risu 1.7.2 → 1.7.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0073dd7b2895f69ff1d3515c21c91ccc14ba437d
-  data.tar.gz: 1eea60625dad86ec77f8d6966cd66e01f989cd3f
+  metadata.gz: 3976d26d2c92a443ccbc3a367a78f452e1bf959e
+  data.tar.gz: 0d8c53e2188555be31370de88051c3b033ab5e25
 SHA512:
-  metadata.gz: 813332cd080c91dee71d85441a0977ff18b93febfb592286b70df0f38ea7b2b32fde77f6346bf92efc8c4e418726beaa0bd8621b80bc78874270fb4ea9af3fe9
-  data.tar.gz: bed6c5350c538f1a0d378558c7c196f7a2d712d0bbe383dd0d4ea9ed9c9c81c3e62641506208545d3760bce0552cd0bb5c4541e5e8f1e65ffcae49ad5c25eace
+  metadata.gz: bdee561ba2e2d97d7c07cc211b469c51fabc303c7ceaa673fb92aaa8141d52fa53c9a6c28054002ba8a548d1d6e1e9787bb1c44ce49fc4bf5836ea6cb31fb05a
+  data.tar.gz: baed03ceb606c9034731555abe4857552a61e97453a5dbd15ed6b72cef40a3a33f1fd5e4c03aa61ddc23b8f604a3985e6c3f35c4cff0fed649e5d737be011cef

data/NEWS.markdown

@@ -1,5 +1,15 @@
 # News
 
+# 1.7.3 (January 8, 2015)
+- Parser Optimizations by [@bluehavana]
+- Renamed Attachment.type to Attachment.ttype, due to a rails naming issue
+- Added SAX Parser tests for Attachments
+- Rewrote the technical_findings template
+- Template Helper
+	- Added title method
+	- Added definition method
+- Fixed various bugs
+
 # 1.7.2 (January 5, 2015)
 - Updated Copyrights / etc
 - Added VMware ESXi Post Processing

data/lib/risu.rb

@@ -26,7 +26,7 @@
 
 module Risu
 	APP_NAME = "risu"
-	VERSION = "1.7.2"
+	VERSION = "1.7.3"
 	GRAPH_WIDTH = 750
 	#                  red     orange  yellow  green    blue   purple        grey           pink
 	GRAPH_COLORS = %w(#d2403f #ec9241 #fcc343 #50ad51 #397bbb #8E6B8E black #cccccc brown #e52d89)

data/lib/risu/base/schema.rb

@@ -165,7 +165,7 @@ module Risu
 				create_table :attachments do |t|
 					t.integer :item_id
 					t.string :name
-					t.string :type
+					t.string :ttype
 					t.string :ahash
 					t.text :value
 				end

data/lib/risu/base/shares_template_helper.rb

@@ -144,7 +144,7 @@ module Risu
 				heading1 "Poor Security Practice" if poor_count > 0
 
 				#Anon ftp/smb + clear text
-				@output.text anon_ftp_text + anon_smb_text + anonymous_access_text if anon_ftp_count > 1 || anon_smb_count > 1
+				@output.text anon_ftp_text + anon_smb_text + anonymous_access_text if anon_ftp_count > 0 || anon_smb_count > 0
 				@output.text "\n"
 				@output.text "\n"
 			end

data/lib/risu/base/template_helper.rb

@@ -73,45 +73,52 @@ module Risu
 				@output.text text, options
 			end
 
-			#
-			def heading1 title
-				@output.font_size(24) do
-					@output.text title, :style => :bold
+			def title(text, size=18, color='#000000')
+				@output.font_size(size) do
+					@output.fill_color color.gsub('#', '')
+					@output.text text, :style => :bold
+					@output.fill_color "000000"
 				end
+
+				@output.text "\n"
 			end
 
-			#
-			def heading2 title
-				@output.font_size(18) do
-					@output.text title, :style => :bold
+			def definition term, text, options = {}
+				if text != nil
+					@output.text "\n#{term}", :style => :bold
+					@output.text text, options
 				end
 			end
 
 			#
-			def heading3 title
-				@output.font_size(14) do
-					@output.text title, :style => :bold
-				end
+			def heading1 title_text
+				title title_text, 24
 			end
 
 			#
-			def heading4 title
-				@output.font_size(12) do
-					@output.text title, :style => :bold
-				end
+			def heading2 title_text
+				title title_text, 18
 			end
 
 			#
-			def heading5 title
-				@output.font_size(10) do
-					@output.text title, :style => :bold
-				end
+			def heading3 title_text
+				title title_text, 14
+			end
+
+			#
+			def heading4 title_text
+				title title_text, 12
+			end
+
+			#
+			def heading5 title_text
+				title title_text, 10
 			end
 
 			#
-			def heading6 title
+			def heading6 title_text
 				@output.font_size(8) do
-					@output.text title, :style => :bold
+					@output.text title_text, :style => :bold
 				end
 			end
 

data/lib/risu/parsers/nessus/nessus_sax_listener.rb

@@ -24,6 +24,8 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 # OF THE POSSIBILITY OF SUCH DAMAGE.
 
