risu 1.5.2 → 1.5.3

data/NEWS.markdown

@@ -1,5 +1,25 @@
 # News
 
+#1.5.3 (August 29, 2012)
+- New Parsed Tags
+	- cm_compliance_info
+	- cm_compliance_actual_value
+	- cm_compliance_check_id
+	- cm_compliance_policy_value
+	- cm_compliance_audit_file
+	- cm_compliance_check_name
+	- cm_compliance_result
+	- cm_compliance_output
+- Model Changes
+	- Host
+		- Added os_windows_98
+		- Added not_os_windows_98
+		- Added os_windows_95
+		- Added not_os_windows_95
+		- Added os_windows_me
+		- Added not_os_windows_me
+		- Updated the unsupported operating systems text to take into account these operating systems
+
 #1.5.2 (July 30, 2012)
 - New Parsed Tags
 	- vmsa

data/README.markdown

@@ -2,7 +2,7 @@
 
 Risu is [Nessus](http://www.nessus.org) parser, that converts the generated reports into a [ActiveRecord](http://api.rubyonrails.org/classes/ActiveRecord/Base.html) database, this allows for easy report generation and vulnerability verification.
 
-Version **1.5.2** is the current release.
+Version **1.5.3** is the current release.
 
 ## Requirements
 
@@ -74,7 +74,7 @@ Using the risu Console is just like using Rails. You can access all of the Activ
 	|_|  |_|___/\__,_|
 
 
-	risu Console v1.5.2
+	risu Console v1.5.3
 	>> Host.first
 	=> #<Risu::Models::Host id: 1, report_id: 1, name: "10.69.69.74", os: "Linux Kernel 2.6 on Debian 4.0 (etch)", mac: "XX:XX:XX:XX:XX:XX", start: "2011-04-20 16:29:37", end: "2011-04-20 16:32:14", ip: "10.69.69.74", fqdn: "redada.hammackj.net", netbios: "REDADA", local_checks_proto: nil, smb_login_used: nil, ssh_auth_meth: nil, ssh_login_used: nil, pci_dss_compliance: nil, notes: nil>
 

data/Rakefile

@@ -35,7 +35,12 @@ task :build do
   system "gem build #{Risu::APP_NAME}.gemspec"
 end
 
-task :release => :build do
+task :tag_and_bag do
+	system "git tag -a v#{Risu::VERSION} -m 'version #{Risu::VERSION}'"
+	system "git push --tags"
+end
+
+task :release => [:tag_and_bag, :build] do
   system "gem push #{Risu::APP_NAME}-#{Risu::VERSION}.gem"
 	puts "Just released #{Risu::APP_NAME} v#{Risu::VERSION}. #{Risu::APP_NAME} is an Nessus XML parser/database. More information at http://hammackj.com/projects/risu/"
 end
@@ -48,8 +53,6 @@ task :clean do
 	system "rm -rf coverage"
 end
 
-task :default => [:test_sqlite]
-
 task :test_sqlite do
 	ENV['RISU_TEST_ENV'] = "sqlite"
 	Rake::Task['run_tests'].invoke
@@ -65,3 +68,11 @@ Rake::TestTask.new("run_tests") do |t|
   t.pattern = 'test/*/*_test.rb'
   t.verbose = true
 end
+
+task :merge do
+	system "git checkout master"
+	system "get merge #{Risu::VERSION}"
+	system "git push"
+end
+
+task :default => [:test_sqlite]

data/bin/risu

@@ -1,5 +1,5 @@
 #!/usr/bin/env ruby
-#
+
 # Copyright (c) 2010-2012 Arxopia LLC.
 # All rights reserved.
 #

data/lib/risu.rb

@@ -26,7 +26,7 @@
 
 module Risu
 	APP_NAME = "risu"
-	VERSION = "1.5.2"
+	VERSION = "1.5.3"
 	GRAPH_WIDTH = 750
 	EMAIL = "jacob.hammack@hammackj.com"
 	CONFIG_FILE = "./risu.cfg"

