class Risu::Parsers::Nessus::PostProcess::RiskScore

Public Class Methods

new() click to toggle source
# File lib/risu/parsers/nessus/postprocess/risk_score.rb, line 29
def initialize
        @info =
        {
                :description => "RiskScore Calculator",
                :plugin_id => 0
        }                                         
end

Public Instance Methods

calculate_host_risk_score() click to toggle source
# File lib/risu/parsers/nessus/postprocess/risk_score.rb, line 76
def calculate_host_risk_score
        Host.all.each do |host|
                risk_score = 0.0

                host.items.to_a.each do |item|
                        risk_score = risk_score + item.risk_score
                end

                #@TODO weighting goes here

                host.risk_score = risk_score
                host.save
        end
end
calculate_item_risk_score() click to toggle source

Calculates the RiskScore for a Item which is == to the Plugin's RiskScore

# File lib/risu/parsers/nessus/postprocess/risk_score.rb, line 40
def calculate_item_risk_score
        Item.all.each do |item|
                plugin = Plugin.where(:id => item.plugin_id).first

                risk_score = 0.0
                cvss_base_score = plugin.cvss_base_score.to_f || 1.0
                vuln_publication_date = plugin.vuln_publication_date

                vuln_pub_days = 1
                vuln_pub_days = (DateTime.now.to_date - vuln_publication_date.to_date).to_i if vuln_publication_date != nil

                exploitable = plugin.exploit_available
                exploitable_factor = 1

                if exploitable == "true"
                        exploitable_factor = 0.6
                end

                risk_score = (cvss_base_score * vuln_pub_days * 0.8) * exploitable_factor

                item.risk_score = risk_score
                item.save
        end
end
calculate_plugin_risk_score() click to toggle source
# File lib/risu/parsers/nessus/postprocess/risk_score.rb, line 66
def calculate_plugin_risk_score
        Plugin.all.each do |plugin|
                items = Item.where(:plugin_id => plugin.id).to_a

                plugin.risk_score = items.first.risk_score * items.count
                plugin.save
        end
end
run() click to toggle source
# File lib/risu/parsers/nessus/postprocess/risk_score.rb, line 92
def run
        calculate_item_risk_score()
        calculate_plugin_risk_score()
        calculate_host_risk_score()
end