class Nexpose::AdhocReportConfig

Definition object for an adhoc report configuration.

NOTE: XML reports only return the text of the report, but no images.

Attributes

baseline[RW]

Baseline comparison highlights the changes between two scans, including newly discovered assets, services and vulnerabilities, assets and services that are no longer available and vulnerabilities that were mitigated or fixed. The current scan results can be compared against the results of the first scan, the most recent (previous) scan, or the scan results from a particular date.

filters[RW]

Array of filters associated with this report.

format[RW]

Format. One of: pdf|html|rtf|xml|text|csv|db|raw-xml|raw-xml-v2|ns-xml|qualys-xml

language[RW]
owner[RW]
template_id[RW]

The ID of the report template used.

time_zone[RW]

Public Class Methods

new(template_id, format, site_id = nil, owner = nil, time_zone = nil) click to toggle source
# File lib/nexpose/report.rb, line 195
def initialize(template_id, format, site_id = nil, owner = nil, time_zone = nil)
  @template_id = template_id
  @format      = format
  @owner       = owner
  @time_zone   = time_zone

  @filters     = []
  @filters << Filter.new('site', site_id) if site_id
end

Public Instance Methods

add_common_vuln_status_filters() click to toggle source

Add the common vulnerability status filters as used by the UI for export and jasper report templates (the default filters). Recommended for reports that do not require 'not vulnerable' results to be included. The following statuses are added: vulnerable-exploted, vulnerable-version, and potential.

# File lib/nexpose/report.rb, line 214
def add_common_vuln_status_filters
  ['vulnerable-exploited', 'vulnerable-version', 'potential'].each do |vuln_status|
    filters << Filter.new('vuln-status', vuln_status)
  end
end
add_filter(type, id) click to toggle source

Add a new filter to this report configuration.

# File lib/nexpose/report.rb, line 206
def add_filter(type, id)
  filters << Filter.new(type, id)
end
generate(connection, timeout = 300, raw = false) click to toggle source

Generate a report once using a simple configuration.

For XML-based reports, only the textual report is returned and not any images.

@param [Connection] connection Nexpose connection. @param [Fixnum] timeout How long, in seconds, to wait for the report to

generate. Larger reports can take a significant amount of time.

@param [Boolean] raw Whether to bypass response parsing an use the raw

response. If this option is used, error will only be exposed by
examining Connection#response_xml.

@return Report in text format except for PDF, which returns binary data.

# File lib/nexpose/report.rb, line 247
def generate(connection, timeout = 300, raw = false)
  xml = %(<ReportAdhocGenerateRequest session-id="#{connection.session_id}">)
  xml << to_xml
  xml << '</ReportAdhocGenerateRequest>'
  response = connection.execute(xml, '1.1', timeout: timeout, raw: raw)
  if response.success
    content_type_response = response.raw_response.header['Content-Type']
    if content_type_response =~ /multipart\/mixed;\s*boundary=([^\s]+)/
      # Nexpose sends an incorrect boundary format which breaks parsing
      # e.g., boundary=XXX; charset=XXX
      # Fix by removing everything from the last semi-colon onward.
      last_semi_colon_index = content_type_response.index(/;/, content_type_response.index(/boundary/))
      content_type_response = content_type_response[0, last_semi_colon_index]

      data = 'Content-Type: ' + content_type_response + "\r\n\r\n" + response.raw_response_data
      doc = Rexlite::MIME::Message.new(data)
      doc.parts.each do |part|
        if /.*base64.*/ =~ part.header.to_s
          if @format =~ /(?:ht|x)ml/
            if part.header.to_s =~ %r(text/xml)
              return part.content.unpack('m*')[0].to_s
            elsif part.header.to_s =~ %r(text/html)
              return part.content.unpack('m*')[0].to_s
            end
          else # text|pdf|csv|rtf
            return part.content.unpack('m*')[0]
          end
        end
      end
    end
  end
end
to_xml() click to toggle source
# File lib/nexpose/report.rb, line 220
def to_xml
  xml = %(<AdhocReportConfig format="#{@format}" template-id="#{@template_id}")
  xml << %( owner="#{@owner}") if @owner
  xml << %( timezone="#{@time_zone}") if @time_zone
  xml << %( language="#{@language}") if @language
  xml << '>'

  xml << '<Filters>'
  @filters.each { |filter| xml << filter.to_xml }
  xml << '</Filters>'

  xml << %(<Baseline compareTo="#{@baseline}"/>) if @baseline
  xml << '</AdhocReportConfig>'
end