nexpose 0.1.13 → 0.1.14

data/lib/nexpose.rb

@@ -72,6 +72,7 @@ require 'nexpose/connection'
 require 'nexpose/role'
 require 'nexpose/common'
 require 'nexpose/group'
+require 'nexpose/alert'
 
 module Nexpose
 

data/lib/nexpose/alert.rb

@@ -0,0 +1,239 @@
+module Nexpose
+
+  # Alert parent object.
+  # The three alert types should be wrapped in this object to store data.
+  #
+  class Alert
+
+    # Name for this alert.
+    attr_accessor :name
+
+    # Whether or not this alert is currently active.
+    attr_accessor :enabled
+
+    # Send at most this many alerts per scan.
+    attr_accessor :max_alerts
+
+    # Send alerts based upon scan status.
+    attr_accessor :scan_filter
+
+    # Send alerts based upon vulnerability finding status.
+    attr_accessor :vuln_filter
+
+    # Alert type and its configuration. One of SMTPAlert, SyslogAlert, SNMPAlert
+    attr_accessor :alert
+
+    def initialize(name, enabled = 1, max_alerts = -1)
+      @name, @enabled, @max_alerts = name, enabled, max_alerts
+    end
+
+    def to_xml
+      xml = '<Alert'
+      xml << %Q( name="#{@name}")
+      xml << %Q( enabled="#{@enabled}")
+      xml << %Q( maxAlerts="#{@max_alerts}")
+      xml << '>'
+      xml << scan_filter.to_xml
+      xml << vuln_filter.to_xml
+      xml << alert.to_xml
+      xml << '</Alert>'
+    end
+
+    # Parse a response from a Nexpose console into a valid Alert object.
+    #
+    # @param [REXML::Document] rexml XML document to parse.
+    # @return [Alert] Alert object represented by the XML.
+    # 
+    def self.parse(rexml)
+      name = rexml.attributes['name']
+      rexml.elements.each("//Alert[@name='#{name}']") do |xml|
+        alert = new(name,
+                    xml.attributes['enabled'].to_i,
+                    xml.attributes['maxAlerts'].to_i)
+        alert.scan_filter = ScanFilter.parse(REXML::XPath.first(xml, "//Alert[@name='#{name}']/scanFilter"))
+        alert.vuln_filter = VulnFilter.parse(REXML::XPath.first(xml, "//Alert[@name='#{name}']/vulnFilter"))
+        if (type = REXML::XPath.first(xml, "//Alert[@name='#{name}']/smtpAlert"))
+          alert.alert = SMTPAlert.parse(type)
+        elsif (type = REXML::XPath.first(xml, "//Alert[@name='#{name}']/syslogAlert"))
+          alert.alert = SyslogAlert.parse(type)
+        elsif (type = REXML::XPath.first(xml, "//Alert[@name='#{name}']/snmpAlert"))
+          alert.alert = SNMPAlert.parse(type)
+        end
+        return alert
+      end
+      nil
+    end
+  end
+
+  # Scan filter for alerting.
+  # Set values to 1 to enable and 0 to disable.
+  #
+  class ScanFilter
+    # Scan events to alert on.
+    attr_accessor :start, :stop, :fail, :resume, :pause
+
+    def initialize(start = 0, stop = 0, fail = 0, resume = 0, pause = 0)
+      @start, @stop, @fail, @resume, @pause = start, stop, fail, resume, pause
+    end
+
+    def to_xml
+      xml = '<scanFilter'
+      xml << %Q( scanStart="#{@start}")
+      xml << %Q( scanStop="#{@stop}")
+      xml << %Q( scanFailed="#{@fail}")
+      xml << %Q( scanResumed="#{@resume}")
+      xml << %Q( scanPaused="#{@pause}")
+      xml << '/>'
+    end
+
+    def self.parse(xml)
+      new(xml.attributes['scanStart'].to_i,
+          xml.attributes['scanStop'].to_i,
+          xml.attributes['scanFailed'].to_i,
+          xml.attributes['scanResumed'].to_i,
+          xml.attributes['scanPaused'].to_i)
+    end
+  end
+
+  # Vulnerability filtering for alerting.
+  # Set values to 1 to enable and 0 to disable.
+  #
+  class VulnFilter
+    # Only alert on vulnerability findings with a severity level greater than this level.
+    # Range is 0 to 10.
+    # Values in the UI correspond as follows:
+    #   Any severity: 1
+    #   Severe and critical: 4
