risu 1.4.9 → 1.5.0

data/lib/risu/exceptions.rb

@@ -1,8 +1,6 @@
-# encoding: utf-8
-
 module Risu
 	module Exceptions
 	end
 end
 
-require 'risu/exceptions/invaliddocument'
+require 'risu/exceptions/invaliddocument'

data/lib/risu/models/host.rb

@@ -319,7 +319,7 @@ module Risu
 					g.data("OSX", osx) unless osx == 0
 					g.data("FreeBSD", freebsd) unless freebsd == 0
 					g.data("NetBSD", netbsd) unless netbsd == 0
-					g.data("Cisco ISO", cisco) unless cisco == 0
+					g.data("Cisco IOS", cisco) unless cisco == 0
 					g.data("VxWorks", vxworks) unless vxworks == 0
 					g.data("VMware", esx) unless esx == 0
 					g.data("AIX", aix) unless aix == 0

data/lib/risu/models/item.rb

@@ -14,9 +14,16 @@ module Risu
 				#
 				# @return [ActiveRecord::Relation] with the query results
 				def risks
-					where(:severity => [0,1,2,3])
+					where(:severity => [0,1,2,3,4])
 				end
 
+				# Queries for all the high risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def critical_risks
+					where(:severity => 4)
+				end				
+				
 				# Queries for all the high risks in the database
 				#
 				# @return [ActiveRecord::Relation] with the query results
@@ -45,6 +52,13 @@ module Risu
 					where(:severity => 0)
 				end
 
+				# Queries for all the unique Critical risks in the database
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def critical_risks_unique
+					where(:severity => 4).joins(:plugin).order("plugins.cvss_base_score").group(:plugin_id)
+				end
+
 				# Queries for all the unique high risks in the database
 				#
 				# @return [ActiveRecord::Relation] with the query results
@@ -52,6 +66,13 @@ module Risu
 					where(:severity => 3).joins(:plugin).order("plugins.cvss_base_score").group(:plugin_id)
 				end
 
+				# Queries for all the unique Critical findings and sorts them by count
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def critical_risks_unique_sorted
+					select("items.*").select("count(*) as count_all").where(:severity => 4).group(:plugin_id).order("count_all DESC")
+				end
+
 				# Queries for all the unique high findings and sorts them by count
 				#
 				# @return [ActiveRecord::Relation] with the query results
@@ -108,16 +129,16 @@ module Risu
 					select("items.*").select("count(*) as count_all").where("svc_name != 'unknown' and svc_name != 'general'").group(:svc_name).order("count_all DESC").limit(limit)
 				end
 
-				# Queries for all the high risks by plugin
+				# Queries for all the Critical risks by plugin
 				#
 				# @param limit Limits the result to a specific number, default 10
 				#
 				# @return [ActiveRecord::Relation] with the query results
 				def risks_by_plugin(limit=10)
-					select("items.*").select("count(*) as count_all").joins(:plugin).where("plugin_id != 1").where(:severity => 3).group(:plugin_id).order("count_all DESC").limit(limit)
+					select("items.*").select("count(*) as count_all").joins(:plugin).where("plugin_id != 1").where(:severity => 4).group(:plugin_id).order("count_all DESC").limit(limit)
 				end
 
-				# Queries for all the high risks by host
+				# Queries for all the Critical risks by host
 				#
 				# @param limit Limits the result to a specific number, default 10
 				#
@@ -125,7 +146,7 @@ module Risu
 				#
 				# @return [ActiveRecord::Relation] with the query results
 				def risks_by_host(limit=10)
-					select("items.*").select("count(*) as count_all").joins(:host).where("plugin_id != 1").where(:severity => 3).group(:host_id).order("count_all DESC").limit(limit)
+					select("items.*").select("count(*) as count_all").joins(:host).where("plugin_id != 1").where(:severity => 4).group(:host_id).order("count_all DESC").limit(limit)
 				end
 
 				# Queries for all the hosts with the Microsoft patch summary plugin (38153)
@@ -182,16 +203,19 @@ module Risu
 						:background_colors => %w(white white)
 					}
 
+					crit = Item.critical_risks.count
 					high = Item.high_risks.count
 					medium = Item.medium_risks.count
 					low = Item.low_risks.count
 					info = Item.info_risks.count
 					
+					if crit == nil then crit = 0 end
 					if high == nil then high = 0 end
 					if medium == nil then medium = 0 end
 					if low == nil then low = 0 end		
 					if info == nil then info = 0 end
 
+					g.data("Critical", crit, "purple")
 					g.data("High", high, "red")
 					g.data("Medium", medium, "orange")
 					g.data("Low", low, "yellow")
@@ -199,30 +223,65 @@ module Risu
 
 					StringIO.new(g.to_blob)
 				end
+				
+				#
+				#
+				def stig_findings(categeory="I")
+					where('plugin_id IN (:plugins)', :plugins => Plugin.where(:stig_severity => categeory).select(:id)).order("severity DESC")
+				end
+				
+				# Generates a Graph of all the risks by severity
+				#
+				# @return [StringIO] Object containing the generated PNG image
+				def stigs_severity_graph
+					g = Gruff::Bar.new(GRAPH_WIDTH)
+					g.title = "Stigs By Severity"
+					g.sort = false
+					g.theme = {
+						:colors => %w(purple red orange yellow blue green black grey brown pink),
+						:background_colors => %w(white white)
+					}
+
+					i = Item.stig_findings("I").count
+					ii = Item.stig_findings("II").count
+					iii = Item.stig_findings("III").count
+					
+					if i == nil then i = 0 end
+					if ii == nil then ii = 0 end
+					if iii == nil then iii = 0 end
+
+					g.data("Cat I", i, "purple")
+					g.data("Cat II", ii, "red")
+					g.data("Cat III", iii, "orange")
+
+					StringIO.new(g.to_blob)
+				end				
 
 				# @todo change Report.title to a real variable
 				# @todo rewite this
 				def risks_by_severity_graph_text
-					high = Item.high_risks.count
-					medium = Item.medium_risks.count
+					#crit = Item.crit_risks.count
+					#high = Item.high_risks.count
+					#medium = Item.medium_risks.count
 					
-					if high == nil then high = 0 end
-					if medium == nil then medium = 0 end
+					#if crit == nil then crit = 0 end
+					#if high == nil then high = 0 end
+					#if medium == nil then medium = 0 end
 						
 					#percentage = high
 										
-					hosts_with_high = Hash.new
+					hosts_with_critical = Hash.new
 					
-					Item.high_risks.all.each do |item|
+					Item.critical_risks.all.each do |item|
 						ip = Host.find_by_id(item.host_id).name
-						if hosts_with_high[ip] == nil
-							hosts_with_high[ip] = 1
+						if hosts_with_critical[ip] == nil
+							hosts_with_critical[ip] = 1
 						end
 								
-						hosts_with_high[ip] = hosts_with_high[ip] + 1
+						hosts_with_critical[ip] = hosts_with_critical[ip] + 1
 					end
 					
-					host_percent = (hosts_with_high.count.to_f / Host.all.count.to_f) * 100
+					host_percent = (hosts_with_critical.count.to_f / Host.all.count.to_f) * 100
 					
 					adjective = case host_percent
 						when 0..5
@@ -286,7 +345,7 @@ module Risu
 				
 				#sqlite only @todo @fix
 				def top_10_sorted_raw
-					raw = Item.joins(:plugin).where(:severity => 3).order("cast(plugins.cvss_base_score as real)").count(:all, :group => :plugin_id)
+					raw = Item.joins(:plugin).where(:severity => 4).order("cast(plugins.cvss_base_score as real)").count(:all, :group => :plugin_id)
 					data = Array.new
 
 					raw.each do |vuln|
@@ -308,7 +367,7 @@ module Risu
 				
 				def top_10_sorted
 					#raw = Item.where(:severity => 3).count(:all, :group => :plugin_id)
-					raw = Item.joins(:plugin).where(:severity => 3).order(:cvss_base_score).count(:all, :group => :plugin_id)
+					raw = Item.joins(:plugin).where(:severity => 4).order(:cvss_base_score).count(:all, :group => :plugin_id)
 					data = Array.new
 
 					raw.each do |vuln|
@@ -330,6 +389,12 @@ module Risu
 					return data	
 				end
 				
+				# Returns a prawn pdf table for the top 10 notable findings
+				#
+				# @todo change this method to return a array/table and let the template render it
+				# @todo rename to notable_table also
+				#
+				# @param output device to write the table to
 				def top_10_table(output)
 					headers = ["Description", "Count"]
 					header_widths = {0 => (output.bounds.width - 50), 1 => 50}
@@ -339,7 +404,14 @@ module Risu
 					output.table([headers] + data[0..9], :header => true, :column_widths => header_widths, :width => output.bounds.width) do
 						row(0).style(:font_style => :bold, :background_color => 'cccccc')
 						cells.borders = [:top, :bottom, :left, :right]
-					end					
+					end			
+				end
+				
+				# Queries for all unique risks and sorts them by count
+				# 
+				# @return [ActiveRecord::Relation] with the query results
+				def all_risks_unique_sorted
+				    select("items.*").select("count(*) as count_all").group(:plugin_id).order("count_all DESC")
 				end
 				
 			end

data/lib/risu/models/plugin.rb

@@ -59,7 +59,7 @@ module Risu
 				# @return Filename of the created graph
 				def top_by_count_graph(limit=10)
 					g = Gruff::Bar.new(GRAPH_WIDTH)
-					g.title = sprintf "Top %d High Findings By Plugin", Item.risks_by_plugin(limit).all.count
+					g.title = sprintf "Top %d Critical Findings By Plugin", Item.risks_by_plugin(limit).all.count
 					g.sort = false
 					g.theme = {
 						:colors => %w(red orange yellow blue green purple black grey brown pink),
@@ -80,7 +80,7 @@ module Risu
 							else
 								plugin_name = Plugin.find_by_id(plugin.plugin_id).plugin_name
 						end
-
+						
 						if plugin_name =~ /^(MS\d{2}-\d{3}):/
 							plugin_name = $1
 						end

data/lib/risu/models/reference.rb

@@ -6,6 +6,99 @@ module Risu
 		# @author Jacob Hammack
 		class Reference < ActiveRecord::Base
 		  has_many :plugins
+			
+			class << self
+				
+				# Queries all unique CVEs
+				#
+				def cve
+					where(:reference_name => "cve").select('DISTINCT value')
+				end
+				
+				# Queries all unique CPE
+				#
+				def cpe
+					where(:reference_name => "cpe").select('DISTINCT value')
+				end
+				
+				# Queries all unique BID
+				#
+				def bid
+					where(:reference_name => "bid").select('DISTINCT value')
+				end
+				
+				# Queries all unique see_also
+				#
+				def see_also
+					where(:reference_name => "see_also").select('DISTINCT value')
+				end
+				
+				# Queries all unique IAVA
+				#
+				def iava
+					where(:reference_name => "iava").select('DISTINCT value')
+				end
+				
+				# Queries all unique MSFT
+				#
+				def msft
+					where(:reference_name => "msft").select('DISTINCT value')
+				end
+				
+				# Queries all unique OSvdb
+				#
+				def osvdb
+					where(:reference_name => "osvdb").select('DISTINCT value')
+				end
+				
+				# Queries all unqiue cert refs
+				#
+				def cert
+					where(:reference_name => "cert").select('DISTINCT value')
+				end
+				
+				#
+				#
+				def edbid
+					where(:reference_name => "edb-id").select('DISTINCT value')
+				end
+				
+				#
+				#
+				def rhsa
+					where(:reference_name => "rhsa").select('DISTINCT value')
+				end
+				
+				#
+				#
+				def secunia
+					where(:reference_name => "secunia").select('DISTINCT value')
+				end
+				
+				#
+				#
+				def suse
+					where(:reference_name => "suse").select('DISTINCT value')
+				end
+				
+				#
+				#
+				def dsa
+					where(:reference_name => "dsa").select('DISTINCT value')
+				end
+				
+				#
+				#
+				def owasp
+					where(:reference_name => "owasp").select('DISTINCT value')
+				end
+				
+				#
+				#
+				def cwe
+					where(:reference_name => "cwe").select('DISTINCT value')
+				end					
+			end
 		end
 	end
 end

data/lib/risu/parsers/nessus/nessus_sax_listener.rb

@@ -1,7 +1,7 @@
-# encoding: utf-8
-
 require 'risu'
 
+ActiveRecord::Migration.verbose = false
+
 module Risu
 	module Parsers
 		module Nessus
@@ -16,8 +16,13 @@ module Risu
 				#
 				def initialize
 					@vals = Hash.new
+					
+					@valid_references = Array[
+						"cpe", "bid", "see_also", "xref", "cve", "iava", "msft", 
+						"osvdb", "cert", "edb-id", "rhsa", "secunia", "suse", "dsa", 
+						"owasp", "cwe"]
 
-					@valid_elements = Array["see_also", "cve", "ReportItem", "xref", "bid", "plugin_version", "risk_factor",
+					@valid_elements = Array["ReportItem", "plugin_version", "risk_factor",
 						"description", "cvss_base_score", "solution", "item", "plugin_output", "tag", "synopsis", "plugin_modification_date",
 						"FamilyName", "FamilyItem", "Status", "vuln_publication_date", "ReportHost", "HostProperties", "preferenceName",
 						"preferenceValues", "preferenceType", "fullName", "pluginId", "pluginName", "selectedValue", "selectedValue",
@@ -26,8 +31,11 @@ module Risu
 						"Report", "Family", "Preferences", "PluginsPreferences", "FamilySelection", "IndividualPluginSelection", "PluginId",
 						"pci-dss-compliance", "exploitability_ease", "cvss_temporal_vector", "exploit_framework_core", "cvss_temporal_score",
 						"exploit_available", "metasploit_name", "exploit_framework_canvas", "canvas_package", "exploit_framework_metasploit",
-						"plugin_type", "cpe", "exploithub_sku", "exploit_framework_exploithub", "stig_severity"]
+						"plugin_type", "exploithub_sku", "exploit_framework_exploithub", "stig_severity", "plugin_name", "fname",
+						]
 						
+						@valid_elements = @valid_elements + @valid_references
+																		
 						# This makes adding new host properties really easy, except for the 
 						#MS patch numbers, this are handled differently.
 						@valid_host_properties = {
@@ -60,14 +68,15 @@ module Risu
 							"pcidss:dns_zone_transfer" => :pcidss_dns_zone_transfer,
 							"pcidss:unprotected_mssql_db" => :pcidss_unprotected_mssql_db,
 							"pcidss:obsolete_software" => :pcidss_obsolete_software,
-							"pcidss:www:sql_injection" => :pcidss_www_sql_injection
+							"pcidss:www:sql_injection" => :pcidss_www_sql_injection,
+							"fname" => :fname
 						}
 				end
 
 				# Callback for when the start of a xml element is reached
 				#
-				# @param element
-				# @param attributes
+				# @param element XML element
+				# @param attributes Attributes for the XML element
 				def on_start_element(element, attributes)
 					@tag = element
 					@vals[@tag] = ""
@@ -227,29 +236,17 @@ module Risu
 							end if @attr != nil
 						#We cannot handle the references in the same block as the rest of the ReportItem tag because
 						#there tends to be more than of the different types of reference per ReportItem, this causes issue for a sax
-						#parser. To solve this we do the references before the final plugin data
-						when "cve"
-							@cve = @plugin.references.create
-							@cve.reference_name = "cve"
-							@cve.value = @vals["cve"]
-							@cve.save
-						when "bid"
-							@bid = @plugin.references.create
-							@bid.reference_name = "bid"
-							@bid.value = @vals["bid"]
-							@bid.save
-						when "see_also"
-							@see_also = @plugin.references.create
-							@see_also.reference_name = "see_also"
-							@see_also.value = @vals["see_also"]
-							@see_also.save
-						when "xref"
-							@xref = @plugin.references.create
-							@xref.reference_name = "xref"
-							@xref.value = @vals["xref"]
-							@xref.save
+						#parser. To solve this we do the references before the final plugin data, Valid references must be added 
+						#the @valid_reference array at the top to be parsed.
+						# *@valid_reference, does a 'when' on each element of the @valid_references array, pure magic
+						when *@valid_references
+							@ref = @plugin.references.create
+							@ref.reference_name = element
+							@ref.value = @vals["#{element}"]
+							@ref.save
 						when "ReportItem"
 							@ri.plugin_output = @vals["plugin_output"]
+							@ri.plugin_name = @vals["plugin_name"]
 							@ri.save
 
 							@plugin.attributes = {
@@ -257,6 +254,7 @@ module Risu
 								:risk_factor => @vals["risk_factor"],
 								:description => @vals["description"],
 								:plugin_publication_date => @vals["plugin_publication_date"],
+								:plugin_modification_date => @vals["plugin_modification_date"],								
 								:synopsis => @vals["synopsis"],
 								:plugin_type => @vals["plugin_type"],
 								:cvss_vector => @vals["cvss_vector"],
@@ -272,10 +270,10 @@ module Risu
 								:metasploit_name => @vals["metasploit_name"],
 								:exploit_framework_canvas => @vals["exploit_framework_canvas"],
 								:canvas_package => @vals["canvas_package"],
-								:cpe => @vals["cpe"],
 								:exploit_framework_exploithub => @vals["exploit_framework_exploithub"],
 								:exploithub_sku => @vals["exploithub_sku"],
-								:stig_severity => @vals["stig_severity"]								
+								:stig_severity => @vals["stig_severity"],
+								:fname => @vals["fname"]						
 							}
 							@plugin.save
 					end