data/lib/risu/base/schema.rb

@@ -114,6 +114,14 @@ module Risu
 					t.integer :severity
 					t.string :plugin_name
 					t.boolean :verified
+					t.string :cm_compliance_info
+					t.string :cm_compliance_actual_value
+					t.string :cm_compliance_check_id
+					t.string :cm_compliance_policy_value
+					t.string :cm_compliance_audit_file
+					t.string :cm_compliance_check_name
+					t.string :cm_compliance_result
+					t.string :cm_compliance_output
 				end
 
 				create_table :plugins do |t|

data/lib/risu/models/familyselection.rb

@@ -28,7 +28,6 @@ module Risu
 	module Models
 
 		# FamilySelection Model
-		#
 		class FamilySelection < ActiveRecord::Base
 		  belongs_to :policy
 		end

data/lib/risu/models/host.rb

@@ -91,6 +91,48 @@ module Risu
 					where("os NOT LIKE '%Windows NT%'")
 				end
 
+				# Queries for hosts with a Windows 98 based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_98
+					where("os LIKE '%Windows 98%'")
+				end
+
+				# Negation query for all hosts with a Windows 98 based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_98
+					where("os NOT LIKE '%Windows 98%'")
+				end
+
+				# Queries for hosts with a Windows 98 based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_me
+					where("os LIKE '%Windows 98%'")
+				end
+
+				# Negation query for all hosts with a Windows 98 based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_me
+					where("os NOT LIKE '%Windows Millennium%'")
+				end
+
+				# Queries for hosts with a Windows 95 based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_95
+					where("os LIKE '%Windows 95%'")
+				end
+
+				# Negation query for all hosts with a Windows 95 based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_95
+					where("os NOT LIKE '%Windows 95%'")
+				end
+
 				# Queries for hosts with a Windows 2000 based Operating System
 				#
 				# @return [ActiveRecord::Relation] with the query results
@@ -454,21 +496,35 @@ module Risu
 
 				# @todo comments
 				def unsupported_os_windows
+					win_95_text = ""
+					win_98_text = ""
+					win_me_text = ""
 					win_nt_text = ""
 					win_2000_text = ""
+					win_95 = Host.os_windows_95
+					win_98 = Host.os_windows_98
+					win_me = Host.os_windows_me
 					win_nt = Host.os_windows_nt
 					win_2000 = Host.os_windows_2k
 
 					#Host.os_windows.not_os_windows_7.not_os_windows_2008.not_os_windows_vista.not_os_windows_2003.not_os_windows_xp
 
-					win_nt_text = "Windows NT is an unsupported operating system; Microsoft has stopped support as of June 2004. " +
+					win_95_text = "Windows 95 is an unsupported operating system; Microsoft has stopped support as of December 2001. " +
+					"Please see http://en.wikipedia.org/wiki/Windows_95 for more information.\n\n" if win_95.count >= 1
+
+					win_98_text = "Windows 98 is an unsupported operating system; Microsoft has stopped support as of July 2006. " +
+					"Please see http://support.microsoft.com/gp/lifean18 for more information.\n\n" if win_98.count >= 1
+
+					win_me_text = "Windows Millennium is an unsupported operating system; Microsoft has stopped support as of July 2006. " +
+					"Please see http://support.microsoft.com/gp/lifean18 for more information.\n\n" if win_me.count >= 1
+
+					win_nt_text = "Windows NT is an unsupported operating system; Microsoft has stopped support as of December 2004. " +
 					"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_nt.count >= 1
 
-					win_2000_text = "Windows 2000 is an unsupported operating system; Microsoft has stopped support as of June 2004. " +
+					win_2000_text = "Windows 2000 is an unsupported operating system; Microsoft has stopped support as of July 2010. " +
 					"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_2000.count >= 1
 
-					return "#{win_nt_text}#{win_2000_text}"
-
+					return "#{win_95_text}#{win_98_text}#{win_me_text}#{win_nt_text}#{win_2000_text}"
 				end
 
