RubyGems - qualys - Versions diffs - 0.1.4 → 0.1.5 - Mend

qualys 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

checksums.yaml +4 -4
data/.gitignore +3 -2
data/.rubocop.yml +7 -0
data/.rubocop_todo.yml +71 -0
data/.travis.yml +13 -1
data/Gemfile +3 -1
data/Gemfile.lock +91 -0
data/README.md +50 -10
data/Rakefile +3 -4
data/lib/qualys.rb +10 -11
data/lib/qualys/api.rb +38 -47
data/lib/qualys/auth.rb +11 -20
data/lib/qualys/compliance.rb +3 -7
data/lib/qualys/config.rb +3 -5
data/lib/qualys/host.rb +17 -0
data/lib/qualys/report.rb +90 -0
data/lib/qualys/scans.rb +10 -22
data/lib/qualys/version.rb +1 -1
data/lib/qualys/vulnerability.rb +74 -0
data/qualys.gemspec +18 -19
data/spec/fixtures/vcr_cassettes/api_get.yml +52 -0
data/spec/fixtures/vcr_cassettes/create_global_report.yml +68 -0
data/spec/fixtures/vcr_cassettes/emptyscans.yml +35 -0
data/spec/fixtures/vcr_cassettes/get.yml +107 -0
data/spec/fixtures/vcr_cassettes/global_report.yml +17800 -0
data/spec/fixtures/vcr_cassettes/load_global_report.yml +625 -0
data/spec/fixtures/vcr_cassettes/login.yml +50 -0
data/spec/fixtures/vcr_cassettes/logout.yml +50 -0
data/spec/fixtures/vcr_cassettes/scan.yml +73 -0
data/spec/fixtures/vcr_cassettes/scans.yml +89 -0
data/spec/fixtures/vcr_cassettes/templates.yml +121 -0
data/spec/fixtures/vcr_cassettes/try_load_not_existing_report.yml +63 -0
data/spec/fixtures/vcr_cassettes/unlogged.yml +45 -0
data/spec/fixtures/vcr_cassettes/wrong.yml +101 -0
data/spec/qualys/api_spec.rb +27 -0
data/spec/qualys/report_spec.rb +65 -0
data/spec/qualys/scans_spec.rb +75 -0
data/spec/qualys/version_spec.rb +11 -0
data/spec/qualys/vulnerability_spec.rb +53 -0
data/spec/qualys_spec.rb +20 -0
data/spec/spec_helper.rb +37 -0
metadata +61 -15
data/.rock.yml +0 -17
data/lib/qualys/reports.rb +0 -47

data/lib/qualys/auth.rb CHANGED

@@ -6,37 +6,28 @@ module Qualys
     # Do Login
     def self.login
       # Request a login
-      response = self.api_post('session/', {
-          :body => {
-            :action => 'login',
-            :username => Qualys::Config.username,
-            :password => Qualys::Config.password
-          }
-        })
+      response = api_post('/session/', body: {
+                            action: 'login',
+                            username: Qualys::Config.username,
+                            password: Qualys::Config.password
+                          })
       # set the session key
       Qualys::Config.session_key = response.header['Set-Cookie']
       true
     end
     # Set Logout
     def self.logout
       # Request a login
-      response = self.api_post('session/', {
-          :body => {
-            :action => 'logout',
-          }
-        })
+      api_post('/session/', body: {
+                 action: 'logout'
+               })
       # set the session key
       Qualys::Config.session_key = nil
       true
     end
   end
-end
+end

data/lib/qualys/compliance.rb CHANGED

@@ -1,21 +1,17 @@
 module Qualys
   class Compliance < Api
     def self.all
-      response = api_get("compliance/control/", { :query => { :action => 'list' }} )
+      response = api_get('/compliance/control/', query: { action: 'list' })
-      unless response.parsed_response['<COMPLIANCE_SCAN_RESULT_OUTPUT']['RESPONSE'].has_key? 'COMPLIANCE_SCAN'
+      unless response.parsed_response['<COMPLIANCE_SCAN_RESULT_OUTPUT']['RESPONSE'].key? 'COMPLIANCE_SCAN'
         return []
       end
       response.parsed_response['COMPLIANCE_SCAN_RESULT_OUTPUT']['RESPONSE']['COMPLIANCE_SCAN']
     end
     def self.each
-      self.all
+      all
     end
   end
 end

