risu 1.6.3 → 1.7.0

data/lib/risu/parsers/nessus/postprocess/openssh.rb

@@ -0,0 +1,65 @@
+# Copyright (c) 2010-2014 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class OpenSSHRollups < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info = 
+						{
+							:description => "OpenSSH Patch Rollup",
+							:plugin_id => -99995,
+							:plugin_name => "Update to the latest OpenSSH",
+							:item_name => "Update to the latest OpenSSH",
+							:plugin_ids => [
+								11837,
+								17702,
+								44077,
+								44078,
+								44065,
+								31737,
+								44074,
+								44076,
+								44079,
+								19592,
+								44075,
+								53841,
+								44080,
+								44077,
+								44078,
+								
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/openssl.rb

@@ -0,0 +1,54 @@
+# Copyright (c) 2010-2014 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class OpenSSLRollups < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info =
+						{
+							:description => "OpenSSL Patch Rollup",
+							:plugin_id => -99984,
+							:plugin_name => "Update to the latest OpenSSL",
+							:item_name => "Update to the latest OpenSSL",
+							:plugin_ids => [
+								11267,
+								12110,
+								74363,
+								77086,
+								74326
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/oracle_database.rb

@@ -0,0 +1,84 @@
+# Copyright (c) 2010-2014 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class OracleDatabase < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info =
+						{					
+							:description => "Oracle Database Patch Rollup",
+							:plugin_id => -99993,
+							:plugin_name => "Update to the latest Oracle Database",
+							:item_name => "Update to the latest Oracle Database",
+							:plugin_ids => [
+								45625,
+								56051,
+								56052,
+								56053,
+								56056,
+								56066,
+								50652,
+								47718,
+								45626,
+								51573,
+								53897,
+								56054,
+								56055,
+								56057,
+								56058,
+								56060,
+								56064,
+								56065,
+								56059,
+								56061,
+								56062,
+								56063,
+								56653,
+								57589,
+								55632,
+								11227,
+								10848,
+								10851,
+								11223,
+								11224,
+								11226,
+								10852,
+								55786
+								
+								
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/php.rb

@@ -0,0 +1,62 @@
+# Copyright (c) 2010-2014 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class PHP < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info =
+						{
+							:description => "PHP Patch Rollup",
+							:plugin_id => -99988,
+							:plugin_name => "Update to the latest PHP",
+							:item_name => "Update to the latest PHP",
+							:plugin_ids => [
+								76281,
+								66843,
+								67260,
+								69401,
+								72881,
+								46803,
+								66585,
+								71427,
+								71927,
+								73338,
+								73862,
+								74291,
+								76791,
+							]								
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/post_process.rb

@@ -0,0 +1,178 @@
+# Copyright (c) 2010-2014 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class PostProcess #< Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@name = ""
+						@plugin_id = -1
+						@plugin_ids = []
+						@plugin_name = ""
+						@item_name = ""
+					end
+
+					#NOTE:
+					#looks like its working
+					def newest_plugin
+						newest = DateTime.new(0001, 01, 01)
+						newest_plugin = nil
+
+						@plugin_ids.uniq.each do |id|
+							plugin = Plugin.find_by_id(id)
+
+							if plugin == nil || plugin.plugin_modification_date == nil
+								next
+							end
+
+							if plugin.plugin_modification_date >= newest
+								newest = plugin.plugin_modification_date if plugin.plugin_modification_date != nil
+								newest_plugin = plugin
+							end
+						end
+
+						return newest_plugin
+					end
+
+					# Creates a rollup plugin 
+					#
+					def create_plugin
+						plugin = Plugin.find_by_id(@plugin_id)
+
+						newest_plugin = newest_plugin()
+
+						if newest_plugin == nil
+							return
+						end
+
+						if plugin == nil
+							plugin = Plugin.new
+						end
+
+						plugin.id = @plugin_id
+						plugin.plugin_name = @plugin_name
+						plugin.family_name = "Risu Rollup Plugins"
+						plugin.description = @description #newest_plugin.description || ""
+						plugin.plugin_version = newest_plugin.plugin_version || ""
+						plugin.plugin_publication_date = newest_plugin.plugin_publication_date
+						plugin.plugin_modification_date = newest_plugin.plugin_modification_date
+						plugin.vuln_publication_date = newest_plugin.vuln_publication_date
+						plugin.cvss_vector = newest_plugin.cvss_vector || ""
+						plugin.cvss_base_score = newest_plugin.cvss_base_score
+						plugin.cvss_temporal_score = newest_plugin.cvss_temporal_score
+						plugin.cvss_temporal_vector = newest_plugin.cvss_temporal_vector
+						plugin.risk_factor = newest_plugin.risk_factor
+						plugin.solution = newest_plugin.solution
+						plugin.synopsis = newest_plugin.synopsis
+						plugin.plugin_type = "Rollup"
+						plugin.rollup = true
+
+						plugin.save
+					end
+
+					#
+					def create_item(host_id, severity)
+						item = Item.new
+
+							item.host_id = host_id
+							item.plugin_id = @plugin_id
+							item.plugin_output = nil
+							item.port = 0
+							item.severity = severity
+							item.plugin_name = @item_name
+
+						item.save
+					end
+
+					#
+					def has_findings
+						@plugin_ids.each do |plugin_id|
+							if Item.where(:plugin_id => plugin_id)
+								return true
+							end
+						end
+
+						return false
+					end
+
+					def has_host_findings? (host_id)
+						@plugin_ids.each do |plugin_id|
+							if Item.where(:plugin_id => plugin_id).where(:host_id => host_id).count >= 1
+								return true
+							end
+						end
+
+						return false
+					end
+
+					#
+					def calculate_severity current_severity, severity
+						if severity >= current_severity
+							return severity
+						else
+							return current_severity
+						end
+					end
+
+					#
+					def run
+						if !has_findings()
+							return
+						end
+
+						#Create the dummy plugin
+						create_plugin()
+
+						Host.all.each do |host|
+							if !has_host_findings?(host.id)
+								next
+							end
+
+							finding_severity = 0
+
+							@plugin_ids.each do |plugin_id|
+								Item.where(:plugin_id => plugin_id).each do |item|
+									severity = item.severity
+									item.real_severity = severity
+									item.severity = -1
+									item.save
+
+									finding_severity = calculate_severity(finding_severity, severity)
+								end
+							end
+
+							create_item(host.id, finding_severity)
+						end
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/risk_score.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,17 +21,22 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Parsers
 		module Nessus
 			module PostProcess
-				class RiskScore
+				class RiskScore < Risu::Base::PostProcessBase
 
 					#
 					def initialize
+						@info =
+						{
+							:description => "RiskScore Calculator",
+							:plugin_id => 0
+						}						
 					end
 
 					# Calculates the RiskScore for a Item which is == to the Plugin's
@@ -81,7 +86,7 @@ module Risu
 								risk_score = risk_score + item.risk_score
 							end
 
-							#weighting goes here
+							#@todo weighting goes here
 
 							host.risk_score = risk_score
 							host.save