class Nexpose::XML::VulnerabilitySummary

Summary of a vulnerability.

Attributes

added[RW]

When this vulnerability was first included in the application.

credentials[RW]

A vulnerability is considered “credentialed” when all of its checks require credentials or if the check depends on previous authentication during a scan.

cvss_score[RW]

The computation of the Common Vulnerability Scoring System indicating compliance with PCI standards on a scale from 0 to 10.0.

cvss_vector[RW]

How the vulnerability is exploited according to PCI standards.

modified[RW]

The last date the vulnerability was modified.

pci_severity[RW]

PCI severity value for the vulnerability on a scale of 1 to 5.

published[RW]

The date when the information about the vulnerability was first released.

safe[RW]

Whether all checks for the vulnerability are safe. Unsafe checks may cause denial of service or otherwise disrupt system performance.

Public Class Methods

parse(xml) click to toggle source
# File lib/nexpose/vuln.rb, line 182
def self.parse(xml)
  parse_attributes(xml)
end
parse_attributes(xml) click to toggle source
# File lib/nexpose/vuln.rb, line 164
def self.parse_attributes(xml)
  vuln = new(xml.attributes['id'],
             xml.attributes['title'],
             xml.attributes['severity'].to_i)

  vuln.pci_severity = xml.attributes['pciSeverity'].to_i
  vuln.safe         = xml.attributes['safe'] == 'true' # or xml.attributes['safe'] == '1'
  vuln.added        = Date.parse(xml.attributes['added'])
  vuln.modified     = Date.parse(xml.attributes['modified'])
  vuln.credentials  = xml.attributes['requiresCredentials'] == 'true'

  # These three fields are optional in the XSD.
  vuln.published    = Date.parse(xml.attributes['published']) if xml.attributes['published']
  vuln.cvss_vector  = xml.attributes['cvssVector'] if xml.attributes['cvssVector']
  vuln.cvss_score   = xml.attributes['cvssScore'].to_f if xml.attributes['cvssScore']
  vuln
end