data/lib/qualys/config.rb CHANGED

@@ -26,10 +26,8 @@ module Qualys
     #
     # @param [ String ] path The path to the file.
     def load!(path)
-      settings = YAML.load(ERB.new(File.new(path).read).result)['api']
-      if settings.is_a? Hash
-        from_hash(settings)
-      end
+      settings = YAML.safe_load(ERB.new(File.new(path).read).result)['api']
+      from_hash(settings) if settings.is_a? Hash
     end
   end
-end
+end

data/lib/qualys/host.rb ADDED

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module Qualys
+  # a scanned target
+  class Host
+    attr_accessor :ip, :tracking_method, :dns, :operating_system, :vuln_info_list, :vulnerabilities
+    def initialize(host, vulnerabilities = nil)
+      @ip = host['IP']
+      @tracking_method = host['TRACKING_METHOD']
+      @dns = host['DNS']
+      @operating_system = host['OPERATING_SYSTEM']
+      @vuln_info_list = host['VULN_INFO_LIST']
+      @vulnerabilities = vulnerabilities
+    end
+  end
+end

data/lib/qualys/report.rb ADDED

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+module Qualys
+  # Qualys reports
+  class Report < Api
+    attr_accessor :header, :host_list, :glossary, :appendices
+    # accepted timeout in seconds
+    TIMEOUT = 60.0
+    class << self
+      def find_by_id(id)
+        response = api_get('/report/', query: {
+                             action: 'fetch',
+                             id: id
+                           })
+        # check if report exist
+        return unless response.parsed_response.keys.include?('ASSET_DATA_REPORT')
+        Report.new(response.parsed_response)
+      end
+      # returns the list of the templates
+      def templates
+        auth = { username: Qualys::Config.username, password: Qualys::Config.password }
+        response = HTTParty.get('https://qualysapi.qualys.eu/msp/report_template_list.php',
+                                basic_auth: auth)
+        response.parsed_response['REPORT_TEMPLATE_LIST']['REPORT_TEMPLATE']
+      end
+      def delete(id)
+        api_post('/report/', query: {
+                   action: 'delete',
+                   id: id
+                 })
+      end
+      # returns the id of the report
+      def create_global_report
+        scan_template = templates.detect { |template| template['TITLE'] == 'Technical Report' }
+        response = api_post('/report/', query: {
+                              action: 'launch',
+                              report_title: 'Generated_by_Ruby_Qualys_gem',
+                              report_type: 'Scan',
+                              output_format: 'xml',
+                              template_id: scan_template['ID']
+                            })
+        response.parsed_response['SIMPLE_RETURN']['RESPONSE']['ITEM_LIST']['ITEM']['VALUE']
+      end
+      # returns a report global report object.
+      # This method can be time consuming and times out after 64 s
+      def global_report
+        report_id = create_global_report
+        report = find_by_id(report_id)
+        10.times do
+          sleep(TIMEOUT / 10)
+          report = find_by_id(report_id)
+          break unless report.nil?
+        end
+        raise Qualys::Report::Exception, 'Report generation timed out' if report.nil?
+        delete(report_id)
+        report
+      end
+    end
+    def initialize(report)
+      @header = report['ASSET_DATA_REPORT']['HEADER']
+      @host_list = report['ASSET_DATA_REPORT']['HOST_LIST']['HOST']
+      @glossary = report['ASSET_DATA_REPORT']['GLOSSARY']['VULN_DETAILS_LIST']['VULN_DETAILS']
+      @appendices = report['ASSET_DATA_REPORT']['APPENDICES']
+    end
+    def hosts
+      hosts ||= host_list.map do |xml_host|
+        vulnerabilities = xml_host['VULN_INFO_LIST']['VULN_INFO'].map do |vuln|
+          Qualys::Vulnerability.new(vuln, @glossary)
+        end
+        Qualys::Host.new(xml_host, vulnerabilities)
+      end
+      hosts
+    end
+  end
+end

