nexpose_servicenow 0.7.2 → 0.7.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5cf867dd52b399b8e111b8d36c404e133c663c31
-  data.tar.gz: 5d2e5338b7ec21c7216dd1837ade8cf17921e000
+  metadata.gz: 84febd71cae74e5f410a05a4bc1a862ba29508e4
+  data.tar.gz: d37e0a05cdc1c1276ab23cbd50a5b7e80ccce0c2
 SHA512:
-  metadata.gz: 803f91eaed2e6b4e8ad728588546cbd04a35a9fc511c41e8a5b2a1c6452ba1fa5ee5a91857525908fa86735d0d8d78d8e21e72362e6e865d15ab9a5e72f6dab4
-  data.tar.gz: a80e9eaa45e6bffea2c5167736b9f52848bae488dcdfc2dfec10b902c4cef0daca1bca54e39f3c15ff931369f6a7d07557fe9b52fb88be797f9e38a429aad73b
+  metadata.gz: 90a4f106d54bd9995ebbd7afd457301b92f1d4bd5272d1ef650a8f11019d51e0265b03ea551a885241d59de49f3ab2538c101a6e753da2ee32512a72590f67fb
+  data.tar.gz: 13598b6b64bb63094f31f9ff43d3ec7e315530f749bfc3f02779c18123fad814b486981df4697be492c54d6fda703802e7d3fdeca2930fc4008972de3a3ada10

data/README.md

@@ -13,11 +13,13 @@ Alternatively, it is also possible to call the following to see a list of parame
 
 
 ## Support
-Please contact the following address for support queries:
+Please visit the following address for support queries:
 [Rapid7 Support Portal](https://rapid7support.force.com/customers/login) 
 
 Please attach both the gem logs and relevant snippets from the agent logs.
 
+Documentation is available from the ServiceNow Store Portal.
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/lib/nexpose_servicenow.rb

@@ -107,6 +107,8 @@ module NexposeServiceNow
       query_options[:filters] = options[:filters]
       query_options[:page_size] = options[:row_limit]
       query_options[:row_limit] = options[:row_limit]
+      query_options[:cvss_v3] = options[:cvss_v3]
+
       report_helper = get_helper(options)
       @log.log_message("Querying using the #{report_helper.class}.")
       report_helper.generate_report(options[:query],

data/lib/nexpose_servicenow/arg_parser.rb

@@ -77,6 +77,12 @@ module NexposeServiceNow
           options[:vuln_query_date] = vulnt
         end
 
+        opts.on('-y', '--cvss-version VERSION',
+                'The CVSS version to import ' \
+                '(2 or 3 where available)') do |version|
+          options[:cvss_v3] = version == '3'
+        end
+
         opts.separator ''
         opts.separator 'Connection options:'
         
@@ -218,6 +224,7 @@ module NexposeServiceNow
       options[:conn_type] ||= :nexpose_console
       options[:nexpose_ids] ||= {}
       options[:filters] ||= {}
+      options[:cvss_v3] ||= false
 
       options[:query] = 'latest_scans' if options[:mode] == 'latest_scans'
 

data/lib/nexpose_servicenow/csv_compare.rb

@@ -108,15 +108,35 @@ module NexposeServiceNow
         end
       end
 
+      temp.close
       FileUtils.mv(temp, target_file, :force => true)
     end
 
     def self.create_csv_diff(old_file, new_file, target_file, key_fields=[0])
-      diff = CSVDiff.new(old_file,
-                         new_file,
-                         ignore_moves: true,
-                         key_fields: key_fields
-      )
+      old_temp = Tempfile.new("#{File.basename old_file}tmp")
+      new_temp = Tempfile.new("#{File.basename new_file}tmp")
+
+      File.open(old_file) do |f|
+        IO.copy_stream(f, old_temp)
+      end
+      File.open(new_file) do |f|
+        IO.copy_stream(f, new_temp)
+      end
+
+      begin
+        diff = CSVDiff.new(
+          File.expand_path(old_temp),
+          File.expand_path(new_temp),
+          ignore_moves: true,
+          key_fields: key_fields
+        )
+      rescue Exception => e
+        file_name = File.basename target_file
+        raise "Unable to diff file: #{file_name}. \nError received: #{e}"
+      ensure
+        old_temp.close!
+        new_temp.close!
+      end
 
       columns = self.get_columns(new_file)
 
@@ -126,7 +146,7 @@ module NexposeServiceNow
         diff.deletes.each_value { |v| csv << get_delete(v, columns) }
         diff.adds.each_value { |v| csv << get_add(v, columns) }
 
-        if(key_fields.count == 1)
+        if key_fields.count == 1
           # If only a single key field, we don't need the old values
           # Just grab the row and let ServiceNow coalesce and update the row
           update_rows = diff.updates.each_value.map { |u| u.row }
@@ -142,7 +162,7 @@ module NexposeServiceNow
             update_row_num = update_rows.shift
             break if update_row_num == nil
           end
-        elsif(key_fields.count == 2)
+        elsif key_fields.count == 2
           # Multiple key fields result in row "updates"
           diff.updates.each_value do |v|
             csv << self.update_to_old(v, columns)

data/lib/nexpose_servicenow/helpers/connection_helper.rb

@@ -37,6 +37,7 @@ module NexposeServiceNow
       options[:site_id] = nexpose_id
       options[:id_type] = 'site'
       options[:filters] = query_options[:filters] || {}
+      options[:cvss_v] = query_options[:cvss_v]
 
       # Without a nexpose ID, we don't have a specific delta
       return options if [nil, -1].include? nexpose_id
@@ -75,5 +76,9 @@ module NexposeServiceNow
     def save_report(report_name, report_id, output_dir)
       raise NOT_IMPL
     end
+
+    def get_cvss_version_strings(use_v3)
+      raise NOT_IMPL
+    end
   end
 end

data/lib/nexpose_servicenow/helpers/data_warehouse_helper.rb

@@ -29,6 +29,8 @@ module NexposeServiceNow
       #A single report doesn't use site filters
       ids = [-1] if WarehouseQueries.single_report?(query_name)
 
+      query_options[:cvss_v] = get_cvss_version_strings(query_options[:cvss_v3])
+
       page_size = query_options[:page_size]
       row_limit = query_options[:row_limit]
 
@@ -130,5 +132,9 @@ module NexposeServiceNow
       result.map { |r| r['site_id'] }
       connection.finish
     end
+
+    def get_cvss_version_strings(use_v3)
+      use_v3 ? { choice: '_v3', fallback: '' } : { choice: '', fallback: '' }
+    end
   end
 end

data/lib/nexpose_servicenow/helpers/nexpose_console_helper.rb

@@ -24,6 +24,8 @@ module NexposeServiceNow
         @log.on_connect(@url, @port, @nsc.session_id, '{}')
       end
 
+      query_options[:cvss_v] = get_cvss_version_strings(query_options[:cvss_v3])
+
       ids.each do |id|
         report_name = self.class.get_report_name(query_name, id)
         clean_up_reports(report_name)
@@ -153,5 +155,10 @@ module NexposeServiceNow
     def collection_ids(collection_type)
       @nsc.send("#{collection_type}s").map { |s| s.id }.sort
     end
+
+    def get_cvss_version_strings(use_v3)
+      return { choice: '_v3', vector: '_v3', fallback: '' } if use_v3
+      { choice: '_v2', vector: '', fallback: '' }
+    end
   end
 end

data/lib/nexpose_servicenow/queries/nexpose_queries.rb

@@ -18,13 +18,20 @@ module NexposeServiceNow
         title as Summary,
         proofAsText(description) as Threat,
         ROUND(riskscore::numeric, 2) as Riskscore,
-        cvss_vector,
-        ROUND(cvss_impact_score::numeric, 2) as Impact_Score,
-        ROUND(cvss_exploit_score::numeric, 2) as Exploit_Score,
+        coalesce(cvss#{options[:cvss_v][:vector]}_vector,
+                 cvss#{options[:cvss_v][:fallback]}_vector) as cvss_vector,
+        ROUND(coalesce(cvss#{options[:cvss_v][:choice]}_impact_score::numeric,
+                       cvss#{options[:cvss_v][:fallback]}_impact_score::numeric),
+              2) as Impact_Score,
+        ROUND(coalesce(cvss#{options[:cvss_v][:choice]}_exploit_score::numeric,
+                       cvss#{options[:cvss_v][:fallback]}_exploit_score::numeric),
+              2) as Exploit_Score,
         cvss_access_complexity_id as Access_Complexity,
         cvss_access_vector_id as Access_Vector,
         cvss_authentication_id as Authentication,
-        ROUND(cvss_score::numeric, 2) as Vulnerability_Score,
+        ROUND(coalesce(cvss#{options[:cvss_v][:choice]}_score::numeric,
+                       cvss#{options[:cvss_v][:fallback]}_score::numeric),
+              2) as Vulnerability_Score,
         cvss_integrity_impact_id as Integrity_Impact,
         cvss_confidentiality_impact_id as Confidentiality_Impact,
         cvss_availability_impact_id as Availability_Impact,
@@ -120,9 +127,9 @@ module NexposeServiceNow
     end
 
