nexpose 7.0.0 → 7.0.1

data/lib/nexpose/ticket.rb

@@ -6,7 +6,7 @@ module Nexpose
     def list_tickets
       # TODO: Should take in filters as arguments.
       xml = make_xml('TicketListingRequest')
-      r = execute(xml, '1.2')
+      r   = execute(xml, '1.2')
       tickets = []
       if r.success
         r.res.elements.each('TicketListingResponse/TicketSummary') do |summary|
@@ -16,7 +16,7 @@ module Nexpose
       tickets
     end
 
-    alias_method :tickets, :list_tickets
+    alias tickets list_tickets
 
     # Deletes a Nexpose ticket.
     #
@@ -57,8 +57,8 @@ module Nexpose
 
     # The asset the ticket is created for.
     attr_accessor :asset_id
-    alias :device_id :asset_id
-    alias :device_id= :asset_id=
+    alias device_id asset_id
+    alias device_id= asset_id=
 
     # The login name of person to whom the ticket is assigned.
     # The user must have view asset privilege on the asset specified in the asset-id attribute.
@@ -78,43 +78,43 @@ module Nexpose
     attr_accessor :state
 
     def initialize(name, id)
-      @id, @name = id, name
+      @id   = id
+      @name = name
     end
 
     def self.parse(xml)
-      ticket = new(xml.attributes['name'],
-                   xml.attributes['id'].to_i)
-      ticket.asset_id = xml.attributes['device-id'].to_i
-      ticket.assigned_to = xml.attributes['assigned-to']
-      lookup = Ticket::Priority.constants.reduce({}) { |a, e| a[Ticket::Priority.const_get(e)] = e; a }
-      ticket.priority = lookup[xml.attributes['priority']]
-      ticket.author = xml.attributes['author']
-      ticket.created_on = DateTime.parse(xml.attributes['created-on']).to_time
+      ticket              = new(xml.attributes['name'], xml.attributes['id'].to_i)
+      ticket.asset_id     = xml.attributes['device-id'].to_i
+      ticket.assigned_to  = xml.attributes['assigned-to']
+      lookup              = Ticket::Priority.constants.reduce({}) { |a, e| a[Ticket::Priority.const_get(e)] = e; a }
+      ticket.priority     = lookup[xml.attributes['priority']]
+      ticket.author       = xml.attributes['author']
+      ticket.created_on   = DateTime.parse(xml.attributes['created-on']).to_time
       ticket.created_on -= ticket.created_on.gmt_offset
-      lookup = Ticket::State.constants.reduce({}) { |a, e| a[Ticket::State.const_get(e)] = e; a }
-      ticket.state = lookup[xml.attributes['state']]
+      lookup              = Ticket::State.constants.reduce({}) { |a, e| a[Ticket::State.const_get(e)] = e; a }
+      ticket.state        = lookup[xml.attributes['state']]
       ticket
     end
 
     module State
-      OPEN = 'O'
-      ASSIGNED = 'A'
-      MODIFIED = 'M'
-      FIXED = 'X'
-      PARTIAL = 'P'
-      REJECTED_FIX = 'R'
-      PRIORITIZED = 'Z'
+      OPEN             = 'O'
+      ASSIGNED         = 'A'
+      MODIFIED         = 'M'
+      FIXED            = 'X'
+      PARTIAL          = 'P'
+      REJECTED_FIX     = 'R'
+      PRIORITIZED      = 'Z'
       NOT_REPRODUCIBLE = 'F'
-      NOT_ISSUE = 'I'
-      CLOSED = 'C'
-      UNKNOWN = 'U'
+      NOT_ISSUE        = 'I'
+      CLOSED           = 'C'
+      UNKNOWN          = 'U'
     end
 
     module Priority
-      LOW = 'low'
+      LOW      = 'low'
       MODERATE = 'moderate'
-      NORMAL = 'normal'
-      HIGH = 'high'
+      NORMAL   = 'normal'
+      HIGH     = 'high'
       CRITICAL = 'critical'
     end
   end
@@ -131,11 +131,12 @@ module Nexpose
     attr_accessor :history
 
     def initialize(name, id = nil)
-      @id, @name = id, name
-      @priority = Priority::NORMAL
+      @id              = id
+      @name            = name
+      @priority        = Priority::NORMAL
       @vulnerabilities = []
-      @comments = []
-      @history = []
+      @comments        = []
+      @history         = []
     end
 
     # Save this ticket to a Nexpose console.
@@ -213,7 +214,7 @@ module Nexpose
         ticket.history << Event.parse(entry)
       end
 
-      ticket.comments = ticket.history.select { |h| h.description == 'Added comment' }.map { |e| e.comment }
+      ticket.comments = ticket.history.select { |h| h.description == 'Added comment' }.map(&:comment)
 
       ticket
     end
@@ -232,22 +233,24 @@ module Nexpose
       attr_accessor :comment
 
       def initialize(state, author, created)
-        @state, @author, @created = state, author, created
+        @state   = state
+        @author  = author
+        @created = created
       end
 
       def self.parse(xml)
-        author = xml.attributes['author']
-        created_on = DateTime.parse(xml.attributes['created-on']).to_time
+        author        = xml.attributes['author']
+        created_on    = DateTime.parse(xml.attributes['created-on']).to_time
         created_on -= created_on.gmt_offset
 
-        event = REXML::XPath.first(xml, 'Event')
-        lookup = Ticket::State.constants.reduce({}) { |a, e| a[Ticket::State.const_get(e)] = e; a }
-        state = lookup[event.attributes['state']]
-        desc = event.text
+        event         = REXML::XPath.first(xml, 'Event')
+        lookup        = Ticket::State.constants.reduce({}) { |a, e| a[Ticket::State.const_get(e)] = e; a }
+        state         = lookup[event.attributes['state']]
+        desc          = event.text
 
-        event = new(state, author, created_on)
+        event         = new(state, author, created_on)
 
-        comment = REXML::XPath.first(xml, 'Comment')
+        comment       = REXML::XPath.first(xml, 'Comment')
         event.comment = comment.text if comment
 
         event.description = desc if desc

data/lib/nexpose/user.rb

@@ -18,7 +18,7 @@ module Nexpose
       arr
     end
 
-    alias_method :users, :list_users
+    alias users list_users
 
     # Retrieve the User ID based upon the user's login name.
     #
@@ -47,16 +47,16 @@ module Nexpose
     attr_reader :is_admin, :is_disabled, :is_locked, :site_count, :group_count
 
     def initialize(id, auth_source, auth_module, name, full_name, email, is_admin, is_disabled, is_locked, site_count, group_count)
-      @id = id
+      @id          = id
       @auth_source = auth_source
       @auth_module = auth_module
-      @name = name
-      @full_name = full_name
-      @email = email
-      @is_admin = is_admin
+      @name        = name
+      @full_name   = full_name
+      @email       = email
+      @is_admin    = is_admin
       @is_disabled = is_disabled
-      @is_locked = is_locked
-      @site_count = site_count
+      @is_locked   = is_locked
+      @site_count  = site_count
       @group_count = group_count
     end
 
@@ -97,41 +97,41 @@ module Nexpose
     attr_accessor :all_sites, :all_groups
 
     def initialize(name, full_name, password, role_name = 'user', id = -1, enabled = 1, email = nil, all_sites = false, all_groups = false, token = nil)
-      @name = name
-      @password = password
-      @token = token
-      @role_name = role_name
-      @authsrcid = ('global-admin'.eql? @role_name) ? '1' : '2'
-      @id = id
-      @enabled = enabled
-      @full_name = full_name
-      @email = email
-      @all_sites = all_sites || role_name == 'global-admin'
+      @name       = name
+      @password   = password
+      @token      = token
+      @role_name  = role_name
+      @authsrcid  = 'global-admin'.eql?(@role_name) ? '1' : '2'
+      @id         = id
+      @enabled    = enabled
+      @full_name  = full_name
+      @email      = email
+      @all_sites  = all_sites || role_name == 'global-admin'
       @all_groups = all_groups || role_name == 'global-admin'
-      @sites = []
-      @groups = []
+      @sites      = []
+      @groups     = []
     end
 
     def to_xml
       xml = '<UserConfig'
-      xml << %Q{ id="#{@id}"}
-      xml << %Q{ authsrcid="#{@authsrcid}"}
-      xml << %Q{ name="#{replace_entities(@name)}"}
-      xml << %Q{ fullname="#{replace_entities(@full_name)}"}
-      xml << %Q{ role-name="#{replace_entities(@role_name)}"}
-      xml << %Q{ password="#{replace_entities(@password)}"} if @password
-      xml << %Q{ token="#{replace_entities(@token)}"} if @token
-      xml << %Q{ email="#{replace_entities(@email)}"} if @email
-      xml << %Q{ enabled="#{@enabled}"}
+      xml << %( id="#{@id}" )
+      xml << %( authsrcid="#{@authsrcid}" )
+      xml << %( name="#{replace_entities(@name)}" )
+      xml << %( fullname="#{replace_entities(@full_name)}" )
+      xml << %( role-name="#{replace_entities(@role_name)}" )
+      xml << %( password="#{replace_entities(@password)}" ) if @password
+      xml << %( token="#{replace_entities(@token)}" ) if @token
+      xml << %( email="#{replace_entities(@email)}" ) if @email
+      xml << %( enabled="#{@enabled}" )
       # These two fields are keying off role_name to work around a defect.
-      xml << %Q{ allGroups="#{@all_groups || @role_name == 'global-admin'}"}
-      xml << %Q{ allSites="#{@all_sites || @role_name == 'global-admin'}"}
+      xml << %( allGroups="#{@all_groups || @role_name == 'global-admin'}" )
+      xml << %( allSites="#{@all_sites || @role_name == 'global-admin'}" )
       xml << '>'
       @sites.each do |site|
-        xml << %Q{<site id="#{site}" />}
+        xml << %( <site id="#{site}" /> )
       end
       @groups.each do |group|
-        xml << %Q{<group id="#{group}" />}
+        xml << %( <group id="#{group}" /> )
       end
       xml << '</UserConfig>'
     end
@@ -155,22 +155,22 @@ module Nexpose
     # Issue a UserConfigRequest to load an existing UserConfig from Nexpose.
     def self.load(connection, user_id)
       xml = '<UserConfigRequest session-id="' + connection.session_id + '"'
-      xml << %Q{ id="#{user_id}"}
+      xml << %( id="#{user_id}" )
       xml << ' />'
       r = connection.execute(xml, '1.1')
       if r.success
         r.res.elements.each('UserConfigResponse/UserConfig') do |config|
-          id = config.attributes['id']
-          role_name = config.attributes['role-name']
-          #authsrcid = config.attributes['authsrcid']
-          name = config.attributes['name']
-          fullname = config.attributes['fullname']
-
-          email = config.attributes['email']
-          password = config.attributes['password']
-          token = config.attributes['token']
-          enabled = config.attributes['enabled'].to_i
-          all_sites = config.attributes['allSites'] == 'true' ? true : false
+          id         = config.attributes['id']
+          role_name  = config.attributes['role-name']
+          # authsrcid  = config.attributes['authsrcid']
+          name       = config.attributes['name']
+          fullname   = config.attributes['fullname']
+
+          email      = config.attributes['email']
+          password   = config.attributes['password']
+          token      = config.attributes['token']
+          enabled    = config.attributes['enabled'].to_i
+          all_sites  = config.attributes['allSites'] == 'true' ? true : false
           all_groups = config.attributes['allGroups'] == 'true' ? true : false
           # Not trying to load sites and groups.
           # Looks like API currently doesn't return that info to load.

data/lib/nexpose/util.rb

@@ -30,7 +30,7 @@ module Nexpose
     # '1' if the call succeeded.
     #
     def self.success?(xml_string)
-      xml = ::REXML::Document.new(xml_string.to_s)
+      xml     = ::REXML::Document.new(xml_string.to_s)
       success = ::REXML::XPath.first(xml, '//@success')
       !success.nil? && success.value.to_i == 1
     end

data/lib/nexpose/version.rb

@@ -1,4 +1,4 @@
 module Nexpose
   # The latest version of the Nexpose gem
-  VERSION = '7.0.0'
+  VERSION = '7.0.1'.freeze
 end

data/lib/nexpose/vuln.rb

@@ -20,15 +20,15 @@ module Nexpose
             vulns << XML::VulnerabilitySummary.parse(vuln)
           else
             vulns << XML::Vulnerability.new(vuln.attributes['id'],
-                                       vuln.attributes['title'],
-                                       vuln.attributes['severity'].to_i)
+                                            vuln.attributes['title'],
+                                            vuln.attributes['severity'].to_i)
           end
         end
       end
       vulns
     end
 
-    alias_method :vulns, :list_vulns
+    alias vulns list_vulns
 
     # Retrieve a list of the different vulnerability check categories.
     #
@@ -39,7 +39,7 @@ module Nexpose
       data.map { |c| c['Category'] }
     end
 
-    alias_method :vuln_categories, :list_vuln_categories
+    alias vuln_categories list_vuln_categories
 
     # Retrieve a list of the different vulnerability check types.
     #
@@ -49,7 +49,7 @@ module Nexpose
       data = DataTable._get_dyn_table(self, '/data/vulnerability/checktypes/dyntable.xml?tableID=VulnCheckCategorySynopsis')
       data.map { |c| c['Category'] }
     end
-    alias_method  :list_vuln_types, :vuln_types
+    alias list_vuln_types vuln_types
 
     # Retrieve details for a vulnerability.
     #
@@ -111,7 +111,9 @@ module Nexpose
       attr_reader :severity
 
       def initialize(id, title, severity)
-        @id, @title, @severity = id, title, severity.to_i
+        @id       = id
+        @title    = title
+        @severity = severity.to_i
       end
     end
 
@@ -126,10 +128,10 @@ module Nexpose
       attr_reader :check_type
 
       def initialize(json)
-        @id = json['Vuln ID']
-        @check_id = json['Vuln Check ID']
-        @title = json['Vulnerability']
-        @severity = json['Severity'].to_i
+        @id         = json['Vuln ID']
+        @check_id   = json['Vuln Check ID']
+        @title      = json['Vulnerability']
+        @severity   = json['Severity'].to_i
         @check_type = json['Check Type']
         @categories = json['Category'].split(/, */)
       end
@@ -165,15 +167,15 @@ module Nexpose
                    xml.attributes['severity'].to_i)
 
         vuln.pci_severity = xml.attributes['pciSeverity'].to_i
-        vuln.safe = xml.attributes['safe'] == 'true'  # or xml.attributes['safe'] == '1'
-        vuln.added = Date.parse(xml.attributes['added'])
-        vuln.modified = Date.parse(xml.attributes['modified'])
-        vuln.credentials = xml.attributes['requiresCredentials'] == 'true'
+        vuln.safe         = xml.attributes['safe'] == 'true' # or xml.attributes['safe'] == '1'
+        vuln.added        = Date.parse(xml.attributes['added'])
+        vuln.modified     = Date.parse(xml.attributes['modified'])
+        vuln.credentials  = xml.attributes['requiresCredentials'] == 'true'
 
