nexpose_ticketing 0.8.3 → 1.0.0

data/lib/nexpose_ticketing/helpers/servicedesk_helper.rb

@@ -1,118 +1,184 @@
 require 'net/http'
 require 'nokogiri'
 require 'dbm'
+require 'nexpose_ticketing/common_helper'
+require 'nexpose_ticketing/nx_logger'
+require 'nexpose_ticketing/version'
 
 class ServiceDeskHelper
-    attr_accessor :servicedesk_data, :options, :log
-
-    def initialize(servicedesk_data, options)
-        @servicedesk_data = servicedesk_data
-        @options = options
-        @log = NexposeTicketing::NXLogger.new
-
-        @rest_uri = servicedesk_data[:rest_uri]
-        @api_key = servicedesk_data[:api_key]
-        @ticket_db_path = servicedesk_data[:ticket_db_path]
+  attr_accessor :servicedesk_data, :options, :log
+
+  def initialize(servicedesk_data, options)
+    @servicedesk_data = servicedesk_data
+    @options = options
+    @log = NexposeTicketing::NxLogger.instance
+
+    @rest_uri = servicedesk_data[:rest_uri]
+    @api_key = servicedesk_data[:api_key]
+    @ticket_db_path = servicedesk_data[:ticket_db_path]
+    @common_helper = NexposeTicketing::CommonHelper.new(@options)
+  end
+
+
+  def open_database()
+    DBM.open(@ticket_db_path, 0600, DBM::WRCREAT)
+  end
+
+
+  def add_ticket_to_database(workorderid, nxid)
+    @log.log_message("Adding ticket <#{workorderid}> for NXID <#{nxid}> to local db.")
+    db = open_database()
+    db[nxid] = workorderid
+    db.close()
+  end
+
+
+  def find_ticket_in_database(nxid) 
+    @log.log_message("Finding workorder id for NXID <#{nxid}> from local db.")
+    db = open_database()
+    begin
+      workorderid = db[nxid]
+      @log.log_message("Lookup found incident <#{workorderid}> in the db.")
+    rescue Exception => e
+      @log.log_message("Threw an exception accessing the dbm <#{e.class} #{e} #{e.message}>.")
+      raise e
     end
+    db.close()
 
-
-    def open_database()
-        DBM.open(@ticket_db_path, 0600, DBM::WRCREAT)
-    end
+    workorderid
+  end
 
 
-    def add_ticket_to_database(workorderid, nxid)
-        @log.log_message("Adding ticket <#{workorderid}> for NXID <#{nxid}> to local db.")
-        db = open_database()
-        db[nxid] = workorderid
-        db.close()
+  def remove_tickets_from_database(tickets)
+    db = open_database()
+    tickets.each do |t|
+      nxid = t[:nxid]
+      @log.log_message("Removing workorder id from database for NXID <#{nxid}>")
+      db.delete(nxid) unless db[nxid].nil?
+    end
+    db.close()
+  end
+
+
+  def prepare_create_tickets(vulnerability_list, nexpose_identifier_id)
+    @log.log_message('Preparing ticket creation...')
+    case @options[:ticket_mode]
+    # 'D' Default IP *-* Vulnerability
+    when 'D' then matching_fields = ['ip_address', 'vulnerability_id']
+    # 'I' IP address -* Vulnerability
+    when 'I' then matching_fields = ['ip_address']
+    # 'V' Vulnerability -* Assets
+    when 'V' then matching_fields = ['vulnerability_id']
+    else
+      fail 'Unsupported ticketing mode selected.'
     end
 
+    tickets = prepare_tickets(vulnerability_list, nexpose_identifier_id, matching_fields)
 
-    def find_ticket_in_database(nxid)
-        @log.log_message("Finding workorder id for NXID <#{nxid}> from local db.")
-        db = open_database()
-        begin
-            workorderid = db[nxid]
-            @log.log_message("Lookup found incident <#{workorderid}> in the db.")
-        rescue Exception => e
-            @log.log_message("Threw an exception accessing the dbm <#{e.class} #{e} #{e.message}>.")
-            raise e
-        end
-        db.close()
+    tickets.each { |ticket| @log.log_message("Prepared ticket: #{ticket}")}
+    tickets
+  end
 
