class Nexpose::AdhocReportConfig
Definition object for an adhoc report configuration.
NOTE: XML
reports only return the text of the report, but no images.
Attributes
Baseline comparison highlights the changes between two scans, including newly discovered assets, services and vulnerabilities, assets and services that are no longer available and vulnerabilities that were mitigated or fixed. The current scan results can be compared against the results of the first scan, the most recent (previous) scan, or the scan results from a particular date.
Array of filters associated with this report.
Format. One of: pdf|html|rtf|xml|text|csv|db|raw-xml|raw-xml-v2|ns-xml|qualys-xml
The ID of the report template used.
Public Class Methods
# File lib/nexpose/report.rb, line 195 def initialize(template_id, format, site_id = nil, owner = nil, time_zone = nil) @template_id = template_id @format = format @owner = owner @time_zone = time_zone @filters = [] @filters << Filter.new('site', site_id) if site_id end
Public Instance Methods
Add the common vulnerability status filters as used by the UI for export and jasper report templates (the default filters). Recommended for reports that do not require 'not vulnerable' results to be included. The following statuses are added: vulnerable-exploted, vulnerable-version, and potential.
# File lib/nexpose/report.rb, line 214 def add_common_vuln_status_filters ['vulnerable-exploited', 'vulnerable-version', 'potential'].each do |vuln_status| filters << Filter.new('vuln-status', vuln_status) end end
Add a new filter to this report configuration.
# File lib/nexpose/report.rb, line 206 def add_filter(type, id) filters << Filter.new(type, id) end
Generate a report once using a simple configuration.
For XML-based reports, only the textual report is returned and not any images.
@param [Connection] connection Nexpose
connection. @param [Fixnum] timeout How long, in seconds, to wait for the report to
generate. Larger reports can take a significant amount of time.
@param [Boolean] raw Whether to bypass response parsing an use the raw
response. If this option is used, error will only be exposed by examining Connection#response_xml.
@return Report in text format except for PDF, which returns binary data.
# File lib/nexpose/report.rb, line 247 def generate(connection, timeout = 300, raw = false) xml = %(<ReportAdhocGenerateRequest session-id="#{connection.session_id}">) xml << to_xml xml << '</ReportAdhocGenerateRequest>' response = connection.execute(xml, '1.1', timeout: timeout, raw: raw) if response.success content_type_response = response.raw_response.header['Content-Type'] if content_type_response =~ /multipart\/mixed;\s*boundary=([^\s]+)/ # Nexpose sends an incorrect boundary format which breaks parsing # e.g., boundary=XXX; charset=XXX # Fix by removing everything from the last semi-colon onward. last_semi_colon_index = content_type_response.index(/;/, content_type_response.index(/boundary/)) content_type_response = content_type_response[0, last_semi_colon_index] data = 'Content-Type: ' + content_type_response + "\r\n\r\n" + response.raw_response_data doc = Rexlite::MIME::Message.new(data) doc.parts.each do |part| if /.*base64.*/ =~ part.header.to_s if @format =~ /(?:ht|x)ml/ if part.header.to_s =~ %r(text/xml) return part.content.unpack('m*')[0].to_s elsif part.header.to_s =~ %r(text/html) return part.content.unpack('m*')[0].to_s end else # text|pdf|csv|rtf return part.content.unpack('m*')[0] end end end end end end
# File lib/nexpose/report.rb, line 220 def to_xml xml = %(<AdhocReportConfig format="#{@format}" template-id="#{@template_id}") xml << %( owner="#{@owner}") if @owner xml << %( timezone="#{@time_zone}") if @time_zone xml << %( language="#{@language}") if @language xml << '>' xml << '<Filters>' @filters.each { |filter| xml << filter.to_xml } xml << '</Filters>' xml << %(<Baseline compareTo="#{@baseline}"/>) if @baseline xml << '</AdhocReportConfig>' end