nipper_parser 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 9a8c17f39a96a73502e62c87c1ced35969738c8b3bb04a18e70e31054205297c
|
|
4
|
+
data.tar.gz: 75e85f1f54e37c0bb55e633fe1ef3ae4f3a05a45eb924dcb2bae12a620551c00
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1f388ab2b816005733d45376a90dc37ce191e6d84fefa12dda8b81f446d7758a66b30f78f0fee36ad5b26b211b165436eb46a11be72b36d2b89af64f834338e6
|
|
7
|
+
data.tar.gz: 7da0d10410207a7b773909ac71c605a46cff670a1b3c0dfc501bb6bbc21ad03f8bd4ab2f36efb4d4ebb53acba9bda29d66e96472b793d4fd5c2217796af9707e
|
|
@@ -5,10 +5,10 @@ Each parser is divided in a separate class and file.
|
|
|
5
5
|
### General Report Information
|
|
6
6
|
|
|
7
7
|
**General Report Information Contains:**
|
|
8
|
-
- Introduction
|
|
9
|
-
- Report Conventions
|
|
10
|
-
- Network Filtering Actions
|
|
11
|
-
- Object Filter Types
|
|
8
|
+
- Introduction..................[implemented]
|
|
9
|
+
- Report Conventions............[not yet implemented - PR is welcome]
|
|
10
|
+
- Network Filtering Actions.....[not yet implemented - PR is welcome]
|
|
11
|
+
- Object Filter Types...........[not yet implemented - PR is welcome]
|
|
12
12
|
|
|
13
13
|
#### Usage
|
|
14
14
|
|
|
@@ -32,11 +32,11 @@ Perform a "best practice" security audit that combines checks from many differen
|
|
|
32
32
|
experience.
|
|
33
33
|
|
|
34
34
|
**Security Audit Section Contains:**
|
|
35
|
-
- Introduction
|
|
36
|
-
- Findings
|
|
37
|
-
- Conclusions
|
|
38
|
-
- Recommendations
|
|
39
|
-
- Mitigation Classification
|
|
35
|
+
- Introduction..................[implemented]
|
|
36
|
+
- Findings......................[implemented]
|
|
37
|
+
- Conclusions...................[implemented]
|
|
38
|
+
- Recommendations...............[implemented]
|
|
39
|
+
- Mitigation Classification.....[implemented]
|
|
40
40
|
|
|
41
41
|
#### Usage
|
|
42
42
|
|
|
@@ -85,10 +85,10 @@ A report detailing publically known software vulnerabilities in the device firmw
|
|
|
85
85
|
manufacturer and third-party references.
|
|
86
86
|
|
|
87
87
|
**Vulnerability Audit Section Contains:**
|
|
88
|
-
- Introduction
|
|
89
|
-
- CVEs list
|
|
90
|
-
- Conclusions
|
|
91
|
-
- Recommendations
|
|
88
|
+
- Introduction..................[implemented]
|
|
89
|
+
- CVEs list.....................[implemented]
|
|
90
|
+
- Conclusions...................[implemented]
|
|
91
|
+
- Recommendations...............[implemented]
|
|
92
92
|
|
|
93
93
|
#### Usage
|
|
94
94
|
|
|
@@ -119,8 +119,8 @@ A CIS Benchmarks audit using select profile. Note, support is currently limited
|
|
|
119
119
|
report that are not supported will be ignored.
|
|
120
120
|
|
|
121
121
|
**CIS Benchmarks Section Contains:**
|
|
122
|
-
- Introduction
|
|
123
|
-
- Conclusions
|
|
122
|
+
- Introduction..................[not yet implemented - PR is welcome]
|
|
123
|
+
- Conclusions...................[not yet implemented - PR is welcome]
|
|
124
124
|
|
|
125
125
|
#### Usage
|
|
126
126
|
|
|
@@ -133,10 +133,10 @@ report that are not supported will be ignored.
|
|
|
133
133
|
A DISA STIG compliance audit against specific STIG checklist.
|
|
134
134
|
|
|
135
135
|
**STIG Compliance Section Contains:**
|
|
136
|
-
- Introduction
|
|
137
|
-
- Compliance Observations list
|
|
138
|
-
- Conclusions
|
|
139
|
-
- Recommendations
|
|
136
|
+
- Introduction..................[not yet implemented - PR is welcome]
|
|
137
|
+
- Compliance Observations list..[not yet implemented - PR is welcome]
|
|
138
|
+
- Conclusions...................[not yet implemented - PR is welcome]
|
|
139
|
+
- Recommendations...............[not yet implemented - PR is welcome]
|
|
140
140
|
|
|
141
141
|
#### Usage
|
|
142
142
|
|
|
@@ -151,8 +151,8 @@ A DISA STIG compliance audit against specific STIG checklist.
|
|
|
151
151
|
A SANS policy compliance audit against specific SANS policy document.
|
|
152
152
|
|
|
153
153
|
**SANS Policy Compliance Section Contains:**
|
|
154
|
-
- Introduction
|
|
155
|
-
- Compliance Observations list
|
|
154
|
+
- Introduction..................[not yet implemented - PR is welcome]
|
|
155
|
+
- Compliance Observations list..[not yet implemented - PR is welcome]
|
|
156
156
|
|
|
157
157
|
#### Usage
|
|
158
158
|
|
|
@@ -167,8 +167,8 @@ A SANS policy compliance audit against specific SANS policy document.
|
|
|
167
167
|
An audit of Requirement and Security Assessment Procedures against PCI DSS 3.2.
|
|
168
168
|
|
|
169
169
|
**PCI Audit Section Contains:**
|
|
170
|
-
- Introduction
|
|
171
|
-
- Compliance Requirements list
|
|
170
|
+
- Introduction..................[not yet implemented - PR is welcome]
|
|
171
|
+
- Compliance Requirements list..[not yet implemented - PR is welcome]
|
|
172
172
|
|
|
173
173
|
#### Usage
|
|
174
174
|
|
|
@@ -182,8 +182,8 @@ A report examining the network filtering rules and objects, highlighting unused
|
|
|
182
182
|
group recursion and more.
|
|
183
183
|
|
|
184
184
|
**Filtering Complexity Section Contains:**
|
|
185
|
-
- Introduction
|
|
186
|
-
- Observations
|
|
185
|
+
- Introduction..................[implemented]
|
|
186
|
+
- Observations..................[implemented]
|
|
187
187
|
|
|
188
188
|
#### Usage
|
|
189
189
|
|
|
@@ -213,8 +213,8 @@ pp observation.affected_devices[0].details_tables[0].tables
|
|
|
213
213
|
A detailed report on how the device has been configured.
|
|
214
214
|
|
|
215
215
|
**Configuration Report Section Contains:**
|
|
216
|
-
- Introduction
|
|
217
|
-
- Devices Config Audit
|
|
216
|
+
- Introduction..................[not yet implemented - PR is welcome]
|
|
217
|
+
- Devices Config Audit..........[not yet implemented - PR is welcome]
|
|
218
218
|
|
|
219
219
|
#### Usage
|
|
220
220
|
|
|
@@ -227,8 +227,8 @@ A detailed report on how the device has been configured.
|
|
|
227
227
|
The raw configuration reporting details the actual device configuration data(excluding directory-based configurations).
|
|
228
228
|
|
|
229
229
|
**Raw Configuration Section Contains:**
|
|
230
|
-
- Introduction
|
|
231
|
-
- Devices configuration raw
|
|
230
|
+
- Introduction..................[not yet implemented - PR is welcome]
|
|
231
|
+
- Devices configuration raw.....[not yet implemented - PR is welcome]
|
|
232
232
|
|
|
233
233
|
#### Usage
|
|
234
234
|
|
|
@@ -241,7 +241,7 @@ The raw configuration reporting details the actual device configuration data(exc
|
|
|
241
241
|
The raw change tracking reporting will detail all the configuration lies that have changes since the previous report.
|
|
242
242
|
|
|
243
243
|
**Raw Change Tracking Section Contains:**
|
|
244
|
-
- Introduction
|
|
244
|
+
- Introduction..................[not yet implemented - PR is welcome]
|
|
245
245
|
|
|
246
246
|
#### Usage
|
|
247
247
|
|
|
@@ -253,13 +253,13 @@ The raw change tracking reporting will detail all the configuration lies that ha
|
|
|
253
253
|
Appendix report section which can include a list of abbreviations, references and other information related to the report contents.
|
|
254
254
|
|
|
255
255
|
**Appendix Section Contains:**
|
|
256
|
-
- Introduction
|
|
257
|
-
- Logging Severity Levels
|
|
258
|
-
- Common Time Zones
|
|
259
|
-
- IP Protocols
|
|
260
|
-
- ICMP Types
|
|
261
|
-
- Abbreviations
|
|
262
|
-
- Nipper Studio Version
|
|
256
|
+
- Introduction..................[not yet implemented - PR is welcome]
|
|
257
|
+
- Logging Severity Levels.......[not yet implemented - PR is welcome]
|
|
258
|
+
- Common Time Zones.............[not yet implemented - PR is welcome]
|
|
259
|
+
- IP Protocols..................[not yet implemented - PR is welcome]
|
|
260
|
+
- ICMP Types....................[not yet implemented - PR is welcome]
|
|
261
|
+
- Abbreviations.................[not yet implemented - PR is welcome]
|
|
262
|
+
- Nipper Studio Version.........[not yet implemented - PR is welcome]
|
|
263
263
|
|
|
264
264
|
|
|
265
265
|
#### Usage
|
|
@@ -39,9 +39,10 @@ module NipperParser
|
|
|
39
39
|
# @param config [Nokogiri::XML::Document]
|
|
40
40
|
def initialize(config)
|
|
41
41
|
part = config.xpath("//report/part[@ref='COMPLEXITY']")
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
42
|
+
unless part.empty?
