nexpose_servicenow 0.5.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7f3da5fa2194d025ab5192815f682a09a94583be
-  data.tar.gz: 94e1f6a2c0976fba3215185d62a2f0a03edcb5c5
+  metadata.gz: 293f877592c7698b0730bed8471ac8d9557009b3
+  data.tar.gz: 56922788a7b2b7a399b9146c8075f2cea9d013ad
 SHA512:
-  metadata.gz: 6c6223fa14d6e6b0221e6176f5a4b79c4e9816dc2350592b68262cc94a98cf2cdf26d3bc647f699102c20954f9120fa12fdb1d0d4aa041a9c8cda75748036322
-  data.tar.gz: b5f07c1718b8cf959b932d6d76192c8ccd2a71b30ec70805334ab117f2e4f3b0e373ac2c3e876dced59f2e2d7f1dabc427568dd547c854cb636f6700c2b1fb2b
+  metadata.gz: 2d0cf6ebf473a19eb15497b70344c0f332cfcffda10c09cbb0d07c119e057cf4633aac4dc6ba77849c400d31129e3ca325157e66bf207a427309c2a8fd28b4f3
+  data.tar.gz: 55a7cd2740faf850e6534e0aa4f240ef2dff326ec968cafd458b0920d1b336701e5d4fdf150ed0d89cfe7467a3bb23aa7f5f63c254cd5c98501b6c2db3a56858

data/lib/nexpose_servicenow.rb

@@ -84,8 +84,8 @@ module NexposeServiceNow
     # Create a report if explicitly required or else an existing
     # report file isn't found
     def self.create_report(report_details, options)
-      if options[:mode].start_with? 'update_' or
-             (options[:mode] == 'latest_scans' && options[:id_type] != :site)
+      if %w(update_ remove_).any? { |m| options[:mode].start_with? m} or
+          (options[:mode] == 'latest_scans' && options[:id_type] != :site)
         return
       end
 
@@ -199,5 +199,10 @@ module NexposeServiceNow
       historical_data.set_last_vuln(options[:last_scan_data],
                                     options[:nexpose_ids])
     end
+
+    def self.remove_diff_comparison_mode(report_details, options)
+      historical_data = get_historical_data(options)
+      historical_data.remove_last_diff_comparison_data options[:output_dir]
+    end
   end
 end

data/lib/nexpose_servicenow/csv_compare.rb

@@ -0,0 +1,140 @@
+require 'fileutils'
+require 'tempfile'
+require 'csv-diff'
+require 'csv'
+
+module NexposeServiceNow
+  class CsvCompare
+    def self.get_columns(csv_file)
+      columns = ''
+      File::open(csv_file,'r') do |f|
+        columns = f.readline.rstrip
+      end
+
+      columns.split(',')
+    end
+
+    def self.get_row(value, columns, status)
+      columns.map { |c| value.fields[c] }.push(status)
+    end
+
+    def self.get_delete(value, columns)
+      self.get_row(value, columns, 'old')
+    end
+
+    def self.get_add(value, columns)
+      self.get_row(value, columns, 'new')
+    end
+
+    def self.update_to_old(value, columns)
+      self.update_to_row(value, columns, 0, 'old')
+    end
+
+    def self.update_to_new(value, columns)
+      self.update_to_row(value, columns, 1, 'new')
+    end
+
+    def self.update_to_row(value, columns, index, status)
+      row = []
+      columns.each do |c|
+        val = value.fields[c]
+        row << (val.kind_of?(Array) ? val[index] : val)
+      end
+      row.push(status)
+    end
+
+    def self.append_to_filename(current_filename, string_to_append)
+      extension = File.extname current_filename
+      name = File.basename current_filename, extension
+      path = File.dirname current_filename
+
+      "#{path}/#{name}-#{string_to_append}#{extension}"
+    end
+
+    def self.update_report_with_diff(report_file, key_fields=[0])
+      old_filename = self.append_to_filename(report_file, 'old')
+      new_filename = self.append_to_filename(report_file, 'new')
+
+      # Report is 'new' file for purpose of diff
+      FileUtils.mv(report_file, new_filename)
+
+      # If the old file doesn't exist, we can just add the status column
+      if File.exists?(old_filename)
+        self.create_csv_diff(old_filename,
+                             new_filename,
+                             report_file,
+                             key_fields)
+      else
+        self.overwrite_existing_report(new_filename, report_file)
+      end
+
+      # 'new' file becomes the basis of comparison next time
+      FileUtils.mv(new_filename, old_filename, :force => true)
+    end
+
+    # Instead of diffing, append 'status' column to an existing file
+    def self.overwrite_existing_report(source_file, target_file)
+      temp = Tempfile.new("#{File.basename source_file}tmp")
+
+      #TODO: Don't do the column_written check every time
+
+      CSV.open(temp, 'w') do |temp_csv|
+        column_written = false
+        new_column_value = ['status']
+        CSV.foreach(source_file) do |orig|
+          temp_csv << (orig + new_column_value)
+
+          unless column_written
+            new_column_value = ['new']
+            column_written = true
+          end
+        end
+      end
+
+      FileUtils.mv(temp, target_file, :force => true)
+    end
+
+    def self.create_csv_diff(old_file, new_file, target_file, key_fields=[0])
+      diff = CSVDiff.new(old_file,
+                         new_file,
+                         ignore_moves: true,
+                         key_fields: key_fields
+      )
+
+      columns = self.get_columns(new_file)
+
+      CSV.open(target_file, 'wb') do |csv|
+        csv << (columns+['status'])
+
+        diff.deletes.each_value { |v| csv << get_delete(v, columns) }
+        diff.adds.each_value { |v| csv << get_add(v, columns) }
+
+        if(key_fields.count == 1)
+          # If only a single key field, we don't need the old values
+          # Just grab the row and let ServiceNow coalesce and update the row
+          update_rows = diff.updates.each_value.map { |u| u.row }
+          update_rows = update_rows.map(&:to_i).sort
+          update_row_num = update_rows.shift
+          current_row_num = 0
+
+          CSV.foreach(new_file, headers: true) do |new_csv|
+            current_row_num = current_row_num + 1
+            next unless current_row_num == update_row_num
+
+            csv << new_csv.push('new')
+            update_row_num = update_rows.shift
+            break if update_row_num == nil
+          end
+        elsif(key_fields.count == 2)
+          # Multiple key fields result in row "updates"
+          diff.updates.each_value do |v|
+            csv << self.update_to_old(v, columns)
+            csv << self.update_to_new(v, columns)
+          end
+        else
+          raise "Received #{key_fields.count} key fields. Only 1/2 supported."
+        end
+      end
+    end
+  end
+end

data/lib/nexpose_servicenow/historical_data.rb

@@ -12,6 +12,9 @@ module NexposeServiceNow
     DAG_TIMESTAMP_FILE = 'last_scan_data_dag.csv'
     NEW_DAG_TIMESTAMP_FILE = 'new_dag_timestamp.csv'
 
+    ASSET_GROUP_FILE = 'Nexpose-ServiceNow-asset_groups-old.csv'
+    DIFFERENTIAL_FILE_REGEX = 'Nexpose-ServiceNow-*-old.csv'
+
     SITE_IDENTIFIER = 'site_id'
     SITE_DELTA_VALUE = 'last_scan_id'
     SITE_BASE_VALUE = 0
@@ -358,18 +361,15 @@ module NexposeServiceNow
       log_and_print 'Last vuln data updated.'
     end
 
-    def remove_local_file(filename)
+    def remove_local_file(filename, action)
       unless File.exist? filename
         log_and_error 'Can\'t remove file.'
         log_and_error "File #{filename} cannot be located."
         exit -1
       end
 
-      new_name = "#{filename}.#{Time.new.strftime('%Y-%m-%d.%H:%M:%S')}"
       begin
-        # Delete existing file with same name
-        File.delete new_name if File.exist? new_name
-        File.rename(filename, new_name)
+        self.send("by_#{action}", filename)
       rescue Exception => e
         log_and_error "Error removing file:\n#{e}"
         exit -1
@@ -378,13 +378,33 @@ module NexposeServiceNow
       log_and_print "File #{filename} removed"
     end
 
