nexpose_ticketing 0.0.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MWYyZjg5NzU4ZDJhN2MxZmE5OTY4MjFhMjc4OTA0YzhjNjA5ZDA3ZA==
+  data.tar.gz: !binary |-
+    MzgwMjQ4M2ViNmFkMGVhMjQ5NWM0NGFiOGIwNTgxZDBkNjJhOGU5OA==
+SHA512:
+  metadata.gz: !binary |-
+    NzQ3N2I1ZjJiMDdlMmJmOGJkZTYwNjI4YTBlZTU1N2IzNGEyZWY2YmY5NTBl
+    NTQ2MmRjODcwOGY5NTlmNjNhNGMyYTljZTgxNzU2NGU0MGY2ZTIxMThiMGUw
+    ZTNiZWM1ODQ3MjI0ODA2NmZmYWVkMDJmZDY5MTI5MzY4NjIxZDU=
+  data.tar.gz: !binary |-
+    NTUxYzM5YmUzYmVlMWRiNmM3NjhiZTgxYWEyNWE4YzEzNDdhZGQ2ZjkyZTcw
+    NDQ1ZDBkZjE1YmQ5Nzg3ZmQwZDY3NDM4YzcyZWFkMmM2MDM3NzRmODFiYjdk
+    YjhjMDNhNzQyYTJjNTA3MDNhMDkxMjY0OWEyMTgxOGU3YzlmMzk=

data/README.markdown

@@ -0,0 +1,38 @@
+# Nexpose Ticketing Engine.
+
+This is the official gem package for the Ruby Nexpose Ticketing engine.
+
+To share your scripts, or to discuss different approaches, please visit the Rapid7 forums for Nexpose: https://community.rapid7.com/community/nexpose
+
+For assistance with using the gem please email the Rapid7 integrations support team at integrations_support@rapid7.com.
+
+# Usage
+
+To use the JIRA implementation please follow these steps:
+* Edit the jira.config file under config and add the necessary data.
+* Edit the ticket_service.config file under config and add the necessary data.
+* Run the jira file under the bin folder. If installed with Gem 'console> jira' should suffice.
+
+A logger is implemented by default, and the log can be found under the log folder; please refer to the log file in case of an error.
+
+
+## Contributions
+
+This package is currently a work in progress. Currently there's only a JIRA implementation, with more on the works.
+
+To develop your own implementation for Ticketing service 'foo':
+
+* Create a helper class that implements the following methods:
+** create_ticket(tickets) - This method should implement the transport class for the 'foo' service (https, smtp, SOAP, etc).
+** prepare_tickets(tickets) - This method will call the selected preparation type: default or ip.
+** prepare_tickets_default(vulnerability_list) - This method will take the vulnerability_list in CSV format and transform it into 'foo' accepted data (JSON, XML, etc) per vulnerability.
+** prepare_tickets_by_ip(vulnerability_list) - This method will take the vulnerability_list in CSV format and transform it into 'food' accepted data (JSON, XML, etc) collapsing all vulnerabilities by IP.
+* Create your 'foo' caller under bin. See the file 'jira' for reference.
+
+Please see jira_helper.rb under helpers for an helper example, and two_vulns_report.csv under the test folder for a sample CSV report.
+
+We welcome contributions to this package. We ask only that pull requests and patches adhere to our coding standards.
+
+* Favor returning classes over key-value maps. Classes tend to be easier for users to manipulate and use.
+* Unless otherwise noted, code should adhere to the Ruby Style Guide: https://github.com/bbatsov/ruby-style-guide
+* Use YARDoc comment style to improve the API documentation of the gem.

data/bin/nexpose_jira

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+require 'yaml'
+require 'nexpose_ticketing'
+# Path to the JIRA Configuration file.
+JIRA_CONFIG_PATH = File.join(File.dirname(__FILE__),'../lib/nexpose_ticketing/config/jira.config')
+#JIRA_CONFIG_PATH = '../lib/nexpose_ticketing/config/jira.config'
+
+# Read in JIRA options from jira.config.
+jira_options = begin
+  YAML.load_file(JIRA_CONFIG_PATH)
+rescue ArgumentError => e
+  raise "Could not parse YAML #{JIRA_CONFIG_PATH} : #{e.message}"
+end
+
+# Initialize Ticket Service using JIRA.
+NexposeTicketing.start(jira_options)
+

data/lib/nexpose_ticketing/config/jira.config

@@ -0,0 +1,11 @@
+---
+# This configuration file defines all the particular options necessary to support the helper.
+# Fields marked (M) are mandatory.
+#
+# (M)) Helper class name.
+:helper_name: JiraHelper
+# Optional parameters, these are implementation specific.
+:jira_url: https://url/rest/api/2/issue/
+:username: jirausername
+:password: jirapassword
+:project: projectname

data/lib/nexpose_ticketing/config/ticket_service.config

@@ -0,0 +1,27 @@
+---
+# This configuration file defines all the particular options necessary to run the service.
+# Fields marked (M) are mandatory.
+#
+# Service options:
+:options:
+  # (M) Enables logging to the log directory.
+  :logging_enabled: true
+  # Filters the reports to specific sites one per line, leave empty for no site.
+  :sites:
+  - '1'
+  # Minimum floor severity to report on. Number between 0 and 10.
+  :severity: 8
+  # (M) Name of the report historial file saved in disk.
+  :file_name: last_scan_data.csv
+  # (M) Defines the ticket creation mode:
+  #   'D' Default IP *-* Vulnerability
+  #   'I' IP address -* Vulnerability
+  :ticket_mode: I
+# Nexpose options.
+:nexpose_data:
+  # (M) Nexpose console hostname.
+  :nxconsole: 127.0.0.1
+  # (M) Nexpose username.
+  :nxuser: nxusername
+  # (M) Nexpose password.
+  :nxpasswd: nxpassword

