nexpose_ticketing 0.0.1 → 0.2.1

data/lib/nexpose_ticketing/ticket_repository.rb

@@ -5,7 +5,7 @@ module NexposeTicketing
     require 'nexpose'
     require 'nexpose_ticketing/queries'
 
-    def nexpose_login (nexpose_data)
+    def nexpose_login(nexpose_data)
       @nsc = Nexpose::Connection.new(nexpose_data[:nxconsole], nexpose_data[:nxuser], nexpose_data[:nxpasswd])
       @nsc.login
     end
@@ -32,10 +32,10 @@ module NexposeTicketing
     #   - +csv_file_name+ -  CSV File name.
     #
     def save_last_scans(csv_file_name, saved_file = nil, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
-      report_config.add_filter('version', '1.1.0')
+      report_config.add_filter('version', '1.2.0')
       report_config.add_filter('query', Queries.last_scans)
       report_output = report_config.generate(@nsc)
-      csv_output = CSV.parse(report_output.chomp,  headers: :first_row )
+      csv_output = CSV.parse(report_output.chomp,  headers: :first_row)
       saved_file.open(csv_file_name, 'w') { |file| file.puts(csv_output) } unless saved_file.nil?
       if saved_file.nil?
         File.open(csv_file_name, 'w') { |file| file.puts(csv_output) }
@@ -48,7 +48,7 @@ module NexposeTicketing
     #   - A hash with site_ids => last_scan_id
     #
     def last_scans(report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
-      report_config.add_filter('version', '1.1.0')
+      report_config.add_filter('version', '1.2.0')
       report_config.add_filter('query', Queries.last_scans)
       report_output = report_config.generate(@nsc).chomp
       nexpose_sites = Hash.new(-1)
@@ -64,13 +64,14 @@ module NexposeTicketing
     #   - +site_options+ -  A Hash with site(s) and severity level.
     #
     # * *Returns* :
-    #   - Returns CSV |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id| |url| |summary| |fix|
+    #   - Returns CSV |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id|
+    #     |url| |summary| |fix|
     #
     def all_vulns(site_options = {}, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
       sites = Array(site_options[:sites])
       severity = site_options[:severity].nil? ? 0 : site_options[:severity]
-      report_config.add_filter('version', '1.1.0')
-      report_config.add_filter('query', Queries.all_delta_vulns)
+      report_config.add_filter('version', '1.2.0')
+      report_config.add_filter('query', Queries.all_new_vulns)
       unless sites.empty?
         sites.each do |site_id|
           report_config.add_filter('site', site_id)
@@ -80,21 +81,65 @@ module NexposeTicketing
       report_config.generate(@nsc)
     end
 
