Module: Resource::Session

Included in:

NessusClient

Defined in:

lib/modules/session.rb

Overview

Namespace for Session resource.

Instance Attribute Summary

• #session ⇒ Boolean readonly

  Whether has a session.

Instance Method Summary

• #destroy ⇒ Object (also: #logout)

  Destroy the current session.

• #set_session(username, password) ⇒ nil (also: #session_create)

  Autenticate into Nessus resource.

Instance Attribute Details

#session ⇒ Boolean (readonly)

Returns whether has a session.

Returns:

• (Boolean) —

  whether has a session.

# File 'lib/modules/session.rb', line 6

def session
  @session
end

Instance Method Details

#destroy ⇒ Object Also known as: logout

Destroy the current session.

# File 'lib/modules/session.rb', line 40

def destroy
  request.delete({ path: '/session', headers: headers })
  @session = false
end

#set_session(username, password) ⇒ nil Also known as: session_create

TODO:

Validate response token format

Autenticate into Nessus resource.

Parameters:

• username (String)
• password (String)

Returns:

• (nil)

Raises:

• (NessusClient::Error) —

  Unable to authenticate.

# File 'lib/modules/session.rb', line 16

def set_session(username, password)
  payload = {
    username: username,
    password: password
  }

  resp = request.post({ path: '/session', payload: payload, headers: headers })
  # binding.pry
  if !resp.key?('token')
    raise NessusClient::Error, 'Unable to authenticate.'
  elsif !resp['token'].match(/(?<token>[a-z0-9]{48})/)
    raise NessusClient::Error, 'The token doesnt match with the pattern.'
  end

  headers.update('X-Cookie' => 'token=' + resp['token'])
  @session = true
  api_token = set_api_token
  headers.update('X-API-Token' => api_token) if api_token
rescue NessusClient::Error => e
  raise e
end