class BaseMode

Public Class Methods

new(options) click to toggle source

Initializes the mode

# File lib/nexpose_ticketing/modes/base_mode.rb, line 6
def initialize(options)
  @options = options
  @log = NexposeTicketing::NxLogger.instance
end

Public Instance Methods

finalize_description(ticket_desc, nxid) click to toggle source

Generates a final description string based on a description hash.

- +ticket_desc+ - The ticket description to be formatted.
- +nxid+ - The NXID to be appended to the ticket.
  • Returns :

    • String containing ticket description text.

# File lib/nexpose_ticketing/modes/base_mode.rb, line 77
def finalize_description(ticket_desc, nxid)
  nxid_line = "\n\n\n#{nxid}"
  
  #If the ticket is too long, truncate it to fit the NXID
  max_len = @options[:max_ticket_length]
  if max_len > 0 and (ticket_desc + nxid_line).length > max_len
    #Leave space for newline characters, nxid and ellipsis (...)
    ticket_desc = ticket_desc[0...max_len - (nxid_line.length+5)]
    ticket_desc << "\n...\n"
  end

  "#{ticket_desc}#{nxid_line}"
end
get_assets(row) click to toggle source

Returns the assets for a vulnerability in a format suitable to be inserted into a ticket.

- +row+ -  CSV row containing vulnerability data.
  • Returns :

    • String formatted with affected assets.

# File lib/nexpose_ticketing/modes/base_mode.rb, line 194
def get_assets(row)
  assets = "\n#{row['comparison'] || 'Affected' } Assets\n"

  row['assets'].to_s.split('~').each do |a|
    asset = a.split('|')
    asset_entry = " - #{asset[1]} "
    asset_entry << "\t(#{asset[2]})" unless (asset[2].nil? || asset[2].empty?)
    assets << "#{asset_entry}\n"
  end
  assets
end
get_description(nexpose_id, row) click to toggle source

Returns the base ticket description object

# File lib/nexpose_ticketing/modes/base_mode.rb, line 36
def get_description(nexpose_id, row)
  description
end
get_discovery_info(row) click to toggle source
# File lib/nexpose_ticketing/modes/base_mode.rb, line 163
def get_discovery_info(row)
  return '' if row['first_discovered'].to_s == ''
  info = "\nFirst Seen: #{row['first_discovered']}\n"
  info << "Last Seen: #{row['most_recently_discovered']}\n"
  info
end
get_field_info(fields, row) click to toggle source

Returns the relevant row values for printing.

- +fields+ -  The fields which are relevant to the ticket.
- +row+ -  CSV row containing vulnerability data.
  • Returns :

    • String formatted with relevant fields.

# File lib/nexpose_ticketing/modes/base_mode.rb, line 214
def get_field_info(fields, row)
  fields.map { |x| "#{x.gsub("_", " ")}: #{row[x]}" }.join(", ")
end
get_header(row) click to toggle source

Generates the vulnerability header from the row data.

- +row+ -  CSV row containing vulnerability data.
  • Returns :

    • String formatted with vulnerability data.

# File lib/nexpose_ticketing/modes/base_mode.rb, line 113
def get_header(row)
  ticket = "\n=============================="
  ticket << "\nVulnerability ID: #{row['vulnerability_id']}"
  ticket << "\nNexpose ID: #{row['vuln_nexpose_id']}"
  ticket << "\nCVSS Score: #{row['cvss_score']}"
  ticket << "\n=============================="
end
get_matching_fields() click to toggle source

Returns the fields used to identify individual tickets

# File lib/nexpose_ticketing/modes/base_mode.rb, line 21
def get_matching_fields
  ['']
end
get_nxid(nexpose_id, row) click to toggle source

Generates a unique identifier for a ticket

# File lib/nexpose_ticketing/modes/base_mode.rb, line 31
def get_nxid(nexpose_id, row)
  "#{nil}c#{nil}"
end
get_query_suffix() click to toggle source

Returns the suffix used for query method names

# File lib/nexpose_ticketing/modes/base_mode.rb, line 57
def get_query_suffix
  '_by_ip'
end
get_references(row) click to toggle source

Formats the references for a vulnerability in a format suitable to be inserted into a ticket.

