nexpose_ticketing 1.0.2 → 1.2.1

data/lib/nexpose_ticketing/modes/base_mode.rb

@@ -0,0 +1,199 @@
+require 'nexpose_ticketing/nx_logger'
+
+class BaseMode 
+
+  # Initializes the mode
+  def initialize(options)
+    @options = options
+    @log = NexposeTicketing::NxLogger.instance
+  end
+
+  # True if this mode supports ticket updates
+  def updates_supported?
+    true
+  end
+
+  # Returns the fields used to identify individual tickets
+  def get_matching_fields
+    ['']
+  end
+
+  # Returns the ticket's title
+  def get_title(row)
+    "#{nil} => #{nil}"
+  end
+
+  # Generates a unique identifier for a ticket
+  def get_nxid(nexpose_id, row)
+    "#{nil}c#{nil}"
+  end
+
+  # Returns the base ticket description object
+  def get_description(nexpose_id, row)
+    description
+  end
+
+  # Updates the ticket description based on row data
+  def update_description(description, row)
+    description
+  end
+  
+  # Converts the ticket description object into a formatted string
+  def print_description(description)
+    ''
+  end
+
+  # Cuts the title down to size specified in config, if necessary
+  def truncate_title(title)
+    return title if title.length <= @options[:max_title_length]
+    "#{title[0, @options[:max_title_length]-3]}..."
+  end
+
+  # Returns the suffix used for query method names 
+  def get_query_suffix
+    '_by_ip'
+  end
+
+  def load_queries
+    file_name = "#{self.class.to_s.downcase}_queries.rb"
+    file_path = File.join(File.dirname(__FILE__), "../queries/#{file_name}")
+    @queries = []
+
+    @queries << YAML.load_file(file_path)
+  end
+
+  # Generates a final description string based on a description hash.
+  #
+  #   - +ticket_desc+ - The ticket description to be formatted.
+  #   - +nxid+ - The NXID to be appended to the ticket.
+  #
+  # * *Returns* :
+  #   - String containing ticket description text.
+  #
+  def finalize_description(ticket_desc, nxid)
+    nxid_line = "\n\n\n#{nxid}"
+    
+    #If the ticket is too long, truncate it to fit the NXID
+    max_len = @options[:max_ticket_length]
+    if max_len > 0 and (ticket_desc + nxid_line).length > max_len
+      #Leave space for newline characters, nxid and ellipsis (...)
+      ticket_desc = ticket_desc[0...max_len - (nxid_line.length+5)]
+      ticket_desc << "\n...\n"
+    end
+
+    "#{ticket_desc}#{nxid_line}"
+  end
+  
+  # Formats the row data to be inserted into a 'D' or 'I' mode ticket description.
+  #
+  #   - +row+ -  CSV row containing vulnerability data.
+  #
+  # * *Returns* :
+  #   - String formatted with vulnerability data.
+  #
+  def get_vuln_info(row)
+    ticket = get_header(row)
+    ticket << get_discovery_info(row)
+    ticket << get_references(row)
+    ticket << "\n#{get_solutions(row)}"
+    ticket.gsub("\n", "\n ")
+  end
+
+  # Generates the vulnerability header from the row data.
+  #
+  #   - +row+ -  CSV row containing vulnerability data.
+  #
+  # * *Returns* :
+  #   - String formatted with vulnerability data.
+  #
+  def get_header(row)
+    ticket = "\n=============================="
+    ticket << "\nVulnerability ID: #{row['vulnerability_id']}"
+    ticket << "\nNexpose ID: #{row['vuln_nexpose_id']}"
+    ticket << "\nCVSS Score: #{row['cvss_score']}"
+    ticket << "\n=============================="
+  end
+
+  # Generates a short summary for a vulnerability.
+  #
+  #   - +row+ -  CSV row containing vulnerability data.
+  #
+  # * *Returns* :
+  #   - String containing a short summary of the vulnerability.
+  #
+  def get_short_summary(row)
+    summary = row['solutions'].to_s
+    delimiter = summary.index('|')
+    return summary[summary.index(':')+1...delimiter].strip if delimiter
+    summary.length <= 100 ? summary : summary[0...100]
+  end
+
+  # Formats the solutions for a vulnerability in a format suitable to be inserted into a ticket.
+  #
+  #   - +row+ -  CSV row containing vulnerability data.
+  #
+  # * *Returns* :
+  #   - String formatted with solution information.
+  #
+  def get_solutions(row)
+    row['solutions'].to_s.gsub('|', "\n").gsub('~', "\n--\n")
+  end
+
+  def get_discovery_info(row)
+    return '' if row['first_discovered'].to_s == ""
+    info = "\nFirst Seen: #{row['first_discovered']}\n"
+    info << "Last Seen: #{row['most_recently_discovered']}\n"
+    info
+  end
+
+  # Formats the references for a vulnerability in a format suitable to be inserted into a ticket.
+  #
+  #   - +row+ -  CSV row containing vulnerability data.
+  #
+  # * *Returns* :
+  #   - String formatted with source and reference.
+  #
+  def get_references(row)
+    num_refs = @options[:max_num_refs]
+    return '' if row['references'].nil? || num_refs == 0
+    
+    refs =  row['references'].split(', ')[0..num_refs]
+    refs[num_refs] = '...' if refs.count > num_refs
+    "\nSources:\n#{refs.map { |r| " - #{r}" }.join("\n")}\n"
+  end
+
+  
+  # Returns the assets for a vulnerability in a format suitable to be inserted into a ticket.
+  #
+  #   - +row+ -  CSV row containing vulnerability data.
+  #
+  # * *Returns* :
+  #   - String formatted with affected assets.
+  #
+  def get_assets(row)
+    assets = "\n#{row['comparison'] || 'Affected' } Assets\n"
+
+    row['assets'].to_s.split('~').each do |a|
+      asset = a.split('|')
+      assets << " - #{asset[1]} #{"\t(#{asset[2]})" if !asset[2].empty?}\n"
+    end
+    assets
+  end
+
+  # Returns the relevant row values for printing.
+  #
+  #   - +fields+ -  The fields which are relevant to the ticket.
+  #   - +row+ -  CSV row containing vulnerability data.
+  #
+  # * *Returns* :
+  #   - String formatted with relevant fields.
+  #
+  def get_field_info(fields, row)
+    fields.map { |x| "#{x.gsub("_", " ")}: #{row[x]}" }.join(", ")
+  end
+
+  # Catch-all method when a unknown method is called
+  def method_missing(name, *args)
+    @log.log_message("Method #{name} not implemented for #{@options[:ticket_mode]} mode.")
+  end
+end