data/lib/nexpose_ticketing/helpers/jira_helper.rb

@@ -0,0 +1,104 @@
+# This class serves as the JIRA interface
+# that creates issues within JIRA from vulnerabilities
+# found in Nexpose.
+# Copyright:: Copyright (c) 2014 Rapid7, LLC.
+require 'json'
+require 'net/http'
+require 'net/https'
+require 'uri'
+require 'csv'
+class JiraHelper
+  attr_accessor :jira_data, :options
+  def initialize(jira_data, options)
+    @jira_data = jira_data
+    @options = options
+  end
+
+  def create_ticket(tickets)
+    fail 'Ticket(s) cannot be empty.' if tickets.empty? || tickets.nil?
+    tickets.each do |ticket|
+      headers = { 'Content-Type' => 'application/json',
+                  'Accept' => 'application/json' }
+      url = URI.parse("#{@jira_data[:jira_url]}")
+      req = Net::HTTP::Post.new(@jira_data[:jira_url], headers)
+      req.basic_auth @jira_data[:username], @jira_data[:password]
+      req.body = ticket
+      resp = Net::HTTP.new(url.host, url.port)
+      # Enable this line for debugging the https call.
+      # resp.set_debug_output $stderr
+      resp.use_ssl = true if @jira_data[:jira_url].to_s.start_with?('https')
+      resp.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      resp.start { |http| http.request(req) }
+    end
+  end
+
+  # Prepares tickets from the CSV.
+  def prepare_tickets(vulnerability_list)
+    @ticket = Hash.new(-1)
+    case @options[:ticket_mode]
+    # 'D' Default IP *-* Vulnerability
+    when 'D'
+      prepare_tickets_default(vulnerability_list)
+    # 'I' IP address -* Vulnerability
+    when 'I'
+      prepare_tickets_by_ip(vulnerability_list)
+    else
+        fail 'No ticketing mode selected.'
+    end
+  end
+
+  # Prepares and creates tickets in default mode.
+  def prepare_tickets_default(vulnerability_list)
+    tickets = []
+    CSV.parse(vulnerability_list.chomp, headers: :first_row)  do |row|
+      # JiraHelper doesn't like new line characters in their summaries.
+      summary = row['summary'].gsub(/\n/, ' ')
+      ticket = {
+          'fields' => {
+              'project' => {
+                  'key' => "#{@jira_data[:project]}" },
+              'summary' => "#{row['ip_address']} => #{summary}",
+              'description' => "#{row['fix']} \n\n #{row['url']}",
+              'issuetype' => {
+                  'name' => 'Task' }
+          }
+      }.to_json
+      tickets.push(ticket)
+    end
+    tickets
+  end
+
+  # Prepares and creates tickets in IP mode.
+  def prepare_tickets_by_ip(vulnerability_list)
+    tickets = []
+    current_ip = -1
+    CSV.parse(vulnerability_list.chomp, headers: :first_row)  do |row|
+      if current_ip == -1
+        current_ip = row['ip_address']
+        @ticket = {
+            'fields' => {
+                'project' => {
+                    'key' => "#{@jira_data[:project]}" },
+                'summary' => "#{row['ip_address']} => Vulnerabilities",
+                'description' => '',
+                'issuetype' => {
+                    'name' => 'Task' }
+            }
+        }
+      end
+      if current_ip == row['ip_address']
+        @ticket['fields']['description'] += "\n ==============================\n
+          #{row['summary']} \n ==============================\n
+          \n #{row['fix']}\n\n #{row['url']}"
+      end
+      unless current_ip == row['ip_address']
+        @ticket = @ticket.to_json
+        tickets.push(@ticket)
+        current_ip = -1
+        redo
+      end
+    end
+    tickets.push(@ticket.to_json) unless @ticket.nil?
+    tickets
+  end
+end

data/lib/nexpose_ticketing/queries.rb

@@ -0,0 +1,60 @@
+module NexposeTicketing
+  # This class serves as repository of SQL queries
+  # to be executed by the SQL Repository Exporter
+  # for Nexpose.
+  # Copyright:: Copyright (c) 2014 Rapid7, LLC.
+  module Queries
+    # Gets all the latests scans.
+    # Returns |site.id| |last_scan_id| |finished|
+    def Queries.last_scans
+      'SELECT ds.site_id, ds.last_scan_id, dsc.finished
+        FROM dim_site ds
+        JOIN dim_scan dsc ON ds.last_scan_id = dsc.scan_id'
+    end
+
+    # Gets all delta vulns for all sites.
+    # Returns |asset_id| |ip_address| |current_scan|  |vulnerability_id|
+    # |solution_id| |nexpose_id| |url| |summary| |fix|
+    def Queries.all_delta_vulns
+      "SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, davs.solution_id, ds.nexpose_id, ds.url,
+      proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix
+        FROM (SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan
+          FROM fact_asset_scan_vulnerability_finding fasv
+          JOIN
+          (
+            SELECT asset_id, previousScan(asset_id) AS baseline_scan, lastScan(asset_id) AS current_scan
+              FROM dim_asset) s
+              ON s.asset_id = fasv.asset_id AND (fasv.scan_id = s.baseline_scan OR fasv.scan_id = s.current_scan)
+              GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
+              HAVING baselineComparison(fasv.scan_id, current_scan) = 'New'
+          ) subs
+        JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
+        JOIN dim_solution ds USING (solution_id)
+        JOIN dim_asset da ON subs.asset_id = da.asset_id
+        ORDER BY da.ip_address"
+    end
+
+    # Gets all delta vulns happening after reported scan id
+    # Returns |asset_id| |ip_address| |current_scan|  |vulnerability_id|
+    # |solution_id| |nexpose_id| |url| |summary| |fix|
+    def Queries.delta_vulns_since_scan(reported_scan)
+      "SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, davs.solution_id, ds.nexpose_id, ds.url,
+      proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix
+        FROM (SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan
+          FROM fact_asset_scan_vulnerability_finding fasv
+          JOIN
+          (
+            SELECT asset_id, previousScan(asset_id) AS baseline_scan, lastScan(asset_id) AS current_scan
+              FROM dim_asset) s
+              ON s.asset_id = fasv.asset_id AND (fasv.scan_id > #{reported_scan} OR fasv.scan_id = s.current_scan)
+              GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
+              HAVING baselineComparison(fasv.scan_id, current_scan) = 'New'
+          ) subs
+      JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
+      JOIN dim_solution ds USING (solution_id)
+      JOIN dim_asset da ON subs.asset_id = da.asset_id
+      AND subs.current_scan > #{reported_scan}
+      ORDER BY da.ip_address"
+    end
+  end
+end