+    #   Only critical: 8
+    attr_accessor :severity
+
+    # Vulnerability events to alert on.
+    attr_accessor :confirmed, :unconfirmed, :potential
+
+    def initialize(severity = 1, confirmed = 1, unconfirmed = 1, potential = 1)
+      @severity, @confirmed, @unconfirmed, @potential = severity, confirmed, unconfirmed, potential
+    end
+
+    def to_xml
+      xml = '<vulnFilter'
+      xml << %Q( severityThreshold="#{@severity}")
+      xml << %Q( confirmed="#{@confirmed}")
+      xml << %Q( unconfirmed="#{@unconfirmed}")
+      xml << %Q( potential="#{@potential}")
+      xml << '/>'
+    end
+
+    def self.parse(xml)
+      new(xml.attributes['severityThreshold'].to_i,
+          xml.attributes['confirmed'].to_i,
+          xml.attributes['unconfirmed'].to_i,
+          xml.attributes['potential'].to_i)
+    end
+  end
+
+  # Syslog Alert
+  # This class should only exist as an element of an Alert.
+  #
+  class SyslogAlert
+
+    # The server to sent this alert to.
+    attr_accessor :server
+
+    def initialize(server)
+      @server = server
+    end
+
+    def self.parse(xml)
+      new(xml.attributes['server'])
+    end
+
+    include Sanitize
+
+    def to_xml
+      xml = '<syslogAlert'
+      xml << %Q( server="#{replace_entities(server)}">)
+      xml << '</syslogAlert>'
+    end
+  end
+
+  # SNMP Alert
+  # This class should only exist as an element of an Alert.
+  #
+  class SNMPAlert
+
+    # The community string
+    attr_accessor :community
+
+    # The server to sent this alert
+    attr_accessor :server
+
+    def initialize(community, server)
+      @community = community
+      @server = server
+    end
+
+    def self.parse(xml)
+      new(xml.attributes['community'], xml.attributes['server'])
+    end
+
+    include Sanitize
+
+    def to_xml
+      xml = '<snmpAlert'
+      xml << %Q( community="#{replace_entities(community)}")
+      xml << %Q( server="#{replace_entities(server)}">)
+      xml << '</snmpAlert>'
+    end
+  end
+
+  # SMTP (e-mail) Alert
+  # This class should only exist as an element of an Alert.
+  #
+  class SMTPAlert
+
+    # The email address of the sender
+    attr_accessor :sender
+
+    # The server to sent this alert
+    attr_accessor :server
+
+    # Limit the text for mobile devices
+    attr_accessor :limit_text
+
+    # Array of strings with the e-mail addresses of the intended recipients.
+    attr_accessor :recipients
+
+    def initialize(sender, server, limit_text = 0)
+      @sender = sender
+      @server = server
+      @limit_text = limit_text
+      @recipients = []
+    end
+
+    # Adds a new Recipient to the recipients array
+    def add_recipient(recipient)
+      @recipients << recipient
+    end
+
+    include Sanitize
+
+    def to_xml
+      xml = '<smtpAlert'
+      xml << %Q( sender="#{replace_entities(sender)}")
+      xml << %Q( server="#{replace_entities(server)}")
+      xml << %Q( limitText="#{limit_text}">)
+      recipients.each do |recpt|
+        xml << "<recipient>#{replace_entities(recpt)}</recipient>"
+      end
+      xml << '</smtpAlert>'
+    end
+
+    def self.parse(xml)
+      alert = new(xml.attributes['sender'], xml.attributes['server'], xml.attributes['limitText'].to_i)
+      xml.elements.each("//recipient") do |recipient|
+        alert.recipients << recipient.text
+      end
+      alert
+    end
+  end
+end

data/lib/nexpose/site.rb

@@ -195,6 +195,7 @@ module Nexpose
     attr_accessor :credentials
 
     # [Array] Collection of real-time alerts.
+    # @see Alert
     # @see SMTPAlert
     # @see SNMPAlert
     # @see SyslogAlert
@@ -332,9 +333,11 @@ module Nexpose
       xml << assets.reduce('') { |acc, host| acc << host.to_xml }
       xml << '</Hosts>'
 
-      xml << '<ExcludedHosts>'
-      xml << exclude.reduce('') { |acc, host| acc << host.to_xml }
-      xml << '</ExcludedHosts>'
+      unless exclude.empty?
+        xml << '<ExcludedHosts>'
+        xml << exclude.reduce('') { |acc, host| acc << host.to_xml }
+        xml << '</ExcludedHosts>'
+      end
 
       unless credentials.empty?
         xml << '<Credentials>'
@@ -411,43 +414,8 @@ module Nexpose
           end
         end
 
-        s.elements.each('Alerting/Alert') do |a|
-          a.elements.each('smtpAlert') do |smtp|
-            smtp_alert = SMTPAlert.new(a.attributes['name'], smtp.attributes['sender'], smtp.attributes['limitText'], a.attributes['enabled'])
-
-            smtp.elements.each('recipient') do |recipient|
-              smtp_alert.add_recipient(recipient.text)
-            end
-            site.alerts << smtp_alert
-          end
-
-          a.elements.each('snmpAlert') do |snmp|
-            snmp_alert = SNMPAlert.new(a.attributes['name'], snmp.attributes['community'], snmp.attributes['server'], a.attributes['enabled'])
-            site.alerts << snmp_alert
-          end
-
-          a.elements.each('syslogAlert') do |syslog|
-            syslog_alert = SyslogAlert.new(a.attributes['name'], syslog.attributes['server'], a.attributes['enabled'])
-            site.alerts << syslog_alert
-          end
-
-          #a.elements.each('vuln_filter') do |vulnFilter|
-          #  vulnfilter = new VulnFilter.new(a.attributes["typemask"], a.attributes["severityThreshold"], $attrs["MAXALERTS"])
-          #  Pop off the top alert on the stack
-          #  $alert = @alerts.pop()
-          #  Add the new recipient string to the Alert Object
-          #  $alert.setVulnFilter($vulnfilter)
-          #  Push the alert back on to the alert stack
-          #  array_push($this->alerts, $alert)
-          #end
-
-          #a.elements.each('scanFilter') do |scanFilter|
-          #  <scanFilter scanStop='0' scanFailed='0' scanStart='1'/>
-          #  scanfilter = ScanFilter.new(scanFilter.attributes['scanStop'],scanFilter.attributes['scanFailed'],scanFilter.attributes['scanStart'])
-          #  alert = @alerts.pop()
-          #  alert.setScanFilter(scanfilter)
-          #  @alerts.push(alert)
-          #end
+        s.elements.each('Alerting/Alert') do |alert|
+          site.alerts << Alert.parse(alert)
         end
 
