risu 1.7.3 → 1.7.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/NEWS.markdown +17 -10
- data/lib/risu.rb +1 -1
- data/lib/risu/base/schema.rb +13 -8
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +12 -6
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +1 -0
- data/risu.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed1f7b219ebb25c728109b214d7b1f6f2b4aabd5
|
|
4
|
+
data.tar.gz: 91e12a4dd836bbe7b9573c6d9b2f53f7f0fc3146
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4452938f9fdbc00b1a692e9e7e771f51655a44b550a8a8145f6a71cd905f9cc8a1d40c7fda5d8d59a4ace8e3f5d371177bc7adadd619f6c49b360fbfb2bbfd8e
|
|
7
|
+
data.tar.gz: 40cc53b89b40b5c855b9713e9f6371e5062d3ff819d6328e69f50e9b9e4fd5121012b9c4c82f966536303a67a112453cc8d0289ae12528fc0343b619b2fe76ed
|
data/NEWS.markdown
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# News
|
|
2
2
|
|
|
3
|
+
# 1.7.4 (January 25, 2015)
|
|
4
|
+
- Added New tags to the model Item
|
|
5
|
+
- cm:compliance-reference
|
|
6
|
+
- cm:compliance-see-also-
|
|
7
|
+
- cm:compliance-solution
|
|
8
|
+
- Increased the database size of all cm:compliance tags from string to text
|
|
9
|
+
|
|
3
10
|
# 1.7.3 (January 8, 2015)
|
|
4
11
|
- Parser Optimizations by [@bluehavana]
|
|
5
12
|
- Renamed Attachment.type to Attachment.ttype, due to a rails naming issue
|
|
@@ -62,9 +69,9 @@
|
|
|
62
69
|
- Added hp.
|
|
63
70
|
- Added glsa.
|
|
64
71
|
- Added freebsd.
|
|
65
|
-
-
|
|
66
|
-
|
|
67
|
-
|
|
72
|
+
- *Experimental Post Processing*, Sums up the findings and removes the duplicates. This allows for cleaner
|
|
73
|
+
authenticated reports. Very experimental at the moment, the are auto loaded from the same directories as templates
|
|
74
|
+
for the time being
|
|
68
75
|
- Use of the --post-process command line option will turn this on and off
|
|
69
76
|
- Java Plugins
|
|
70
77
|
- Adobe Reader plugins
|
|
@@ -98,12 +105,12 @@
|
|
|
98
105
|
- Added "Exploitablity Summary Report" template
|
|
99
106
|
- Added "Talking Points Report" template
|
|
100
107
|
- Added "Missing Root Cause Report" template
|
|
101
|
-
- Templates must now specify their renderer :renderer => "PDF" or :renderer => "CSV" in the template_info section.
|
|
102
|
-
will break all templates until it is added.
|
|
108
|
+
- Templates must now specify their renderer :renderer => "PDF" or :renderer => "CSV" in the template_info section.
|
|
109
|
+
This will break all templates until it is added.
|
|
103
110
|
- Template Helper
|
|
104
111
|
- Added a table method to generate a table in 1 line of code
|
|
105
112
|
- Added a new_page method to create a page break in the report
|
|
106
|
-
- Added other_os_graph_page, This generates a page for the PDF renderer with the
|
|
113
|
+
- Added other_os_graph_page, This generates a page for the PDF renderer with the
|
|
107
114
|
other_os_graph and other_os_graph_text followed by a new_page
|
|
108
115
|
- item_count_by_plugin_name
|
|
109
116
|
- item_count_by_plugin_id
|
|
@@ -446,20 +453,20 @@ You can access it via `Host.first.patches` or `Patch.all`
|
|
|
446
453
|
- New HostProperties attribute: pcidss:www:xss
|
|
447
454
|
- Added more unit tests 91.7% code coverage for testing at the moment. Not including templates.
|
|
448
455
|
|
|
449
|
-
#1.4.2 (May 13, 2011)
|
|
456
|
+
# 1.4.2 (May 13, 2011)
|
|
450
457
|
|
|
451
458
|
- Added a fix for all of the MSXX-XXX Host Properties tags that don't serve any purpose
|
|
452
459
|
- Added sqlite3 as an install dependency to help with sqlite usage
|
|
453
|
-
- Fixed a privately report bug with the *_risks_unique_sorted functions not working on MySQL
|
|
460
|
+
- Fixed a privately report bug with the *_risks_unique_sorted* functions not working on MySQL
|
|
454
461
|
|
|
455
|
-
#1.4.1 (May 10, 2011)
|
|
462
|
+
# 1.4.1 (May 10, 2011)
|
|
456
463
|
|
|
457
464
|
- Fixed a issue with a nonexistent 'Critical' severity.
|
|
458
465
|
- Added VMware ESX to the Other OS graph Ticket #33
|
|
459
466
|
- windows_os_graph were using the wrong counters Ticket #32
|
|
460
467
|
- Updated the Prawn gem version to 0.11.1
|
|
461
468
|
|
|
462
|
-
#1.4.0 (April 20, 2011)
|
|
469
|
+
# 1.4.0 (April 20, 2011)
|
|
463
470
|
|
|
464
471
|
- Added a --console option for creating a ActiveRecord console into the database
|
|
465
472
|
- Updated the parser to handle the new plugin_type field on the plugins table
|
data/lib/risu.rb
CHANGED
data/lib/risu/base/schema.rb
CHANGED
|
@@ -98,14 +98,19 @@ module Risu
|
|
|
98
98
|
t.integer :severity
|
|
99
99
|
t.string :plugin_name
|
|
100
100
|
t.boolean :verified
|
|
101
|
-
t.
|
|
102
|
-
t.
|
|
103
|
-
t.
|
|
104
|
-
t.
|
|
105
|
-
t.
|
|
106
|
-
t.
|
|
107
|
-
t.
|
|
108
|
-
t.
|
|
101
|
+
t.text :cm_compliance_info, limit: 4294967295
|
|
102
|
+
t.text :cm_compliance_actual_value, limit: 4294967295
|
|
103
|
+
t.text :cm_compliance_check_id, limit: 4294967295
|
|
104
|
+
t.text :cm_compliance_policy_value, limit: 4294967295
|
|
105
|
+
t.text :cm_compliance_audit_file, limit: 4294967295
|
|
106
|
+
t.text :cm_compliance_check_name, limit: 4294967295
|
|
107
|
+
t.text :cm_compliance_result, limit: 4294967295
|
|
108
|
+
t.text :cm_compliance_output, limit: 4294967295
|
|
109
|
+
|
|
110
|
+
t.text :cm_compliance_reference, limit: 4294967295
|
|
111
|
+
t.text :cm_compliance_see_also, limit: 4294967295
|
|
112
|
+
t.text :cm_compliance_solution, limit: 4294967295
|
|
113
|
+
|
|
109
114
|
t.integer :real_severity
|
|
110
115
|
t.integer :risk_score
|
|
111
116
|
end
|
|
@@ -75,7 +75,7 @@ module Risu
|
|
|
75
75
|
cm:compliance-info cm:compliance-actual-value cm:compliance-check-id cm:compliance-policy-value
|
|
76
76
|
cm:compliance-audit-file cm:compliance-check-name cm:compliance-result cm:compliance-output policyOwner
|
|
77
77
|
visibility script_version attachment policy_comments d2_elliot_name exploit_framework_d2_elliot
|
|
78
|
-
exploited_by_malware compliance
|
|
78
|
+
exploited_by_malware compliance cm:compliance-reference cm:compliance-see-also cm:compliance-solution
|
|
79
79
|
])
|
|
80
80
|
|
|
81
81
|
# TODO: documentation. These are never used in the class
|
|
@@ -276,7 +276,8 @@ module Risu
|
|
|
276
276
|
:svc_name => attributes["svc_name"],
|
|
277
277
|
:protocol => attributes["protocol"],
|
|
278
278
|
:severity => attributes["severity"],
|
|
279
|
-
:plugin_id => @plugin.id
|
|
279
|
+
:plugin_id => @plugin.id
|
|
280
|
+
)
|
|
280
281
|
|
|
281
282
|
@plugin.save
|
|
282
283
|
end
|
|
@@ -358,8 +359,7 @@ module Risu
|
|
|
358
359
|
#parser. To solve this we do the references before the final plugin data, Valid references must be added
|
|
359
360
|
#the VALID_REFERENCE set at the top to be parsed.
|
|
360
361
|
def end_valid_reference(element)
|
|
361
|
-
@ref = @plugin.references.create(:reference_name => element,
|
|
362
|
-
:value => @vals["#{element}"])
|
|
362
|
+
@ref = @plugin.references.create(:reference_name => element, :value => @vals["#{element}"])
|
|
363
363
|
end
|
|
364
364
|
|
|
365
365
|
def end_report_item(_)
|
|
@@ -372,7 +372,12 @@ module Risu
|
|
|
372
372
|
:cm_compliance_audit_file => @vals["cm:compliance-audit-file"],
|
|
373
373
|
:cm_compliance_check_name => @vals["cm:compliance-check-name"],
|
|
374
374
|
:cm_compliance_result => @vals["cm:compliance-result"],
|
|
375
|
-
:cm_compliance_output => @vals["cm:compliance-output"]
|
|
375
|
+
:cm_compliance_output => @vals["cm:compliance-output"],
|
|
376
|
+
|
|
377
|
+
:cm_compliance_reference => @vals["cm:compliance-reference"],
|
|
378
|
+
:cm_compliance_see_also => @vals["cm:compliance-see-also" ],
|
|
379
|
+
:cm_compliance_solution => @vals["cm:compliance-solution"]
|
|
380
|
+
)
|
|
376
381
|
|
|
377
382
|
@plugin.update(:solution => @vals["solution"],
|
|
378
383
|
:risk_factor => @vals["risk_factor"],
|
|
@@ -401,7 +406,8 @@ module Risu
|
|
|
401
406
|
:always_run => @vals["always_run"],
|
|
402
407
|
:script_version => @vals["script_version"],
|
|
403
408
|
:exploited_by_malware => @vals["exploited_by_malware"],
|
|
404
|
-
:compliance => @vals["compliance"]
|
|
409
|
+
:compliance => @vals["compliance"]
|
|
410
|
+
)
|
|
405
411
|
end
|
|
406
412
|
|
|
407
413
|
def end_attachment(_)
|
data/risu.gemspec
CHANGED
|
@@ -59,7 +59,7 @@ Gem::Specification.new do |s|
|
|
|
59
59
|
s.add_dependency('prawn', ['0.12.0'])
|
|
60
60
|
s.add_dependency('gruff', ['0.3.7'])
|
|
61
61
|
s.add_dependency('mysql2', ['0.3.11'])
|
|
62
|
-
s.add_dependency('rmagick', ['2.13.
|
|
62
|
+
s.add_dependency('rmagick', ['2.13.4'])
|
|
63
63
|
s.add_dependency('sqlite3', ['1.3.7'])
|
|
64
64
|
s.add_dependency('nokogiri', ['1.6.0'])
|
|
65
65
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: risu
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.7.
|
|
4
|
+
version: 1.7.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jacob Hammack
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-01-
|
|
11
|
+
date: 2015-01-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: simplecov
|
|
@@ -146,14 +146,14 @@ dependencies:
|
|
|
146
146
|
requirements:
|
|
147
147
|
- - '='
|
|
148
148
|
- !ruby/object:Gem::Version
|
|
149
|
-
version: 2.13.
|
|
149
|
+
version: 2.13.4
|
|
150
150
|
type: :runtime
|
|
151
151
|
prerelease: false
|
|
152
152
|
version_requirements: !ruby/object:Gem::Requirement
|
|
153
153
|
requirements:
|
|
154
154
|
- - '='
|
|
155
155
|
- !ruby/object:Gem::Version
|
|
156
|
-
version: 2.13.
|
|
156
|
+
version: 2.13.4
|
|
157
157
|
- !ruby/object:Gem::Dependency
|
|
158
158
|
name: sqlite3
|
|
159
159
|
requirement: !ruby/object:Gem::Requirement
|