|
|
43
|
+
@config = part[0].elements
|
|
44
|
+
@title = part[0].attributes['title'].text
|
|
45
|
+
end
|
|
45
46
|
end
|
|
46
47
|
|
|
47
48
|
# Introduction of the Security Audit report
|
|
@@ -141,12 +141,12 @@ module NipperParser
|
|
|
141
141
|
attributes(finding).index,
|
|
142
142
|
attributes(finding).title,
|
|
143
143
|
attributes(finding).ref,
|
|
144
|
-
finding.elements[0]
|
|
145
|
-
rating_table(finding.elements[0].elements[1].elements),
|
|
146
|
-
finding.elements[2]
|
|
147
|
-
finding.elements[3]
|
|
148
|
-
finding.elements[4]
|
|
149
|
-
finding.elements[5]
|
|
144
|
+
finding.elements[0]&.elements[0].elements.map(&:attributes), # affected_devices
|
|
145
|
+
rating_table(finding.elements[0].elements[1].elements), # Rating table
|
|
146
|
+
finding.elements[2]&.elements&.first(2).map(&:text).join("\n"), # finding
|
|
147
|
+
finding.elements[3]&.elements&.text, # impact
|
|
148
|
+
finding.elements[4]&.elements&.text, # ease
|
|
149
|
+
finding.elements[5]&.elements&.text # recommendation
|
|
150
150
|
)
|
|
151
151
|
end
|
|
152
152
|
end
|
data/nipper_parser.gemspec
CHANGED
|
@@ -21,9 +21,9 @@ Gem::Specification.new do |spec|
|
|
|
21
21
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
22
22
|
spec.require_paths = ["lib"]
|
|
23
23
|
|
|
24
|
-
spec.required_ruby_version = '>= 2.
|
|
24
|
+
spec.required_ruby_version = '>= 2.5.0'
|
|
25
25
|
|
|
26
|
-
spec.
|
|
27
|
-
spec.add_development_dependency "bundler",
|
|
28
|
-
spec.add_development_dependency "rake",
|
|
26
|
+
spec.add_runtime_dependency 'nokogiri', '~> 1.12', '>= 1.12.2'
|
|
27
|
+
spec.add_development_dependency "bundler", '~> 2.2', '>= 2.2.10'
|
|
28
|
+
spec.add_development_dependency "rake", '~> 12.3', '>= 12.3.3'
|
|
29
29
|
end
|
metadata
CHANGED
|
@@ -1,57 +1,75 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nipper_parser
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- KING SABRI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-08-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '1.12'
|
|
17
20
|
- - ">="
|
|
18
21
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 1.
|
|
22
|
+
version: 1.12.2
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
27
|
+
- - "~>"
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '1.12'
|
|
24
30
|
- - ">="
|
|
25
31
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 1.
|
|
32
|
+
version: 1.12.2
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: bundler
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
|
30
36
|
requirements:
|
|
31
37
|
- - "~>"
|
|
32
38
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
39
|
+
version: '2.2'
|
|
40
|
+
- - ">="
|
|
41
|
+
- !ruby/object:Gem::Version
|
|
42
|
+
version: 2.2.10
|
|
34
43
|
type: :development
|
|
35
44
|
prerelease: false
|
|
36
45
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
46
|
requirements:
|
|
38
47
|
- - "~>"
|
|
39
48
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
49
|
+
version: '2.2'
|
|
50
|
+
- - ">="
|
|
51
|
+
- !ruby/object:Gem::Version
|
|
52
|
+
version: 2.2.10
|
|
41
53
|
- !ruby/object:Gem::Dependency
|
|
42
54
|
name: rake
|
|
43
55
|
requirement: !ruby/object:Gem::Requirement
|
|
44
56
|
requirements:
|
|
45
57
|
- - "~>"
|
|
46
58
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '
|
|
59
|
+
version: '12.3'
|
|
60
|
+
- - ">="
|
|
61
|
+
- !ruby/object:Gem::Version
|
|
62
|
+
version: 12.3.3
|
|
48
63
|
type: :development
|
|
49
64
|
prerelease: false
|
|
50
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
66
|
requirements:
|
|
52
67
|
- - "~>"
|
|
53
68
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
69
|
+
version: '12.3'
|
|
70
|
+
- - ">="
|
|
71
|
+
- !ruby/object:Gem::Version
|
|
72
|
+
version: 12.3.3
|
|
55
73
|
description: Unofficial parser for Titania Nipper Studio XML report.
|
|
56
74
|
email:
|
|
57
75
|
- king.sabri@gmail.com
|
|
@@ -93,15 +111,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
93
111
|
requirements:
|
|
94
112
|
- - ">="
|
|
95
113
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 2.
|
|
114
|
+
version: 2.5.0
|
|
97
115
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
98
116
|
requirements:
|
|
99
117
|
- - ">="
|
|
100
118
|
- !ruby/object:Gem::Version
|
|
101
119
|
version: '0'
|
|
102
120
|
requirements: []
|
|
103
|
-
|
|
104
|
-
rubygems_version: 2.6.11
|
|
121
|
+
rubygems_version: 3.2.15
|
|
105
122
|
signing_key:
|
|
106
123
|
specification_version: 4
|
|
107
124
|
summary: Unofficial parser for Titania Nipper Studio XML report.
|