RubyGems - nexpose_servicenow - Versions diffs - 0.7.1 → 0.7.2 - Mend

nexpose_servicenow 0.7.1 → 0.7.2

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/nexpose_servicenow/queries/nexpose_queries.rb +65 -46
data/lib/nexpose_servicenow/version.rb +1 -1
data/nexpose_servicenow.gemspec +1 -1
metadata +6 -5

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ba87a2439d290abbf57e7eb2d6792d691166f312
-  data.tar.gz: 0dcb0dc8fc8373431a3ccba7b6879903562a0fee
+  metadata.gz: 5cf867dd52b399b8e111b8d36c404e133c663c31
+  data.tar.gz: 5d2e5338b7ec21c7216dd1837ade8cf17921e000
 SHA512:
-  metadata.gz: df8bcf8ccf412d0fe87aa41282233fc6e9739ccac94ec7398c42bd73842ec5de92ef7045ae300ad0e47999c808e5c327caf8fe974997066f349dfef54c45de63
-  data.tar.gz: 2f8dfbd40ea34d981d75da8b0bad547de128b4e3cd118c9bf3dec4883aeab01a61664f29d37a4b1156d60326864874fd3aa0e6a7d929510e356660cb425a2b76
+  metadata.gz: 803f91eaed2e6b4e8ad728588546cbd04a35a9fc511c41e8a5b2a1c6452ba1fa5ee5a91857525908fa86735d0d8d78d8e21e72362e6e865d15ab9a5e72f6dab4
+  data.tar.gz: a80e9eaa45e6bffea2c5167736b9f52848bae488dcdfc2dfec10b902c4cef0daca1bca54e39f3c15ff931369f6a7d07557fe9b52fb88be797f9e38a429aad73b

data/lib/nexpose_servicenow/queries/nexpose_queries.rb CHANGED

@@ -269,57 +269,80 @@ module NexposeServiceNow
              USING (vulnerability_id)"
     end
+    def self.generate_cvss_table(cvss_range)
+      return '' if cvss_range.nil? || cvss_range.last.nil?
+      cvss_min = cvss_range.first
+      cvss_max = cvss_range.last
+      return '' if cvss_min.to_s == '0' && cvss_max.to_s == '10'
+      "vulns_cvss AS (
+          SELECT vulnerability_id FROM dim_vulnerability
+          WHERE cvss_score >= #{cvss_min} AND cvss_score <= #{cvss_max})"
+    end
     def self.vulnerable_new_items(options={})
-      cve_filter = self.generate_cve_filter(options[:filters][:cve])
       date_filter = self.generate_date_filter(options[:filters][:date], false)
-      cvss_filter = self.generate_cvss_filter(options[:filters][:cvss])
-      "SELECT CAST(asset_id as text) Configuration_Item,
-            TRUE as Active,
-            concat('R7_', vulnerability_id) as Vulnerability,
-            first_discovered as First_Found,
-            most_recently_discovered as Last_Found,
-            vulnerability_instances as Times_Found,
-            ip_address as IP_Address,
-            proof as Proof,
-            status as Status,
-            ports as Ports,
-            protocol as Protocol,
-            array_to_string(dvsol.solution_ids, ',', '') as Solutions
-        FROM
-        (SELECT asset_id, scan_id, vulnerability_id, vulnerability_instances
-        FROM fact_asset_vulnerability_finding
-        WHERE (asset_id, vulnerability_id) NOT IN
-            (SELECT asset_id, vulnerability_id
-             FROM fact_asset_scan_vulnerability_finding
-             WHERE scan_id=#{options[:delta]})) favf
-        #{cve_filter}
-        #{cvss_filter}
+      cvss_table = self.generate_cvss_table(options[:filters][:cvss])
+      cvss_filter = ''
+      if cvss_table != ''
+        cvss_table = ",#{cvss_table}"
+        cvss_filter = 'WHERE EXISTS (
+                       SELECT 1 FROM vulns_cvss vc
+                       WHERE nv.vulnerability_id = vc.vulnerability_id)'
+      end
+      "WITH assets AS (
+          SELECT * FROM dim_site_asset
+          WHERE site_id=#{options[:site_id]}
+        ), previous_scan AS (
+          SELECT asset_id, vulnerability_id
+          FROM fact_asset_scan_vulnerability_finding
+          WHERE scan_id=#{options[:delta]}
+        ), new_vulns AS (
+          SELECT asset_id, vulnerability_id, vulnerability_instances
+          FROM assets a
+          JOIN fact_asset_vulnerability_finding favf USING (asset_id)
+          WHERE NOT EXISTS (
+            SELECT 1
+            FROM previous_scan p
+            WHERE favf.asset_id = p.asset_id and favf.vulnerability_id = p.vulnerability_id)
+        )#{cvss_table}
+        ,vuln_instances AS (
+          SELECT asset_id, vulnerability_id, vulnerability_instances,
+                 status_id, proofAsText(proof) as proof, port, protocol_id
+          FROM new_vulns nv
+          JOIN fact_asset_vulnerability_instance USING (asset_id, vulnerability_id)
+          #{cvss_filter}
+        )
+        SELECT asset_id as Configuration_Item,
+               TRUE as Active,
+               concat('R7_', vulnerability_id) as Vulnerability,
+               ip_address as IP_Address,
+               first_discovered as First_Found,
+               most_recently_discovered as Last_Found,
+               vulnerability_instances as Times_Found,
+               string_agg(CONCAT('\"', proof ,'\"'), ',') as proof,
+               string_agg(DISTINCT port::character, ',') as ports,
+               string_agg(DISTINCT dp.description, ',') as protocol,
+               array_to_string(dvsol.solution_ids, ',', '') as Solutions,
+               string_agg(DISTINCT dvs.description, ',') as Status
+        FROM vuln_instances
+        JOIN dim_protocol dp USING (protocol_id)
+        JOIN dim_asset USING (asset_id)
+        JOIN dim_vulnerability_status dvs USING (status_id)
         JOIN (SELECT asset_id, vulnerability_id,
                      first_discovered, most_recently_discovered
               FROM fact_asset_vulnerability_age #{date_filter}) fasva USING (asset_id, vulnerability_id)
-        JOIN (SELECT asset_id,
-               vulnerability_id,
-               string_agg(proof, E'\n') as proof,
-               array_to_string(array_agg(DISTINCT port), ' ', '') as ports,
-               string_agg(DISTINCT status, ',') as status,
-               string_agg(DISTINCT protocol, ',') as protocol
-              FROM (SELECT asset_id, vulnerability_id,
-                            proofAsText(proof) as proof,
-                            status_id as status_id,
-                            port,
-                            dp.description as protocol,
-                            dvs.description as status
-                    FROM fact_asset_vulnerability_instance
-              JOIN dim_protocol dp USING (protocol_id)
-              JOIN dim_vulnerability_status dvs USING (status_id)) favi
-              GROUP BY asset_id, vulnerability_id) favi USING (asset_id, vulnerability_id)
-        JOIN (SELECT asset_id, ip_address
-              FROM dim_asset) s USING (asset_id)
         LEFT JOIN (SELECT asset_id, vulnerability_id,
                           array_agg(DISTINCT solution_id) as solution_ids
                    FROM dim_asset_vulnerability_solution
-                   GROUP BY asset_id, vulnerability_id) dvsol USING (asset_id, vulnerability_id)"
+                   GROUP BY asset_id, vulnerability_id) dvsol USING (asset_id, vulnerability_id)
+        GROUP by asset_id, vulnerability_id, first_discovered, ip_address, most_recently_discovered, vulnerability_instances, dvsol.solution_ids
+      "
     end
     def self.vulnerable_old_items(options={})
@@ -351,19 +374,15 @@ module NexposeServiceNow
                      MAX(fasv.scan_id) as latest_found,
                      s.current_scan
              FROM fact_asset_scan_vulnerability_finding fasv
               #{cve_filter}
               #{cvss_filter}
               JOIN (
                  SELECT asset_id, lastScan(asset_id) AS current_scan FROM dim_asset
               ) s ON s.asset_id = fasv.asset_id
               GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
               HAVING MAX(fasv.scan_id) < current_scan
                      AND #{standard_filter}
              ) subq
       JOIN dim_asset da ON subq.asset_id = da.asset_id
       #{date_filter}"

data/lib/nexpose_servicenow/version.rb CHANGED

@@ -1,5 +1,5 @@
 module NexposeServiceNow
-  VERSION = '0.7.1'
+  VERSION = '0.7.2'
   VENDOR = 'ServiceNow'
   PRODUCT = 'CMDB'
 end

data/nexpose_servicenow.gemspec CHANGED

@@ -31,7 +31,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler', '~> 1.11'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_dependency 'nexpose', '~> 3.2'
-  spec.add_dependency 'csv-diff', '~> 0.3.3'
+  spec.add_dependency 'csv-diff', '~> 0.3.5'
   spec.add_dependency 'pg', '~> 0.21.0'
   spec.required_ruby_version = ['>= 2.1.5', '< 2.5.0']

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_servicenow
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.7.2
 platform: ruby
 authors:
 - David Valente
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-04-04 00:00:00.000000000 Z
+date: 2018-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.3.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.3.5
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -133,8 +133,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.4.3
 signing_key:
 specification_version: 4
 summary: Gem for Nexpose-ServiceNow integration.
 test_files: []
+has_rdoc: