risu 1.7.3 → 1.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/NEWS.markdown +17 -10
- data/lib/risu.rb +1 -1
- data/lib/risu/base/schema.rb +13 -8
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +12 -6
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +1 -0
- data/risu.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed1f7b219ebb25c728109b214d7b1f6f2b4aabd5
|
|
4
|
+
data.tar.gz: 91e12a4dd836bbe7b9573c6d9b2f53f7f0fc3146
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4452938f9fdbc00b1a692e9e7e771f51655a44b550a8a8145f6a71cd905f9cc8a1d40c7fda5d8d59a4ace8e3f5d371177bc7adadd619f6c49b360fbfb2bbfd8e
|
|
7
|
+
data.tar.gz: 40cc53b89b40b5c855b9713e9f6371e5062d3ff819d6328e69f50e9b9e4fd5121012b9c4c82f966536303a67a112453cc8d0289ae12528fc0343b619b2fe76ed
|
data/NEWS.markdown
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# News
|
|
2
2
|
|
|
3
|
+
# 1.7.4 (January 25, 2015)
|
|
4
|
+
- Added New tags to the model Item
|
|
5
|
+
- cm:compliance-reference
|
|
6
|
+
- cm:compliance-see-also-
|
|
7
|
+
- cm:compliance-solution
|
|
8
|
+
- Increased the database size of all cm:compliance tags from string to text
|
|
9
|
+
|
|
3
10
|
# 1.7.3 (January 8, 2015)
|
|
4
11
|
- Parser Optimizations by [@bluehavana]
|
|
5
12
|
- Renamed Attachment.type to Attachment.ttype, due to a rails naming issue
|
|
@@ -62,9 +69,9 @@
|
|
|
62
69
|
- Added hp.
|
|
63
70
|
- Added glsa.
|
|
64
71
|
- Added freebsd.
|
|
65
|
-
-
|
|
66
|
-
|
|
67
|
-
|
|
72
|
+
- *Experimental Post Processing*, Sums up the findings and removes the duplicates. This allows for cleaner
|
|
73
|
+
authenticated reports. Very experimental at the moment, the are auto loaded from the same directories as templates
|
|
74
|
+
for the time being
|
|
68
75
|
- Use of the --post-process command line option will turn this on and off
|
|
69
76
|
- Java Plugins
|
|
70
77
|
- Adobe Reader plugins
|
|
@@ -98,12 +105,12 @@
|
|
|
98
105
|
- Added "Exploitablity Summary Report" template
|
|
99
106
|
- Added "Talking Points Report" template
|
|
100
107
|
- Added "Missing Root Cause Report" template
|
|
101
|
-
- Templates must now specify their renderer :renderer => "PDF" or :renderer => "CSV" in the template_info section.
|
|
102
|
-
will break all templates until it is added.
|
|
108
|
+
- Templates must now specify their renderer :renderer => "PDF" or :renderer => "CSV" in the template_info section.
|
|
109
|
+
This will break all templates until it is added.
|
|
103
110
|
- Template Helper
|
|
104
111
|
- Added a table method to generate a table in 1 line of code
|
|
105
112
|
- Added a new_page method to create a page break in the report
|
|
106
|
-
- Added other_os_graph_page, This generates a page for the PDF renderer with the
|
|
113
|
+
- Added other_os_graph_page, This generates a page for the PDF renderer with the
|
|
107
114
|
other_os_graph and other_os_graph_text followed by a new_page
|
|
108
115
|
- item_count_by_plugin_name
|
|
109
116
|
- item_count_by_plugin_id
|
|
@@ -446,20 +453,20 @@ You can access it via `Host.first.patches` or `Patch.all`
|
|
|
446
453
|
- New HostProperties attribute: pcidss:www:xss
|
|
447
454
|
- Added more unit tests 91.7% code coverage for testing at the moment. Not including templates.
|
|
448
455
|
|
|
449
|
-
#1.4.2 (May 13, 2011)
|
|
456
|
+
# 1.4.2 (May 13, 2011)
|
|
450
457
|
|
|
451
458
|
- Added a fix for all of the MSXX-XXX Host Properties tags that don't serve any purpose
|
|
452
459
|
- Added sqlite3 as an install dependency to help with sqlite usage
|
|
453
|
-
- Fixed a privately report bug with the *_risks_unique_sorted functions not working on MySQL
|
|
460
|
+
- Fixed a privately report bug with the *_risks_unique_sorted* functions not working on MySQL
|
|
454
461
|
|
|
455
|
-
#1.4.1 (May 10, 2011)
|
|
462
|
+
# 1.4.1 (May 10, 2011)
|
|
456
463
|
|
|
457
464
|
- Fixed a issue with a nonexistent 'Critical' severity.
|
|
458
465
|
- Added VMware ESX to the Other OS graph Ticket #33
|
|
459
466
|
- windows_os_graph were using the wrong counters Ticket #32
|
|
460
467
|
- Updated the Prawn gem version to 0.11.1
|
|
461
468
|
|
|
462
|
-
#1.4.0 (April 20, 2011)
|
|
469
|
+
# 1.4.0 (April 20, 2011)
|
|
463
470
|
|
|
464
471
|
- Added a --console option for creating a ActiveRecord console into the database
|
|
465
472
|
- Updated the parser to handle the new plugin_type field on the plugins table
|
data/lib/risu.rb
CHANGED
data/lib/risu/base/schema.rb
CHANGED
|
@@ -98,14 +98,19 @@ module Risu
|
|
|
98
98
|
t.integer :severity
|
|
99
99
|
t.string :plugin_name
|
|
100
100
|
t.boolean :verified
|
|
101
|
-
t.
|
|
102
|
-
t.
|
|
103
|
-
t.
|
|
104
|
-
t.
|
|
105
|
-
t.
|
|
106
|
-
t.
|
|
107
|
-
t.
|
|
108
|
-
t.
|
|
101
|
+
t.text :cm_compliance_info, limit: 4294967295
|
|
102
|
+
t.text :cm_compliance_actual_value, limit: 4294967295
|
|
103
|
+
t.text :cm_compliance_check_id, limit: 4294967295
|
|
104
|
+
t.text :cm_compliance_policy_value, limit: 4294967295
|
|
105
|
+
t.text :cm_compliance_audit_file, limit: 4294967295
|
|
106
|
+
t.text :cm_compliance_check_name, limit: 4294967295
|
|
107
|
+
t.text :cm_compliance_result, limit: 4294967295
|
|
108
|
+
t.text :cm_compliance_output, limit: 4294967295
|
|
109
|
+
|
|
110
|
+
t.text :cm_compliance_reference, limit: 4294967295
|
|
111
|
+
t.text :cm_compliance_see_also, limit: 4294967295
|
|
112
|
+
t.text :cm_compliance_solution, limit: 4294967295
|
|
113
|
+
|
|
109
114
|
t.integer :real_severity
|
|
110
115
|
t.integer :risk_score
|
|
111
116
|
end
|
|
@@ -75,7 +75,7 @@ module Risu
|
|
|
75
75
|
cm:compliance-info cm:compliance-actual-value cm:compliance-check-id cm:compliance-policy-value
|
|
76
76
|
cm:compliance-audit-file cm:compliance-check-name cm:compliance-result cm:compliance-output policyOwner
|
|
77
77
|
visibility script_version attachment policy_comments d2_elliot_name exploit_framework_d2_elliot
|
|
78
|
-
exploited_by_malware compliance
|
|
78
|
+
exploited_by_malware compliance cm:compliance-reference cm:compliance-see-also cm:compliance-solution
|
|
79
79
|
])
|
|
80
80
|
|
|
81
81
|
# TODO: documentation. These are never used in the class
|
|
@@ -276,7 +276,8 @@ module Risu
|
|
|
276
276
|
:svc_name => attributes["svc_name"],
|
|
277
277
|
:protocol => attributes["protocol"],
|
|
278
278
|
:severity => attributes["severity"],
|
|
279
|
-
:plugin_id => @plugin.id
|
|
279
|
+
:plugin_id => @plugin.id
|
|
280
|
+
)
|
|
280
281
|
|
|
281
282
|
@plugin.save
|
|
282
283
|
end
|
|
@@ -358,8 +359,7 @@ module Risu
|
|
|
358
359
|
#parser. To solve this we do the references before the final plugin data, Valid references must be added
|
|
359
360
|
#the VALID_REFERENCE set at the top to be parsed.
|
|
360
361
|
def end_valid_reference(element)
|
|
361
|
-
@ref = @plugin.references.create(:reference_name => element,
|
|
362
|
-
:value => @vals["#{element}"])
|
|
362
|
+
@ref = @plugin.references.create(:reference_name => element, :value => @vals["#{element}"])
|
|
363
363
|
end
|
|
364
364
|
|
|
365
365
|
def end_report_item(_)
|
|
@@ -372,7 +372,12 @@ module Risu
|
|
|
372
372
|
:cm_compliance_audit_file => @vals["cm:compliance-audit-file"],
|
|
373
373
|
:cm_compliance_check_name => @vals["cm:compliance-check-name"],
|
|
374
374
|
:cm_compliance_result => @vals["cm:compliance-result"],
|
|
375
|
-
:cm_compliance_output => @vals["cm:compliance-output"]
|
|
375
|
+
:cm_compliance_output => @vals["cm:compliance-output"],
|
|
376
|
+
|
|
377
|
+
:cm_compliance_reference => @vals["cm:compliance-reference"],
|
|
378
|
+
:cm_compliance_see_also => @vals["cm:compliance-see-also" ],
|
|
379
|
+
:cm_compliance_solution => @vals["cm:compliance-solution"]
|
|
380
|
+
)
|
|
376
381
|
|
|
377
382
|
@plugin.update(:solution => @vals["solution"],
|
|
378
383
|
:risk_factor => @vals["risk_factor"],
|
|
@@ -401,7 +406,8 @@ module Risu
|
|
|
401
406
|
:always_run => @vals["always_run"],
|
|
402
407
|
:script_version => @vals["script_version"],
|
|
403
408
|
:exploited_by_malware => @vals["exploited_by_malware"],
|
|
404
|
-
:compliance => @vals["compliance"]
|
|
409
|
+
:compliance => @vals["compliance"]
|
|
410
|
+
)
|
|
405
411
|
end
|
|
406
412
|
|
|
407
413
|
def end_attachment(_)
|
data/risu.gemspec
CHANGED
|
@@ -59,7 +59,7 @@ Gem::Specification.new do |s|
|
|
|
59
59
|
s.add_dependency('prawn', ['0.12.0'])
|
|
60
60
|
s.add_dependency('gruff', ['0.3.7'])
|
|
61
61
|
s.add_dependency('mysql2', ['0.3.11'])
|
|
62
|
-
s.add_dependency('rmagick', ['2.13.
|
|
62
|
+
s.add_dependency('rmagick', ['2.13.4'])
|
|
63
63
|
s.add_dependency('sqlite3', ['1.3.7'])
|
|
64
64
|
s.add_dependency('nokogiri', ['1.6.0'])
|
|
65
65
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: risu
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.7.
|
|
4
|
+
version: 1.7.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jacob Hammack
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-01-
|
|
11
|
+
date: 2015-01-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: simplecov
|
|
@@ -146,14 +146,14 @@ dependencies:
|
|
|
146
146
|
requirements:
|
|
147
147
|
- - '='
|
|
148
148
|
- !ruby/object:Gem::Version
|
|
149
|
-
version: 2.13.
|
|
149
|
+
version: 2.13.4
|
|
150
150
|
type: :runtime
|
|
151
151
|
prerelease: false
|
|
152
152
|
version_requirements: !ruby/object:Gem::Requirement
|
|
153
153
|
requirements:
|
|
154
154
|
- - '='
|
|
155
155
|
- !ruby/object:Gem::Version
|
|
156
|
-
version: 2.13.
|
|
156
|
+
version: 2.13.4
|
|
157
157
|
- !ruby/object:Gem::Dependency
|
|
158
158
|
name: sqlite3
|
|
159
159
|
requirement: !ruby/object:Gem::Requirement
|