class Risu::Base::PostProcessBase
Attributes
possible_postprocesses[R]
info[RW]
Public Class Methods
inherited(child)
click to toggle source
# File lib/risu/base/post_process_base.rb, line 37 def self.inherited child possible_postprocesses << child end
Public Instance Methods
<=>(other)
click to toggle source
# File lib/risu/base/post_process_base.rb, line 52 def <=> other if self.info[:plugin_id] < other.info[:plugin_id] -1 elsif self.info[:plugin_id] > other.info[:plugin_id] 1 else 0 end end
==(other)
click to toggle source
# File lib/risu/base/post_process_base.rb, line 41 def == other if self.info == nil || self.info[:plugin_id] == nil false elsif other == nil || other.info == nil || other.info[:plugin_id] == nil false else self.info[:plugin_id] == other.info[:plugin_id] end end
calculate_severity(current_severity, severity)
click to toggle source
# File lib/risu/base/post_process_base.rb, line 189 def calculate_severity current_severity, severity if severity > current_severity return severity else return current_severity end end
create_item(host_id, severity)
click to toggle source
# File lib/risu/base/post_process_base.rb, line 165 def create_item host_id, severity item = Item.new item.host_id = host_id item.plugin_id = @info[:plugin_id] item.plugin_output = nil item.port = 0 item.severity = severity item.plugin_name = @info[:item_name] item.rollup_finding = true item.save end
create_plugin()
click to toggle source
Create a plugin based on a combination of all plugins to be rolled up.
# File lib/risu/base/post_process_base.rb, line 64 def create_plugin plugin = Plugin.find_by_id(@info[:plugin_id]) if plugin == nil plugin = Plugin.new end # Populate items from post process module plugin.id = @info[:plugin_id] plugin.plugin_name = @info[:plugin_name] plugin.description = @info[:description] plugin.plugin_version = @info[:version] plugin.plugin_publication_date = @info[:publication_date] plugin.plugin_modification_date = @info[:modification_date] # Boiler plate for all roll up plugins plugin.family_name = "Risu Rollup Plugins" plugin.synopsis = "Software often has vulnerabilities that are corrected in newer versions. It was determined that an older version of the software is installed on this system." plugin.solution = "If possible, update to the latest version of the software." plugin.plugin_type = "Rollup" plugin.rollup = true plugin.compliance = false # Find oldest vuln date. begin p = Plugin.where(:id => @info[:plugin_ids]).where.not(:vuln_publication_date => nil).order(:vuln_publication_date).first unless p.nil? plugin.vuln_publication_date = p.vuln_publication_date end end begin p = Plugin.where(:id => @info[:plugin_ids]).where.not(:cvss_base_score => nil).order(:cvss_base_score).last unless p.nil? plugin.cvss_base_score = p.cvss_base_score plugin.cvss_vector = p.cvss_vector end end begin p = Plugin.where(:id => @info[:plugin_ids]).where.not(:cvss_temporal_score => nil).order(:cvss_temporal_score).last unless p.nil? plugin.cvss_temporal_score = p.cvss_temporal_score plugin.cvss_temporal_vector = p.cvss_temporal_vector end end if Plugin.where(:id => @info[:plugin_ids], :exploit_available => true).count > 0 plugin.exploit_available = true end if Plugin.where(:id => @info[:plugin_ids], :exploit_framework_core => "true").count > 0 plugin.exploit_framework_core = true end if Plugin.where(:id => @info[:plugin_ids], :exploit_framework_metasploit => "true").count > 0 plugin.exploit_framework_metasploit = true end if Plugin.where(:id => @info[:plugin_ids], :exploit_framework_canvas => "true").count > 0 plugin.exploit_framework_canvas = true end if Plugin.where(:id => @info[:plugin_ids], :exploit_framework_exploithub => "true").count > 0 plugin.exploit_framework_exploithub = true end if Plugin.where(:id => @info[:plugin_ids], :exploit_framework_d2_elliot => "true").count > 0 plugin.exploit_framework_d2_elliot = true end if Plugin.where(:id => @info[:plugin_ids], :in_the_news => true).count > 0 plugin.in_the_news = true end if Plugin.where(:id => @info[:plugin_ids], :exploited_by_malware => "true").count > 0 plugin.exploited_by_malware = true end ["Critical", "High", "Medium", "Low", "Info"].each do |risk| if Plugin.where(:id => @info[:plugin_ids], :risk_factor => risk).size > 0 plugin.risk_factor = risk break end end begin p = Plugin.where(:id => @info[:plugin_ids]).where.not(:stig_severity => nil).order(:stig_severity).first unless p.nil? plugin.stig_severity = p.stig_severity end end # Broken #plugin.references << References.where(:plugin_id => @info[:plugin_ids], :reference_name => "cve") plugin.save end
has_findings()
click to toggle source
# File lib/risu/base/post_process_base.rb, line 180 def has_findings Item.where(:plugin_id => @info[:plugin_ids]).count > 0 end
has_host_findings(host_id)
click to toggle source
# File lib/risu/base/post_process_base.rb, line 184 def has_host_findings(host_id) Item.where(:plugin_id => @info[:plugin_ids]).where(:host_id => host_id).count > 0 end
run()
click to toggle source
# File lib/risu/base/post_process_base.rb, line 198 def run if !has_findings() return end # If this is a "roll up" post-process, create a plugin if Plugin.where(:id => @info[:plugin_ids]).count > 0 create_plugin() end finding_severity = 0 Host.all.each do |host| if !has_host_findings(host.id) next end # Downgrade Nessus findings to -1, to replace with rollup @info[:plugin_ids].each do |plugin_id| Item.where(:plugin_id => plugin_id).each do |item| severity = item.severity item.real_severity = severity item.severity = -1 item.save finding_severity = calculate_severity(finding_severity, severity) end end create_item(host.id, finding_severity) end end