+require 'set'
+
 ActiveRecord::Migration.verbose = false
 
 module Risu
@@ -34,64 +36,125 @@ module Risu
 			class NessusSaxListener
 				include LibXML::XML::SaxParser::Callbacks
 
-				# Sets up a array of all valid XML fields
+				# An array of valid reference element names
+				VALID_REFERENCES = Set.new(%w[
+					cpe bid see_also xref cve iava msft
+					osvdb cert edb-id rhsa secunia suse dsa
+					owasp cwe iavb iavt cisco-sa ics-alert
+					cisco-bug-id cisco-sr cert-vu vmsa apple-sa
+					icsa cert-cc msvr usn hp glsa freebsd
+				])
+
+				# An array of valid host properties
+				VALID_HOST_PROPERTIES = Set.new(%w[
+					HOST_END mac-address HOST_START operating-system host-ip host-fqdn netbios-name
+					local-checks-proto smb-login-used ssh-auth-meth ssh-login-used pci-dss-compliance
+					pci-dss-compliance: system-type bios-uuid pcidss:compliance:failed pcidss:compliance:passed
+					pcidss:deprecated_ssl pcidss:expired_ssl_certificate pcidss:high_risk_flaw pcidss:medium_risk_flaw
+					pcidss:reachable_db pcidss:www:xss pcidss:directory_browsing pcidss:known_credentials
+					pcidss:compromised_host:worm pcidss:obsolete_operating_system pcidss:dns_zone_transfer
+					pcidss:unprotected_mssql_db pcidss:obsolete_software pcidss:www:sql_injection pcidss:backup_files
+					traceroute-hop-0 traceroute-hop-1 traceroute-hop-2 operating-system-unsupported patch-summary-total-cves
+					pcidss:insecure_http_methods LastUnauthenticatedResults LastAuthenticatedResults cpe-0 cpe-1
+					cpe-2 cpe-3 Credentialed_Scan policy-used UnsupportedProduct:microsoft:windows_xp::sp2
+					UnsupportedProduct:microsoft:windows_xp UnsupportedProduct:microsoft:windows_2000 UnsupportedProduct
+				])
+
+				# An array of all valid elements expected during parsing
+				VALID_ELEMENTS = VALID_REFERENCES \
+					+ Set.new(%w[ReportItem plugin_version risk_factor
+					description cvss_base_score solution item plugin_output tag synopsis plugin_modification_date
+					FamilyName FamilyItem Status vuln_publication_date ReportHost HostProperties preferenceName
+					preferenceValues preferenceType fullName pluginId pluginName selectedValue selectedValue
+					name value preference plugin_publication_date cvss_vector patch_publication_date
+					NessusClientData_v2 Policy PluginName ServerPreferences policyComments policyName PluginItem
+					Report Family Preferences PluginsPreferences FamilySelection IndividualPluginSelection PluginId
+					pci-dss-compliance exploitability_ease cvss_temporal_vector exploit_framework_core cvss_temporal_score
+					exploit_available metasploit_name exploit_framework_canvas canvas_package exploit_framework_metasploit
+					plugin_type exploithub_sku exploit_framework_exploithub stig_severity plugin_name fname always_run
+					cm:compliance-info cm:compliance-actual-value cm:compliance-check-id cm:compliance-policy-value
+					cm:compliance-audit-file cm:compliance-check-name cm:compliance-result cm:compliance-output policyOwner
+					visibility script_version attachment policy_comments d2_elliot_name exploit_framework_d2_elliot
+					exploited_by_malware compliance
+				])
+
+				# TODO: documentation. These are never used in the class
+				VALID_HOST_PROPERTIES_REGEX = [
+					"patch-summary-cve-num", "patch-summary-cves", "patch-summary-txt", "cpe-\d+", "KB\d+"
+				]
+
+				# Map of host properties to symbols for use with ActiveRecord
+				#   interfaces
+				#
+				# These are the more commonly used host properties,
+				#   mapping them here to store in the host table
+				HOST_PROPERTIES_MAPPING = {
+					"HOST_END" => :end,
+					"mac-address" => :mac,
+					"HOST_START" => :start,
+					"operating-system" => :os,
+					"host-ip" => :ip,
+					"host-fqdn" => :fqdn,
+					"netbios-name" => :netbios
+				}
+
+				# Used to map element names to private methods so
+				#   that the methods can be called when the parser
+				#   encounters the opening of an element.
+				#
+				# {"ElementName" => :start_method_to_be_called}
+				#
+				# @example call #start_policy for a "Policy" element
+				#   element = "Policy"
+				#   send(DYNAMIC_START_METHOD_NAMES[element], element, attributes)
+				#
+				# @param element [String] the element name starting to be parsed
+				# @param attributes [Array<Hash{Sring=>String}>] the array of
+				#   key value pairs for the element that is starting to be parsed
+				DYNAMIC_START_METHOD_NAMES = {
+					"Policy" => :start_policy,
+					"preference" => :start_preference,
+					"item" => :start_item,
+					"FamilyItem" => :start_family_item,
+					"PluginItem" => :start_plugin_item,
+					"Report" => :start_report,
+					"ReportHost" => :start_report_host,
+					"tag" => :start_tag,
+					"ReportItem" => :start_report_item,
+					"attachment" => :start_attachment
+				}
+
+				# @see DYNAMIC_START_MEHTOD_NAMES
+				#
+				# @note only one argument for the methods
+				#
+				# @example call #end_policy_name for a "policyName" element
+				#   element = "policyName"
+				#   send(DYNAMIC_END_METHOD_NAMES[element], element)
+				#
+				# @param element [String] the name of the element ending
+				DYNAMIC_END_METHOD_NAMES = {
+					"policyName" => :end_policy_name,
+					"policyComments" => :end_policy_comments,
+					"policy_comments" => :end_policy_comments,
+					"policyOwner" => :end_policy_owner,
+					"visibility" => :end_visibility,
+					"preference" => :end_preference,
+					"item" => :end_item,
+					"FamilyItem" => :end_family_item,
+					"PluginItem" => :end_plugin_item,
+					"tag" => :end_tag,
+					"ReportItem" => :end_report_item,
+					"attachment" => :end_attachment
+				}
+
+				private_constant :DYNAMIC_END_METHOD_NAMES, :DYNAMIC_START_METHOD_NAMES,
+					:HOST_PROPERTIES_MAPPING, :VALID_HOST_PROPERTIES_REGEX, :VALID_HOST_PROPERTIES,
+					:VALID_ELEMENTS, :VALID_REFERENCES
+
+				# vals tracks state for elements encountered during parsing
 				def initialize
 					@vals = Hash.new
-
-					@valid_references = Array[
-						"cpe", "bid", "see_also", "xref", "cve", "iava", "msft",
-						"osvdb", "cert", "edb-id", "rhsa", "secunia", "suse", "dsa",
-						"owasp", "cwe", "iavb", "iavt", "cisco-sa", "ics-alert",
-						"cisco-bug-id", "cisco-sr", "cert-vu", "vmsa", "apple-sa",
-						"icsa", "cert-cc", "msvr", "usn", "hp", "glsa", "freebsd"
-					]
-
-					@valid_host_properties = Array[
-						"HOST_END", "mac-address", "HOST_START", "operating-system", "host-ip", "host-fqdn", "netbios-name",
-						"local-checks-proto", "smb-login-used", "ssh-auth-meth", "ssh-login-used", "pci-dss-compliance",
-						"pci-dss-compliance:", "system-type", "bios-uuid", "pcidss:compliance:failed", "pcidss:compliance:passed",
-						"pcidss:deprecated_ssl", "pcidss:expired_ssl_certificate", "pcidss:high_risk_flaw", "pcidss:medium_risk_flaw",
-						"pcidss:reachable_db", "pcidss:www:xss", "pcidss:directory_browsing", "pcidss:known_credentials",
-						"pcidss:compromised_host:worm", "pcidss:obsolete_operating_system", "pcidss:dns_zone_transfer",
-						"pcidss:unprotected_mssql_db", "pcidss:obsolete_software", "pcidss:www:sql_injection", "pcidss:backup_files",
-						"traceroute-hop-0", "traceroute-hop-1", "traceroute-hop-2", "operating-system-unsupported", "patch-summary-total-cves",
-						"pcidss:insecure_http_methods", "LastUnauthenticatedResults", "LastAuthenticatedResults", "cpe-0", "cpe-1", 
-						"cpe-2", "cpe-3", "Credentialed_Scan", "policy-used", "UnsupportedProduct:microsoft:windows_xp::sp2",
-						"UnsupportedProduct:microsoft:windows_xp", "UnsupportedProduct:microsoft:windows_2000", "UnsupportedProduct"
-					]
-
-					@valid_host_properties_regex = Array[
-						"patch-summary-cve-num", "patch-summary-cves", "patch-summary-txt", "cpe-\d+", "KB\d+"
-					]
-
-					@valid_elements = Array["ReportItem", "plugin_version", "risk_factor",
-						"description", "cvss_base_score", "solution", "item", "plugin_output", "tag", "synopsis", "plugin_modification_date",
-						"FamilyName", "FamilyItem", "Status", "vuln_publication_date", "ReportHost", "HostProperties", "preferenceName",
-						"preferenceValues", "preferenceType", "fullName", "pluginId", "pluginName", "selectedValue", "selectedValue",
-						"name", "value", "preference", "plugin_publication_date", "cvss_vector", "patch_publication_date",
-						"NessusClientData_v2", "Policy", "PluginName", "ServerPreferences", "policyComments", "policyName", "PluginItem",
-						"Report", "Family", "Preferences", "PluginsPreferences", "FamilySelection", "IndividualPluginSelection", "PluginId",
-						"pci-dss-compliance", "exploitability_ease", "cvss_temporal_vector", "exploit_framework_core", "cvss_temporal_score",
-						"exploit_available", "metasploit_name", "exploit_framework_canvas", "canvas_package", "exploit_framework_metasploit",
-						"plugin_type", "exploithub_sku", "exploit_framework_exploithub", "stig_severity", "plugin_name", "fname", "always_run",
-						"cm:compliance-info", "cm:compliance-actual-value", "cm:compliance-check-id", "cm:compliance-policy-value",
-						"cm:compliance-audit-file", "cm:compliance-check-name", "cm:compliance-result", "cm:compliance-output", "policyOwner",
-						"visibility", "script_version", "attachment", "policy_comments", "d2_elliot_name", "exploit_framework_d2_elliot",
-						"exploited_by_malware", "compliance"
-					]
-
-					@valid_elements = @valid_elements + @valid_references
-
-					# These are the more commonly used host properties, mapping them here to store in the host table
-					@host_properties_mapping = {
-						"HOST_END" => :end,
-						"mac-address" => :mac,
-						"HOST_START" => :start,
-						"operating-system" => :os,
-						"host-ip" => :ip,
-						"host-fqdn" => :fqdn,
-						"netbios-name" => :netbios
-					}
 				end
 
