risu 1.7.5 → 1.7.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f6936958320d0f5a66b83446740f767902c0a8aa
-  data.tar.gz: 037950d5f6ef7524e8062ae080d69d0c493c62ba
+  metadata.gz: afeb7452a6387818f031b7eb9be509fb7b8b1f91
+  data.tar.gz: d0c0482d6673456aaa3eb7ffd32f928df5ba4d03
 SHA512:
-  metadata.gz: e166f6769fd4f88a96a494fab589c84e9900e88dd939fda23f21efd12c817d8bed1e6c8245ea5fb0536c668e2c74053b3348492a41dfb2f9f05de1931754541e
-  data.tar.gz: c7a5d992b4445cce24900e4f990e438d2debfe346ea57eed42b9cd7ac8555543de6c0da59b6e994c9b304819fe361134ef63f18609e6ca3f924b3f3e09557cbc
+  metadata.gz: c009a3228e6fb7a9b84b256610fcd61381c223520e8f9ff9a3412c577fd4690f0adceeea0dfde312d3f78519c5337ce8560af3b5100cb79eeabd0f9533cf043e
+  data.tar.gz: abf5109f7c5ebc5f1931c1cebaa4290ae740140364ca0d9503f3901ab09f04a38b69179fdb1031663bb489ac393b3b470c76fd21567bb47ba84f9923eef6cac5

data/Gemfile

@@ -1,12 +1,18 @@
 source "https://rubygems.org"
+gemspec
 
-gem "rails", '4.0.0'
-gem "libxml-ruby", '2.6.0'
-gem "prawn", '0.12.0'
-gem "gruff", '0.3.7'
-gem "mysql2", '0.3.11'
-gem "rmagick", '2.13.2'
-gem "sqlite3", '1.3.7'
-gem "simplecov"
-gem "nokogiri", '1.6.0'
-gem "minitest", '4.3.2'
+#
+# gem 'simplecov', '~> 0.11.0'
+# gem 'yard', '~> 0.8.0'
+# gem 'minitest', '~> 5.0'
+# gem 'test-unit'
+#
+# gem 'rails', "~> 4.2.5"
+# gem 'libxml-ruby', "~> 2.8.0"
+# gem 'prawn', "~> 2.0.2"
+# gem 'prawn-table', "~> 0.2.2"
+# gem 'gruff', "~> 0.6.0"
+# gem 'mysql2', "~> 0.4.1"
+# gem 'rmagick', "~> 2.15.4"
+# gem 'sqlite3', "~> 1.3.11"
+# gem 'nokogiri', "~> 1.6.7"

data/Gemfile.lock

@@ -1,118 +1,141 @@
+PATH
+  remote: .
+  specs:
+    risu (1.7.6)
+      gruff (~> 0.6, >= 0.6.0)
+      libxml-ruby (~> 2.8, >= 2.8.0)
+      mysql2 (~> 0.4, >= 0.4.2)
+      nokogiri (~> 1.6, >= 1.6.7)
+      prawn (~> 2.0, >= 2.0.2)
+      prawn-table (~> 0.2, >= 0.2.2)
+      rails (~> 4.2, >= 4.2.5)
+      rmagick (~> 2.15, >= 2.15.4)
+      sqlite3 (~> 1.3, >= 1.3.11)
+
 GEM
-  remote: https://rubygems.org/
   specs:
-    Ascii85 (1.0.2)
-    actionmailer (4.0.2)
-      actionpack (= 4.0.2)
-      mail (~> 2.5.4)
-    actionpack (4.0.2)
-      activesupport (= 4.0.2)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
-      rack (~> 1.5.2)
+    actionmailer (4.2.5)
+      actionpack (= 4.2.5)
+      actionview (= 4.2.5)
+      activejob (= 4.2.5)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.5)
+      actionview (= 4.2.5)
+      activesupport (= 4.2.5)
+      rack (~> 1.6)
       rack-test (~> 0.6.2)
-    activemodel (4.0.2)
-      activesupport (= 4.0.2)
-      builder (~> 3.1.0)
-    activerecord (4.0.2)
-      activemodel (= 4.0.2)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.2)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.2)
-      i18n (~> 0.6, >= 0.6.4)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
-      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    afm (0.2.0)
-    arel (4.0.1)
-    atomic (1.1.14)
-    builder (3.1.4)
-    docile (1.1.1)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.5)
+      activesupport (= 4.2.5)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activejob (4.2.5)
+      activesupport (= 4.2.5)
+      globalid (>= 0.3.0)
+    activemodel (4.2.5)
+      activesupport (= 4.2.5)
+      builder (~> 3.1)
+    activerecord (4.2.5)
+      activemodel (= 4.2.5)
+      activesupport (= 4.2.5)
+      arel (~> 6.0)
+    activesupport (4.2.5)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    arel (6.0.3)
+    builder (3.2.2)
+    docile (1.1.5)
     erubis (2.7.0)
-    gruff (0.5.1)
-      rmagick
-    hashery (2.1.1)
-    hike (1.2.3)
-    i18n (0.6.9)
-    libxml-ruby (2.7.0)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.25.1)
-    mini_portile (0.5.2)
-    minitest (4.7.5)
-    multi_json (1.8.2)
-    mysql2 (0.3.14)
-    nokogiri (1.6.1)
-      mini_portile (~> 0.5.0)
-    pdf-reader (1.3.3)
-      Ascii85 (~> 1.0.0)
-      afm (~> 0.2.0)
-      hashery (~> 2.0)
-      ruby-rc4
-      ttfunk
-    polyglot (0.3.3)
-    prawn (0.13.2)
-      pdf-reader (~> 1.2)
-      ruby-rc4
-      ttfunk (~> 1.0.3)
-    rack (1.5.2)
-    rack-test (0.6.2)
+    globalid (0.3.6)
+      activesupport (>= 4.1.0)
+    gruff (0.6.0)
+      rmagick (>= 2.13.4)
+    i18n (0.7.0)
+    json (1.8.3)
+    libxml-ruby (2.8.0)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    mime-types (2.99)
+    mini_portile2 (2.0.0)
+    minitest (5.8.3)
+    mysql2 (0.4.2)
+    nokogiri (1.6.7)
+      mini_portile2 (~> 2.0.0.rc2)
+    pdf-core (0.6.0)
+    power_assert (0.2.6)
+    prawn (2.0.2)
+      pdf-core (~> 0.6.0)
+      ttfunk (~> 1.4.0)
+    prawn-table (0.2.2)
+      prawn (>= 1.3.0, < 3.0.0)
+    rack (1.6.4)
+    rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.0.2)
-      actionmailer (= 4.0.2)
-      actionpack (= 4.0.2)
-      activerecord (= 4.0.2)
-      activesupport (= 4.0.2)
+    rails (4.2.5)
+      actionmailer (= 4.2.5)
+      actionpack (= 4.2.5)
+      actionview (= 4.2.5)
+      activejob (= 4.2.5)
+      activemodel (= 4.2.5)
+      activerecord (= 4.2.5)
+      activesupport (= 4.2.5)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.2)
-      sprockets-rails (~> 2.0.0)
-    railties (4.0.2)
-      actionpack (= 4.0.2)
-      activesupport (= 4.0.2)
+      railties (= 4.2.5)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+    railties (4.2.5)
+      actionpack (= 4.2.5)
+      activesupport (= 4.2.5)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.1.1)
-    rmagick (2.13.2)
-    ruby-rc4 (0.1.5)
-    simplecov (0.8.2)
+    rake (10.4.2)
+    rmagick (2.15.4)
+    simplecov (0.11.1)
       docile (~> 1.1.0)
-      multi_json
-      simplecov-html (~> 0.8.0)
-    simplecov-html (0.8.0)
-    sprockets (2.10.1)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.0.1)
+      json (~> 1.8)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    sprockets (3.4.1)
+      rack (> 1, < 3)
+    sprockets-rails (2.3.3)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
-      sprockets (~> 2.8)
-    sqlite3 (1.3.8)
-    thor (0.18.1)
-    thread_safe (0.1.3)
-      atomic
-    tilt (1.4.1)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    ttfunk (1.0.3)
-    tzinfo (0.3.38)
+      sprockets (>= 2.8, < 4.0)
+    sqlite3 (1.3.11)
+    test-unit (3.1.5)
+      power_assert
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    ttfunk (1.4.0)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    yard (0.8.7.6)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  gruff
-  libxml-ruby
-  mysql2
-  nokogiri
-  prawn
-  rails
-  rmagick
-  simplecov
-  sqlite3
+  minitest (~> 5.0, >= 5.8.3)
+  risu!
+  simplecov (~> 0.11, >= 0.11.1)
+  test-unit (~> 3.1, >= 3.1.5)
+  yard (~> 0.8, >= 0.8.0)
+
+BUNDLED WITH
+   1.10.6

