nexpose 0.8.8 → 0.8.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0895452fa39e68f031ad27edc40a94cef8337730
-  data.tar.gz: 051981f1f5ef5a0e04977c3a7f5bc1447b2cee3c
+  metadata.gz: 6698a2821faefa7c1822f324cc1bfd355869ad7f
+  data.tar.gz: 3a14efb354cbc7036cf829f60088ceeaa0f7a80b
 SHA512:
-  metadata.gz: 9ebb703fbacc51a22fc0d60e18b1ac063fe853406b22c6ee2b7b3d77b0f9feda1e2441f07d0cb8b5dfeb8cb96937451cc94a5088e24485a34a7e078a98d37187
-  data.tar.gz: 4f7c7f467df77177e2762f5bf927548fe67e70c641855e7108a0219e1761bb9f1996664862edaaeb2a017ebd3df252bccfaf71163ba80053a9147dd609b030b9
+  metadata.gz: 219848942e56f658d1a3f43e8411ded2c12e693d5f258106196ddca5121c3434be50c17dffd45fe61504d5d76050bd77c123ea3d844e5f07a65656a353b03ea2
+  data.tar.gz: 89ae18299c87ef71a2805038ef3f1e3c7ab7a53cf87e0c66f799dbaa83e024f7714dc4198854d509156646472aea80d344f215c2de7b4fcfa6d71535ca87ef97

data/lib/nexpose.rb

@@ -72,6 +72,7 @@ require 'nexpose/discovery'
 require 'nexpose/discovery/filter'
 require 'nexpose/engine'
 require 'nexpose/filter'
+require 'nexpose/global_settings'
 require 'nexpose/group'
 require 'nexpose/dag'
 require 'nexpose/manage'

data/lib/nexpose/global_settings.rb

@@ -0,0 +1,117 @@
+module Nexpose
+  # Object used to manage the global settings of a Nexpose console.
+  #
+  class GlobalSettings
+    # IP addresses and/or host names that will be excluded from scanning across
+    # all sites.
+    attr_accessor :asset_exclusions
+
+    # Whether control scanning in enabled. A feature tied to ControlsInsight
+    # integration.
+    attr_accessor :control_scanning
+
+    # XML document representing the entire configuration.
+    attr_reader :xml
+
+    # Private constructor. See #load method for retrieving a settings object.
+    #
+    def initialize(xml)
+      @xml = xml
+
+      @asset_exclusions = HostOrIP.parse(xml)
+      @control_scanning = _get_control_scanning(xml)
+    end
+
+    # Returns true if controls scanning is enabled.
+    def control_scanning?
+      control_scanning
+    end
+
+    # Save any updates to this settings object to the Nexpose console.
+    #
+    # @param [Connection] nsc Connection to a Nexpose console.
+    # @return [Boolean] Whether saving was successful.
+    #
+    def save(nsc)
+      # load method can return XML missing this required attribute.
+      unless REXML::XPath.first(xml, '//*[@recalculation_duration]')
+        risk_model = REXML::XPath.first(xml, '//riskModel')
+        risk_model.add_attribute('recalculation_duration', 'do_not_recalculate')
+      end
+
+      _replace_exclusions(xml, asset_exclusions)
+      _set_control_scanning(xml, control_scanning)
+
+      response = AJAX.post(nsc, '/data/admin/global-settings', xml)
+      XMLUtils.success? response
+    end
+
+    # Add an asset exclusion setting.
+    #
+    # @param [IPRange|HostName|String] host_or_ip Host or IP (range) to exclude
+    #   from scanning by the Nexpose console.
+    #
+    def add_exclusion(host_or_ip)
+      asset = host_or_ip
+      unless host_or_ip.respond_to?(:host) || host_or_ip.respond_to?(:from)
+        asset = HostOrIP.convert(host_or_ip)
+      end
+      @asset_exclusions << asset
+    end
+
+    # Remove an asset exclusion setting.
+    # If you need to remove a range of IPs, be sure to explicitly supply an
+    # IPRange object to the method.
+    #
+    # @param [IPRange|HostName|String] host_or_ip Host or IP (range) to remove
+    #   from the exclusion list.
+    #
+    def remove_exclusion(host_or_ip)
+      asset = host_or_ip
+      unless host_or_ip.respond_to?(:host) || host_or_ip.respond_to?(:from)
+        # Attept to convert String to appropriate object.
+        asset = HostOrIP.convert(host_or_ip)
+      end
+      @asset_exclusions = asset_exclusions.reject { |a| a.eql? asset }
+    end
+
+    # Load the global settings from a Nexpose console.
+    #
+    # @param [Connection] nsc Connection to a Nexpose console.
+    # @return [GlobalSettings] Settings object for the console.
+    #
+    def self.load(nsc)
+      response = AJAX.get(nsc, '/data/admin/global-settings')
+      new(REXML::Document.new(response))
+    end
+
+    # Internal method for updating exclusions before saving.
+    def _replace_exclusions(xml, exclusions)
+      xml.elements.delete('//ExcludedHosts')
+      elem = xml.root.add_element('ExcludedHosts')
+      exclusions.each do |exclusion|
+        elem.add_element(exclusion.as_xml)
+      end
+    end
+
+    # Internal method for parsing XML for whether control scanning in enabled.
+    def _get_control_scanning(xml)
+      enabled = false
+      if elem = REXML::XPath.first(xml, '//enableControlsScan[@enabled]')
+        enabled = elem.attribute('enabled').value.to_i == 1
+      end
+      enabled
+    end
+
+    # Internal method for updating control scanning before saving.
+    def _set_control_scanning(xml, enabled)
+      if elem = REXML::XPath.first(xml, '//enableControlsScan')
+        elem.attributes['enabled'] = enabled ? '1' : '0'
+      else
+        elem = REXML::Element.new('ControlsScan', xml.root)
+        elem.add_element('enableControlsScan',
+                         'enabled' => enabled ? '1' : '0')
+      end
+    end
+  end
+end

data/lib/nexpose/settings.xml

@@ -0,0 +1,14 @@
+<GlobalSettings>
+  <riskModel id="real_risk" recalculation_duration="do_not_recalculate"></riskModel>
+  <RiskConfig includeRiskModifiers="false">
+    <RiskModifiers veryHigh="2" high="1.5" medium="1" low="0.75" veryLow="0.5"></RiskModifiers>
+  </RiskConfig>
+  <ControlsScan>
+    <enableControlsScan enabled="0"></enableControlsScan>
+  </ControlsScan>
+  <ExcludedHosts>
+    <range from="10.4.18.219"></range>
+    <range from="10.4.25.117"></range>
+  </ExcludedHosts>
+</GlobalSettings>
+

data/lib/nexpose/site.rb

@@ -217,17 +217,8 @@ module Nexpose
     # @param [String] asset Identifier of an asset, either IP or host name.
     #
     def add_asset(asset)
-      begin
-        # If the asset registers as a valid IP, store as IP.
-        ip = IPAddr.new(asset)
-        add_ip(asset)
-      rescue ArgumentError => e
-        if e.message == 'invalid address'
-          add_host(asset)
-        else
-          raise "Unable to parse asset: '#{asset}'. #{e.message}"
-        end
-      end
+      obj = HostOrIP.convert(asset)
+      @assets << obj
     end
 
     # Remove an asset to this site, resolving whether an IP or hostname is

data/lib/nexpose/util.rb

@@ -34,5 +34,62 @@ module Nexpose
 
       xml
     end
+
+    # Check a typical Nexpose XML response for success.
+    # Typically, the root element has a 'success' attribute, and its value is
+    # '1' if the call succeeded.
+    #
+    def self.success?(xml_string)
+      xml = ::REXML::Document.new(xml_string.to_s)
+      success = ::REXML::XPath.first(xml, '//@success')
+      !success.nil? && success.value.to_i == 1
+    end
+  end
+
+  # Function module for dealing with String to HostName|IPRange conversions.
+  #
+  module HostOrIP
+    module_function
+
+    # Convert a host or IP address to the corresponding HostName or IPRange
+    # class.
+    #
+    # If the String cannot be converted, it will raise an error.
+    #
+    # @param [String] asset String representation of an IP or host name.
+    # @return [IPRange|HostName] Valid class, if it can be converted.
+    #
+    def convert(asset)
+      begin
+        # Use IPAddr construtor validation to see if it's an IP.
+        IPAddr.new(asset)
+        IPRange.new(asset)
+      rescue ArgumentError => e
+        if e.message == 'invalid address'
+          HostName.new(asset)
+        else
+          raise "Unable to parse asset: '#{asset}'. #{e.message}"
+        end
+      end
+    end
+
+    # Parse a REXML::Document or REXML::Element for any hosts listed and convert
+    # them to HostName and IPRange objects.
+    #
+    # @param [REXML::Document|REXML::Element] xml REXML class potentially
+    #   containing host references.
+    # @return [Array[HostName|IPRange]] Collection of parsed hosts.
+    #
+    def parse(xml)
+      coll = []
+      xml.elements.each('//range') do |elem|
+        to = elem.attribute('to').nil? ? nil : elem.attribute('to').value
+        coll << IPRange.new(elem.attribute('from').value, to)
+      end
+      xml.elements.each('//host') do |elem|
+        coll << HostName.new(elem.text)
+      end
+      coll
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.8.8
+  version: 0.8.9
 platform: ruby
 authors:
 - HD Moore
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-17 00:00:00.000000000 Z
+date: 2014-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rex
@@ -85,6 +85,7 @@ files:
 - lib/nexpose/engine.rb
 - lib/nexpose/error.rb
 - lib/nexpose/filter.rb
+- lib/nexpose/global_settings.rb
 - lib/nexpose/group.rb
 - lib/nexpose/maint.rb
 - lib/nexpose/manage.rb
@@ -95,6 +96,7 @@ files:
 - lib/nexpose/role.rb
 - lib/nexpose/scan.rb
 - lib/nexpose/scan_template.rb
+- lib/nexpose/settings.xml
 - lib/nexpose/shared_cred.rb
 - lib/nexpose/silo.rb
 - lib/nexpose/silo_profile.rb