nexpose 0.9.2 → 0.9.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4346ba57f3daa91d7f5d54d7a50725b3283f0b5e
4
- data.tar.gz: b47df6be1890408edd950d05130051e318e8aa78
3
+ metadata.gz: 3061d4a5d9569fa5aa6e9e71b59b8747688e3423
4
+ data.tar.gz: 0b79ee953da25edc842e37b8ac19b9ba9f4bbb7c
5
5
  SHA512:
6
- metadata.gz: c8b09a6921fd4b6827dbe264694396830d04e9dd7ef8a4c85a02fdda433d7612bb0ddbb899585fc025d50a53a1f190d66815ce8798ae52f3f4c18f170e0a750b
7
- data.tar.gz: 6a86219f41fd9e174bc6a4a2578fda5e72e8fa310ec823fed2dfcf7e640c083175f042d4c8b3bc723634782a88754509f9daa06b848b69a1116a9eec0d02c6e2
6
+ metadata.gz: 31e606472483067a65ef775690c7f3f92ef26f50c9ce18d4840565d7cc3c3031d6b713ba379112ebe1677ef0d1e54e79cc17e33b44cc227570a91ae45f1555ce
7
+ data.tar.gz: a71ed17da304eb8c08a9fd5f5e8fad4b7efc019d0f172a12b0b215b0d342da31eb5da70dad4245d57f13c405bda2a44a53835f677c005a2b18ae7dc65e619694
data/lib/nexpose/ajax.rb CHANGED
@@ -1,7 +1,5 @@
1
1
  # encoding: utf-8
2
-
3
2
  module Nexpose
4
-
5
3
  # Accessor to the Nexpose AJAX API.
6
4
  # These core methods should allow direct access to underlying controllers
7
5
  # in order to test functionality that is not currently exposed
@@ -10,6 +8,8 @@ module Nexpose
10
8
  module AJAX
11
9
  module_function
12
10
 
11
+ # Content type strings acceptect by Nexpose.
12
+ #
13
13
  module CONTENT_TYPE
14
14
  XML = 'text/xml; charset=UTF-8'
15
15
  JSON = 'application/json; charset-utf-8'
@@ -28,7 +28,7 @@ module Nexpose
28
28
  parameterize_uri(uri, options)
29
29
  get = Net::HTTP::Get.new(uri)
30
30
  get.set_content_type(content_type)
31
- _request(nsc, get)
31
+ request(nsc, get)
32
32
  end
33
33
 
34
34
  # PUT call to a Nexpose controller.
@@ -43,7 +43,7 @@ module Nexpose
43
43
  put = Net::HTTP::Put.new(uri)
44
44
  put.set_content_type(content_type)
45
45
  put.body = payload.to_s if payload
46
- _request(nsc, put)
46
+ request(nsc, put)
47
47
  end
48
48
 
49
49
  # POST call to a Nexpose controller.
@@ -52,13 +52,14 @@ module Nexpose
52
52
  # @param [String] uri Controller address relative to https://host:port
53
53
  # @param [String|REXML::Document] payload XML document required by the call.
54
54
  # @param [String] content_type Content type to use when issuing the POST.
55
+ # @param [Fixnum] timeout Set an explicit timeout for the HTTP request.
55
56
  # @return [String|REXML::Document|Hash] The response from the call.
56
57
  #
57
- def post(nsc, uri, payload = nil, content_type = CONTENT_TYPE::XML)
58
+ def post(nsc, uri, payload = nil, content_type = CONTENT_TYPE::XML, timeout = nil)
58
59
  post = Net::HTTP::Post.new(uri)
59
60
  post.set_content_type(content_type)
60
61
  post.body = payload.to_s if payload
61
- _request(nsc, post)
62
+ request(nsc, post, timeout)
62
63
  end
63
64
 
64
65
  # PATCH call to a Nexpose controller.
@@ -73,7 +74,7 @@ module Nexpose
73
74
  patch = Net::HTTP::Patch.new(uri)
74
75
  patch.set_content_type(content_type)
75
76
  patch.body = payload.to_s if payload
76
- _request(nsc, patch)
77
+ request(nsc, patch)
77
78
  end
78
79
 
