risu 1.4.3

data/lib/nessusdb/models/individualpluginselection.rb

@@ -0,0 +1,14 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+
+		# IndividualPluginSelection Model
+		#
+		# @author Jacob Hammack
+		class IndividualPluginSelection < ActiveRecord::Base
+			belongs_to :policy
+			has_many :plugins
+		end
+	end
+end

data/lib/nessusdb/models/item.rb

@@ -0,0 +1,183 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+		
+		# Item Model
+		#
+		# @author Jacob Hammack <jacob.hammack@hammackj.com>
+		class Item < ActiveRecord::Base
+			belongs_to :host
+			belongs_to :plugin
+		
+			class << self
+
+				# Queries for all risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def risks
+					where(:severity => [0,1,2,3])
+				end
+			
+				# Queries for all the high risks in the database
+				# 
+				# @return [ActiveRecord::Relation] with the query results
+				def high_risks
+					where(:severity => 3)
+				end
+			
+				# Queries for all the medium risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results 
+				def medium_risks
+					where(:severity => 2)
+				end
+				
+				# Queries for all the low risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def low_risks
+					where(:severity => 1)
+				end
+				
+				# Queries for all the info risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def info_risks
+					where(:severity => 0)
+				end
+				
+				# Queries for all the unique high risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def high_risks_unique
+					where(:severity => 3).joins(:plugin).order("plugins.cvss_base_score").group(:plugin_id)
+				end
+				
+				# Queries for all the unique high findings and sorts them by count
+				# 
+				# @return [ActiveRecord::Relation] with the query results
+				def high_risks_unique_sorted
+					select("items.*").select("count(*) as count_all").where(:severity => 3).group(:plugin_id).order("count_all DESC")
+				end
+				
+				# Queries for all the unique medium risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def medium_risks_unique
+					where(:severity => 2).joins(:plugin).order(:cvss_base_score).group(:plugin_id)
+				end
+				
+				# Queries for all the unique medium findings and sorts them by count
+				# 
+				# @return [ActiveRecord::Relation] with the query results
+				def medium_risks_unique_sorted
+					select("items.*").select("count(*) as count_all").where(:severity => 2).group(:plugin_id).order("count_all DESC")
+				end
+				
+				# Queries for all the unique low risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def low_risks_unique
+					where(:severity => 1).joins(:plugin).order(:cvss_base_score).group(:plugin_id)
+				end
+				
+				# Queries for all the unique low findings and sorts them by count
+				# 
+				# @return [ActiveRecord::Relation] with the query results
+				def low_risks_unique_sorted
+					select("items.*").select("count(*) as count_all").where(:severity => 1).group(:plugin_id).order("count_all DESC")
+				end
+				
+				# Queries for all the unique info risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def info_risks_unique
+					where(:severity => 0).joins(:plugin).order(:cvss_base_score).group(:plugin_id)
+				end
+				
+				# Queries for all the unique info findings and sorts them by count
+				# 
+				# @return [ActiveRecord::Relation] with the query results
+				def info_risks_unique_sorted
+					select("items.*").select("count(*) as count_all").where(:severity => 0).group(:plugin_id).order("count_all DESC")
+				end
+				
+				# Queries for all the risks grouped by service type, used for the Vulnerbilities by Service graph
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def risks_by_service(limit=10)
+					select("items.*").select("count(*) as count_all").where("svc_name != 'unknown' and svc_name != 'general'").group(:svc_name).order("count_all DESC").limit(limit)
+				end
+				
+				# Queries for all the high risks by plugin
+				#
+				# @todo update this
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def risks_by_plugin(limit=10)
+					select("items.*").select("count(*) as count_all").joins(:plugin).where("plugin_id != 1").where(:severity => 3).group(:plugin_id).order("count_all DESC").limit(limit)
+				end
+				
+				# Queries for all the risks by host
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def risks_by_host(limit=10)
+					select("items.*").select("count(*) as count_all").joins(:host).where("plugin_id != 1").where(:severity => [3, 2]).group(:host_id).order("count_all DESC").limit(limit)
+				end
+				
+				# Queries for all the hosts with the Microsoft patch summary plugin (38153)
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def ms_patches
+					where(:plugin_id => 38153).joins(:host)
+				end
+				
+				# Queries for all host with the Microsoft Update Summary plugin(12028)
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def ms_update
+					where(:plugin_id => 12028).joins(:host)
+				end
+				
+				# Generates a Graph of all the risks by service
+				# 
+				# @return [StringIO] Object containing the generated PNG image
+				def risks_by_service_graph(limit=10)
+					g = Gruff::Pie.new(GRAPH_WIDTH)
+					g.title = sprintf "Top %d Findings By Service", Item.risks_by_service(limit).all.count
+					g.sort = false
+					g.theme = {
+						:colors => %w(red green blue orange yellow purple black grey brown pink),
+						:background_colors => %w(white white)
+					}
+
+					Item.risks_by_service(limit).all.each { |service| 
+						g.data(service.svc_name, Item.find(:all, :conditions => {:svc_name => service.svc_name}).count)
+					}
+
+					StringIO.new(g.to_blob)
+				end
+				
+				# Generates a Graph of all the risks by severity
+				#
+				# @return [StringIO] Object containing the generated PNG image
+				def risks_by_severity_graph
+				  g = Gruff::Bar.new(GRAPH_WIDTH)
+				  g.title = "Findings By Severity"
+				  g.sort = false
+				  g.theme = {
+				     :background_colors => %w(white white)
+				  }
+
+				  g.data("High", Item.high_risks.count, "red") unless Item.high_risks.count == 0
+				  g.data("Medium", Item.medium_risks.count, "orange") unless Item.medium_risks.count == 0
+				  g.data("Low", Item.low_risks.count, "yellow") unless Item.low_risks.count == 0
+				  g.data("Info", Item.info_risks.count, "blue") unless Item.info_risks.count == 0
+
+				  StringIO.new(g.to_blob)
+				end
+			end
+		end
+	end
+end

data/lib/nessusdb/models/plugin.rb

@@ -0,0 +1,98 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+
+		# Plugin Model
+		#
+		# @author Jacob Hammack
+		class Plugin < ActiveRecord::Base
+			has_many :items
+			belongs_to :family
+			has_many :references
+			has_many :individual_plugin_selections
+
+			class << self
+
+				# Queries for all risks based on Plugin.risk_factor
+				#
+				# @return [Array] of all risks
+				def risks
+					critical_risks + high_risks + medium_risks + low_risks + none_risks
+				end
+
+				# Queries for all the critical risks based on Plugin.risk_factor
+				#
+				# @return [ActiveRelation] of Critical Risks
+				def critical_risks
+					where(:risk_factor => "Critical")
+				end
+
+				#Queries for all the critical risks based on Plugin.risk_factor
+				#
+				# @return [ActiveRelation] of High Risks
+				def high_risks
+					where(:risk_factor => "High")
+				end
+
+				# Queries for all the critical risks based on Plugin.risk_factor
+				#
+				# @return [ActiveRelation] of Medium Risks
+				def medium_risks
+					where(:risk_factor => "Medium")
+				end
+
+				# Queries for all the critical risks based on Plugin.risk_factor
+				#
+				# @return [ActiveRelation] of Low Risks
+				def low_risks
+					where(:risk_factor => "Low")
+				end
+
+				# Queries for all the critical risks based on Plugin.risk_factor
+				#
+				# @return [ActiveRelation] of None Risks
+				def none_risks
+					where(:risk_factor => "None")
+				end
+
+				# Creates a graph based on the top plugins sorted by count
+				#
+				# @return Filename of the created graph
+				def top_by_count_graph(limit=10)
+					g = Gruff::Bar.new(GRAPH_WIDTH)
+					g.title = sprintf "Top %d High Findings By Plugin", Item.risks_by_plugin(limit).all.count
+					g.sort = false
+					g.theme = {
+						:colors => %w(red green blue orange yellow purple black grey brown pink),
+						:background_colors => %w(white white)
+					}
+
+					Item.risks_by_plugin(limit).all.each do |plugin|
+						plugin_name = Plugin.find_by_id(plugin.plugin_id).plugin_name
+
+						#We need to filter the names a little to make everything look nice on the graph
+						plugin_name = case plugin.plugin_id
+							when 35362 then plugin_name.split(":")[0]
+							when 34477 then plugin_name.split(":")[0]
+							when 35635 then plugin_name.split(":")[0]
+							when 21564 then "VNC Remote Authentication Bypass"
+							when 38664 then "Intel Common Base Agent Remote Command Execution"
+							when 42411 then "Windows SMB Shares Unprivileged Access"
+							else
+								plugin_name = Plugin.find_by_id(plugin.plugin_id).plugin_name
+						end
+
+						if plugin_name =~ /^(MS\d{2}-\d{3}):/
+							plugin_name = $1
+						end
+
+						g.data(plugin_name, Item.where(:plugin_id => plugin.plugin_id).count)
+					end
+
+					StringIO.new(g.to_blob)
+				end
+			end
+		end
+	end
+end

data/lib/nessusdb/models/pluginspreference.rb

@@ -0,0 +1,12 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+		# PluginPreference Model
+		#
+		# @author Jacob Hammack
+		class PluginsPreference < ActiveRecord::Base
+		  belongs_to :policy
+		end
+	end
+end

data/lib/nessusdb/models/policy.rb

@@ -0,0 +1,17 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+		
+		# Policy Model
+		#
+		# @author Jacob Hammack
+		class Policy < ActiveRecord::Base
+		  has_many :family_selections
+		  has_many :individual_plugin_selections
+		  has_many :reports
+		  has_many :plugins_preferences
+			has_many :server_preferences
+		end
+	end
+end

data/lib/nessusdb/models/reference.rb

@@ -0,0 +1,13 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+		
+		# Reference Model
+		#
+		# @author Jacob Hammack
+		class Reference < ActiveRecord::Base
+		  has_many :plugins
+		end
+	end
+end

data/lib/nessusdb/models/report.rb

@@ -0,0 +1,26 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+		
+		# Report Model
+		#
+		# @author Jacob Hammack <jacob.hammack@hammackj.com>
+		class Report < ActiveRecord::Base
+		  has_many :hosts
+		  belongs_to :policy
+		
+			class << self
+				
+				attr_accessor :title, :author, :company, :classification
+				
+				#
+				#@scan_date = Host.where("start is not null").first[:start].to_s
+				#
+				def scan_date
+					Host.where("start is not null").first[:start].to_s
+				end
+			end
+		end
+	end
+end

data/lib/nessusdb/models/serverpreference.rb

@@ -0,0 +1,13 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+
+		# ServerPreference Model
+		#
+		# @author Jacob Hammack
+		class ServerPreference < ActiveRecord::Base
+		  belongs_to :policy
+		end
+	end
+end

data/lib/nessusdb/models/version.rb

@@ -0,0 +1,12 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+
+		# Version Model for the DB
+		#
+		# @author Jacob Hammack
+		class Version < ActiveRecord::Base
+		end
+	end
+end

data/lib/nessusdb/nessusdocument.rb

@@ -0,0 +1,66 @@
+# encoding: utf-8
+
+module NessusDB
+
+	# A Object to represet the Nessus xml file in memory
+	#
+	# @author Jacob Hammack <jacob.hammack@hammackj.com>
+	class NessusDocument
+
+		# Creates a instance of the NessusDocument class
+		#
+		def initialize document
+			@document = document
+		end
+
+		# Checks the validness of a NessusDocument
+		#
+		# @return [Boolean] True if valid, False if invalid
+		def valid?
+			if File.exist?(@document)
+				@parser = LibXML::XML::Parser.file @document
+				doc = @parser.parse
+
+				if doc.root.name == nil
+					return false
+				end
+				
+				if doc.root.name == "NessusClientData_v2"
+					return true
+				elsif doc.root.name == "NessusClientData"
+					return false
+				else
+					return false
+				end
+			else
+				return false
+			end
+		end
+
+		# Invokes the SAX parser on the XML document
+		#
+		def parse
+			@parser = LibXML::XML::SaxParser.file @document
+			@parser.callbacks = NessusSaxListener.new
+			@parser.parse
+		end
+
+		# Fixes the ip field if nil and replaces it with the name if its an ip
+		#
+		def fix_ips
+			@hosts = Host.all
+
+			@hosts.each do |host|
+				if host.ip == nil
+					begin
+						ip = IPAddr.new host.name
+						host.ip = ip.to_string
+						host.save
+					rescue ArgumentError => ae
+						next
+					end
+				end
+			end
+		end
+	end
+end