-        return workorderid
-    end
 
+  def prepare_tickets(vulnerability_list, nexpose_identifier_id, matching_fields)
+    @log.log_message("Preparing ticket for #{@options[:ticket_mode]} mode.")
+    tickets = []
+    host_vulns={}
+    previous_row = nil
+    description = nil
+    nxid = nil
 
-    def remove_ticket_from_database(nxid)
-        @log.log_message("Removing workorder id from database for NXID <#{nxid}>")
-        db = open_database()
-        db.delete(nxid)
-        db.close()
+    initial_scan = false
+
+    CSV.parse( vulnerability_list.chomp, headers: :first_row )  do |row|
+      initial_scan = initial_scan || row['comparison'].nil?
+        
+      if previous_row.nil?
+        nxid = @common_helper.generate_nxid(nexpose_identifier_id, row)
+        previous_row = row.dup
+        description = @common_helper.get_description(nexpose_identifier_id, row)  
+
+        host_vulns[nxid] = { :ip => row['ip_address'], 
+                             :description => "",
+                             :title => @common_helper.get_title(row) } 
+      elsif matching_fields.any? {  |x| previous_row[x].nil? || previous_row[x] != row[x] }
+        nxid = @common_helper.generate_nxid(nexpose_identifier_id, previous_row)
+        info = @common_helper.get_field_info(matching_fields, previous_row)
+        @log.log_message("Generated ticket with #{info}")
+
+        host_vulns[nxid][:description] = @common_helper.print_description(description)
+        previous_row = nil
+        description = nil
+        redo
+      else
+        description = @common_helper.update_description(description, row)
+      end
     end
 
-    def prepare_create_tickets(vulnerability_list, nexpose_identifier_id)
-        @log.log_message('Preparing ticket requests...')
-        case @options[:ticket_mode]
-            # 'D' Default mode: IP *-* Vulnerability
-            when 'D'
-                tickets = create_tickets_by_default(vulnerability_list, nexpose_identifier_id)
-            # 'I' IP address mode: IP address -* Vulnerability
-            when 'I'
-                tickets = create_tickets_by_ip(vulnerability_list, nexpose_identifier_id)
-            else
-                fail 'No ticketing mode selected.'
-        end
-
-        tickets.each { |ticket| @log.log_message("Prepared ticket: #{ticket}")}
-        return tickets
+    unless host_vulns[nxid].nil? || host_vulns[nxid].empty?
+      host_vulns[nxid][:description] = @common_helper.print_description(description)
     end
 
-    ## Uses the configured or default options to set up a ticket creation request
-    def create_ticket_request(subject, description)
-        request = Nokogiri::XML::Builder.new do |xml|
-            xml.Operation {
-                xml.Details {
-                    xml.parameter {
-                        xml.name {
-                            xml.text 'requester'
-                        }
-                        xml.value {
-                            xml.text @servicedesk_data[:requestor]
-                        }
-                    }
-                    xml.parameter {
-                        xml.name {
-                            xml.text 'Group'
-                        }
-                        xml.value {
-                            xml.text @servicedesk_data[:group]
-                        }
-                    }
-                    xml.parameter {
-                        xml.name {
-                            xml.text 'subject'
-                        }
-                        xml.value {
-                            xml.text subject
-                        }
-                    }
-                    xml.parameter {
-                        xml.name {
-                            xml.text 'description'
-                        }
-                        xml.value {
-                            xml.cdata description
-                        }
-                    }
-                }
+    host_vulns.each do |nxid, vuln_info|
+      workorderid = initial_scan ? nil : find_ticket_in_database(nxid)
+      if workorderid.nil? || workorderid.empty?
+        @log.log_message("Creating new incident for assetid #{nxid}")
+        tickets << { :action => :create, :nxid => nxid,
+                     :description => create_ticket_request(vuln_info[:title], vuln_info[:description]) }
+      else
+        @log.log_message("Updating incident for assetid #{nxid}")
+        tickets << { :action => :modify, :nxid => nxid, 
+                     :workorderid => workorderid,
+                     :description => modify_ticket_request(vuln_info[:description]) }
+      end
+    end
+    tickets
+  end
+
+  ## Uses the configured or default options to set up a ticket creation request
+  def create_ticket_request(subject, description)
+    request = Nokogiri::XML::Builder.new do |xml|
+      xml.Operation {
+        xml.Details {
+          xml.parameter {
+            xml.name {
+                xml.text 'requester'
             }
-        end
-        return request.to_xml
+            xml.value {
+              xml.text @servicedesk_data[:requester]
+            }
+          }
+          xml.parameter {
+            xml.name {
+              xml.text 'Group'
+            }
+            xml.value {
+              xml.text @servicedesk_data[:group]
+            }
+          }
+          xml.parameter {
+            xml.name {
+              xml.text 'subject'
+            }
+            xml.value {
+              xml.text subject
+            }
+          }
+          xml.parameter {
+            xml.name {
+              xml.text 'description'
+            }
+            xml.value {
+              xml.cdata description
+            }
+          }
+        }
+      }
     end
+    request.to_xml
+  end
 
-    def modify_ticket_request(description)
+  def modify_ticket_request(description)
 #         modifyRequest = """
 # <Operation>
 #     <Details>
@@ -123,224 +189,171 @@ class ServiceDeskHelper
 #     </Details>
 # </Operation>
 # """
-        doc = Nokogiri::XML::Builder.new() do |xml|
-        xml.Operation {
-            xml.Details {
-                xml.parameter {
-                    xml.name {
-                        xml.text 'Description'
-                    }
-                    xml.value {
-                        xml.cdata description
-                    }
-                }
+    doc = Nokogiri::XML::Builder.new() do |xml|
+      xml.Operation {
+        xml.Details {
+          xml.parameter {
+            xml.name {
+                xml.text 'requester'
             }
-
+            xml.value {
+              xml.text @servicedesk_data[:requester]
+            }
+          }
+          xml.parameter {
+            xml.name {
+              xml.text 'description'
+            }
+            xml.value {
+              xml.cdata description
+            }
+          }
         }
-        end
-
-        return doc.to_xml
+      }
     end
+    doc.to_xml
+  end
+
+  def submit_ticket(ticket)
+    @log.log_message("Connecting to #{@rest_uri}.")
+    uri = URI( @rest_uri )
+    res = Net::HTTP::post_form(uri,
+                               'OPERATION_NAME' => 'ADD_REQUEST',
+                               'TECHNICIAN_KEY' => @api_key,
+                               'INPUT_DATA' => ticket[:description])
+
+    response = Nokogiri::XML.parse(res.read_body)
+    begin
+      status = response.xpath('//statuscode').text
+      status_code = status.empty? ? -1 : Integer(status)
+    
+      if status_code != 200
+        @log.log_message("Unable to create ticket #{ticket}, got response #{response.to_xml}")
+        return
+      end
 
-    ## Given a bunch of vulnerabilities that passed the filters, make tickets for each one
-    def create_tickets_by_default(vulnerability_list, nexpose_identifier_id)
-        @log.log_message('Preparing tickets by vulnerability...')
-        tickets = []
-        CSV.parse( vulnerability_list.chomp, headers: :first_row )  do |vuln|
-            subject = "#{vuln['ip_address']}: #{vuln['summary']}"
-            description = "Host: #{ip_address}\nSummary: #{vuln['summary']}\nFix: #{vuln['fix']}\nURL: #{vuln['url']}"
-
-            tickets << { :action => :create, :nxid => "#{nexpose_identifier_id}#{vuln['asset_id']}#{vuln['vulnerability_id']}#{vuln['solution_id']}",
-                         :description => create_ticket_request( subject, description ) }
-        end
-        return tickets
+      workorderid = Integer(response.xpath('//workorderid').text)
+    rescue ArgumentError => ae
+      @log.log_message("Failed to parse response from servicedesk #{response}")
+      raise ae
     end
 