         return site
@@ -563,142 +531,6 @@ module Nexpose
     end
   end
 
-  # === Description
-  # Object that represents a Syslog Alert.
-  #
-  class SyslogAlert
-
-    # A unique name for this alert
-    attr_reader :name
-    # If this alert is enabled or not
-    attr_reader :enabled
-    # The Syslog server to sent this alert
-    attr_reader :server
-    # The vulnerability filter to trigger the alert
-    attr_accessor :vuln_filter
-    # The alert type
-    attr_reader :type
-
-    def initialize(name, server, enabled = 1)
-      @type = :syslog
-      @name = name
-      @server = server
-      @enabled = enabled
-      # Sets default vuln filter - All Events
-      @vuln_filter = VulnFilter.new('50790400', 1)
-
-    end
-
-    include Sanitize
-
-    def to_xml
-      xml = '<syslogAlert'
-      xml << %Q{ name="#{replace_entities(name)}"}
-      xml << %Q{ enabled="#{replace_entities(enabled)}"}
-      xml << %Q{ server="#{replace_entities(server)}">}
-      xml << vuln_filter.to_xml
-      xml << '</syslogAlert>'
-      xml
-    end
-
-  end
-
-  # === Description
-  # Object that represents an SNMP Alert.
-  #
-  class SNMPAlert
-    include Sanitize
-
-    # A unique name for this alert
-    attr_reader :name
-    # If this alert is enabled or not
-    attr_reader :enabled
-    # The community string
-    attr_reader :community
-    # The SNMP server to sent this alert
-    attr_reader :server
-    # The vulnerability filter to trigger the alert
-    attr_reader :vuln_filter
-    # The alert type
-    attr_reader :type
-
-    def initialize(name, community, server, enabled = 1)
-      @type = :snmp
-      @name = name
-      @community = community
-      @server = server
-      @enabled = enabled
-      # Sets default vuln filter - All Events
-      @vuln_filter = VulnFilter.new('50790400', 1)
-    end
-
-    def to_xml
-      xml = '<snmpAlert'
-      xml << %Q{ name="#{replace_entities(name)}"}
-      xml << %Q{ enabled="#{replace_entities(enabled)}"}
-      xml << %Q{ community="#{replace_entities(community)}"}
-      xml << %Q{ server="#{replace_entities(server)}">}
-      xml << vuln_filter.to_xml
-      xml << '</snmpAlert>'
-      xml
-    end
-
-  end
-
-  # === Description
-  # Object that represents an SMTP (Email) Alert.
-  #
-  class SMTPAlert
-    # A unique name for this alert
-    attr_reader :name
-    # If this alert is enabled or not
-    attr_reader :enabled
-    # The email address of the sender
-    attr_reader :sender
-    # Limit the text for mobile devices
-    attr_reader :limit_text
-    # Array containing Strings of email addresses
-    # Array of strings with the email addresses of the intended recipients
-    attr_reader :recipients
-    # The vulnerability filter to trigger the alert
-    attr_accessor :vuln_filter
-    # The alert type
-    attr_reader :type
-
-    def initialize(name, sender, limit_text, enabled = 1)
-      @type = :smtp
-      @name = name
-      @sender = sender
-      @enabled = enabled
-      @limit_text = limit_text
-      @recipients = []
-      # Sets default vuln filter - All Events
-      @vuln_filter = VulnFilter.new('50790400', 1)
-    end
-
-    # Adds a new Recipient to the recipients array
-    def add_recipient(recipient)
-      @recipients.push(recipient)
-    end
-
-    include Sanitize
-
-    def to_xml
-      xml = '<smtpAlert'
-      xml << %Q{ name="#{replace_entities(name)}"}
-      xml << %Q{ enabled="#{replace_entities(enabled)}"}
-      xml << %Q{ sender="#{replace_entities(sender)}"}
-      xml << %Q{ limitText="#{replace_entities(limit_text)}">}
-      recipients.each do |recpt|
-        xml << "<recipient>#{replace_entities(recpt)}</recipient>"
-      end
-      xml << vuln_filter.to_xml
-      xml << '</smtpAlert>'
-      xml
-    end
-  end
-
-  # === Description
   # Object that represents a hostname to be added to a site.
   class HostName
     # Named host (usually DNS or Netbios name).

data/lib/nexpose/util.rb

@@ -1,13 +1,7 @@
 module Nexpose
   module Sanitize
     def replace_entities(str)
-      ret = str.dup
-      ret.gsub!(/&/, '&')
-      ret.gsub!(/'/, ''')
-      ret.gsub!(/"/, '"')
-      ret.gsub!(/</, '&lt;')
-      ret.gsub!(/>/, '&gt;')
-      ret
+      str.to_s.gsub(/&/, '&amp;').gsub(/'/, '&apos;').gsub(/"/, '&quot;').gsub(/</, '&lt;').gsub(/>/, '&gt;')
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.1.13
+  version: 0.1.14
   prerelease: 
 platform: ruby
 authors:
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-19 00:00:00.000000000 Z
+date: 2013-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: librex
@@ -72,6 +72,7 @@ files:
 - lib/nexpose/vuln.rb
 - lib/nexpose/util.rb
 - lib/nexpose/site.rb
+- lib/nexpose/alert.rb
 - lib/nexpose/silo.rb
 - lib/nexpose/user.rb
 - lib/nexpose/connection.rb