risu 1.6.2 → 1.6.3

data/lib/risu/models/item.rb

@@ -32,6 +32,7 @@ module Risu
 		class Item < ActiveRecord::Base
 			belongs_to :host
 			belongs_to :plugin
+			has_many :attachments
 
 			class << self
 
@@ -109,7 +110,7 @@ module Risu
 				#
 				# @return [ActiveRecord::Relation] with the query results
 				def medium_risks_unique
-					where(:severity => 2).joins(:plugin).order(:cvss_base_score).group(:plugin_id)
+					where(:severity => 2).joins(:plugin).order("plugins.cvss_base_score").group(:plugin_id)
 				end
 
 				# Queries for all the unique medium findings and sorts them by count
@@ -123,7 +124,7 @@ module Risu
 				#
 				# @return [ActiveRecord::Relation] with the query results
 				def low_risks_unique
-					where(:severity => 1).joins(:plugin).order(:cvss_base_score).group(:plugin_id)
+					where(:severity => 1).joins(:plugin).order("plugins.cvss_base_score").group(:plugin_id)
 				end
 
 				# Queries for all the unique low findings and sorts them by count
@@ -137,7 +138,8 @@ module Risu
 				#
 				# @return [ActiveRecord::Relation] with the query results
 				def info_risks_unique
-					where(:severity => 0).joins(:plugin).order(:cvss_base_score).group(:plugin_id)
+					#where(:severity => 0).joins(:plugin).order(:cvss_base_score).group(:plugin_id)
+					where(:severity => 0).joins(:plugin).order("plugins.cvss_base_score").group(:plugin_id)
 				end
 
 				# Queries for all the unique info findings and sorts them by count
@@ -229,7 +231,7 @@ module Risu
 				# @return [StringIO] Object containing the generated PNG image
 				def risks_by_service_graph(limit=10)
 					g = Gruff::Pie.new(GRAPH_WIDTH)
-					g.title = sprintf "Top %d Services By Vulnerability", Item.risks_by_service(limit).all.count
+					g.title = sprintf "Top %d Services By Vulnerability", Item.risks_by_service(limit).to_a.count
 					g.sort = false
 					g.marker_count = 1
 					g.theme = {
@@ -237,8 +239,8 @@ module Risu
 						:background_colors => %w(white white)
 					}
 
-					Item.risks_by_service(limit).all.each do |service|
-						g.data(service.svc_name, Item.find(:all, :conditions => {:svc_name => service.svc_name}).count)
+					Item.risks_by_service(limit).to_a.each do |service|
+						g.data(service.svc_name, Item.all.where(:svc_name => service.svc_name).count)
 					end
 
 					StringIO.new(g.to_blob)
@@ -270,19 +272,19 @@ module Risu
 					high = Item.high_risks.count
 					medium = Item.medium_risks.count
 					low = Item.low_risks.count
-					info = Item.info_risks.count
+					#info = Item.info_risks.count
 
 					if crit == nil then crit = 0 end
 					if high == nil then high = 0 end
 					if medium == nil then medium = 0 end
 					if low == nil then low = 0 end
-					if info == nil then info = 0 end
+					#if info == nil then info = 0 end
 
 					g.data("Critical", crit, "purple")
 					g.data("High", high, "red")
 					g.data("Medium", medium, "orange")
 					g.data("Low", low, "yellow")
-					g.data("Informational", info, "blue")
+					#g.data("Informational", info, "blue")
 
 					StringIO.new(g.to_blob)
 				end
@@ -324,22 +326,13 @@ module Risu
 					StringIO.new(g.to_blob)
 				end
 
+				# Calculates a vulnerable host percent based on Critical and High findings
+				# (unique_vuln_crit_high_count / host_count) * 100
 				#
-				# @todo comment
-				#
+				# @return [FixNum] Percentage of vulnerable hosts
 				def calculate_vulnerable_host_percent
-					hosts_with_critical = Hash.new
-
-					(Item.critical_risks.all + Item.high_risks.all).each do |item|
-						ip = Host.find_by_id(item.host_id).name
-						if hosts_with_critical[ip] == nil
-							hosts_with_critical[ip] = 1
-						end
-
-						hosts_with_critical[ip] = hosts_with_critical[ip] + 1
-					end
-
-					host_percent = (hosts_with_critical.count.to_f / Host.all.count.to_f) * 100
+					unique_hosts_with_critical_and_high = Host.unique_hosts_with_critical.count + Host.unique_hosts_with_high.count
+					host_percent = (unique_hosts_with_critical_and_high.to_f / Host.count.to_f) * 100
 				end
 
 				#
@@ -417,11 +410,19 @@ module Risu
 					return graph_text
 				end
 
+				def risk_percent_rounded_text
+					"#{calculate_vulnerable_host_percent().round}%"
+				end
+
 				#
 				# @todo comment
 				#
 				def notable_order_by_cvss_raw
-					return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").count(:all, :group => :plugin_id)
+
+					#MIGHT NOT BE CORRECT @TODO
+
+					#return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").count(:all, :group => :plugin_id)
+					return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
 				end
 
 				#

data/lib/risu/models/plugin.rb

@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models
@@ -92,7 +92,7 @@ module Risu
 				# @return Filename of the created graph
 				def top_by_count_graph(limit=10)
 					g = Gruff::Bar.new(GRAPH_WIDTH)
-					g.title = sprintf "Top %d Critical Findings By Plugin", Item.risks_by_plugin(limit).all.count
+					g.title = sprintf "Top %d Critical Findings By Plugin", Item.risks_by_plugin(limit).to_a.count
 					g.sort = false
 					g.marker_count = 1
 					g.theme = {
@@ -100,7 +100,7 @@ module Risu
 						:background_colors => %w(white white)
 					}
 
-					Item.risks_by_plugin(limit).all.each do |plugin|
+					Item.risks_by_plugin(limit).to_a.each do |plugin|
 						plugin_name = Plugin.find_by_id(plugin.plugin_id).plugin_name
 
 						#We need to filter the names a little to make everything look nice on the graph

data/lib/risu/models/policy.rb

@@ -30,10 +30,10 @@ module Risu
 		# Policy Model
 		#
 		class Policy < ActiveRecord::Base
-		  has_many :family_selections
-		  has_many :individual_plugin_selections
-		  has_many :reports
-		  has_many :plugins_preferences
+			has_many :family_selections
+			has_many :individual_plugin_selections
+			has_many :reports
+			has_many :plugins_preferences
 			has_many :server_preferences
 		end
 	end

data/lib/risu/models/report.rb

@@ -48,7 +48,7 @@ module Risu
 				# @todo comment this
 				#
 				def scanner_nessus_ratings_text
-					text = "The vulnerability scanner used by #{Report.company} rates the findings as follows: High, Medium, Low and Informational. High findings represents a security hole, initially this is the highest rating a risk can get.  These generally represent vulnerabilities that can lead to full system compromise due to missing security patches. High findings should be re-mediated first as they generally leave the network wide open. Medium findings are considered a security warning; these are not as severe as high but should be evaluated on a risk-by-risk basis. These are typically configuration errors that can lead to information disclosures such as usernames, passwords, and configuration settings. Low findings are identified as security notes; these provide information the scanner discovered during the scanning process. The information includes items such as hostname, domain name, and MAC address. Open Port findings represent the open ports on each system that the scanner found during the scan process. These should be evaluated against firewall settings to test the firewall configurations.\n\n"
+					text = "The vulnerability scanner used by #{Report.company} rates the findings as follows: Critical, High, Medium, Low and Informational. High findings represents a security hole, initially this is the highest rating a risk can get.  These generally represent vulnerabilities that can lead to full system compromise due to missing security patches. High findings should be re-mediated first as they generally leave the network wide open. Medium findings are considered a security warning; these are not as severe as high but should be evaluated on a risk-by-risk basis. These are typically configuration errors that can lead to information disclosures such as usernames, passwords, and configuration settings. Low findings are identified as security notes; these provide information the scanner discovered during the scanning process. The information includes items such as hostname, domain name, and MAC address. Open Port findings represent the open ports on each system that the scanner found during the scan process. These should be evaluated against firewall settings to test the firewall configurations.\n\n"
 					text << "After the scanner is complete, the scanner evaluates each finding and bases it on the Common Vulnerability Scoring System (CVSS) score assigned to each finding. Any findings with a CVSS base score of 10 are upgraded to a Critical finding. These represent vulnerabilities that are trivial to gain administrator access to the system, with little to no effort. For more information on the CVSS scoring system please visit: http://nvd.nist.gov/cvss.cfm.\n\n"
 
 					return text

data/lib/risu/parsers.rb

@@ -31,6 +31,7 @@ end
 
 require 'risu/parsers/nessus/nessus_document'
 require 'risu/parsers/nessus/nessus_sax_listener'
+require 'risu/parsers/nessus/postprocess'
 
 require 'risu/parsers/nexpose/nexpose_document'
 require 'risu/parsers/nexpose/simple_nexpose'

data/lib/risu/parsers/nessus/nessus_sax_listener.rb

@@ -42,19 +42,23 @@ module Risu
 						"cpe", "bid", "see_also", "xref", "cve", "iava", "msft",
 						"osvdb", "cert", "edb-id", "rhsa", "secunia", "suse", "dsa",
 						"owasp", "cwe", "iavb", "iavt", "cisco-sa", "ics-alert",
-						"cisco-bug-id", "cisco-sr", "cert-vu", "vmsa", "apple-sa", 
+						"cisco-bug-id", "cisco-sr", "cert-vu", "vmsa", "apple-sa",
 						"icsa", "cert-cc", "msvr", "usn"
 					]
 
 					@valid_host_properties = Array[
-						"HOST_END", "mac-address", "HOST_START", "operating-system", "host-ip", "host-fqdn", "netbios-name", 
-						"local-checks-proto", "smb-login-used", "ssh-auth-meth", "ssh-login-used", "pci-dss-compliance", 
-						"pci-dss-compliance:", "system-type", "bios-uuid", "pcidss:compliance:failed", "pcidss:compliance:passed", 
-						"pcidss:deprecated_ssl", "pcidss:expired_ssl_certificate", "pcidss:high_risk_flaw", "pcidss:medium_risk_flaw", 
-						"pcidss:reachable_db", "pcidss:www:xss", "pcidss:directory_browsing", "pcidss:known_credentials", 
-						"pcidss:compromised_host:worm", "pcidss:obsolete_operating_system", "pcidss:dns_zone_transfer", 
-						"pcidss:unprotected_mssql_db", "pcidss:obsolete_software", "pcidss:www:sql_injection", "pcidss:backup_files", 
-						"traceroute-hop-0", "traceroute-hop-1", "traceroute-hop-2"
+						"HOST_END", "mac-address", "HOST_START", "operating-system", "host-ip", "host-fqdn", "netbios-name",
+						"local-checks-proto", "smb-login-used", "ssh-auth-meth", "ssh-login-used", "pci-dss-compliance",
+						"pci-dss-compliance:", "system-type", "bios-uuid", "pcidss:compliance:failed", "pcidss:compliance:passed",
+						"pcidss:deprecated_ssl", "pcidss:expired_ssl_certificate", "pcidss:high_risk_flaw", "pcidss:medium_risk_flaw",
+						"pcidss:reachable_db", "pcidss:www:xss", "pcidss:directory_browsing", "pcidss:known_credentials",
+						"pcidss:compromised_host:worm", "pcidss:obsolete_operating_system", "pcidss:dns_zone_transfer",
+						"pcidss:unprotected_mssql_db", "pcidss:obsolete_software", "pcidss:www:sql_injection", "pcidss:backup_files",
+						"traceroute-hop-0", "traceroute-hop-1", "traceroute-hop-2", "operating-system-unsupported", "patch-summary-total-cves"
+					]
+
+					@valid_host_properties_regex = Array[
+						"patch-summary-cve-num", "patch-summary-cves", "patch-summary-txt"
 					]
 
 					@valid_elements = Array["ReportItem", "plugin_version", "risk_factor",
@@ -69,7 +73,7 @@ module Risu
 						"plugin_type", "exploithub_sku", "exploit_framework_exploithub", "stig_severity", "plugin_name", "fname", "always_run",
 						"cm:compliance-info", "cm:compliance-actual-value", "cm:compliance-check-id", "cm:compliance-policy-value",
 						"cm:compliance-audit-file", "cm:compliance-check-name", "cm:compliance-result", "cm:compliance-output", "policyOwner",
-						"visibility"
+						"visibility", "script_version", "attachment", "policy_comments", "d2_elliot_name", "exploit_framework_d2_elliot"
 					]
 
 					@valid_elements = @valid_elements + @valid_references
@@ -95,7 +99,7 @@ module Risu
 					@vals[@tag] = ""
 
 					if !@valid_elements.include?(element)
-						puts "New XML element detected: #{element}. Please report this to #{Risu::EMAIL}"
+						puts "New XML element detected: #{element}. Please report this at https://github.com/arxopia/risu/issues/new or via email to #{Risu::EMAIL}"
 					end
 
 					case element
@@ -128,10 +132,21 @@ module Risu
 
 							if attributes["name"] =~ /[M|m][S|s]\d{2,}-\d{2,}/
 								@attr = if attributes["name"] =~ /[M|m][S|s]\d{2,}-\d{2,}/
-									attributes["name"]
-								else
-									nil
-								end
+											attributes["name"]
+										else
+											nil
+										end
+							#Ugly as fuck.
+							elsif attributes['name'] =~ /patch-summary-cve-num/ ||
+								attributes['name'] =~ /patch-summary-cves/ ||
+								attributes['name'] =~ /patch-summary-txt/
+								@attr = if attributes["name"] =~ /patch-summary-cve-num/ ||
+								attributes['name'] =~ /patch-summary-cves/ ||
+								attributes['name'] =~ /patch-summary-txt/
+											attributes["name"]
+										else
+											nil
+										end
 							else
 								@attr = if @valid_host_properties.include?(attributes["name"])
 									attributes["name"]
@@ -140,17 +155,19 @@ module Risu
 								end
 							end
 
-							if attributes["name"] !~ /(netstat-(?:established|listen)-(?:tcp|udp)\d+-\d+)/ && attributes["name"] !~ /traceroute-hop-\d+/
+							# implicit nil check?
+							if attributes["name"] !~ /(netstat-(?:established|listen)-(?:tcp|udp)\d+-\d+)/ &&
+								attributes["name"] !~ /traceroute-hop-\d+/
 								#puts attributes["name"]
-								puts "New HostProperties attribute: #{attributes["name"]}. Please report this to #{Risu::EMAIL}\n" if @attr.nil?
+								puts "New HostProperties attribute: #{attributes["name"]}. Please report this at https://github.com/arxopia/risu/issues/new or via email to #{Risu::EMAIL}\n" if @attr.nil?
 							end
 						when "ReportItem"
 							@vals = Hash.new # have to clear this out or everything has the same references
 							@ri = @rh.items.create
 							if attributes["pluginID"] == "0"
-								@plugin = Risu::Models::Plugin.find_or_create_by_id(1)
+								@plugin = Risu::Models::Plugin.find_or_create_by(:id => 1)
 							else
-								@plugin = Risu::Models::Plugin.find_or_create_by_id(attributes["pluginID"])
+								@plugin = Risu::Models::Plugin.find_or_create_by(:id => attributes["pluginID"])
 							end
 
 							@ri.port = attributes["port"]
@@ -163,6 +180,11 @@ module Risu
 							@plugin.family_name = attributes["pluginFamily"]
 							@plugin.save
 							@ri.save
+						when "attachment"
+							@attachment = @ri.attachments.create
+							@attachment.name = attributes['name']
+							@attachment.type = attributes['type']
+							@attachment.save
 					end
 				end
 
@@ -195,6 +217,12 @@ module Risu
 							}
 							@policy.save
 
+						when "policy_comments"
+							@policy.attributes = {
+								:comments => @vals["policy_comments"]
+							}
+							@policy.save
+
 						when "policyOwner"
 							@policy.attributes = {
 								:owner => @vals["policyOwner"]
@@ -317,9 +345,15 @@ module Risu
 								:exploithub_sku => @vals["exploithub_sku"],
 								:stig_severity => @vals["stig_severity"],
 								:fname => @vals["fname"],
-								:always_run => @vals["always_run"]
+								:always_run => @vals["always_run"],
+								:script_version => @vals["script_version"]
 							}
 							@plugin.save
+						when "attachment"
+							@attachment.attributes = {
+								:ahash => @vals['attachment']
+							}
+							@attachment.save
 					end
 				end
 			end

data/lib/risu/parsers/nessus/postprocess.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2010-2013 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Nessus
+		module PostProcess
+
+		end
+	end
+end
+
+require 'risu/parsers/nessus/postprocess/java'
+require 'risu/parsers/nessus/postprocess/risk_score'

data/lib/risu/parsers/nessus/postprocess/java.rb

@@ -0,0 +1,234 @@
+# Copyright (c) 2010-2013 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class Java
+
+					#
+					def initialize
+						@java_plugins = [
+							66932,
+							65995, # Needs ver
+							56959, # Needs ver
+							59462, # Needs ver
+							62593, # Needs ver
+							45544,
+							45379, # Oracle Java SE Multiple Vulnerabilities (March 2010 CPU)
+							65050, # Oracle Java JDK/JRE 6 < Update 43 Remote Code Execution (Windows)
+							63521,
+							65052,
+							49996,
+							52002,
+							54997,
+							55958, # Oracle Java JRE Unsupported Version Detection
+							56566,
+							57290,
+							57959,
+							64454,
+							64790
+						]
+					end
+
+					#NOTE:
+					#looks like its working
+					def newest_java_plugin
+						newest = DateTime.new(0001, 01, 01)
+						newest_plugin = nil
+
+						@java_plugins.each do |id|
+							plugin = Plugin.find_by_id(id)
+
+							if plugin == nil || plugin.plugin_modification_date == nil
+								next
+							end
+
+							if plugin.plugin_modification_date >= newest
+								newest = plugin.plugin_modification_date if plugin.plugin_modification_date != nil
+								newest_plugin = plugin
+							end
+						end
+
+						return newest_plugin
+					end
+
+					# Creates a rollup plugin based on the newest java plugin
+					#
+					def create_plugin
+
+						plugin = Plugin.find_by_id(-99999)
+
+						newest_plugin = newest_java_plugin()
+
+						if newest_plugin == nil
+							return
+						end
+
+						if plugin == nil
+							plugin = Plugin.new
+						end
+
+							plugin.id = -99999
+							plugin.plugin_name = "Upgrade to the latest Oracle Java SE"
+							plugin.family_name = "Risu Rollup Plugins"
+							plugin.description = newest_plugin.description || ""
+							plugin.plugin_version = newest_plugin.plugin_version || ""
+							plugin.plugin_publication_date = newest_plugin.plugin_publication_date
+							plugin.plugin_modification_date = newest_plugin.plugin_modification_date
+							plugin.vuln_publication_date = newest_plugin.vuln_publication_date
+							plugin.cvss_vector = newest_plugin.cvss_vector || ""
+							plugin.cvss_base_score = newest_plugin.cvss_base_score
+							plugin.cvss_temporal_score = newest_plugin.cvss_temporal_score
+							plugin.cvss_temporal_vector = newest_plugin.cvss_temporal_vector
+							plugin.risk_factor = newest_plugin.risk_factor
+							plugin.solution = newest_plugin.solution
+							plugin.synopsis = newest_plugin.synopsis
+							plugin.plugin_type = "Rollup"
+							plugin.rollup = true
+
+						plugin.save
+					end
+
+					#
+					def create_item(host_id, severity)
+						item = Item.new
+
+							item.host_id = host_id
+							item.plugin_id = -99999
+							item.plugin_output = nil
+							item.port = 0
+							item.severity = severity
+							item.plugin_name = "Upgrade to the latest Oracle Java SE"
+
+						item.save
+					end
+
+					#
+					def has_java_findings
+						@java_plugins.each do |plugin_id|
+							if Item.where(:plugin_id => plugin_id)
+								return true
+							end
+						end
+
+						return false
+					end
+
+					def has_host_java_findings (host_id)
+						@java_plugins.each do |plugin_id|
+							if Item.where(:plugin_id => plugin_id).where(:host_id => host_id).count >= 1
+								return true
+							end
+						end
+
+						return false
+					end
+
+					#
+					def calculate_severity current_severity, severity
+						#record highest severity for all of the rolled up
+						if severity == 4
+							return 4
+						elsif severity == 3 && current_severity != 4
+							return 3
+						elsif severity == 2 && current_severity != 4 && current_severity != 3
+							return 2
+						end
+					end
+
+					#
+					def run
+						if !has_java_findings()
+							return
+						end
+
+						#Create the dummy plugin
+						create_plugin()
+
+						Host.all.each do |host|
+							if !has_host_java_findings(host.id)
+								next
+							end
+
+							finding_severity = 0
+
+							@java_plugins.each do |plugin_id|
+								Item.where(:plugin_id => plugin_id).each do |item|
+									severity = item.severity
+									item.real_severity = severity
+									item.severity = -1
+									item.save
+
+									finding_severity = calculate_severity(finding_severity, severity)
+								end
+							end
+
+							create_item(host.id, finding_severity)
+						end
+
+
+						# @host_list = Hash.new
+
+						# #Set all plugins
+						# @java_plugins.each do |plugin_id|
+						# 	@current_severity = "None"
+
+						# 	Item.where(:plugin_id => plugin_id).each do |item|
+						# 		severity = item.severity
+						# 		item.real_severity = severity
+						# 		item.severity = -1
+						# 		item.save
+
+						# 		#record highest severity for all of the rolled up
+						# 		if severity == 4
+						# 			@current_severity = 4
+						# 		elsif severity == 3 && @current_severity != 4
+						# 			@current_severity = 3
+						# 		elsif severity == 2 && @current_severity != 4 && @current_severity != 3
+						# 			@current_severity = 2
+						# 		end
+
+						# 		@host_list[item.host_id] = @current_severity
+
+						# 	end
+						# end
+
+						# #Create the rollup plugin
+						# create_plugin()
+
+						# #Create 1 finding for each host, flagged with the highest severity for that host
+						# @host_list.keys.each do |host_id|
+						# 	create_item(host_id, @host_list[host_id])
+						# end
+
+					end
+				end
+			end
+		end
+	end
+end