nexpose_sourcefire 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9c9fb896af914fcbcdbda0d0bde478430f11c359
-  data.tar.gz: 2d3b0d70909afe2a7ebe7d42b6f16c6e0d9b22e4
+  metadata.gz: 66a0bd838b05bf5c28eb153bc0189f16709555c3
+  data.tar.gz: f546f226efeb05c8c57b726b64354b6df78019f4
 SHA512:
-  metadata.gz: 364fca4f693195b3b82ddd25753e49b66af98a95f39134ddff023497f48f35f4efeff3e98a83e2b223cdcdcecb760e9d7551c29fe39e3bce483edb9ba2a5e463
-  data.tar.gz: b9615320e59700e035ae1390777cfd95be116f42f08f06b33c24792fed36491f52220fcb57541a32106701047d8569288a62be58c456b43b3479e88760c585b3
+  metadata.gz: ac24ce75871839767af860c5168ac9b87d54c2253e7ab302cb4e23bda9adab55cc6235d04811c76c06758227d2f9b27b925cc2f8e7590864ab41b063008f139c
+  data.tar.gz: eb4de1ee51d40cdb57e843ada389d28b98700511065984472bbd54bbbf4c1450315084fa1f1791a8a08a586dc587198eb04d4eb707ac8f5d1efed07be9ba4205

data/bin/nexpose_sourcefire

@@ -25,8 +25,7 @@ raise 'Must configure SourceFire settings before starting' if ENV['SOURCEFIRE_AD
 
 log = Sourcefire::NxLogger.instance
 log.setup_statistics_collection(Sourcefire::PRODUCT, Sourcefire::VENDOR, Sourcefire::VERSION)
-logging_enabled = configuration_settings[:options][:logging_enabled] || false
-log.setup_logging(logging_enabled, 
+log.setup_logging(configuration_settings[:options][:logging_enabled], 
 				  configuration_settings[:options][:log_level])
 
 configuration_settings[:nexpose_address] = ENV['NEXPOSE_URL']

data/lib/sourcefire/nx_logger.rb

@@ -6,27 +6,23 @@ require 'singleton'
 module Sourcefire
   class NxLogger
     include Singleton
-    attr_accessor :options, :statistic_key, :product, :logger_file
     LOG_PATH = "./logs/rapid7_%s.log"
     KEY_FORMAT = "external.integration.%s"
     PRODUCT_FORMAT = "%s_%s"
 
     DEFAULT_LOG = 'integration'
-    PRODUCT_RANGE = 3..30
+    PRODUCT_RANGE = 4..30
     KEY_RANGE = 3..15
 
     ENDPOINT = '/data/external/statistic/'
 
     def initialize()
-      @logger_file = get_log_path product
+      create_calls
+      @logger_file = get_log_path @product
       setup_logging(true, 'info')
     end
 
     def setup_statistics_collection(vendor, product_name, gem_version)
-      #Remove illegal characters
-      vendor.to_s.gsub!('-', '_')
-      product_name.to_s.gsub!('-', '_')
-
       begin
         @statistic_key = get_statistic_key vendor
         @product = get_product product_name, gem_version
@@ -35,13 +31,14 @@ module Sourcefire
       end
     end
 
-    def setup_logging(enabled, log_level = 'info')
-      unless enabled || @log.nil?
-        log_message('Logging disabled.')
-        return
-      end
+    def setup_logging(enabled, log_level = 'info', stdout=false)
+      @stdout = stdout
 
-      @logger_file = get_log_path product
+      log_message('Logging disabled.') unless enabled || @log.nil?
+      @enabled = enabled
+      return unless @enabled
+
+      @logger_file = get_log_path @product
 
       require 'logger'
       directory = File.dirname(@logger_file)
@@ -58,24 +55,19 @@ module Sourcefire
       log_message("Logging enabled at level <#{log_level}>")
     end
 