 				# Callback for when the start of a XML element is reached
@@ -102,95 +165,14 @@ module Risu
 					@tag = element
 					@vals[@tag] = ""
 
-					if !@valid_elements.include?(element)
+					if !VALID_ELEMENTS.include?(element)
 						puts "New XML element detected: #{element}. Please report this at #{Risu::GITHUB}/issues/new or via email to #{Risu::EMAIL}"
 					end
 
-					case element
-						when "Policy"
-							@policy = Risu::Models::Policy.create
-							@policy.save
-						when "preference"
-							@sp = @policy.server_preferences.create
-							@sp.save
-						when "item"
-							@item = @policy.plugins_preferences.create
-							@item.save
-						when "FamilyItem"
-							@family = @policy.family_selections.create
-							@family.save
-						when "PluginItem"
-							@plugin_selection = @policy.individual_plugin_selections.create
-							@plugin_selection.save
-						when "Report"
-							@report = @policy.reports.create
-							@report.name = attributes["name"]
-							@report.save
-						when "ReportHost"
-							@rh = @report.hosts.create
-							@rh.name = attributes["name"]
-							@rh.save
-						when "tag"
-							@attr = nil
-							@hp = @rh.host_properties.create
-
-							if attributes["name"] =~ /[M|m][S|s]\d{2,}-\d{2,}/
-								@attr = if attributes["name"] =~ /[M|m][S|s]\d{2,}-\d{2,}/
-											attributes["name"]
-										else
-											nil
-										end
-							#Ugly as fuck. Really this needs to be rewritten. Fuck.
-							elsif attributes['name'] =~ /patch-summary-cve-num/ ||
-								attributes['name'] =~ /patch-summary-cves/ ||
-								attributes['name'] =~ /patch-summary-txt/ ||
-								attributes['name'] =~ /cpe-\d+/ ||
-								attributes['name'] =~ /KB\d+/
-								@attr = if attributes["name"] =~ /patch-summary-cve-num/ ||
-								attributes['name'] =~ /patch-summary-cves/ ||
-								attributes['name'] =~ /patch-summary-txt/ ||
-								attributes['name'] =~ /cpe-\d+/ ||
-								attributes['name'] =~ /KB\d+/
-											attributes["name"]
-										else
-											nil
-										end
-							else
-								@attr = if @valid_host_properties.include?(attributes["name"])
-									attributes["name"]
-								else
-									nil
-								end
-							end
-
-							# implicit nil check?
-							if attributes["name"] !~ /(netstat-(?:established|listen)-(?:tcp|udp)\d+-\d+)/ && attributes["name"] !~ /traceroute-hop-\d+/
-								puts "New HostProperties attribute: #{attributes["name"]}. Please report this at #{Risu::GITHUB}/issues/new or via email to #{Risu::EMAIL}\n" if @attr.nil?
-							end
-						when "ReportItem"
-							@vals = Hash.new # have to clear this out or everything has the same references
-							@ri = @rh.items.create
-							if attributes["pluginID"] == "0"
-								@plugin = Risu::Models::Plugin.find_or_create_by(:id => 1)
-							else
-								@plugin = Risu::Models::Plugin.find_or_create_by(:id => attributes["pluginID"])
-							end
-
-							@ri.port = attributes["port"]
-							@ri.svc_name = attributes["svc_name"]
-							@ri.protocol = attributes["protocol"]
-							@ri.severity = attributes["severity"]
-
-							@ri.plugin_id = @plugin.id
-							@plugin.plugin_name = attributes["pluginName"]
-							@plugin.family_name = attributes["pluginFamily"]
-							@plugin.save
-							@ri.save
-						when "attachment"
-							@attachment = @ri.attachments.create
-							@attachment.name = attributes['name']
-							@attachment.type = attributes['type']
-							@attachment.save
+					if DYNAMIC_START_METHOD_NAMES.key?(element)
+						# Dynamic dispatch to private instance "policyComments"methods in the const hash
+						#   DYNAMIC_START_METHOD_NAMES where {"element" => :start_element}
+						send(DYNAMIC_START_METHOD_NAMES[element], element, attributes)
 					end
 				end
 
@@ -210,160 +192,221 @@ module Risu
 				# @param element
 				def on_end_element(element)
 					@tag = nil
-					case element
-						when "policyName"
-							@policy.attributes = {
-								:name => @vals["policyName"]
-							}
-							@policy.save
-
-						when "policyComments"
-							@policy.attributes = {
-								:comments => @vals["policyComments"]
-							}
-							@policy.save
-
-						when "policy_comments"
-							@policy.attributes = {
-								:comments => @vals["policy_comments"]
-							}
-							@policy.save
-
-						when "policyOwner"
-							@policy.attributes = {
-								:owner => @vals["policyOwner"]
-							}
-							@policy.save
-
-						when "visibility"
-							@policy.attributes = {
-								:visibility => @vals["visibility"]
-							}
-							@policy.save
-
-						when "preference"
-							@sp.attributes = {
-								:name => @vals["name"],
-								:value => @vals["value"]
-							}
-							@sp.save
-
-							#This takes a really long time, there is about 34,000 pluginIDs in this
-							#field and it takes about 36 minutes to parse just this info =\
-							#lets pre-populate the plugins table with the known plugin_id's
-							#if @vals["name"] == "plugin_set"
-							#	 @all_plugins = @vals["value"].split(";")
-							#
-							#	 @all_plugins.each { |p|
-							#			@plug = Plugin.find_or_create_by_id(p)
-							#			@plug.save
-							#	 }
-							#end
-						when "item"
-							@item.attributes = {
-								:plugin_name => @vals["pluginName"],
-								:plugin_id => @vals["pluginId"],
-								:fullname => @vals["fullName"],
-								:preference_name => @vals["preferenceName"],
-								:preference_type => @vals["preferenceType"],
-								:preference_values => @vals["preferenceValues"],
-								:selected_values => @vals["selectedValue"]
-							}
-
-							@item.save
-						when "FamilyItem"
-							@family.attributes = {
-								:family_name => @vals["FamilyName"],
-								:status => @vals["Status"]
-							}
-
-							@family.save
-						when "PluginItem"
-							@plugin_selection.attributes = {
-								:plugin_id => @vals["PluginId"],
-								:plugin_name => @vals["PluginName"],
-								:family => @vals["Family"],
-								:status => @vals["Status"]
-							}
-
-							@plugin_selection.save
-						when "tag"
-							if @attr =~ /[M|m][S|s]\d{2}-\d{2,}/
-								@patch = @rh.patches.create
-								@patch.name = @attr
-								@patch.value = @vals['tag']
-								@patch.save
-							else
-								@rh.attributes = {@host_properties_mapping[@attr] => @vals["tag"].gsub("\n", ",") } if @host_properties_mapping.keys.include?(@attr)
-								@rh.save
-
-								@hp.name = @attr
-								@hp.value = @vals['tag']
-								@hp.save
-
-							end if @attr != nil
-						#We cannot handle the references in the same block as the rest of the ReportItem tag because
-						#there tends to be more than of the different types of reference per ReportItem, this causes issue for a sax
-						#parser. To solve this we do the references before the final plugin data, Valid references must be added
-						#the @valid_reference array at the top to be parsed.
-						# *@valid_reference, does a 'when' on each element of the @valid_references array, pure magic
-						when *@valid_references
-							@ref = @plugin.references.create
-							@ref.reference_name = element
-							@ref.value = @vals["#{element}"]
-							@ref.save
-						when "ReportItem"
-							@ri.plugin_output = @vals["plugin_output"]
-							@ri.plugin_name = @vals["plugin_name"]
-							@ri.cm_compliance_info = @vals["cm:compliance-info"]
-							@ri.cm_compliance_actual_value = @vals["cm:compliance-actual-value"]
-							@ri.cm_compliance_check_id = @vals["cm:compliance-check-id"]
-							@ri.cm_compliance_policy_value= @vals["cm:compliance-policy-value"]
-							@ri.cm_compliance_audit_file = @vals["cm:compliance-audit-file"]
-							@ri.cm_compliance_check_name = @vals["cm:compliance-check-name"]
-							@ri.cm_compliance_result = @vals["cm:compliance-result"]
-							@ri.cm_compliance_output = @vals["cm:compliance-output"]
-
-							@ri.save
-
-							@plugin.attributes = {
-								:solution => @vals["solution"],
-								:risk_factor => @vals["risk_factor"],
-								:description => @vals["description"],
-								:plugin_publication_date => @vals["plugin_publication_date"],
-								:plugin_modification_date => @vals["plugin_modification_date"],
-								:synopsis => @vals["synopsis"],
-								:plugin_type => @vals["plugin_type"],
-								:cvss_vector => @vals["cvss_vector"],
-								:cvss_base_score => @vals["cvss_base_score"].to_f,
-								:vuln_publication_date => @vals["vuln_publication_date"],
-								:plugin_version => @vals["plugin_version"],
-								:cvss_temporal_score => @vals["cvss_temporal_score"],
-								:cvss_temporal_vector => @vals["cvss_temporal_vector"],
-								:exploitability_ease => @vals["exploitability_ease"],
-								:exploit_framework_core => @vals["exploit_framework_core"],
-								:exploit_available => @vals["exploit_available"],
-								:exploit_framework_metasploit => @vals["exploit_framework_metasploit"],
-								:metasploit_name => @vals["metasploit_name"],
-								:exploit_framework_canvas => @vals["exploit_framework_canvas"],
-								:canvas_package => @vals["canvas_package"],
-								:exploit_framework_exploithub => @vals["exploit_framework_exploithub"],
-								:exploithub_sku => @vals["exploithub_sku"],
-								:stig_severity => @vals["stig_severity"],
-								:fname => @vals["fname"],
-								:always_run => @vals["always_run"],
-								:script_version => @vals["script_version"],
-								:exploited_by_malware => @vals["exploited_by_malware"],
-								:compliance => @vals["compliance"]
-							}
-							@plugin.save
-						when "attachment"
-							@attachment.attributes = {
-								:ahash => @vals['attachment']
-							}
-							@attachment.save
+
+					if DYNAMIC_END_METHOD_NAMES.key?(element)
+						# Dynamic dispatch to private instance methods in the const hash
+						#   DYNAMIC_END_METHOD_NAMES where {"element" => :end_element}
+						send(DYNAMIC_END_METHOD_NAMES[element], element)
+					elsif VALID_REFERENCES.include?(element)
+						end_valid_reference(element)
+					end
+				end
+
+				private
+
+				# Dynamic dispatch start element methods
+				def start_policy(_element, _attributes)
+					@policy = Risu::Models::Policy.create
+				end
+
+				def start_preference(_element, _attributes)
+					@sp = @policy.server_preferences.create
+				end
+
+				def start_item(_element, _attributes)
+					@item = @policy.plugins_preferences.create
+				end
+
+				def start_family_item(_element, _attributes)
+					@family = @policy.family_selections.create
+				end
+
+				def start_plugin_item(_element, _attributes)
+					@plugin_selection = @policy.individual_plugin_selections.create
+				end
+
+				def start_report(_element, attributes)
+					@report = @policy.reports.create(:name => attributes["name"])
+				end
+
+				def start_report_host(_element, attributes)
+					@rh = @report.hosts.create(:name => attributes["name"])
+				end
+
+				def start_tag(_, attributes)
+					@attr = nil
+					@hp = @rh.host_properties.create
+
+					if attributes["name"] =~ /[M|m][S|s]\d{2,}-\d{2,}/
+						@attr = attributes["name"]
+					#Ugly as fuck. Really this needs to be rewritten. Fuck.
+					elsif attributes['name'] =~ /
+									(?:patch-summary-cve-num)
+									| (?:patch-summary-cves)
+									| (?:patch-summary-txt)
+									| (?:cpe-\d+)
+									| (?:KB\d+)
+								/x
+						@attr = attributes["name"]
+					elsif VALID_HOST_PROPERTIES.include?(attributes["name"])
+						@attr = attributes["name"]
+					end
+
+					# implicit nil check?
+					if attributes["name"] !~ /(netstat-(?:established|listen)-(?:tcp|udp)\d+-\d+)/ \
+							&& attributes["name"] !~ /traceroute-hop-\d+/ \
+							&& @attr.nil?
+						puts "New HostProperties attribute: #{attributes["name"]}. Please report this at #{Risu::GITHUB}/issues/new or via email to #{Risu::EMAIL}\n"
 					end
 				end
+
+				def start_report_item(_element, attributes)
+					@vals = Hash.new # have to clear this out or everything has the same references
+
+					if attributes["pluginID"] == "0"
+						@plugin = Risu::Models::Plugin.find_or_create_by(:id => 1)
+					else
+						@plugin = Risu::Models::Plugin.find_or_create_by(:id => attributes["pluginID"]) do |plugin|
+							plugin.plugin_name = attributes["pluginName"]
+							plugin.family_name = attributes["pluginFamily"]
+						end
+					end
+
+					@ri = @rh.items.create(:port => attributes["port"],
+									:svc_name => attributes["svc_name"],
+									:protocol => attributes["protocol"],
+									:severity => attributes["severity"],
+									:plugin_id => @plugin.id)
+
+					@plugin.save
+				end
+
+				def start_attachment(_element, attributes)
+					@attachment = @ri.attachments.create(:name => attributes['name'], :ttype => attributes['type'])
+				end
+
+				# Dynamic dispatch end element methods
+				def end_policy_name(_)
+					@policy.update(:name => @vals["policyName"])
+				end
+
+				def end_policy_comments(element)
+					return unless element == "policyComments" || element == "policy_comments"
+					@policy.update(:comments => @vals[element])
+				end
+
+				def end_policy_owner(_)
+					@policy.update(:owner => @vals["policyOwner"])
+				end
+
+				def end_visibility(_)
+					@policy.update(:visibility => @vals["visibility"])
+				end
+
+				def end_preference(_)
+					@sp.update(:name => @vals["name"], :value => @vals["value"])
+				end
+
+					# This takes a really long time, there is about 34,000 pluginIDs in this
+					# field and it takes about 36 minutes to parse just this info =\
+					# lets pre-populate the plugins table with the known plugin_id's
+					#
+					# if @vals["name"] == "plugin_set"
+					# 	 @all_plugins = @vals["value"].split(";")
+					#
+					# 	 @all_plugins.each { |p|
+					# 			@plug = Plugin.find_or_create_by_id(p)
+					# 			@plug.save
+					# 	 }
+					# end
+				def end_item(_)
+					@item.update(:plugin_name => @vals["pluginName"],
+						:plugin_id => @vals["pluginId"], :fullname => @vals["fullName"],
+						:preference_name => @vals["preferenceName"],
+						:preference_type => @vals["preferenceType"],
+						:preference_values => @vals["preferenceValues"],
+						:selected_values => @vals["selectedValue"])
+				end
+
+				def end_family_item(_)
+					@family.update( :family_name => @vals["FamilyName"],
+						:status => @vals["Status"])
+				end
+
+				def end_plugin_item(_)
+					@plugin_selection.update(:plugin_id => @vals["PluginId"],
+						:plugin_name => @vals["PluginName"],
+						:family => @vals["Family"], :status => @vals["Status"])
+				end
+
+				def end_tag(_)
+					return if @attr.nil?
+
+					if @attr =~ /[M|m][S|s]\d{2}-\d{2,}/
+						@patch = @rh.patches.create(:name => @attr, :value => @vals['tag'])
+					else
+						if HOST_PROPERTIES_MAPPING.key?(@attr)
+							@rh.update(HOST_PROPERTIES_MAPPING[@attr] => @vals["tag"].gsub("\n", ","))
+						end
+
+						@hp.update(:name => @attr, :value => @vals['tag'])
+					end
+				end
+
+				#We cannot handle the references in the same block as the rest of the ReportItem tag because
+				#there tends to be more than of the different types of reference per ReportItem, this causes issue for a sax
+				#parser. To solve this we do the references before the final plugin data, Valid references must be added
+				#the VALID_REFERENCE set at the top to be parsed.
+				def end_valid_reference(element)
+					@ref = @plugin.references.create(:reference_name => element,
+										:value => @vals["#{element}"])
+				end
+
+				def end_report_item(_)
+					@ri.update(:plugin_output => @vals["plugin_output"],
+						:plugin_name => @vals["plugin_name"],
+						:cm_compliance_info => @vals["cm:compliance-info"],
+						:cm_compliance_actual_value => @vals["cm:compliance-actual-value"],
+						:cm_compliance_check_id => @vals["cm:compliance-check-id"],
+						:cm_compliance_policy_value => @vals["cm:compliance-policy-value"],
+						:cm_compliance_audit_file => @vals["cm:compliance-audit-file"],
+						:cm_compliance_check_name => @vals["cm:compliance-check-name"],
+						:cm_compliance_result => @vals["cm:compliance-result"],
+						:cm_compliance_output => @vals["cm:compliance-output"])
+
+					@plugin.update(:solution => @vals["solution"],
+						:risk_factor => @vals["risk_factor"],
+						:description => @vals["description"],
+						:plugin_publication_date => @vals["plugin_publication_date"],
+						:plugin_modification_date => @vals["plugin_modification_date"],
+						:synopsis => @vals["synopsis"],
+						:plugin_type => @vals["plugin_type"],
+						:cvss_vector => @vals["cvss_vector"],
+						:cvss_base_score => @vals["cvss_base_score"].to_f,
+						:vuln_publication_date => @vals["vuln_publication_date"],
+						:plugin_version => @vals["plugin_version"],
+						:cvss_temporal_score => @vals["cvss_temporal_score"],
+						:cvss_temporal_vector => @vals["cvss_temporal_vector"],
+						:exploitability_ease => @vals["exploitability_ease"],
+						:exploit_framework_core => @vals["exploit_framework_core"],
+						:exploit_available => @vals["exploit_available"],
+						:exploit_framework_metasploit => @vals["exploit_framework_metasploit"],
+						:metasploit_name => @vals["metasploit_name"],
+						:exploit_framework_canvas => @vals["exploit_framework_canvas"],
+						:canvas_package => @vals["canvas_package"],
+						:exploit_framework_exploithub => @vals["exploit_framework_exploithub"],
+						:exploithub_sku => @vals["exploithub_sku"],
+						:stig_severity => @vals["stig_severity"],
+						:fname => @vals["fname"],
+						:always_run => @vals["always_run"],
+						:script_version => @vals["script_version"],
+						:exploited_by_malware => @vals["exploited_by_malware"],
+						:compliance => @vals["compliance"])
+				end
+
+				def end_attachment(_)
+					@attachment.update(:ahash => @vals['attachment'])
+				end
 			end
 		end
 	end

data/lib/risu/parsers/nexpose/simple_nexpose.rb

@@ -34,12 +34,7 @@ module Risu
 			class SimpleNexpose
 				include LibXML::XML::SaxParser::Callbacks
 
-				# @todo comment
-				#
-				def initialize
-					@vals = Hash.new
-
-					@valid_fingerprints = {
+					VALID_FINGERPRINTS = {
 						"description" => :os,
 						"vendor" => nil,
 						"family" => nil,
@@ -49,6 +44,11 @@ module Risu
 						"architecture" => nil
 					}
 
+				# @todo comment
+				#
+				def initialize
+					@vals = Hash.new
+
 					@report = Report.create
 				end
 
@@ -93,7 +93,7 @@ module Risu
 							@in_device = false
 						when "description"
 							if @in_device && @in_fingerprint
-								@rh.attributes = { @valid_fingerprints[element] => @vals[element].gsub("\n", ",") } if @valid_fingerprints.keys.include?(element)
+								@rh.attributes = { VALID_FINGERPRINTS[element] => @vals[element].gsub("\n", ",") } if VALID_FINGERPRINTS.key?(element)
 								@rh.save
 							end
 						when "fingerprint"

data/lib/risu/templates/technical_findings.rb

@@ -34,117 +34,75 @@ module Risu
 				{
 					:name => "technical_findings",
 					:author => "hammackj",
-					:version => "0.0.8",
+					:version => "0.0.9",
 					:renderer => "PDF",
 					:description => "Generates a Technical Findings Report"
 				}
 			end
 
-			def render(output)
-				text Report.classification.upcase, :align => :center
-				text "\n"
+			def print_technical_findings(risks, text, color, last=false)
+				if risks.length > 0
+					title text, 18, color
 
-				report_title Report.title
-				report_subtitle "Critical and High Findings"
-				report_author "This report was prepared by\n#{Report.author}"
-
-				text "\n\n\n"
+					risks.each do |f|
+						hosts = Item.where(:plugin_id => f.plugin_id).group(:host_id)
+						plugin = Plugin.find_by_id(f.plugin_id)
 
-				unique_risks = Array.new
-				unique_risks << Hash[:title => "Critical Findings", :color => Risu::GRAPH_COLORS[0], :values => Item.critical_risks_unique] if Item.critical_risks_unique.to_a.size != 0
-				unique_risks << Hash[:title => "High Findings", :color => Risu::GRAPH_COLORS[1], :values => Item.high_risks_unique] if Item.high_risks_unique.to_a.size != 0
+						references = Reference.where(:plugin_id => plugin.id).group(:value).order(:reference_name)
 