 				# @todo comments

data/lib/risu/parsers/nessus/nessus_document.rb

@@ -29,11 +29,9 @@ module Risu
 		module Nessus
 
 			# A Object to represents the Nessus XML file in memory
-			#
 			class NessusDocument
 
 				# Creates a instance of the NessusDocument class
-				#
 				def initialize document
 					@document = document
 				end
@@ -68,7 +66,6 @@ module Risu
 				end
 
 				# Invokes the SAX parser on the XML document
-				#
 				def parse
 					@parser = LibXML::XML::SaxParser.file @document
 					@parser.callbacks = NessusSaxListener.new
@@ -76,7 +73,6 @@ module Risu
 				end
 
 				# Fixes the ip field if nil and replaces it with the name if its an ip
-				#
 				def fix_ips
 					@hosts = Host.all
 

data/lib/risu/parsers/nessus/nessus_sax_listener.rb

@@ -24,8 +24,6 @@
 #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 #OF THE POSSIBILITY OF SUCH DAMAGE.
 
-#require 'risu'
-
 ActiveRecord::Migration.verbose = false
 
 module Risu
@@ -33,12 +31,10 @@ module Risu
 		module Nessus
 
 			# NessusSaxListener
-			#
 			class NessusSaxListener
 				include LibXML::XML::SaxParser::Callbacks
 
 				# Sets up a array of all valid XML fields
-				#
 				def initialize
 					@vals = Hash.new
 
@@ -58,7 +54,9 @@ module Risu
 						"Report", "Family", "Preferences", "PluginsPreferences", "FamilySelection", "IndividualPluginSelection", "PluginId",
 						"pci-dss-compliance", "exploitability_ease", "cvss_temporal_vector", "exploit_framework_core", "cvss_temporal_score",
 						"exploit_available", "metasploit_name", "exploit_framework_canvas", "canvas_package", "exploit_framework_metasploit",
-						"plugin_type", "exploithub_sku", "exploit_framework_exploithub", "stig_severity", "plugin_name", "fname", "always_run"
+						"plugin_type", "exploithub_sku", "exploit_framework_exploithub", "stig_severity", "plugin_name", "fname", "always_run",
+						"cm:compliance-info", "cm:compliance-actual-value", "cm:compliance-check-id", "cm:compliance-policy-value",
+						"cm:compliance-audit-file", "cm:compliance-check-name", "cm:compliance-result", "cm:compliance-output"
 					]
 
 						@valid_elements = @valid_elements + @valid_references
@@ -274,6 +272,15 @@ module Risu
 						when "ReportItem"
 							@ri.plugin_output = @vals["plugin_output"]
 							@ri.plugin_name = @vals["plugin_name"]
+							@ri.cm_compliance_info = @vals["cm:compliance-info"]
+							@ri.cm_compliance_actual_value = @vals["cm:compliance-actual-value"]
+							@ri.cm_compliance_check_id = @vals["cm:compliance-check-id"]
+							@ri.cm_compliance_policy_value= @vals["cm:compliance-policy-value"]
+							@ri.cm_compliance_audit_file = @vals["cm:compliance-audit-file"]
+							@ri.cm_compliance_check_name = @vals["cm:compliance-check-name"]
+							@ri.cm_compliance_result = @vals["cm:compliance-result"]
+							@ri.cm_compliance_output = @vals["cm:compliance-output"]
+
 							@ri.save
 
 							@plugin.attributes = {

data/risu.gemspec

@@ -1,9 +1,9 @@
 # Copyright (c) 2010-2012 Arxopia LLC.
 # All rights reserved.
-
+#
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
-
+#
 #     * Redistributions of source code must retain the above copyright
 #       notice, this list of conditions and the following disclaimer.
 #     * Redistributions in binary form must reproduce the above copyright
@@ -12,7 +12,7 @@
 #     * Neither the name of the Arxopia LLC nor the names of its contributors
 #     	may be used to endorse or promote products derived from this software
 #     	without specific prior written permission.
-
+#
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: risu
 version: !ruby/object:Gem::Version
-  version: 1.5.2
+  version: 1.5.3
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-07-31 00:00:00.000000000 Z
+date: 2012-08-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: simplecov