Class: BaseMode

Inherits:

Object

• Object
• BaseMode

Defined in:

lib/nexpose_ticketing/modes/base_mode.rb

Direct Known Subclasses

DefaultMode, IPMode, VulnerabilityMode

Instance Method Summary

• #finalize_description(ticket_desc, nxid) ⇒ Object

  Generates a final description string based on a description hash.

• #get_assets(row) ⇒ Object

  Returns the assets for a vulnerability in a format suitable to be inserted into a ticket.

• #get_description(nexpose_id, row) ⇒ Object

  Returns the base ticket description object.

• #get_discovery_info(row) ⇒ Object
• #get_field_info(fields, row) ⇒ Object

  Returns the relevant row values for printing.

• #get_header(row) ⇒ Object

  Generates the vulnerability header from the row data.

• #get_matching_fields ⇒ Object

  Returns the fields used to identify individual tickets.

• #get_nxid(nexpose_id, row) ⇒ Object

  Generates a unique identifier for a ticket.

• #get_query_suffix ⇒ Object

  Returns the suffix used for query method names.

• #get_references(row) ⇒ Object

  Formats the references for a vulnerability in a format suitable to be inserted into a ticket.

• #get_short_summary(row) ⇒ Object

  Generates a short summary for a vulnerability.

• #get_solutions(row) ⇒ Object

  Formats the solutions for a vulnerability in a format suitable to be inserted into a ticket.

• #get_title(row) ⇒ Object

  Returns the ticket’s title.

• #get_vuln_info(row) ⇒ Object

  Formats the row data to be inserted into a ‘D’ or ‘I’ mode ticket description.

• #initialize(options) ⇒ BaseMode constructor

  Initializes the mode.

• #load_queries ⇒ Object
• #method_missing(name, *args) ⇒ Object

  Catch-all method when a unknown method is called.

• #print_description(description) ⇒ Object

  Converts the ticket description object into a formatted string.

• #truncate_title(title) ⇒ Object

  Cuts the title down to size specified in config, if necessary.

• #update_description(description, row) ⇒ Object

  Updates the ticket description based on row data.

• #updates_supported? ⇒ Boolean

  True if this mode supports ticket updates.

Constructor Details

#initialize(options) ⇒ BaseMode

Initializes the mode

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 6

def initialize(options)
  @options = options
  @log = NexposeTicketing::NxLogger.instance
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(name, *args) ⇒ Object

Catch-all method when a unknown method is called

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 196

def method_missing(name, *args)
  @log.log_message("Method #{name} not implemented for #{@options[:ticket_mode]} mode.")
end

Instance Method Details

#finalize_description(ticket_desc, nxid) ⇒ Object

Generates a final description string based on a description hash.

- +ticket_desc+ - The ticket description to be formatted.
- +nxid+ - The NXID to be appended to the ticket.

• Returns :

  • String containing ticket description text.

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 73

def finalize_description(ticket_desc, nxid)
  nxid_line = "\n\n\n#{nxid}"
  
  #If the ticket is too long, truncate it to fit the NXID
  max_len = @options[:max_ticket_length]
  if max_len > 0 and (ticket_desc + nxid_line).length > max_len
    #Leave space for newline characters, nxid and ellipsis (...)
    ticket_desc = ticket_desc[0...max_len - (nxid_line.length+5)]
    ticket_desc << "\n...\n"
  end

  "#{ticket_desc}#{nxid_line}"
end

#get_assets(row) ⇒ Object

Returns the assets for a vulnerability in a format suitable to be inserted into a ticket.

- +row+ -  CSV row containing vulnerability data.

• Returns :

  • String formatted with affected assets.

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 173

def get_assets(row)
  assets = "\n#{row['comparison'] || 'Affected' } Assets\n"

  row['assets'].to_s.split('~').each do |a|
    asset = a.split('|')
    assets << " - #{asset[1]} #{"\t(#{asset[2]})" if !asset[2].empty?}\n"
  end
  assets
end

#get_description(nexpose_id, row) ⇒ Object

Returns the base ticket description object

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 32

def get_description(nexpose_id, row)
  description
end

#get_discovery_info(row) ⇒ Object

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 142

def get_discovery_info(row)
  return '' if row['first_discovered'].to_s == ""
  info = "\nFirst Seen: #{row['first_discovered']}\n"
  info << "Last Seen: #{row['most_recently_discovered']}\n"
  info
end

#get_field_info(fields, row) ⇒ Object

Returns the relevant row values for printing.

- +fields+ -  The fields which are relevant to the ticket.
- +row+ -  CSV row containing vulnerability data.

• Returns :

  • String formatted with relevant fields.

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 191

def get_field_info(fields, row)
  fields.map { |x| "#{x.gsub("_", " ")}: #{row[x]}" }.join(", ")
end

#get_header(row) ⇒ Object

Generates the vulnerability header from the row data.

- +row+ -  CSV row containing vulnerability data.

• Returns :

  • String formatted with vulnerability data.

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 109

def get_header(row)
  ticket = "\n=============================="
  ticket << "\nVulnerability ID: #{row['vulnerability_id']}"
  ticket << "\nNexpose ID: #{row['vuln_nexpose_id']}"
  ticket << "\nCVSS Score: #{row['cvss_score']}"
  ticket << "\n=============================="
end

#get_matching_fields ⇒ Object

Returns the fields used to identify individual tickets

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 17

def get_matching_fields
  ['']
end

#get_nxid(nexpose_id, row) ⇒ Object

Generates a unique identifier for a ticket

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 27

def get_nxid(nexpose_id, row)
  "#{nil}c#{nil}"
end

#get_query_suffix ⇒ Object

Returns the suffix used for query method names

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 53

def get_query_suffix
  '_by_ip'
end

#get_references(row) ⇒ Object

Formats the references for a vulnerability in a format suitable to be inserted into a ticket.

- +row+ -  CSV row containing vulnerability data.

• Returns :

  • String formatted with source and reference.

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 156

def get_references(row)
  num_refs = @options[:max_num_refs]
  return '' if row['references'].nil? || num_refs == 0
  
  refs =  row['references'].split(', ')[0..num_refs]
  refs[num_refs] = '...' if refs.count > num_refs
  "\nSources:\n#{refs.map { |r| " - #{r}" }.join("\n")}\n"
end

#get_short_summary(row) ⇒ Object

Generates a short summary for a vulnerability.

- +row+ -  CSV row containing vulnerability data.

• Returns :

  • String containing a short summary of the vulnerability.

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 124

def get_short_summary(row)
  summary = row['solutions'].to_s
  delimiter = summary.index('|')
  return summary[summary.index(':')+1...delimiter].strip if delimiter
  summary.length <= 100 ? summary : summary[0...100]
end

#get_solutions(row) ⇒ Object

Formats the solutions for a vulnerability in a format suitable to be inserted into a ticket.

- +row+ -  CSV row containing vulnerability data.

• Returns :

  • String formatted with solution information.

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 138

def get_solutions(row)
  row['solutions'].to_s.gsub('|', "\n").gsub('~', "\n--\n")
end

#get_title(row) ⇒ Object

Returns the ticket’s title

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 22

def get_title(row)
  "#{nil} => #{nil}"
end

#get_vuln_info(row) ⇒ Object

Formats the row data to be inserted into a ‘D’ or ‘I’ mode ticket description.

- +row+ -  CSV row containing vulnerability data.

• Returns :

  • String formatted with vulnerability data.

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 94

def get_vuln_info(row)
  ticket = get_header(row)
  ticket << get_discovery_info(row)
  ticket << get_references(row)
  ticket << "\n#{get_solutions(row)}"
  ticket.gsub("\n", "\n ")
end

#load_queries ⇒ Object

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 57

def load_queries
  file_name = "#{self.class.to_s.downcase}_queries.rb"
  file_path = File.join(File.dirname(__FILE__), "../queries/#{file_name}")
  @queries = []

  @queries << YAML.load_file(file_path)
end

#print_description(description) ⇒ Object

Converts the ticket description object into a formatted string

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 42

def print_description(description)
  ''
end

#truncate_title(title) ⇒ Object

Cuts the title down to size specified in config, if necessary

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 47

def truncate_title(title)
  return title if title.length <= @options[:max_title_length]
  "#{title[0, @options[:max_title_length]-3]}..."
end

#update_description(description, row) ⇒ Object

Updates the ticket description based on row data

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 37

def update_description(description, row)
  description
end

#updates_supported? ⇒ Boolean

True if this mode supports ticket updates

# File 'lib/nexpose_ticketing/modes/base_mode.rb', line 12

def updates_supported?
  true
end