nexpose 7.0.1 → 7.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +184 -13
- data/COPYING +1 -1
- data/Gemfile.lock +72 -61
- data/README.markdown +10 -1
- data/Rakefile +2 -0
- data/lib/eso.rb +23 -0
- data/lib/eso/conductor.rb +227 -0
- data/lib/eso/configuration/configuration.rb +124 -0
- data/lib/eso/configuration/configuration_manager.rb +145 -0
- data/lib/eso/filter.rb +137 -0
- data/lib/eso/integration_option.rb +88 -0
- data/lib/eso/integration_options_manager.rb +178 -0
- data/lib/eso/nexpose.rb +212 -0
- data/lib/eso/service.rb +83 -0
- data/lib/eso/step.rb +166 -0
- data/lib/eso/step_configuration.rb +73 -0
- data/lib/eso/workflow.rb +149 -0
- data/lib/nexpose/ajax.rb +1 -0
- data/lib/nexpose/connection.rb +8 -4
- data/lib/nexpose/group.rb +1 -1
- data/lib/nexpose/maint.rb +23 -2
- data/lib/nexpose/report.rb +10 -0
- data/lib/nexpose/role.rb +3 -2
- data/lib/nexpose/scan.rb +4 -2
- data/lib/nexpose/site.rb +4 -2
- data/lib/nexpose/util.rb +2 -1
- data/lib/nexpose/version.rb +1 -1
- data/lib/nexpose/vuln_exception.rb +6 -6
- metadata +20 -9
data/lib/nexpose/report.rb
CHANGED
|
@@ -207,6 +207,16 @@ module Nexpose
|
|
|
207
207
|
filters << Filter.new(type, id)
|
|
208
208
|
end
|
|
209
209
|
|
|
210
|
+
# Add the common vulnerability status filters as used by the UI for export
|
|
211
|
+
# and jasper report templates (the default filters). Recommended for reports
|
|
212
|
+
# that do not require 'not vulnerable' results to be included. The following
|
|
213
|
+
# statuses are added: vulnerable-exploted, vulnerable-version, and potential.
|
|
214
|
+
def add_common_vuln_status_filters
|
|
215
|
+
['vulnerable-exploited', 'vulnerable-version', 'potential'].each do |vuln_status|
|
|
216
|
+
filters << Filter.new('vuln-status', vuln_status)
|
|
217
|
+
end
|
|
218
|
+
end
|
|
219
|
+
|
|
210
220
|
def to_xml
|
|
211
221
|
xml = %(<AdhocReportConfig format="#{@format}" template-id="#{@template_id}")
|
|
212
222
|
xml << %( owner="#{@owner}") if @owner
|
data/lib/nexpose/role.rb
CHANGED
|
@@ -24,6 +24,7 @@ module Nexpose
|
|
|
24
24
|
ADD_USERS_TO_REPORT = 'AddUsersToReport'
|
|
25
25
|
MANAGE_POLICIES = 'ManagePolicies'
|
|
26
26
|
MANAGE_TAGS = 'ManageTags'
|
|
27
|
+
MANAGE_ADVPOLICIES = 'ManageAdvPolicies'
|
|
27
28
|
end
|
|
28
29
|
|
|
29
30
|
module Site
|
|
@@ -157,7 +158,7 @@ module Nexpose
|
|
|
157
158
|
def self.load(nsc, name, scope = Scope::SILO)
|
|
158
159
|
xml = nsc.make_xml('RoleDetailsRequest')
|
|
159
160
|
xml.add_element('Role', { 'name' => name, 'scope' => scope })
|
|
160
|
-
response = APIRequest.execute(nsc.url, xml, '1.2')
|
|
161
|
+
response = APIRequest.execute(nsc.url, xml, '1.2', { timeout: nsc.timeout, open_timeout: nsc.open_timeout })
|
|
161
162
|
|
|
162
163
|
if response.success
|
|
163
164
|
elem = REXML::XPath.first(response.res, 'RoleDetailsResponse/Role/')
|
|
@@ -179,7 +180,7 @@ module Nexpose
|
|
|
179
180
|
end
|
|
180
181
|
xml.add_element(as_xml)
|
|
181
182
|
|
|
182
|
-
response = APIRequest.execute(nsc.url, xml, '1.2')
|
|
183
|
+
response = APIRequest.execute(nsc.url, xml, '1.2', { timeout: nsc.timeout, open_timeout: nsc.open_timeout })
|
|
183
184
|
xml = REXML::XPath.first(response.res, 'RoleCreateResponse')
|
|
184
185
|
@id = xml.attributes['id'].to_i unless @existing
|
|
185
186
|
@existing = true
|
data/lib/nexpose/scan.rb
CHANGED
|
@@ -196,10 +196,12 @@ module Nexpose
|
|
|
196
196
|
# Initiate a site scan.
|
|
197
197
|
#
|
|
198
198
|
# @param [Fixnum] site_id Site ID to scan.
|
|
199
|
+
# @param [Boolean] blackout_override Optional. Given suffencent permissions, force bypass blackout and start scan.
|
|
199
200
|
# @return [Scan] Scan launch information.
|
|
200
201
|
#
|
|
201
|
-
def scan_site(site_id)
|
|
202
|
-
xml
|
|
202
|
+
def scan_site(site_id, blackout_override = false)
|
|
203
|
+
xml = make_xml('SiteScanRequest', 'site-id' => site_id)
|
|
204
|
+
xml.add_attributes({ 'force' => true }) if blackout_override
|
|
203
205
|
response = execute(xml)
|
|
204
206
|
Scan.parse(response.res) if response.success
|
|
205
207
|
end
|
data/lib/nexpose/site.rb
CHANGED
|
@@ -540,15 +540,17 @@ module Nexpose
|
|
|
540
540
|
#
|
|
541
541
|
# @param [Connection] connection Connection to console where scan will be launched.
|
|
542
542
|
# @param [String] sync_id Optional synchronization token.
|
|
543
|
+
# @param [Boolean] blackout_override Optional. Given suffencent permissions, force bypass blackout and start scan.
|
|
543
544
|
# @return [Scan] Scan launch information.
|
|
544
545
|
#
|
|
545
|
-
def scan(connection, sync_id = nil)
|
|
546
|
+
def scan(connection, sync_id = nil, blackout_override = false)
|
|
546
547
|
xml = REXML::Element.new('SiteScanRequest')
|
|
547
548
|
xml.add_attributes({ 'session-id' => connection.session_id,
|
|
548
549
|
'site-id' => @id,
|
|
549
550
|
'sync-id' => sync_id })
|
|
550
551
|
|
|
551
|
-
|
|
552
|
+
xml.add_attributes({ 'force' => true }) if blackout_override
|
|
553
|
+
response = connection.execute(xml, '1.1', timeout: connection.timeout)
|
|
552
554
|
Scan.parse(response.res) if response.success
|
|
553
555
|
end
|
|
554
556
|
end
|
data/lib/nexpose/util.rb
CHANGED
|
@@ -55,7 +55,8 @@ module Nexpose
|
|
|
55
55
|
IPAddr.new(ips[1]) if ips[1]
|
|
56
56
|
IPRange.new(ips[0], ips[1])
|
|
57
57
|
rescue ArgumentError => e
|
|
58
|
-
if e.message
|
|
58
|
+
if e.message =~ /invalid address/
|
|
59
|
+
# Try to parse the the asset as a hostname if the IP address conversion fails
|
|
59
60
|
HostName.new(asset)
|
|
60
61
|
else
|
|
61
62
|
raise "Unable to parse asset: '#{asset}'. #{e.message}"
|
data/lib/nexpose/version.rb
CHANGED
|
@@ -22,17 +22,17 @@ module Nexpose
|
|
|
22
22
|
url_size = 500
|
|
23
23
|
url_page = 0
|
|
24
24
|
|
|
25
|
-
req = Nexpose::AJAX.get(self, "/api/
|
|
25
|
+
req = Nexpose::AJAX.get(self, "/api/3/vulnerability_exceptions?size=#{url_size}&page=#{url_page}")
|
|
26
26
|
data = JSON.parse(req, object_class: OpenStruct)
|
|
27
|
-
ajax_data << data.
|
|
27
|
+
ajax_data << data.resources
|
|
28
28
|
|
|
29
|
-
if data.
|
|
29
|
+
if data.links.count > 1
|
|
30
30
|
loop do
|
|
31
31
|
url_page += 1
|
|
32
|
-
req = Nexpose::AJAX.get(self, "/api/
|
|
32
|
+
req = Nexpose::AJAX.get(self, "/api/3/vulnerability_exceptions?size=#{url_size}&page=#{url_page}")
|
|
33
33
|
data = JSON.parse(req, object_class: OpenStruct)
|
|
34
|
-
ajax_data << data.
|
|
35
|
-
links = data.
|
|
34
|
+
ajax_data << data.resources
|
|
35
|
+
links = data.links.select { |ll| ['self', 'last'].include?(ll.rel) }
|
|
36
36
|
break if links[0].href == links[1].href
|
|
37
37
|
end
|
|
38
38
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nexpose
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.0
|
|
4
|
+
version: 7.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- HD Moore
|
|
@@ -13,22 +13,22 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date:
|
|
16
|
+
date: 2021-04-02 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: bundler
|
|
20
20
|
requirement: !ruby/object:Gem::Requirement
|
|
21
21
|
requirements:
|
|
22
|
-
- - "
|
|
22
|
+
- - ">="
|
|
23
23
|
- !ruby/object:Gem::Version
|
|
24
|
-
version: '
|
|
24
|
+
version: '0'
|
|
25
25
|
type: :development
|
|
26
26
|
prerelease: false
|
|
27
27
|
version_requirements: !ruby/object:Gem::Requirement
|
|
28
28
|
requirements:
|
|
29
|
-
- - "
|
|
29
|
+
- - ">="
|
|
30
30
|
- !ruby/object:Gem::Version
|
|
31
|
-
version: '
|
|
31
|
+
version: '0'
|
|
32
32
|
- !ruby/object:Gem::Dependency
|
|
33
33
|
name: codeclimate-test-reporter
|
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -176,6 +176,18 @@ files:
|
|
|
176
176
|
- README.markdown
|
|
177
177
|
- Rakefile
|
|
178
178
|
- lib/README.md
|
|
179
|
+
- lib/eso.rb
|
|
180
|
+
- lib/eso/conductor.rb
|
|
181
|
+
- lib/eso/configuration/configuration.rb
|
|
182
|
+
- lib/eso/configuration/configuration_manager.rb
|
|
183
|
+
- lib/eso/filter.rb
|
|
184
|
+
- lib/eso/integration_option.rb
|
|
185
|
+
- lib/eso/integration_options_manager.rb
|
|
186
|
+
- lib/eso/nexpose.rb
|
|
187
|
+
- lib/eso/service.rb
|
|
188
|
+
- lib/eso/step.rb
|
|
189
|
+
- lib/eso/step_configuration.rb
|
|
190
|
+
- lib/eso/workflow.rb
|
|
179
191
|
- lib/nexpose.rb
|
|
180
192
|
- lib/nexpose/ajax.rb
|
|
181
193
|
- lib/nexpose/alert.rb
|
|
@@ -238,7 +250,7 @@ files:
|
|
|
238
250
|
- lib/nexpose/web_credentials.rb
|
|
239
251
|
homepage: https://github.com/rapid7/nexpose-client
|
|
240
252
|
licenses:
|
|
241
|
-
- BSD
|
|
253
|
+
- BSD-3-Clause
|
|
242
254
|
metadata: {}
|
|
243
255
|
post_install_message:
|
|
244
256
|
rdoc_options: []
|
|
@@ -255,8 +267,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
255
267
|
- !ruby/object:Gem::Version
|
|
256
268
|
version: '0'
|
|
257
269
|
requirements: []
|
|
258
|
-
|
|
259
|
-
rubygems_version: 2.6.12
|
|
270
|
+
rubygems_version: 3.2.15
|
|
260
271
|
signing_key:
|
|
261
272
|
specification_version: 4
|
|
262
273
|
summary: Ruby API for Rapid7 Nexpose
|