data/lib/qualys/scans.rb CHANGED

@@ -1,37 +1,28 @@
 module Qualys
   class Scans < Api
     def self.all
-      response = api_get("scan/", { :query => { :action => 'list' }} )
-      unless response.parsed_response['SCAN_LIST_OUTPUT']['RESPONSE'].has_key? 'SCAN_LIST'
+      response = api_get('/scan/', query: { action: 'list' })
+      unless response.parsed_response['SCAN_LIST_OUTPUT']['RESPONSE'].key? 'SCAN_LIST'
         return []
       end
       scanlist = response.parsed_response['SCAN_LIST_OUTPUT']['RESPONSE']['SCAN_LIST']['SCAN']
-      scanlist.map!{|scan| Scan.new(scan)}
-    end
-    def self.each
-      self.all
+      scanlist.map! { |scan| Scan.new(scan) }
     end
     def self.get(ref)
-      response = api_get("scan/", {
-          :query => {
-              :action => 'fetch',
-              :scan_ref => ref,
-              :mode => 'extended',
-              :output_format => 'json'
-        }} )
+      response = api_get('/scan/', query: {
+                           action: 'fetch',
+                           scan_ref: ref,
+                           mode: 'extended',
+                           output_format: 'json'
+                         })
       JSON.parse(response.parsed_response)
     end
   end
   class Scan
     attr_accessor :ref, :title, :type, :date, :duration, :status, :target, :user
     def initialize(scan)
@@ -50,15 +41,12 @@ module Qualys
     end
     def finished?
-      if @status.eql? 'Finished'
-        return true
-      end
+      return true if @status.eql? 'Finished'
       false
     end
   end
   class Details
   end
 end

data/lib/qualys/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Qualys
-  VERSION = '0.1.4'
+  VERSION = '0.1.5'.freeze
 end

data/lib/qualys/vulnerability.rb ADDED

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+module Qualys
+  # Qualys vulnerabilities from a report xml
+  class Vulnerability
+    attr_accessor :qid, :type, :port, :service, :protocol, :ssl, :result,
+                  :first_found, :last_found, :times_found, :status, :details,
+                  :cve_code_list, :title, :severity, :category, :threat, :impact,
+                  :solution, :pci_flag, :correlation, :vendor_reference_list, :last_update,
+                  :url
+    def initialize(vuln, glossary)
+      parse_vuln vuln
+      match_details glossary
+      parse_cve if @details['CVE_ID_LIST']
+      parse_details
+      # gives the url to the qualys knowledge base for this vulnerabitlty
+      parse_url
+    end
+    def to_s
+      "#{qid}, #{title}, severity : #{severity}, cves: #{cve_code_list&.join(', ') || 'no cve'}"
+    end
+    private
+    def parse_cve
+      cve_xlm_array = if @details['CVE_ID_LIST']['CVE_ID'].is_a?(Array)
+                        @details['CVE_ID_LIST']['CVE_ID']
+                      else
+                        [@details['CVE_ID_LIST']['CVE_ID']]
+                      end
+      @cve_code_list = cve_xlm_array.map { |cve| cve['ID'] }
+    end
+    # this methods finds the details for this qid in the report's glossary
+    def match_details(glossary)
+      @details = glossary.select { |detail| detail['id'] == @qid }[0]
+    end
+    def parse_details
+      @title = @details['TITLE']
+      @severity = @details['SEVERITY']
+      @category = @details['CATEGORY']
+      @threat = @details['THREAT']
+      @impact = @details['IMPACT']
+      @solution = @details['SOLUTION']
+      @pci_flag = @details['PCI_FLAG']
+      @correlation = @details['CORRELATION']
+      @vendor_reference_list = @details['VENDOR_REFERENCE_LIST']
+      @last_update = @details['BUGTRAQ_ID_LIST']
+    end
+    def parse_url
+      @url = 'https://qualysguard.qualys.eu/fo/common/vuln_info.php?id=' + @qid[4..-1]
+    end
+    def parse_vuln(vuln)
+      @qid = vuln['QID']['id']
+      @type = vuln['TYPE']
+      @port = vuln['PORT']
+      @service = vuln['SERVICE']
+      @protocol = vuln['PROTOCOL']
+      @ssl = vuln['SSL']
+      @result = vuln['RESULT']
+      @first_found = vuln['FIRST_FOUND']
+      @last_found = vuln['LAST_FOUND']
+      @times_found = vuln['TIMES_FOUND']
+      @status = vuln['VULN_STATUS']
+    end
+  end
+end

data/qualys.gemspec CHANGED

@@ -1,37 +1,36 @@
 # Created by hand, like a real man
 # coding: utf-8
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'qualys/version'
 Gem::Specification.new do |s|
   s.name        = 'qualys'
   s.version     = Qualys::VERSION
-  s.date        = '2015-02-25'
-  s.summary     = "qualys API Client"
-  s.description = "Easily interface with the qualys for consuming events"
-  s.authors     = ["Mike Mackintosh"]
+  s.date        = '2017-12-17'
+  s.summary     = 'qualys API Client'
+  s.description = 'Easily interface with the qualys for consuming events'
+  s.authors     = ['Mike Mackintosh']
   s.email       = 'm@zyp.io'
   s.homepage    =
     'http://github.com/mikemackintosh/ruby-qualys'
   s.license       = 'MIT'
-  s.require_paths = ["lib"]
+  s.require_paths = ['lib']
   s.files         = `git ls-files -z`.split("\x0")
-  #s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  #s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  # s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
-  s.add_dependency 'json'
   s.add_dependency 'erubis'
-  s.add_dependency 'httparty'
-  s.add_development_dependency "bundler"
-  s.add_development_dependency "rake"
-  s.add_development_dependency "rspec"
-  s.add_development_dependency "vcr"
-  s.add_development_dependency "webmock"
-  s.add_development_dependency "rubocop"
+  s.add_dependency 'httparty', '~> 0.15'
+  s.add_dependency 'json'
-end
+  s.add_development_dependency 'bundler'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'rubocop'
+  s.add_development_dependency 'vcr'
+  s.add_development_dependency 'webmock'
+end

data/spec/fixtures/vcr_cassettes/api_get.yml ADDED

@@ -0,0 +1,52 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://qualysapi.qualys.eu/api/2.0/fo/scan/?action=list
+    body:
+      encoding: US-ASCII
+      string: ''
+  response:
+    status:
+      code: 200
+      message: OK
+    body:
+      encoding: UTF-8
+      string: "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<!DOCTYPE SCAN_LIST_OUTPUT
+        SYSTEM \"https://qualysapi.qualys.eu/api/2.0/fo/scan/scan_list_output.dtd\">\n<!--
+        This report was generated with an evaluation version of Qualys //--> \n<SCAN_LIST_OUTPUT>\n
+        \ <RESPONSE>\n    <DATETIME>2017-12-11T12:49:00Z</DATETIME>\n    <SCAN_LIST>\n
+        \     <SCAN>\n        <REF>scan/XXXX633905.79357</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[shellshock 20171207]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-07T08:05:05Z</LAUNCH_DATETIME>\n        <DURATION>00:01:43</DURATION>\n
+        \       <PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Error</STATE>\n        </STATUS>\n        <TARGET><![CDATA[47.69.112.62]]></TARGET>\n
+        \     </SCAN>\n      <SCAN>\n        <REF>scan/1512633883.79354</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[shellshock 20171207]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-07T08:04:43Z</LAUNCH_DATETIME>\n        <DURATION>00:07:02</DURATION>\n
+        \       <PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Finished</STATE>\n        </STATUS>\n        <TARGET><![CDATA[47.69.112.62]]></TARGET>\n
+        \     </SCAN>\n      <SCAN>\n        <REF>scan/1512633720.79248</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[shellshock]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-07T08:01:59Z</LAUNCH_DATETIME>\n        <DURATION>00:00:06</DURATION>\n
+        \       <PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Error</STATE>\n        </STATUS>\n        <TARGET><![CDATA[47.69.112.62]]></TARGET>\n
+        \     </SCAN>\n      <SCAN>\n        <REF>scan/1512469561.67379</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[test_vuln]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-05T10:26:01Z</LAUNCH_DATETIME>\n        <DURATION>00:04:48</DURATION>\n
+        \       <PROCESSING_PRIORITY>1 - Emergency</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Finished</STATE>\n        </STATUS>\n        <TARGET><![CDATA[192.168.1.100]]></TARGET>\n
+        \     </SCAN>\n      <SCAN>\n        <REF>scan/1512466786.67046</REF>\n        <TYPE>On-Demand</TYPE>\n
+        \       <TITLE><![CDATA[test]]></TITLE>\n        <USER_LOGIN>Thomas</USER_LOGIN>\n
+        \       <LAUNCH_DATETIME>2017-12-05T09:39:46Z</LAUNCH_DATETIME>\n        <DURATION>00:07:56</DURATION>\n
+        \       <PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>\n        <PROCESSED>1</PROCESSED>\n
+        \       <STATUS>\n          <STATE>Finished</STATE>\n        </STATUS>\n        <TARGET><![CDATA[88.78.187.177]]></TARGET>\n
+        \     </SCAN>\n    </SCAN_LIST>\n  </RESPONSE>\n</SCAN_LIST_OUTPUT>\n<!--
+        This report was generated with an evaluation version of Qualys //--> \n<!--
+        CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard
+        Service \"As Is,\" without any warranty of any kind. Qualys makes no warranty
+        that the information contained in this report is complete or error-free. Copyright
+        2017, Qualys, Inc. //--> \n"
+    http_version:
+  recorded_at: Mon, 11 Dec 2017 12:49:00 GMT
+recorded_with: VCR 4.0.0