nexpose 5.3.2 → 6.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a81282ac5cad0586a065e9db120e0eb159e6ce11
4
- data.tar.gz: 87a487b2d42c5605c3ba9fdc4c06a98141462399
3
+ metadata.gz: 029e85ea3805696b880d54b2da6bf87848e675c1
4
+ data.tar.gz: 9a612be818593467a71c2f03602e5aff84c2b45e
5
5
  SHA512:
6
- metadata.gz: 4840e5bf5a3492b567bf1b143b199fc409a88a684f0a780668c2fb358bc6194764b6fc3347ab615ca98bc1afb0dde6e2152d4069e84a65f3384b7a8ef0f9472c
7
- data.tar.gz: 522bbae451cfc73d630d5c85c95af60c1d0caccd8095613328d48d7724affb885e30ea909b24cec39e850f1fb80f6ae0b70b93e9691208c06fefb2de92758072
6
+ metadata.gz: ed7e089a3dddde81fb7d4fb5b4417a2a82a9acf5c6207e9daec1afe96c48dd20674f10f8b2eea4c3b6dfff4353e4b589b0dae65a824e6c3dc4b9dbfee636c781
7
+ data.tar.gz: e0dde0ee45a096eca308c3cf4f5b716109c0acac15fbdd45e45b456775f168c3486bee536466a9046695f284ecc8662d7d6a68e0f57a052d74b4204733c629f8
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- nexpose (5.3.2)
4
+ nexpose (6.0.0)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -1,4 +1,4 @@
1
1
  module Nexpose
2
2
  # The latest version of the Nexpose gem
3
- VERSION = '5.3.2'
3
+ VERSION = '6.0.0'
4
4
  end
@@ -3,31 +3,69 @@ module Nexpose
3
3
  class Connection
4
4
  include XMLUtils
5
5
 
6
- # Retrieve vulnerability exceptions.
6
+ # Retrieve all active vulnerability exceptions.
7
7
  #
8
8
  # @param [String] status Filter exceptions by the current status.
9
9
  # @see Nexpose::VulnException::Status
10
- # @param [String] duration A time interval in the format "PnYnMnDTnHnMnS".
11
10
  # @return [Array[VulnException]] List of matching vulnerability exceptions.
12
11
  #
13
- def list_vuln_exceptions(status = nil, duration = nil)
14
- option = {}
15
- option['status'] = status if status
16
- option['time-duration'] = duration if duration
17
- xml = make_xml('VulnerabilityExceptionListingRequest', option)
18
- response = execute(xml, '1.2')
19
-
20
- xs = []
21
- if response.success
22
- response.res.elements.each('//VulnerabilityException') do |ve|
23
- xs << VulnException.parse(ve)
12
+ def list_vuln_exceptions(status = nil)
13
+ unless is_valid_vuln_exception_status?(status)
14
+ raise "Unknown Status ~> '#{status}' :: For available options refer to Nexpose::VulnException::Status"
15
+ end
16
+
17
+ status = Nexpose::VulnException::Status.const_get(status_string_to_constant(status)) unless status.nil?
18
+
19
+ results = []
20
+ ajax_data = []
21
+
22
+ url_size = 500
23
+ url_page = 0
24
+
25
+ req = Nexpose::AJAX.get(self, "/api/experimental/vulnerability_exceptions?_size=#{url_size}&_page=#{url_page}")
26
+ data = JSON.parse(req, object_class: OpenStruct)
27
+ ajax_data << data._resources
28
+
29
+ if data._links.count > 1
30
+ loop do
31
+ url_page += 1
32
+ req = Nexpose::AJAX.get(self, "/api/experimental/vulnerability_exceptions?_size=#{url_size}&_page=#{url_page}")
33
+ data = JSON.parse(req, object_class: OpenStruct)
34
+ ajax_data << data._resources
35
+ links = data._links.select { |ll| ['self', 'last'].include?(ll.rel) }
36
+ break if links[0].href == links[1].href
24
37
  end
25
38
  end
26
- xs
39
+
40
+ ajax_data.compact!
41
+ ajax_data.flatten!
42
+
43
+ ajax_data.each do |vuln_excep|
44
+ ve = VulnException.new(vuln_excep.scope.vulnerabilityID, vuln_excep.scope.type, vuln_excep.submit.reason, vuln_excep.state)
45
+ ve.id = vuln_excep.id
46
+ ve.submitter = vuln_excep.submit.name
47
+ ve.submitter_comment = vuln_excep.submit.comment
48
+ ve.submit_date = Time.parse(vuln_excep.submit.date) unless vuln_excep.submit.date.nil?
49
+ ve.asset_id = vuln_excep.scope.assetID
50
+ ve.site_id = vuln_excep.scope.siteID
51
+ ve.asset_group_id = vuln_excep.scope.assetGroupID
52
+ ve.port = vuln_excep.scope.port
53
+ ve.vuln_key = vuln_excep.scope.key
54
+ ve.expiration = Time.parse(vuln_excep.expires) unless vuln_excep.expires.nil?
55
+ unless vuln_excep.review.nil?
56
+ ve.reviewer = vuln_excep.review.name
57
+ ve.reviewer_comment = vuln_excep.review.comment
58
+ ve.review_date = Time.parse(vuln_excep.review.date) unless vuln_excep.review.date.nil?
59
+ end
60
+ results << ve
61
+ end
62
+ results.keep_if { |v| v.status == status } unless status.nil?
63
+ return results
27
64
  end
28
65
 
