risu 1.5.3 → 1.6.0

data/lib/risu/templates/ms_update_summary.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2012 Arxopia LLC.
+# Copyright (c) 2010-2013 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/templates/ms_wsus_findings.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2012 Arxopia LLC.
+# Copyright (c) 2010-2013 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/templates/notable.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2012 Arxopia LLC.
+# Copyright (c) 2010-2013 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -26,35 +26,31 @@
 
 module Risu
 	module Templates
-		class Top10 < Risu::Base::TemplateBase
+		class NotableTemplate < Risu::Base::TemplateBase
+			include TemplateHelper
 
-			# @todo comments
-			#
+			#Creates an instance of the [NotableTemplate] class and initializes its meta-data
 			def initialize ()
 				@template_info =
 				{
 					:name => "notable",
 					:author => "hammackj",
-					:version => "0.0.2",
+					:version => "0.0.3",
 					:description => "Notable Vulnerabilities"
 				}
 			end
 
-			# @todo comments
-			#
+			# Renders a Notable Findings Report
 			def render(output)
 				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
-				output.font_size(22) {
-					output.text Report.title, :align => :center
-				}
+				report_title Report.title
+				report_subtitle "Notable Vulnerabilities"
 
-				output.font_size(18) {
-					output.text "Notable Vulnerabilities", :align => :center
-					output.text "\n"
+				output.font_size(14) do
 					output.text "This report was prepared by\n#{Report.author}", :align => :center
-				}
+				end
 
 				output.text "\n\n\n"
 

data/lib/risu/templates/notable_detailed.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2012 Arxopia LLC.
+# Copyright (c) 2010-2013 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -26,16 +26,16 @@
 
 module Risu
 	module Templates
-		class NotableDetailed < Risu::Base::TemplateBase
+		class NotableTemplateDetailed < Risu::Base::TemplateBase
+			include TemplateHelper
 
-			#
-			#
+			#Creates an instance of the [NotableTemplateDetailed] class and initializes its meta-data
 			def initialize ()
 				@template_info =
 				{
 					:name => "notable_detailed",
 					:author => "hammackj",
-					:version => "0.0.4",
+					:version => "0.0.5",
 					:description => "Notable Vulnerabilities Detailed"
 				}
 			end
@@ -43,26 +43,18 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification.upcase, :align => :center
-				output.text "\n"
+				@output.text Report.classification.upcase, :align => :center
+				@output.text "\n"
 
-				output.font_size(22) do
-					output.text Report.title, :align => :center
-				end
-
-				output.font_size(18) do
-					output.text "Notable Vulnerabilities", :align => :center
-					output.text "\n"
-					output.text "This report was prepared by\n#{Report.author}", :align => :center
-				end
+				report_title Report.title
+				report_subtitle "Notable Vulnerabilities"
+				report_author "This report was prepared by\n#{Report.author}"
 
-				output.text "\n\n\n"
+				@output.text "\n\n\n"
 
-				output.text "Scan Date:", :style => :bold
-				output.text "#{Report.scan_date}"
-				output.text "\n"
-
-				output.font_size(10)
+				@output.text "Scan Date:", :style => :bold
+				@output.text "#{Report.scan_date}"
+				@output.text "\n"
 
 				data = Item.top_10_sorted_raw
 
@@ -72,88 +64,85 @@ module Risu
 
 				unique_risks.each do |h|
 					if h[:values].length > 1
-						output.text "\n"
+						@output.text "\n"
 
 						h[:values].each do |f|
 							plugin_id = f[0]
 
-							hosts = Item.where(:plugin_id => plugin_id)
+							hosts = Item.where(:plugin_id => plugin_id).group(:host_id)
 							item = Item.where(:plugin_id => plugin_id)
 							plugin = Plugin.find_by_id(plugin_id)
 
 							references = Reference.where(:plugin_id => plugin.id).group(:value).order(:reference_name)
 