-
-    def create_tickets_by_ip(vulnerability_list, nexpose_identifier_id)
-        @log.log_message('Preparing tickets by ip')
-        tickets = []
-        hostVulns = {}
-        CSV.parse( vulnerability_list.chomp, headers: :first_row )  do |vuln|
-            hostVulns["#{nexpose_identifier_id}#{vuln['ip_address']}"] = { :ip => vuln['ip_address'], :description => "" } if not hostVulns.has_key?("#{nexpose_identifier_id}#{vuln['ip_address']}")
-            hostVulns["#{nexpose_identifier_id}#{vuln['ip_address']}"][:description] += "Summary: #{vuln['summary']}\nFix: #{vuln['fix']}\nURL: #{vuln['url']}\n\n"
-        end
-
-        hostVulns.each do |nxid, vulnInfo|
-            tickets << { :action => :create, :nxid => nxid,
-                         :description => create_ticket_request( "Vulnerabilities on #{vulnInfo[:ip]}", vulnInfo[:description] ) }
-        end
-        return tickets
+    @log.log_message( "created ticket #{workorderid}")
+    add_ticket_to_database( workorderid, ticket[:nxid] )
+  end
+
+
+  def modify_ticket(ticket)
+    @log.log_message("Connecting to #{@rest_uri}/#{ticket[:workorderid]}")
+    uri = URI( "#{@rest_uri}/#{ticket[:workorderid]}")
+    res = Net::HTTP::post_form(uri,
+                               'OPERATION_NAME' => 'EDIT_REQUEST',
+                               'TECHNICIAN_KEY' => @api_key,
+                               'INPUT_DATA' => ticket[:description])
+
+    response = Nokogiri::XML.parse(res.read_body)
+    begin
+      status = Integer(response.xpath('//statuscode').text)
+    rescue Exception => e
+      @log.log_message("XML request was #{ticket[:description]} response is #{response.to_xml}")
+      raise e
     end
-
-
-    def submit_ticket(ticket)
-        @log.log_message("Connecting to #{@rest_uri}.")
-        uri = URI( @rest_uri )
-        res = Net::HTTP::post_form( uri,
-                            'OPERATION_NAME' => 'ADD_REQUEST',
-                            'TECHNICIAN_KEY' => @api_key,
-                            'INPUT_DATA' => ticket[:description] )
-
-        response = Nokogiri::XML.parse( res.read_body )
-        begin
-            status = response.xpath('//statuscode').text
-            if status.empty?
-                status_code = -1
-            else
-                status_code = Integer( status )
-            end
-        
-            if status_code != 200
-                @log.log_message("Unable to create ticket #{ticket}, got response #{response.to_xml}")
-                return
-            end
-
-            workorderid = Integer(response.xpath('//workorderid').text)
-        rescue ArgumentError => ae
-            @log.log_message("Failed to parse response from servicedesk #{response}")
-            raise ae
-        end
-
-        @log.log_message( "created ticket #{workorderid}")
-        add_ticket_to_database( workorderid, ticket[:nxid] )
+    
+    unless status == 200
+      @log.log_message("Unable to modify ticket #{ticket}, got response #{response.to_xml}")
     end
-
-
-    def modify_ticket(ticket)
-        @log.log_message("Connecting to #{@rest_uri}/#{ticket[:workorderid]}")
-        uri = URI( "#{@rest_uri}/#{ticket[:workorderid]}" )
-        res = Net::HTTP::post_form( uri,
-                            'OPERATION_NAME' => 'EDIT_REQUEST',
-                            'TECHNICIAN_KEY' => @api_key,
-                            'INPUT_DATA' => ticket[:description] )
-
-        response = Nokogiri::XML.parse( res.read_body )
-        begin
-            status = Integer(response.xpath('//statuscode').text)
-        rescue Exception => e
-            @log.log_message("XML request was #{ticket[:description]} response is #{response.to_xml}")
-            raise e
-        end
-        
-        if status != 200
-            @log.log_message("Unable to modify ticket #{ticket}, got response #{response.to_xml}")
-            return
-        end
+  end
+
+
+  def close_ticket(ticket)
+    @log.log_message("Connecting to #{@rest_uri}/#{ticket[:workorderid]}")
+    uri = URI( "#{@rest_uri}/#{ticket[:workorderid]}" )
+    res = Net::HTTP::post_form(uri,
+                               'OPERATION_NAME' => 'CLOSE_REQUEST',
+                               'TECHNICIAN_KEY' => @api_key)
+
+    response = Nokogiri::XML.parse(res.read_body)
+    begin
+      status = Integer(response.xpath('//statuscode').text)
+    rescue Exception => e
+      @log.log_message("XML request was #{ticket[:description]} response is #{response.to_xml}")
+      raise e
     end
 