-    # Gets the delta vulns from base scan reported_scan_id and the newest / latest scan from a site.
+    # Gets the new vulns from base scan reported_scan_id and the newest / latest scan from a site.
     #
     # * *Args*    :
     #   - +site_options+ -  A Hash with site(s), reported_scan_id and severity level.
     #
     # * *Returns* :
-    #   - Returns CSV |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id| |url| |summary| |fix|
+    #   - Returns CSV |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id|
+    #     |url| |summary| |fix|
     #
-    def delta_vulns_sites(site_options = {}, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
+    def new_vulns_sites(site_options = {}, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
       site = site_options[:site_id]
       reported_scan_id = site_options[:scan_id]
       fail 'Site cannot be null or empty' if site.nil? || reported_scan_id.nil?
       severity = site_options[:severity].nil? ? 0 : site_options[:severity]
-      report_config.add_filter('version', '1.1.0')
-      report_config.add_filter('query', Queries.delta_vulns_since_scan(reported_scan_id))
+      report_config.add_filter('version', '1.2.0')
+      report_config.add_filter('query', Queries.new_vulns_since_scan(reported_scan_id))
+      report_config.add_filter('site', site)
+      report_config.add_filter('vuln-severity', severity)
+      report_config.generate(@nsc)
+    end
+    
+    # Gets the old vulns from base scan reported_scan_id and the newest / latest scan from a site.
+    #
+    # * *Args*    :
+    #   - +site_options+ -  A Hash with site(s), reported_scan_id and severity level.
+    #
+    # * *Returns* :
+    #   - Returns CSV |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id|
+    #     |url| |summary| |fix|
+    #
+    def old_vulns_sites(site_options = {}, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
+      site = site_options[:site_id]
+      reported_scan_id = site_options[:scan_id]
+      fail 'Site cannot be null or empty' if site.nil? || reported_scan_id.nil?
+      severity = site_options[:severity].nil? ? 0 : site_options[:severity]
+      report_config.add_filter('version', '1.2.0')
+      report_config.add_filter('query', Queries.old_vulns_since_scan(reported_scan_id))
+      report_config.add_filter('site', site)
+      report_config.add_filter('vuln-severity', severity)
+      report_config.generate(@nsc)
+    end
+    
+    # Gets all vulns from base scan reported_scan_id and the newest / latest scan from a site. This is
+    # used for IP-based issue updating. Includes the baseline comparision value ('Old','New', or 'Same').
+    #
+    # * *Args*    :
+    #   - +site_options+ -  A Hash with site(s), reported_scan_id and severity level.
+    #
+    # * *Returns* :
+    #   - Returns CSV |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id|
+    #     |url| |summary| |fix| |comparison| 
+    #
+    def all_vulns_sites(site_options = {}, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
+      site = site_options[:site_id]
+      reported_scan_id = site_options[:scan_id]
+      fail 'Site cannot be null or empty' if site.nil? || reported_scan_id.nil?
+      severity = site_options[:severity].nil? ? 0 : site_options[:severity]
+      report_config.add_filter('version', '1.2.0')
+      report_config.add_filter('query', Queries.all_vulns_since_scan(reported_scan_id))
       report_config.add_filter('site', site)
       report_config.add_filter('vuln-severity', severity)
       report_config.generate(@nsc)

data/lib/nexpose_ticketing/ticket_service.rb

@@ -53,8 +53,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     require 'fileutils'
     require 'nexpose_ticketing/ticket_repository'
 
-    TICKET_SERVICE_CONFIG_PATH =  File.join(File.dirname(__FILE__),'/config/ticket_service.config')
-    LOGGER_FILE = File.join(File.dirname(__FILE__),'/log/ticket_service.log')
+    TICKET_SERVICE_CONFIG_PATH =  File.join(File.dirname(__FILE__), '/config/ticket_service.config')
+    LOGGER_FILE = File.join(File.dirname(__FILE__), '/log/ticket_service.log')
 
     attr_accessor :helper_data, :nexpose_data, :options, :ticket_repository, :first_time, :nexpose_site_histories
 
@@ -75,7 +75,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
       # Loads all the helpers.
       log_message('Loading helpers.')
-      Dir[File.join(File.dirname(__FILE__),'/helpers/*.rb')].each do |file|
+      Dir[File.join(File.dirname(__FILE__), '/helpers/*.rb')].each do |file|
         log_message("Loading helper: #{file}")
         require_relative file
       end
@@ -103,7 +103,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     end
 
     # Prepares all the local and nexpose historical data.
-    def prepare_historical_data(ticket_repository, options, historical_scan_file = File.join(File.dirname(__FILE__),"#{options[:file_name]}"))
+    def prepare_historical_data(ticket_repository, options,
+        historical_scan_file = File.join(File.dirname(__FILE__), "#{options[:file_name]}"))
       if File.exists?(historical_scan_file)
         log_message("Reading historical CSV file: #{historical_scan_file}.")
         file_site_histories = ticket_repository.read_last_scans(historical_scan_file)
@@ -118,20 +119,22 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     end
 
