Class: AddVulnDetails

Inherits:
ActiveRecord::Migration
  • Object
show all
Defined in:
db/migrate/20120625000000_add_vuln_details.rb

Class Method Summary collapse

Class Method Details

.downObject 



31
32
33
 
# File 'db/migrate/20120625000000_add_vuln_details.rb', line 31

def self.down
	drop_table :vuln_details
end

.upObject 



3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'db/migrate/20120625000000_add_vuln_details.rb', line 3

def self.up
	create_table :vuln_details do |t|
		t.integer   :vuln_id     # Vuln table reference
		t.float		:cvss_score  # 0.0 to 10.0
		t.string	:cvss_vector # Ex: (AV:N/AC:L/Au:N/C:C/I:C/A:C)(AV:N/AC:L/Au:N/C:C/I:C/A:C)

		t.string	:title       # Short identifier
		t.text		:description # Plain text or HTML (trusted)
		t.text		:solution    # Plain text or HTML (trusted)
		t.binary	:proof       # Should be UTF-8, but may not be, sanitize on output
					             # Technically this duplicates vuln.info, but that field
					             # is poorly managed / handled today. Eventually we will
					             # replace vuln.info

		# Nexpose-specific fields
		t.integer	:nx_console_id   # NexposeConsole table reference
		t.integer	:nx_device_id    # Reference from the Nexpose side
		t.string	:nx_vuln_id      # 'jre-java-update-flaw'
		t.float		:nx_severity     # 0-10
		t.float		:nx_pci_severity # 0-10
		t.timestamp	:nx_published    # Normalized from "20081205T000000000"
		t.timestamp	:nx_added        # Normalized from "20081205T000000000"
		t.timestamp	:nx_modified     # Normalized from "20081205T000000000"
		t.text		:nx_tags         # Comma separated

	end
end