Class: Nexpose::VulnerabilitySummary

Inherits:

Vulnerability

• Object
• Vulnerability
• Nexpose::VulnerabilitySummary

Defined in:

lib/nexpose/vuln.rb

Overview

Summary of a vulnerability.

Direct Known Subclasses

VulnerabilityDetail

Instance Attribute Summary

• #added ⇒ Object

  When this vulnerability was first included in the application.

• #credentials ⇒ Object

  A vulnerability is considered “credentialed” when all of its checks require credentials or if the check depends on previous authentication during a scan.

• #cvss_score ⇒ Object

  The computation of the Common Vulnerability Scoring System indicating compliance with PCI standards on a scale from 0 to 10.0.

• #cvss_vector ⇒ Object

  How the vulnerability is exploited according to PCI standards.

• #modified ⇒ Object

  The last date the vulnerability was modified.

• #pci_severity ⇒ Object

  PCI severity value for the vulnerability on a scale of 1 to 5.

• #published ⇒ Object

  The date when the information about the vulnerability was first released.

• #safe ⇒ Object

  Whether all checks for the vulnerability are safe.

Attributes inherited from Vulnerability

#id, #severity, #title

Class Method Summary

• .parse(xml) ⇒ Object
• .parse_attributes(xml) ⇒ Object

Methods inherited from Vulnerability

#initialize

Constructor Details

This class inherits a constructor from Nexpose::Vulnerability

Instance Attribute Details

#added ⇒ Object

When this vulnerability was first included in the application.

# File 'lib/nexpose/vuln.rb', line 160

def added
  @added
end

#credentials ⇒ Object

A vulnerability is considered “credentialed” when all of its checks require credentials or if the check depends on previous authentication during a scan.

# File 'lib/nexpose/vuln.rb', line 157

def credentials
  @credentials
end

#cvss_score ⇒ Object

The computation of the Common Vulnerability Scoring System indicating compliance with PCI standards on a scale from 0 to 10.0.

# File 'lib/nexpose/vuln.rb', line 173

def cvss_score
  @cvss_score
end

#cvss_vector ⇒ Object

How the vulnerability is exploited according to PCI standards.

# File 'lib/nexpose/vuln.rb', line 169

def cvss_vector
  @cvss_vector
end

#modified ⇒ Object

The last date the vulnerability was modified.

# File 'lib/nexpose/vuln.rb', line 163

def modified
  @modified
end

#pci_severity ⇒ Object

PCI severity value for the vulnerability on a scale of 1 to 5.

# File 'lib/nexpose/vuln.rb', line 148

def pci_severity
  @pci_severity
end

#published ⇒ Object

The date when the information about the vulnerability was first released.

# File 'lib/nexpose/vuln.rb', line 166

def published
  @published
end

#safe ⇒ Object

Whether all checks for the vulnerability are safe. Unsafe checks may cause denial of service or otherwise disrupt system performance.

# File 'lib/nexpose/vuln.rb', line 152

def safe
  @safe
end

Class Method Details

.parse(xml) ⇒ Object

# File 'lib/nexpose/vuln.rb', line 193

def self.parse(xml)
  parse_attributes(xml)
end

.parse_attributes(xml) ⇒ Object

# File 'lib/nexpose/vuln.rb', line 175

def self.parse_attributes(xml)
  vuln = new(xml.attributes['id'],
             xml.attributes['title'],
             xml.attributes['severity'].to_i)

  vuln.pci_severity = xml.attributes['pciSeverity'].to_i
  vuln.safe = xml.attributes['safe'] == 'true'  # or xml.attributes['safe'] == '1'
  vuln.added = Date.parse(xml.attributes['added'])
  vuln.modified = Date.parse(xml.attributes['modified'])
  vuln.credentials = xml.attributes['requiresCredentials'] == 'true'

  # These three fields are optional in the XSD.
  vuln.published = Date.parse(xml.attributes['published']) if xml.attributes['published']
  vuln.cvss_vector = xml.attributes['cvssVector'] if xml.attributes['cvssVector']
  vuln.cvss_score = xml.attributes['cvssScore'].to_f if xml.attributes['cvssScore']
  vuln
end