Closed emory closed 12 years ago
If you take a look at the technical_findings template there is a references loop at the bottom. You can pull the cve off the plugin -> references link; then the cve for that finding.
You just need to grab the cve from the references table for that plugin. Let me know if that helps.
I might be able to add an accessor for this in the new version.
-Jacob
Jacob Hammack Jacob.Hammack@Hammackj.com (210) 355-0036 http://www.hammackj.com
On Jan 15, 2012, at 9:45 AM, emory wrote:
Are any of you listing CVE in your summary reports?
I'm trying to make a template to generate a summary that contains:
{for each High finding} $PluginID(www), $CVE(www) $SummaryDescriptionOfFinding $listofhosts Medium severity findings: {for each Medium finding} $PluginID(www), $CVE(www) $SummaryDescriptionOfFinding $listofhosts``` --- Reply to this email directly or view it on GitHub: https://github.com/hammackj/risu/issues/49
I lack the skill/know-how to pull only the CVE from the References. I'm going to be "thinking out loud" a bit, if you don't mind teaching someone.
In the template you mention (technical_findings) I see this section:
references.each do |ref|
ref_text = sprintf "%s: %s\n", ref.reference_name, ref.value
output.text ref_text
end
To a novice like myself this looks like it will return whatever is in the database as being a relevant match in the references table.
A sample of that data looks like this when it's a CVE entry:
INSERT INTO "references" VALUES(35203,10114,'cve','CVE-1999-0524');
If I wanted it to be a hyperlink'ed CVE entry in my summary report template, I would want the URL to be:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0524
The schema for that references table is like:
CREATE TABLE "references" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,\
"plugin_id" integer, "reference_name" varchar(255), "value" varchar(255));
I think my question is: How can I create something like a f.CVE_id
from the reference_name
and the associated value, when reference_name
matches cve
so that I can then write a loop like this:
output.text "\nCVE:", :style => :bold
http://cve.mitre.org/cgi-bin/cvename.cgi?name=#{f.CVE_id}"
Sorry for being That Guy™. Any assistance would be appreciated.
v1.5 has a fix for this. You can do something like this. You can access the references from any Plugin object. Anything that is a reference has an accessor that will return the list, you can then enumerate that for each one.
>> Item.find_by_id(44).plugin.references.cwe.first
=> #<Risu::Models::Reference id: 595, plugin_id: 26928, reference_name: "cwe", value: "327">
I use this function to build a ',' list of each reference, an example of usage is in the template 'stig_summary_findings'
def ref_string ref
return "" if ref == nil
ref_string = ""
ref.each do |r|
ref_string << r.value + ", "
end
ref_string.chomp!(", ")
end
Let me know if you have any questions.
Are any of you listing CVE in your summary reports?
I'm trying to make a template to generate a summary that contains: