Module: NexposeTicketing::Queries

Defined in:

lib/nexpose_ticketing/queries.rb

Overview

This class serves as repository of SQL queries to be executed by the SQL Repository Exporter for Nexpose.

Copyright

Copyright © 2014 Rapid7, LLC.

Class Method Summary

• .all_delta_vulns ⇒ Object

  Gets all delta vulns for all sites.

• .delta_vulns_since_scan(reported_scan) ⇒ Object

  Gets all delta vulns happening after reported scan id Returns |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id| |url| |summary| |fix|.

• .last_scans ⇒ Object

  Gets all the latests scans.

Class Method Details

.all_delta_vulns ⇒ Object

Gets all delta vulns for all sites. Returns |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id| |url| |summary| |fix|

# File 'lib/nexpose_ticketing/queries.rb', line 18

def Queries.all_delta_vulns
  "SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, davs.solution_id, ds.nexpose_id, ds.url,
  proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix
    FROM (SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan
      FROM fact_asset_scan_vulnerability_finding fasv
      JOIN
      (
        SELECT asset_id, previousScan(asset_id) AS baseline_scan, lastScan(asset_id) AS current_scan
          FROM dim_asset) s
          ON s.asset_id = fasv.asset_id AND (fasv.scan_id = s.baseline_scan OR fasv.scan_id = s.current_scan)
          GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
          HAVING baselineComparison(fasv.scan_id, current_scan) = 'New'
      ) subs
    JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
    JOIN dim_solution ds USING (solution_id)
    JOIN dim_asset da ON subs.asset_id = da.asset_id
    ORDER BY da.ip_address"
end

.delta_vulns_since_scan(reported_scan) ⇒ Object

Gets all delta vulns happening after reported scan id Returns |asset_id| |ip_address| |current_scan| |vulnerability_id| |solution_id| |nexpose_id| |url| |summary| |fix|

# File 'lib/nexpose_ticketing/queries.rb', line 40

def Queries.delta_vulns_since_scan(reported_scan)
  "SELECT subs.asset_id, da.ip_address, subs.current_scan, subs.vulnerability_id, davs.solution_id, ds.nexpose_id, ds.url,
  proofAsText(ds.summary) as summary, proofAsText(ds.fix) as fix
    FROM (SELECT fasv.asset_id, fasv.vulnerability_id, s.current_scan
      FROM fact_asset_scan_vulnerability_finding fasv
      JOIN
      (
        SELECT asset_id, previousScan(asset_id) AS baseline_scan, lastScan(asset_id) AS current_scan
          FROM dim_asset) s
          ON s.asset_id = fasv.asset_id AND (fasv.scan_id > #{reported_scan} OR fasv.scan_id = s.current_scan)
          GROUP BY fasv.asset_id, fasv.vulnerability_id, s.current_scan
          HAVING baselineComparison(fasv.scan_id, current_scan) = 'New'
      ) subs
  JOIN dim_asset_vulnerability_solution davs USING (vulnerability_id)
  JOIN dim_solution ds USING (solution_id)
  JOIN dim_asset da ON subs.asset_id = da.asset_id
  AND subs.current_scan > #{reported_scan}
  ORDER BY da.ip_address"
end

.last_scans ⇒ Object

Gets all the latests scans. Returns |site.id| |last_scan_id| |finished|

# File 'lib/nexpose_ticketing/queries.rb', line 9

def Queries.last_scans
  'SELECT ds.site_id, ds.last_scan_id, dsc.finished
    FROM dim_site ds
    JOIN dim_scan dsc ON ds.last_scan_id = dsc.scan_id'
end