nexpose_ticketing 1.0.2 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -0
- data/bin/nexpose_ticketing +45 -0
- data/lib/nexpose_ticketing/config/jira.config +5 -1
- data/lib/nexpose_ticketing/config/remedy.config +4 -1
- data/lib/nexpose_ticketing/config/servicedesk.config +4 -1
- data/lib/nexpose_ticketing/config/servicenow.config +4 -1
- data/lib/nexpose_ticketing/config/ticket_service.config +13 -5
- data/lib/nexpose_ticketing/helpers/base_helper.rb +43 -0
- data/lib/nexpose_ticketing/helpers/jira_helper.rb +149 -97
- data/lib/nexpose_ticketing/helpers/remedy_helper.rb +37 -52
- data/lib/nexpose_ticketing/helpers/servicedesk_helper.rb +30 -49
- data/lib/nexpose_ticketing/helpers/servicenow_helper.rb +39 -56
- data/lib/nexpose_ticketing/modes/base_mode.rb +199 -0
- data/lib/nexpose_ticketing/modes/default_mode.rb +50 -0
- data/lib/nexpose_ticketing/modes/ip_mode.rb +52 -0
- data/lib/nexpose_ticketing/modes/vulnerability_mode.rb +50 -0
- data/lib/nexpose_ticketing/nx_logger.rb +44 -33
- data/lib/nexpose_ticketing/queries.rb +30 -27
- data/lib/nexpose_ticketing/report_helper.rb +1 -0
- data/lib/nexpose_ticketing/ticket_metrics.rb +39 -0
- data/lib/nexpose_ticketing/ticket_repository.rb +65 -206
- data/lib/nexpose_ticketing/ticket_service.rb +470 -441
- data/lib/nexpose_ticketing/version.rb +1 -1
- metadata +15 -16
- data/bin/nexpose_jira +0 -27
- data/bin/nexpose_remedy +0 -27
- data/bin/nexpose_servicedesk +0 -27
- data/bin/nexpose_servicenow +0 -27
- data/lib/nexpose_ticketing/common_helper.rb +0 -344
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nexpose_ticketing
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Damian Finol
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2016-
|
13
|
+
date: 2016-07-20 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: nexpose
|
@@ -18,20 +18,20 @@ dependencies:
|
|
18
18
|
requirements:
|
19
19
|
- - "~>"
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version: '
|
21
|
+
version: '3.1'
|
22
22
|
- - ">="
|
23
23
|
- !ruby/object:Gem::Version
|
24
|
-
version:
|
24
|
+
version: 3.1.0
|
25
25
|
type: :runtime
|
26
26
|
prerelease: false
|
27
27
|
version_requirements: !ruby/object:Gem::Requirement
|
28
28
|
requirements:
|
29
29
|
- - "~>"
|
30
30
|
- !ruby/object:Gem::Version
|
31
|
-
version: '
|
31
|
+
version: '3.1'
|
32
32
|
- - ">="
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version:
|
34
|
+
version: 3.1.0
|
35
35
|
- !ruby/object:Gem::Dependency
|
36
36
|
name: savon
|
37
37
|
requirement: !ruby/object:Gem::Requirement
|
@@ -105,22 +105,15 @@ description: This gem provides a Ruby implementation of different integrations w
|
|
105
105
|
email:
|
106
106
|
- integrations_support@rapid7.com
|
107
107
|
executables:
|
108
|
-
-
|
109
|
-
- nexpose_servicenow
|
110
|
-
- nexpose_remedy
|
111
|
-
- nexpose_servicedesk
|
108
|
+
- nexpose_ticketing
|
112
109
|
extensions: []
|
113
110
|
extra_rdoc_files:
|
114
111
|
- README.md
|
115