     # Generates a full site(s) report ticket(s).
-    def all_site_report(ticket_repository, options, helper, historical_scan_file = File.join(File.dirname(__FILE__),"#{options[:file_name]}") )
+    def all_site_report(ticket_repository, options, helper,
+        historical_scan_file = File.join(File.dirname(__FILE__), "#{options[:file_name]}"))
       log_message('First time run, generating full vulnerability report.') if @first_time
       log_message('No site(s) specified, generating full vulnerability report.') if options[:sites].empty?
       all_delta_vulns = ticket_repository.all_vulns(severity: options[:severity])
       log_message('Preparing tickets.')
-      tickets = helper.prepare_tickets(all_delta_vulns)
-      helper.create_ticket(tickets)
+      tickets = helper.prepare_create_tickets(all_delta_vulns)
+      helper.create_tickets(tickets)
       log_message("Done processing, updating historical CSV file #{historical_scan_file}.")
       ticket_repository.save_last_scans(historical_scan_file)
       log_message('Done updating historical CSV file, service shutting down.')
     end
 
     # There's possibly a new scan with new data.
-    def delta_site_report(ticket_repository, options, helper, file_site_histories, historical_scan_file = File.join(File.dirname(__FILE__),"#{options[:file_name]}"))
+    def delta_site_report(ticket_repository, options, helper, file_site_histories,
+          historical_scan_file = File.join(File.dirname(__FILE__), "#{options[:file_name]}"))
       # Compares the Scan information from the File && Nexpose.
       no_processing = true
       @nexpose_site_histories.each do |site_id, scan_id|
@@ -158,22 +161,56 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       log_message("New site id: #{site_id} detected. Generating report.")
       new_site_vuln = ticket_repository.all_vulns(sites: [site_id], severity: options[:severity])
       log_message('Report generated, preparing tickets.')
-      ticket = helper.prepare_tickets(new_site_vuln)
-      helper.create_ticket(ticket)
+      ticket = helper.prepare_create_tickets(new_site_vuln)
+      helper.create_tickets(ticket)
     end
 
     # There's a new scan with possibly new vulnerabilities.
     def delta_site_new_scan(ticket_repository, site_id, options, helper, file_site_histories)
       log_message("New scan detected for site: #{site_id}. Generating report.")
-      new_scan_vuln = ticket_repository.delta_vulns_sites(scan_id: file_site_histories[site_id], site_id: site_id, severity: options[:severity])
-      # Preparse for an empty report: No new vulns between scans.
-      preparse = CSV.new(new_scan_vuln.chomp, headers: :first_row)
-      empty_report = preparse.shift.nil?
-      log_message("No new vulnerabilities found in new scan for site: #{site_id}.") && empty_report
-      log_message("New vulnerabilities found in new scan for site #{site_id}, preparing tickets.") unless empty_report
-      unless empty_report
-        ticket = helper.prepare_tickets(new_scan_vuln)
-        helper.create_ticket(ticket)
+      
+      if options[:ticket_mode] == 'I'
+        # I-mode tickets require updating the tickets in the target system.
+        log_message("Scan id for new scan: #{file_site_histories[site_id]}.")
+        all_scan_vuln = ticket_repository.all_vulns_sites(scan_id: file_site_histories[site_id], 
+                                                          site_id: site_id,
+                                                          severity: options[:severity])
+        if helper.respond_to?("prepare_update_tickets") && helper.respond_to?("update_tickets")
+          tickets = helper.prepare_update_tickets(all_scan_vuln)
+          helper.update_tickets(tickets)
+        else
+          log_message("Helper does not implement update methods")
+          fail "Helper using 'I' mode must implement prepare_updates and update_tickets"
+        end
+      else
+        # D-mode tickets require creating new tickets and closing old tickets.
+        new_scan_vuln = ticket_repository.new_vulns_sites(scan_id: file_site_histories[site_id], site_id: site_id,
+                                                          severity: options[:severity])
+        preparse = CSV.new(new_scan_vuln.chomp, headers: :first_row)
+        empty_report = preparse.shift.nil?
+        log_message("No new vulnerabilities found in new scan for site: #{site_id}.") if empty_report
+        log_message("New vulnerabilities found in new scan for site #{site_id}, preparing tickets.") unless empty_report
+        unless empty_report
+          tickets = helper.prepare_create_tickets(new_scan_vuln)
+          helper.create_tickets(tickets)
+        end
+        
+        if helper.respond_to?("prepare_close_tickets") && helper.respond_to?("close_tickets")
+          old_scan_vuln = ticket_repository.old_vulns_sites(scan_id: file_site_histories[site_id], site_id: site_id,
+                                                            severity: options[:severity])
+          preparse = CSV.new(old_scan_vuln.chomp, headers: :first_row)
+          empty_report = preparse.shift.nil?
+          log_message("No old (closed) vulnerabilities found in new scan for site: #{site_id}.") if empty_report
+          log_message("Old vulnerabilities found in new scan for site #{site_id}, preparing closures.") unless empty_report
+          unless empty_report
+            tickets = helper.prepare_close_tickets(old_scan_vuln)
+            helper.close_tickets(tickets)
+          end
+        else
+          # Create a log message but do not halt execution of the helper if ticket closeing is not 
+          # supported to allow legacy code to execute normally.
+          log_message("Helper does not impelment close methods.")
+        end
       end
     end
 