-    # Logs an info message
-    def log_message(message)
-      @log.info(message) unless @log.nil?
-    end
-
-    # Logs a debug message
-    def log_debug_message(message)
-      @log.debug(message) unless @log.nil?
-    end
-
-    # Logs an error message
-    def log_error_message(message)
-      @log.error(message) unless @log.nil?
+    def create_calls
+      levels = [:info, :debug, :error, :warn]
+      levels.each do |level|
+        method_name = 
+        define_singleton_method("log_#{level.to_s}_message") do |message|
+          puts message if @stdout
+          @log.send(level, message) unless !@enabled || @log.nil?
+        end
+      end
     end
 
-    # Logs a warn message
-    def log_warn_message(message)
-      @log.warn(message) unless @log.nil?
+    def log_message(message)
+      log_info_message message
     end
 
     def log_stat_message(message)
@@ -92,13 +84,28 @@ module Sourcefire
         return nil
       end
 
+      vendor.gsub!('-', '_')
+      vendor.slice! vendor.rindex('_') until vendor.count('_') <= 1
+
+      vendor.delete! "^A-Za-z0-9\_"
+
       KEY_FORMAT % vendor[0...KEY_RANGE.max].downcase
     end
 
     def get_product(product, version)
-      return nil if (product.nil? || version.nil?)
+      return nil if ((product.nil? || product.empty?) || 
+                     (version.nil? || version.empty?))
+
+      product.gsub!('-', '_')
+      product.slice! product.rindex('_') until product.count('_') <= 1
+
+      product.delete! "^A-Za-z0-9\_"
+      version.delete! "^A-Za-z0-9\.\-"
+
       product = (PRODUCT_FORMAT % [product, version])[0...PRODUCT_RANGE.max]
 
+      product.slice! product.rindex(/[A-Z0-9]/i)+1..-1
+
       if product.length < PRODUCT_RANGE.min
         log_stat_message("Product length below minimum <#{PRODUCT_RANGE.min}>.")
         return nil
@@ -107,9 +114,12 @@ module Sourcefire
     end
 
     def generate_payload(statistic_value='')
-      payload = {'statistic-key' => @statistic_key,
-                 'statistic-value' => statistic_value,
-                 'product' => @product}
+      product_name, separator, version = @product.to_s.rpartition('_')
+      payload_value = {'version' => version}.to_json
+
+      payload = {'statistic-key' => @statistic_key.to_s,
+                 'statistic-value' => payload_value,
+                 'product' => product_name}
       JSON.generate(payload)
     end
 
@@ -126,6 +136,7 @@ module Sourcefire
       log_stat_message "Received code #{response.code} from Nexpose console."
       log_stat_message "Received message #{response.msg} from Nexpose console."
       log_stat_message 'Finished sending statistics data to Nexpose.'
+
       response.code
     end
 

data/lib/sourcefire/version.rb

@@ -1,5 +1,5 @@
 module Sourcefire
   PRODUCT = 'Sourcefire'
   VENDOR = 'Sourcefire'
-  VERSION = "0.2.0"
+  VERSION = "0.2.1"
 end

data/lib/sourcefire_connector.rb

@@ -84,13 +84,17 @@ module Sourcefire
         redo
       end
       
-      assets << current_asset + "ScanFlush\n" unless current_asset.nil?
+      assets << current_asset unless current_asset.nil?
       @log.log_message("Total of #{assets.count} assets")
       assets
     end
 
     def process_nexpose_data(report_file)
-      max_data_size = 524288
+      #Originally using the value returned from SourceFire as the max data size.
+      #However, this caused issues with some ticket creation / batching, and the 
+      #reduced value was hard-coded below.
+      #max_data_size = 524288
+      max_data_size = 450000
 
       @log.log_message('Creating data sets')
       header = "SetSource,NeXpose Scan Report\n"
@@ -107,7 +111,7 @@ module Sourcefire
         @log.log_message("Got a message of type <#{msg_details[0]}> and size <#{msg_details[1]}>")
         max_size = read_from_socket(ssl_socket, msg_details[1], msg_details[0])
         @log.log_message("Max message length is <#{max_size}>")
-        max_data_size = max_size.first
+        #max_data_size = max_size.first        
       end
       ssl_socket.close
 
@@ -116,11 +120,19 @@ module Sourcefire
 
       assets.each do |asset|
         if data_sets[-1].nil?
-          data_sets << header.dup + asset
+          if (asset + footer).bytesize < max_data_size
+            data_sets << header.dup + asset
+          else
+            batch_single_ip(data_sets, asset, header, footer, max_data_size)
+          end
         elsif (data_sets[-1].to_s + asset + footer).bytesize < max_data_size
           data_sets[-1] += asset
-        else
+        elsif (header.dup + asset + footer).bytesize < max_data_size
+          data_sets[-1] += footer
           data_sets << header.dup + asset
+        else
+          data_sets[-1] += footer
+          batch_single_ip(data_sets, asset, header, footer, max_data_size)
         end
       end
 
@@ -137,6 +149,27 @@ module Sourcefire
       data_sets
     end
 
+    def batch_single_ip(data_sets, asset, header, footer, max_data_size)
+      split_asset = nil
+      initial = true
+      update_footer = "ScanUpdate"
+
+      asset.each_line do |line|
+        if split_asset.nil?
+          split_asset = header.dup + line
+        elsif (split_asset + line + footer).bytesize < max_data_size
+          split_asset += line
+        else
+          data_sets << split_asset + (initial ? footer : update_footer)
+          initial = false
+          split_asset = header.dup
+          redo
+        end
+      end
+      data_sets << split_asset + update_footer
+      data_sets << header.dup
+    end
+
     def process_nexpose_data_alt(report_file)
       max_data_size = 524288
 

metadata

@@ -1,15 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_sourcefire
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - JJ Cassidy
 - David Valente
+- Adam Robinson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-10 00:00:00.000000000 Z
+date: 2016-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -56,7 +57,7 @@ dependencies:
 description: This GEM allows enables the importing of Nexpose host and vulnerability
   data into SourceFire
 email:
-- integrations_support@rapid7.com
+- support@rapid7.com
 executables:
 - nexpose_sourcefire
 extensions: []
@@ -75,8 +76,6 @@ files:
 - lib/sourcefire/queries.rb
 - lib/sourcefire/version.rb
 - lib/sourcefire_connector.rb
-- sourcefire.gemspec
-- sourcefire.iml
 homepage: http://www.rapid7.com
 licenses:
 - MIT
@@ -97,8 +96,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.4.3
 signing_key: 
 specification_version: 4
 summary: Nexpose SourceFire Integration GEM
 test_files: []
+has_rdoc: 

data/sourcefire.gemspec

@@ -1,25 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'sourcefire/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = 'nexpose_sourcefire'
-  spec.version       = Sourcefire::VERSION
-  spec.authors       = ['JJ Cassidy', 'David Valente']
-  spec.email         = ['integrations_support@rapid7.com']
-
-  spec.summary       = 'Nexpose SourceFire Integration GEM'
-  spec.description   = 'This GEM allows enables the importing of Nexpose host and vulnerability data into SourceFire'
-  spec.homepage      = 'http://www.rapid7.com'
-  spec.license       = 'MIT'
-
-  spec.files         = Dir['[A-Z]*'] + Dir['lib/**/*'] + Dir['bin/**']
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_runtime_dependency 'nexpose', "~> 0.9"
-  spec.required_ruby_version = '>= 1.9'
-end

data/sourcefire.iml

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="RUBY_MODULE" version="4">
-  <component name="FacetManager">
-    <facet type="gem" name="Ruby Gem">
-      <configuration>
-        <option name="GEM_APP_ROOT_PATH" value="$MODULE_DIR$" />
-        <option name="GEM_APP_TEST_PATH" value="" />
-        <option name="GEM_APP_LIB_PATH" value="" />
-      </configuration>
-    </facet>
-  </component>
-  <component name="NewModuleRootManager" inherit-compiler-output="true">
-    <exclude-output />
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="jdk" jdkName="RVM: ruby-1.9.3-p547 [global]" jdkType="RUBY_SDK" />
-    <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" scope="PROVIDED" name="bundler (v1.10.4, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="nexpose (v0.9.8, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rake (v10.4.2, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rex (v2.0.7, RVM: ruby-1.9.3-p547 [global]) [gem]" level="application" />
-  </component>
-</module>