+    unless status == 200
+      @log.log_message("Unable to close ticket #{ticket}, got response #{response.to_xml}")
+    end
+  end
 
-    def close_ticket(ticket)
-        @log.log_message("Connecting to #{@rest_uri}/#{ticket[:workorderid]}")
-        uri = URI( "#{@rest_uri}/#{ticket[:workorderid]}" )
-        res = Net::HTTP::post_form( uri,
-                            'OPERATION_NAME' => 'CLOSE_REQUEST',
-                            'TECHNICIAN_KEY' => @api_key )
-
-        response = Nokogiri::XML.parse( res.read_body )
-        begin
-            status = Integer(response.xpath('//statuscode').text)
-        rescue Exception => e
-            @log.log_message("XML request was #{ticket[:description]} response is #{response.to_xml}")
-            raise e
-        end
-
-        if status != 200
-            @log.log_message("Unable to close ticket #{ticket}, got response #{response.to_xml}")
-            return
-        end
 
-    end
+  def create_tickets(tickets)
+    @log.log_message("Creating tickets on server at #{@rest_uri}")
 
+    tickets.each { |ticket| submit_ticket(ticket) }
+  end
 
-    def create_tickets(tickets)
-        @log.log_message("Creating tickets on server at #{@rest_uri}")
 
-        tickets.each { |ticket| submit_ticket(ticket) }
+  def prepare_update_tickets(vulnerability_list, nexpose_identifier_id)
+    @log.log_message('Preparing ticket updates...')
+    case @options[:ticket_mode]
+    # 'D' Default IP *-* Vulnerability
+    when 'D' then fail 'Ticket updates are not supported in Default mode.'
+    # 'I' IP address -* Vulnerability
+    when 'I' then matching_fields = ['ip_address']
+    # 'V' Vulnerability -* Assets
+    when 'V' then matching_fields = ['vulnerability_id']
+    else
+        fail 'Unsupported ticketing mode selected.'
     end
 
-    
-    def prepare_update_tickets(vulnerability_list, nexpose_identifier_id)
-        fail 'Ticket updates are only supported in IP-address mode.' if @options[:ticket_mode] != 'I'
-
-        @log.log_message('Preparing ticket updates by IP address.')
-        tickets = []
-        hostVulns={}
-        CSV.parse( vulnerability_list.chomp, headers: :first_row )  do |vuln|
-            hostVulns["#{nexpose_identifier_id}#{vuln['ip_address']}"] = { :ip => vuln['ip_address'], :description => "" } if not hostVulns.has_key?(vuln['asset_id'])
-            hostVulns["#{nexpose_identifier_id}#{vuln['ip_address']}"][:description] += "Summary: #{vuln['summary']}\nFix: #{vuln['fix']}\nURL: #{vuln['url']}\n\n"
-        end
-
-        hostVulns.each do |nxid, vulnInfo|
-            workorderid = find_ticket_in_database(nxid)
-            if workorderid.nil? || workorderid.empty?
-                @log.log_message("No incident found for assetid #{nxid}, using defaults")
-                tickets << { :action => :create, :nxid => nxid,
-                             :description => create_ticket_request("Vulnerabilities on #{vulnInfo[:ip]}", vulnInfo[:description]) }
-            else
-                tickets << { :action => :modifty, :nxid => nxid, :workorderid => workorderid,
-                             :description => modify_ticket_request( vulnInfo[:description] ) }
-            end
-        end
-        return tickets
-    end
+    prepare_tickets(vulnerability_list, nexpose_identifier_id, matching_fields)
+  end
 
