Class: Nexpose::AdhocReportConfig

Inherits:
Object
  • Object
show all
Defined in:
lib/nexpose/report.rb

Overview

Definition object for an adhoc report configuration.

NOTE: XML reports only return the text of the report, but no images.

Direct Known Subclasses

ReportConfig

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(template_id, format, site_id = nil, owner = nil, time_zone = nil) ⇒ AdhocReportConfig

Returns a new instance of AdhocReportConfig.



195
196
197
198
199
200
201
202
203
 
# File 'lib/nexpose/report.rb', line 195

def initialize(template_id, format, site_id = nil, owner = nil, time_zone = nil)
  @template_id = template_id
  @format      = format
  @owner       = owner
  @time_zone   = time_zone

  @filters     = []
  @filters << Filter.new('site', site_id) if site_id
end

Instance Attribute Details

#baselineObject

Baseline comparison highlights the changes between two scans, including newly discovered assets, services and vulnerabilities, assets and services that are no longer available and vulnerabilities that were mitigated or fixed. The current scan results can be compared against the results of the first scan, the most recent (previous) scan, or the scan results from a particular date.



193
194
195
 
# File 'lib/nexpose/report.rb', line 193

def baseline
  @baseline
end

#filtersObject

Array of filters associated with this report.



186
187
188
 
# File 'lib/nexpose/report.rb', line 186

def filters
  @filters
end

#formatObject

Format. One of: pdf|html|rtf|xml|text|csv|db|raw-xml|raw-xml-v2|ns-xml|qualys-xml



180
181
182
 
# File 'lib/nexpose/report.rb', line 180

def format
  @format
end

#languageObject

Returns the value of attribute language.



183
184
185
 
# File 'lib/nexpose/report.rb', line 183

def language
  @language
end

#ownerObject

Returns the value of attribute owner.



181
182
183
 
# File 'lib/nexpose/report.rb', line 181

def owner
  @owner
end

#template_idObject

The ID of the report template used.



178
179
180
 
# File 'lib/nexpose/report.rb', line 178

def template_id
  @template_id
end

#time_zoneObject

Returns the value of attribute time_zone.



182
183
184
 
# File 'lib/nexpose/report.rb', line 182

def time_zone
  @time_zone
end

Instance Method Details

#add_common_vuln_status_filtersObject

Add the common vulnerability status filters as used by the UI for export and jasper report templates (the default filters). Recommended for reports that do not require ‘not vulnerable’ results to be included. The following statuses are added: vulnerable-exploted, vulnerable-version, and potential.



214
215
216
217
218
 
# File 'lib/nexpose/report.rb', line 214

def add_common_vuln_status_filters
  ['vulnerable-exploited', 'vulnerable-version', 'potential'].each do |vuln_status|
    filters << Filter.new('vuln-status', vuln_status)
  end
end

#add_filter(type, id) ⇒ Object

Add a new filter to this report configuration.



206
207
208
 
# File 'lib/nexpose/report.rb', line 206

def add_filter(type, id)
  filters << Filter.new(type, id)
end

#generate(connection, timeout = 300, raw = false) ⇒ Object

Generate a report once using a simple configuration.

For XML-based reports, only the textual report is returned and not any images.

Parameters:

  • connection (Connection)

    Nexpose connection.

  • timeout (Fixnum) (defaults to: 300)

    How long, in seconds, to wait for the report to generate. Larger reports can take a significant amount of time.

  • raw (Boolean) (defaults to: false)

    Whether to bypass response parsing an use the raw response. If this option is used, error will only be exposed by examining Connection#response_xml.

Returns:

  • Report in text format except for PDF, which returns binary data.



247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
 
# File 'lib/nexpose/report.rb', line 247

def generate(connection, timeout = 300, raw = false)
  xml = %(<ReportAdhocGenerateRequest session-id="#{connection.session_id}">)
  xml << to_xml
  xml << '</ReportAdhocGenerateRequest>'
  response = connection.execute(xml, '1.1', timeout: timeout, raw: raw)
  if response.success
    content_type_response = response.raw_response.header['Content-Type']
    if content_type_response =~ /multipart\/mixed;\s*boundary=([^\s]+)/
      # Nexpose sends an incorrect boundary format which breaks parsing
      # e.g., boundary=XXX; charset=XXX
      # Fix by removing everything from the last semi-colon onward.
      last_semi_colon_index = content_type_response.index(/;/, content_type_response.index(/boundary/))
      content_type_response = content_type_response[0, last_semi_colon_index]

      data = 'Content-Type: ' + content_type_response + "\r\n\r\n" + response.raw_response_data
      doc = Rexlite::MIME::Message.new(data)
      doc.parts.each do |part|
        if /.*base64.*/ =~ part.header.to_s
          if @format =~ /(?:ht|x)ml/
            if part.header.to_s =~ %r(text/xml)
              return part.content.unpack('m*')[0].to_s
            elsif part.header.to_s =~ %r(text/html)
              return part.content.unpack('m*')[0].to_s
            end
          else # text|pdf|csv|rtf
            return part.content.unpack('m*')[0]
          end
        end
      end
    end
  end
end

#to_xmlObject 



220
221
222
223
224
225
226
227
228
229
230
231
232
233
 
# File 'lib/nexpose/report.rb', line 220

def to_xml
  xml = %(<AdhocReportConfig format="#{@format}" template-id="#{@template_id}")
  xml << %( owner="#{@owner}") if @owner
  xml << %( timezone="#{@time_zone}") if @time_zone
  xml << %( language="#{@language}") if @language
  xml << '>'

  xml << '<Filters>'
  @filters.each { |filter| xml << filter.to_xml }
  xml << '</Filters>'

  xml << %(<Baseline compareTo="#{@baseline}"/>) if @baseline
  xml << '</AdhocReportConfig>'
end