79
80
  # POST call to a Nexpose controller that uses a form-post model.
@@ -90,7 +91,7 @@ module Nexpose
90
91
  post = Net::HTTP::Post.new(uri)
91
92
  post.set_content_type(content_type)
92
93
  post.set_form_data(parameters)
93
- _request(nsc, post)
94
+ request(nsc, post)
94
95
  end
95
96
 
96
97
  # DELETE call to a Nexpose controller.
@@ -101,9 +102,16 @@ module Nexpose
101
102
  def delete(nsc, uri, content_type = CONTENT_TYPE::XML)
102
103
  delete = Net::HTTP::Delete.new(uri)
103
104
  delete.set_content_type(content_type)
104
- _request(nsc, delete)
105
+ request(nsc, delete)
105
106
  end
106
107
 
108
+ ###
109
+ # === Internal helper methods below this line. ===
110
+ #
111
+ # These are internal utility methods, not subject to backward compatibility
112
+ # concerns.
113
+ ###
114
+
107
115
  # Append the query parameters to given URI.
108
116
  #
109
117
  # @param [String] uri Controller address relative to https://host:port
@@ -114,59 +122,93 @@ module Nexpose
114
122
  def parameterize_uri(uri, parameters)
115
123
  params = Hash.try_convert(parameters)
116
124
  unless params.nil? || params.empty?
117
- uri = uri.concat(('?').concat(parameters.map { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')))
125
+ uri = uri.concat(('?').concat(parameters.map { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')))
118
126
  end
119
127
  uri
120
128
  end
121
129
 
122
- def preserving_preference(nsc, pref)
123
- begin
124
- orig = _get_rows(nsc, pref)
125
- yield
126
- ensure
127
- _set_rows(nsc, pref, orig)
128
- end
129
- end
130
-
131
- ###
132
- # Internal helper methods
133
-
134
130
  # Use the Nexpose::Connection to establish a correct HTTPS object.
135
- def _https(nsc)
131
+ def https(nsc, timeout = nil)
136
132
  http = Net::HTTP.new(nsc.host, nsc.port)
133
+ http.read_timeout = timeout if timeout
137
134
  http.use_ssl = true
138
135
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
139
136
  http
140
137
  end
141
138
 
142
139
  # Attach necessary header fields.
143
- def _headers(nsc, request)
140
+ def headers(nsc, request)
144
141
  request.add_field('nexposeCCSessionID', nsc.session_id)
145
142
  request.add_field('Cookie', "nexposeCCSessionID=#{nsc.session_id}")
146
143
  end
147
144
 
148
- def _request(nsc, request)
149
- http = _https(nsc)
150
- _headers(nsc, request)
145
+ def request(nsc, request, timeout = nil)
146
+ http = https(nsc, timeout)
147
+ headers(nsc, request)
151
148
 
152
149
  # Return response body if request is successful. Brittle.
153
150
  response = http.request(request)
154
151
  case response
155
- when Net::HTTPOK
156
- response.body
157
- when Net::HTTPCreated
152
+ when Net::HTTPOK, Net::HTTPCreated
158
153
  response.body
159
154
  when Net::HTTPForbidden
160
155
  raise Nexpose::PermissionError.new(response)
161
- when Net::HTTPUnauthorized
162
- raise Nexpose::PermissionError.new(response)
156
+ when Net::HTTPFound
157
+ if response.header['location'] =~ /login/
158
+ raise Nexpose::AuthenticationFailed.new(response)
159
+ else
160
+ req_type = request.class.name.split('::').last.upcase
161
+ raise Nexpose::APIError.new(response, "#{req_type} request to #{request.path} failed. #{request.body}", response.code)
162
+ end
163
163
  else
164
164
  req_type = request.class.name.split('::').last.upcase
165
165
  raise Nexpose::APIError.new(response, "#{req_type} request to #{request.path} failed. #{request.body}", response.code)
166
166
  end
167
167
  end
168
168
 
