risu 1.7.5 → 1.7.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +16 -10
- data/Gemfile.lock +125 -102
- data/LICENSE +2 -1
- data/NEWS.markdown +23 -2
- data/README.markdown +35 -22
- data/Rakefile +4 -4
- data/bin/risu +1 -1
- data/lib/risu.rb +12 -7
- data/lib/risu/base.rb +1 -1
- data/lib/risu/base/post_process_base.rb +2 -3
- data/lib/risu/base/post_process_manager.rb +2 -2
- data/lib/risu/base/schema.rb +3 -3
- data/lib/risu/base/shares_template_helper.rb +37 -3
- data/lib/risu/base/template_base.rb +2 -2
- data/lib/risu/base/template_helper.rb +4 -4
- data/lib/risu/base/template_manager.rb +2 -2
- data/lib/risu/base/templater.rb +1 -1
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +7 -6
- data/lib/risu/cli/banner.rb +1 -1
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/graphs.rb +32 -0
- data/lib/risu/graphs/top_vuln_graph.rb +59 -0
- data/lib/risu/graphs/windows_os_graph.rb +134 -0
- data/lib/risu/models.rb +1 -1
- data/lib/risu/models/attachment.rb +1 -1
- data/lib/risu/models/familyselection.rb +1 -1
- data/lib/risu/models/host.rb +100 -44
- data/lib/risu/models/hostproperty.rb +1 -1
- data/lib/risu/models/individualpluginselection.rb +1 -1
- data/lib/risu/models/item.rb +43 -15
- data/lib/risu/models/patch.rb +1 -1
- data/lib/risu/models/plugin.rb +2 -2
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +4 -3
- data/lib/risu/models/report.rb +2 -2
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +1 -1
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +7 -1
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +6 -4
- data/lib/risu/parsers/nessus/postprocess.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/apache.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/apache_tomcat.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/ca_brightstor_arcserve.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/db2.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/filezilla.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/firefox.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/java.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +3 -1
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/php.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/risk_score.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +12 -7
- data/lib/risu/parsers/nessus/postprocess/servu.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/shockwave.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/vlc.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +3 -1
- data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/windows.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/winscp.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +1 -1
- data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +3 -3
- data/lib/risu/renderers.rb +1 -1
- data/lib/risu/renderers/csvrenderer.rb +4 -4
- data/lib/risu/renderers/nilrenderer.rb +4 -4
- data/lib/risu/renderers/pdfrenderer.rb +5 -5
- data/lib/risu/template_helpers.rb +32 -0
- data/lib/risu/templates/assets.rb +1 -1
- data/lib/risu/templates/cover_sheet.rb +1 -1
- data/lib/risu/templates/exec_summary.rb +1 -1
- data/lib/risu/templates/executive_summary_detailed.rb +1 -1
- data/lib/risu/templates/exploitablity_summary.rb +1 -1
- data/lib/risu/templates/finding_statistics.rb +1 -1
- data/lib/risu/templates/findings_host.rb +1 -1
- data/lib/risu/templates/findings_summary.rb +1 -1
- data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
- data/lib/risu/templates/graphs.rb +1 -1
- data/lib/risu/templates/host_findings_csv.rb +1 -1
- data/lib/risu/templates/host_summary.rb +1 -1
- data/lib/risu/templates/malicious_process_detection.rb +1 -1
- data/lib/risu/templates/missing_root_causes.rb +1 -1
- data/lib/risu/templates/ms_patch_summary.rb +1 -1
- data/lib/risu/templates/ms_update_summary.rb +1 -1
- data/lib/risu/templates/ms_wsus_findings.rb +1 -1
- data/lib/risu/templates/notable.rb +1 -1
- data/lib/risu/templates/notable_detailed.rb +1 -1
- data/lib/risu/templates/pci_compliance.rb +1 -1
- data/lib/risu/templates/stig_findings_summary.rb +2 -2
- data/lib/risu/templates/talking_points.rb +5 -5
- data/lib/risu/templates/technical_findings.rb +1 -1
- data/lib/risu/templates/template.rb +1 -1
- data/lib/risu/templates/top_25.rb +1 -1
- data/lib/risu/version.rb +33 -0
- data/risu.gemspec +21 -20
- metadata +161 -67
- data/Gemfile.ci +0 -12
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
|
+
# All rights reserved.
|
|
3
|
+
#
|
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
|
6
|
+
#
|
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
|
13
|
+
# may be used to endorse or promote products derived from this software
|
|
14
|
+
# without specific prior written permission.
|
|
15
|
+
#
|
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
|
+
|
|
27
|
+
module Risu
|
|
28
|
+
module Parsers
|
|
29
|
+
module Nessus
|
|
30
|
+
module PostProcess
|
|
31
|
+
class ApacheTomcatRollups < Risu::Base::PostProcessBase
|
|
32
|
+
|
|
33
|
+
#
|
|
34
|
+
def initialize
|
|
35
|
+
@info =
|
|
36
|
+
{
|
|
37
|
+
:description => "Apache Tomcat Patch Rollup",
|
|
38
|
+
:plugin_id => -99966,
|
|
39
|
+
:plugin_name => "Update to the latest Apache Tomcat",
|
|
40
|
+
:item_name => "Update to the latest Apache Tomcat",
|
|
41
|
+
:plugin_ids => [
|
|
42
|
+
81649,
|
|
43
|
+
12085,
|
|
44
|
+
35806,
|
|
45
|
+
|
|
46
|
+
]
|
|
47
|
+
}
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -55,6 +55,8 @@ module Risu
|
|
|
55
55
|
44077,
|
|
56
56
|
44078,
|
|
57
57
|
85382,
|
|
58
|
+
86122,
|
|
59
|
+
|
|
58
60
|
|
|
59
61
|
|
|
60
62
|
]
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -86,7 +86,7 @@ module Risu
|
|
|
86
86
|
risk_score = risk_score + item.risk_score
|
|
87
87
|
end
|
|
88
88
|
|
|
89
|
-
#@
|
|
89
|
+
#@TODO weighting goes here
|
|
90
90
|
|
|
91
91
|
host.risk_score = risk_score
|
|
92
92
|
host.save
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -246,8 +246,6 @@ module Risu
|
|
|
246
246
|
70545 => "Vendor Patch",
|
|
247
247
|
-99985 => "Vendor Patch",
|
|
248
248
|
-99986 => "Vendor Patch",
|
|
249
|
-
71174 => "Vendor Patch",
|
|
250
|
-
72959 => "Vendor Patch",
|
|
251
249
|
25926 => "Vendor Patch",
|
|
252
250
|
11138 => "Vendor Patch",
|
|
253
251
|
47715 => "Vendor Patch",
|
|
@@ -286,7 +284,14 @@ module Risu
|
|
|
286
284
|
-99981 => "Vendor Patch",
|
|
287
285
|
-99967 => "Vendor Patch",
|
|
288
286
|
70124 => "Vendor Patch",
|
|
289
|
-
|
|
287
|
+
-99966 => "Vendor Patch",
|
|
288
|
+
82828 => "Vendor Patch",
|
|
289
|
+
79638 => "Vendor Patch",
|
|
290
|
+
77728 => "Vendor Patch",
|
|
291
|
+
79865 => "Vendor Patch",
|
|
292
|
+
83186 => "Vendor Patch",
|
|
293
|
+
86255 => "Vendor Patch",
|
|
294
|
+
|
|
290
295
|
|
|
291
296
|
|
|
292
297
|
33850 => "Vendor Support",
|
|
@@ -326,7 +331,6 @@ module Risu
|
|
|
326
331
|
41028 => "Configuration",
|
|
327
332
|
57582 => "Configuration",
|
|
328
333
|
45411 => "Configuration",
|
|
329
|
-
45417 => "Configuration",
|
|
330
334
|
57608 => "Configuration",
|
|
331
335
|
18405 => "Configuration",
|
|
332
336
|
57690 => "Configuration",
|
|
@@ -379,8 +383,6 @@ module Risu
|
|
|
379
383
|
10660 => "Configuration",
|
|
380
384
|
11411 => "Configuration",
|
|
381
385
|
10722 => "Configuration",
|
|
382
|
-
10056 => "Configuration",
|
|
383
|
-
10660 => "Configuration",
|
|
384
386
|
10595 => "Configuration",
|
|
385
387
|
11714 => "Configuration",
|
|
386
388
|
10203 => "Configuration",
|
|
@@ -401,6 +403,9 @@ module Risu
|
|
|
401
403
|
11454 => "Configuration",
|
|
402
404
|
10305 => "Configuration",
|
|
403
405
|
39364 => "Configuration",
|
|
406
|
+
83738 => "Configuration",
|
|
407
|
+
83875 => "Configuration",
|
|
408
|
+
42256 => "Configuration",
|
|
404
409
|
|
|
405
410
|
|
|
406
411
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -64,6 +64,8 @@ module Risu
|
|
|
64
64
|
79862,
|
|
65
65
|
80037,
|
|
66
66
|
81084,
|
|
67
|
+
83781,
|
|
68
|
+
|
|
67
69
|
|
|
68
70
|
]
|
|
69
71
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -44,7 +44,7 @@ module Risu
|
|
|
44
44
|
"architecture" => nil
|
|
45
45
|
}
|
|
46
46
|
|
|
47
|
-
# @
|
|
47
|
+
# @TODO comment
|
|
48
48
|
#
|
|
49
49
|
def initialize
|
|
50
50
|
@vals = Hash.new
|
|
@@ -52,7 +52,7 @@ module Risu
|
|
|
52
52
|
@report = Report.create
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
# @
|
|
55
|
+
# @TODO comment
|
|
56
56
|
#
|
|
57
57
|
def on_start_element(element, attributes)
|
|
58
58
|
@tag = element
|
data/lib/risu/renderers.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -28,20 +28,20 @@ module Risu
|
|
|
28
28
|
module Renderers
|
|
29
29
|
class CSVRenderer
|
|
30
30
|
|
|
31
|
-
# @
|
|
31
|
+
# @TODO comment
|
|
32
32
|
#
|
|
33
33
|
def self.generate(output_file, &block)
|
|
34
34
|
csv = new(output_file, &block)
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
# @
|
|
37
|
+
# @TODO comment
|
|
38
38
|
#
|
|
39
39
|
def initialize(output_file, &block)
|
|
40
40
|
@output_file = output_file
|
|
41
41
|
instance_eval(&block)
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
-
# @
|
|
44
|
+
# @TODO comment
|
|
45
45
|
#
|
|
46
46
|
def text text, *args
|
|
47
47
|
File.open(@output_file, "a+") do |file|
|