data/lib/nexpose_ticketing/ticket_repository.rb

@@ -0,0 +1,103 @@
+module NexposeTicketing
+  # Repository class that creates and returns generated reports.
+  class TicketRepository
+    require 'csv'
+    require 'nexpose'
+    require 'nexpose_ticketing/queries'
+
+    def nexpose_login (nexpose_data)
+      @nsc = Nexpose::Connection.new(nexpose_data[:nxconsole], nexpose_data[:nxuser], nexpose_data[:nxpasswd])
+      @nsc.login
+    end
+
+    # Reads the site scan history from disk.
+    #
+    # * *Args*    :
+    #   - +csv_file_name+ -  CSV File name.
+    #
+    # * *Returns* :
+    #   - A hash with site_ids => last_scan_id
+    #
+    def read_last_scans(csv_file_name)
+      file_site_histories = Hash.new(-1)
+      CSV.foreach(csv_file_name, headers: true) do |row|
+        file_site_histories[row['site_id']] = row['last_scan_id']
+      end
+      file_site_histories
+    end
+
+    # Saves the last scan info to disk.
+    #
+    # * *Args*    :
+    #   - +csv_file_name+ -  CSV File name.
+    #
+    def save_last_scans(csv_file_name, saved_file = nil, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
+      report_config.add_filter('version', '1.1.0')
+      report_config.add_filter('query', Queries.last_scans)
+      report_output = report_config.generate(@nsc)
+      csv_output = CSV.parse(report_output.chomp,  headers: :first_row )
+      saved_file.open(csv_file_name, 'w') { |file| file.puts(csv_output) } unless saved_file.nil?
+      if saved_file.nil?
+        File.open(csv_file_name, 'w') { |file| file.puts(csv_output) }
+      end
+    end
+
+    # Gets the last scan information from nexpose.
+    #
+    # * *Returns* :
+    #   - A hash with site_ids => last_scan_id
+    #
+    def last_scans(report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
+      report_config.add_filter('version', '1.1.0')
+      report_config.add_filter('query', Queries.last_scans)
+      report_output = report_config.generate(@nsc).chomp
+      nexpose_sites = Hash.new(-1)
+      CSV.parse(report_output, headers: :first_row)  do |row|
+        nexpose_sites[row['site_id']] = row['last_scan_id'].to_i
+      end
+      nexpose_sites
+    end
+
+    # Gets all the vulnerabilities for a new site or fresh install.
+    #
+    # * *Args*    :
+    #   - +site_options+ -  A Hash with site(s) and severity level.
+    #
+    # * *Returns* :
+    #   - Returns CSV |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id| |url| |summary| |fix|
+    #
+    def all_vulns(site_options = {}, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
+      sites = Array(site_options[:sites])
+      severity = site_options[:severity].nil? ? 0 : site_options[:severity]
+      report_config.add_filter('version', '1.1.0')
+      report_config.add_filter('query', Queries.all_delta_vulns)
+      unless sites.empty?
+        sites.each do |site_id|
+          report_config.add_filter('site', site_id)
+        end
+      end
+      report_config.add_filter('vuln-severity', severity)
+      report_config.generate(@nsc)
+    end
+
+    # Gets the delta vulns from base scan reported_scan_id and the newest / latest scan from a site.
+    #
+    # * *Args*    :
+    #   - +site_options+ -  A Hash with site(s), reported_scan_id and severity level.
+    #
+    # * *Returns* :
+    #   - Returns CSV |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id| |url| |summary| |fix|
+    #
+    def delta_vulns_sites(site_options = {}, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
+      site = site_options[:site_id]
+      reported_scan_id = site_options[:scan_id]
+      fail 'Site cannot be null or empty' if site.nil? || reported_scan_id.nil?
+      severity = site_options[:severity].nil? ? 0 : site_options[:severity]
+      report_config.add_filter('version', '1.1.0')
+      report_config.add_filter('query', Queries.delta_vulns_since_scan(reported_scan_id))
+      report_config.add_filter('site', site)
+      report_config.add_filter('vuln-severity', severity)
+      report_config.generate(@nsc)
+    end
+  end
+end