169
- def _get_rows(nsc, pref)
169
+ # Execute a block of code while presenving the preferences for any
170
+ # underlying table being accessed. Use this method when accessing data
171
+ # tables which are present in the UI to prevent existing row preferences
172
+ # from being set to 500.
173
+ #
174
+ # This is an internal utility method, not subject to backward compatibility
175
+ # concerns.
176
+ #
177
+ # @param [Connection] nsc Live connection to a Nepose console.
178
+ # @param [String] pref Preference key value to preserve.
179
+ #
180
+ def preserving_preference(nsc, pref)
181
+ begin
182
+ orig = get_rows(nsc, pref)
183
+ yield
184
+ ensure
185
+ set_rows(nsc, pref, orig)
186
+ end
187
+ end
188
+
189
+ # Get a valid row preference value.
190
+ #
191
+ # This is an internal utility method, not subject to backward compatibility
192
+ # concerns.
193
+ #
194
+ # @param [Fixnum] val Value to get inclusive row preference for.
195
+ # @return [Fixnum] Valid row preference.
196
+ #
197
+ def row_pref_of(val)
198
+ if val.nil? || val > 100
199
+ 500
200
+ elsif val > 50
201
+ 100
202
+ elsif val > 25
203
+ 50
204
+ elsif val > 10
205
+ 25
206
+ else
207
+ 10
208
+ end
209
+ end
210
+
211
+ def get_rows(nsc, pref)
170
212
  uri = '/ajax/user_pref_get.txml'
171
213
  resp = get(nsc, uri, CONTENT_TYPE::XML, 'name' => "#{pref}.rows")
172
214
  xml = REXML::Document.new(resp)
@@ -178,7 +220,7 @@ module Nexpose
178
220
  end
179
221
  end
180
222
 
181
- def _set_rows(nsc, pref, value)
223
+ def set_rows(nsc, pref, value)
182
224
  uri = '/ajax/user_pref_set.txml'
183
225
  params = { 'name' => "#{pref}.rows",
184
226
  'value' => value }
@@ -188,19 +230,5 @@ module Nexpose
188
230
  attr.value == '1'
189
231
  end
190
232
  end
191
-
192
- def _row_pref_of(val)
193
- if val.nil? || val > 100
194
- 500
195
- elsif val > 50
196
- 100
197
- elsif val > 25
198
- 50
199
- elsif val > 10
200
- 25
201
- else
202
- 10
203
- end
204
- end
205
233
  end
206
234
  end
data/lib/nexpose/scan.rb CHANGED
@@ -238,7 +238,7 @@ module Nexpose
238
238
  #
239
239
  def past_scans(limit = nil)
240
240
  uri = '/data/scan/global/scan-history'
241
- rows = AJAX._row_pref_of(limit)
241
+ rows = AJAX.row_pref_of(limit)
242
242
  params = { 'sort' => 'endTime', 'dir' => 'DESC', 'startIndex' => 0 }
243
243
  AJAX.preserving_preference(self, 'global-completed-scans') do
244
244
  data = DataTable._get_json_table(self, uri, params, rows, limit)
@@ -255,7 +255,7 @@ module Nexpose
255
255
  # zip_file, if provided. Otherwise, returns raw ZIP binary data.
256
256
  #
257
257
  def export_scan(scan_id, zip_file = nil)
258
- http = AJAX._https(self)
258
+ http = AJAX.https(self)
259
259
  headers = { 'Cookie' => "nexposeCCSessionID=#{@session_id}",
260
260
  'Accept-Encoding' => 'identity' }
261
261
  resp = http.get("/data/scan/#{scan_id}/export", headers)
@@ -305,8 +305,8 @@ module Nexpose
305
305
  post.set_content_type('multipart/form-data', boundary: data.bound)
306
306
 
307
307
  # Avoiding AJAX#request, because the data can cause binary dump on error.
308
- http = AJAX._https(self)
309
- AJAX._headers(self, post)
308
+ http = AJAX.https(self)
309
+ AJAX.headers(self, post)
310
310
  response = http.request(post)
311
311
  case response
312
312
  when Net::HTTPOK
@@ -1,4 +1,4 @@
1
1
  module Nexpose
2
2
  # The latest version of the Nexpose gem
3
- VERSION = '0.9.2'
3
+ VERSION = '0.9.3'
4
4
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexpose
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.2
4
+ version: 0.9.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - HD Moore