risu 1.6.3 → 1.7.0

data/lib/risu/models/patch.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models

data/lib/risu/models/plugin.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -96,7 +96,7 @@ module Risu
 					g.sort = false
 					g.marker_count = 1
 					g.theme = {
-						:colors => %w(red orange yellow blue green purple black gray brown pink),
+						:colors => Risu::GRAPH_COLORS,
 						:background_colors => %w(white white)
 					}
 
@@ -125,6 +125,34 @@ module Risu
 
 					StringIO.new(g.to_blob)
 				end
+
+				def root_cause_graph
+					g = Gruff::Pie.new(GRAPH_WIDTH)
+					g.title = sprintf "Vulnerability Root Cause"
+					g.sort = false
+					g.marker_count = 1
+					g.theme = {
+						:colors => Risu::GRAPH_COLORS,
+						:background_colors => %w(white white)
+					}
+
+					g.data('Vendor Patch', Plugin.where(:root_cause => 'Vendor Patch').count)
+					g.data('Vendor Support', Plugin.where(:root_cause => 'Vendor Support').count)
+					g.data('Configuration', Plugin.where(:root_cause => 'Configuration').count)
+
+					StringIO.new(g.to_blob)					
+				end
+
+				def root_cause_graph_text
+					graph_text = "This graph shows the basic root cause of a vulnerability, the data is broken up into " +
+					"three categories. Vendor Patch, Vendor Support and Configuration.\n\n"
+
+					graph_text << "Vendor Patch represents vulnerabilities from missing patches. IE missing Microsoft patches.\n"
+					graph_text << "Vendor Support represents vulnerabilities caused by the lack of vendor support. IE unsupported software.\n"
+					graph_text << "Configuration represents vulnerabilities caused by misconfiguration of software or hardware. IE default passwords.\n\n"
+
+					return graph_text
+				end
 			end
 		end
 	end

data/lib/risu/models/pluginspreference.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/models/policy.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/models/reference.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/models/report.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -28,7 +28,6 @@ module Risu
 	module Models
 
 		# Report Model
-		#
 		class Report < ActiveRecord::Base
 		  has_many :hosts
 		  belongs_to :policy

data/lib/risu/models/serverpreference.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/models/servicedescription.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models

data/lib/risu/models/version.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/parsers.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/parsers/nessus/nessus_document.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Parsers

data/lib/risu/parsers/nessus/nessus_sax_listener.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ActiveRecord::Migration.verbose = false
 
@@ -43,7 +43,7 @@ module Risu
 						"osvdb", "cert", "edb-id", "rhsa", "secunia", "suse", "dsa",
 						"owasp", "cwe", "iavb", "iavt", "cisco-sa", "ics-alert",
 						"cisco-bug-id", "cisco-sr", "cert-vu", "vmsa", "apple-sa",
-						"icsa", "cert-cc", "msvr", "usn"
+						"icsa", "cert-cc", "msvr", "usn", "hp", "glsa", "freebsd"
 					]
 
 					@valid_host_properties = Array[
@@ -54,11 +54,13 @@ module Risu
 						"pcidss:reachable_db", "pcidss:www:xss", "pcidss:directory_browsing", "pcidss:known_credentials",
 						"pcidss:compromised_host:worm", "pcidss:obsolete_operating_system", "pcidss:dns_zone_transfer",
 						"pcidss:unprotected_mssql_db", "pcidss:obsolete_software", "pcidss:www:sql_injection", "pcidss:backup_files",
-						"traceroute-hop-0", "traceroute-hop-1", "traceroute-hop-2", "operating-system-unsupported", "patch-summary-total-cves"
+						"traceroute-hop-0", "traceroute-hop-1", "traceroute-hop-2", "operating-system-unsupported", "patch-summary-total-cves",
+						"pcidss:insecure_http_methods", "LastUnauthenticatedResults", "LastAuthenticatedResults", "cpe-0", "cpe-1", 
+						"cpe-2", "cpe-3", "Credentialed_Scan", "policy-used", "UnsupportedProduct:microsoft:windows_xp::sp2"
 					]
 
 					@valid_host_properties_regex = Array[
-						"patch-summary-cve-num", "patch-summary-cves", "patch-summary-txt"
+						"patch-summary-cve-num", "patch-summary-cves", "patch-summary-txt", "cpe-\d+", "KB\d+"
 					]
 
 					@valid_elements = Array["ReportItem", "plugin_version", "risk_factor",
@@ -73,7 +75,8 @@ module Risu
 						"plugin_type", "exploithub_sku", "exploit_framework_exploithub", "stig_severity", "plugin_name", "fname", "always_run",
 						"cm:compliance-info", "cm:compliance-actual-value", "cm:compliance-check-id", "cm:compliance-policy-value",
 						"cm:compliance-audit-file", "cm:compliance-check-name", "cm:compliance-result", "cm:compliance-output", "policyOwner",
-						"visibility", "script_version", "attachment", "policy_comments", "d2_elliot_name", "exploit_framework_d2_elliot"
+						"visibility", "script_version", "attachment", "policy_comments", "d2_elliot_name", "exploit_framework_d2_elliot",
+						"exploited_by_malware", "compliance"
 					]
 
 					@valid_elements = @valid_elements + @valid_references
@@ -99,7 +102,7 @@ module Risu
 					@vals[@tag] = ""
 
 					if !@valid_elements.include?(element)
-						puts "New XML element detected: #{element}. Please report this at https://github.com/arxopia/risu/issues/new or via email to #{Risu::EMAIL}"
+						puts "New XML element detected: #{element}. Please report this at #{Risu::GITHUB}/issues/new or via email to #{Risu::EMAIL}"
 					end
 
 					case element
@@ -136,13 +139,17 @@ module Risu
 										else
 											nil
 										end
-							#Ugly as fuck.
+							#Ugly as fuck. Really this needs to be rewritten. Fuck.
 							elsif attributes['name'] =~ /patch-summary-cve-num/ ||
 								attributes['name'] =~ /patch-summary-cves/ ||
-								attributes['name'] =~ /patch-summary-txt/
+								attributes['name'] =~ /patch-summary-txt/ ||
+								attributes['name'] =~ /cpe-\d+/ ||
+								attributes['name'] =~ /KB\d+/
 								@attr = if attributes["name"] =~ /patch-summary-cve-num/ ||
 								attributes['name'] =~ /patch-summary-cves/ ||
-								attributes['name'] =~ /patch-summary-txt/
+								attributes['name'] =~ /patch-summary-txt/ ||
+								attributes['name'] =~ /cpe-\d+/ ||
+								attributes['name'] =~ /KB\d+/
 											attributes["name"]
 										else
 											nil
@@ -156,10 +163,8 @@ module Risu
 							end
 
 							# implicit nil check?
-							if attributes["name"] !~ /(netstat-(?:established|listen)-(?:tcp|udp)\d+-\d+)/ &&
-								attributes["name"] !~ /traceroute-hop-\d+/
-								#puts attributes["name"]
-								puts "New HostProperties attribute: #{attributes["name"]}. Please report this at https://github.com/arxopia/risu/issues/new or via email to #{Risu::EMAIL}\n" if @attr.nil?
+							if attributes["name"] !~ /(netstat-(?:established|listen)-(?:tcp|udp)\d+-\d+)/ && attributes["name"] !~ /traceroute-hop-\d+/
+								puts "New HostProperties attribute: #{attributes["name"]}. Please report this at #{Risu::GITHUB}/issues/new or via email to #{Risu::EMAIL}\n" if @attr.nil?
 							end
 						when "ReportItem"
 							@vals = Hash.new # have to clear this out or everything has the same references
@@ -346,7 +351,9 @@ module Risu
 								:stig_severity => @vals["stig_severity"],
 								:fname => @vals["fname"],
 								:always_run => @vals["always_run"],
-								:script_version => @vals["script_version"]
+								:script_version => @vals["script_version"],
+								:exploited_by_malware => @vals["exploited_by_malware"],
+								:compliance => @vals["compliance"]
 							}
 							@plugin.save
 						when "attachment"

data/lib/risu/parsers/nessus/postprocess.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Nessus
@@ -31,6 +31,3 @@ module Risu
 		end
 	end
 end
-
-require 'risu/parsers/nessus/postprocess/java'
-require 'risu/parsers/nessus/postprocess/risk_score'

data/lib/risu/parsers/nessus/postprocess/adobe_air.rb

@@ -0,0 +1,82 @@
+# Copyright (c) 2010-2014 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class AdobeAir < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info = 
+						{
+							:description => "Adobe Air Patch Rollup",
+							:plugin_id => -99994,
+							:plugin_name => "Update to the latest Adobe Air",
+							:item_name => "Update to the latest Adobe Air",
+							:plugin_ids => [
+								52755,
+								53474,
+								55805,
+								55806,
+								66444,
+								66871,
+								69865,
+								70214,
+								70857,
+								71350,
+								71947,
+								71950,
+								73432,
+								73993,
+								74430,
+								73432,
+								73993,
+								74430,
+								58537,
+								59425,
+								61624,
+								62835,
+								62479,
+								63449,
+								64583,
+								65218,
+								65909,
+								66444,
+								66871,
+								63241,
+								
+							]
+
+						}
+
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb

@@ -0,0 +1,86 @@
+# Copyright (c) 2010-2014 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class AdobeReader < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info =
+						{
+							:description => "Adobe Reader Patch Rollup",
+							:plugin_id => -99998,
+							:plugin_name => "Update to the latest Adobe Reader",
+							:item_name => "Update to the latest Adobe Reader",
+							:plugin_ids => [
+								30200,
+								33256,
+								34695,
+								35821,
+								38746,
+								39355,
+								42120,
+								43876,
+								44644,
+								45505,
+								47165,
+								48375,
+								49173,
+								50614,
+								51925,
+								55144,
+								56198,
+								56213,
+								66517,
+								66542,
+								74012,
+								58683,
+								61562,
+								63454,
+								64786,
+								66410,
+								69846,
+								71947,
+								57043,
+								57484,
+								24002,
+								23776,
+								23975,
+								52672,
+								53451,
+								21698,
+								
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end