risu 1.7.5 → 1.7.6

data/lib/risu/graphs/windows_os_graph.rb

@@ -0,0 +1,134 @@
+# Copyright (c) 2010-2016 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Graphs
+
+		# TopVulnGraph
+		#
+		class TopVulnGraph
+			def graph
+        g = Gruff::Pie.new(GRAPH_WIDTH)
+        g.title = "Windows Operating Systems By Percentage"
+        g.sort = false
+        g.marker_count = 1
+        g.theme = {
+          :colors => Risu::GRAPH_COLORS,
+          :background_colors => %w(white white)
+        }
+
+        nt = Host.os_windows_nt.to_a.count
+        w2k = Host.os_windows_2k.to_a.count
+        xp = Host.os_windows_xp.to_a.count
+        w2k3 = Host.os_windows_2k3.to_a.count
+        vista = Host.os_windows_vista.to_a.count
+        w2k8 = Host.os_windows_2k8.to_a.count
+        w2k12 = Host.os_windows_2k12.to_a.count
+        w7 = Host.os_windows_7.to_a.count
+        w8 = Host.os_windows_8.to_a.count
+        other = (Host.os_windows.os_windows_other).to_a.count
+
+        g.data("NT", nt) if nt >= 1
+        g.data("2000", w2k) if w2k >= 1
+        g.data("XP", xp) if xp >= 1
+        g.data("Server 2003", w2k3) if w2k3 >= 1
+        g.data("Vista", vista) if vista >= 1
+        g.data("Server 2008", w2k8) if w2k8 >= 1
+        g.data("Server 2012", w2k12) if w2k12 >= 1
+        g.data("7", w7) if w7 >= 1
+        g.data("8", w8) if w8 >= 1
+        g.data("Other Windows", other) if other >= 1
+
+        StringIO.new(g.to_blob)
+      end
+
+      def text
+        nt = Host.os_windows_nt.to_a.count
+        w2k = Host.os_windows_2k.to_a.count
+        xp = Host.os_windows_xp.to_a.count
+        w2k3 = Host.os_windows_2k3.to_a.count
+        vista = Host.os_windows_vista.to_a.count
+        w2k8 = Host.os_windows_2k8.to_a.count
+        w2k12 = Host.os_windows_2k12.to_a.count
+        w7 = Host.os_windows_7.to_a.count
+        w8 = Host.os_windows_8.to_a.count
+        other = (Host.os_windows.os_windows_other).to_a.count
+
+        windows_os_count = nt + w2k + xp + w2k3 + vista + w7 + w8 + w2k8 + w2k12 + other
+
+        nt_percent = (nt.to_f / windows_os_count.to_f) * 100
+        w2k_percent = (w2k.to_f / windows_os_count.to_f) * 100
+        xp_percent = (xp.to_f / windows_os_count.to_f) * 100
+        w2k3_percent = (w2k3.to_f / windows_os_count.to_f) * 100
+        vista_percent = (vista.to_f / windows_os_count.to_f) * 100
+
+        w2k8_percent = (w2k8.to_f / windows_os_count.to_f) * 100
+        w7_percent = (w7.to_f / windows_os_count.to_f) * 100
+        w8_percent = (w8.to_f / windows_os_count.to_f) * 100
+        w2k12_percent = (w2k12.to_f / windows_os_count.to_f) * 100
+
+        text = "This graph shows the percentage of the different Microsoft Windows based operating systems " +
+        "found on the #{Report.title} network.\n\n"
+
+        text << "#{nt_percent.round.to_i}% of the network is Windows NT. " if nt_percent >= 1
+        text << "#{w2k_percent.round.to_i}% of the network is Windows 2000. " if w2k_percent >= 1
+        text << "#{xp_percent.round.to_i}% of the network is Windows XP. " if xp_percent >= 1
+        text << "#{w2k3_percent.round.to_i}% of the network is Windows Server 2003. " if w2k3_percent >= 1
+        text << "#{vista_percent.round.to_i}% of the network is Windows Vista. " if vista_percent >= 1
+        text << "#{w2k8_percent.round.to_i}% of the network is Windows Server 2008. " if w2k8_percent >= 1
+        text << "#{w7_percent.round.to_i}% of the network is Windows 7. " if w7_percent >= 1
+        text << "#{w8_percent.round.to_i}% of the network is Windows 8. " if w8_percent >= 1
+        text << "#{w2k12_percent.round.to_i}% of the network is Windows Server 20012. " if w2k12_percent >= 1
+
+        text << "\n\n" << unsupported_os_windows if nt > 0 or w2k > 0
+
+        return text
+      end
+
+      #
+      # @TODO comments
+      #
+      def has_data?
+        nt = Host.os_windows_nt.to_a.size
+        w2k = Host.os_windows_2k.to_a.size
+        xp = Host.os_windows_xp.to_a.size
+        w2k3 = Host.os_windows_2k3.to_a.size
+        vista = Host.os_windows_vista.to_a.size
+        w2k8 = Host.os_windows_2k8.to_a.size
+        w2k12 = Host.os_windows_2k12.to_a.size
+        w7 = Host.os_windows_7.to_a.size
+        w8 = Host.os_windows_8.to_a.size
+        other = (Host.os_windows.os_windows_other).to_a.size
+
+        if nt == 0 && w2k == 0 && xp == 0 && w2k3 == 0 && vista == 0 && w2k8 == 0 && w2k12 == 0 && w7 == 0 && w8 == 0 && other == 0
+          return false
+        else
+          return true
+        end
+      end
+		end
+	end
+end