data/lib/nexpose_ticketing/ticket_service.rb

@@ -0,0 +1,197 @@
+module NexposeTicketing
+#
+# The Nexpose Ticketing service.
+#
+=begin
+
+Copyright (C) 2014, Rapid7 LLC
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+
+    * Neither the name of Rapid7 LLC nor the names of its contributors
+      may be used to endorse or promote products derived from this software
+      without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+=end
+
+#
+# WARNING! This code makes an SSL connection to the Nexpose server, but does NOT
+#          verify the certificate at this time. This can be a security issue if
+#          an attacker is able to man-in-the-middle the connection between the
+#          Metasploit console and the Nexpose server. In the common case of
+#          running Nexpose and Metasploit on the same host, this is a low risk.
+#
+
+#
+# WARNING! This code is still rough and going through substantive changes. While
+#          you can build tools using this library today, keep in mind that
+#          method names and parameters may change in the future.
+#
+  class TicketService
+    require 'csv'
+    require 'yaml'
+    require 'fileutils'
+    require 'nexpose_ticketing/ticket_repository'
+
+    TICKET_SERVICE_CONFIG_PATH =  File.join(File.dirname(__FILE__),'/config/ticket_service.config')
+    LOGGER_FILE = File.join(File.dirname(__FILE__),'/log/ticket_service.log')
+
+    attr_accessor :helper_data, :nexpose_data, :options, :ticket_repository, :first_time, :nexpose_site_histories
+
+    def setup(helper_data)
+      # Gets the Ticket Service configuration.
+      service_data = begin
+        YAML.load_file(TICKET_SERVICE_CONFIG_PATH)
+      rescue ArgumentError => e
+        raise "Could not parse YAML #{TICKET_SERVICE_CONFIG_PATH} : #{e.message}"
+      end
+      @helper_data = helper_data
+      @nexpose_data = service_data[:nexpose_data]
+      @options = service_data[:options]
+      @options[:file_name] = "#{@options[:file_name]}"
+
+      # Setups logging if enabled.
+      setup_logging(@options[:logging_enabled])
+
+      # Loads all the helpers.
+      log_message('Loading helpers.')
+      Dir[File.join(File.dirname(__FILE__),'/helpers/*.rb')].each do |file|
+        log_message("Loading helper: #{file}")
+        require_relative file
+      end
+      log_message("Enabling helper: #{@helper_data[:helper_name]}.")
+      @helper = eval(@helper_data[:helper_name]).new(@helper_data, @options)
+      @ticket_repository = NexposeTicketing::TicketRepository.new
+      @ticket_repository.nexpose_login(@nexpose_data)
+      @first_time = false
+    end
+
+    def setup_logging(enabled = false)
+      if enabled
+        require 'logger'
+        directory = File.dirname(LOGGER_FILE)
+        FileUtils.mkdir_p(directory) unless File.directory?(directory)
+        @log = Logger.new(LOGGER_FILE, 'monthly')
+        @log.level = Logger::INFO
+        log_message('Logging enabled, starting service.')
+      end
+    end
+
+    # Logs a message if logging is enabled.
+    def log_message(message)
+      @log.info(message) if @options[:logging_enabled]
+    end
+
+    # Prepares all the local and nexpose historical data.
+    def prepare_historical_data(ticket_repository, options, historical_scan_file = File.join(File.dirname(__FILE__),"#{options[:file_name]}"))
+      if File.exists?(historical_scan_file)
+        log_message("Reading historical CSV file: #{historical_scan_file}.")
+        file_site_histories = ticket_repository.read_last_scans(historical_scan_file)
+      else
+        log_message('No historical CSV file found. Generating.')
+        ticket_repository.save_last_scans(historical_scan_file)
+        log_message('Historical CSV file generated.')
+        file_site_histories = ticket_repository.read_last_scans(historical_scan_file)
+        @first_time = true
+      end
+      file_site_histories
+    end
+
+    # Generates a full site(s) report ticket(s).
+    def all_site_report(ticket_repository, options, helper, historical_scan_file = File.join(File.dirname(__FILE__),"#{options[:file_name]}") )
+      log_message('First time run, generating full vulnerability report.') if @first_time