data/lib/nexpose_ticketing/modes/default_mode.rb

@@ -0,0 +1,50 @@
+require_relative './base_mode.rb'
+
+class DefaultMode < BaseMode
+
+  # Initializes the mode
+  def initialize(options)
+    super(options)
+  end
+
+  # True if this mode supports ticket updates
+  def updates_supported?
+    false
+  end
+
+  # Returns the fields used to identify individual tickets
+  def get_matching_fields
+    ['ip_address', 'vulnerability_id']
+  end
+
+  # Returns the ticket's title
+  def get_title(row)
+    truncate_title "#{row['ip_address']} => #{get_short_summary(row)}"
+  end
+
+  # Generates a unique identifier for a ticket
+  def get_nxid(nexpose_id, row)
+    "#{nexpose_id}d#{row['asset_id']}d#{row['vulnerability_id']}"
+  end
+
+  # Returns the base ticket description object
+  def get_description(nexpose_id, row)
+    description = { nxid: "NXID: #{get_nxid(nexpose_id, row)}" }
+    fields = ['header', 'references', 'solutions']
+    fields.each { |f| description[f.intern] = self.send("get_#{f}", row) }
+    description[:header] << get_discovery_info(row)
+    description
+  end
+
+  # Updates the ticket description based on row data
+  def update_description(description, row)
+    description
+  end
+  
+  # Converts the ticket description object into a formatted string
+  def print_description(description)
+    fields = [:header, :references, :solutions].map { |f| description[f] }
+    finalize_description(fields.join("\n"), 
+                         description[:nxid])
+  end
+end

data/lib/nexpose_ticketing/modes/ip_mode.rb

@@ -0,0 +1,52 @@
+require_relative './base_mode.rb'
+
+class IPMode < BaseMode
+
+  # Initializes the mode
+  def initialize(options)
+    super(options)
+  end
+
+  # Returns the fields used to identify individual tickets
+  def get_matching_fields
+    ['ip_address']
+  end
+
+  # Returns the ticket's title
+  def get_title(row)
+    truncate_title "#{row['ip_address']} => Vulnerabilities"
+  end
+
+  # Generates a unique identifier for a ticket
+  def get_nxid(nexpose_id, row)
+    "#{nexpose_id}i#{row['ip_address']}"
+  end
+
+  # Returns the base ticket description object
+  def get_description(nexpose_id, row)
+    description = { nxid: "NXID: #{get_nxid(nexpose_id, row)}" }
+    status = row['comparison']
+    description[:ticket_status] = status
+    header = "++ #{status} Vulnerabilities ++\n" if !status.nil?
+    description[:vulnerabilities] = [ header.to_s + get_vuln_info(row) ]
+    description
+  end
+
+  # Updates the ticket description based on row data
+  def update_description(description, row)
+    header = ""
+    if description[:ticket_status] != row['comparison']
+      header = "++ #{row['comparison']} Vulnerabilities ++\n"
+      description[:ticket_status] = row['comparison']
+    end
+
+    description[:vulnerabilities] << "#{header}#{get_vuln_info(row)}"
+    description
+  end
+  
+  # Converts the ticket description object into a formatted string
+  def print_description(description)
+    finalize_description(description[:vulnerabilities].join("\n"), 
+                         description[:nxid])
+  end
+end

data/lib/nexpose_ticketing/modes/vulnerability_mode.rb

@@ -0,0 +1,50 @@
+require_relative './base_mode.rb'
+
+class VulnerabilityMode < BaseMode
+
+  # Initializes the mode
+  def initialize(options)
+    super(options)
+  end
+
+  # Returns the fields used to identify individual tickets
+  def get_matching_fields
+    ['vulnerability_id']
+  end
+
+  # Returns the ticket's title
+  def get_title(row)
+    truncate_title "Vulnerability: #{row['title']}"
+  end
+
+  # Generates a unique identifier for a ticket
+  def get_nxid(nexpose_id, row)
+    "#{nexpose_id}v#{row['vulnerability_id']}"
+  end
+
+  # Returns the suffix used for query method names
+  def get_query_suffix
+    '_by_vuln_id'
+  end
+
+  # Returns the base ticket description object
+  def get_description(nexpose_id, row)
+    description = { nxid: "NXID: #{get_nxid(nexpose_id, row)}" }
+    fields = ['header', 'references', 'solutions', 'assets']
+    fields.each { |f| description[f.intern] = self.send("get_#{f}", row) }
+    description
+  end
+
+  # Updates the ticket description based on row data
+  def update_description(description, row)
+    description[:assets] += "\n#{get_assets(row)}"
+    description
+  end
+  
+  # Converts the ticket description object into a formatted string
+  def print_description(description)
+    fields = [:header, :assets, :references, :solutions]
+    finalize_description(fields.map { |f| description[f] }.join("\n"),
+                         description[:nxid])
+  end
+end

data/lib/nexpose_ticketing/nx_logger.rb

@@ -6,27 +6,23 @@ require 'singleton'
 module NexposeTicketing
   class NxLogger
     include Singleton
-    attr_accessor :options, :statistic_key, :product, :logger_file
     LOG_PATH = "./logs/rapid7_%s.log"
     KEY_FORMAT = "external.integration.%s"
     PRODUCT_FORMAT = "%s_%s"
 
     DEFAULT_LOG = 'integration'
-    PRODUCT_RANGE = 3..30
+    PRODUCT_RANGE = 4..30
     KEY_RANGE = 3..15
 
     ENDPOINT = '/data/external/statistic/'
 
     def initialize()
-      @logger_file = get_log_path product
+      create_calls
+      @logger_file = get_log_path @product
       setup_logging(true, 'info')
     end
 
     def setup_statistics_collection(vendor, product_name, gem_version)
-      #Remove illegal characters
-      vendor.to_s.gsub!('-', '_')
-      product_name.to_s.gsub!('-', '_')
-
       begin
         @statistic_key = get_statistic_key vendor
         @product = get_product product_name, gem_version
@@ -35,13 +31,14 @@ module NexposeTicketing
       end
     end
 
-    def setup_logging(enabled, log_level = 'info')
-      unless enabled || @log.nil?
-        log_message('Logging disabled.')
-        return
-      end
+    def setup_logging(enabled, log_level = 'info', stdout=false)
+      @stdout = stdout
 
-      @logger_file = get_log_path product
+      log_message('Logging disabled.') unless enabled || @log.nil?
+      @enabled = enabled
+      return unless @enabled
+
+      @logger_file = get_log_path @product
 
       require 'logger'
       directory = File.dirname(@logger_file)
@@ -58,24 +55,19 @@ module NexposeTicketing
       log_message("Logging enabled at level <#{log_level}>")
     end
 
-    # Logs an info message
-    def log_message(message)
-      @log.info(message) unless @log.nil?
-    end
-
-    # Logs a debug message
-    def log_debug_message(message)
-      @log.debug(message) unless @log.nil?
-    end
-
-    # Logs an error message
-    def log_error_message(message)
-      @log.error(message) unless @log.nil?
+    def create_calls
+      levels = [:info, :debug, :error, :warn]
+      levels.each do |level|
+        method_name = 
+        define_singleton_method("log_#{level.to_s}_message") do |message|
+          puts message if @stdout
+          @log.send(level, message) unless !@enabled || @log.nil?
+        end
+      end
     end
 
-    # Logs a warn message
-    def log_warn_message(message)
-      @log.warn(message) unless @log.nil?
+    def log_message(message)
+      log_info_message message
     end
 
     def log_stat_message(message)
@@ -92,13 +84,28 @@ module NexposeTicketing
         return nil
       end
 
+      vendor.gsub!('-', '_')
+      vendor.slice! vendor.rindex('_') until vendor.count('_') <= 1
+
+      vendor.delete! "^A-Za-z0-9\_"
+
       KEY_FORMAT % vendor[0...KEY_RANGE.max].downcase
     end
 
     def get_product(product, version)
-      return nil if (product.nil? || version.nil?)
+      return nil if ((product.nil? || product.empty?) || 
+                     (version.nil? || version.empty?))
+
+      product.gsub!('-', '_')
+      product.slice! product.rindex('_') until product.count('_') <= 1
+
+      product.delete! "^A-Za-z0-9\_"
+      version.delete! "^A-Za-z0-9\.\-"
+
       product = (PRODUCT_FORMAT % [product, version])[0...PRODUCT_RANGE.max]
 
+      product.slice! product.rindex(/[A-Z0-9]/i)+1..-1
+
       if product.length < PRODUCT_RANGE.min
         log_stat_message("Product length below minimum <#{PRODUCT_RANGE.min}>.")
         return nil
@@ -107,9 +114,12 @@ module NexposeTicketing
     end
 
     def generate_payload(statistic_value='')
-      payload = {'statistic-key' => @statistic_key,
-                 'statistic-value' => statistic_value,
-                 'product' => @product}
+      product_name, separator, version = @product.to_s.rpartition('_')
+      payload_value = {'version' => version}.to_json
+
+      payload = {'statistic-key' => @statistic_key.to_s,
+                 'statistic-value' => payload_value,
+                 'product' => product_name}
       JSON.generate(payload)
     end
 
@@ -126,6 +136,7 @@ module NexposeTicketing
       log_stat_message "Received code #{response.code} from Nexpose console."
       log_stat_message "Received message #{response.msg} from Nexpose console."
       log_stat_message 'Finished sending statistics data to Nexpose.'
+
       response.code
     end
 

data/lib/nexpose_ticketing/queries.rb

@@ -4,9 +4,8 @@ module NexposeTicketing
   # for Nexpose.
   # Copyright:: Copyright (c) 2014 Rapid7, LLC.
   module Queries
-
     # Formats SQL query for riskscore based on user config options.
-	#
+	  #
     # * *Args*    :
     #   - +riskScore+ -  riskscore for assets to match in results of query.
     #
@@ -63,8 +62,9 @@ module NexposeTicketing
     #   -Returns |asset_id| |ip_address| |current_scan|  |vulnerability_id||solution_id| |nexpose_id| 
     #    |url| |summary| |fix|
     #
-    def self.all_new_vulns(options = {})
-      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+    def self.all_new_vulns_by_ip(options = {})
+      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, 
+       subs.vulnerability_id, dv.nexpose_id as vuln_nexpose_id,
        string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
                            '|Nexpose ID: ' || ds.nexpose_id ||
                            '|Fix: ' || coalesce(proofAsText(ds.fix), 'None') ||
@@ -90,7 +90,7 @@ module NexposeTicketing
           JOIN dim_asset da ON subs.asset_id = da.asset_id
           JOIN fact_asset fa ON fa.asset_id = da.asset_id
           #{createRiskString( options[:riskScore])}
-          GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+          GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, dv.nexpose_id,
                  fa.riskscore, dv.cvss_score, fasva.first_discovered, fasva.most_recently_discovered
           ORDER BY da.ip_address, subs.vulnerability_id"
     end
@@ -102,7 +102,7 @@ module NexposeTicketing
     #    |url| |summary| |fix|
     #
     def self.all_new_vulns_by_vuln_id(options = {})
-        "SELECT DISTINCT on (subs.vulnerability_id) subs.vulnerability_id, dv.title, MAX(dv.cvss_score) as cvss_score,
+        "SELECT DISTINCT on (subs.vulnerability_id) subs.vulnerability_id, dv.nexpose_id as vuln_nexpose_id, dv.title, MAX(dv.cvss_score) as cvss_score,
                    string_agg(DISTINCT subs.asset_id ||
                      '|' || da.ip_address ||
                      '|' || coalesce(da.host_name, '')  ||
@@ -132,7 +132,7 @@ module NexposeTicketing
           JOIN fact_asset_vulnerability_age fasva ON subs.vulnerability_id = fasva.vulnerability_id AND subs.asset_id = fasva.asset_id
           #{createRiskString(options[:riskScore])}
           
