qualys 0.1.4 → 0.1.5

data/lib/qualys/auth.rb

@@ -6,37 +6,28 @@ module Qualys
 
     # Do Login
     def self.login
-
       # Request a login
-      response = self.api_post('session/', {
-          :body => {
-            :action => 'login', 
-            :username => Qualys::Config.username, 
-            :password => Qualys::Config.password
-          }
-        })
-   
+      response = api_post('/session/', body: {
+                            action: 'login',
+                            username: Qualys::Config.username,
+                            password: Qualys::Config.password
+                          })
+
       # set the session key
       Qualys::Config.session_key = response.header['Set-Cookie']
       true
-     
     end
 
     # Set Logout
     def self.logout
-
       # Request a login
-      response = self.api_post('session/', {
-          :body => {
-            :action => 'logout', 
-          }
-        })
-   
+      api_post('/session/', body: {
+                 action: 'logout'
+               })
+
       # set the session key
       Qualys::Config.session_key = nil
       true
-
     end
-
   end
-end
+end

data/lib/qualys/compliance.rb

@@ -1,21 +1,17 @@
 module Qualys
   class Compliance < Api
-
     def self.all
-      response = api_get("compliance/control/", { :query => { :action => 'list' }} )
+      response = api_get('/compliance/control/', query: { action: 'list' })
 
-      unless response.parsed_response['<COMPLIANCE_SCAN_RESULT_OUTPUT']['RESPONSE'].has_key? 'COMPLIANCE_SCAN'
+      unless response.parsed_response['<COMPLIANCE_SCAN_RESULT_OUTPUT']['RESPONSE'].key? 'COMPLIANCE_SCAN'
         return []
       end
 
       response.parsed_response['COMPLIANCE_SCAN_RESULT_OUTPUT']['RESPONSE']['COMPLIANCE_SCAN']
-
     end
 
     def self.each
-      self.all
+      all
     end
-
   end
-
 end

data/lib/qualys/config.rb

@@ -26,10 +26,8 @@ module Qualys
     #
     # @param [ String ] path The path to the file.
     def load!(path)
-      settings = YAML.load(ERB.new(File.new(path).read).result)['api']
-      if settings.is_a? Hash
-        from_hash(settings)
-      end
+      settings = YAML.safe_load(ERB.new(File.new(path).read).result)['api']
+      from_hash(settings) if settings.is_a? Hash
     end
   end
-end
+end

data/lib/qualys/host.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Qualys
+  # a scanned target
+  class Host
+    attr_accessor :ip, :tracking_method, :dns, :operating_system, :vuln_info_list, :vulnerabilities
+
+    def initialize(host, vulnerabilities = nil)
+      @ip = host['IP']
+      @tracking_method = host['TRACKING_METHOD']
+      @dns = host['DNS']
+      @operating_system = host['OPERATING_SYSTEM']
+      @vuln_info_list = host['VULN_INFO_LIST']
+      @vulnerabilities = vulnerabilities
+    end
+  end
+end

data/lib/qualys/report.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+module Qualys
+  # Qualys reports
+  class Report < Api
+    attr_accessor :header, :host_list, :glossary, :appendices
+
+    # accepted timeout in seconds
+    TIMEOUT = 60.0
+
+    class << self
+      def find_by_id(id)
+        response = api_get('/report/', query: {
+                             action: 'fetch',
+                             id: id
+                           })
+
+        # check if report exist
+        return unless response.parsed_response.keys.include?('ASSET_DATA_REPORT')
+
+        Report.new(response.parsed_response)
+      end
+
+      # returns the list of the templates
+      def templates
+        auth = { username: Qualys::Config.username, password: Qualys::Config.password }
+        response = HTTParty.get('https://qualysapi.qualys.eu/msp/report_template_list.php',
+                                basic_auth: auth)
+        response.parsed_response['REPORT_TEMPLATE_LIST']['REPORT_TEMPLATE']
+      end
+
+      def delete(id)
+        api_post('/report/', query: {
+                   action: 'delete',
+                   id: id
+                 })
+      end
+
+      # returns the id of the report
+      def create_global_report
+        scan_template = templates.detect { |template| template['TITLE'] == 'Technical Report' }
+        response = api_post('/report/', query: {
+                              action: 'launch',
+                              report_title: 'Generated_by_Ruby_Qualys_gem',
+                              report_type: 'Scan',
+                              output_format: 'xml',
+                              template_id: scan_template['ID']
+                            })
+
+        response.parsed_response['SIMPLE_RETURN']['RESPONSE']['ITEM_LIST']['ITEM']['VALUE']
+      end
+
+      # returns a report global report object.
+      # This method can be time consuming and times out after 64 s
+      def global_report
+        report_id = create_global_report
+        report = find_by_id(report_id)
+
+        10.times do
+          sleep(TIMEOUT / 10)
+          report = find_by_id(report_id)
+          break unless report.nil?
+        end
+
+        raise Qualys::Report::Exception, 'Report generation timed out' if report.nil?
+
+        delete(report_id)
+        report
+      end
+    end
+
+    def initialize(report)
+      @header = report['ASSET_DATA_REPORT']['HEADER']
+      @host_list = report['ASSET_DATA_REPORT']['HOST_LIST']['HOST']
+      @glossary = report['ASSET_DATA_REPORT']['GLOSSARY']['VULN_DETAILS_LIST']['VULN_DETAILS']
+      @appendices = report['ASSET_DATA_REPORT']['APPENDICES']
+    end
+
+    def hosts
+      hosts ||= host_list.map do |xml_host|
+        vulnerabilities = xml_host['VULN_INFO_LIST']['VULN_INFO'].map do |vuln|
+          Qualys::Vulnerability.new(vuln, @glossary)
+        end
+        Qualys::Host.new(xml_host, vulnerabilities)
+      end
+
+      hosts
+    end
+  end
+end

data/lib/qualys/scans.rb

@@ -1,37 +1,28 @@
 module Qualys
   class Scans < Api
-
     def self.all
-      response = api_get("scan/", { :query => { :action => 'list' }} )
-      unless response.parsed_response['SCAN_LIST_OUTPUT']['RESPONSE'].has_key? 'SCAN_LIST'
+      response = api_get('/scan/', query: { action: 'list' })
+      unless response.parsed_response['SCAN_LIST_OUTPUT']['RESPONSE'].key? 'SCAN_LIST'
         return []
       end
 
       scanlist = response.parsed_response['SCAN_LIST_OUTPUT']['RESPONSE']['SCAN_LIST']['SCAN']
-      scanlist.map!{|scan| Scan.new(scan)}
-
-    end
-
-    def self.each
-      self.all
+      scanlist.map! { |scan| Scan.new(scan) }
     end
 
     def self.get(ref)
-      response = api_get("scan/", { 
-          :query => { 
-              :action => 'fetch', 
-              :scan_ref => ref, 
-              :mode => 'extended', 
-              :output_format => 'json' 
-        }} )
+      response = api_get('/scan/', query: {
+                           action: 'fetch',
+                           scan_ref: ref,
+                           mode: 'extended',
+                           output_format: 'json'
+                         })
 
       JSON.parse(response.parsed_response)
     end
-
   end
 
   class Scan
-
     attr_accessor :ref, :title, :type, :date, :duration, :status, :target, :user
 
     def initialize(scan)
@@ -50,15 +41,12 @@ module Qualys
     end
 
     def finished?
-      if @status.eql? 'Finished'
-        return true
-      end
+      return true if @status.eql? 'Finished'
 
       false
     end
   end
 
   class Details
-
   end
 end

data/lib/qualys/version.rb

@@ -1,3 +1,3 @@
 module Qualys
-  VERSION = '0.1.4'
+  VERSION = '0.1.5'.freeze
 end

