Merge pull request #62 from filipecunhaf/compliance_improvements

Compliance improvements

Author: djcas9

Gemfile

@@ -1,3 +1,4 @@
+#Gemfile
 # frozen_string_literal: true
 
 source 'https://rubygems.org'

lib/ruby-nessus/version2/event.rb

@@ -37,7 +37,74 @@ def port
       def severity
         @severity ||= @event.at('@severity').inner_text.to_i
       end
+      # New matches for Baseline
 
+      def compliance_info
+        @event.xpath('.//*[name()="cm:compliance-info"]')
+      end
+      def item_id
+        @item_id ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/item_id: (.*)/).captures.first unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/item_id: (.*)/).nil?
+      end
+      def baseline
+        @baseline ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/baseline: (.*)/).captures.first unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/baseline: (.*)/).nil?
+      end
+      def item_description
+        @item_description ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/item_description: (.*)/).captures.first unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/item_description: (.*)/).nil?
+      end
+      def threats
+        @threats ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/threats: (.*)/).captures.first unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/threats: (.*)/).nil?
+      end
+      def impacts
+        @impacts ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/impacts: (.*)/).captures.first unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/impacts: (.*)/).nil?
+      end
+      def session
+        @session ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/session: (.*)/).captures.first unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/session: (.*)/).nil?
+      end
+      def manual_setup
+        @manual_setup ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/manual_setup: (.*\n)*/).to_s.gsub("manual_setup: ","") unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/manual_setup: (.*)/).nil?
+      end
+      def threat_level
+        @threat_level ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/threat_level: (.*)/).captures.first unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/threat_level: (.*)/).nil?
+      end
+      def impact_level
+        @impact_level ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/impact_level: (.*)/).captures.first unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/impact_level: (.*)/).nil?
+      end
+      def check_type
+        @check_type ||= @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/expected_value: (.*)/).captures.first unless @event.xpath('.//*[name()="cm:compliance-info"]').text.match(/expected_value: (.*)/).nil?
+      end
+      def compliance_uname
+        @compliance_uname ||= @event.xpath('.//*[name()="cm:compliance-uname"]').children.text
+      end
+
+      def compliance_check_name
+        @compliance_check_name ||= @event.xpath('.//*[name()="cm:compliance-check-name"]').children.text
+      end
+
+      def compliance_result
+        @compliance_result ||= @event.xpath('.//*[name()="cm:compliance-result"]').children.text
+      end
+
+      def remote_value
+        @remote_value ||= @event.xpath('.//*[name()="cm:compliance-actual-value"]').children.text
+      end
+      
+      def policy_value
+        @policy_value ||= @event.xpath('.//*[name()="cm:compliance-policy-value"]').children.text
+      end
+      
+      def check_name
+        @check_name ||= @event.xpath('.//*[name()="cm:compliance-check-name"]').children.text
+      end
+
+      def compliance_solution
+        @compliance_solution ||= @event.xpath('.//*[name()="cm:compliance-solution"]').children.text
+      end
+
+      def compliance_benchmark_name
+        @compliance_benchmark_name ||= @event.xpath('.//*[name()="cm:compliance-benchmark-name"]').children.text
+      end
+
+      
       #
       # Return true if event is of informational severity.
       #
@@ -130,7 +197,6 @@ def plugin_name
         @plugin_name ||= @event.at('@pluginName')&.inner_text unless @event.at('@pluginName').inner_text.empty?
       end
       alias name plugin_name
-
       #
       # Return the event object plugin type (plugin_type)
       #
@@ -250,6 +316,9 @@ def cvss_base_score
         @cvss_base_score ||= @event.at('cvss_base_score')&.inner_text.to_f
       end
 
+      def cvss3_base_score
+        @cvss3_base_score ||= @event.at('cvss3_base_score')&.inner_text.to_f
+      end
       #
       # Return the event cvss temporal score.
       #
@@ -260,6 +329,10 @@ def cvss_temporal_score
         @cvss_temporal_score ||= @event.at('cvss_temporal_score')&.inner_text.to_f
       end
 
+      def cvss3_temporal_score
+        @cvss_temporal_score ||= @event.at('cvss3_temporal_score')&.inner_text.to_f
+      end
+
       #
       # Return the event cve.
       #
@@ -320,17 +393,29 @@ def cvss_vector
         @cvss_vector ||= @event.at('cvss_vector')&.inner_text
       end
 
+      def cvss3_vector
+        @cvss3_vector ||= @event.at('cvss3_vector')&.inner_text#.gsub("CVSS:3.0/","")
+      end
+
+      def cvss_temporal_vector
+        @cvss_temporal_vector ||= @event.at('cvss_temporal_vector')&.inner_text
+      end
+
+      def cvss3_temporal_vector
+        @cvss3_temporal_vector ||= @event.at('cvss3_temporal_vector')&.inner_text#.gsub("CVSS:3.0/","")
+      end
+
       #
       # Return the event cpe.
       #
       # @return [Array<String>]
       #    Return the event cpe.
-      #
+      # 
       def cpe
         unless @cpe
           @cpe = []
           @event.xpath('cpe').each do |cpe|
-            @cpe << cpe.inner_text
+            @cpe |= cpe.inner_text.split("\n")
           end
         end
         @cpe

lib/ruby-nessus/version2/host.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-
 module RubyNessus
   module Version2
     class Host
@@ -35,7 +34,9 @@ def name
       #   host.hostname #=> "example.com"
       #
       def hostname
-        @host.at('tag[name=host-fqdn]')&.inner_text
+        hostname ||= @host.at('tag[name=host-fqdn]')&.inner_text
+        hostname ||=  @host.css("ReportItem[pluginID=55472]").xpath("./plugin_output").text.match(/Hostname : (.*)/)[1]
+        return hostname
       end
       alias fqdn hostname
       alias dns_name hostname
@@ -151,6 +152,65 @@ def os_name
       # @example
       #   host.open_ports #=> 213
       #
+      #57033
+      def patch_checked?
+        if @host.css("ReportItem[pluginID=57033]").empty?
+          return false
+        else
+          return true
+        end#.xpath('.//plugin_output').inner_text.split(" - ")
+      end
+      #TODO
+      #Add more OS
+      def os_unsupported?
+        if @host.css("ReportItem[pluginID=33850]").empty?
+          return false
+        else
+          return true
+        end#.xpath('.//plugin_output').inner_text.split(" - ")
+      end
+
+      def rhel_missing_patchs
+        count = 0
+        @rhel_missing_patches = @host.css("ReportItem[pluginFamily='Red Hat Local Security Checks']").map do |event|
+          plugin_name ||= event.at('@pluginName')&.inner_text unless event.at('@pluginName').inner_text.empty?
+          if event['severity'] != 0 and !(plugin_name.match(/(RHEL \d) : (.*) (\(RHSA-\d{4}:\d{1,4}\))/)).nil?
+            count +=1
+            Event.new(event) 
+          end
+        end
+        @rhel_missing_patches.compact
+      end
+
+      #TODO
+      def win_missing_patches
+        count = 0
+        @missing_patches = @host.css("ReportItem[pluginFamily='Windows : Microsoft Bulletins']").map do |event|
+          if event['severity'] != 0
+            count +=1
+            Event.new(event) 
+          end
+        end
+        @missing_patches#.xpath('.//plugin_output').inner_text.split(" - ")
+      end
+
+      def trd_party_software
+        @host.css("ReportItem[pluginID=38153]").xpath('.//plugin_output').inner_text.split(" - ")
+      end
+
+      def ms_compliance_itens_total
+        #" asdf"
+        pp @host.css("ReportItem[pluginID=21156]")#.size
+      end
+
+      def unix_compliance_itens_total
+        @host.css("ReportItem[pluginID=21157]").size
+      end
+
+      def vcenter_compliance_itens_total
+        @host.css("ReportItem[pluginID=64455]").size
+      end
+
       def open_ports
         @scanned_ports ||= host_stats[:open_ports].to_i
       end
@@ -264,6 +324,7 @@ def critical_severity_events
         end
         @critical_events
       end
+      
 
       #
       # Return the total event count for a given host.
@@ -443,6 +504,25 @@ def total_event_count(count_informational = nil)
         end
       end
 
+
+      #
+      # Return the List of ESXi hosts that were scanned
+      #
+      # @return [Integer]
+      #   The Total Severity Count
+      #
+      # @example
+      #   scan.total_event_count #=> 1561
+      #
+      def esxi_scanned_hosts
+        report_items = @host.css("ReportItem[pluginID=12053]")
+        unless report_items.nil?
+          reportItem.each do |report_item|
+            report_item.xpath("./plugin_output").text.strip.gsub(" resolves as ",",")[0..-2].split(",")
+          end
+        end
+      end
+
       #
       # Return the Total severity count.
       #

lib/ruby-nessus/version2/scan.rb

@@ -82,6 +82,33 @@ def target_hosts
         nil
       end
 
+      #
+      # Return the hosts the were targeted for the initial scan.
+      # These are the hosts that were inputed when creating the scan.
+      #
+      # @return [Array<String>]
+      #   Array of hosts
+      #
+      def report_hosts
+        hosts = Hash.new()
+        @xml.xpath('//ReportHost').each do |report_host|
+          #binding.pry
+          ip_address = ""
+          asset_name = ""
+          operating_system = ""
+          unless  report_host.nil?
+            report_host.xpath('.//tag').each do |tag|
+              ip_address = tag.text if tag.attribute_nodes.first.value == "host-ip"
+              asset_name = tag.text if tag.attribute_nodes.first.value == "host-fqdn"
+              operating_system = tag.text if tag.attribute_nodes.first.value == "operating-system"
+            end
+            #binding.pry
+            hosts[ip_address] = {"asset_name"=> "#{asset_name}", "operating_system" => operating_system}
+          end
+        end
+        return hosts
+      end
+
       #
       # Creates a new Host object to be parser
       #

ruby-nessus.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.push File.expand_path('lib', __dir__)
 
 Gem::Specification.new do |gem|
   gem.name        = 'ruby-nessus'
-  gem.version     = '2.0.beta'
+  gem.version     = '2.0.1'
   gem.summary     = 'Ruby-Nessus is a ruby interface for the popular Nessus vulnerability scanner.'
   gem.description = 'Ruby-Nessus aims to deliver an easy yet powerful interface for interacting and manipulating Nessus scan results and configurations.'
   gem.licenses    = ['MIT']
@@ -18,8 +18,8 @@ Gem::Specification.new do |gem|
   gem.require_paths = ['lib']
   gem.required_ruby_version = '>= 2.3'
 
-  gem.add_dependency 'nokogiri', '~> 1.4'
-  gem.add_dependency 'rainbow', '>= 2.0'
+  gem.add_dependency 'nokogiri', '>= 1.10.10'
+  gem.add_dependency 'rainbow', '>= 3.0'
 
   gem.add_development_dependency 'rspec', '~> 3.7'
   gem.add_development_dependency 'rubocop', '~> 0.51'