-          GROUP BY subs.vulnerability_id, dv.title
+          GROUP BY subs.vulnerability_id, dv.title, dv.nexpose_id
           ORDER BY subs.vulnerability_id"
     end
     
@@ -145,8 +145,9 @@ module NexposeTicketing
     #   - Returns |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id|
     #     |url| |summary| |fix|
     #
-    def self.new_vulns_since_scan(options = {})
-      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+    def self.new_vulns_since_scan_by_ip(options = {})
+      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, 
+        subs.vulnerability_id, dv.nexpose_id as vuln_nexpose_id,
        string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
                            '|Nexpose ID: ' || ds.nexpose_id ||
                            '|Fix: ' || coalesce(proofAsText(ds.fix), 'None') ||
@@ -173,7 +174,7 @@ module NexposeTicketing
       AND subs.current_scan > #{options[:scan_id]}
       JOIN fact_asset fa ON fa.asset_id = da.asset_id
       #{createRiskString(options[:riskScore])}
-      GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+      GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, dv.nexpose_id,
                  fa.riskscore, dv.cvss_score, fasva.first_discovered, fasva.most_recently_discovered
       ORDER BY da.ip_address, subs.vulnerability_id"
     end
@@ -188,8 +189,9 @@ module NexposeTicketing
     #   - Returns |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id|
     #     |url| |summary| |fix|
     #
-    def self.new_vulns_by_vuln_id_since_scan(options = {})
-      "SELECT DISTINCT on (subs.vulnerability_id) subs.vulnerability_id, dv.title, MAX(dv.cvss_score) as cvss_score,
+    def self.new_vulns_since_scan_by_vuln_id(options = {})
+      "SELECT DISTINCT on (subs.vulnerability_id) subs.vulnerability_id, dv.nexpose_id as vuln_nexpose_id,
+       dv.title, MAX(dv.cvss_score) as cvss_score,
                    string_agg(DISTINCT subs.asset_id ||
                      '|' || da.ip_address ||
                      '|' || coalesce(da.host_name, '')  ||
@@ -219,7 +221,7 @@ module NexposeTicketing
       AND subs.current_scan > #{options[:scan_id]}
       JOIN fact_asset fa ON fa.asset_id = da.asset_id
       #{createRiskString(options[:riskScore])}
-      GROUP BY subs.vulnerability_id, dv.title
+      GROUP BY subs.vulnerability_id, dv.title, dv.nexpose_id
       ORDER BY vulnerability_id"
     end
 