112
|
files:
|
116
113
|
- Gemfile
|
117
114
|
- README.md
|
118
|
-
- bin/
|
119
|
-
- bin/nexpose_remedy
|
120
|
-
- bin/nexpose_servicedesk
|
121
|
-
- bin/nexpose_servicenow
|
115
|
+
- bin/nexpose_ticketing
|
122
116
|
- lib/nexpose_ticketing.rb
|
123
|
-
- lib/nexpose_ticketing/common_helper.rb
|
124
117
|
- lib/nexpose_ticketing/config/jira.config
|
125
118
|
- lib/nexpose_ticketing/config/remedy.config
|
126
119
|
- lib/nexpose_ticketing/config/remedy_wsdl/HPD_IncidentInterface_Create_WS.xml
|
@@ -129,13 +122,19 @@ files:
|
|
129
122
|
- lib/nexpose_ticketing/config/servicenow.config
|
130
123
|
- lib/nexpose_ticketing/config/servicenow_updateset/Rapid7_Nexpose_Ticketing_ServiceNow_update_set.xml
|
131
124
|
- lib/nexpose_ticketing/config/ticket_service.config
|
125
|
+
- lib/nexpose_ticketing/helpers/base_helper.rb
|
132
126
|
- lib/nexpose_ticketing/helpers/jira_helper.rb
|
133
127
|
- lib/nexpose_ticketing/helpers/remedy_helper.rb
|
134
128
|
- lib/nexpose_ticketing/helpers/servicedesk_helper.rb
|
135
129
|
- lib/nexpose_ticketing/helpers/servicenow_helper.rb
|
130
|
+
- lib/nexpose_ticketing/modes/base_mode.rb
|
131
|
+
- lib/nexpose_ticketing/modes/default_mode.rb
|
132
|
+
- lib/nexpose_ticketing/modes/ip_mode.rb
|
133
|
+
- lib/nexpose_ticketing/modes/vulnerability_mode.rb
|
136
134
|
- lib/nexpose_ticketing/nx_logger.rb
|
137
135
|
- lib/nexpose_ticketing/queries.rb
|
138
136
|
- lib/nexpose_ticketing/report_helper.rb
|
137
|
+
- lib/nexpose_ticketing/ticket_metrics.rb
|
139
138
|
- lib/nexpose_ticketing/ticket_repository.rb
|
140
139
|
- lib/nexpose_ticketing/ticket_service.rb
|
141
140
|
- lib/nexpose_ticketing/version.rb
|
@@ -151,7 +150,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
151
150
|
requirements:
|
152
151
|
- - ">="
|
153
152
|
- !ruby/object:Gem::Version
|
154
|
-
version:
|
153
|
+
version: 2.1.5
|
155
154
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
156
155
|
requirements:
|
157
156
|
- - ">="
|
data/bin/nexpose_jira
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'yaml'
|
3
|
-
require 'nexpose_ticketing'
|
4
|
-
require 'nexpose_ticketing/nx_logger'
|
5
|
-
require 'nexpose_ticketing/version'
|
6
|
-
|
7
|
-
log = NexposeTicketing::NxLogger.instance
|
8
|
-
log.setup_statistics_collection('Atlassian', 'JIRA', NexposeTicketing::VERSION)
|
9
|
-
log.setup_logging(true, 'info')
|
10
|
-
|
11
|
-
# Path to the JIRA Configuration file.
|
12
|
-
JIRA_CONFIG_PATH = File.join(File.dirname(__FILE__),
|
13
|
-
'../lib/nexpose_ticketing/config/jira.config')
|
14
|
-
|
15
|
-
current_encoding = Encoding.default_external=Encoding.find("UTF-8")
|
16
|
-
|
17
|
-
# Read in JIRA options from jira.config.
|
18
|
-
jira_options = begin
|
19
|
-
YAML.load_file(JIRA_CONFIG_PATH)
|
20
|
-
rescue ArgumentError => e
|
21
|
-
raise "Could not parse YAML #{JIRA_CONFIG_PATH} : #{e.message}"
|
22
|
-
end
|
23
|
-
|
24
|
-
log.log_message("Current Encoding set to: #{current_encoding}")
