search

hammackj / risu

Risu is Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
http://hammackj.github.io/risu
MIT License
63 stars 20 forks source link

How to best present and reference a finding's CVE in a template? #49

Closed emory closed 12 years ago

emory commented 12 years ago

Are any of you listing CVE in your summary reports?

I'm trying to make a template to generate a summary that contains:

 High severity findings:

 {for each High finding}
     $PluginID(www), $CVE(www)
     $SummaryDescriptionOfFinding

     $listofhosts

 Medium severity findings:

 {for each Medium finding}
     $PluginID(www), $CVE(www)
     $SummaryDescriptionOfFinding

     $listofhosts
hammackj commented 12 years ago

If you take a look at the technical_findings template there is a references loop at the bottom. You can pull the cve off the plugin -> references link; then the cve for that finding.

You just need to grab the cve from the references table for that plugin. Let me know if that helps.

I might be able to add an accessor for this in the new version.

-Jacob

Jacob Hammack Jacob.Hammack@Hammackj.com (210) 355-0036 http://www.hammackj.com

On Jan 15, 2012, at 9:45 AM, emory wrote:

Are any of you listing CVE in your summary reports?

I'm trying to make a template to generate a summary that contains:



{for each High finding}
   $PluginID(www), $CVE(www)
   $SummaryDescriptionOfFinding

   $listofhosts

Medium severity findings:

{for each Medium finding}
   $PluginID(www), $CVE(www)
   $SummaryDescriptionOfFinding

   $listofhosts```

---

Reply to this email directly or view it on GitHub:
https://github.com/hammackj/risu/issues/49
emory commented 12 years ago

I lack the skill/know-how to pull only the CVE from the References. I'm going to be "thinking out loud" a bit, if you don't mind teaching someone.

In the template you mention (technical_findings) I see this section:

references.each do |ref|
     ref_text = sprintf "%s: %s\n", ref.reference_name, ref.value
     output.text ref_text
end

To a novice like myself this looks like it will return whatever is in the database as being a relevant match in the references table.

A sample of that data looks like this when it's a CVE entry:

INSERT INTO "references" VALUES(35203,10114,'cve','CVE-1999-0524');

If I wanted it to be a hyperlink'ed CVE entry in my summary report template, I would want the URL to be:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0524

The schema for that references table is like:

CREATE TABLE "references" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,\
"plugin_id" integer, "reference_name" varchar(255), "value" varchar(255));

I think my question is: How can I create something like a f.CVE_id from the reference_name and the associated value, when reference_name matches cve so that I can then write a loop like this:

 output.text "\nCVE:", :style => :bold
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=#{f.CVE_id}"

Sorry for being That Guy™. Any assistance would be appreciated.

hammackj commented 12 years ago

v1.5 has a fix for this. You can do something like this. You can access the references from any Plugin object. Anything that is a reference has an accessor that will return the list, you can then enumerate that for each one.

>> Item.find_by_id(44).plugin.references.cwe.first
=> #<Risu::Models::Reference id: 595, plugin_id: 26928, reference_name: "cwe", value: "327">

I use this function to build a ',' list of each reference, an example of usage is in the template 'stig_summary_findings'

            def ref_string ref
                return "" if ref == nil

                ref_string = ""
                ref.each do |r|
                    ref_string << r.value + ", "
                end

                ref_string.chomp!(", ")
            end

Let me know if you have any questions.