RubyGems - nexpose_sourcefire - Versions diffs - 0.1.0 → 0.2.0 - Mend

nexpose_sourcefire 0.1.0 → 0.2.0

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cef7e30e1d14532223faf481eb8a33ca038386b8
-  data.tar.gz: ffa7de21150cdb104954baeef8b82740d16a41f2
+  metadata.gz: 9c9fb896af914fcbcdbda0d0bde478430f11c359
+  data.tar.gz: 2d3b0d70909afe2a7ebe7d42b6f16c6e0d9b22e4
 SHA512:
-  metadata.gz: 7c5004beb3f54df13b944185d0fdadbb2d124baaed03a757272cc07231e10f32c0c7a11257ec7ec73b80e67f9eaa2b5a8742b57245c8bf3c896c7467e9762987
-  data.tar.gz: 4fe6994e3c82719caa232f3712a85591d59f36a07fdb3ce3ad691901e7b0c4bd95a6be6de7e15f5cf11609c7a7ff94a838e504087a22de841a1e712ae78d5c27
+  metadata.gz: 364fca4f693195b3b82ddd25753e49b66af98a95f39134ddff023497f48f35f4efeff3e98a83e2b223cdcdcecb760e9d7551c29fe39e3bce483edb9ba2a5e463
+  data.tar.gz: b9615320e59700e035ae1390777cfd95be116f42f08f06b33c24792fed36491f52220fcb57541a32106701047d8569288a62be58c456b43b3479e88760c585b3

data/README.md CHANGED Viewed

@@ -1,9 +1,5 @@
 # SourcefireRuby
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sourcefire_ruby`. To experiment with that code, run `bin/console` for an interactive prompt.
-TODO: Delete this and the text above, and describe your gem
 ## Installation
 Add this line to your application's Gemfile:
@@ -20,9 +16,13 @@ Or install it yourself as:
     $ gem install sourcefire_ruby
-## Usage
+## Changelog
+### 0.2.0
+Host OS information is now uploaded, if available.
-TODO: Write usage instructions here
+### 0.1.0
+Initial release
 ## Development

data/bin/nexpose_sourcefire CHANGED Viewed

@@ -4,6 +4,9 @@ require 'sourcefire/nx_logger'
 require 'sourcefire/version'
 require 'yaml'
+#Set the encoding for external CSV files.
+Encoding.default_external=Encoding.find("UTF-8")
 CONFIG_PATH =  File.join(File.dirname(__FILE__), '../lib/sourcefire/config/rapid7_sourcefire.config')
 # Obtain Nexpose settings from Environment Variables.

data/lib/sourcefire/nx_logger.rb CHANGED Viewed

@@ -35,22 +35,22 @@ module Sourcefire
       end
     end
-    def setup_logging(enabled, log_level)
+    def setup_logging(enabled, log_level = 'info')
       unless enabled || @log.nil?
         log_message('Logging disabled.')
         return
       end
-      log_level ||= 'info'
       @logger_file = get_log_path product
       require 'logger'
       directory = File.dirname(@logger_file)
       FileUtils.mkdir_p(directory) unless File.directory?(directory)
-      io = IO.for_fd(IO.sysopen(@logger_file, 'a'))
+      io = IO.for_fd(IO.sysopen(@logger_file, 'a'), 'a')
       io.autoclose = false
       io.sync = true
       @log = Logger.new(io, 'weekly')
-      @log.level = if log_level.casecmp('info') == 0
+      @log.level = if log_level.to_s.casecmp('info') == 0
                      Logger::INFO
                    else
                      Logger::DEBUG
@@ -146,5 +146,10 @@ module Sourcefire
       end
     end
+    #Used by net library for debugging
+    def <<(value)
+      log_debug_message(value)
+    end
   end
 end

data/lib/sourcefire/queries.rb CHANGED Viewed

@@ -1,14 +1,16 @@
 module Sourcefire
   module Queries
     def self.sf_host_vuln_info(options = {})
-      "SELECT favi.asset_id as asset_id, da.ip_address, favi.port, favi.protocol_id, dv.title, dv.vulnerability_id, dv.nexpose_id, string_agg(DISTINCT '<' || dvr.source || ':' || dvr.reference,'>') || '>' as references, dv.severity_score, dv.pci_severity_score, round((dv.cvss_score)::numeric,1) as cvss_score, dv.cvss_vector
+      "SELECT favi.asset_id as asset_id, da.ip_address, favi.port, favi.protocol_id, dv.title, dv.vulnerability_id, dv.nexpose_id, string_agg(DISTINCT '<' || dvr.source || ':' || dvr.reference,'>') || '>' as references, dv.severity_score, dv.pci_severity_score, round((dv.cvss_score)::numeric,1) as cvss_score, dv.cvss_vector,
+                  os.vendor, os.name, os.version
 		  FROM fact_vulnerability fa
 		  JOIN dim_vulnerability dv USING (vulnerability_id)
 		  LEFT OUTER JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
 		  LEFT OUTER JOIN fact_asset_vulnerability_instance favi USING (vulnerability_id)
 		  LEFT OUTER JOIN dim_asset da USING (asset_id)
+                  JOIN dim_operating_system os ON da.operating_system_id=os.operating_system_id
 		  WHERE affected_assets > 0
-		  GROUP BY  da.ip_address, dv.title, favi.port, dv.vulnerability_id, dv.severity, dv.pci_severity_score, dv.cvss_score, dv.cvss_vector, favi.asset_id, favi.protocol_id, dv.nexpose_id, dv.severity_score
+		  GROUP BY  da.ip_address, dv.title, favi.port, dv.vulnerability_id, dv.severity, dv.pci_severity_score, dv.cvss_score, dv.cvss_vector, favi.asset_id, favi.protocol_id, dv.nexpose_id, dv.severity_score, os.vendor, os.name, os.version
 		  ORDER BY da.ip_address ASC"
     end
   end

data/lib/sourcefire/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Sourcefire
   PRODUCT = 'Sourcefire'
   VENDOR = 'Sourcefire'
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/sourcefire_connector.rb CHANGED Viewed

@@ -31,8 +31,7 @@ module Sourcefire
       puts 'Report generation complete.'
       #Process the Nexpose results.report("name:") { TESTS.times {  } }ort into SourceFire format
-      processed_report_file = File.open("processed_nexpose_report_#{time}.csv", 'w')
-      data_sets = process_nexpose_data(report_file, processed_report_file)
+      data_sets = process_nexpose_data(report_file)
       #Establish connection with Sourcefire
       puts "Connecting to Sourcefire: #{@config[:sourcefire_address]}"
@@ -58,6 +57,7 @@ module Sourcefire
       CSV.foreach(report_file, headers: true) do |row|
         if current_asset.nil?
           current_asset = "AddHost,#{row['ip_address']}\n"
+          current_asset << "SetOS,#{row['ip_address']},#{row['vendor']},#{row['name']},#{row['version']}\n"
           current_ip = row['ip_address']
         end
@@ -75,7 +75,7 @@ module Sourcefire
           current_asset += sf_csv
           next
-        end
+        end
         #Next asset
         assets << current_asset
@@ -89,7 +89,7 @@ module Sourcefire
       assets
     end
-    def process_nexpose_data(report_file, processed_report_file)
+    def process_nexpose_data(report_file)
       max_data_size = 524288
       @log.log_message('Creating data sets')
@@ -137,7 +137,7 @@ module Sourcefire
       data_sets
     end
-    def process_nexpose_data_alt(report_file, processed_report_file)
+    def process_nexpose_data_alt(report_file)
       max_data_size = 524288
       assets = get_assets(report_file)

data/sourcefire.gemspec ADDED Viewed

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sourcefire/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'nexpose_sourcefire'
+  spec.version       = Sourcefire::VERSION
+  spec.authors       = ['JJ Cassidy', 'David Valente']
+  spec.email         = ['integrations_support@rapid7.com']
+  spec.summary       = 'Nexpose SourceFire Integration GEM'
+  spec.description   = 'This GEM allows enables the importing of Nexpose host and vulnerability data into SourceFire'
+  spec.homepage      = 'http://www.rapid7.com'
+  spec.license       = 'MIT'
+  spec.files         = Dir['[A-Z]*'] + Dir['lib/**/*'] + Dir['bin/**']
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_runtime_dependency 'nexpose', "~> 0.9"
+  spec.required_ruby_version = '>= 1.9'
+end

data/sourcefire.iml ADDED Viewed

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="RUBY_MODULE" version="4">
+  <component name="FacetManager">
+    <facet type="gem" name="Ruby Gem">
+      <configuration>
+        <option name="GEM_APP_ROOT_PATH" value="$MODULE_DIR$" />
+        <option name="GEM_APP_TEST_PATH" value="" />
+        <option name="GEM_APP_LIB_PATH" value="" />
+      </configuration>
+    </facet>
+  </component>
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="jdk" jdkName="RVM: ruby-1.9.3-p547 [global]" jdkType="RUBY_SDK" />
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" scope="PROVIDED" name="bundler (v1.10.4, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="nexpose (v0.9.8, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rake (v10.4.2, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rex (v2.0.7, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
+  </component>
+</module>

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_sourcefire
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - JJ Cassidy
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-12-11 00:00:00.000000000 Z
+date: 2016-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -75,6 +75,8 @@ files:
 - lib/sourcefire/queries.rb
 - lib/sourcefire/version.rb
 - lib/sourcefire_connector.rb
+- sourcefire.gemspec
+- sourcefire.iml
 homepage: http://www.rapid7.com
 licenses:
 - MIT
@@ -95,7 +97,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.3
+rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
 summary: Nexpose SourceFire Integration GEM