data/lib/risu/models.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2015 Arxopia LLC.
+# Copyright (c) 2010-2016 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/models/attachment.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2015 Arxopia LLC.
+# Copyright (c) 2010-2016 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/models/familyselection.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2015 Arxopia LLC.
+# Copyright (c) 2010-2016 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/models/host.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2015 Arxopia LLC.
+# Copyright (c) 2010-2016 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -157,6 +157,9 @@ module Risu
 
 				# Negation query for all hosts with a Windows 2000 based Operating system
 				#
+				#
+				# @TODO update to use rails not syntax
+				#
 				# @return [ActiveRecord::Relation] with the query results
 				def not_os_windows_2k
 					where("os NOT LIKE '%Windows 2000%'")
@@ -171,6 +174,9 @@ module Risu
 
 				# Negation query for all hosts with a Windows XP based Operating system
 				#
+				#
+				# @TODO update to use rails not syntax
+				#
 				# @return [ActiveRecord::Relation] with the query results
 				def not_os_windows_xp
 					where("os NOT LIKE '%Windows XP%'")
@@ -185,6 +191,9 @@ module Risu
 
 				# Negation query for all hosts with a Windows Server 2003 based Operating system
 				#
+				#
+				# @TODO update to use rails not syntax
+				#
 				# @return [ActiveRecord::Relation] with the query results
 				def not_os_windows_2k3
 					where("os NOT LIKE '%Windows Server 2003%'")
@@ -199,6 +208,9 @@ module Risu
 
 				# Negation query for all hosts with a Windows Vista based Operating system
 				#
+				#
+				# @TODO update to use rails not syntax
+				#
 				# @return [ActiveRecord::Relation] with the query results
 				def not_os_windows_vista
 					where("os NOT LIKE '%Windows Vista%'")
@@ -213,6 +225,9 @@ module Risu
 
 				# Negation query for all hosts with a Windows Server 2008 based Operating system
 				#
+				#
+				# @TODO update to use rails not syntax
+				#
 				# @return [ActiveRecord::Relation] with the query results
 				def not_os_windows_2k8
 					where("os NOT LIKE '%Windows Server 2008%'")
@@ -227,6 +242,9 @@ module Risu
 
 				# Negation query for all hosts with a Windows Server 2012 based Operating system
 				#
+				#
+				# @TODO update to use rails not syntax
+				#
 				# @return [ActiveRecord::Relation] with the query results
 				def not_os_windows_2k12
 					where("os NOT LIKE '%Windows Server 2012%'")
@@ -241,6 +259,9 @@ module Risu
 
 				# Negation query for all hosts with a Windows 7 based Operating system
 				#
+				#
+				# @TODO update to use rails not syntax
+				#
 				# @return [ActiveRecord::Relation] with the query results
 				def not_os_windows_7
 					where("os NOT LIKE '%Windows 7%'")
@@ -255,11 +276,27 @@ module Risu
 
 				# Negation query for all hosts with a Windows 8 based Operating system
 				#
+				# @TODO update to use rails not syntax
+				#
 				# @return [ActiveRecord::Relation] with the query results
 				def not_os_windows_8
 					where("os NOT LIKE '%Windows 8%'")
 				end
 
+				# Queries for hosts with a Windows 10 based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_10
+					where("os LIKE '%Windows 10%'")
+				end
+
+				# Negation query for all hosts with a Windows 10 based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_10
+					where("os NOT LIKE '%Windows 10%'")
+				end
+
 				# Queries for hosts with a Windows Operating System that are not 2000,
 				# XP, 2003, Vista, 2008 or 7
 				#
@@ -366,12 +403,12 @@ module Risu
 					where("os NOT LIKE '%Mac OS X%'")
 				end
 
-				#@todo comment
+				#@TODO comment
 				def os_aix
 					where("os LIKE '%AIX%'")
 				end
 
-				#@todo comment
+				#@TODO comment
 				def not_os_aix
 					where("os NOT LIKE '%AIX%'")
 				end
@@ -385,6 +422,8 @@ module Risu
 
 				# Generates a graph of the high and medium findings count per host
 				#
+				# @deprecated
+				#
 				# @return [StringIO] Binary image object of the results
 				def top_vuln_graph(limit=10)
 					g = Gruff::Bar.new(GRAPH_WIDTH)
@@ -398,8 +437,8 @@ module Risu
 
 					Item.risks_by_host(limit).to_a.each do |item|
 						ip = Host.find_by_id(item.host_id).name
-#						count = Item.where(:host_id => item.host_id).where("severity IN (?)", [2,3]).count
 						count = Item.where(:host_id => item.host_id).where(:severity => 4).count
+
 						if count > 0
 							g.data(ip, count)
 						end
@@ -408,20 +447,20 @@ module Risu
 					StringIO.new(g.to_blob)
 				end
 
-				#
-				# @todo comments
+				# @deprecated
+				# @TODO comments
 				#
 				def windows_os_graph_has_data?
-					nt = Host.os_windows_nt.to_a.count
-					w2k = Host.os_windows_2k.to_a.count
-					xp = Host.os_windows_xp.to_a.count
-					w2k3 = Host.os_windows_2k3.to_a.count
-					vista = Host.os_windows_vista.to_a.count
-					w2k8 = Host.os_windows_2k8.to_a.count
-					w2k12 = Host.os_windows_2k12.to_a.count
-					w7 = Host.os_windows_7.to_a.count
-					w8 = Host.os_windows_8.to_a.count
-					other = (Host.os_windows.os_windows_other).to_a.count
+					nt = Host.os_windows_nt.to_a.size
+					w2k = Host.os_windows_2k.to_a.size
+					xp = Host.os_windows_xp.to_a.size
+					w2k3 = Host.os_windows_2k3.to_a.size
+					vista = Host.os_windows_vista.to_a.size
+					w2k8 = Host.os_windows_2k8.to_a.size
+					w2k12 = Host.os_windows_2k12.to_a.size
+					w7 = Host.os_windows_7.to_a.size
+					w8 = Host.os_windows_8.to_a.size
+					other = (Host.os_windows.os_windows_other).to_a.size
 
 					if nt == 0 && w2k == 0 && xp == 0 && w2k3 == 0 && vista == 0 && w2k8 == 0 && w2k12 == 0 && w7 == 0 && w8 == 0 && other == 0
 						return false
@@ -431,20 +470,29 @@ module Risu
 				end
 
 				#
-				# @todo comments
+				# @deprecated
+				# @TODO comments
 				#
 				def other_os_graph_has_data?
-					linux = Host.os_linux.to_a.count
-					osx = Host.os_osx.to_a.count
-					freebsd = Host.os_freebsd.to_a.count
-					netbsd = Host.os_netbsd.to_a.count
-					cisco = Host.os_cisco.to_a.count
-					vxworks = Host.os_vxworks.to_a.count
-					esx = Host.os_vmware_esx.to_a.count
-					aix = Host.os_aix.to_a.count
-					other = Host.os_other.to_a.count
-
-					if linux == 0 && osx == 0 && freebsd == 0 && cisco == 0 && vxworks == 0 && esx == 0 && aix == 0 && other == 0
+					linux = Host.os_linux.to_a.size
+					osx = Host.os_osx.to_a.size
+					freebsd = Host.os_freebsd.to_a.size
+					netbsd = Host.os_netbsd.to_a.size
+					cisco = Host.os_cisco.to_a.size
+					vxworks = Host.os_vxworks.to_a.size
+					esx = Host.os_vmware_esx.to_a.size
+					aix = Host.os_aix.to_a.size
+					other = Host.os_other.to_a.size
+
+					if linux == 0 &&
+						osx == 0 &&
+						freebsd == 0 &&
+						netbsd == 0 &&
+						cisco == 0 &&
+						vxworks == 0 &&
+						esx == 0 &&
+						aix == 0 &&
+						other == 0
 						return false
 					else
 						return true
@@ -453,6 +501,7 @@ module Risu
 
 				# Graphs the percentage of other "non Windows" Operating Systems
 				#
+				# @deprecated
 				# @return [StringIO] Binary image object of the results
 				def other_os_graph
 					g = Gruff::Pie.new(GRAPH_WIDTH)
@@ -493,6 +542,7 @@ module Risu
 				end
 
 				# Graphs the percentage of Windows Operating Systems
+				# @deprecated
 				#
 				# @return [StringIO] Binary image object of the results
 				def windows_os_graph
@@ -530,8 +580,8 @@ module Risu
 					StringIO.new(g.to_blob)
 				end
 
-				#
-				#@todo comment
+				# @deprecated
+				#@TODO comment
 				#
 				def windows_os_graph_text
 					nt = Host.os_windows_nt.to_a.count
@@ -561,6 +611,7 @@ module Risu
 					text = "This graph shows the percentage of the different Microsoft Windows based operating systems " +
 					"found on the #{Report.title} network.\n\n"
 
+					# @TODO this should be a table sorted by %
 					text << "#{nt_percent.round.to_i}% of the network is Windows NT. " if nt_percent >= 1
 					text << "#{w2k_percent.round.to_i}% of the network is Windows 2000. " if w2k_percent >= 1
 					text << "#{xp_percent.round.to_i}% of the network is Windows XP. " if xp_percent >= 1
@@ -577,7 +628,7 @@ module Risu
 				end
 
 				#
-				# @todo comments
+				# @TODO comments
 				#
 				def unsupported_os?
 					aix_text = unsupported_os_aix
@@ -592,7 +643,8 @@ module Risu
 					return true
 				end
 
-				# @todo add plural check
+				# @TODO add plural check
+				# @deprecated
 				#
 				def unsupported_os_text
 					if !unsupported_os?
@@ -614,7 +666,8 @@ module Risu
 					return unsupported_os_text
 				end
 
-				# @todo comments
+				# @TODO comments
+				# @deprecated
 				def unsupported_os_windows
 					win_95_text = ""
 					win_98_text = ""
@@ -658,7 +711,8 @@ module Risu
 					return "#{win_95_text}#{win_98_text}#{win_me_text}#{win_nt_text}#{win_2000_text}#{win_xp_text}#{win_2003_text}"
 				end
 
-				# @todo comments
+				# @TODO comments
+				# @deprecated
 				def unsupported_os_aix
 					text = ""
 					aix = Host.os_aix.where("OS LIKE 'AIX 5.%'")
@@ -670,7 +724,8 @@ module Risu
 					return text
 				end
 
-				# @todo comments
+				# @TODO comments
+				# @deprecated
 				def unsupported_os_freebsd
 					text = ""
 					freebsd = Host.os_freebsd.where("OS LIKE 'FreeBSD 5.%'")
@@ -681,8 +736,9 @@ module Risu
 					return text
 				end
 
-				# @todo comments
+				# @TODO comments
 				#turn the os counts into blocks
+				# @deprecated
 				def other_os_graph_text
 					text = "This graph shows the percentage of the different Non-Windows based operating systems " +
 					"found on the #{Report.title} network.\n\n"
@@ -718,7 +774,7 @@ module Risu
 				end
 
 				#
-				# @todo comments
+				# @TODO comments
 				#
 				def top_n_vulnerable(n)
 					hosts = Item.risks_by_host(Host.count).count
@@ -735,24 +791,24 @@ module Risu
 				end
 
 				#
-				# @todo comments
+				# @TODO comments
 				#
 				def unique_hosts_with_critical
-					hosts = Item.critical_risks_by_host(Host.all.count).count
-					hosts = hosts.sort_by {|k, v| v}
+					hosts = Item.critical_risks_by_host(Host.all.size).size
+					hosts = hosts.sort_by {| _k, v | v}
 					hosts.reverse!
 				end
 
 				#
-				# @todo comments
+				# @TODO comments
 				#
 				def unique_hosts_with_high
-					hosts = Item.high_risks_by_host(Host.all.count).count
-					hosts = hosts.sort_by {|k, v| v}
+					hosts = Item.high_risks_by_host(Host.all.size).size
+					hosts = hosts.sort_by {| _k, v | v}
 					hosts.reverse!
 				end
 
-				# @todo
+				# @TODO
 				def unique_hosts_with_critical_and_high_count
 					hosts = Array.new
 					crit = Item.critical_risks_by_host(Host.all.count)