 
-    def update_tickets(tickets)
-        @log.log_message('Updating tickets')
-        tickets.each do |ticket|
-            if ticket[:action] == :create
-                @log.log_message('Creating ticket')
-                submit_ticket(ticket)
-            else
-                @log.log_message("Updating ticket #{ticket[:workorderid]}")
-                modify_ticket(ticket)
-            end
-        end
+  def update_tickets(tickets)
+    @log.log_message('Updating tickets')
+    tickets.each do |ticket|
+      if ticket[:action] == :create
+        @log.log_message('Creating ticket')
+        submit_ticket(ticket)
+      else
+        @log.log_message("Updating ticket #{ticket[:workorderid]}")
+        modify_ticket(ticket)
+      end
     end
-
-
-    # Prepare ticket closures from the CSV of vulnerabilities exported from Nexpose.
-    #
-    # * *Args*    :
-    #   - +vulnerability_list+ -  CSV of vulnerabilities within Nexpose.
-    #
-    # * *Returns* :
-    #   - List of savon-formated (hash) tickets for closing within ServiceDesk.
-    #
-    def prepare_close_tickets(vulnerability_list, nexpose_identifier_id)
-      fail 'Ticket closures are only supported in default mode.' if @options[:ticket_mode] == 'I'
-      @log.log_message('Preparing ticket closures by default method.')
-      @nxid = nil
-      tickets = []
-      CSV.parse(vulnerability_list.chomp, headers: :first_row)  do |row|
-        case @options[:ticket_mode]
-          # 'D' Default mode: IP *-* Vulnerability
-          when 'D'
-            @nxid = "#{nexpose_identifier_id}#{row['asset_id']}#{row['vulnerability_id']}#{row['solution_id']}"
-          # 'I' IP address mode: IP address -* Vulnerability
-          when 'I'
-            @nxid = "#{nexpose_identifier_id}#{row['current_ip']}"
-          # 'V' Vulnerability mode: Vulnerability -* IP address
-#          when 'V'
-#            @NXID = "#{nexpose_identifier_id}#{row['current_asset_id']}#{row['current_vuln_id']}"
-          else
-            fail 'Could not close tickets - do not understand the ticketing mode!'
-        end
-        workorderid = find_ticket_in_database(@nxid)
-        # Query ServiceDesk for the incident by unique id (generated NXID)
-        if workorderid.nil? || workorderid.empty?
-          @log.log_message("No workorderid found for NXID #{@nxid}")
-        else
-            tickets << { :action => :close, :nxid => @nxid, :workorderid => workorderid,
-                         :description => closeTicketRequest() }
-        end
+  end
+
+  # Prepare ticket closures from the CSV of vulnerabilities exported from Nexpose.
+  #
+  # * *Args*    :
+  #   - +vulnerability_list+ -  CSV of vulnerabilities within Nexpose.
+  #
+  # * *Returns* :
+  #   - List of savon-formated (hash) tickets for closing within ServiceDesk.
+  #
+  def prepare_close_tickets(vulnerability_list, nexpose_identifier_id)
+    @log.log_message("Preparing ticket closures for mode #{@options[:ticket_mode]}.")
+    @nxid = nil
+    tickets = []
+    CSV.parse(vulnerability_list.chomp, headers: :first_row)  do |row|
+      @nxid = @common_helper.generate_nxid(nexpose_identifier_id, row)
+
+      workorderid = find_ticket_in_database(@nxid)
+      # Query ServiceDesk for the incident by unique id (generated NXID)
+      if workorderid.nil? || workorderid.empty?
+        @log.log_message("No workorderid found for NXID #{@nxid}")
+      else
+        tickets << { :action => :close, :nxid => @nxid, 
+                     :workorderid => workorderid,
+                     :description => 'Automatically closing ticket.' }
       end
-      return tickets
     end
+    tickets
+  end
 
 
-    def close_tickets( tickets )
-        tickets.each { |ticket| close_ticket(ticket) if ticket[:action] == close && !ticket[:workorderid].nil?}
-    end
+  def close_tickets( tickets )
+    tickets.each { |ticket| close_ticket(ticket) if ticket[:action] == :close && !ticket[:workorderid].nil?}
+    remove_tickets_from_database(tickets)
+  end
 end