risu 1.8.3 → 1.8.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0037c4091b9cf97291e61059efcb926ec8f4d6d7
-  data.tar.gz: bef059b795db3231efd81a90baed696c0568b144
+SHA256:
+  metadata.gz: cf81464689cb6d03b39783e15cc40e8ad075520f0132620137074b0275cbac91
+  data.tar.gz: 37fc4a1c4decf0fde09c338b1acee60709aa2776678c8d2ae58400d463ad8e29
 SHA512:
-  metadata.gz: '061824f1b7dd1f40a52ebbb91d2fa8b64eca161538606f16b7fb07fb0e83cd1017be38c1b592e35ee9beac0077a67423fd9352c90de65820a62c954f2d46def3'
-  data.tar.gz: 7c4fd1c9ceeea420eb0e9e4b55c8598d6f0d9d1873793f6e5b6e1f039d143187053bdb8138cf9c8b013817774c6dc860b601a9c80500529de89a5779cda5ca2a
+  metadata.gz: '097239a0d3034bf84c388a8c03d5c6a875bb1672915322c92225c2cf3830068c870819853386e3aac3971137472992187bec038004636dd0e6f513b1f53ac3a3'
+  data.tar.gz: f0d38ea30edf76af93594178a010bc059066169612a61a6438772bcca895f3bc7384c90f8da13b4115bc5d3fa94b15ffc290d875c74f6b9a3802ba349986fe53

data/Gemfile.lock

@@ -0,0 +1,159 @@
+PATH
+  remote: .
+  specs:
+    risu (1.8.4)
+      gruff (~> 0.7, >= 0.7.0)
+      libxml-ruby (~> 2.9, >= 2.9.0)
+      nokogiri (~> 1.7, >= 1.7.0.1)
+      prawn (~> 2.1, >= 2.1.0)
+      prawn-table (~> 0.2, >= 0.2.2)
+      rails (~> 5.0, >= 5.0.1)
+      rmagick (~> 2.15, >= 2.15.4)
+      sqlite3 (~> 1.3, >= 1.3.11)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.2.3)
+      actionpack (= 5.2.3)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.3)
+      actionpack (= 5.2.3)
+      actionview (= 5.2.3)
+      activejob (= 5.2.3)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.2.3)
+      actionview (= 5.2.3)
+      activesupport (= 5.2.3)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.2.3)
+      activesupport (= 5.2.3)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.2.3)
+      activesupport (= 5.2.3)
+      globalid (>= 0.3.6)
+    activemodel (5.2.3)
+      activesupport (= 5.2.3)
+    activerecord (5.2.3)
+      activemodel (= 5.2.3)
+      activesupport (= 5.2.3)
+      arel (>= 9.0)
+    activestorage (5.2.3)
+      actionpack (= 5.2.3)
+      activerecord (= 5.2.3)
+      marcel (~> 0.3.1)
+    activesupport (5.2.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    arel (9.0.0)
+    builder (3.2.3)
+    concurrent-ruby (1.1.5)
+    crass (1.0.5)
+    docile (1.3.1)
+    erubi (1.9.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    gruff (0.7.0)
+      rmagick (~> 2.13, >= 2.13.4)
+    i18n (1.7.0)
+      concurrent-ruby (~> 1.0)
+    json (2.1.0)
+    libxml-ruby (2.9.0)
+    loofah (2.3.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.3)
+      mimemagic (~> 0.3.2)
+    method_source (0.9.2)
+    mimemagic (0.3.3)
+    mini_mime (1.0.2)
+    mini_portile2 (2.4.0)
+    minitest (5.11.3)
+    nio4r (2.5.2)
+    nokogiri (1.10.4)
+      mini_portile2 (~> 2.4.0)
+    pdf-core (0.7.0)
+    power_assert (1.1.3)
+    prawn (2.2.2)
+      pdf-core (~> 0.7.0)
+      ttfunk (~> 1.5)
+    prawn-table (0.2.2)
+      prawn (>= 1.3.0, < 3.0.0)
+    rack (2.0.7)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (5.2.3)
+      actioncable (= 5.2.3)
+      actionmailer (= 5.2.3)
+      actionpack (= 5.2.3)
+      actionview (= 5.2.3)
+      activejob (= 5.2.3)
+      activemodel (= 5.2.3)
+      activerecord (= 5.2.3)
+      activestorage (= 5.2.3)
+      activesupport (= 5.2.3)
+      bundler (>= 1.3.0)
+      railties (= 5.2.3)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (5.2.3)
+      actionpack (= 5.2.3)
+      activesupport (= 5.2.3)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.19.0, < 2.0)
+    rake (13.0.0)
+    rmagick (2.16.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    sprockets (4.0.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.4.1)
+    test-unit (3.2.8)
+      power_assert
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    ttfunk (1.5.1)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    websocket-driver (0.7.1)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.4)
+    yard (0.9.20)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  minitest (~> 5.0, >= 5.9)
+  risu!
+  simplecov (~> 0.15, >= 0.15)
+  test-unit (~> 3.2, >= 3.2.4)
+  yard (>= 0.9.20)
+
+BUNDLED WITH
+   1.16.1

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2017 Jacob Hammack.
+Copyright (c) 2010-2020 Jacob Hammack.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.markdown

@@ -137,8 +137,5 @@ The templates are written in ruby using [prawn](http://prawn.majesticseacreature
 # Contributing
 If you would like to contribute templates/bug fixes/etc to risu. The easiest way is to fork the project on [github](http://github.com/hammackj/risu) and make the changes in your fork and the submit a pull request to the project on the dev branch. Please include unit tests for anything non trivial.
 
-# Issues
-If you have any problems, bugs or feature requests please use the [github issue tracker](http://github.com/hammackj/risu/issues).
-
-# Contact
-You can reach me at jacob.hammack[at]hammackj[dot]com. You can also contact me on IRC as hammackj on irc.freenode.net, #risu
+# Contact / Issues
+If you have any problems, bugs, questions or feature requests please use the [github issue tracker](http://github.com/hammackj/risu/issues).

data/Rakefile

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/bin/risu

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby -W0
 
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/docs/NEWS.markdown

@@ -1,5 +1,8 @@
 # News
 
+# 1.8.4 (Feburary 6, 2020)
+- A great deal of changes/bug fixes/post processing
+
 # 1.8.3 (July 11, 2017)
 - Updated PostProcessing plugin id's
 - Added new PostProcessing plugin NormalizePluginNames

data/lib/risu.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -41,7 +41,7 @@ require 'gruff'
 require 'prawn'
 require 'prawn/table'
 require 'stringio'
-require 'mysql2'
+#require 'mysql2'
 require 'irb'
 require 'sqlite3'
 require 'nokogiri'

data/lib/risu/base.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/base/graph_template_helper.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/base/host_template_helper.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -62,6 +62,7 @@ module Risu
 				unsupported_os("Unsupported Windows 2000 Installations", "Microsoft Windows 2000 Unsupported Installation Detection")
 				unsupported_os("Unsupported Windows XP Installations", "Microsoft Windows XP Unsupported Installation Detection")
 				unsupported_os("Unsupported Windows 2003 Installations", "Microsoft Windows Server 2003 Unsupported Installation Detection")
+				unsupported_os("Unsupported Windows 8 Installations", "Microsoft Windows 8 Unsupported Installation Detection")
 
 				text "\n"
 			end

data/lib/risu/base/malware_template_helper.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/base/post_process_base.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -171,6 +171,7 @@ module Risu
 					item.port = 0
 					item.severity = severity
 					item.plugin_name = @info[:item_name]
+					item.rollup_finding = true
 
 				item.save
 			end
@@ -186,7 +187,7 @@ module Risu
 
 			#
 			def calculate_severity current_severity, severity
-				if severity >= current_severity
+				if severity > current_severity
 					return severity
 				else
 					return current_severity
@@ -204,15 +205,17 @@ module Risu
 					create_plugin()
 				end
 
+				finding_severity = 0
+
 				Host.all.each do |host|
 					if !has_host_findings(host.id)
 						next
 					end
 
-					finding_severity = 0
-
+					# Downgrade Nessus findings to -1, to replace with rollup
 					@info[:plugin_ids].each do |plugin_id|
 						Item.where(:plugin_id => plugin_id).each do |item|
+
 							severity = item.severity
 							item.real_severity = severity
 							item.severity = -1

data/lib/risu/base/post_process_manager.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/base/scan_helper.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/base/schema.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -65,7 +65,7 @@ module Risu
 				create_table :hosts do |t|
 					t.integer :report_id
 					t.string :name
-					t.string :os
+					t.text :os, limit: 4294967295
 					t.text :mac, limit: 4294967295
 					t.datetime :start
 					t.datetime :end
@@ -106,10 +106,11 @@ module Risu
 					t.text :cm_compliance_solution, limit: 4294967295
 					t.integer :real_severity
 					t.integer :risk_score
+					t.boolean :rollup_finding, :default => false
 				end
 
 				create_table :plugins do |t|
-					t.string :plugin_name
+					t.text :plugin_name, limit: 4294967295
 					t.string :family_name
 					t.text :description, limit: 4294967295
 					t.string :plugin_version
@@ -190,6 +191,11 @@ module Risu
 					t.string :value
 				end
 
+				create_table :nessus_plugin_metadata do |t|
+					t.integer :plugin_id
+					t.text :plugin_name, limit: 4294967295
+				end
+
 				#Index's for speed increases, possibly have these apply after parsing @TODO
 				add_index :items, :host_id
 				add_index :items, :plugin_id
@@ -227,6 +233,7 @@ module Risu
 				drop_table :patches
 				drop_table :host_properties
 				drop_table :attachments
+				drop_table :nessus_plugin_metadata
 			end
 		end
 	end

data/lib/risu/base/shares_template_helper.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/base/template_base.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/base/template_helper.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/base/template_manager.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/base/templater.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/cli.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/cli/application.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -134,7 +134,7 @@ module Risu
 					exit
 				rescue ActiveRecord::AdapterNotFound => anf
 					puts "[!] Database adapter not found, please check your configuration file"
-					puts "#{ans.message}\n #{ans.backtrace}" if @options[:debug]
+					puts "#{anf.message}\n #{anf.backtrace}" if @options[:debug]
 					exit
 				rescue => e
 					puts "[!] Exception! #{e.message}"
@@ -175,10 +175,10 @@ module Risu
 					puts "[!] Database not found. Please check your configuration file"
 					puts "#{nde.message}\n #{nde.backtrace}" if @options[:debug]
 					exit
-				rescue Mysql2::Error => mse
-					puts "[!] Unable to connect to MySQL. \"#{mse.message}\" Please check your configuration file"
-					puts "#{mse.message}\n #{mse.backtrace}" if @options[:debug]
-					exit
+				#rescue Mysql2::Error => mse
+				#	puts "[!] Unable to connect to MySQL. \"#{mse.message}\" Please check your configuration file"
+				#	puts "#{mse.message}\n #{mse.backtrace}" if @options[:debug]
+				#	exit
 				rescue SQLite3::Exception => se
 					puts "[!] Unable to open database. Please check your configuration file"
 					puts "#{se.message}\n #{se.backtrace}" if @options[:debug]
@@ -342,13 +342,13 @@ module Risu
 						puts opts.to_s + "\n"
 						exit
 					end
-				rescue OptionParser::AmbiguousOption => a
+				rescue OptionParser::AmbiguousOption
 					puts opts.to_s + "\n"
 					exit
-				rescue OptionParser::MissingArgument => m
+				rescue OptionParser::MissingArgument
 					puts opts.to_s + "\n"
 					exit
-				rescue OptionParser::InvalidOption => i
+				rescue OptionParser::InvalidOption
 					puts opts.to_s + "\n"
 					exit
 				end
@@ -432,7 +432,7 @@ module Risu
 					rescue Risu::Exceptions::InvalidDocument => id
 						puts "[!] #{id.message}"
 						next
-					rescue ActiveRecord::StatementInvalid => si
+					rescue ActiveRecord::StatementInvalid
 						puts "[!] Please run #{Risu::APP_NAME} --create-tables, to create the required database schema!"
 						exit
 					rescue => e
@@ -491,14 +491,14 @@ module Risu
 
 					printf "[*] Finished parsing %s. Parse took %.02f seconds\n", file, Time.now - tstart
 					puts nessus_doc.new_tags.uniq.join("\n") #@TODO add a verbose check
-				rescue Interrupt => i
+				rescue Interrupt
 					puts "[!] Parse canceled!"
 					exit(1)
-				rescue Mysql2::Error => m
-					if m.errno == 1146
-						puts "[!] Error: Tables were not created. Please run #{Risu::APP_NAME} --create-tables"
-						exit(1)
-					end
+				#rescue Mysql2::Error => m
+				#	if m.errno == 1146
+				#		puts "[!] Error: Tables were not created. Please run #{Risu::APP_NAME} --create-tables"
+				#		exit(1)
+				#	end
 				rescue => e
 					puts "[!] #{e.message}\n #{e.backtrace.join("\n")}\n"
 					exit(1)