nexpose 7.0.0 → 7.0.1

data/lib/nexpose/connection.rb

@@ -97,17 +97,15 @@ module Nexpose
 
     # Establish a new connection and Session ID
     def login
-      begin
-        login_hash = { 'sync-id' => 0, 'password' => @password, 'user-id' => @username, 'token' => @token }
-        login_hash['silo-id'] = @silo_id if @silo_id
-        r = execute(make_xml('LoginRequest', login_hash))
-        if r.success
-          @session_id = r.sid
-          true
-        end
-      rescue APIError
-        raise AuthenticationFailed.new(r)
+      login_hash = { 'sync-id' => 0, 'password' => @password, 'user-id' => @username, 'token' => @token }
+      login_hash['silo-id'] = @silo_id if @silo_id
+      r = execute(make_xml('LoginRequest', login_hash))
+      if r.success
+        @session_id = r.sid
+        true
       end
+    rescue APIError
+      raise AuthenticationFailed.new(r)
     end
 
     # Logout of the current connection

data/lib/nexpose/console.rb

@@ -1,3 +1,4 @@
+# here uh what
 module Nexpose
 
   # Nexpose console configuration class.
@@ -32,13 +33,12 @@ module Nexpose
     #
     def initialize(xml)
       @xml = xml
-
-      nsc = REXML::XPath.first(@xml, 'NeXposeSecurityConsole')
-      @scan_threads_limit = nsc.attributes['scanThreadsLimit'].to_i
+      nsc                       = REXML::XPath.first(@xml, 'NeXposeSecurityConsole')
+      @scan_threads_limit       = nsc.attributes['scanThreadsLimit'].to_i
       @incremental_scan_results = nsc.attributes['realtimeIntegration'] == '1'
 
-      web_server = REXML::XPath.first(nsc, 'WebServer')
-      @session_timeout = web_server.attributes['sessionTimeout'].to_i
+      web_server                = REXML::XPath.first(nsc, 'WebServer')
+      @session_timeout          = web_server.attributes['sessionTimeout'].to_i
     end
 
     # Load existing Nexpose security console configuration.
@@ -56,15 +56,15 @@ module Nexpose
     # @return [Boolean] true if configuration successfully saved.
     #
     def save(connection)
-      nsc = REXML::XPath.first(@xml, 'NeXposeSecurityConsole')
-      nsc.attributes['scanThreadsLimit'] = @scan_threads_limit.to_i
+      nsc                                   = REXML::XPath.first(@xml, 'NeXposeSecurityConsole')
+      nsc.attributes['scanThreadsLimit']    = @scan_threads_limit.to_i
       nsc.attributes['realtimeIntegration'] = @incremental_scan_results ? '1' : '0'
 
-      web_server = REXML::XPath.first(nsc, 'WebServer')
+      web_server                              = REXML::XPath.first(nsc, 'WebServer')
       web_server.attributes['sessionTimeout'] = @session_timeout.to_i
 
       response = REXML::Document.new(Nexpose::AJAX.post(connection, '/data/admin/config/nsc', @xml))
-      saved = REXML::XPath.first(response, 'SaveConfig')
+      saved    = REXML::XPath.first(response, 'SaveConfig')
       saved.attributes['success'] == '1'
     end
   end

data/lib/nexpose/dag.rb

@@ -32,8 +32,8 @@ module Nexpose
       admins = nsc.users.select { |u| u.is_admin }.map { |u| u.id }
       @users.reject! { |id| admins.member? id }
       params = @id ? { 'entityid' => @id, 'mode' => 'edit' } : { 'entityid' => false, 'mode' => false }
-      uri = AJAX.parameterize_uri('/data/assetGroup/saveAssetGroup', params)
-      data = JSON.parse(AJAX.post(nsc, uri, _to_entity_details, AJAX::CONTENT_TYPE::JSON))
+      uri    = AJAX.parameterize_uri('/data/assetGroup/saveAssetGroup', params)
+      data   = JSON.parse(AJAX.post(nsc, uri, _to_entity_details, AJAX::CONTENT_TYPE::JSON))
       data['response'] == 'success.'
     end
 

data/lib/nexpose/data_table.rb

@@ -32,30 +32,26 @@ module Nexpose
     #                               'siteID' => site_id })
     #
     def _get_json_table(console, address, parameters = {}, page_size = 500, records = nil, post = true)
-      parameters['dir'] = 'DESC'
+      parameters['dir']        = 'DESC'
       parameters['startIndex'] = -1
-      parameters['results'] = -1
-
+      parameters['results']    = -1
       if post
         request = lambda { |p| AJAX.form_post(console, address, p) }
       else
         request = lambda { |p| AJAX.get(console, address.dup, AJAX::CONTENT_TYPE::JSON, p) }
       end
 
-      response = request.(parameters)
-      data = JSON.parse(response)
-
+      response = request.call(parameters)
+      data     = JSON.parse(response)
       # Don't attept to grab more records than there are.
       total = data['totalRecords']
-      return [] if total == 0
+      return [] if total.zero?
       total = records.nil? ? total : [records, total].min
-
-      rows = []
+      rows  = []
       parameters['results'] = page_size
       while rows.length < total
         parameters['startIndex'] = rows.length
-
-        data = JSON.parse(request.(parameters))
+        data = JSON.parse(request.call(parameters))
         rows.concat data['records']
       end
       rows
@@ -80,7 +76,7 @@ module Nexpose
       response = REXML::Document.new(response)
 
       headers = _dyn_headers(response)
-      rows = _dyn_rows(response)
+      rows    = _dyn_rows(response)
       rows.map { |row| Hash[headers.zip(row)] }
     end
 

data/lib/nexpose/device.rb

@@ -18,16 +18,18 @@ module Nexpose
       r = execute(make_xml('SiteDeviceListingRequest', { 'site-id' => site_id }))
       if r.success
         device = REXML::XPath.first(r.res, "SiteDeviceListingResponse/SiteDevices/device[@address='#{address}']")
-        return Device.new(device.attributes['id'].to_i,
-                          device.attributes['address'],
-                          device.parent.attributes['site-id'],
-                          device.attributes['riskfactor'].to_f,
-                          device.attributes['riskscore'].to_f) if device
+        if device
+          return Device.new(device.attributes['id'].to_i,
+                            device.attributes['address'],
+                            device.parent.attributes['site-id'],
+                            device.attributes['riskfactor'].to_f,
+                            device.attributes['riskscore'].to_f)
+        end
       end
       nil
     end
 
-    alias_method :find_asset_by_address, :find_device_by_address
+    alias find_asset_by_address find_device_by_address
 
     # Retrieve a list of all of the assets in a site.
     #
@@ -57,10 +59,10 @@ module Nexpose
       devices
     end
 
-    alias_method :devices, :list_site_devices
-    alias_method :list_devices, :list_site_devices
-    alias_method :assets, :list_site_devices
-    alias_method :list_assets, :list_site_devices
+    alias devices list_site_devices
+    alias list_devices list_site_devices
+    alias assets list_site_devices
+    alias list_assets list_site_devices
 
     # Get a list of all assets currently associated with a group.
     #
@@ -89,9 +91,9 @@ module Nexpose
       json.map { |vuln| VulnFinding.new(vuln) }
     end
 
-    alias_method :list_asset_vulns, :list_device_vulns
-    alias_method :asset_vulns, :list_device_vulns
-    alias_method :device_vulns, :list_device_vulns
+    alias list_asset_vulns list_device_vulns
+    alias asset_vulns list_device_vulns
+    alias device_vulns list_device_vulns
 
     # Retrieve a list of assets which completed in a given scan. If called
     # during a scan, this method returns currently completed assets. A
@@ -129,7 +131,7 @@ module Nexpose
       r.success
     end
 
-    alias_method :delete_asset, :delete_device
+    alias delete_asset delete_device
 
     # Retrieve the scan history for an asset.
     # Note: This is not optimized for querying many assets.
@@ -174,11 +176,11 @@ module Nexpose
     attr_reader :site_id
 
     def initialize(id, address, site_id, risk_factor = 1.0, risk_score = 0.0)
-      @id = id.to_i
-      @address = address
-      @site_id = site_id.to_i
+      @id          = id.to_i
+      @address     = address
+      @site_id     = site_id.to_i
       @risk_factor = risk_factor.to_f
-      @risk_score = risk_score.to_f
+      @risk_score  = risk_score.to_f
     end
   end
 
@@ -220,13 +222,13 @@ module Nexpose
     # object.
     def self.parse_json(json)
       new do
-        @id = json['assetID'].to_i
-        @ip = json['ipAddress']
+        @id        = json['assetID'].to_i
+        @ip        = json['ipAddress']
         @host_name = json['hostName']
-        @os = json['operatingSystem']
-        @vulns = json['vulnerabilityCount']
-        @status = json['scanStatusTranslation'].downcase.to_sym
-        @duration = json['duration']
+        @os        = json['operatingSystem']
+        @vulns     = json['vulnerabilityCount']
+        @status    = json['scanStatusTranslation'].downcase.to_sym
+        @duration  = json['duration']
       end
     end
   end
@@ -236,7 +238,6 @@ module Nexpose
   class IncompleteAsset < CompletedAsset
   end
 
-
   # Summary object of a scan for a particular asset.
   #
   class AssetScan
@@ -268,15 +269,15 @@ module Nexpose
 
     def self.parse_json(json)
       new do
-        @asset_id = json['assetID'].to_i
-        @scan_id = json['scanID'].to_i
-        @site_id = json['siteID'].to_i
-        @ip = json['ipAddress']
-        @host_name = json['hostname']
-        @os = json['operatingSystem']
-        @vulns = json['vulnCount']
-        @end_time = Time.at(json['completed'].to_i / 1000)
-        @site_name = json['siteName']
+        @asset_id    = json['assetID'].to_i
+        @scan_id     = json['scanID'].to_i
+        @site_id     = json['siteID'].to_i
+        @ip          = json['ipAddress']
+        @host_name   = json['hostname']
+        @os          = json['operatingSystem']
+        @vulns       = json['vulnCount']
+        @end_time    = Time.at(json['completed'].to_i / 1000)
+        @site_name   = json['siteName']
         @engine_name = json['scanEngineName']
       end
     end

data/lib/nexpose/discovery.rb

@@ -6,22 +6,22 @@ module Nexpose
     # discovery of assets, including whether or not connections are active.
     #
     def list_discovery_connections
-      xml = make_xml('DiscoveryConnectionListingRequest')
-      response = execute(xml, '1.2')
+      xml         = make_xml('DiscoveryConnectionListingRequest')
+      response    = execute(xml, '1.2')
       connections = []
       response.res.elements.each('DiscoveryConnectionListingResponse/DiscoveryConnectionSummary') do |conn|
         connections << DiscoveryConnection.parse(conn)
       end
       connections
     end
-    alias_method :discovery_connections, :list_discovery_connections
+    alias discovery_connections list_discovery_connections
 
     # Delete an existing connection to a target used for dynamic discovery of assets.
     #
     # @param [Fixnum] id ID of an existing discovery connection.
     #
     def delete_discovery_connection(id)
-      xml = make_xml('DiscoveryConnectionDeleteRequest', { 'id' => id })
+      xml      = make_xml('DiscoveryConnectionDeleteRequest', { 'id' => id })
       response = execute(xml, '1.2')
       response.success
     end
@@ -32,22 +32,22 @@ module Nexpose
 
     module CollectionMethod
       DIRECTORY_WATCHER = 'DIRECTORY_WATCHER'
-      SYSLOG = 'SYSLOG'
+      SYSLOG            = 'SYSLOG'
     end
 
     module EventSource
       INFOBLOX_TRINZIC = 'INFOBLOX_TRINZIC'
-      MICROSOFT_DHCP = 'MICROSOFT_DHCP'
+      MICROSOFT_DHCP   = 'MICROSOFT_DHCP'
     end
 
     module Protocol
-      HTTP  = 'HTTP'
-      HTTPS = 'HTTPS'
-      LDAP  = 'LDAP'
-      LDAPS = 'LDAPS'
+      HTTP          = 'HTTP'
+      HTTPS         = 'HTTPS'
+      LDAP          = 'LDAP'
+      LDAPS         = 'LDAPS'
       SERVICE_PROXY = 'SERVICE_PROXY'
-      TCP = 'TCP'
-      UDP = 'UDP'
+      TCP           = 'TCP'
+      UDP           = 'UDP'
     end
 
