RubyGems - nexpose_servicenow - Versions diffs - 0.7.1 → 0.7.2 - Mend

nexpose_servicenow 0.7.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/nexpose_servicenow/queries/nexpose_queries.rb +65 -46
data/lib/nexpose_servicenow/version.rb +1 -1
data/nexpose_servicenow.gemspec +1 -1
metadata +6 -5

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ba87a2439d290abbf57e7eb2d6792d691166f312
-  data.tar.gz: 0dcb0dc8fc8373431a3ccba7b6879903562a0fee
+  metadata.gz: 5cf867dd52b399b8e111b8d36c404e133c663c31
+  data.tar.gz: 5d2e5338b7ec21c7216dd1837ade8cf17921e000
 SHA512:
-  metadata.gz: df8bcf8ccf412d0fe87aa41282233fc6e9739ccac94ec7398c42bd73842ec5de92ef7045ae300ad0e47999c808e5c327caf8fe974997066f349dfef54c45de63
-  data.tar.gz: 2f8dfbd40ea34d981d75da8b0bad547de128b4e3cd118c9bf3dec4883aeab01a61664f29d37a4b1156d60326864874fd3aa0e6a7d929510e356660cb425a2b76
+  metadata.gz: 803f91eaed2e6b4e8ad728588546cbd04a35a9fc511c41e8a5b2a1c6452ba1fa5ee5a91857525908fa86735d0d8d78d8e21e72362e6e865d15ab9a5e72f6dab4
+  data.tar.gz: a80e9eaa45e6bffea2c5167736b9f52848bae488dcdfc2dfec10b902c4cef0daca1bca54e39f3c15ff931369f6a7d07557fe9b52fb88be797f9e38a429aad73b