data/lib/qualys/vulnerability.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Qualys
+  # Qualys vulnerabilities from a report xml
+  class Vulnerability
+    attr_accessor :qid, :type, :port, :service, :protocol, :ssl, :result,
+                  :first_found, :last_found, :times_found, :status, :details,
+                  :cve_code_list, :title, :severity, :category, :threat, :impact,
+                  :solution, :pci_flag, :correlation, :vendor_reference_list, :last_update,
+                  :url
+
+    def initialize(vuln, glossary)
+      parse_vuln vuln
+
+      match_details glossary
+
+      parse_cve if @details['CVE_ID_LIST']
+      parse_details
+      # gives the url to the qualys knowledge base for this vulnerabitlty
+      parse_url
+    end
+
+    def to_s
+      "#{qid}, #{title}, severity : #{severity}, cves: #{cve_code_list&.join(', ') || 'no cve'}"
+    end
+
+    private
+
+    def parse_cve
+      cve_xlm_array = if @details['CVE_ID_LIST']['CVE_ID'].is_a?(Array)
+                        @details['CVE_ID_LIST']['CVE_ID']
+                      else
+                        [@details['CVE_ID_LIST']['CVE_ID']]
+                      end
+      @cve_code_list = cve_xlm_array.map { |cve| cve['ID'] }
+    end
+
+    # this methods finds the details for this qid in the report's glossary
+    def match_details(glossary)
+      @details = glossary.select { |detail| detail['id'] == @qid }[0]
+    end
+
+    def parse_details
+      @title = @details['TITLE']
+      @severity = @details['SEVERITY']
+      @category = @details['CATEGORY']
+      @threat = @details['THREAT']
+      @impact = @details['IMPACT']
+      @solution = @details['SOLUTION']
+      @pci_flag = @details['PCI_FLAG']
+      @correlation = @details['CORRELATION']
+      @vendor_reference_list = @details['VENDOR_REFERENCE_LIST']
+      @last_update = @details['BUGTRAQ_ID_LIST']
+    end
+
+    def parse_url
+      @url = 'https://qualysguard.qualys.eu/fo/common/vuln_info.php?id=' + @qid[4..-1]
+    end
+
+    def parse_vuln(vuln)
+      @qid = vuln['QID']['id']
+      @type = vuln['TYPE']
+      @port = vuln['PORT']
+      @service = vuln['SERVICE']
+      @protocol = vuln['PROTOCOL']
+      @ssl = vuln['SSL']
+      @result = vuln['RESULT']
+      @first_found = vuln['FIRST_FOUND']
+      @last_found = vuln['LAST_FOUND']
+      @times_found = vuln['TIMES_FOUND']
+      @status = vuln['VULN_STATUS']
+    end
+  end
+end

data/qualys.gemspec

@@ -1,37 +1,36 @@
 # Created by hand, like a real man
 # coding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'qualys/version'
 
 Gem::Specification.new do |s|
-
   s.name        = 'qualys'
   s.version     = Qualys::VERSION
-  s.date        = '2015-02-25'
-  s.summary     = "qualys API Client"
-  s.description = "Easily interface with the qualys for consuming events"
-  s.authors     = ["Mike Mackintosh"]
+  s.date        = '2017-12-17'
+  s.summary     = 'qualys API Client'
+  s.description = 'Easily interface with the qualys for consuming events'
+  s.authors     = ['Mike Mackintosh']
   s.email       = 'm@zyp.io'
   s.homepage    =
     'http://github.com/mikemackintosh/ruby-qualys'
 
   s.license       = 'MIT'
-  
-  s.require_paths = ["lib"]
+
+  s.require_paths = ['lib']
   s.files         = `git ls-files -z`.split("\x0")
-  #s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  #s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  # s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
 