     def self.software_instance(options={})
-      "SELECT asset_id as Nexpose_ID, coalesce(da.host_name, CAST(da.asset_id as text)) as Installed_On, ds.name, ds.Product_Name, ds.version, ds.cpe
+      "SELECT asset_id as Nexpose_ID, CAST(da.asset_id as text) as Installed_On, ds.name, ds.vendor, ds.family, ds.version, ds.cpe
       FROM fact_asset_scan_software
-      LEFT OUTER JOIN (SELECT software_id, name, vendor || ' ' || family as Product_Name, version, cpe FROM dim_software) ds USING (software_id)
+      LEFT OUTER JOIN (SELECT software_id, name, vendor, family, version, cpe FROM dim_software) ds USING (software_id)
       LEFT OUTER JOIN (SELECT asset_id, host_name FROM dim_asset) da USING (asset_id)
       WHERE scan_id = lastScan(asset_id)"
     end
@@ -254,7 +261,7 @@ module NexposeServiceNow
                            fas.scan_id = first_found"
     end
 
-    def self.generate_cvss_filter(cvss_range)
+    def self.generate_cvss_filter(cvss_range, cvss_strings)
       return '' if cvss_range.nil? || cvss_range.last.nil?
 
       cvss_min = cvss_range.first
@@ -263,13 +270,16 @@ module NexposeServiceNow
       # No need to join if not applying a filter
       return '' if cvss_min.to_s == '0' && cvss_max.to_s == '10'
 
-      "JOIN (SELECT vulnerability_id, cvss_score
+      cvss_score = "(coalesce(cvss#{cvss_strings[:choice]}_score,
+                      cvss#{cvss_strings[:fallback]}_score))"
+
+      "JOIN (SELECT vulnerability_id
              FROM dim_vulnerability
-             WHERE cvss_score >= #{cvss_min} AND cvss_score <= #{cvss_max}) dv
-             USING (vulnerability_id)"
+             WHERE #{cvss_score} >= #{cvss_min} AND #{cvss_score} <= #{cvss_max}) dv
+       USING (vulnerability_id)"
     end
 
-    def self.generate_cvss_table(cvss_range)
+    def self.generate_cvss_table(cvss_range, cvss_strings)
       return '' if cvss_range.nil? || cvss_range.last.nil?
 
       cvss_min = cvss_range.first
@@ -277,15 +287,19 @@ module NexposeServiceNow
 
       return '' if cvss_min.to_s == '0' && cvss_max.to_s == '10'
 
+      cvss_score = "(coalesce(cvss#{cvss_strings[:choice]}_score,
+                      cvss#{cvss_strings[:fallback]}_score))"
+
       "vulns_cvss AS (
           SELECT vulnerability_id FROM dim_vulnerability
-          WHERE cvss_score >= #{cvss_min} AND cvss_score <= #{cvss_max})"
+          WHERE #{cvss_score} >= #{cvss_min} AND #{cvss_score} <= #{cvss_max})"
     end
 
     def self.vulnerable_new_items(options={})
       date_filter = self.generate_date_filter(options[:filters][:date], false)
 
-      cvss_table = self.generate_cvss_table(options[:filters][:cvss])
+      cvss_table = self.generate_cvss_table(options[:filters][:cvss],
+                                            options[:cvss_v])
       cvss_filter = ''
       if cvss_table != ''
         cvss_table = ",#{cvss_table}"
@@ -355,7 +369,8 @@ module NexposeServiceNow
 
       cve_filter = self.generate_cve_filter(options[:filters][:cve])
       date_filter = self.generate_date_filter(options[:filters][:date])
-      cvss_filter = self.generate_cvss_filter(options[:filters][:cvss])
+      cvss_filter = self.generate_cvss_filter(options[:filters][:cvss],
+                                              options[:cvss_v])
 
