risu 1.4.7 → 1.4.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. data/NEWS.markdown +7 -1
  2. data/TODO.markdown +5 -1
  3. data/lib/risu.rb +1 -1
  4. data/lib/risu/base/schema.rb +7 -0
  5. data/lib/risu/models.rb +1 -0
  6. data/lib/risu/models/host.rb +1 -0
  7. data/lib/risu/models/patch.rb +11 -0
  8. data/lib/risu/parsers/nessus/nessus_sax_listener.rb +177 -30
  9. data/risu.gemspec +14 -14
  10. metadata +30 -29
data/NEWS.markdown CHANGED
@@ -1,9 +1,15 @@
1
1
  # News
2
2
 
3
+ #1.4.8 (August 21, 2011)
4
+ - Fixed a gemspec dependency error reported by mlpotgieter
5
+ - Fixed a parser error related to Microsoft Bulletins report by stevelodin
6
+ - Added a Table for all host related patches, currently only has Microsoft Bulletins
7
+ You can access it via `Host.first.patches` or `Patch.all`
8
+ - Please report any missing tags that risu outputs to jacob[dot]hammackj[@]hammackj[.]com, I expect a ton of Microsoft Patch tags missing
9
+
3
10
  #1.4.7 (August 13, 2011)
4
11
  - Fixed issue #39 Ruby 1.8.7 Syntax error reported by mlpotgieter
5
12
  - Ruby 1.8.7 will no longer be supported in v1.5, please upgrade your ruby installs.
6
- -
7
13
 
8
14
  #1.4.6 (July 12, 2011)
9
15
  - Added pcidss:dns_zone_transfer to the Nessus parser
data/TODO.markdown CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  **Release dates are estimates, and features can be changed at any time.**
4
4
 
5
- ## 1.4.7
5
+ ## 1.4.9
6
6
  - Make sure all classification headers are upcase
7
7
  - Ensure font sizes are standard in the templates
8
8
  - The font in tech findings could be 1 size smaller
@@ -12,6 +12,8 @@
12
12
  - pcidss:directory_browsing
13
13
  - pcidss:known_credentials
14
14
  - pcidss:compromised_host:worm
15
+ - Add tests for Patch model
16
+ -
15
17
 
16
18
  ## 1.5 (8/4/2011)
17
19
  - Rework the blacklisting of plugins/hosts add to the config file
@@ -52,6 +54,7 @@
52
54
  - Sort Technical Findings Report by count/score
53
55
  - Add template validation and more error checking
54
56
  - Colorize the reports with better style
57
+ - Added TOC/Index to the technical findings report, issue 15
55
58
 
56
59
  ##1.5.2 (11/4/2011) - Parser work
57
60
  - Add Schema checks to make sure the schema is compatible with the version of risu
@@ -77,6 +80,7 @@
77
80
  - Add Parser for Nexpose xml
78
81
  - Add Parser for Qualys xml
79
82
  - Look at moving to nokogiri for xml parsing, current benchmarks so it faster than libxml-ruby; http://nokogiri.org
83
+ - Easier way to select the Scan to generate reports from
80
84
 
81
85
  ## 2.0 (?)
82
86
  - Rails FrontEnd to Risu
data/lib/risu.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Risu
2
2
  APP_NAME = "risu"
3
- VERSION = "1.4.7"
3
+ VERSION = "1.4.8"
4
4
  GRAPH_WIDTH = 750
5
5
  EMAIL = "jacob.hammack@hammackj.com"
6
6
  CONFIG_FILE = "./risu.cfg"
data/lib/risu/base/schema.rb CHANGED
@@ -133,6 +133,12 @@ module Risu
133
133
  t.string :description
134
134
  end
135
135
 
136
+ create_table :patches do |t|
137
+ t.integer :host_id
138
+ t.string :name
139
+ t.string :value
140
+ end
141
+
136
142
  ServiceDescription.create :name => "www", :description => ""
137
143
  ServiceDescription.create :name => "cifs", :description => ""
138
144
  ServiceDescription.create :name => "smb", :description => ""
@@ -160,6 +166,7 @@ module Risu
160
166
  drop_table :references
161
167
  drop_table :versions
162
168
  drop_table :service_descriptions
169
+ drop_table :patches
163
170
  end
164
171
 
165
172
  end
data/lib/risu/models.rb CHANGED
@@ -15,3 +15,4 @@ require 'risu/models/reference'
15
15
  require 'risu/models/policy'
16
16
  require 'risu/models/version'
17
17
  require 'risu/models/servicedescription'
18
+ require 'risu/models/patch'
data/lib/risu/models/host.rb CHANGED
@@ -6,6 +6,7 @@ module Risu
6
6
  class Host < ActiveRecord::Base
7
7
  belongs_to :report
8
8
  has_many :items
9
+ has_many :patches
9
10
 
10
11
  class << self
11
12
 
data/lib/risu/models/patch.rb ADDED
@@ -0,0 +1,11 @@
1
+ module Risu
2
+ module Models
3
+
4
+ # Version Model for the DB
5
+ #
6
+ # @author Jacob Hammack
7
+ class Patch < ActiveRecord::Base
8
+ belongs_to :host
9
+ end
10
+ end
11
+ end
data/lib/risu/parsers/nessus/nessus_sax_listener.rb CHANGED
@@ -56,27 +56,158 @@ module Risu
56
56
  "pcidss:obsolete_operating_system" => :pcidss_obsolete_operating_system,
57
57
  "pcidss:dns_zone_transfer" => :pcidss_dns_zone_transfer
58
58
  }
59
-
60
- @valid_ms_patches = {
61
- "MS11-030" => :ms11_030,
62
- "MS11-026" => :ms11_026,
63
- "MS11-034" => :ms11_034,
64
- "MS11-021" => :ms11_021,
65
- "MS11-029" => :ms11_029,
66
- "MS11-023" => :ms11_023,
67
- "MS11-022" => :ms11_022,
68
- "MS09-027" => :ms09_027,
69
- "MS11-033" => :ms11_033,
70
- "MS11-019" => :ms11_019,
71
- "MS11-024" => :ms11_024,
72
- "MS11-031" => :ms11_031,
73
- "MS11-020" => :ms11_020,
74
- "MS11-018" => :ms11_018,
75
- "MS11-028" => :ms11_028,
76
- "MS11-032" => :ms11_032,
77
- "MS040-016" => :ms040_016,
78
- "MS08-50" => :ms08_50
79
- }
59
+ #@todo change this to an array and use a dynamic ms_patches table
60
+ @valid_ms_patches = [
61
+ "MS11-030",
62
+ "MS11-026",
63
+ "MS11-034",
64
+ "MS11-021",
65
+ "MS11-029",
66
+ "MS11-023",
67
+ "MS11-022",
68
+ "MS09-027",
69
+ "MS11-033",
70
+ "MS11-019",
71
+ "MS11-024",
72
+ "MS11-031",
73
+ "MS11-020",
74
+ "MS11-018",
75
+ "MS11-028",
76
+ "MS11-032",
77
+ "MS040-016",
78
+ "MS08-50",
79
+ "MS09-055",
80
+ "MS10-008",
81
+ "MS10-034",
82
+ "MS10-082",
83
+ "MS11-003",
84
+ "MS07-021",
85
+ "MS09-062",
86
+ "MS07-022",
87
+ "MS10-096",
88
+ "MS09-062",
89
+ "MS07-017",
90
+ "MS07-031",
91
+ "MS08-020",
92
+ "MS10-002",
93
+ "MS10-035",
94
+ "MS11-007",
95
+ "MS10-018",
96
+ "MS09-069",
97
+ "MS09-001",
98
+ "MS10-073",
99
+ "MS09-044",
100
+ "MS08-021",
101
+ "MS08-001",
102
+ "MS11-011",
103
+ "MS07-004",
104
+ "MS07-006",
105
+ "MS07-007",
106
+ "MS07-008",
107
+ "MS07-009",
108
+ "MS07-011",
109
+ "MS07-012",
110
+ "MS07-013",
111
+ "MS07-016",
112
+ "MS07-019",
113
+ "MS07-020",
114
+ "MS07-027",
115
+ "MS08-002",
116
+ "MS08-007",
117
+ "MS08-008",
118
+ "MS08-010",
119
+ "MS08-022",
120
+ "MS09-006",
121
+ "MS09-007",
122
+ "MS09-010",
123
+ "MS09-011",
124
+ "MS09-012",
125
+ "MS09-013",
126
+ "MS09-014",
127
+ "MS09-015",
128
+ "MS09-019",
129
+ "MS09-022",
130
+ "MS09-025",
131
+ "MS09-026",
132
+ "MS09-034",
133
+ "MS09-037",
134
+ "MS09-038",
135
+ "MS09-040",
136
+ "MS09-041",
137
+ "MS09-042",
138
+ "MS09-045",
139
+ "MS09-046",
140
+ "MS09-047",
141
+ "MS09-048",
142
+ "MS09-051",
143
+ "MS09-052",
144
+ "MS09-054",
145
+ "MS09-056",
146
+ "MS09-057",
147
+ "MS09-058",
148
+ "MS09-065",
149
+ "MS09-071",
150
+ "MS09-072",
151
+ "MS09-073",
152
+ "MS10-001",
153
+ "MS10-005",
154
+ "MS10-006",
155
+ "MS10-011",
156
+ "MS10-012",
157
+ "MS10-013",
158
+ "MS10-015",
159
+ "MS10-016",
160
+ "MS10-019",
161
+ "MS10-020",
162
+ "MS10-021",
163
+ "MS10-022",
164
+ "MS10-026",
165
+ "MS10-027",
166
+ "MS10-029",
167
+ "MS10-030",
168
+ "MS10-032",
169
+ "MS10-033",
170
+ "MS10-037",
171
+ "MS10-041",
172
+ "MS10-042",
173
+ "MS10-046",
174
+ "MS10-047",
175
+ "MS10-048",
176
+ "MS10-049",
177
+ "MS10-050",
178
+ "MS10-051",
179
+ "MS10-052",
180
+ "MS10-053",
181
+ "MS10-054",
182
+ "MS10-055",
183
+ "MS10-061",
184
+ "MS10-062",
185
+ "MS10-063",
186
+ "MS10-066",
187
+ "MS10-067",
188
+ "MS10-069",
189
+ "MS10-070",
190
+ "MS10-071",
191
+ "MS10-074",
192
+ "MS10-076",
193
+ "MS10-078",
194
+ "MS10-081",
195
+ "MS10-083",
196
+ "MS10-084",
197
+ "MS10-090",
198
+ "MS10-091",
199
+ "MS10-097",
200
+ "MS10-098",
201
+ "MS10-099",
202
+ "MS11-002",
203
+ "MS11-006",
204
+ "MS11-010",
205
+ "MS11-012",
206
+ "MS11-013",
207
+ "MS11-014",
208
+ "MS11-015",
209
+ "MS11-017"
210
+ ]
80
211
  end
81
212
 