-							output.font_size(16) do
-								output.text "#{counter}: #{plugin.plugin_name}\n"
-							end
+							heading3 "#{counter}: #{Item.scrub_plugin_name(plugin.plugin_name)}\n"
 
 							if hosts.length > 1
-								output.text "Hosts", :style => :bold
+								@output.text "Hosts", :style => :bold
 							else
-								output.text "Host", :style => :bold
+								@output.text "Host", :style => :bold
 							end
 
 							hostlist = Array.new
 							hosts.each do |host|
 								h = Host.find_by_id(host.host_id)
-								hostlist << h.name
+								host_string = "#{h.name}"
+								host_string << " (#{h.fqdn})" if h.fqdn != nil
+								hostlist << host_string
 							end
 
-							output.text hostlist.join(', ')
+							@output.text hostlist.join(', ')
 
 							#if item.plugin_output != nil
-							#	output.text "\nPlugin output", :style => :bold
-							#	output.text f.plugin_output
+							#	@output.text "\nPlugin output", :style => :bold
+							#	@output.text f.plugin_output
 							#end
 
 							if plugin.description != nil
-								output.text "\nDescription", :style => :bold
-								output.text plugin.description
+								@output.text "\nDescription", :style => :bold
+								@output.text plugin.description.gsub(/[ ]{2,}/, " ")
 							end
 
 							if plugin.synopsis != nil
-								output.text "\nSynopsis", :style => :bold
-								output.text plugin.synopsis
+								@output.text "\nSynopsis", :style => :bold
+								@output.text plugin.synopsis
 							end
 
 							if plugin.cvss_base_score != nil
-								output.text "\nCVSS Base Score", :style => :bold
-								output.text plugin.cvss_base_score
+								@output.text "\nCVSS Base Score", :style => :bold
+								@output.text plugin.cvss_base_score
 							end
 
 							if plugin.exploit_available != nil
-								output.text "\nExploit Available", :style => :bold
+								@output.text "\nExploit Available", :style => :bold
 
 								if plugin.exploit_available == "true"
-									output.text "Yes"
+									@output.text "Yes"
 								else
-									output.text "No"
+									@output.text "No"
 								end
 							end
 
 							if plugin.solution != nil
-								output.text "\nSolution", :style => :bold
-								output.text plugin.solution
+								@output.text "\nSolution", :style => :bold
+								@output.text plugin.solution
 							end
 
 							if references.size != 0
-								output.text "\nReferences", :style => :bold
-								references.each do |ref|
-									ref_text = sprintf "%s: %s\n", ref.reference_name, ref.value
-									output.text ref_text
-								end
-								output.text "\nNessus Plugin", :style => :bold
-								output.text "http://www.tenablesecurity.com/plugins/index.php?view=single&id=#{plugin_id}"
+								@output.text "\nReferences", :style => :bold
+								@output.text plugin.references.reference_string, :inline_format => true
+								@output.text "<b>nessus_plugin</b>: http://www.tenablesecurity.com/plugins/index.php?view=single&id=#{plugin_id}", :inline_format => true
 							end
-							output.text "\n"
+
+							@output.text "\n"
 							counter += 1
 						end
 					end
 
-					output.start_new_page unless h[:values] == nil
+					@output.start_new_page unless h[:values] == nil
 				end
 
-				output.number_pages "<page> of <total>", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all
+				@output.number_pages "<page> of <total>", :at => [@output.bounds.right - 75, 0], :width => 150, :page_filter => :all
 			end
 		end
 	end

data/lib/risu/templates/pci_compliance.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2012 Arxopia LLC.
+# Copyright (c) 2010-2013 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -27,83 +27,77 @@
 module Risu
 	module Templates
 		class PCICompliance < Risu::Base::TemplateBase
+			include TemplateHelper
 
-			#
-			#
 			def initialize ()
 				@template_info =
 				{
 					:name => "pci_compliance",
 					:author => "hammackj",
-					:version => "0.0.3",
+					:version => "0.0.4",
 					:description => "Generates a PCI Compliance Overview Report"
 				}
 			end
 
-			#
-			#
 			def render(output)
-				output.text Report.classification.upcase, :align => :center
-				output.text "\n"
+				text Report.classification.upcase, :align => :center
+				text "\n"
 
-				output.font_size(22) { output.text Report.title, :align => :center }
-				output.font_size(18) {
-					output.text "PCI / DSS Compliance Overview", :align => :center
-					output.text "\n"
-					output.text "This report was prepared by\n#{Report.author}", :align => :center
-				}
+				report_title Report.title
+				report_subtitle "PCI / DSS Compliance Overview"
+				report_author "This report was prepared by\n#{Report.author}"
 
-				output.text "\n\n\n"
+				text "\n\n\n"
 
 				@hosts_count = Host.find(:all, :conditions => ["pci_dss_compliance is not null"]).count
 				@hosts_passed = Host.find(:all, :conditions => ["pci_dss_compliance like 'passed'"])
 				@hosts_failed = Host.find(:all, :conditions => ["pci_dss_compliance like 'failed'"])
 
-				output.font_size(20) {
+				output.font_size(20) do
 					output.text "Summary\n", :style => :bold
-				}
+				end
 
-				output.text "Of #{@hosts_count} total hosts, #{@hosts_passed.count} passed and #{@hosts_failed.count} failed."
+				text "Of #{@hosts_count} total hosts, #{@hosts_passed.count} passed and #{@hosts_failed.count} failed."
 
-				output.text "\n\n"
+				text "\n\n"
 
 				if @hosts_passed.length > 0
-					output.font_size(20) {
+					output.font_size(20) do
 						output.fill_color "00FF00"
 						output.text "PCI / DSS Compliant Hosts", :style => :bold
 						output.fill_color "000000"
-						}
+					end
 
 					output.text "\n"
 
 					@hosts_passed.each do |host|
-						output.text "#{host.ip} / #{host.fqdn} - passed\n"
+						text "#{host.ip} / #{host.fqdn} - passed\n"
 					end unless @hosts_passed == nil
 
 					output.start_new_page
 				end
 
 				if @hosts_failed.length > 0
-					output.font_size(20) {
+					output.font_size(20) do
 						output.fill_color "FF0000"
 						output.text "Non PCI / DSS Compliant Hosts", :style => :bold
 						output.fill_color "000000"
-						}
+					end
 
-					output.text "\n"
+					text "\n"
 
 					@hosts_failed.each do |host|
-							host_id = host.id
-							plugin = Plugin.find(:first, :conditions => { :id => 33929 })
-							item = Item.find(:first, :conditions => { :host_id => host_id, :plugin_id => plugin.id })
+						host_id = host.id
+						plugin = Plugin.find(:first, :conditions => { :id => 33929 })
+						item = Item.find(:first, :conditions => { :host_id => host_id, :plugin_id => plugin.id })
 
-							output.text "#{host.ip} / #{host.fqdn} - failed\n", :style => :bold
-							output.text "Description:\n", :style => :bold
-							output.text "#{plugin.description}\n"
-							output.text "Plugin Output:\n", :style => :bold
-							output.text "#{item.plugin_output}\n"
+						output.text "#{host.ip} / #{host.fqdn} - failed\n", :style => :bold
+						output.text "Description:\n", :style => :bold
+						output.text "#{plugin.description}\n"
+						output.text "Plugin Output:\n", :style => :bold
+						output.text "#{item.plugin_output}\n"
 
-							output.text "\n"
+						text "\n"
 
 					end unless @hosts_failed == nil
 

data/lib/risu/templates/stig_findings_summary.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2012 Arxopia LLC.
+# Copyright (c) 2010-2013 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -26,39 +26,30 @@
 
 module Risu
 	module Templates
-		class StigFindingsSummary < Risu::Base::TemplateBase
+		class StigFindingsSummaryTemplate < Risu::Base::TemplateBase
+			include TemplateHelper
 
-			# Initializes the template loading meta-data
-			#
 			def initialize ()
 				@template_info =
 				{
 					:name => "stig_findings_summary",
 					:author => "hammackj",
-					:version => "0.0.3",
+					:version => "0.0.4",
 					:description => "DISA Stig findings summary report"
 				}
 
 				@output = nil
 			end
 
-			#
-			#
 			def header
-				@output.text Report.classification.upcase, :align => :center
-				@output.text "\n"
+				text Report.classification.upcase, :align => :center
+				text "\n"
 
-				@output.font_size(22) do
-					@output.text Report.title, :align => :center
-				end
-
-				@output.font_size(18) do
-					@output.text "Stig Findings Summary", :align => :center
-					@output.text "\n"
-					@output.text "This report was prepared by\n#{Report.author}", :align => :center
-				end
+				report_title Report.title
+				report_subtitle "Stig Findings Summary"
+				report_author "This report was prepared by\n#{Report.author}"
 
-				@output.text "\n\n\n"
+				text "\n\n\n"
 			end
 
 			# Creates a list of hosts from an list of Items
@@ -68,6 +59,9 @@ module Risu
  				Host.where('id IN (:hosts)', :hosts => Item.where(:plugin_id => plugin_id).select(:host_id).select('host_id AS id'))
 			end
 
+			#
+			# @todo pull to main Host api
+			#
 			def host_list_text(hosts)
 				host_string = ""
 				hosts.all.each do |host|
@@ -90,26 +84,26 @@ module Risu
 				stigs = Item.stig_findings(category).group(:plugin_id)
 
 				stigs.each do |stig|
-					@output.text "#{stig.plugin_name}", :size => 16
+					text "#{stig.plugin_name}", :size => 16
 					hosts = host_list_from_plugin_id(stig.plugin_id)
 					hosts_string = host_list_text(hosts)
 
 					if hosts.count > 1
-						@output.text "<b>Hosts</b>: #{hosts_string}", :inline_format => true
+						text "<b>Hosts</b>: #{hosts_string}", :inline_format => true
 					else
-						@output.text "<b>Host</b>: #{hosts_string}", :inline_format => true
+						text "<b>Host</b>: #{hosts_string}", :inline_format => true
 					end
 
-					@output.text "<b>Risk</b>: #{stig.plugin.risk_factor}", :inline_format => true
-					@output.text "<b>CVE Reference</b>: #{ref_string(stig.plugin.references.cve)}", :inline_format => true
-					@output.text "<b>IAVA Reference</b>: #{ref_string(stig.plugin.references.iava)}", :inline_format => true
+					text "<b>Risk</b>: #{stig.plugin.risk_factor}", :inline_format => true
+					text "<b>CVE Reference</b>: #{ref_string(stig.plugin.references.cve)}", :inline_format => true
+					text "<b>IAVA Reference</b>: #{ref_string(stig.plugin.references.iava)}", :inline_format => true
 
 					if stig.plugin.description != nil
-						@output.text "\nDescription:", :style => :bold
-						@output.text stig.plugin.description
+						text "\nDescription:", :style => :bold
+						text stig.plugin.description
 					end
 
-					@output.text "\n"
+					text "\n"
 				end
 			end
 
@@ -126,34 +120,27 @@ module Risu
 				ref_string.chomp!(", ")
 			end
 
-			# Called during the rendering process
-			#
 			def render(output)
-				@output = output
-
-				@output.font_size 10
-
 				header
 
 				if Item.stig_findings("I").count > 0
-					@output.text "<color rgb='551A8B'>Category I Findings</color>", :size => 18, :style => :bold, :inline_format => true
+					text "<color rgb='551A8B'>Category I Findings</color>", :size => 18, :style => :bold, :inline_format => true
 					stig_findings_text("I")
 				end
 
 				if Item.stig_findings("II").count > 0
 					@output.start_new_page
-					@output.text "<color rgb='FF0000'>Category II Findings</color>", :size => 18, :style => :bold, :inline_format => true
+					text "<color rgb='FF0000'>Category II Findings</color>", :size => 18, :style => :bold, :inline_format => true
 					stig_findings_text("II")
 				end
 
 				if Item.stig_findings("III").count > 0
 					@output.start_new_page
-					@output.text "<color rgb='FF8040'>Category III Findings</color>", :size => 18, :style => :bold, :inline_format => true
+					text "<color rgb='FF8040'>Category III Findings</color>", :size => 18, :style => :bold, :inline_format => true
 					stig_findings_text("III")
 				end
 
 				@output.number_pages "<page> of <total>", :at => [@output.bounds.right - 75, 0], :width => 150, :page_filter => :all
-
 			end
 		end
 	end