       # Only perform this operation is necessary
       date_field = if date_filter.nil? || date_filter == ''

data/lib/nexpose_servicenow/queries/warehouse_queries.rb

@@ -25,13 +25,20 @@ module NexposeServiceNow
           coalesce(NULLIF(CONCAT('\"',regexp_replace(title, '\"','''', 'g'),'\"'), '\"\"'), 'None') AS Summary,
           coalesce(NULLIF(CONCAT('\"',regexp_replace(htmltotext(description), '\"','''', 'g'),'\"'), '\"\"'), 'None') AS Threat,
           ROUND(risk_score :: NUMERIC, 2) AS Riskscore,
-          cvss_vector,
-          ROUND(cvss_impact_score :: NUMERIC, 2) AS Impact_Score,
-          ROUND(cvss_exploit_score :: NUMERIC, 2) AS Exploit_Score,
+          coalesce(cvss#{options[:cvss_v][:choice]}_vector,
+                   cvss#{options[:cvss_v][:fallback]}_vector) as cvss_vector,
+          ROUND(coalesce(cvss#{options[:cvss_v][:choice]}_impact_score::NUMERIC,
+                         cvss#{options[:cvss_v][:fallback]}_impact_score::NUMERIC),
+                2) AS Impact_Score,
+          ROUND(coalesce(cvss#{options[:cvss_v][:choice]}_exploit_score::NUMERIC,
+                         cvss#{options[:cvss_v][:fallback]}_exploit_score::NUMERIC),
+                2) AS Exploit_Score,
           cvss_access_complexity AS Access_Complexity,
           cvss_access_vector AS Access_Vector,
           cvss_authentication AS Authentication,
-          ROUND(cvss_score :: NUMERIC, 2) AS Vulnerability_Score,
+          ROUND(coalesce(cvss#{options[:cvss_v][:choice]}_score::NUMERIC,
+                         cvss#{options[:cvss_v][:fallback]}_score::NUMERIC),
+                2) as Vulnerability_Score,
           cvss_integrity_impact AS Integrity_Impact,
           cvss_confidentiality_impact AS Confidentiality_Impact,
           cvss_availability_impact AS Availability_Impact,
@@ -144,16 +151,20 @@ module NexposeServiceNow
         )"
     end
 
-    def self.generate_vulnerability_filter(cves, cvss_range)
+    def self.generate_vulnerability_filter(cves, cvss_range, cvss_strings)
       return '' if cves.to_a.empty? && cvss_range.to_a.empty?
       vuln_filter = ''
       vuln_filter += cves.map { |c| "reference='#{c}'" }.join(' OR ') unless cves.nil?
 
       cvss_min = cvss_range.first || '0'
       cvss_max = cvss_range.last || '10'
+
+      cvss_score = "(coalesce(cvss#{cvss_strings[:choice]}_score,
+                      cvss#{cvss_strings[:fallback]}_score))"
+
       unless cvss_min.to_s == '0' && cvss_max.to_s == '10'
         vuln_filter += ' AND ' unless vuln_filter.empty?
-        vuln_filter += "cvss_score >= #{cvss_min} AND cvss_score <= #{cvss_max}"
+        vuln_filter += "#{cvss_score} >= #{cvss_min} AND #{cvss_score} <= #{cvss_max}"
       end
       return '' if vuln_filter.empty?
 
@@ -177,7 +188,7 @@ module NexposeServiceNow
       site_id = options[:site_id]
       last_import_date = options[:delta]
       vuln_filter = self.generate_vulnerability_filter(
-          options[:filters][:cve], options[:filters][:cvss]
+          options[:filters][:cve], options[:filters][:cvss], options[:cvss_v]
       )
       date_filters = self.generate_date_filter(options[:filters][:date])
 
@@ -236,7 +247,7 @@ module NexposeServiceNow
       site_id = options[:site_id]
       last_import_date = options[:delta]
       vuln_filter = self.generate_vulnerability_filter(
-          options[:filters][:cve], options[:filters][:cvss]
+          options[:filters][:cve], options[:filters][:cvss], options[:cvss_v]
       )
       date_filters = self.generate_date_filter(options[:filters][:date])
 

data/lib/nexpose_servicenow/version.rb

@@ -1,5 +1,5 @@
 module NexposeServiceNow
-  VERSION = '0.7.2'
+  VERSION = '0.7.3'
   VENDOR = 'ServiceNow'
   PRODUCT = 'CMDB'
 end

data/nexpose_servicenow.gemspec

@@ -6,7 +6,7 @@ require 'nexpose_servicenow/version'
 Gem::Specification.new do |spec|
   spec.name          = 'nexpose_servicenow'
   spec.version       = NexposeServiceNow::VERSION
-  spec.authors       = ['David Valente']
+  spec.authors       = ['David Valente', 'Adam Robinson']
   spec.email         = ['david_valente@rapid7.com']
 
   spec.require_paths = ['lib']

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_servicenow
 version: !ruby/object:Gem::Version
-  version: 0.7.2
+  version: 0.7.3
 platform: ruby
 authors:
 - David Valente
+- Adam Robinson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-30 00:00:00.000000000 Z
+date: 2018-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -133,9 +134,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.3
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: Gem for Nexpose-ServiceNow integration.
 test_files: []
-has_rdoc: