATEGORY
+      # Valid Operators: IS, IS_NOT, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH
+      VULN_CATEGORY = 'VULN_CATEGORY'
     end
     # List of acceptable operators. Not all fields accept all operators.

data/lib/nexpose/pool.rb CHANGED

@@ -36,7 +36,7 @@ module Nexpose
     attr_reader :scope
     def initialize(id, name, scope = 'silo')
-      @id = id
+      @id = id.to_i
       @name = name
       @scope = scope
     end

data/lib/nexpose/scan.rb CHANGED

@@ -166,7 +166,7 @@ module Nexpose
     #
     def resume_scan(scan_id)
       r = execute(make_xml('ScanResumeRequest', { 'scan-id' => scan_id }), '1.1', timeout: 60)
-      r.success ? r.attributes['success'] : nil
+      r.success ? r.attributes['success'] == '1' : false
     end
     # Pauses a scan.
@@ -175,7 +175,25 @@ module Nexpose
     #
     def pause_scan(scan_id)
       r = execute(make_xml('ScanPauseRequest', { 'scan-id' => scan_id }))
-      r.success ? r.attributes['success'] : nil
+      r.success ? r.attributes['success'] == '1' : false
+    end
+    # Retrieve a list of current scan activities across all Scan Engines
+    # managed by Nexpose. This method returns lighter weight objects than
+    # scan_activity.
+    #
+    # @return [Array[ScanData]] Array of ScanData objects associated with
+    #   each active scan on the engines.
+    #
+    def activity
+      r = execute(make_xml('ScanActivityRequest'))
+      res = []
+      if r.success
+        r.res.elements.each('//ScanSummary') do |scan|
+          res << ScanData.parse(scan)
+        end
+      end
+      res
     end
     # Retrieve a list of current scan activities across all Scan Engines
@@ -293,9 +311,11 @@ module Nexpose
     end
   end
-  # Object that represents a summary of a scan.
+  # Minimal scan data object.
+  # Unlike ScanSummary, these objects don't collect vulnerability data, which
+  # can be rather verbose and isn't useful for many automation scenarios.
   #
-  class ScanSummary
+  class ScanData
     # The Scan ID of the Scan
     attr_reader :scan_id
@@ -311,6 +331,40 @@ module Nexpose
     # One of: running|finished|stopped|error|dispatched|paused|aborted|uknown
     attr_reader :status
+    # Constructor
+    def initialize(scan_id, site_id, engine_id, status, start_time, end_time)
+      @scan_id, @site_id, @engine_id, @status, @start_time, @end_time = scan_id, site_id, engine_id, status, start_time, end_time
+    end
+    def self.parse(xml)
+      # Start time can be empty in some error conditions.
+      start_time = nil
+      unless xml.attributes['startTime'] == ''
+        start_time = DateTime.parse(xml.attributes['startTime'].to_s).to_time
+        # Timestamp is UTC, but parsed as local time.
+        start_time -= start_time.gmt_offset
+      end
+      # End time is often not present, since reporting on running scans.
+      end_time = nil
+      if xml.attributes['endTime']
+        end_time = DateTime.parse(xml.attributes['endTime'].to_s).to_time
+        # Timestamp is UTC, but parsed as local time.
+        end_time -= end_time.gmt_offset
+      end
+      ScanData.new(xml.attributes['scan-id'].to_i,
+                   xml.attributes['site-id'].to_i,
+                   xml.attributes['engine-id'].to_i,
+                   xml.attributes['status'],
+                   start_time,
+                   end_time)
+    end
+  end
+  # Object that represents a summary of a scan.
+  #
+  class ScanSummary < ScanData
     # The reason the scan was stopped or failed, if applicable.
     attr_reader :message

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.8.7
+  version: 0.8.8
 platform: ruby
 authors:
 - HD Moore
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-10-14 00:00:00.000000000 Z
+date: 2014-10-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rex
@@ -19,20 +19,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement