nexpose 7.2.1 → 7.3.0

data/lib/eso/nexpose.rb

@@ -0,0 +1,212 @@
+require 'nexpose'
+
+module Eso
+  module ServiceNames
+    ACTIVE_DIRECTORY = 'active-directory'
+    AWS = 'amazon-web-services'
+    AZURE = 'azure'
+    DXL = 'dxl'
+    EPO = 'epo'
+    NEXPOSE = 'nexpose'
+  end
+
+  module StepNames
+    ADD_TO_SITE = 'add-to-site'
+    ADD_VULN_AND_SCAN = 'add-vulnerabilities-to-site-and-scan'
+    DISCOVER_ACTIVE_DIRECTORY = 'discover-ad-assets'
+    DISCOVER_AWS_ASSETS = 'discover-aws-assets'
+    DISCOVER_AZURE_ASSETS = 'discover-azure-assets'
+    DISCOVER_EPO = 'discover-epo-assets'
+    DISCOVER_KNOWN = 'discover-known-assets'
+    DISCOVER_NEW = 'discover-new-assets'
+    DISCOVERY_CONFIG_METADATA = 'discoveryConfigMetadata'
+    EMPTY = ''
+    FILE_REPUTATION_TRIGGER = 'tie-file-reputation-trigger'
+    IMPORT_EXTERNAL = 'import-external-assets'
+    NEW_ASSET_VULN = 'new-asset-vulnerability'
+    NEW_VULN = 'new-vulnerabilities'
+    PUBLISH_VULN_INT_TYPE = 'publish-vulnerability-integration-type'
+    PUSH_RISK_SCORE = 'push-risk-score'
+    RISK_SCORE_UPDATED = 'risk-score-updated'
+    SCAN = 'scan'
+    SCAN_IN_SITE = 'scan-in-site'
+    SYNC_EXTERNAL = 'sync-external-assets'
+    TAG = 'tag'
+    VERIFY_AWS_ASSETS = 'verify-aws-targets'
+    VERIFY_EXTERNAL_TARGETS = 'verify-external-targets'
+    VULN_DETAILS = 'vulnerability-details'
+    VULN_DETAILS_REQUEST = 'vulnerability-details-request'
+  end
+
+  module Values
+    ARRAY = 'Array'
+    BOOLEAN = 'Boolean'
+    INTEGER = 'Integer'
+    OBJECT = 'Object'
+    STRING = 'String'
+  end
+
+  module StepConfigTypes
+    DISCOVERY_CONFIG = [StepNames::DISCOVER_ACTIVE_DIRECTORY,
+                        StepNames::DISCOVER_AWS_ASSETS,
+                        StepNames::DISCOVER_AZURE_ASSETS,
+                        StepNames::DISCOVER_EPO,
+                        StepNames::DISCOVER_KNOWN,
+                        StepNames::DISCOVER_NEW,
+                        StepNames::FILE_REPUTATION_TRIGGER,
+                        StepNames::PUBLISH_VULN_INT_TYPE,
+                        StepNames::PUSH_RISK_SCORE,
+                        StepNames::VULN_DETAILS_REQUEST]
+    EMPTY = [StepNames::NEW_ASSET_VULN,
+             StepNames::NEW_VULN,
+             StepNames::RISK_SCORE_UPDATED,
+             StepNames::VULN_DETAILS]
+    SITE = [StepNames::ADD_TO_SITE,
+            StepNames::ADD_VULN_AND_SCAN,
+            StepNames::IMPORT_EXTERNAL,
+            StepNames::SCAN,
+            StepNames::SCAN_IN_SITE,
+            StepNames::SYNC_EXTERNAL]
+    TAG = [StepNames::TAG]
+    VERIFY = [StepNames::DISCOVER_AWS_ASSETS]
+  end
+
+  module Filters
+    CVSS_SCORE = 'CVSS_SCORE'
+    DHCP_HOST_NAME = 'DHCP_HOST_NAME'
+    HOURS_SINCE_LAST_SCAN= 'HOURS_SINCE_LAST_SCAN'
+    HOURS_SINCE_LAST_SCAN_ITEM = 'HOURS_SINCE_LAST_SCAN_ITEM'
+    IP_ADDRESS = 'IP_ADDRESS'
+    IP_RANGE = 'IP_RANGE'
+    MAC_ADDRESS = 'MAC_ADDRESS'
+    OPEN_PORT = 'OPEN_PORT'
+    RISK_SCORE = 'RISK_SCORE'
+    SERVICE_NAME = 'SERVICE_NAME'
+  end
+
+  module Nexpose
+    def self.create_discovery_workflow(conductor:, name:, step1_type:, step1_param: nil, step2_type:, step2_param:)
+      step1 = self.send("create_#{step1_type.to_s.gsub(/-/, "_")}_step", id: step1_param)
+      step2 = self.send("create_#{step2_type.to_s.gsub(/-/, "_")}_step", id: step2_param)
+      step2.previous_type_name = step1.type_name
+      conductor.create_workflow(name: name, steps: [step1, step2])
+    end
+
+    def self.create_scan_new_vuln_workflow(conductor:, name:, filters:, site_id:)
+      step1 = self.create_new_vuln_step(workflow: nil, filters: filters, previous_type_name: StepNames::EMPTY)
+      step2 = self.create_add_vuln_and_scan_step(id: site_id)
+      step2.previous_type_name = step1.type_name
+      conductor.create_workflow(name: name, steps: [step1, step2])
+    end
+
+    def self.create_file_trigger_workflow(conductor:, name:, step1_param:, step2_param:)
+      step1 = self.create_file_reputation_step(workflow: nil, id: step1_param)
+      step2 = self.create_tag_step(workflow: nil, id: step2_param)
+      step2.previous_type_name = step1.type_name
+      conductor.create_workflow(name: name, steps: [step1, step2])
+    end
+
+    def self.create_scan_in_site_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+      Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::SCAN_IN_SITE,
+               previous_type_name: previous_type_name)
+          .add_property(StepConfiguration::ConfigParamProperties::SITE_ID, id)
+    end
+
+    def self.create_file_reputation_step(workflow: nil, id:)
+      Step.new(workflow: workflow,
+               service_name: ServiceNames::DXL,
+               type_name: StepNames::FILE_REPUTATION_TRIGGER,
+               previous_type_name: nil)
+          .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, id)
+    end
+
+    def self.create_discover_new_assets_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+      Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::DISCOVER_NEW,
+               previous_type_name: previous_type_name)
+          .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, id)
+    end
+
+    def self.create_discover_known_assets_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+      step = Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::DISCOVER_KNOWN,
+               previous_type_name: previous_type_name)
+                 .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, id)
+      config_params = step.configuration_params
+      config_params[:HOURS_SINCE_LAST_SCAN] = {
+          :valueClass => Values::ARRAY,
+          :items => [
+              {
+                  :valueClass => Values::OBJECT,
+                  :objectType => Filters::HOURS_SINCE_LAST_SCAN_ITEM,
+                  :properties => {
+                      :operator => {
+                          :valueClass => Values::STRING,
+                          :value => ::Nexpose::Search::Operator::GREATER_THAN
+                      },
+                      :operand1 => {
+                          :valueClass  => Values::STRING,
+                          :value => '1'
+                      }
+                  }
+              }
+          ]
+      }
+      step.configuration_params = config_params
+      step
+    end
+
+    def self.create_new_vuln_step(workflow: nil, filters:, previous_type_name: StepNames::EMPTY)
+      # The filter definitions on the server are not standard at this point so that is why it is necessary to hard code this
+      # Opening a defect to fix the consistency on these on the backend so we can use the add_filter function in the automation
+      step = Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::NEW_VULN,
+               previous_type_name: previous_type_name)
+
+      filters.each { |filter| step.add_filter(filter) }
+      step
+    end
+
+    def self.create_add_vuln_and_scan_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+      Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::ADD_VULN_AND_SCAN,
+               previous_type_name: previous_type_name)
+          .add_property(StepConfiguration::ConfigParamProperties::SITE_ID, id)
+    end
+
+    def self.create_add_to_site_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+       Step.new(workflow: workflow,
+               service_name: ServiceNames::NEXPOSE,
+               type_name: StepNames::ADD_TO_SITE,
+               previous_type_name: previous_type_name)
+           .add_property(StepConfiguration::ConfigParamProperties::SITE_ID, id)
+    end
+
+    def self.create_scan_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+     Step.new(workflow: workflow,
+              service_name: ServiceNames::NEXPOSE,
+              type_name: StepNames::SCAN,
+              previous_type_name: previous_type_name)
+         .add_property(StepConfiguration::ConfigParamProperties::SITE_ID, id)
+    end
+
+    def self.create_tag_step(workflow: nil, id:, previous_type_name: StepNames::EMPTY)
+       Step.new(workflow: workflow,
+                service_name: ServiceNames::NEXPOSE,
+                type_name: StepNames::TAG,
+                previous_type_name: previous_type_name)
+           .add_property(StepConfiguration::ConfigParamProperties::TAG_ID, id)
+    end
+
+    def self.get_discover_step(workflow: )
+      workflow.get_step(StepNames::DISCOVER_NEW) || workflow.get_step(StepNames::DISCOVER_KNOWN)
+    end
+  end
+end
+

data/lib/eso/service.rb

@@ -0,0 +1,83 @@
+module Eso
+  class Service
+    attr_accessor :host
+
+    attr_accessor :port
+
+    attr_accessor :url
+
+    CONTENT_TYPE_JSON = 'application/json; charset-utf-8'
+
+    def initialize(host:, port: 3780, nsc:)
+      @host = host
+      @port = port
+      @nexpose_console = nsc
+    end
+
+    def get(url:, content_type: CONTENT_TYPE_JSON)
+      get = Net::HTTP::Get.new(url)
+      get.set_content_type(content_type)
+      request(request: get)
+    end
+
+    def put(url:, payload:, content_type: CONTENT_TYPE_JSON)
+      put = Net::HTTP::Put.new(url)
+      put.set_content_type(content_type)
+      put.body = payload.to_s if payload
+      request(request: put)
+    end
+
+    def post(url:, payload: nil, content_type: CONTENT_TYPE_JSON)
+      post = Net::HTTP::Post.new(url)
+      post.set_content_type(content_type)
+      post.body = payload.to_s if payload
+      request(request: post)
+    end
+
+    def delete(url:, content_type: CONTENT_TYPE_JSON)
+      delete = Net::HTTP::Delete.new(url)
+      delete.set_content_type(content_type)
+      request(request: delete)
+    end
+
+    def http(timeout:)
+      http = Net::HTTP.new(@host, @port)
+      http.read_timeout = timeout if timeout
+      http.use_ssl = false
+      http
+    end
+
+    def https(timeout:)
+      http = Net::HTTP.new(@host, @port)
+      http.read_timeout = timeout if timeout
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      http
+    end
+
+    def add_nexpose_session(request:)
+      request.add_field('nexposeCCSessionID', @nexpose_console.session_id)
+      request.add_field('Cookie', "nexposeCCSessionID=#{@nexpose_console.session_id}")
+      request.add_field('X-Requested-With', 'XMLHttpRequest')
+    end
+
+    def request(request:, timeout: nil)
+      http = https(timeout: timeout)
+      add_nexpose_session(request: request)
+      response = http.request(request)
+      case response
+        when Net::HTTPOK, Net::HTTPCreated
+          rv = nil
+          if response.content_type == "application/json" && !response.body.empty?
+            json_data = JSON.parse(response.body, symbolize_names: true)
+            json_data[:data].nil? ? rv = json_data : rv = json_data[:data]
+          end
+          rv
+        when Net::HTTPForbidden
+          raise "Access denied. Response was #{response.body}"
+        else
+          raise "There was an error sending the request. Response was #{response.body}"
+      end
+    end
+  end
+end

data/lib/eso/step.rb

@@ -0,0 +1,166 @@
+module Eso
+  # Object representation of a step, which are attributes of Workflows and Integration Options
+  #
+  class Step
+    # UUID of this step. This is generated on creation on the server.
+    attr_accessor :uuid
+
+    # Type of this step. Should be one of Eso::ServiceNames
+    attr_accessor :serviceName
+
+    # The configuration for this step.
+    attr_accessor :stepConfiguration
+
+    # Constructor for Step.
+    #
+    # @param [String] uuid UUID of this Step. This is created on the server side upon creation through the API.
+    # @param [String] service_name The name of step this is.
+    # @param [Workflow] workflow The workflow this step belongs to.
+    # @param [Hash] configuration_params Hash of the parameters for this step.
+    #
+    def initialize(uuid: nil, service_name:, workflow: nil, type_name:, previous_type_name: StepNames::EMPTY, configuration_params: nil)
+      @uuid = uuid if uuid
+      @serviceName = service_name
+      @stepConfiguration = StepConfiguration.new(type_name, previous_type_name)
+      @stepConfiguration.configurationParams = configuration_params if configuration_params
+      @stepConfiguration.workflowID = workflow.id if workflow
+    end
+
+    # Return the configuration parameters for this step.
+    #
+    # @return [Hash] Hash of the configuration parameters for this step.
+    #
+    def configuration_params
+      @stepConfiguration.configurationParams
+    end
+
+    # Set the the configuration parameters for this step.
+    #
+    # @param [Hash] config_params of the new configuration parameters you would like to set.
+    # @return [Hash] Hash of the updated configuration parameters for this step.
+    #
+    def configuration_params=(config_params)
+      @stepConfiguration.configurationParams = config_params
+    end
+
+    # Return the type name for this step.
+    #
+    # @return [String] The currently configured type name.
+    #
+    def type_name
+      @stepConfiguration.typeName
+    end
+
+    # Set the type name for this step.
+    #
+    # @param [String] The new type_name that you would like to set this to. See Eso::StepNames for valid names.
+    # @return [String] The newly set type name.
+    #
+    def type_name=(wf_action_name)
+      @stepConfiguration.typeName = wf_action_name
+    end
+
+    # Return the previous type name for this step.
+    #
+    # @return [String] The previous type name for this step.
+    #
+    def previous_type_name
+      @stepConfiguration.previousTypeName
+    end
+
+    # Set the previous type name for this step.
+    #
+    # @param [String] The new previous type name that you would like to set. See Eso::StepNames for valid names.
+    # @return [String] Hash of the configuration parameters for this step.
+    #
+    def previous_type_name=(action_name)
+      @stepConfiguration.previousTypeName = action_name
+    end
+
+    # Return the properties of this step.
+    #
+    # @return [Hash{}] Hash of the properties for this step.
+    #
+    def properties
+      @stepConfiguration.configurationParams[:properties]
+    end
+
+    # Set the properties of this step.
+    #
+    # @param [Hash] The new properties to set for this step.
+    # @return [Hash] Hash of the newly configured properties for this step.
+    #
+    def properties=(new_properties)
+      @stepConfiguration.configurationParams[:properties] = new_properties
+    end
+
+    # Determine the siteID of this step, if it exists
+    #
+    # @return [String|nil] The String siteID value or nil if no siteID
+    def site_id
+      if @stepConfiguration.configurationParams[:properties][:siteID]
+        @stepConfiguration.configurationParams[:properties][:siteID][:value]
+      end
+    end
+
+    # Returns all configured filters for this step.
+    #
+    # @return [Array] An array of the currently configured filters for this step, each represented as a hash.
+    #
+    def filters
+      rv = {}
+      self.properties.each_pair do |key, value|
+        if value[:properties]
+          rv[key] = value if value[:properties].has_key?(:operators)
+        end
+      end
+      rv
+    end
+
+    # Convenience method which calls the #add_property method of the @stepConfiguration, but returns the Step
+    #
+    # @return [Step] Returns this Step for chaining
+    def add_property(name, value)
+      @stepConfiguration.add_property(name, value)
+      self
+    end
+
+    # Convenience method which calls the #add_property method of the @stepConfiguration, but returns the Step
+    #
+    # @return [Step] Returns this Step for chaining
+    def update_property(name, value)
+      @stepConfiguration.add_property(name, value)
+      self
+    end
+
+    # Add the specified filter to this step. The filter is converted to a hash and saved as such instead of being saved as a ESO::Filter object.
+    #
+    # @param [Filter] filter The filter to add to this step.
+    #
+    def add_filter(filter)
+      @stepConfiguration.configurationParams[:properties].merge! filter.to_hash
+    end
+
+    # Return this step in a JSON digestible format.
+    #
+    # @return [String] JSON interpretation of this step.
+    #
+    def to_json
+      self.to_hash.to_json
+    end
+
+    # Return this step as a hash.
+    #
+    # @return [Hash] Hash interpretation of this step.
+    #
+    def to_hash
+      hash = {}
+      instance_variables.each do |var|
+        value = instance_variable_get(var)
+        value = value.to_h if value.respond_to?('to_h')
+        hash[var.to_s.delete('@')] = value
+      end
+      hash
+    end
+  end
+end