data/nexpose_ticketing.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name                  = 'nexpose_ticketing'
-  s.version               = '0.0.1'
+  s.version               = '0.2.1'
   s.homepage              = 'https://github.com/rapid7/nexpose_ticketing'
   s.summary               = 'Ruby Nexpose Ticketing Engine.'
   s.description           = 'This gem provides a Ruby implementation of different integrations with ticketing services for Nexpose.'
@@ -11,9 +11,10 @@ Gem::Specification.new do |s|
   s.email                 = ['damian_finol@rapid7.com']
   s.files                 = Dir['[A-Z]*'] + Dir['lib/**/*']
   s.require_paths         = ['lib']
-  s.extra_rdoc_files      = ['README.markdown']
+  s.extra_rdoc_files      = ['README.md']
   s.required_ruby_version = '>= 1.9'
   s.platform              = 'ruby'
-  s.executables           << 'nexpose_jira'
+  s.executables           = ['nexpose_jira','nexpose_servicenow','nexpose_remedy']
   s.add_dependency('nexpose', '>= 0.6.0')
-end
+  s.add_dependency('savon', '~> 2.1')
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_ticketing
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.2.1
 platform: ruby
 authors:
 - Damian Finol
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-07 00:00:00.000000000 Z
+date: 2014-07-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nexpose
@@ -24,22 +24,47 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.6.0
+- !ruby/object:Gem::Dependency
+  name: savon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.1'
 description: This gem provides a Ruby implementation of different integrations with
   ticketing services for Nexpose.
 email:
 - damian_finol@rapid7.com
 executables:
 - nexpose_jira
+- nexpose_servicenow
+- nexpose_remedy
 extensions: []
 extra_rdoc_files:
-- README.markdown
+- README.md
 files:
-- README.markdown
+- README.md
 - bin/nexpose_jira
+- bin/nexpose_remedy
+- bin/nexpose_servicenow
 - lib/nexpose_ticketing.rb
 - lib/nexpose_ticketing/config/jira.config
+- lib/nexpose_ticketing/config/remedy.config
+- lib/nexpose_ticketing/config/remedy_wsdl/HPD_IncidentInterface_Create_WS.xml
+- lib/nexpose_ticketing/config/remedy_wsdl/HPD_IncidentInterface_WS.xml
+- lib/nexpose_ticketing/config/servicenow.config
 - lib/nexpose_ticketing/config/ticket_service.config
 - lib/nexpose_ticketing/helpers/jira_helper.rb
+- lib/nexpose_ticketing/helpers/remedy_helper.rb
+- lib/nexpose_ticketing/helpers/servicenow_helper.rb
+- lib/nexpose_ticketing/nx_logger.rb
 - lib/nexpose_ticketing/queries.rb
 - lib/nexpose_ticketing/ticket_repository.rb
 - lib/nexpose_ticketing/ticket_service.rb