data/lib/nexpose_servicenow/queries/nexpose_queries.rb CHANGED

@@ -269,57 +269,80 @@ module NexposeServiceNow
              USING (vulnerability_id)"
     end
+    def self.generate_cvss_table(cvss_range)
+      return '' if cvss_range.nil? || cvss_range.last.nil?
+      cvss_min = cvss_range.first
+      cvss_max = cvss_range.last
+      return '' if cvss_min.to_s == '0' && cvss_max.to_s == '10'
+      "vulns_cvss AS (
+          SELECT vulnerability_id FROM dim_vulnerability
+          WHERE cvss_score >= #{cvss_min} AND cvss_score <= #{cvss_max})"
+    end
     def self.vulnerable_new_items(options={})
-      cve_filter = self.generate_cve_filter(options[:filters][:cve])
       date_filter = self.generate_date_filter(options[:filters][:date], false)
-      cvss_filter = self.generate_cvss_filter(options[:filters][:cvss])
-      "SELECT CAST(asset_id as text) Configuration_Item,
-            TRUE as Active,
-            concat('R7_', vulnerability_id) as Vulnerability,
-            first_discovered as First_Found,
-            most_recently_discovered as Last_Found,
-            vulnerability_instances as Times_Found,
-            ip_address as IP_Address,
-            proof as Proof,
-            status as Status,
-            ports as Ports,
-            protocol as Protocol,
-            array_to_string(dvsol.solution_ids, ',', '') as Solutions
-        FROM
-        (SELECT asset_id, scan_id, vulnerability_id, vulnerability_instances
-        FROM fact_asset_vulnerability_finding
-        WHERE (asset_id, vulnerability_id) NOT IN
-            (SELECT asset_id, vulnerability_id
-             FROM fact_asset_scan_vulnerability_finding
-             WHERE scan_id=#{options[:delta]})) favf
-        #{cve_filter}
-        #{cvss_filter}
+      cvss_table = self.generate_cvss_table(options[:filters][:cvss])
+      cvss_filter = ''
+      if cvss_table != ''
+        cvss_table = ",#{cvss_table}"
+        cvss_filter = 'WHERE EXISTS (
+                       SELECT 1 FROM vulns_cvss vc
+                       WHERE nv.vulnerability_id = vc.vulnerability_id)'
+      end
+      "WITH assets AS (
+          SELECT * FROM dim_site_asset
+          WHERE site_id=#{options[:site_id]}
+        ), previous_scan AS (
+          SELECT asset_id, vulnerability_id
+          FROM fact_asset_scan_vulnerability_finding
+          WHERE scan_id=#{options[:delta]}
+        ), new_vulns AS (
+          SELECT asset_id, vulnerability_id, vulnerability_instances
+          FROM assets a
+          JOIN fact_asset_vulnerability_finding favf USING (asset_id)
+          WHERE NOT EXISTS (
+            SELECT 1
+            FROM previous_scan p
+            WHERE favf.asset_id = p.asset_id and favf.vulnerability_id = p.vulnerability_id)
+        )#{cvss_table}
+        ,vuln_instances AS (
+          SELECT asset_id, vulnerability_id, vulnerability_instances,
+                 status_id, proofAsText(proof) as proof, port, protocol_id
+          FROM new_vulns nv
+          JOIN fact_asset_vulnerability_instance USING (asset_id, vulnerability_id)
+          #{cvss_filter}
+        )
+        SELECT asset_id as Configuration_Item,
+               TRUE as Active,
+               concat('R7_', vulnerability_id) as Vulnerability,
+               ip_address as IP_Address,
+               first_discovered as First_Found,
+               most_recently_discovered as Last_Found,
+               vulnerability_instances as Times_Found,
+               string_agg(CONCAT('\"', proof ,'\"'), ',') as proof,
+               string_agg(DISTINCT port::character, ',') as ports,
+               string_agg(DISTINCT dp.description, ',') as protocol,
+               array_to_string(dvsol.solution_ids, ',', '') as Solutions,
+               string_agg(DISTINCT dvs.description, ',') as Status
+        FROM vuln_instances
+        JOIN dim_protocol dp USING (protocol_id)
+        JOIN dim_asset USING (asset_id)
+        JOIN dim_vulnerability_status dvs USING (status_id)
         JOIN (SELECT asset_id, vulnerability_id,
                      first_discovered, most_recently_discovered
               FROM fact_asset_vulnerability_age #{date_filter}) fasva USING (asset_id, vulnerability_id)
-        JOIN (SELECT asset_id,
-               vulnerability_id,
-               string_agg(proof, E'\n') as proof,
-               array_to_string(array_agg(DISTINCT port), ' ', '') as ports,
-               string_agg(DISTINCT status, ',') as status,
-               string_agg(DISTINCT protocol, ',') as protocol
-              FROM (SELECT asset_id, vulnerability_id,
-                            proofAsText(proof) as proof,
-                            status_id as status_id,
-                            port,
-                            dp.description as protocol,
-                            dvs.description as status
-                    FROM fact_asset_vulnerability_instance
-              JOIN dim_protocol dp USING (protocol_id)
-              JOIN dim_vulnerability_status dvs USING (status_id)) favi
-              GROUP BY asset_id, vulnerability_id) favi USING (asset_id, vulnerability_id)
-        JOIN (SELECT asset_id, ip_address
-              FROM dim_asset) s USING (asset_id)
         LEFT JOIN (SELECT asset_id, vulnerability_id,
                           array_agg(DISTINCT solution_id) as solution_ids
                    FROM dim_asset_vulnerability_solution
-                   GROUP BY asset_id, vulnerability_id) dvsol USING (asset_id, vulnerability_id)"
+                   GROUP BY asset_id, vulnerability_id) dvsol USING (asset_id, vulnerability_id)
+        GROUP by asset_id, vulnerability_id, first_discovered, ip_address, most_recently_discovered, vulnerability_instances, dvsol.solution_ids
+      "
     end
     def self.vulnerable_old_items(options={})
@@ -351,19 +374,15 @@ module NexposeServiceNow
                      MAX(fasv.scan_id) as latest_found,
                      s.current_scan
              FROM fact_asset_scan_vulnerability_finding fasv
               #{cve_filter}
               #{cvss_filter}
               JOIN (
                  SELECT asset_id, lastScan(asset_id) AS current_scan FROM dim_asset
               ) s ON s.asset_id = fasv.asset_id
               GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
               HAVING MAX(fasv.scan_id) < current_scan
                      AND #{standard_filter}
              ) subq
       JOIN dim_asset da ON subq.asset_id = da.asset_id
       #{date_filter}"

data/lib/nexpose_servicenow/version.rb CHANGED

@@ -1,5 +1,5 @@
 module NexposeServiceNow
-  VERSION = '0.7.1'
+  VERSION = '0.7.2'
   VENDOR = 'ServiceNow'
   PRODUCT = 'CMDB'
 end

data/nexpose_servicenow.gemspec CHANGED

@@ -31,7 +31,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler', '~> 1.11'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_dependency 'nexpose', '~> 3.2'
-  spec.add_dependency 'csv-diff', '~> 0.3.3'
+  spec.add_dependency 'csv-diff', '~> 0.3.5'
   spec.add_dependency 'pg', '~> 0.21.0'
   spec.required_ruby_version = ['>= 2.1.5', '< 2.5.0']

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_servicenow
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.7.2
 platform: ruby
 authors:
 - David Valente
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-04-04 00:00:00.000000000 Z
+date: 2018-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.3.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.3.5
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -133,8 +133,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.4.3
 signing_key:
 specification_version: 4
 summary: Gem for Nexpose-ServiceNow integration.
 test_files: []
+has_rdoc: