risu 1.7.5 → 1.7.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +16 -10
- data/Gemfile.lock +125 -102
- data/LICENSE +2 -1
- data/NEWS.markdown +23 -2
- data/README.markdown +35 -22
- data/Rakefile +4 -4
- data/bin/risu +1 -1
- data/lib/risu.rb +12 -7
- data/lib/risu/base.rb +1 -1
- data/lib/risu/base/post_process_base.rb +2 -3
- data/lib/risu/base/post_process_manager.rb +2 -2
- data/lib/risu/base/schema.rb +3 -3
- data/lib/risu/base/shares_template_helper.rb +37 -3
- data/lib/risu/base/template_base.rb +2 -2
- data/lib/risu/base/template_helper.rb +4 -4
- data/lib/risu/base/template_manager.rb +2 -2
- data/lib/risu/base/templater.rb +1 -1
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +7 -6
- data/lib/risu/cli/banner.rb +1 -1
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/graphs.rb +32 -0
- data/lib/risu/graphs/top_vuln_graph.rb +59 -0
- data/lib/risu/graphs/windows_os_graph.rb +134 -0
- data/lib/risu/models.rb +1 -1
- data/lib/risu/models/attachment.rb +1 -1
- data/lib/risu/models/familyselection.rb +1 -1
- data/lib/risu/models/host.rb +100 -44
- data/lib/risu/models/hostproperty.rb +1 -1
- data/lib/risu/models/individualpluginselection.rb +1 -1
- data/lib/risu/models/item.rb +43 -15
- data/lib/risu/models/patch.rb +1 -1
- data/lib/risu/models/plugin.rb +2 -2
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +4 -3
- data/lib/risu/models/report.rb +2 -2
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +1 -1
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +7 -1
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +6 -4
- data/lib/risu/parsers/nessus/postprocess.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/apache.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/apache_tomcat.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/ca_brightstor_arcserve.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/db2.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/filezilla.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/firefox.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/java.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +3 -1
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/php.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/risk_score.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +12 -7
- data/lib/risu/parsers/nessus/postprocess/servu.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/shockwave.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/vlc.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +3 -1
- data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/windows.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/winscp.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +1 -1
- data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +3 -3
- data/lib/risu/renderers.rb +1 -1
- data/lib/risu/renderers/csvrenderer.rb +4 -4
- data/lib/risu/renderers/nilrenderer.rb +4 -4
- data/lib/risu/renderers/pdfrenderer.rb +5 -5
- data/lib/risu/template_helpers.rb +32 -0
- data/lib/risu/templates/assets.rb +1 -1
- data/lib/risu/templates/cover_sheet.rb +1 -1
- data/lib/risu/templates/exec_summary.rb +1 -1
- data/lib/risu/templates/executive_summary_detailed.rb +1 -1
- data/lib/risu/templates/exploitablity_summary.rb +1 -1
- data/lib/risu/templates/finding_statistics.rb +1 -1
- data/lib/risu/templates/findings_host.rb +1 -1
- data/lib/risu/templates/findings_summary.rb +1 -1
- data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
- data/lib/risu/templates/graphs.rb +1 -1
- data/lib/risu/templates/host_findings_csv.rb +1 -1
- data/lib/risu/templates/host_summary.rb +1 -1
- data/lib/risu/templates/malicious_process_detection.rb +1 -1
- data/lib/risu/templates/missing_root_causes.rb +1 -1
- data/lib/risu/templates/ms_patch_summary.rb +1 -1
- data/lib/risu/templates/ms_update_summary.rb +1 -1
- data/lib/risu/templates/ms_wsus_findings.rb +1 -1
- data/lib/risu/templates/notable.rb +1 -1
- data/lib/risu/templates/notable_detailed.rb +1 -1
- data/lib/risu/templates/pci_compliance.rb +1 -1
- data/lib/risu/templates/stig_findings_summary.rb +2 -2
- data/lib/risu/templates/talking_points.rb +5 -5
- data/lib/risu/templates/technical_findings.rb +1 -1
- data/lib/risu/templates/template.rb +1 -1
- data/lib/risu/templates/top_25.rb +1 -1
- data/lib/risu/version.rb +33 -0
- data/risu.gemspec +21 -20
- metadata +161 -67
- data/Gemfile.ci +0 -12
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
|
+
# All rights reserved.
|
|
3
|
+
#
|
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
|
6
|
+
#
|
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
|
13
|
+
# may be used to endorse or promote products derived from this software
|
|
14
|
+
# without specific prior written permission.
|
|
15
|
+
#
|
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
|
+
|
|
27
|
+
module Risu
|
|
28
|
+
module Parsers
|
|
29
|
+
module Nessus
|
|
30
|
+
module PostProcess
|
|
31
|
+
class ApacheTomcatRollups < Risu::Base::PostProcessBase
|
|
32
|
+
|
|
33
|
+
#
|
|
34
|
+
def initialize
|
|
35
|
+
@info =
|
|
36
|
+
{
|
|
37
|
+
:description => "Apache Tomcat Patch Rollup",
|
|
38
|
+
:plugin_id => -99966,
|
|
39
|
+
:plugin_name => "Update to the latest Apache Tomcat",
|
|
40
|
+
:item_name => "Update to the latest Apache Tomcat",
|
|
41
|
+
:plugin_ids => [
|
|
42
|
+
81649,
|
|
43
|
+
12085,
|
|
44
|
+
35806,
|
|
45
|
+
|
|
46
|
+
]
|
|
47
|
+
}
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -55,6 +55,8 @@ module Risu
|
|
|
55
55
|
44077,
|
|
56
56
|
44078,
|
|
57
57
|
85382,
|
|
58
|
+
86122,
|
|
59
|
+
|
|
58
60
|
|
|
59
61
|
|
|
60
62
|
]
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -86,7 +86,7 @@ module Risu
|
|
|
86
86
|
risk_score = risk_score + item.risk_score
|
|
87
87
|
end
|
|
88
88
|
|
|
89
|
-
#@
|
|
89
|
+
#@TODO weighting goes here
|
|
90
90
|
|
|
91
91
|
host.risk_score = risk_score
|
|
92
92
|
host.save
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -246,8 +246,6 @@ module Risu
|
|
|
246
246
|
70545 => "Vendor Patch",
|
|
247
247
|
-99985 => "Vendor Patch",
|
|
248
248
|
-99986 => "Vendor Patch",
|
|
249
|
-
71174 => "Vendor Patch",
|
|
250
|
-
72959 => "Vendor Patch",
|
|
251
249
|
25926 => "Vendor Patch",
|
|
252
250
|
11138 => "Vendor Patch",
|
|
253
251
|
47715 => "Vendor Patch",
|
|
@@ -286,7 +284,14 @@ module Risu
|
|
|
286
284
|
-99981 => "Vendor Patch",
|
|
287
285
|
-99967 => "Vendor Patch",
|
|
288
286
|
70124 => "Vendor Patch",
|
|
289
|
-
|
|
287
|
+
-99966 => "Vendor Patch",
|
|
288
|
+
82828 => "Vendor Patch",
|
|
289
|
+
79638 => "Vendor Patch",
|
|
290
|
+
77728 => "Vendor Patch",
|
|
291
|
+
79865 => "Vendor Patch",
|
|
292
|
+
83186 => "Vendor Patch",
|
|
293
|
+
86255 => "Vendor Patch",
|
|
294
|
+
|
|
290
295
|
|
|
291
296
|
|
|
292
297
|
33850 => "Vendor Support",
|
|
@@ -326,7 +331,6 @@ module Risu
|
|
|
326
331
|
41028 => "Configuration",
|
|
327
332
|
57582 => "Configuration",
|
|
328
333
|
45411 => "Configuration",
|
|
329
|
-
45417 => "Configuration",
|
|
330
334
|
57608 => "Configuration",
|
|
331
335
|
18405 => "Configuration",
|
|
332
336
|
57690 => "Configuration",
|
|
@@ -379,8 +383,6 @@ module Risu
|
|
|
379
383
|
10660 => "Configuration",
|
|
380
384
|
11411 => "Configuration",
|
|
381
385
|
10722 => "Configuration",
|
|
382
|
-
10056 => "Configuration",
|
|
383
|
-
10660 => "Configuration",
|
|
384
386
|
10595 => "Configuration",
|
|
385
387
|
11714 => "Configuration",
|
|
386
388
|
10203 => "Configuration",
|
|
@@ -401,6 +403,9 @@ module Risu
|
|
|
401
403
|
11454 => "Configuration",
|
|
402
404
|
10305 => "Configuration",
|
|
403
405
|
39364 => "Configuration",
|
|
406
|
+
83738 => "Configuration",
|
|
407
|
+
83875 => "Configuration",
|
|
408
|
+
42256 => "Configuration",
|
|
404
409
|
|
|
405
410
|
|
|
406
411
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -64,6 +64,8 @@ module Risu
|
|
|
64
64
|
79862,
|
|
65
65
|
80037,
|
|
66
66
|
81084,
|
|
67
|
+
83781,
|
|
68
|
+
|
|
67
69
|
|
|
68
70
|
]
|
|
69
71
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -44,7 +44,7 @@ module Risu
|
|
|
44
44
|
"architecture" => nil
|
|
45
45
|
}
|
|
46
46
|
|
|
47
|
-
# @
|
|
47
|
+
# @TODO comment
|
|
48
48
|
#
|
|
49
49
|
def initialize
|
|
50
50
|
@vals = Hash.new
|
|
@@ -52,7 +52,7 @@ module Risu
|
|
|
52
52
|
@report = Report.create
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
# @
|
|
55
|
+
# @TODO comment
|
|
56
56
|
#
|
|
57
57
|
def on_start_element(element, attributes)
|
|
58
58
|
@tag = element
|
data/lib/risu/renderers.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2016 Arxopia LLC.
|
|
2
2
|
# All rights reserved.
|
|
3
3
|
#
|
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
|
@@ -28,20 +28,20 @@ module Risu
|
|
|
28
28
|
module Renderers
|
|
29
29
|
class CSVRenderer
|
|
30
30
|
|
|
31
|
-
# @
|
|
31
|
+
# @TODO comment
|
|
32
32
|
#
|
|
33
33
|
def self.generate(output_file, &block)
|
|
34
34
|
csv = new(output_file, &block)
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
# @
|
|
37
|
+
# @TODO comment
|
|
38
38
|
#
|
|
39
39
|
def initialize(output_file, &block)
|
|
40
40
|
@output_file = output_file
|
|
41
41
|
instance_eval(&block)
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
-
# @
|
|
44
|
+
# @TODO comment
|
|
45
45
|
#
|
|
46
46
|
def text text, *args
|
|
47
47
|
File.open(@output_file, "a+") do |file|
|