- +row+ -  CSV row containing vulnerability data.
  • Returns :

    • String formatted with source and reference.

# File lib/nexpose_ticketing/modes/base_mode.rb, line 177
def get_references(row)
  num_refs = @options[:max_num_refs]
  return '' if row['references'].nil? || num_refs == 0
  
  refs =  row['references'].split(', ')[0..num_refs]
  refs[num_refs] = '...' if refs.count > num_refs
  "\nSources:\n#{refs.map { |r| " - #{r}" }.join("\n")}\n"
end
get_short_summary(row) click to toggle source

Generates a short summary for a vulnerability.

- +row+ -  CSV row containing vulnerability data.
  • Returns :

    • String containing a short summary of the vulnerability.

# File lib/nexpose_ticketing/modes/base_mode.rb, line 128
def get_short_summary(row)
  solution_ids = row['solution_ids'][1..-2].split(',')
  return '' if solution_ids.first == 'NULL'

  sol = @solution_store.get_solution(solution_ids.first)
  summary = sol[:summary] || ''

  summary.length <= 100 ? summary : summary[0...100]
end
get_solutions(row) click to toggle source

Formats the solutions for a vulnerability in a format suitable to be inserted into a ticket.

- +row+ -  CSV row containing vulnerability data.
  • Returns :

    • String formatted with solution information.

# File lib/nexpose_ticketing/modes/base_mode.rb, line 145
def get_solutions(row)
  solution_ids = row['solution_ids'][1..-2].split(',')
  return '' if solution_ids.first == 'NULL'

  solutions = @solution_store.get_solutions solution_ids

  solutions.map! do |sol|
    format = "Summary: #{sol[:summary] || 'None'}\n" \
               "Nexpose ID: #{sol[:nexpose_id]}\n\n" \
               "Fix: #{sol[:fix]}\n"

    format = format + "\nURL: #{sol[:url]}" unless sol[:url].nil?
    format + "\n"
  end

  solutions.join("\n--\n")
end
get_title(row) click to toggle source

Returns the ticket's title

# File lib/nexpose_ticketing/modes/base_mode.rb, line 26
def get_title(row)
  "#{nil} => #{nil}"
end
get_vuln_info(row) click to toggle source

Formats the row data to be inserted into a 'D' or 'I' mode ticket description.

- +row+ -  CSV row containing vulnerability data.
  • Returns :

    • String formatted with vulnerability data.

# File lib/nexpose_ticketing/modes/base_mode.rb, line 98
def get_vuln_info(row)
  ticket = get_header(row)
  ticket << get_discovery_info(row)
  ticket << get_references(row)
  ticket << "\n#{get_solutions(row)}"
  ticket.gsub("\n", "\n ")
end
load_queries() click to toggle source
# File lib/nexpose_ticketing/modes/base_mode.rb, line 61
def load_queries
  file_name = "#{self.class.to_s.downcase}_queries.rb"
  file_path = File.join(File.dirname(__FILE__), "../queries/#{file_name}")
  @queries = []

  @queries << YAML.load_file(file_path)
end
method_missing(name, *args) click to toggle source

Catch-all method when a unknown method is called

# File lib/nexpose_ticketing/modes/base_mode.rb, line 219
def method_missing(name, *args)
  @log.log_message("Method #{name} not implemented for #{@options[:ticket_mode]} mode.")
end
print_description(description) click to toggle source

Converts the ticket description object into a formatted string

set_solution_store(solution_store) click to toggle source
# File lib/nexpose_ticketing/modes/base_mode.rb, line 11
def set_solution_store(solution_store)
  @solution_store = solution_store
end
truncate_title(title) click to toggle source

Cuts the title down to size specified in config, if necessary

# File lib/nexpose_ticketing/modes/base_mode.rb, line 51
def truncate_title(title)
  return title if title.length <= @options[:max_title_length]
  "#{title[0, @options[:max_title_length]-3]}..."
end
update_description(description, row) click to toggle source

Updates the ticket description based on row data

# File lib/nexpose_ticketing/modes/base_mode.rb, line 41
def update_description(description, row)
  description
end
updates_supported?() click to toggle source

True if this mode supports ticket updates

# File lib/nexpose_ticketing/modes/base_mode.rb, line 16
def updates_supported?
  true
end