Class: Nexpose::VulnException

Inherits:

Object

• Object
• Nexpose::VulnException

Defined in:

lib/nexpose/vuln_exception.rb

Overview

A vulnerability exception.

Certain attributes are necessary for some exception scopes, even though they are optional otherwise. • An exception for all instances of a vulnerability on all assets only

requires the vuln_id attribute. The asset_id, vuln_key and port
attributes are ignored for this scope type.

• An exception for all instances on a specific asset requires the vuln_id

and asset_id attributes. The vuln_key and port attributes are ignored for
this scope type.

• An exception for a specific instance of a vulnerability on a specific

asset requires the vuln_id, asset_id. Additionally, the port and/or the
key attribute must be specified.

Defined Under Namespace

Modules: Reason, Scope, Status

Instance Attribute Summary

• #asset_id ⇒ Object (also: #device_id)

  ID of asset, if this exception applies to only one asset.

• #expiration ⇒ Object

  The date an exception will expire, causing the vulnerability to be included in report risk scores.

• #id ⇒ Object

  Unique identifier assigned to an exception.

• #port ⇒ Object

  Port on a asset, if this exception applies to a specific port.

• #reason ⇒ Object

  The reason for the exception status.

• #reviewer ⇒ Object

  The name of the reviewer of the exception.

• #reviewer_comment ⇒ Object

  Any comment provided by the reviewer.

• #scope ⇒ Object

  The scope of the exception.

• #site_id ⇒ Object

  Id of the site, if this exception applies to all instances on a site.

• #status ⇒ Object

  The state of the exception in the work flow process.

• #submitter ⇒ Object

  The name of submitter of the exception.

• #submitter_comment ⇒ Object

  Any comment provided by the submitter.

• #vuln_id ⇒ Object

  Unique identifier of a vulnerability.

• #vuln_key ⇒ Object

  The specific vulnerable component in a discovered instance of the vulnerability referenced by the vuln_id, such as a program, file or user account.

Class Method Summary

• .parse(xml) ⇒ Object

Instance Method Summary

• #approve(connection, comment = nil) ⇒ Boolean

  Approve a vulnerability exception request, update comments and expiration dates on vulnerability exceptions that are “Under Review”.

• #delete(connection) ⇒ Boolean

  Deletes this vulnerability exception.

• #initialize(vuln_id, scope, reason, status = nil) ⇒ VulnException constructor

  A new instance of VulnException.

• #recall(connection) ⇒ Boolean

  Recall a vulnerability exception.

• #reject(connection, comment = nil) ⇒ Boolean

  Reject a vulnerability exception request and update comments for the vulnerability exception request.

• #resubmit(connection) ⇒ Boolean

  Resubmit a vulnerability exception request with a new comment and reason after an exception has been rejected.

• #save(connection, comment = nil) ⇒ Fixnum

  Submit this exception on the security console.

• #update_expiration_date(connection, new_date) ⇒ Boolean

  Update the expiration date for this exception.

• #update_reviewer_comment(connection, comment) ⇒ Boolean

  Update security console with reviewer comment on this vulnerability exceptions.

• #update_submitter_comment(connection, comment) ⇒ Boolean

  Update security console with submitter comment on this vulnerability exceptions.

• #validate ⇒ Object

  Validate that this exception meets to requires for the assigned scope.

Constructor Details

#initialize(vuln_id, scope, reason, status = nil) ⇒ VulnException

Returns a new instance of VulnException.

# File 'lib/nexpose/vuln_exception.rb', line 134

def initialize(vuln_id, scope, reason, status = nil)
  @vuln_id, @scope, @reason, @status = vuln_id, scope, reason, status
end

Instance Attribute Details

#asset_id ⇒ Object Also known as: device_id

ID of asset, if this exception applies to only one asset.

# File 'lib/nexpose/vuln_exception.rb', line 115

def asset_id
  @asset_id
end

#expiration ⇒ Object

The date an exception will expire, causing the vulnerability to be included in report risk scores.

# File 'lib/nexpose/vuln_exception.rb', line 128

def expiration
  @expiration
end

#id ⇒ Object

Unique identifier assigned to an exception.

# File 'lib/nexpose/vuln_exception.rb', line 98

def id
  @id
end

#port ⇒ Object

Port on a asset, if this exception applies to a specific port.

# File 'lib/nexpose/vuln_exception.rb', line 121

def port
  @port
end

#reason ⇒ Object

The reason for the exception status.

See Also:

• Reason

# File 'lib/nexpose/vuln_exception.rb', line 110

def reason
  @reason
end

#reviewer ⇒ Object

The name of the reviewer of the exception.

# File 'lib/nexpose/vuln_exception.rb', line 104

def reviewer
  @reviewer
end

#reviewer_comment ⇒ Object

Any comment provided by the reviewer.

# File 'lib/nexpose/vuln_exception.rb', line 132

def reviewer_comment
  @reviewer_comment
end

#scope ⇒ Object

The scope of the exception.