@@ -266,8 +268,9 @@ module NexposeTicketing
     #   - Returns |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id|
     #     |url| |summary| |fix| |comparison|
     #
-    def self.all_vulns_since_scan(options = {})
-      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+    def self.all_vulns_since_scan_by_ip(options = {})
+      "SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, 
+        subs.vulnerability_id, dv.nexpose_id as vuln_nexpose_id,
         string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
                            '|Nexpose ID: ' || ds.nexpose_id ||
                            '|Fix: ' || coalesce(proofAsText(ds.fix), 'None') ||
@@ -293,12 +296,11 @@ module NexposeTicketing
         JOIN fact_asset fa ON fa.asset_id = subs.asset_id
          #{createRiskString(options[:riskScore])}
         AND subs.current_scan > #{options[:scan_id]}
-        GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+        GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, dv.nexpose_id,
                  fa.riskscore, dv.cvss_score, subs.comparison
-
         UNION
-
-        SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id,
+        SELECT DISTINCT on (da.ip_address, subs.vulnerability_id) subs.asset_id, da.ip_address, da.host_name, subs.current_scan, 
+        subs.vulnerability_id, dv.nexpose_id as vuln_nexpose_id,
         string_agg(DISTINCT 'Summary: ' || coalesce(ds.summary, 'None') ||
                            '|Nexpose ID: ' || ds.nexpose_id ||
                            '|Fix: ' || coalesce(proofAsText(ds.fix), 'None') ||
@@ -327,9 +329,8 @@ module NexposeTicketing
         JOIN fact_asset fa ON fa.asset_id = subs.asset_id
         #{createRiskString(options[:riskScore])}
         AND subs.current_scan > #{options[:scan_id]}
-        GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, 
+        GROUP BY subs.asset_id, da.ip_address, da.host_name, subs.current_scan, subs.vulnerability_id, dv.nexpose_id,
                  fa.riskscore, dv.cvss_score, fasva.first_discovered, fasva.most_recently_discovered, subs.comparison
-
         ORDER BY ip_address, comparison"
     end
 
@@ -343,8 +344,9 @@ module NexposeTicketing
     #   - Returns |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id|
     #     |url| |summary| |fix| |comparison|
     #
-    def self.all_vulns_by_vuln_id_since_scan(options = {})
-      "SELECT DISTINCT on (subs.vulnerability_id, subs.comparison) subs.vulnerability_id, dv.title, MAX(dv.cvss_score) as cvss_score,
+    def self.all_vulns_since_scan_by_vuln_id(options = {})
+      "SELECT DISTINCT on (subs.vulnerability_id, subs.comparison) subs.vulnerability_id, dv.nexpose_id as vuln_nexpose_id,
+       dv.title, MAX(dv.cvss_score) as cvss_score,
                    string_agg(DISTINCT subs.asset_id ||
                      '|' || da.ip_address ||
                      '|' || coalesce(da.host_name, '')  ||
@@ -374,11 +376,12 @@ module NexposeTicketing
         JOIN fact_asset fa ON fa.asset_id = subs.asset_id
          #{createRiskString(options[:riskScore])}
         AND subs.current_scan > #{options[:scan_id]}
-        GROUP BY subs.vulnerability_id, dv.title, subs.comparison
+        GROUP BY subs.vulnerability_id, dv.title, dv.nexpose_id, subs.comparison
 
         UNION
 
-        SELECT DISTINCT on (subs.vulnerability_id, subs.comparison) subs.vulnerability_id, dv.title, MAX(dv.cvss_score) as cvss_score,
+        SELECT DISTINCT on (subs.vulnerability_id, subs.comparison) subs.vulnerability_id, dv.nexpose_id as vuln_nexpose_id,
+        dv.title, MAX(dv.cvss_score) as cvss_score,
                    string_agg(DISTINCT subs.asset_id ||
                      '|' || da.ip_address ||
                      '|' || coalesce(da.host_name, '')  ||
@@ -410,7 +413,7 @@ module NexposeTicketing
         JOIN fact_asset fa ON fa.asset_id = subs.asset_id
         #{createRiskString(options[:riskScore])}
         AND subs.current_scan > #{options[:scan_id]}
-        GROUP BY subs.vulnerability_id, dv.title, subs.comparison
+        GROUP BY subs.vulnerability_id, dv.title, dv.nexpose_id, subs.comparison
 
         ORDER BY vulnerability_id, comparison"
     end
@@ -462,7 +465,7 @@ module NexposeTicketing
     #   - Returns |asset_id| |ip_address| |current_scan| |vulnerability_id| |comparison|
     #
     def self.old_tickets_by_vuln_id(options = {})
-      "SELECT subs.vulnerability_id, subs.asset_id, subs.ip_address, subs.current_scan, subs.comparison
+      "SELECT DISTINCT on(subs.vulnerability_id) subs.vulnerability_id, subs.asset_id, subs.ip_address, subs.current_scan, subs.comparison
         FROM (
           SELECT fasv.asset_id,  s.ip_address, fasv.vulnerability_id, s.current_scan, baselineComparison(fasv.scan_id, s.current_scan) as comparison, fa.riskscore
           FROM fact_asset_scan_vulnerability_finding fasv

data/lib/nexpose_ticketing/report_helper.rb

@@ -1,3 +1,4 @@
+require 'tempfile'
 require 'nexpose'
 require 'securerandom'
 include Nexpose