82
213
  # Callback for when the start of a xml element is reached
@@ -116,14 +247,23 @@ module Risu
116
247
  @rh.name = attributes["name"]
117
248
  @rh.save
118
249
  when "tag"
119
- unless attributes["name"] =~ /(MS\d\d-\d\d\d)/
120
- @attr = if @valid_host_properties.keys.include?(attributes["name"])
121
- attributes["name"]
122
- else
123
- nil
124
- end
125
- puts "New HostProperties attribute: #{attributes["name"]}. Please report this to jacob.hammack@hammackj.com\n" if @attr.nil?
250
+ @attr = nil
251
+
252
+ if attributes["name"] =~ /[M|m][S|s]\d{2}-\d{2,}/
253
+ @attr = if @valid_ms_patches.include?(attributes["name"])
254
+ attributes["name"]
255
+ else
256
+ nil
257
+ end
258
+ else
259
+ @attr = if @valid_host_properties.keys.include?(attributes["name"])
260
+ attributes["name"]
261
+ else
262
+ nil
263
+ end
126
264
  end
265
+
266
+ puts "New HostProperties attribute: #{attributes["name"]}. Please report this to jacob.hammack@hammackj.com\n" if @attr.nil?
127
267
  when "ReportItem"
128
268
  @vals = Hash.new # have to clear this out or everything has the same references
129
269
  @ri = @rh.items.create
@@ -222,8 +362,15 @@ module Risu
222
362
 
223
363
  @plugin_selection.save
224
364
  when "tag"
225
- @rh.attributes = {@valid_host_properties[@attr] => @vals["tag"].gsub("\n", ",") } if @valid_host_properties.keys.include?(@attr)
226
- @rh.save
365
+ if @attr =~ /[M|m][S|s]\d{2}-\d{2,}/
366
+ @patch = @rh.patches.create
367
+ @patch.name = @attr
368
+ @patch.value = @vals['tag']
369
+ @patch.save
370
+ else
371
+ @rh.attributes = {@valid_host_properties[@attr] => @vals["tag"].gsub("\n", ",") } if @valid_host_properties.keys.include?(@attr)
372
+ @rh.save
373
+ end if @attr != nil
227
374
  #We cannot handle the references in the same block as the rest of the ReportItem tag because
228
375
  #there tends to be more than of the different types of reference per ReportItem, this causes issue for a sax
229
376
  #parser. To solve this we do the references before the final plugin data
data/risu.gemspec CHANGED
@@ -27,18 +27,18 @@ Gem::Specification.new do |s|
27
27
  s.required_rubygems_version = ">= 1.6.0"
28
28
  s.rubyforge_project = "#{Risu::APP_NAME}"
29
29
 