+    def self.by_rename(filename)
+      new_name = "#{filename}.#{Time.new.strftime('%Y-%m-%d.%H:%M:%S')}"
+      File.delete new_name if File.exist? new_name
+      File.rename(filename, new_name)
+    end
+
+    def self.by_delete(filename)
+      File.delete filename
+    end
+
     def remove_last_scan_data
-      remove_local_file @local_file
+      remove_local_file @local_file, 'rename'
+      remove_local_file @remote_file, 'delete'
     end
 
     def remove_last_vuln_data
-      remove_local_file @timestamp_file
+      remove_local_file @timestamp_file, 'rename'
+      remove_local_file @prev_timestamp_file, 'delete'
     end
 
+    def remove_last_diff_comparison_data(output_dir)
+      local_path = File.expand_path(output_dir)
+      remove_local_file (local_path + ASSET_GROUP_FILE), 'rename'
+
+      Dir[local_path + DIFFERENTIAL_FILE_REGEX].each do |file|
+        remove_local_file file, 'delete'
+      end
+    end
   end
 end

data/lib/nexpose_servicenow/nexpose_helper.rb

@@ -2,6 +2,7 @@ require 'nexpose'
 require 'fileutils'
 require_relative './queries'
 require_relative './nx_logger'
+require_relative './csv_compare'
 
 module NexposeServiceNow
   class NexposeHelper
@@ -77,7 +78,14 @@ module NexposeServiceNow
         report_id = generate_config(query, report_name, [id], id_type, min_cvss)
 
         run_report(report_id)
-        reports << save_report(report_name, report_id, output_dir)
+        local_report_name = save_report(report_name, report_id, output_dir)
+        reports << local_report_name
+
+        if Queries.csv_diff_required?(query_name)
+          @log.log_message "Calculating diff for #{local_report_name}..."
+          CsvCompare.update_report_with_diff(local_report_name,
+                                             Queries.query_keys(query_name))
+        end
       end
 
       reports

data/lib/nexpose_servicenow/queries.rb

@@ -14,7 +14,7 @@ module NexposeServiceNow
         pci_status,
         pci_adjusted_cvss_score as PCI_Severity,
         title as Summary,
-        description as Threat,
+        proofAsText(description) as Threat,
         ROUND(riskscore::numeric, 2) as Riskscore,
         cvss_vector,
         ROUND(cvss_impact_score::numeric, 2) as Impact_Score,
@@ -36,7 +36,7 @@ module NexposeServiceNow
                  THEN 1
                ELSE 0
              END AS bit) as Malware_Kits,
-        sol.solutions as Solution
+        array_to_string(sol.solutions, ',', '') as Solution
 
       FROM
         dim_vulnerability
@@ -68,14 +68,8 @@ module NexposeServiceNow
         GROUP BY dvr.vulnerability_id) ref USING (vulnerability_id)
 
       LEFT OUTER JOIN(SELECT vulnerability_id,
-                        string_agg(concat('Fix: ' || fix,
-                       'Solution type: ' || solution_type,
-                       'URL: ' || url,
-                       'Estimate: ' || estimate,
-                       'Applies To: ' || applies_to,
-                       'Additional Data: ' || additional_data), '\n') as solutions
-        FROM dim_solution
-        JOIN dim_vulnerability_solution USING (solution_id)
+                        array_agg(solution_id) as solutions
+        FROM dim_vulnerability_solution
         GROUP BY vulnerability_id) sol USING (vulnerability_id)
       WHERE date_modified >= '#{options[:vuln_query_date]}'"
     end
@@ -113,10 +107,12 @@ module NexposeServiceNow
         dim_operating_system.description as Operating_System,
         fact_asset.scan_finished as Most_Recent_Discovery,
         dim_asset.asset_id as Nexpose_ID,
-        fact_asset.pci_status
+        fact_asset.pci_status,
+        concat(fact_asset.aggregated_credential_status_id, ' - ', aggregated_credential_status_description)  as Credential_Status
 
       FROM dim_asset
       JOIN fact_asset USING (asset_id)
+      JOIN dim_aggregated_credential_status USING (aggregated_credential_status_id)
       LEFT OUTER JOIN dim_operating_system on dim_asset.operating_system_id = dim_operating_system.operating_system_id
       LEFT OUTER JOIN dim_host_type USING (host_type_id)"
     end
@@ -129,16 +125,44 @@ module NexposeServiceNow
       WHERE scan_id = lastScan(asset_id)"
     end
 