-  s.add_dependency 'json'
   s.add_dependency 'erubis'
-  s.add_dependency 'httparty'
-
-  s.add_development_dependency "bundler"
-  s.add_development_dependency "rake"
-  s.add_development_dependency "rspec"
-  s.add_development_dependency "vcr"
-  s.add_development_dependency "webmock"
-  s.add_development_dependency "rubocop"
+  s.add_dependency 'httparty', '~> 0.15'
+  s.add_dependency 'json'
 
-end
+  s.add_development_dependency 'bundler'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'rubocop'
+  s.add_development_dependency 'vcr'
+  s.add_development_dependency 'webmock'
+end

data/spec/fixtures/vcr_cassettes/api_get.yml

@@ -0,0 +1,52 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://qualysapi.qualys.eu/api/2.0/fo/scan/?action=list
+    body:
+      encoding: US-ASCII
+      string: ''
+  response:
+    status:
+      code: 200
+      message: OK
+    body:
+      encoding: UTF-8
+      string: "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<!DOCTYPE SCAN_LIST_OUTPUT
+        SYSTEM \"https://qualysapi.qualys.eu/api/2.0/fo/scan/scan_list_output.dtd\">\n<!--
+        This report was generated with an evaluation version of Qualys //--> \n<SCAN_LIST_OUTPUT>\n
+        \ <RESPONSE>\n    <DATETIME>2017-12-11T12:49:00Z</DATETIME>\n    <SCAN_LIST>\n
+        \     <SCAN>\n        <REF>scan/XXXX633905.79357</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[shellshock 20171207]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-07T08:05:05Z</LAUNCH_DATETIME>\n        <DURATION>00:01:43</DURATION>\n
+        \       <PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Error</STATE>\n        </STATUS>\n        <TARGET><![CDATA[47.69.112.62]]></TARGET>\n
+        \     </SCAN>\n      <SCAN>\n        <REF>scan/1512633883.79354</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[shellshock 20171207]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-07T08:04:43Z</LAUNCH_DATETIME>\n        <DURATION>00:07:02</DURATION>\n
+        \       <PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Finished</STATE>\n        </STATUS>\n        <TARGET><![CDATA[47.69.112.62]]></TARGET>\n
+        \     </SCAN>\n      <SCAN>\n        <REF>scan/1512633720.79248</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[shellshock]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-07T08:01:59Z</LAUNCH_DATETIME>\n        <DURATION>00:00:06</DURATION>\n
+        \       <PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Error</STATE>\n        </STATUS>\n        <TARGET><![CDATA[47.69.112.62]]></TARGET>\n
+        \     </SCAN>\n      <SCAN>\n        <REF>scan/1512469561.67379</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[test_vuln]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-05T10:26:01Z</LAUNCH_DATETIME>\n        <DURATION>00:04:48</DURATION>\n
+        \       <PROCESSING_PRIORITY>1 - Emergency</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Finished</STATE>\n        </STATUS>\n        <TARGET><![CDATA[192.168.1.100]]></TARGET>\n
+        \     </SCAN>\n      <SCAN>\n        <REF>scan/1512466786.67046</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[test]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-05T09:39:46Z</LAUNCH_DATETIME>\n        <DURATION>00:07:56</DURATION>\n
+        \       <PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Finished</STATE>\n        </STATUS>\n        <TARGET><![CDATA[88.78.187.177]]></TARGET>\n
+        \     </SCAN>\n    </SCAN_LIST>\n  </RESPONSE>\n</SCAN_LIST_OUTPUT>\n<!--
+        This report was generated with an evaluation version of Qualys //--> \n<!--
+        CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard
+        Service \"As Is,\" without any warranty of any kind. Qualys makes no warranty
+        that the information contained in this report is complete or error-free. Copyright
+        2017, Qualys, Inc. //--> \n"
+    http_version: 
+  recorded_at: Mon, 11 Dec 2017 12:49:00 GMT
+recorded_with: VCR 4.0.0