30
- s.add_development_dependency("rspec", "= 2.5.0")
31
- s.add_development_dependency("rcov", ">= 0.9.9")
32
- s.add_development_dependency("yard", ">= 0.6.4")
33
- s.add_development_dependency("machinist", ">= 1.0.6")
34
- s.add_development_dependency("sham", ">= 0.4.0")
35
- s.add_development_dependency("faker", ">= 0.9.5")
36
-
37
- s.add_dependency('rails', '>= 3.0.7')
38
- s.add_dependency('libxml-ruby', '>= 1.1.4')
39
- s.add_dependency('prawn', '>= 0.11.1')
40
- s.add_dependency('gruff', '>= 0.3.6')
41
- s.add_dependency('mysql', '>= 2.8.1')
42
- s.add_dependency('rmagick', ">= 2.13.1")
43
- s.add_dependency('sqlite3', ">= 1.3.3")
30
+ s.add_development_dependency("rspec", ["~> 2.5.0"])
31
+ s.add_development_dependency("rcov", [">= 0.9.9"])
32
+ s.add_development_dependency("yard", [">= 0.6.4"])
33
+ s.add_development_dependency("machinist", [">= 1.0.6"])
34
+ s.add_development_dependency("sham", [">= 0.4.0"])
35
+ s.add_development_dependency("faker", [">= 0.9.5"])
36
+
37
+ s.add_dependency('rails', ['>= 3.0.7'])
38
+ s.add_dependency('libxml-ruby', ['>= 1.1.4'])
39
+ s.add_dependency('prawn', ['>= 0.11.1'])
40
+ s.add_dependency('gruff', ['>= 0.3.6'])
41
+ s.add_dependency('mysql', ['>= 2.8.1'])
42
+ s.add_dependency('rmagick', [">= 2.13.1"])
43
+ s.add_dependency('sqlite3', [">= 1.3.3"])
44
44
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: risu
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.7
4
+ version: 1.4.8
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,22 +9,22 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2011-08-13 00:00:00.000000000Z
12
+ date: 2011-08-21 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70222431373580 !ruby/object:Gem::Requirement
16
+ requirement: &70350051680640 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
- - - =
19
+ - - ~>
20
20
  - !ruby/object:Gem::Version
21
21
  version: 2.5.0
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70222431373580
24
+ version_requirements: *70350051680640
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: rcov
27
- requirement: &70222431373000 !ruby/object:Gem::Requirement
27
+ requirement: &70350051680040 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 0.9.9
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *70222431373000
35
+ version_requirements: *70350051680040
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: yard
38
- requirement: &70222431372420 !ruby/object:Gem::Requirement
38
+ requirement: &70350051679420 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
43
43
  version: 0.6.4
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *70222431372420
46
+ version_requirements: *70350051679420
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: machinist
49
- requirement: &70222431371900 !ruby/object:Gem::Requirement
49
+ requirement: &70350051678780 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
54
54
  version: 1.0.6
55
55
  type: :development
56
56
  prerelease: false
57
- version_requirements: *70222431371900
57
+ version_requirements: *70350051678780
58
58
  - !ruby/object:Gem::Dependency
59
59
  name: sham
60
- requirement: &70222431371240 !ruby/object:Gem::Requirement
60
+ requirement: &70350051678160 !ruby/object:Gem::Requirement
61
61
  none: false
62
62
  requirements:
63
63
  - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
65
65
  version: 0.4.0
66
66
  type: :development
67
67
  prerelease: false
68
- version_requirements: *70222431371240
68
+ version_requirements: *70350051678160
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: faker
71
- requirement: &70222431370740 !ruby/object:Gem::Requirement
71
+ requirement: &70350051677560 !ruby/object:Gem::Requirement
72
72
  none: false
73
73
  requirements:
74
74
  - - ! '>='
@@ -76,10 +76,10 @@ dependencies:
76
76
  version: 0.9.5