+      def self.service_definition(options={})
+      "SELECT DISTINCT on(dsf.name, ds.name, dp.name, port)
+        dsf.name, ds.name as service_name, dp.name as protocol, port
+
+        FROM (SELECT service_id, protocol_id, port, service_fingerprint_id
+            FROM fact_asset_scan_service
+            GROUP BY asset_id, service_id, protocol_id, port, service_fingerprint_id
+            HAVING min(scan_id) > #{options[:delta]} and max(scan_id) = lastScan(asset_id)) fass
+        JOIN dim_service ds USING (service_id)
+        JOIN dim_protocol dp USING (protocol_id)
+        JOIN dim_service_fingerprint dsf USING (service_fingerprint_id)"
+    end
+
+    # When a service only appears in either the old or latest import,
+    # then it needs deleted or inserted, respectively.
     def self.service_instance(options={})
-      'SELECT ds.Service_Name, asset_id as Nexpose_ID, port, dp.protocol, dsf.name
+      "SELECT asset_id, dsf.name as name,
+              ds.name as service_name,
+              dp.name as protocol, port,
+            CASE
+              WHEN scan_id = #{options[:delta]}
+                THEN 'old'
+              WHEN scan_id = lastScan(asset_id)
+                THEN 'new'
+              ELSE 'current'
+            END as status
+
+        FROM (SELECT asset_id, service_id, protocol_id, port, min(scan_id) as scan_id, service_fingerprint_id
               FROM fact_asset_scan_service
-        LEFT OUTER JOIN (SELECT service_id, name as service_name FROM dim_service) ds USING (service_id)
-              LEFT OUTER JOIN (SELECT service_fingerprint_id, name FROM dim_service_fingerprint) dsf USING (service_fingerprint_id)
-        LEFT OUTER JOIN (SELECT protocol_id, name as protocol FROM dim_protocol) dp USING (protocol_id)
-        WHERE scan_id = lastScan(asset_id)'
+              WHERE scan_id = lastScan(asset_id) OR scan_id = #{options[:delta]}
+              GROUP BY asset_id, service_id, protocol_id, port, service_fingerprint_id
+              HAVING min(scan_id) = max(scan_id)) fass
+        JOIN dim_service ds USING (service_id)
+        JOIN dim_protocol dp USING (protocol_id)
+        JOIN dim_service_fingerprint dsf USING (service_fingerprint_id)
+        GROUP BY asset_id, dsf.name, ds.name, dp.name, port, scan_id"
     end
 
-
     # Need to wipe table each time
     def self.group_accounts(options={})
       'SELECT asset_id as Nexpose_ID, daga.name as Group_Account_Name
@@ -155,12 +179,13 @@ module NexposeServiceNow
         JOIN dim_asset_user_account daua USING (asset_id)'
     end
 
-    # Need to wipe table each time
     def self.asset_groups(options={})
-      'SELECT asset_id as Nexpose_ID, dag.name as Asset_Group_Name,
-        dag.dynamic_membership, dag.description
-        FROM dim_asset_group_asset daga
-        JOIN dim_asset_group dag on daga.asset_group_id = dag.asset_group_id'
+      'SELECT asset_group_id, name as asset_group_name, description, dynamic_membership
+        FROM dim_asset_group'
+    end
+
+    def self.asset_group_memberships(options={})
+      'select * from dim_asset_group_asset'
     end
 
     # Need to wipe table each time
@@ -243,8 +268,6 @@ module NexposeServiceNow
     end
 
     def self.vulnerable_new_items(options={})
-      # self.send("vulnerable_new_items_per_#{options[:id_type]}", options)
-
       standard_filter = if options[:id_type] == 'site'
                           "MIN(fasv.scan_id) > #{options[:delta]}"
                         else
@@ -256,40 +279,51 @@ module NexposeServiceNow
       cvss_filter = self.generate_cvss_filter(options[:filters][:cvss])
 
       "SELECT
-      CAST(subq.asset_id as text) Configuration_Item,
-      TRUE as Active,
-      concat('R7_', subq.vulnerability_id) as Vulnerability,
-      fasva.first_discovered as First_Found,
-      fasva.most_recently_discovered as Last_Found,
-      subq.vulnerability_instances as Times_Found,
-      subq.ip_address as IP_Address,
-      favi.port as Port,
-      coalesce(NULLIF(favi.name,''), 'None') as Protocol
-
-      FROM (
+        CAST(subq.asset_id as text) Configuration_Item,
+        TRUE as Active,
+        concat('R7_', subq.vulnerability_id) as Vulnerability,
+        fasva.first_discovered as First_Found,
+        fasva.most_recently_discovered as Last_Found,
+        subq.vulnerability_instances as Times_Found,
+        subq.ip_address as IP_Address,
+        coalesce(NULLIF(CONCAT('\"', favi.proof ,'\"'), '\"\"'), 'None') as Proof,
+        favi.stat_desc as Status,
+        array_to_string(favi.ports, ' ', '') as Ports,
+        coalesce(NULLIF(concat(favi.pro_desc, ' (', favi.name, ')') ,'N/A ()'), 'None') as Protocol,
+        array_to_string(favi.solution_ids, ',', '') as Solutions
+        FROM (
              SELECT fasv.asset_id, fasv.vulnerability_id, vulnerability_instances,
                      MIN(fasv.scan_id) as first_found, MAX(fasv.scan_id) as latest_found,
                      s.current_scan, s.host_name, s.ip_address
-              FROM fact_asset_scan_vulnerability_finding fasv
-
-              #{cve_filter}
-              #{cvss_filter}
-
-              JOIN (
-                  SELECT asset_id, host_name, ip_address, lastScan(asset_id) AS current_scan FROM dim_asset
-               ) s ON s.asset_id = fasv.asset_id
-               GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan, s.host_name, s.ip_address, vulnerability_instances
-               HAVING MAX(fasv.scan_id)=current_scan AND #{standard_filter}
-              ) subq
-
-              JOIN (select asset_id, vulnerability_id,
-                           first_discovered, most_recently_discovered
-                    from fact_asset_vulnerability_age
-                    #{date_filter}) fasva USING (asset_id, vulnerability_id)
-
-      JOIN (select DISTINCT on(asset_id, vulnerability_id) asset_id, scan_id, vulnerability_id, port, dp.name
-                      from fact_asset_vulnerability_instance
-                      inner join dim_protocol dp USING (protocol_id)) favi ON favi.asset_id = subq.asset_id AND favi.scan_id = subq.current_scan AND favi.vulnerability_id = subq.vulnerability_id
+             FROM fact_asset_scan_vulnerability_finding fasv
+
+             #{cve_filter}
+             #{cvss_filter}
+
+             JOIN (SELECT asset_id, host_name, ip_address, lastScan(asset_id) AS current_scan
+                   FROM dim_asset
+             ) s ON s.asset_id = fasv.asset_id
+             GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan, s.host_name, s.ip_address, vulnerability_instances
+             HAVING MAX(fasv.scan_id)=current_scan AND #{standard_filter}
+      ) subq
+
+      JOIN (SELECT asset_id, vulnerability_id,
+                   first_discovered, most_recently_discovered
+            FROM fact_asset_vulnerability_age
+            #{date_filter}) fasva USING (asset_id, vulnerability_id)
+
+      JOIN (SELECT DISTINCT on(asset_id, vulnerability_id, scan_id)
+                   asset_id, scan_id, vulnerability_id,
+                   proofAsText(proof) as proof, vs.description as stat_desc,
+                   array_agg(DISTINCT port) as ports, dp.name,
+                   dp.description as pro_desc,
+                   array_agg(DISTINCT dvs.solution_id) as solution_ids
+            FROM fact_asset_vulnerability_instance
+            INNER JOIN dim_protocol dp USING (protocol_id)
+            INNER JOIN dim_vulnerability_status vs using (status_id)
+            LEFT JOIN dim_asset_vulnerability_solution dvs USING (asset_id, vulnerability_id)
+            GROUP BY asset_id, scan_id, vulnerability_id, proof, stat_desc, port, dp.name, pro_desc
+      ) favi ON favi.asset_id = subq.asset_id AND favi.scan_id = subq.current_scan AND favi.vulnerability_id = subq.vulnerability_id
       ORDER BY fasva.asset_id, vulnerability"
     end
 
@@ -342,6 +376,53 @@ module NexposeServiceNow
 
     end
 
+    def self.vulnerability_solutions(options={})
+      "SELECT DISTINCT (solution_id)
+         solution_id,
+         nexpose_id,
+         coalesce(NULLIF(CONCAT('\"', proofAsText(fix),'\"'), '\"\"'), 'None') as fix,
+         estimate,
+         summary,
+         solution_type,
+         applies_to,
+         url,
+         coalesce(NULLIF(CONCAT('\"',proofAsText(additional_data),'\"'), '\"\"'), 'None') as additional_data,
+         array_to_string(req_solutions, ',', '') as required_solutions,
+         array_to_string(super_solutions, ',', '') as superceding_solutions
+       FROM dim_solution
+       RIGHT OUTER JOIN (
+           SELECT DISTINCT (solution_id) solution_id
+            FROM (
+              SELECT solution_id, vulnerability_id, date_modified
+              FROM dim_vulnerability
+              LEFT JOIN dim_vulnerability_solution idvs USING (vulnerability_id)
+            ) dvs
+            WHERE date_modified >= '#{options[:vuln_query_date]}'
+            UNION
+            SELECT DISTINCT (solution_id) solution_id
+            FROM dim_solution
+            LEFT JOIN (
+              SELECT solution_id, vulnerability_id, date_modified
+              FROM dim_vulnerability
+              LEFT JOIN dim_vulnerability_solution idvs USING (vulnerability_id)
+            ) ndvs USING (solution_id)
+            WHERE vulnerability_id IS NULL
+       ) dvs USING (solution_id)
+       LEFT JOIN (
+           SELECT DISTINCT (solution_id) solution_id,
+             array_agg(required_solution_id) as req_solutions
+           FROM dim_solution_prerequisite
+           GROUP BY solution_id
+       ) dsp USING (solution_id)
+       JOIN (
+           SELECT DISTINCT (solution_id) solution_id,
+             array_agg(superceding_solution_id) as super_solutions
+           FROM dim_solution_highest_supercedence
+           GROUP BY solution_id
+       ) dshs USING (solution_id)
+       ORDER BY solution_id"
+    end
+
     def self.latest_scans(options={})
       'SELECT ds.site_id, ds.last_scan_id, dsc.finished
         FROM dim_site ds
@@ -350,8 +431,24 @@ module NexposeServiceNow
 
     def self.multiple_reports?(query_name)
       single_queries = %w(vulnerabilities vulnerability_category
-                          vulnerability_references latest_scans)
+                          asset_groups latest_scans
+                          vulnerability_solutions vulnerability_references
+                          )
       return !(single_queries.include? query_name.to_s)
     end
+
+    def self.csv_diff_required?(query_name)
+      diff_required = %w(asset_groups asset_group_memberships)
+      return (diff_required.include? query_name.to_s)
+    end
+
+    # TODO: Refactor this.
+    def self.query_keys(query_name)
+      if query_name.to_s == 'asset_groups'
+        [0]
+      else
+        [0,1]
+      end
+    end
   end
 end

data/lib/nexpose_servicenow/version.rb

@@ -1,5 +1,5 @@
 module NexposeServiceNow
-  VERSION = '0.5.1'
+  VERSION = '0.6.0'
   VENDOR = 'ServiceNow'
   PRODUCT = 'CMDB'
 end

data/nexpose_servicenow.gemspec

@@ -28,7 +28,8 @@ Gem::Specification.new do |spec|
   spec.bindir        = "bin"
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.11"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency 'bundler', '~> 1.11'
+  spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_dependency 'nexpose', '~> 3.2'
+  spec.add_dependency 'csv-diff', '~> 0.3.3'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_servicenow
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.6.0
 platform: ruby
 authors:
 - David Valente
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-26 00:00:00.000000000 Z
+date: 2017-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: csv-diff
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.3
 description: Provides an interface to Nexpose for the Rapid7 ServiceNow MarketPlace
   application.
 email:
@@ -70,6 +84,7 @@ files:
 - lib/nexpose_servicenow.rb
 - lib/nexpose_servicenow/arg_parser.rb
 - lib/nexpose_servicenow/chunker.rb
+- lib/nexpose_servicenow/csv_compare.rb
 - lib/nexpose_servicenow/historical_data.rb
 - lib/nexpose_servicenow/nexpose_helper.rb
 - lib/nexpose_servicenow/nx_logger.rb