class BaseMode
Public Class Methods
Initializes the mode
# File lib/nexpose_ticketing/modes/base_mode.rb, line 6 def initialize(options) @options = options @log = NexposeTicketing::NxLogger.instance end
Public Instance Methods
Generates a final description string based on a description hash.
- +ticket_desc+ - The ticket description to be formatted. - +nxid+ - The NXID to be appended to the ticket.
-
Returns :
-
String containing ticket description text.
-
# File lib/nexpose_ticketing/modes/base_mode.rb, line 77 def finalize_description(ticket_desc, nxid) nxid_line = "\n\n\n#{nxid}" #If the ticket is too long, truncate it to fit the NXID max_len = @options[:max_ticket_length] if max_len > 0 and (ticket_desc + nxid_line).length > max_len #Leave space for newline characters, nxid and ellipsis (...) ticket_desc = ticket_desc[0...max_len - (nxid_line.length+5)] ticket_desc << "\n...\n" end "#{ticket_desc}#{nxid_line}" end
Returns the assets for a vulnerability in a format suitable to be inserted into a ticket.
- +row+ - CSV row containing vulnerability data.
-
Returns :
-
String formatted with affected assets.
-
# File lib/nexpose_ticketing/modes/base_mode.rb, line 194 def get_assets(row) assets = "\n#{row['comparison'] || 'Affected' } Assets\n" row['assets'].to_s.split('~').each do |a| asset = a.split('|') asset_entry = " - #{asset[1]} " asset_entry << "\t(#{asset[2]})" unless (asset[2].nil? || asset[2].empty?) assets << "#{asset_entry}\n" end assets end
Returns the base ticket description object
# File lib/nexpose_ticketing/modes/base_mode.rb, line 36 def get_description(nexpose_id, row) description end
# File lib/nexpose_ticketing/modes/base_mode.rb, line 163 def get_discovery_info(row) return '' if row['first_discovered'].to_s == '' info = "\nFirst Seen: #{row['first_discovered']}\n" info << "Last Seen: #{row['most_recently_discovered']}\n" info end
Returns the relevant row values for printing.
- +fields+ - The fields which are relevant to the ticket. - +row+ - CSV row containing vulnerability data.
-
Returns :
-
String formatted with relevant fields.
-
# File lib/nexpose_ticketing/modes/base_mode.rb, line 214 def get_field_info(fields, row) fields.map { |x| "#{x.gsub("_", " ")}: #{row[x]}" }.join(", ") end
Generates the vulnerability header from the row data.
- +row+ - CSV row containing vulnerability data.
-
Returns :
-
String formatted with vulnerability data.
-
# File lib/nexpose_ticketing/modes/base_mode.rb, line 113 def get_header(row) ticket = "\n==============================" ticket << "\nVulnerability ID: #{row['vulnerability_id']}" ticket << "\nNexpose ID: #{row['vuln_nexpose_id']}" ticket << "\nCVSS Score: #{row['cvss_score']}" ticket << "\n==============================" end
Returns the fields used to identify individual tickets
# File lib/nexpose_ticketing/modes/base_mode.rb, line 21 def get_matching_fields [''] end
Generates a unique identifier for a ticket
# File lib/nexpose_ticketing/modes/base_mode.rb, line 31 def get_nxid(nexpose_id, row) "#{nil}c#{nil}" end
Returns the suffix used for query method names
# File lib/nexpose_ticketing/modes/base_mode.rb, line 57 def get_query_suffix '_by_ip' end
Formats the references for a vulnerability in a format suitable to be inserted into a ticket.
- +row+ - CSV row containing vulnerability data.
-
Returns :
-
String formatted with source and reference.
-
# File lib/nexpose_ticketing/modes/base_mode.rb, line 177 def get_references(row) num_refs = @options[:max_num_refs] return '' if row['references'].nil? || num_refs == 0 refs = row['references'].split(', ')[0..num_refs] refs[num_refs] = '...' if refs.count > num_refs "\nSources:\n#{refs.map { |r| " - #{r}" }.join("\n")}\n" end
Generates a short summary for a vulnerability.
- +row+ - CSV row containing vulnerability data.
-
Returns :
-
String containing a short summary of the vulnerability.
-
# File lib/nexpose_ticketing/modes/base_mode.rb, line 128 def get_short_summary(row) solution_ids = row['solution_ids'][1..-2].split(',') return '' if solution_ids.first == 'NULL' sol = @solution_store.get_solution(solution_ids.first) summary = sol[:summary] || '' summary.length <= 100 ? summary : summary[0...100] end
Formats the solutions for a vulnerability in a format suitable to be inserted into a ticket.
- +row+ - CSV row containing vulnerability data.
-
Returns :
-
String formatted with solution information.
-
# File lib/nexpose_ticketing/modes/base_mode.rb, line 145 def get_solutions(row) solution_ids = row['solution_ids'][1..-2].split(',') return '' if solution_ids.first == 'NULL' solutions = @solution_store.get_solutions solution_ids solutions.map! do |sol| format = "Summary: #{sol[:summary] || 'None'}\n" \ "Nexpose ID: #{sol[:nexpose_id]}\n\n" \ "Fix: #{sol[:fix]}\n" format = format + "\nURL: #{sol[:url]}" unless sol[:url].nil? format + "\n" end solutions.join("\n--\n") end
Returns the ticket's title
# File lib/nexpose_ticketing/modes/base_mode.rb, line 26 def get_title(row) "#{nil} => #{nil}" end
Formats the row data to be inserted into a 'D' or 'I' mode ticket description.
- +row+ - CSV row containing vulnerability data.
-
Returns :
-
String formatted with vulnerability data.
-
# File lib/nexpose_ticketing/modes/base_mode.rb, line 98 def get_vuln_info(row) ticket = get_header(row) ticket << get_discovery_info(row) ticket << get_references(row) ticket << "\n#{get_solutions(row)}" ticket.gsub("\n", "\n ") end
# File lib/nexpose_ticketing/modes/base_mode.rb, line 61 def load_queries file_name = "#{self.class.to_s.downcase}_queries.rb" file_path = File.join(File.dirname(__FILE__), "../queries/#{file_name}") @queries = [] @queries << YAML.load_file(file_path) end
Catch-all method when a unknown method is called
# File lib/nexpose_ticketing/modes/base_mode.rb, line 219 def method_missing(name, *args) @log.log_message("Method #{name} not implemented for #{@options[:ticket_mode]} mode.") end
Converts the ticket description object into a formatted string
# File lib/nexpose_ticketing/modes/base_mode.rb, line 46 def print_description(description) '' end
# File lib/nexpose_ticketing/modes/base_mode.rb, line 11 def set_solution_store(solution_store) @solution_store = solution_store end
Cuts the title down to size specified in config, if necessary
# File lib/nexpose_ticketing/modes/base_mode.rb, line 51 def truncate_title(title) return title if title.length <= @options[:max_title_length] "#{title[0, @options[:max_title_length]-3]}..." end
Updates the ticket description based on row data
# File lib/nexpose_ticketing/modes/base_mode.rb, line 41 def update_description(description, row) description end
True if this mode supports ticket updates
# File lib/nexpose_ticketing/modes/base_mode.rb, line 16 def updates_supported? true end