         # These three fields are optional in the XSD.
-        vuln.published = Date.parse(xml.attributes['published']) if xml.attributes['published']
-        vuln.cvss_vector = xml.attributes['cvssVector'] if xml.attributes['cvssVector']
-        vuln.cvss_score = xml.attributes['cvssScore'].to_f if xml.attributes['cvssScore']
+        vuln.published    = Date.parse(xml.attributes['published']) if xml.attributes['published']
+        vuln.cvss_vector  = xml.attributes['cvssVector'] if xml.attributes['cvssVector']
+        vuln.cvss_score   = xml.attributes['cvssScore'].to_f if xml.attributes['cvssScore']
         vuln
       end
 
@@ -194,16 +196,16 @@ module Nexpose
       attr_accessor :solution
 
       def initialize(id, title, severity)
-        @id, @title, @severity = id, title, severity
+        @id         = id
+        @title      = title
+        @severity   = severity
         @references = []
       end
 
       def self.parse(xml)
-        vuln = parse_attributes(xml)
-
+        vuln             = parse_attributes(xml)
         vuln.description = REXML::XPath.first(xml, 'description').text
-        vuln.solution = REXML::XPath.first(xml, 'solution').text
-
+        vuln.solution    = REXML::XPath.first(xml, 'solution').text
         xml.elements.each('references/reference') do |ref|
           vuln.references << Reference.new(ref.attributes['source'], ref.text)
         end
@@ -218,7 +220,7 @@ module Nexpose
       attr_reader :reference
 
       def initialize(source, reference)
-        @source = source
+        @source    = source
         @reference = reference
       end
     end
@@ -251,18 +253,18 @@ module Nexpose
     attr_reader :verified
 
     def initialize(json)
-      @id = json['nexVulnID']
-      @console_id = json['vulnID']
-      @title = json['title']
+      @id          = json['nexVulnID']
+      @console_id  = json['vulnID']
+      @title       = json['title']
       @cvss_vector = json['cvssBase']
-      @cvss_score = json['cvssScore']
-      @risk = json['riskScore']
-      @published = Time.at(json['publishedDate'] / 1000)
-      @severity = json['severity']
-      @instances = json['vulnInstanceCount']
-      @exploit = json['mainExploit']
-      @malware = json['malwareCount']
-      @verified = DateTime.iso8601(json['verifiedDate'].slice(0, 15)).to_time if json['verifiedDate']
+      @cvss_score  = json['cvssScore']
+      @risk        = json['riskScore']
+      @published   = Time.at(json['publishedDate'] / 1000)
+      @severity    = json['severity']
+      @instances   = json['vulnInstanceCount']
+      @exploit     = json['mainExploit']
+      @malware     = json['malwareCount']
+      @verified    = DateTime.iso8601(json['verifiedDate'].slice(0, 15)).to_time if json['verifiedDate']
     end
   end
 
@@ -272,16 +274,16 @@ module Nexpose
   #
   class VulnSynopsis < VulnFinding
     def initialize(hash)
-      @id = hash['Vuln ID'].to_i
-      @title = hash['Vulnerability']
+      @id          = hash['Vuln ID'].to_i
+      @title       = hash['Vulnerability']
       @cvss_vector = hash['CVSS Base Vector']
-      @cvss_score = hash['CVSS Score'].to_f
-      @risk = hash['Risk'].to_f
-      @published = Time.at(hash['Published On'].to_i / 1000)
-      @severity = hash['Severity'].to_i
-      @instances = hash['Instances'].to_i
-      @exploit = hash['ExploitSource']
-      @malware = hash['MalwareSource'] == 'true'
+      @cvss_score  = hash['CVSS Score'].to_f
+      @risk        = hash['Risk'].to_f
+      @published   = Time.at(hash['Published On'].to_i / 1000)
+      @severity    = hash['Severity'].to_i
+      @instances   = hash['Instances'].to_i
+      @exploit     = hash['ExploitSource']
+      @malware     = hash['MalwareSource'] == 'true'
     end
   end