See Also:

• Scope

# File 'lib/nexpose/vuln_exception.rb', line 113

def scope
  @scope
end

#site_id ⇒ Object

Id of the site, if this exception applies to all instances on a site

# File 'lib/nexpose/vuln_exception.rb', line 119

def site_id
  @site_id
end

#status ⇒ Object

The state of the exception in the work flow process.

See Also:

• Status

# File 'lib/nexpose/vuln_exception.rb', line 107

def status
  @status
end

#submitter ⇒ Object

The name of submitter of the exception.

# File 'lib/nexpose/vuln_exception.rb', line 102

def submitter
  @submitter
end

#submitter_comment ⇒ Object

Any comment provided by the submitter.

# File 'lib/nexpose/vuln_exception.rb', line 130

def submitter_comment
  @submitter_comment
end

#vuln_id ⇒ Object

Unique identifier of a vulnerability.

# File 'lib/nexpose/vuln_exception.rb', line 100

def vuln_id
  @vuln_id
end

#vuln_key ⇒ Object

The specific vulnerable component in a discovered instance of the vulnerability referenced by the vuln_id, such as a program, file or user account.

# File 'lib/nexpose/vuln_exception.rb', line 125

def vuln_key
  @vuln_key
end

Class Method Details

.parse(xml) ⇒ Object

# File 'lib/nexpose/vuln_exception.rb', line 326

def self.parse(xml)
  exception = new(xml.attributes['vuln-id'],
                  xml.attributes['scope'],
                  xml.attributes['reason'],
                  xml.attributes['status'])

  exception.id = xml.attributes['exception-id']
  exception.submitter = xml.attributes['submitter']
  exception.reviewer = xml.attributes['reviewer']
  exception.asset_id = xml.attributes['device-id']
  exception.port = xml.attributes['port-no']
  exception.vuln_key = xml.attributes['vuln-key']
  # TODO: Convert to Date/Time object?
  exception.expiration = xml.attributes['expiration-date']

  submitter_comment = xml.elements['submitter-comment']
  exception.submitter_comment = submitter_comment.text if submitter_comment
  reviewer_comment = xml.elements['reviewer-comment']
  exception.reviewer_comment = reviewer_comment.text if reviewer_comment

  exception
end

Instance Method Details

#approve(connection, comment = nil) ⇒ Boolean

Approve a vulnerability exception request, update comments and expiration dates on vulnerability exceptions that are “Under Review”.

Parameters:

• connection (Connection) —

  Connection to security console.

• comment (String) (defaults to: nil) —

  Comment to accompany the approval.

Returns:

• (Boolean) —

  Whether or not the approval was accepted by the console.

# File 'lib/nexpose/vuln_exception.rb', line 209

def approve(connection, comment = nil)
  xml = connection.make_xml('VulnerabilityExceptionApproveRequest',
                            { 'exception-id' => @id })
  if comment
    cxml = REXML::Element.new('comment')
    cxml.add_text(comment)
    xml.add_element(cxml)
    @reviewer_comment = comment
  end

  connection.execute(xml, '1.2').success
end

#delete(connection) ⇒ Boolean

Deletes this vulnerability exception.

Parameters:

• connection (Connection) —

  Connection to security console.

Returns:

• (Boolean) —

  Whether or not deletion was successful.

# File 'lib/nexpose/vuln_exception.rb', line 246

def delete(connection)
  connection.delete_vuln_exception(@id)
end

#recall(connection) ⇒ Boolean

Recall a vulnerability exception. Recall is used by a submitter to undo an exception request that has not been approved yet.

You can only recall a vulnerability exception that has ‘Under Review’ status.

Parameters:

• connection (Connection) —

  Connection to security console.

Returns:

• (Boolean) —

  Whether or not the recall was accepted by the console.

# File 'lib/nexpose/vuln_exception.rb', line 198

def recall(connection)
  connection.recall_vuln_exception(id)
end

#reject(connection, comment = nil) ⇒ Boolean

Reject a vulnerability exception request and update comments for the vulnerability exception request.

Parameters:

• connection (Connection) —

  Connection to security console.

• comment (String) (defaults to: nil) —

  Comment to accompany the rejection.

Returns:

• (Boolean) —

  Whether or not the reject was accepted by the console.

# File 'lib/nexpose/vuln_exception.rb', line 229

def reject(connection, comment = nil)
  xml = connection.make_xml('VulnerabilityExceptionRejectRequest',
                            { 'exception-id' => @id })
  if comment
    cxml = REXML::Element.new('comment')
    cxml.add_text(comment)
    xml.add_element(cxml)
  end

  connection.execute(xml, '1.2').success
end

#resubmit(connection) ⇒ Boolean

Resubmit a vulnerability exception request with a new comment and reason after an exception has been rejected.

You can only resubmit a request that has a “Rejected” status; if an exception is “Approved” or “Under Review” you will receive an error message stating that the exception request cannot be resubmitted.

This call will use the object’s current state to resubmit.

Parameters:

• connection (Connection) —

  Connection to security console.

Returns:

• (Boolean) —

  Whether or not the resubmission was valid.