     module Type
@@ -56,51 +56,37 @@ module Nexpose
       ACTIVESYNC            = 'ACTIVESYNC'
       ACTIVESYNC_POWERSHELL = 'ACTIVESYNC_POWERSHELL'
       ACTIVESYNC_OFFICE365  = 'ACTIVESYNC_OFFICE365'
-      DHCP_SERVICE = 'DHCP_SERVICE'
+      DHCP_SERVICE          = 'DHCP_SERVICE'
     end
 
     # A unique identifier for this connection.
     attr_accessor :id
-
     # A unique name for this connection.
     attr_accessor :name
-
     # Type of discovery connection
     attr_accessor :type
-
     # The IP address or fully qualified domain name of the server.
     attr_accessor :address
-
     # The engine ID to use for this connection.
     attr_accessor :engine_id
-
     # A user name that can be used to log into the server.
     attr_accessor :user
-
     # The password to use when connecting with the defined user.
     attr_accessor :password
-
     # The protocol used for connecting to the server. One of DiscoveryConnection::Protocol
     attr_accessor :protocol
-
     # The port used for connecting to the server. A valid port from 1 to 65535.
     attr_accessor :port
-
     # The hostname of the exchange server to connect for exchange powershell connections
     attr_accessor :exchange_hostname
-
     # The exchange username to connect for exchange powershell connections
     attr_accessor :exchange_username
-
     # The exchange password to connect for exchange powershell connections
     attr_accessor :exchange_password
-
     # The collection method (e.g. for DHCP discovery connections)
     attr_accessor :collection_method
-
     # The event source (e.g. for DHCP discovery connections)
     attr_accessor :event_source
-
     # Whether or not the connection is active.
     # Discovery is only possible when the connection is active.
     attr_accessor :status
@@ -114,10 +100,13 @@ module Nexpose
     # @param [String] password Password for credentials on this connection.
     #
     def initialize(name = nil, address = nil, user = nil, password = nil)
-      @name, @address, @user, @password = name, address, user, password
-      @type = nil  # for backwards compatibilitly, at some point should set this to Type::VSPHERE
-      @id = -1
-      @port = 443
+      @name     = name
+      @address  = address
+      @user     = user
+      @password = password
+      @type     = nil # For backwards compatibilitly, at some point should set this to Type::VSPHERE
+      @id       = -1
+      @port     = 443
       @protocol = Protocol::HTTPS
     end
 
@@ -155,7 +144,6 @@ module Nexpose
     #
     def save(nsc)
       @id == -1 ? create(nsc) : update(nsc)
-
       @id
     end
 
@@ -181,7 +169,7 @@ module Nexpose
     # @param [Connection] nsc Connection to a console.
     #
     def connect(nsc)
-      xml = nsc.make_xml('DiscoveryConnectionConnectRequest', { 'id' => id })
+      xml      = nsc.make_xml('DiscoveryConnectionConnectRequest', { 'id' => id })
       response = nsc.execute(xml, '1.2')
       response.success
     end
@@ -221,10 +209,10 @@ module Nexpose
       conn = new(xml.attributes['name'],
                  xml.attributes['address'],
                  xml.attributes['user-name'])
-      conn.id = xml.attributes['id'].to_i
-      conn.protocol = xml.attributes['protocol']
-      conn.port = xml.attributes['port'].to_i
-      conn.status = xml.attributes['connection-status']
+      conn.id        = xml.attributes['id'].to_i
+      conn.protocol  = xml.attributes['protocol']
+      conn.port      = xml.attributes['port'].to_i
+      conn.status    = xml.attributes['connection-status']
       conn.engine_id = xml.attributes['engine-id'].to_i
       conn
     end
@@ -234,10 +222,11 @@ module Nexpose
     end
 
     def to_h
-      { id: id,
+      {
+        id: id,
         name: name,
         type: type
-        # TODO Add remaining instance fields, once it is introduced in resource object
+        # TODO: Add remaining instance fields, once it is introduced in resource object
       }
     end
 