29
66
  alias_method :vuln_exceptions, :list_vuln_exceptions
30
67
 
68
+
31
69
  # Resubmit a vulnerability exception request with a new comment and reason
32
70
  # after an exception has been rejected.
33
71
  #
@@ -76,6 +114,24 @@ module Nexpose
76
114
  { 'exception-id' => id })
77
115
  execute(xml, '1.2').success
78
116
  end
117
+
118
+
119
+ private
120
+
121
+ def is_valid_vuln_exception_status?(status)
122
+ return true if status.nil?
123
+ valid_status = []
124
+ Nexpose::VulnException::Status.constants.each {|con| valid_status << Nexpose::VulnException::Status.const_get(con) }
125
+ valid_status << Nexpose::VulnException::Status.constants.map(&:to_s).map(&:downcase)
126
+ valid_status.flatten.map(&:downcase).include?(status.downcase)
127
+ end
128
+
129
+ def status_string_to_constant(status)
130
+ Nexpose::VulnException::Status.constants.find do |name|
131
+ Nexpose::VulnException::Status.const_get(name).to_s.downcase==status.downcase || status.to_sym.downcase == name.downcase
132
+ end
133
+ end
134
+
79
135
  end
80
136
 
81
137
  # A vulnerability exception.
@@ -117,6 +173,8 @@ module Nexpose
117
173
  alias :device_id= :asset_id=
118
174
  # Id of the site, if this exception applies to all instances on a site
119
175
  attr_accessor :site_id
176
+ # ID of the Asset Group, if this exception applies to all instances on an asset group
177
+ attr_accessor :asset_group_id
120
178
  # Port on a asset, if this exception applies to a specific port.
121
179
  attr_accessor :port
122
180
  # The specific vulnerable component in a discovered instance of the
@@ -130,6 +188,11 @@ module Nexpose
130
188
  attr_accessor :submitter_comment
131
189
  # Any comment provided by the reviewer.
132
190
  attr_accessor :reviewer_comment
191
+ # Date when the Review occurred [Time]
192
+ attr_accessor :review_date
193
+ # Date when Submit occurred [Time]
194
+ attr_accessor :submit_date
195
+
133
196
 
134
197
  def initialize(vuln_id, scope, reason, status = nil)
135
198
  @vuln_id, @scope, @reason, @status = vuln_id, scope, reason, status
data/nexpose-5.3.3.gem ADDED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexpose
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.3.2
4
+ version: 6.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - HD Moore
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
- date: 2017-03-28 00:00:00.000000000 Z
16
+ date: 2017-04-03 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: bundler
@@ -206,6 +206,7 @@ files:
206
206
  - lib/nexpose/vuln_exception.rb
207
207
  - lib/nexpose/wait.rb
208
208
  - lib/nexpose/web_credentials.rb
209
+ - nexpose-5.3.3.gem
209
210
  - nexpose.gemspec
210
211
  homepage: https://github.com/rapid7/nexpose-client
211
212
  licenses: