risu 1.6.3 → 1.7.0

data/lib/risu/templates/failed_audits.rb

@@ -0,0 +1,98 @@
+# Copyright (c) 2010-2013 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Templates
+		class FailedAudits < Risu::Base::TemplateBase
+			include TemplateHelper
+
+			# Initializes the template loading meta data
+			#
+			def initialize ()
+				@template_info =
+				{
+					:name => "failed_audits",
+					:author => "abenson",
+					:version => "0.0.2",
+					:renderer => "PDF",
+					:description => "Failed Audit Checks"
+				}
+			end
+
+			def print_header(size, text, color)
+				oldcolor = @output.fill_color
+				@output.font_size(size) do
+					@output.fill_color color
+					@output.text text, :style => :bold
+					@output.fill_color oldcolor
+				end
+			end
+
+			# Called during the rendering process
+			#
+			def render(output)
+				text Report.classification.upcase, :align => :center
+				text "\n"
+
+				report_title Report.title
+				report_subtitle "Failed Audit Checks"
+				report_author "This report was prepared by\n#{Report.author}"
+
+				text "\n\n\n"
+
+				text "Verify each finding. The compliance audits only look for exact matches. For example, if the policy value for minimum password length is 8, and the actual value is 10, this finding can be ignored."
+
+				text "\n\n\n"
+
+				Host.all.each do |h|
+					print_header(20, "#{h.name} (#{h.ip})", "000000")
+					
+					if h.items.where(:cm_compliance_result => "FAILED").count > 0
+						data = [["Name", "Policy", "Value"]]
+						h.items.where(:cm_compliance_result => "FAILED").each do |cm|
+							data += [[cm.cm_compliance_check_name, cm.cm_compliance_policy_value, cm.cm_compliance_actual_value]]
+						end
+
+						output.table(data, :header => true) do
+							row(0).style(:font_style => :bold, :background_color => 'D0D0D0')
+							cells.borders = [:top, :bottom, :left, :right]
+						end
+						text "\n"
+
+					elsif h.items.where(:cm_compliance_result => "PASSED").count > 0 
+						text "Host passed all audits."
+					else
+						text "Audits were not conducted on host."
+					end
+				end
+
+				text "\n\n\n"
+
+				output.start_new_page
+			end
+		end
+	end
+end

data/lib/risu/templates/finding_statistics.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -36,6 +36,7 @@ module Risu
 					:name => "finding_statistics",
 					:author => "hammackj",
 					:version => "0.0.1",
+					:renderer => "PDF",
 					:description => "Generates report finding statistics"
 				}
 			end

data/lib/risu/templates/findings_host.rb

@@ -1,9 +1,9 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
-
+#
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
-
+#
 #     * Redistributions of source code must retain the above copyright
 #       notice, this list of conditions and the following disclaimer.
 #     * Redistributions in binary form must reproduce the above copyright
@@ -12,7 +12,7 @@
 #     * Neither the name of the Arxopia LLC nor the names of its contributors
 #     	may be used to endorse or promote products derived from this software
 #     	without specific prior written permission.
-
+#
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
@@ -21,12 +21,13 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Templates
 		class FindingsHost < Risu::Base::TemplateBase
+			include TemplateHelper
 
 			#
 			#
@@ -35,7 +36,8 @@ module Risu
 				{
 					:name => "findings_host",
 					:author => "hammackj",
-					:version => "0.0.2",
+					:version => "0.0.3",
+					:renderer => "PDF",
 					:description => "Generates a findings report by host"
 				}
 			end
@@ -43,23 +45,19 @@ module Risu
 			#
 			#
 			def render(output)
-				output.font_size 10
+				@output.font_size 10
 
-				output.text Report.classification.upcase, :align => :center
-				output.text "\n"
+				report_classification
 
-				output.font_size(22) { output.text Report.title, :align => :center }
-				output.font_size(18) {
-					output.text "Findings Summary by Host Report", :align => :center
-					output.text "\n"
-					output.text "This report was prepared by\n#{Report.author}", :align => :center
-				}
+				report_title Report.title
+				report_subtitle "Findings Summary by Host Report"
+				report_author "This report was prepared by\n#{Report.author}"
 
-				output.text "\n\n\n"
+				@output.text "\n\n\n"
 
 				Host.sorted.each do |host|
 					if host.items.high_risks_unique_sorted.to_a.count > 0 or host.items.medium_risks_unique_sorted.to_a.count > 0
-						output.font_size(16) do
+						@output.font_size(16) do
 
 							host_string = "#{host.ip}"
 							host_string << " (#{host.fqdn})" if host.fqdn != nil
@@ -69,7 +67,7 @@ module Risu
 					end
 
 					if host.items.critical_risks_unique_sorted.to_a.count > 0
-						output.font_size(12) do
+						@output.font_size(12) do
 							output.fill_color "551A8B"
 							output.text "Critical Findings", :style => :bold
 							output.fill_color "000000"
@@ -82,7 +80,7 @@ module Risu
 					end
 
 					if host.items.high_risks_unique_sorted.to_a.count > 0
-						output.font_size(12) {
+						@output.font_size(12) {
 							output.fill_color "FF0000"
 							output.text "High Findings", :style => :bold
 							output.fill_color "000000"
@@ -95,7 +93,7 @@ module Risu
 					end
 
 					if host.items.medium_risks_unique_sorted.to_a.count > 0
-						output.font_size(12) {
+						@output.font_size(12) {
 							output.fill_color "FF8040"
 							output.text "Medium Findings", :style => :bold
 							output.fill_color "000000"
@@ -108,7 +106,7 @@ module Risu
 					end
 
 					if host.items.high_risks_unique_sorted.to_a.count > 0 or host.items.medium_risks_unique_sorted.to_a.count > 0
-						output.text "\n"
+						@output.text "\n"
 					end
 				end
 

data/lib/risu/templates/findings_summary.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Templates
@@ -34,14 +34,15 @@ module Risu
 				{
 					:name => "findings_summary",
 					:author => "hammackj",
-					:version => "0.0.2",
+					:version => "0.0.3",
+					:renderer => "PDF",
 					:description => "Generates a findings summary report"
 				}
 			end
 
 			def print_risk_summary(risks, text, color)
 				@output.font_size(20) do
-					@output.fill_color color
+					@output.fill_color color.gsub('#', '')
 					@output.text text, :style => :bold
 					@output.fill_color "000000"
 				end
@@ -63,10 +64,11 @@ module Risu
 				report_author "This report was prepared by\n#{Report.author}"
 				text "\n\n\n"
 
-				print_risk_summary(Item.critical_risks_unique_sorted, "Critical Findings", "551A8B")
-				print_risk_summary(Item.high_risks_unique_sorted, "High Findings", "FF0000")
-				print_risk_summary(Item.medium_risks_unique_sorted, "Medium Findings", "FF8040")
-				print_risk_summary(Item.low_risks_unique_sorted, "Low Findings", "0000FF")
+				print_risk_summary(Item.critical_risks_unique_sorted, "Critical Findings", Risu::GRAPH_COLORS[0])
+				print_risk_summary(Item.high_risks_unique_sorted, "High Findings", Risu::GRAPH_COLORS[1])
+				print_risk_summary(Item.medium_risks_unique_sorted, "Medium Findings", Risu::GRAPH_COLORS[2])
+				print_risk_summary(Item.low_risks_unique_sorted, "Low Findings", Risu::GRAPH_COLORS[3])
+				print_risk_summary(Item.info_risks_unique_sorted, "Informational Findings", Risu::GRAPH_COLORS[4])
 			end
 		end
 	end

data/lib/risu/templates/findings_summary_with_pluginid.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,12 +21,13 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Templates
 		class FindingsSummaryWithPluginID < Risu::Base::TemplateBase
+			include TemplateHelper
 
 			#
 			#
@@ -35,100 +36,45 @@ module Risu
 				{
 					:name => "findings_summary_with_pluginid",
 					:author => "hammackj",
-					:version => "0.0.2",
+					:version => "0.0.5",
+					:renderer => "PDF",
 					:description => "Generates a Findings Summary with Nessus Plugin ID"
 				}
 			end
 
 			#
 			#
-			def render(output)
-				output.text Report.classification.upcase, :align => :center
-				output.text "\n"
-
-				output.font_size(22) do
-					output.text Report.title, :align => :center
-				end
-
-				output.font_size(18) do
-					output.text "Findings Summary Report", :align => :center
-					output.text "\n"
-					output.text "This report was prepared by\n#{Report.author}", :align => :center
-				end
-
-				output.text "\n\n\n"
-
-				output.font_size(20) {
-					output.fill_color "9B30FF"
-					output.text "Critical Findings", :style => :bold
-					output.fill_color "000000"
-				}
-
-				Item.critical_risks_unique_sorted.each do |item|
-					name = Plugin.find_by_id(item.plugin_id).plugin_name
-					count = Item.where(:plugin_id => item.plugin_id).count
-
-					output.text "#{count} - #{name} - #{item.plugin_id}"
+			def print_risk_summary_with_plugin_id(risks, text, color)
+				@output.font_size(20) do
+					@output.fill_color color.gsub('#', '')
+					@output.text text, :style => :bold
+					@output.fill_color "000000"
 				end
 
-				output.start_new_page
-
-				output.font_size(20) do
-					output.fill_color "FF0000"
-					output.text "High Findings", :style => :bold
-					output.fill_color "000000"
-				end
-
-				Item.high_risks_unique_sorted.each do |item|
+				risks.each do |item|
 					name = Plugin.find_by_id(item.plugin_id).plugin_name
 					count = Item.where(:plugin_id => item.plugin_id).count
 
-					output.text "#{count} - #{name} - #{item.plugin_id}"
-				end
-
-				output.start_new_page
+					text "#{count} - #{name} - #{item.plugin_id}"
+				end				
+			end			
 
-				output.font_size(20) {
-					output.fill_color "FF8040"
-					output.text "Medium Findings", :style => :bold
-					output.fill_color "000000"
-				}
-
-				Item.medium_risks_unique_sorted.each do |item|
-					name = Plugin.find_by_id(item.plugin_id).plugin_name
-					count = Item.where(:plugin_id => item.plugin_id).count
-
-					output.text "#{count} - #{name} - #{item.plugin_id}"
-				end
-
-				output.start_new_page
-
-				output.font_size(20) {
-					output.fill_color "0000FF"
-					output.text "Low Findings", :style => :bold
-					output.fill_color "000000"
-				}
-
-				Item.low_risks_unique_sorted.each do |item|
-					name = Plugin.find_by_id(item.plugin_id).plugin_name
-					count = Item.where(:plugin_id => item.plugin_id).count
-
-					output.text "#{count} - #{name} - #{item.plugin_id}"
-				end
-
-				#Provides nothing
-				#output.font_size(20) {
-				#	output.fill_color "008000"
-				#	output.text "Low Findings", :style => :bold
-				#	output.fill_color "000000"
-				#}
-				#
-				#Item.low_risks_unique_sorted.each do |item|
-				#	name = Plugin.find_by_id(item.plugin_id).plugin_name
-				#	count = Item.where(:plugin_id => item.plugin_id).count
-				#
-				#	output.text "#{count} - #{name}"
-				#end
+			#
+			#
+			def render(output)
+				text Report.classification.upcase, :align => :center
+				text "\n"
+
+				report_title Report.title
+				report_subtitle "Findings Summary Report"
+				report_author "This report was prepared by\n#{Report.author}"
+				text "\n\n\n"
+
+				print_risk_summary_with_plugin_id(Item.critical_risks_unique_sorted, "Critical Findings", Risu::GRAPH_COLORS[0])
+				print_risk_summary_with_plugin_id(Item.high_risks_unique_sorted, "High Findings", Risu::GRAPH_COLORS[1])
+				print_risk_summary_with_plugin_id(Item.medium_risks_unique_sorted, "Medium Findings", Risu::GRAPH_COLORS[2])
+				print_risk_summary_with_plugin_id(Item.low_risks_unique_sorted, "Low Findings", Risu::GRAPH_COLORS[3])
+				print_risk_summary_with_plugin_id(Item.info_risks_unique_sorted, "Informational Findings", Risu::GRAPH_COLORS[4])
 			end
 		end
 	end

data/lib/risu/templates/graphs.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,7 @@
 module Risu
 	module Templates
 		class Graphs < Risu::Base::TemplateBase
+			include TemplateHelper
 
 			#
 			#
@@ -35,7 +36,8 @@ module Risu
 				{
 					:name => "graphs",
 					:author => "hammackj",
-					:version => "0.0.1",
+					:version => "0.0.2",
+					:renderer => "PDF",
 					:description => "Generates a report with all the graphs in it",
 					:scanner => "Nessus"
 				}
@@ -75,19 +77,16 @@ module Risu
 
 				output.image Host.top_vuln_graph(10), :width => 500, :height => 375, :position => :center
 
-				output.start_new_page
-
-				output.image Host.other_os_graph, :width => 500, :height => 375, :position => :center
-				output.text Host.other_os_graph_text
+				other_os_graph_page
 
-				output.start_new_page
+				windows_os_graph_page
 
-				output.image Host.windows_os_graph, :width => 500, :height => 375, :position => :center
-				output.text Host.windows_os_graph_text
+				output.image Item.stigs_severity_graph, :width => 500, :height => 375, :position => :center
 
 				output.start_new_page
 
-				output.image Item.stigs_severity_graph, :width => 500, :height => 375, :position => :center
+				output.image Plugin.root_cause_graph, :width => 500, :height => 375, :position => :center
+				output.text Plugin.root_cause_graph_text
 			end
 		end
 	end