+      log_message('No site(s) specified, generating full vulnerability report.') if options[:sites].empty?
+      all_delta_vulns = ticket_repository.all_vulns(severity: options[:severity])
+      log_message('Preparing tickets.')
+      tickets = helper.prepare_tickets(all_delta_vulns)
+      helper.create_ticket(tickets)
+      log_message("Done processing, updating historical CSV file #{historical_scan_file}.")
+      ticket_repository.save_last_scans(historical_scan_file)
+      log_message('Done updating historical CSV file, service shutting down.')
+    end
+
+    # There's possibly a new scan with new data.
+    def delta_site_report(ticket_repository, options, helper, file_site_histories, historical_scan_file = File.join(File.dirname(__FILE__),"#{options[:file_name]}"))
+      # Compares the Scan information from the File && Nexpose.
+      no_processing = true
+      @nexpose_site_histories.each do |site_id, scan_id|
+        # There's no entry in the file, so it's a new site in Nexpose.
+        if file_site_histories[site_id].nil? || file_site_histories[site_id] == -1
+          full_new_site_report(site_id, ticket_repository, options, helper)
+          no_processing = false
+          # Site has been scanned since last seen according to the file.
+        elsif file_site_histories[site_id].to_i < nexpose_site_histories[site_id]
+          delta_site_new_scan(ticket_repository, site_id, options, helper, file_site_histories)
+          no_processing = false
+        end
+      end
+      # Done processing, update the CSV to the latest scan info.
+      log_message("Nothing new to process, updating historical CSV file #{options[:file_name]}.") if no_processing
+      log_message("Done processing, updating historical CSV file #{options[:file_name]}.") unless no_processing
+      ticket_repository.save_last_scans(historical_scan_file)
+      log_message('Done updating historical CSV file, service shutting down.')
+      no_processing
+    end
+
+    # There's a new site we haven't seen before.
+    def full_new_site_report(site_id, ticket_repository, options, helper)
+      log_message("New site id: #{site_id} detected. Generating report.")
+      new_site_vuln = ticket_repository.all_vulns(sites: [site_id], severity: options[:severity])
+      log_message('Report generated, preparing tickets.')
+      ticket = helper.prepare_tickets(new_site_vuln)
+      helper.create_ticket(ticket)
+    end
+
+    # There's a new scan with possibly new vulnerabilities.
+    def delta_site_new_scan(ticket_repository, site_id, options, helper, file_site_histories)
+      log_message("New scan detected for site: #{site_id}. Generating report.")
+      new_scan_vuln = ticket_repository.delta_vulns_sites(scan_id: file_site_histories[site_id], site_id: site_id, severity: options[:severity])
+      # Preparse for an empty report: No new vulns between scans.
+      preparse = CSV.new(new_scan_vuln.chomp, headers: :first_row)
+      empty_report = preparse.shift.nil?
+      log_message("No new vulnerabilities found in new scan for site: #{site_id}.") && empty_report
+      log_message("New vulnerabilities found in new scan for site #{site_id}, preparing tickets.") unless empty_report
+      unless empty_report
+        ticket = helper.prepare_tickets(new_scan_vuln)
+        helper.create_ticket(ticket)
+      end
+    end
+
+    # Starts the Ticketing Service.
+    def start
+      # Checks if the csv historical file already exists && reads it, otherwise create it && assume first time run.
+      file_site_histories = prepare_historical_data(@ticket_repository, @options)
+      # If we didn't specify a site || first time run, then it gets all the vulnerabilities.
+      if @options[:sites].empty? || @first_time
+        all_site_report(@ticket_repository, @options, @helper)
+      else
+        log_message('Obtaining last scan information.')
+        @nexpose_site_histories = @ticket_repository.last_scans
+        # Only run if a scan has been ran ever in Nexpose.
+        unless @nexpose_site_histories.empty?
+          delta_site_report(@ticket_repository, @options, @helper, file_site_histories)
+        end
+      end
+    end
+  end
+end

data/lib/nexpose_ticketing.rb

@@ -0,0 +1,8 @@
+require 'nexpose_ticketing/ticket_service'
+module NexposeTicketing
+  def self.start(args)
+    ts = NexposeTicketing::TicketService.new
+    ts.setup(args)
+    ts.start
+  end
+end

data/nexpose_ticketing.gemspec

@@ -0,0 +1,19 @@
+# encoding: utf-8
+
+Gem::Specification.new do |s|
+  s.name                  = 'nexpose_ticketing'
+  s.version               = '0.0.1'
+  s.homepage              = 'https://github.com/rapid7/nexpose_ticketing'
+  s.summary               = 'Ruby Nexpose Ticketing Engine.'
+  s.description           = 'This gem provides a Ruby implementation of different integrations with ticketing services for Nexpose.'
+  s.license               = 'BSD'
+  s.authors               = ['Damian Finol']
+  s.email                 = ['damian_finol@rapid7.com']
+  s.files                 = Dir['[A-Z]*'] + Dir['lib/**/*']
+  s.require_paths         = ['lib']
+  s.extra_rdoc_files      = ['README.markdown']
+  s.required_ruby_version = '>= 1.9'
+  s.platform              = 'ruby'
+  s.executables           << 'nexpose_jira'
+  s.add_dependency('nexpose', '>= 0.6.0')
+end

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification
+name: nexpose_ticketing
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Damian Finol
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-02-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nexpose
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+description: This gem provides a Ruby implementation of different integrations with
+  ticketing services for Nexpose.
+email:
+- damian_finol@rapid7.com
+executables:
+- nexpose_jira
+extensions: []
+extra_rdoc_files:
+- README.markdown
+files:
+- README.markdown
+- bin/nexpose_jira
+- lib/nexpose_ticketing.rb
+- lib/nexpose_ticketing/config/jira.config
+- lib/nexpose_ticketing/config/ticket_service.config
+- lib/nexpose_ticketing/helpers/jira_helper.rb
+- lib/nexpose_ticketing/queries.rb
+- lib/nexpose_ticketing/ticket_repository.rb
+- lib/nexpose_ticketing/ticket_service.rb
+- nexpose_ticketing.gemspec
+homepage: https://github.com/rapid7/nexpose_ticketing
+licenses:
+- BSD
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '1.9'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Ruby Nexpose Ticketing Engine.
+test_files: []