risu 1.5.0 → 1.5.1

data/lib/risu/models/patch.rb

@@ -1,9 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
 
 		# Version Model for the DB
 		#
-		# @author Jacob Hammack
 		class Patch < ActiveRecord::Base
 			belongs_to :host
 		end

data/lib/risu/models/plugin.rb

@@ -1,9 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
 
 		# Plugin Model
 		#
-		# @author Jacob Hammack
 		class Plugin < ActiveRecord::Base
 			has_many :items
 			belongs_to :family
@@ -61,6 +86,7 @@ module Risu
 					g = Gruff::Bar.new(GRAPH_WIDTH)
 					g.title = sprintf "Top %d Critical Findings By Plugin", Item.risks_by_plugin(limit).all.count
 					g.sort = false
+					g.marker_count = 1
 					g.theme = {
 						:colors => %w(red orange yellow blue green purple black grey brown pink),
 						:background_colors => %w(white white)
@@ -80,7 +106,7 @@ module Risu
 							else
 								plugin_name = Plugin.find_by_id(plugin.plugin_id).plugin_name
 						end
-						
+
 						if plugin_name =~ /^(MS\d{2}-\d{3}):/
 							plugin_name = $1
 						end

data/lib/risu/models/pluginspreference.rb

@@ -1,10 +1,34 @@
-# encoding: utf-8
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models
+
 		# PluginPreference Model
 		#
-		# @author Jacob Hammack
 		class PluginsPreference < ActiveRecord::Base
 		  belongs_to :policy
 		end

data/lib/risu/models/policy.rb

@@ -1,9 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
-		
+
 		# Policy Model
 		#
-		# @author Jacob Hammack
 		class Policy < ActiveRecord::Base
 		  has_many :family_selections
 		  has_many :individual_plugin_selections

data/lib/risu/models/reference.rb

@@ -1,103 +1,164 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
-		
+
 		# Reference Model
 		#
-		# @author Jacob Hammack
 		class Reference < ActiveRecord::Base
 		  has_many :plugins
-			
+
 			class << self
-				
+
 				# Queries all unique CVEs
 				#
 				def cve
 					where(:reference_name => "cve").select('DISTINCT value')
 				end
-				
+
 				# Queries all unique CPE
 				#
 				def cpe
 					where(:reference_name => "cpe").select('DISTINCT value')
 				end
-				
+
 				# Queries all unique BID
 				#
 				def bid
 					where(:reference_name => "bid").select('DISTINCT value')
 				end
-				
+
 				# Queries all unique see_also
 				#
 				def see_also
 					where(:reference_name => "see_also").select('DISTINCT value')
 				end
-				
+
 				# Queries all unique IAVA
 				#
 				def iava
 					where(:reference_name => "iava").select('DISTINCT value')
 				end
-				
+
 				# Queries all unique MSFT
 				#
 				def msft
 					where(:reference_name => "msft").select('DISTINCT value')
 				end
-				
+
 				# Queries all unique OSvdb
 				#
 				def osvdb
 					where(:reference_name => "osvdb").select('DISTINCT value')
 				end
-				
-				# Queries all unqiue cert refs
+
+				# Queries all unique cert refs
 				#
 				def cert
 					where(:reference_name => "cert").select('DISTINCT value')
 				end
-				
+
 				#
 				#
 				def edbid
 					where(:reference_name => "edb-id").select('DISTINCT value')
 				end
-				
+
 				#
 				#
 				def rhsa
 					where(:reference_name => "rhsa").select('DISTINCT value')
 				end
-				
+
 				#
 				#
 				def secunia
 					where(:reference_name => "secunia").select('DISTINCT value')
 				end
-				
+
 				#
 				#
 				def suse
 					where(:reference_name => "suse").select('DISTINCT value')
 				end
-				
+
 				#
 				#
 				def dsa
 					where(:reference_name => "dsa").select('DISTINCT value')
 				end
-				
+
 				#
 				#
 				def owasp
 					where(:reference_name => "owasp").select('DISTINCT value')
 				end
-				
+
 				#
 				#
 				def cwe
 					where(:reference_name => "cwe").select('DISTINCT value')
-				end					
+				end
+
+				#
+				#
+				def iavb
+					where(:reference_name => "iavb").select('DISTINCT value')
+				end
+
+				#
+				#
+				def iavt
+					where(:reference_name => "iavt").select('DISTINCT value')
+				end
+
+				#
+				#
+				def cisco_sa
+					where(:reference_name => "cisco-sa").select('DISTINCT value')
+				end
+
+				#
+				#
+				def ics_alert
+					where(:reference_name => "ics-alert").select('DISTINCT value')
+				end
+
+				#
+				#
+				def cisco_bug_id
+					where(:reference_name => "cisco-bug-id").select('DISTINCT value')
+				end
+
+				#
+				#
+				def cisco_sr
+					where(:reference_name => "cisco-sr").select('DISTINCT value')
+				end
 			end
 		end
 	end

data/lib/risu/models/report.rb

@@ -1,31 +1,56 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
-		
+
 		# Report Model
 		#
-		# @author Jacob Hammack <jacob.hammack@hammackj.com>
 		class Report < ActiveRecord::Base
 		  has_many :hosts
 		  belongs_to :policy
-		
+
 			class << self
-				
+
 				attr_accessor :title, :author, :company, :classification
-				
+
 				#
 				#@scan_date = Host.where("start is not null").first[:start].to_s
 				#
 				def scan_date
 					Host.where("start is not null").first[:start]
 				end
-				
+
 				#
 				# @todo comment this
 				#
 				def scanner_nessus_ratings_text
-					text = "The vulnerability scanner used by #{Report.company} rates the findings as follows: High, Medium, Low and Open Ports. High findings represents a security hole, initially this is the highest rating a risk can get.  These generally represent vulnerabilities that can lead to full system compromise due to missing security patches. High findings should be remediated first as they generally leave the network wide open. Medium findings are considered a security warning; these are not as severe as high but should be evaluated on a risk-by-risk basis. These are typically configuration errors that can lead to information disclosures such as usernames, passwords, and configuration settings. Low findings are identified as security notes; these provide information the scanner discovered during the scanning process. The information includes items such as hostname, domain name, and MAC address. Open Port findings represent the open ports on each system that the scanner found during the scan process. These should be evaluated against firewall settings to test the firewall configurations.\n\n"  
+					text = "The vulnerability scanner used by #{Report.company} rates the findings as follows: High, Medium, Low and Open Ports. High findings represents a security hole, initially this is the highest rating a risk can get.  These generally represent vulnerabilities that can lead to full system compromise due to missing security patches. High findings should be remediated first as they generally leave the network wide open. Medium findings are considered a security warning; these are not as severe as high but should be evaluated on a risk-by-risk basis. These are typically configuration errors that can lead to information disclosures such as usernames, passwords, and configuration settings. Low findings are identified as security notes; these provide information the scanner discovered during the scanning process. The information includes items such as hostname, domain name, and MAC address. Open Port findings represent the open ports on each system that the scanner found during the scan process. These should be evaluated against firewall settings to test the firewall configurations.\n\n"
 					text << "After the scanner is complete, the scanner evaluates each finding and bases it on the Common Vulnerability Scoring System (CVSS) score assigned to each finding. Any findings with a CVSS base score of 10 are upgraded to a Critical finding. These represent vulnerabilities that are trivial to gain administrator access to the system, with little to no effort. For more information on the CVSS scoring system please visit: http://nvd.nist.gov/cvss.cfm.\n\n"
-					
+
 					return text
 				end
 			end

data/lib/risu/models/serverpreference.rb

@@ -1,9 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
 
 		# ServerPreference Model
 		#
-		# @author Jacob Hammack
 		class ServerPreference < ActiveRecord::Base
 		  belongs_to :policy
 		end