|
25
|
-
|
26
|
-
# Initialize Ticket Service using JIRA.
|
27
|
-
NexposeTicketing.start(jira_options)
|
data/bin/nexpose_remedy
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'yaml'
|
3
|
-
require 'nexpose_ticketing'
|
4
|
-
require 'nexpose_ticketing/nx_logger'
|
5
|
-
require 'nexpose_ticketing/version'
|
6
|
-
|
7
|
-
log = NexposeTicketing::NxLogger.instance
|
8
|
-
log.setup_statistics_collection('bmc', 'Remedy', NexposeTicketing::VERSION)
|
9
|
-
log.setup_logging(true, 'info')
|
10
|
-
|
11
|
-
# Path to ServiceNow configuration file
|
12
|
-
REMEDY_CONFIG_PATH = File.join(File.dirname(__FILE__),
|
13
|
-
'../lib/nexpose_ticketing/config/remedy.config')
|
14
|
-
|
15
|
-
current_encoding = Encoding.default_external=Encoding.find("UTF-8")
|
16
|
-
|
17
|
-
# Read in ServiceNow options from servicenow.config
|
18
|
-
remedy_options = begin
|
19
|
-
YAML.load_file(REMEDY_CONFIG_PATH)
|
20
|
-
rescue ArgumentError => e
|
21
|
-
raise "Could not parse YAML #{REMEDY_CONFIG_PATH} : #{e.message}"
|
22
|
-
end
|
23
|
-
|
24
|
-
log.log_message("Current Encoding set to: #{current_encoding}")
|
25
|
-
|
26
|
-
# Initialize Nexpose Ticket Service using Remedy
|
27
|
-
NexposeTicketing.start(remedy_options)
|
data/bin/nexpose_servicedesk
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'yaml'
|
3
|
-
require 'nexpose_ticketing'
|
4
|
-
require 'nexpose_ticketing/nx_logger'
|
5
|
-
require 'nexpose_ticketing/version'
|
6
|
-
|
7
|
-
log = NexposeTicketing::NxLogger.instance
|
8
|
-
log.setup_statistics_collection('ManageEngine', 'ServiceDesk', NexposeTicketing::VERSION)
|
9
|
-
log.setup_logging(true, 'info')
|
10
|
-
|
11
|
-
# Path to ServiceNow configuration file
|
12
|
-
SERVICEDESK_CONFIG_PATH = File.join(File.dirname(__FILE__),
|
13
|
-
'../lib/nexpose_ticketing/config/servicedesk.config')
|
14
|
-
|
15
|
-
current_encoding = Encoding.default_external=Encoding.find("UTF-8")
|
16
|
-
|
17
|
-
# Read in ServiceDesk options from servicenow.config
|
18
|
-
servicedesk_options = begin
|
19
|
-
YAML.load_file(SERVICEDESK_CONFIG_PATH)
|
20
|
-
rescue ArgumentError => e
|
21
|
-
raise "Could not parse YAML #{SERVICEDESK_CONFIG_PATH} : #{e.message}"
|
22
|
-
end
|
23
|
-
|
24
|
-
log.log_message("Current Encoding set to: #{current_encoding}")
|
25
|
-
|
26
|
-
# Initialize Nexpose Ticket Service using ServiceDesk
|
27
|
-
NexposeTicketing.start(servicedesk_options)
|
data/bin/nexpose_servicenow
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'yaml'
|
3
|
-
require 'nexpose_ticketing'
|
4
|
-
require 'nexpose_ticketing/nx_logger'
|
5
|
-
require 'nexpose_ticketing/version'
|
6
|
-
|
7
|
-
log = NexposeTicketing::NxLogger.instance
|
8
|
-
log.setup_statistics_collection('ServiceNow', 'ServiceNow', NexposeTicketing::VERSION)
|
9
|
-
log.setup_logging(true, 'info')
|
10
|
-
|
11
|
-
# Path to ServiceNow configuration file
|
12
|
-
SERVICENOW_CONFIG_PATH = File.join(File.dirname(__FILE__),
|
13
|
-
'../lib/nexpose_ticketing/config/servicenow.config')
|
14
|
-
|
15
|
-
current_encoding = Encoding.default_external=Encoding.find("UTF-8")
|
16
|
-
|
17
|
-
# Read in ServiceNow options from servicenow.config
|
18
|
-
servicenow_options = begin
|
19
|
-
YAML.load_file(SERVICENOW_CONFIG_PATH)
|
20
|
-
rescue ArgumentError => e
|
21
|
-
raise "Could not parse YAML #{SERVICENOW_CONFIG_PATH} : #{e.message}"
|
22
|
-
end
|
23
|
-
|
24
|
-
log.log_message("Current Encoding set to: #{current_encoding}")
|
25
|
-
|
26
|
-
# Initialize Nexpose Ticket Service using ServiceNow
|
27
|
-
NexposeTicketing.start(servicenow_options)
|
@@ -1,344 +0,0 @@
|
|
1
|
-
module NexposeTicketing
|
2
|
-
class CommonHelper
|
3
|
-
MAX_NUM_REFS = 3
|
4
|
-
|
5
|
-
def initialize(options)
|
6
|
-
@ticketing_mode = options[:ticket_mode]