77
77
  type: :development
78
78
  prerelease: false
79
- version_requirements: *70222431370740
79
+ version_requirements: *70350051677560
80
80
  - !ruby/object:Gem::Dependency
81
81
  name: rails
82
- requirement: &70222431370160 !ruby/object:Gem::Requirement
82
+ requirement: &70350051676960 !ruby/object:Gem::Requirement
83
83
  none: false
84
84
  requirements:
85
85
  - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
87
87
  version: 3.0.7
88
88
  type: :runtime
89
89
  prerelease: false
90
- version_requirements: *70222431370160
90
+ version_requirements: *70350051676960
91
91
  - !ruby/object:Gem::Dependency
92
92
  name: libxml-ruby
93
- requirement: &70222431369480 !ruby/object:Gem::Requirement
93
+ requirement: &70350051644920 !ruby/object:Gem::Requirement
94
94
  none: false
95
95
  requirements:
96
96
  - - ! '>='
@@ -98,10 +98,10 @@ dependencies:
98
98
  version: 1.1.4
99
99
  type: :runtime
100
100
  prerelease: false
101
- version_requirements: *70222431369480
101
+ version_requirements: *70350051644920
102
102
  - !ruby/object:Gem::Dependency
103
103
  name: prawn
104
- requirement: &70222431369020 !ruby/object:Gem::Requirement
104
+ requirement: &70350051644400 !ruby/object:Gem::Requirement
105
105
  none: false
106
106
  requirements:
107
107
  - - ! '>='
@@ -109,10 +109,10 @@ dependencies:
109
109
  version: 0.11.1
110
110
  type: :runtime
111
111
  prerelease: false
112
- version_requirements: *70222431369020
112
+ version_requirements: *70350051644400
113
113
  - !ruby/object:Gem::Dependency
114
114
  name: gruff
115
- requirement: &70222431368460 !ruby/object:Gem::Requirement
115
+ requirement: &70350051643920 !ruby/object:Gem::Requirement
116
116
  none: false
117
117
  requirements:
118
118
  - - ! '>='
@@ -120,10 +120,10 @@ dependencies:
120
120
  version: 0.3.6
121
121
  type: :runtime
122
122
  prerelease: false
123
- version_requirements: *70222431368460
123
+ version_requirements: *70350051643920
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: mysql
126
- requirement: &70222431367900 !ruby/object:Gem::Requirement
126
+ requirement: &70350051643420 !ruby/object:Gem::Requirement
127
127
  none: false
128
128
  requirements:
129
129
  - - ! '>='
@@ -131,10 +131,10 @@ dependencies:
131
131
  version: 2.8.1
132
132
  type: :runtime
133
133
  prerelease: false
134
- version_requirements: *70222431367900
134
+ version_requirements: *70350051643420
135
135
  - !ruby/object:Gem::Dependency
136
136
  name: rmagick
137
- requirement: &70222431367320 !ruby/object:Gem::Requirement
137
+ requirement: &70350051642920 !ruby/object:Gem::Requirement
138
138
  none: false
139
139
  requirements:
140
140
  - - ! '>='
@@ -142,10 +142,10 @@ dependencies:
142
142
  version: 2.13.1
143
143
  type: :runtime
144
144
  prerelease: false
145
- version_requirements: *70222431367320
145
+ version_requirements: *70350051642920
146
146
  - !ruby/object:Gem::Dependency
147
147
  name: sqlite3
148
- requirement: &70222431366740 !ruby/object:Gem::Requirement
148
+ requirement: &70350051642420 !ruby/object:Gem::Requirement
149
149
  none: false
150
150
  requirements:
151
151
  - - ! '>='
@@ -153,7 +153,7 @@ dependencies:
153
153
  version: 1.3.3
154
154
  type: :runtime
155
155
  prerelease: false
156
- version_requirements: *70222431366740
156
+ version_requirements: *70350051642420
157
157
  description: risu is a Nessus .nessus xml parser and report generation tool
158
158
  email: jacob.hammack@hammackj.com
159
159
  executables:
@@ -187,6 +187,7 @@ files:
187
187
  - lib/risu/models/host.rb
188
188
  - lib/risu/models/individualpluginselection.rb
189
189
  - lib/risu/models/item.rb
190
+ - lib/risu/models/patch.rb
190
191
  - lib/risu/models/plugin.rb
191
192
  - lib/risu/models/pluginspreference.rb
192
193
  - lib/risu/models/policy.rb