@@ -246,10 +235,8 @@ module Nexpose
     end
 
     def eql?(other)
-      id.eql?(other.id) &&
-      name.eql?(other.name) &&
-      type.eql?(other.type)
-      # TODO Add remaining instance fields, once it is introduced in resource object
+      id.eql?(other.id) && name.eql?(other.name) && type.eql?(other.type)
+      # TODO: Add remaining instance fields, once it is introduced in resource object
     end
 
     # Override of filter criterion to account for proper JSON naming.
@@ -306,7 +293,7 @@ module Nexpose
     attr_accessor :status
 
     def initialize(&block)
-      instance_eval &block if block_given?
+      instance_eval(&block) if block_given?
     end
 
     def on?
@@ -315,14 +302,14 @@ module Nexpose
 
     def self.parse(json)
       new do |asset|
-        asset.ip = json['IPAddress']
-        asset.os = json['OSName']
-        asset.name = json['assetDiscoveryName']
-        asset.cluster = json['cluster']
+        asset.ip         = json['IPAddress']
+        asset.os         = json['OSName']
+        asset.name       = json['assetDiscoveryName']
+        asset.cluster    = json['cluster']
         asset.datacenter = json['datacenter']
-        asset.host = json['host']
-        asset.status = json['powerStatus']
-        asset.pool = json['resourcePool']
+        asset.host       = json['host']
+        asset.status     = json['powerStatus']
+        asset.pool       = json['resourcePool']
       end
     end
   end
@@ -338,13 +325,17 @@ module Nexpose
     # @param [String] password Password for credentials on this connection.
     #
     def initialize(name, protocol, address, user, password = nil)
-      @name, @protocol, @address, @user, @password = name, protocol, address, user, password
-      @type = Type::ACTIVESYNC
-      @id = -1
-      @port = 443 # port not used for mobile connection
+      @name     = name
+      @protocol = protocol
+      @address  = address
+      @user     = user
+      @password = password
+      @type     = Type::ACTIVESYNC
+      @id       = -1
+      @port     = 443 # port not used for mobile connection
     end
   end
-  
+
   class MobilePowershellDiscoveryConnection < DiscoveryConnection
     # Create a new Mobile Powershell discovery connection.
     #
@@ -358,12 +349,17 @@ module Nexpose
     # @param [String] exchange_password Exchange password for exchange credentials on this connection.
     #
     def initialize(name, address, user, password, exchange_hostname, exchange_username, exchange_password)
-      @name, @address, @user, @password = name, address, user, password
-      @protocol = Protocol::HTTPS
-      @exchange_hostname, @exchange_username, @exchange_password = exchange_hostname, exchange_username, exchange_password
-      @type = Type::ACTIVESYNC_POWERSHELL
-      @id = -1
-      @port = 443 # port not used for mobile connection
+      @name              = name
+      @address           = address
+      @user              = user
+      @password          = password
+      @protocol          = Protocol::HTTPS
+      @exchange_hostname = exchange_hostname
+      @exchange_username = exchange_username
+      @exchange_password = exchange_password
+      @type              = Type::ACTIVESYNC_POWERSHELL
+      @id                = -1
+      @port              = 443 # Port not used for mobile connection
     end
   end
 
@@ -379,13 +375,17 @@ module Nexpose
     # @param [String] exchange_password Exchange password for exchange credentials on this connection.
     #
     def initialize(name, address, user, password, exchange_username, exchange_password)
-      @name, @address, @user, @password = name, address, user, password
-      @protocol = Protocol::HTTPS
-      @exchange_hostname = '' # nexpose will set to office365 server
-      @exchange_username, @exchange_password = exchange_username, exchange_password
-      @type = Type::ACTIVESYNC_OFFICE365
-      @id = -1
-      @port = 443 # port not used for mobile connection
+      @name              = name
+      @address           = address
+      @user              = user
+      @password          = password
+      @protocol          = Protocol::HTTPS
+      @exchange_hostname = '' # Nexpose will set to office365 server
+      @exchange_username = exchange_username
+      @exchange_password = exchange_password
+      @type              = Type::ACTIVESYNC_OFFICE365
+      @id                = -1
+      @port              = 443 # Port not used for mobile connection
     end
   end
 end