|
7
|
-
end
|
8
|
-
|
9
|
-
# Gets the base description hash from the relevant mode-specific method
|
10
|
-
# which can converted into a finished description.
|
11
|
-
#
|
12
|
-
# - +nexpose_id+ - The site or tag indentifier.
|
13
|
-
# - +options+ - The options read from the ticket config file.
|
14
|
-
#
|
15
|
-
# * *Returns* :
|
16
|
-
# - Hash containing ticket description information.
|
17
|
-
#
|
18
|
-
def get_description(nexpose_id, row)
|
19
|
-
description = { nxid: "NXID: #{generate_nxid(nexpose_id, row)}" }
|
20
|
-
case @ticketing_mode
|
21
|
-
when 'D' then get_default_ticket_description(description, row)
|
22
|
-
when 'I' then get_ip_ticket_description(description, row)
|
23
|
-
when 'V' then get_vuln_ticket_description(description, row)
|
24
|
-
else fail "Ticketing mode #{@ticketing_mode} not recognised."
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
# Updates an existing description hash containing information
|
29
|
-
# necessary to generate a ticket description.
|
30
|
-
# Note that Default mode tickets may not be updated.
|
31
|
-
#
|
32
|
-
# - +description+ - The existing ticket hash to be updated.
|
33
|
-
# - +row+ - CSV row containing vulnerability data.
|
34
|
-
#
|
35
|
-
# * *Returns* :
|
36
|
-
# - Hash containing ticket description information.
|
37
|
-
#
|
38
|
-
def update_description(description, row)
|
39
|
-
case @ticketing_mode
|
40
|
-
when 'I' then return update_ip_ticket_description(description, row)
|
41
|
-
when 'V' then return update_vuln_ticket_description(description, row)
|
42
|
-
else description
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
# Generates a final description string based on a description hash.
|
47
|
-
#
|
48
|
-
# - +description+ - The finished ticket hash to be converted.
|
49
|
-
#
|
50
|
-
# * *Returns* :
|
51
|
-
# - String containing ticket description text.
|
52
|
-
#
|
53
|
-
def print_description(description)
|
54
|
-
ticket = case @ticketing_mode
|
55
|
-
when 'D' then print_default_ticket_description(description)
|
56
|
-
when 'I' then print_ip_ticket_description(description)
|
57
|
-
when 'V' then print_vuln_ticket_description(description)
|
58
|
-
else fail "Ticketing mode #{@ticketing_mode} not recognised."
|
59
|
-
end
|
60
|
-
ticket << "\n\n\n#{description[:nxid]}"
|
61
|
-
ticket
|
62
|
-
end
|
63
|
-
|
64
|
-
# Generates a hash containing the information necessary
|
65
|
-
# to generate a Default-mode ticket description.
|
66
|
-
#
|
67
|
-
# - +description+ - Base ticket hash with NXID.
|
68
|
-
# - +row+ - CSV row containing vulnerability data.
|
69
|
-
#
|
70
|
-
# * *Returns* :
|
71
|
-
# - Hash containing ticket description information.
|
72
|
-
#
|
73
|
-
def get_default_ticket_description(description, row)
|
74
|
-
description[:header] = get_vuln_header(row)
|
75
|
-
description[:header] << get_discovery_info(row)
|
76
|
-
description[:references] = get_references(row)
|
77
|
-
description[:solutions] = get_solutions(row)
|
78
|
-
description
|
79
|
-
end
|
80
|
-
|
81
|
-
# Generates a hash containing the information necessary
|
82
|
-
# to generate an IP-mode ticket description.
|
83
|
-
#
|
84
|
-
# - +description+ - Base ticket hash with NXID.
|
85
|
-
# - +row+ - CSV row containing vulnerability data.
|
86
|
-
#
|
87
|
-
# * *Returns* :
|
88
|
-
# - Hash containing ticket description information.
|
89
|
-
#
|
90
|
-
def get_ip_ticket_description(description, row)
|
91
|
-
description[:vulnerabilities] = []
|
92
|
-
|
93
|
-
status = row['comparison']
|
94
|
-
vuln_info = "++ #{status} Vulnerabilities ++\n" if !status.nil?
|
95
|
-
description[:ticket_status] = status
|
96
|
-
|
97
|
-
vuln_info = vuln_info.to_s + get_vuln_info(row)
|
98
|
-
description[:vulnerabilities] << vuln_info
|
99
|
-
description
|
100
|
-
end
|
101
|
-
|
102
|
-
# Generates a hash containing the information necessary
|
103
|
-
# to generate a Vulnerability-mode ticket description.
|
104
|
-
#
|
105
|
-
# - +description+ - Base ticket hash with NXID.
|
106
|
-
# - +row+ - CSV row containing vulnerability data.
|
107
|
-
#
|
108
|
-
# * *Returns* :
|
109
|
-
# - Hash containing ticket description information.
|
110
|
-
#
|
111
|
-
def get_vuln_ticket_description(description, row)
|
112
|
-
description[:header] = get_vuln_header(row)
|
113
|
-
description[:references] = get_references(row)
|
114
|
-
description[:solutions] = get_solutions(row)
|
115
|
-
description[:assets] = get_assets(row)
|
116
|
-
description
|
117
|
-
end
|
118
|
-
|
119
|
-
# Updates an existing IP-mode description hash containing information
|
120
|
-
# necessary to generate a ticket description.
|
121
|
-
#
|
122
|
-
# - +description+ - The existing ticket hash to be updated.
|
123
|
-
# - +row+ - CSV row containing vulnerability data.
|
124
|
-
#
|
125
|
-
# * *Returns* :
|
126
|
-
# - Hash containing updated ticket description information.
|
127
|
-
#
|
128
|
-
def update_ip_ticket_description(description, row)
|
129
|
-
status = row['comparison']
|
130
|
-
header = "++ #{status} Vulnerabilities ++\n"
|
131
|
-
header = "" unless description[:ticket_status] != status
|
132
|
-
|
133
|
-
description[:vulnerabilities] << "#{header}#{get_vuln_info(row)}"
|
134
|
-
description
|
135
|
-
end
|
136
|
-
|
137
|
-
# Updates an existing Vulnerability-mode description hash containing
|
138
|
-
# information necessary to generate a ticket description.
|
139
|
-
#
|
140
|
-
# - +description+ - The existing ticket hash to be updated.
|
141
|
-
# - +row+ - CSV row containing vulnerability data.
|
142
|
-
#
|
143
|
-
# * *Returns* :
|
144
|
-
# - Hash containing updated ticket description information.
|
145
|
-
#
|
146
|
-
def update_vuln_ticket_description(description, row)
|
147
|
-
description[:assets] += "\n#{get_assets(row)}"
|
148
|
-
description
|
149
|
-
end
|
150
|
-
|
151
|
-
# Generates a final description string based on a Default-mode
|
152
|
-
# description hash.
|
153
|
-
#
|
154
|
-
# - +description+ - The finished ticket hash to be converted.
|
155
|
-
#
|
156
|
-
# * *Returns* :
|
157
|
-
# - String containing ticket description text.
|
158
|
-
#
|
159
|
-
def print_default_ticket_description(description)
|
160
|
-
ticket = "#{description[:header]}\n#{description[:references]}"
|
161
|
-
ticket << "#{description[:solutions]}"
|
162
|
-
ticket
|
163
|
-
end
|
164
|
-
|
165
|
-
# Generates a final description string based on an IP-mode
|
166
|
-
# description hash.
|
167
|
-
#
|
168
|
-
# - +description+ - The finished ticket hash to be converted.
|
169
|
-
#
|
170
|
-
# * *Returns* :
|
171
|
-
# - String containing ticket description text.
|
172
|
-
#
|
173
|
-
def print_ip_ticket_description(description)
|
174
|
-
ticket = ''
|
175
|
-
description[:vulnerabilities].each { |v| ticket << "#{v}\n" }
|
176
|
-
ticket
|
177
|
-
end
|
178
|
-
|
179
|
-
# Generates a final description string based on a Vulnerability-mode
|
180
|
-
# description hash.
|
181
|
-
#
|
182
|
-
# - +description+ - The finished ticket hash to be converted.
|
183
|
-
#
|
184
|
-
# * *Returns* :
|
185
|
-
# - String containing ticket description text.
|
186
|
-
#
|
187
|
-
def print_vuln_ticket_description(description)
|
188
|
-
ticket = "#{description[:header]}\n#{description[:assets]}"
|
189
|
-
ticket << "\n#{description[:references]}\n#{description[:solutions]}"
|
190
|
-
ticket
|
191
|
-
end
|
192
|
-
|
193
|
-
# Generates the NXID. The NXID is a unique identifier used to find and update and/or close tickets.
|
194
|
-
#
|
195
|
-
# * *Args* :
|
196
|
-
# - +nexpose_identifier_id+ - Site/TAG ID the tickets are being generated for. Required for all? { |e| } ticketing modes
|
197
|
-
# - +row+ - Row from the generated Nexpose CSV report. Required for default ('D') mode.
|
198
|
-
# - +current_ip+ - The IP address of that this ticket is for. Required for IP mode ('I') mode.
|
199
|
-
#
|
200
|
-
# * *Returns* :
|
201
|
-
# - NXID string.
|
202
|
-
#
|
203
|
-
def generate_nxid(nexpose_id, row)
|
204
|
-
fail 'Row data is nil' if row.nil?
|
205
|
-
|
206
|
-
case @ticketing_mode
|
207
|
-
when 'D' then "#{nexpose_id}d#{row['asset_id']}d#{row['vulnerability_id']}"
|
208
|
-
when 'I' then "#{nexpose_id}i#{row['ip_address']}"
|
209
|
-
when 'V' then "#{nexpose_id}v#{row['vulnerability_id']}"
|
210
|
-
else fail 'Ticketing mode not recognised.'
|
211
|
-
end
|
212
|
-
end
|
213
|
-
|
214
|
-
# Formats the row data to be inserted into a 'D' or 'I' mode ticket description.
|
215
|
-
#
|
216
|
-
# - +row+ - CSV row containing vulnerability data.
|
217
|
-
#
|
218
|
-
# * *Returns* :
|
219
|
-
# - String formatted with vulnerability data.
|
220
|
-
#
|
221
|
-
def get_vuln_info(row)
|
222
|
-
ticket = get_vuln_header(row)
|
223
|
-
ticket << get_discovery_info(row)
|
224
|
-
ticket << get_references(row)
|
225
|
-
ticket << "\n#{get_solutions(row)}"
|
226
|
-
ticket.gsub("\n", "\n ")
|
227
|
-
end
|
228
|
-
|
229
|
-
# Generates the vulnerability header from the row data.
|
230
|
-
#
|
231
|
-
# - +row+ - CSV row containing vulnerability data.
|
232
|
-
#
|
233
|
-
# * *Returns* :
|
234
|
-
# - String formatted with vulnerability data.
|
235
|
-
#
|
236
|
-
def get_vuln_header(row)
|
237
|
-
ticket = "\n=============================="
|
238
|
-
ticket << "\nVulnerability ID: #{row['vulnerability_id']}"
|
239
|
-
ticket << "\nCVSS Score: #{row['cvss_score']}"
|
240
|
-
ticket << "\n=============================="
|
241
|
-
ticket
|
242
|
-
end
|
243
|
-
|
244
|
-
# Generates the ticket's title depending on the ticketing mode.
|
245
|
-
#
|
246
|
-
# - +row+ - CSV row containing vulnerability data.
|
247
|
-
#
|
248
|
-
# * *Returns* :
|
249
|
-
# - String containing the ticket title.
|
250
|
-
#
|
251
|
-
def get_title(row, maximum=nil)
|
252
|
-
title = case @ticketing_mode
|
253
|
-
when 'D' then "#{row['ip_address']} => #{get_short_summary(row)}"
|
254
|
-
when 'I' then "#{row['ip_address']} => Vulnerabilities"
|
255
|
-
when 'V' then "Vulnerability: #{row['title']}"
|
256
|
-
else fail 'Ticketing mode not recognised.'
|
257
|
-
end
|
258
|
-
return title if maximum == nil || title.length < maximum
|
259
|
-
|
260
|
-
title = "#{title[0, 97]}..."
|
261
|
-
end
|
262
|
-
|
263
|
-
# Generates a short summary for a vulnerability.
|
264
|
-
#
|
265
|
-
# - +row+ - CSV row containing vulnerability data.
|
266
|
-
#
|
267
|
-
# * *Returns* :
|
268
|
-
# - String containing a short summary of the vulnerability.
|
269
|
-
#
|
270
|
-
def get_short_summary(row)
|
271
|
-
summary = row['solutions']
|
272
|
-
delimiter = summary.to_s.index('|')
|
273
|
-
return summary[summary.index(':')+1...delimiter].strip if delimiter
|
274
|
-
summary.length <= 100 ? summary : summary[0...100]
|
275
|
-
end
|
276
|
-
|
277
|
-
# Formats the solutions for a vulnerability in a format suitable to be inserted into a ticket.
|
278
|
-
#
|
279
|
-
# - +row+ - CSV row containing vulnerability data.
|
280
|
-
#
|
281
|
-
# * *Returns* :
|
282
|
-
# - String formatted with solution information.
|
283
|
-
#
|
284
|
-
def get_solutions(row)
|
285
|
-
row['solutions'].to_s.gsub('|', "\n").gsub('~', "\n--\n")
|
286
|
-
end
|
287
|
-
|
288
|
-
def get_discovery_info(row)
|
289
|
-
return '' if row['first_discovered'].to_s == ""
|
290
|
-
info = "\nFirst Seen: #{row['first_discovered']}\n"
|
291
|
-
info << "Last Seen: #{row['most_recently_discovered']}\n"
|
292
|
-
info
|
293
|
-
end
|
294
|
-
|
295
|
-
# Formats the references for a vulnerability in a format suitable to be inserted into a ticket.
|
296
|
-
#
|
297
|
-
# - +row+ - CSV row containing vulnerability data.
|
298
|
-
#
|
299
|
-
# * *Returns* :
|
300
|
-
# - String formatted with source and reference.
|
301
|
-
#
|
302
|
-
def get_references(row)
|
303
|
-
return '' if row['references'].nil?
|
304
|
-
references = "\nSources:\n"
|
305
|
-
refs = row['references'].split(', ')
|
306
|
-
refs[MAX_NUM_REFS] = '...' if refs.count > MAX_NUM_REFS
|
307
|
-
refs[0..MAX_NUM_REFS].each { |r| references << " - #{r}\n" }
|
308
|
-
references
|
309
|
-
end
|
310
|
-
|
311
|
-
|
312
|
-
# Returns the assets for a vulnerability in a format suitable to be inserted into a ticket.
|
313
|
-
#
|
314
|
-
# - +row+ - CSV row containing vulnerability data.
|
315
|
-
#
|
316
|
-
# * *Returns* :
|
317
|
-
# - String formatted with affected assets.
|
318
|
-
#
|
319
|
-
def get_assets(row)
|
320
|
-
status = row['comparison']
|
321
|
-
header = "\n#{status || 'Affected' } Assets\n"
|
322
|
-
|
323
|
-
assets = []
|
324
|
-
row['assets'].to_s.split('~').each do |a|
|
325
|
-
details = a.split('|')
|
326
|
-
assets << " - #{details[1]} #{"\t(#{details[2]})" if !details[2].empty?}"
|
327
|
-
end
|
328
|
-
asset_list = assets.join("\n")
|
329
|
-
"#{header}#{asset_list}"
|
330
|
-
end
|
331
|
-
|
332
|
-
# Returns the relevant row values for printing.
|
333
|
-
#
|
334
|
-
# - +fields+ - The fields which are relevant to the ticket.
|
335
|
-
# - +row+ - CSV row containing vulnerability data.
|
336
|
-
#
|
337
|
-
# * *Returns* :
|
338
|
-
# - String formatted with relevant fields.
|
339
|
-
#
|
340
|
-
def get_field_info(fields, row)
|
341
|
-
fields.map { |x| "#{x.sub("_", " ")}: #{row[x]}" }.join(", ")
|
342
|
-
end
|
343
|
-
end
|
344
|
-
end
|