Risu is Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
Some fields, like Plugin.exploit_available? is stored as a string in the database. This has led to inconsistent results.
Parsed fields report "true" or "false", but if modified by ActiveRecord (like in the plugin generation for the PostProcess) the field can be set to "1" or "0", respectively. This has caused things to be marked as not having an exploit in the generated report since, in the templates, the value is checked against "true" only.
Recommended Fix: Change the schema to use the built-in ActiveRecord boolean type.
Some fields, like Plugin.exploit_available? is stored as a string in the database. This has led to inconsistent results.
Parsed fields report "true" or "false", but if modified by ActiveRecord (like in the plugin generation for the PostProcess) the field can be set to "1" or "0", respectively. This has caused things to be marked as not having an exploit in the generated report since, in the templates, the value is checked against "true" only.
Recommended Fix: Change the schema to use the built-in ActiveRecord boolean type.