Raises:

• (ArgumentError)

# File 'lib/nexpose/vuln_exception.rb', line 184

def resubmit(connection)
  raise ArgumentError.new('Only Rejected exceptions can be resubmitted.') unless @status == Status::REJECTED
  connection.resubmit_vuln_exception(@id, @submitter_comment, @reason)
end

#save(connection, comment = nil) ⇒ Fixnum

Submit this exception on the security console.

Parameters:

• connection (Connection) —

  Connection to security console.

Returns:

• (Fixnum) —

  Newly assigned exception ID.

# File 'lib/nexpose/vuln_exception.rb', line 143

def save(connection, comment = nil)
  validate

  xml = connection.make_xml('VulnerabilityExceptionCreateRequest')
  xml.add_attributes({ 'vuln-id' => @vuln_id,
                       'scope' => @scope,
                       'reason' => @reason })
  case @scope
  when Scope::ALL_INSTANCES_ON_A_SPECIFIC_ASSET
    xml.add_attributes({ 'device-id' => @asset_id })
  when Scope::SPECIFIC_INSTANCE_OF_SPECIFIC_ASSET
    xml.add_attributes({ 'device-id' => @asset_id,
                         'port-no' => @port,
                         'vuln-key' => @vuln_key })
  when Scope::ALL_INSTANCES_IN_A_SPECIFIC_SITE
    xml.add_attributes({ 'site-id ' => @site_id })
  end

  @submitter_comment = comment if comment
  if @submitter_comment
    comment_elem = REXML::Element.new('comment')
    comment_elem.add_text(@submitter_comment)
    xml.add_element(comment_elem)
  end

  response = connection.execute(xml, '1.2')
  @id = response.attributes['exception-id'].to_i if response.success
end

#update_expiration_date(connection, new_date) ⇒ Boolean

Update the expiration date for this exception. The expiration time cannot be in the past.

Parameters:

• connection (Connection) —

  Connection to security console.

• new_date (String) —

  Date in the format “YYYY-MM-DD”.

Returns:

• (Boolean) —

  Whether the update was successfully submitted.

# File 'lib/nexpose/vuln_exception.rb', line 296

def update_expiration_date(connection, new_date)
  xml = connection.make_xml('VulnerabilityExceptionUpdateExpirationDateRequest',
                            { 'exception-id' => @id,
                              'expiration-date' => new_date })
  connection.execute(xml, '1.2').success
end

#update_reviewer_comment(connection, comment) ⇒ Boolean

Update security console with reviewer comment on this vulnerability exceptions.

Parameters:

• connection (Connection) —

  Connection to security console.

• comment (String) —

  Reviewer comment on this exception.

Returns:

• (Boolean) —

  Whether the comment was successfully submitted.

# File 'lib/nexpose/vuln_exception.rb', line 278

def update_reviewer_comment(connection, comment)
  xml = connection.make_xml('VulnerabilityExceptionUpdateCommentRequest',
                            { 'exception-id' => @id })
  cxml = REXML::Element.new('reviewer-comment')
  cxml.add_text(comment)
  xml.add_element(cxml)
  @reviewer_comment = comment

  connection.execute(xml, '1.2').success
end

#update_submitter_comment(connection, comment) ⇒ Boolean

Update security console with submitter comment on this vulnerability exceptions.

Cannot update a submit comment unless exception is under review or has expired.

Parameters:

• connection (Connection) —

  Connection to security console.

• comment (String) —

  Submitter comment on this exception.

Returns:

• (Boolean) —

  Whether the comment was successfully submitted.

# File 'lib/nexpose/vuln_exception.rb', line 260

def update_submitter_comment(connection, comment)
  xml = connection.make_xml('VulnerabilityExceptionUpdateCommentRequest',
                            { 'exception-id' => @id })
  cxml = REXML::Element.new('submitter-comment')
  cxml.add_text(comment)
  xml.add_element(cxml)
  @submitter_comment = comment

  connection.execute(xml, '1.2').success
end

#validate ⇒ Object

Validate that this exception meets to requires for the assigned scope.

Raises:

• (ArgumentError)

# File 'lib/nexpose/vuln_exception.rb', line 305

def validate
  raise ArgumentError.new('No vuln_id.') unless @vuln_id
  raise ArgumentError.new('No scope.') unless @scope
  raise ArgumentError.new('No reason.') unless @reason

  case @scope
  when Scope::ALL_INSTANCES
    @asset_id = @port = @vuln_key = nil
  when Scope::ALL_INSTANCES_ON_A_SPECIFIC_ASSET
    raise ArgumentError.new('No asset_id.') unless @asset_id
    @port = @vuln_key = nil
  when Scope::SPECIFIC_INSTANCE_OF_SPECIFIC_ASSET
    raise ArgumentError.new('No asset_id.') unless @asset_id
    raise ArgumentError.new('Port or vuln_key is required.') unless @port || @vuln_key
  when Scope::ALL_INSTANCES_IN_A_SPECIFIC_SITE
    raise ArgumentError.new('No site_id.') unless @site_id
  else
    raise ArgumentError.new("Invalid scope: #{@scope}")
  end
end