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2015 Arxopia LLC.
+Copyright (c) 2010-2016 Arxopia LLC.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -23,3 +23,4 @@ OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 OF THE POSSIBILITY OF SUCH DAMAGE.
+

data/NEWS.markdown

@@ -1,6 +1,27 @@
 # News
 
-# 1.7.5 (November, 2015)
+# 1.7.6 (December 02, 2015)
+- **NOTICE** Upon next major release, "1.8.0" ruby-2.2.1+ will only be supported. This is due to rails5 dropping support for all previous versions. Risu 1.8.0 will be release shortly after rails5 with this change.
+- **API CHANGES** Several APIs have been marked deprecated they will be moved in 1.8.0. Stubs will be left behind with warnings until 1.9.0. These changes are mostly to clean up the Models. Right now the models are very fat and interdependent on things they shouldn't. Some of the notable changes will be:
+	- Graphs will be moved to Risu::Graphs
+	- TemplateHelpers will be moved to Risu::TemplateHelpers
+- When new tags are encountered they are reported after each file now, as a uniqued list. This removes the spam of new tags.
+- Updated the dependent gems to the latest versions and removed exact version pinning.
+	- rails 4.2.5
+	- libxml-ruby 2.8.0
+	- prawn 2.0.2
+	- gruff 0.6.0
+	- mysql2 0.4.2
+	- rmagick 2.15.4
+	- sqlite3 1.3.11
+	- nokogiri 1.6.7
+- Massive updates to unit tests
+- Post Processing
+	- Updated OpenSSH plugin list
+	- Updated VMware ESXi plugin list
+- Tons of minor tweaks and other changes
+
+# 1.7.5 (November 6, 2015)
 - Added initial test for HostProperties
 - Added fixture for HostProperties testing
 - Added VMware vCenter Post Processing
@@ -82,7 +103,7 @@
 		- windows_os_graph_has_data()
 	- HostProperty Model
 		- Added pcidss:insecure_http_methods tag
-		- Added cpe-XXX, where XXX is a digit of the number of CPE found for that host.
+		- Added cpe-XXXX, where XXXX is a digit of the number of CPE found for that host.
 		- Added LastUnauthenticatedResults tag
 		- Added LastAuthenticatedResults tag
 		- Added Credentialed_Scan tag

data/README.markdown

@@ -1,17 +1,18 @@
-# risu
+# risu [![Gem Version](https://badge.fury.io/rb/risu.png)](http://badge.fury.io/rb/risu) [![Build Status](https://travis-ci.org/arxopia/risu.png?branch=master)](https://travis-ci.org/arxopia/risu)  [![Code Climate](https://codeclimate.com/github/arxopia/risu/badges/gpa.svg)](https://codeclimate.com/github/arxopia/risu) [![Inline docs](http://inch-ci.org/github/arxopia/risu.png)](http://inch-ci.org/github/arxopia/risu) [![Join the chat at https://gitter.im/arxopia/risu](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/arxopia/risu?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-[![Gem Version](https://badge.fury.io/rb/risu.png)](http://badge.fury.io/rb/risu)
+Risu is [Nessus](http://www.nessus.org) parser, that converts Nessus .nessus xml files into a [ActiveRecord](http://api.rubyonrails.org/classes/ActiveRecord/Base.html) database, this allows for easy report generation and vulnerability verification.
 
-[![Build Status](https://travis-ci.org/arxopia/risu.png?branch=1.7.2)](https://travis-ci.org/arxopia/risu)
-
-Risu is [Nessus](http://www.nessus.org) parser, that converts the generated reports into a [ActiveRecord](http://api.rubyonrails.org/classes/ActiveRecord/Base.html) database, this allows for easy report generation and vulnerability verification.
-
-Version **1.7.4** is the current release.
+* [Requirements](#requirements)
+* [Installation](#installation)
+* [Usage](#usage)
+* [Contributing](#contributing)
+* [Issues](#issues)
+* [Contact](#contact)
 
 ## Requirements
 
 ### Ruby
-Risu has been tested with ruby-1.9.3-p392, ruby-2.0.0 and ruby-2.1.0. Please try to use one of these versions if possible. I recommend using RVM to setup your ruby environment you can get it [here](https://rvm.beginrescueend.com/).
+Risu has been tested with ruby-2.0.0, ruby-2.1.0 and ruby-2.2.3. Please try to use one of these versions if possible. I recommend using RVM to setup your ruby environment you can get it [here](https://rvm.beginrescueend.com/).
 
 ### RubyGems
 Risu relies heavily on [RubyGems](http://rubygems.org/) to install other dependencies I highly recommend using it. RubyGems is included by default in the 1.9.x versions of [Ruby](http://ruby-lang.org/).
@@ -29,19 +30,31 @@ Risu relies heavily on [RubyGems](http://rubygems.org/) to install other depende
 ## Installation
 Installation is really easy just gem install!
 
-    % gem install risu
+	% gem install risu
 
-## Developmental Requirements
+### Runtime Requirements
 
 These are all available through [RubyGems](http://rubygems.org/). The should be installed automatically when you install risu, If not this command will install them all:
 
 	% gem install rmagick gruff prawn yard mysql2 libxml-ruby rails sqlite3 logger yaml nokogiri
 
-**You my need sudo/root access depending on your system setup**
+**You my need sudo/root access depending on your system setup, Please see detailed install guides for your system!**
+
+### Developmental Requirements
+
+These are all available through [RubyGems](http://rubygems.org/). These are required to run the tests, generate the documentation and test coverage. This command will install them all:
+
+	% gem install simplecov yard minitest test-unit
+
+**You my need sudo/root access depending on your system setup, Please see detailed install guides for your system!**
 
 Any database that ActiveRecord supports should work. Risu has been tested with [MySQL](http://www.mysql.com/) and [SQLite3](http://sqlite.org/).
 
-## Database Setup
+## Usage
+
+The following is some of the basic usage for risu. You must setup the database before you can start parsing in reports. All parsed reports share the same database, so all reports are combined as one inside of a database. I suggest a new database per required assessment.
+
+### Database Setup
 
 	% risu --create-config
 	% $EDITOR risu.cfg
@@ -51,22 +64,22 @@ Any database that ActiveRecord supports should work. Risu has been tested with [
 2. Edit the risu.cfg file, filling in the variables as needed.
 3. Migrate the database schema.
 
-## Parsing Nessus Output
+### Parsing Nessus Output
 
 	% risu report1.nessus [report2.nessus ...]
 
 1. Parse the files by passing their names on the command line.
 
 
-# Viewing Data
-The data can be viewed with a query browser available for your database.
+## Viewing Data
+The data can be viewed with any query browser available for your database of choice.
 
-## Generating Reports
+### Generating Reports
 To generate a report please execute the following after the the data is parsed into the database.
 
 	% risu -t <TEMPLATE_NAME> -o "REPORT_NAME.pdf"
 
-## Risu Console
+### Risu Console
 
 Using the risu Console is just like using Rails. You can access all of the ActiveRecord models directly and pull specific data from each model. Like SQL only easier!
 
@@ -76,7 +89,7 @@ Using the risu Console is just like using Rails. You can access all of the Activ
 	 _ __(_)___ _   _
 	| '__| / __| | | |
 	| |  | \__ \ |_| |
-	|_|  |_|___/\__,_|
+	|_|  |_|___/\__,_|_
 
 
 	risu Console v1.7.2
@@ -112,15 +125,15 @@ Several templates are included:
 The templates are written in ruby using [prawn](http://prawn.majesticseacreature.com/), they are fairly easy to make. I will add any templates as requested. See the 'template' example for creating your own template.
 
 # Contributing
-If you would like to contribute templates/bug fixes/etc to risu. The easiest way is to fork the project on [github](http://github.com/arxopia/risu) and make the changes in your fork and the submit a pull request to the project.
+If you would like to contribute templates/bug fixes/etc to risu. The easiest way is to fork the project on [github](http://github.com/arxopia/risu) and make the changes in your fork and the submit a pull request to the project on the dev branch. Please include unit tests for anything non trivial.
 
 # Issues
 If you have any problems, bugs or feature requests please use the [github issue tracker](http://github.com/arxopia/risu/issues).
 
-# Donations / tips
-Feel free to donate or tip to BTC: 1Cfd5G6rJmSBrNcTHxEgE4uYgH7XZJPY7Z
-
 # Contact
 You can reach me at risu[at]arxopia[dot]com.
 
 You can also contact me on IRC as hammackj on irc.freenode.net, #risu
+
+# Donations / tips
+Feel free to donate or tip to BTC: 1Cfd5G6rJmSBrNcTHxEgE4uYgH7XZJPY7Z