-#				unique_risks << Hash[:title => "Medium Findings", :color => Risu::GRAPH_COLORS[2], :values => Item.medium_risks_unique_sorted] if Item.medium_risks_unique_sorted.to_a.size != 0
-#				unique_risks << Hash[:title => "Low Findings", :color => Risu::GRAPH_COLORS[3], :values => Item.low_risks_unique_sorted] if Item.low_risks_unique_sorted.to_a.size != 0
+						output.font_size(16) do
+							text "#{plugin.plugin_name}\n"
+						end
 
-				unique_risks.each_with_index do |h, index|
-					if h[:values].length > 0
+						if hosts.length > 1
+							text "Hosts", :style => :bold
+						else
+							text "Host", :style => :bold
+						end
 
-						output.font_size(18) do
-							output.fill_color h[:color]
-							text h[:title], :style => :bold
-							output.fill_color "000000"
+						hostlist = Array.new
+						hosts.each do |host|
+							ho = Host.find_by_id(host.host_id)
+							host_string = "#{ho.name}"
+							host_string << " (#{ho.fqdn})" if ho.fqdn != nil
+							hostlist << host_string
 						end
 
-						text "\n"
+						text hostlist.join(', ')
 
-						h[:values].each do |f|
-
-							hosts = Item.where(:plugin_id => f.plugin_id).group(:host_id)
-							plugin = Plugin.find_by_id(f.plugin_id)
-
-							references = Reference.where(:plugin_id => plugin.id).group(:value).order(:reference_name)
-
-							output.font_size(16) do
-								text "#{plugin.plugin_name}\n"
-							end
-
-							if hosts.length > 1
-								text "Hosts", :style => :bold
-							else
-								text "Host", :style => :bold
-							end
-
-							hostlist = Array.new
-							hosts.each do |host|
-								ho = Host.find_by_id(host.host_id)
-								#if h.id != blacklist_host_id.first.id
-									host_string = "#{ho.name}"
-									host_string << " (#{ho.fqdn})" if ho.fqdn != nil
-									hostlist << host_string
-								#end
-							end
-
-							text hostlist.join(', ')
-
-							if f.plugin_output != nil
-								text "\nPlugin output", :style => :bold
-								text f.plugin_output
-							end
-
-							if plugin.description != nil
-								text "\nDescription", :style => :bold
-								text plugin.description.gsub(/[ ]{2,}/, " "), :inline_format => true
-							end
-
-							if plugin.synopsis != nil
-								text "\nSynopsis", :style => :bold
-								text plugin.synopsis
-							end
-
-							if plugin.cvss_base_score != nil
-								text "\nCVSS Base Score", :style => :bold
-								text plugin.cvss_base_score
-							end
-
-							if plugin.exploit_available != nil
-								text "\nExploit Available", :style => :bold
-
-								if plugin.exploit_available == "true"
-									text "Yes"
-								else
-									text "No"
-								end
-							end
-
-							if plugin.solution != nil
-								text "\nSolution", :style => :bold
-								text plugin.solution
-							end
-
-							if references.size != 0
-								text "\nReferences", :style => :bold
-								text plugin.references.reference_string, :inline_format => true
-								plugin_url = "http://www.tenablesecurity.com/plugins/index.php?view=single&id=#{plugin.id}"
-								text "<b>nessus_plugin</b>: #{plugin_url}", :inline_format => true, :link => plugin_url
-							end
-
-							text "\n"
-						end
+						definition "Plugin output", f.plugin_output
+						definition "Description", plugin.description.gsub(/[ ]{2,}/, " ") if plugin.description != nil
+						definition "Synopsis", plugin.synopsis
+						definition "CVSS Base Score", plugin.cvss_base_score
+						definition "Exploit Available", (plugin.exploit_available == "true") ? "Yes" : "No"
+						definition "Solution", plugin.solution
+						definition "References", plugin.references.reference_string, :inline_format => true
+
+						plugin_url = "http://www.tenablesecurity.com/plugins/index.php?view=single&id=#{plugin.id}"
+						definition "Nessus Plugin", plugin_url, :inline_format => true, :link => plugin_url
+
+						text "\n"
 					end
 
-					output.start_new_page if unique_risks[index+1] != nil
+					@output.start_new_page if last == false
 				end
+			end
+
+			def render(output)
+				text Report.classification.upcase, :align => :center
+				text "\n"
+
+				report_title Report.title
+				report_subtitle "Technical Findings"
+				report_author "This report was prepared by\n#{Report.author}"
+				text "\n\n\n"
+
+				# If you uncomment the med/low change the true in high to false for a new page after it
+
+				print_technical_findings(Item.critical_risks_unique, "Critical Findings", Risu::GRAPH_COLORS[0]) if Item.critical_risks_unique.to_a.size != 0
+				print_technical_findings(Item.high_risks_unique, "High Findings", Risu::GRAPH_COLORS[1], true) if Item.high_risks_unique.to_a.size != 0
+				#print_technical_findings(Item.medium_risks_unique, "Medium Findings", Risu::GRAPH_COLORS[2]) if Item.medium_risks_unique.to_a.size != 0
+				#print_technical_findings(Item.low_risks_unique, "Low Findings", Risu::GRAPH_COLORS[3], true) if Item.low_risks_unique.to_a.size != 0
 
 				output.number_pages "<page> of <total>", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all
 			end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: risu
 version: !ruby/object:Gem::Version
-  version: 1.7.2
+  version: 1.7.3
 platform: ruby
 authors:
 - Jacob Hammack
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-07 00:00:00.000000000 Z
+date: 2015-01-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: simplecov