Merge pull request #55 from kkohli-r7/ivan

Support for tags

lib/nexpose.rb

@@ -81,6 +81,8 @@
 require 'nexpose/silo'
 require 'nexpose/silo_profile'
 require 'nexpose/site'
+require 'nexpose/tag'
+require 'nexpose/tag/criteria'
 require 'nexpose/ticket'
 require 'nexpose/user'
 require 'nexpose/vuln'

lib/nexpose/ajax.rb

@@ -10,14 +10,20 @@ module Nexpose
   module AJAX
     module_function
 
+    module CONTENT_TYPE
+      XML = 'text/xml; charset=UTF-8'
+      JSON = 'application/json; charset-utf-8'
+      FORM = 'application/x-www-form-urlencoded; charset=UTF-8'
+    end
+
     # GET call to a Nexpose controller.
     #
     # @param [Connection] nsc API connection to a Nexpose console.
     # @param [String] uri Controller address relative to https://host:port
     # @param [String] content_type Content type to use when issuing the GET.
     # @return [String|REXML::Document|Hash] The response from the call.
     #
-    def get(nsc, uri, content_type = 'text/xml; charset=UTF-8')
+    def get(nsc, uri, content_type = CONTENT_TYPE::XML)
       get = Net::HTTP::Get.new(uri)
       get.set_content_type(content_type)
       _request(nsc, get)
@@ -31,7 +37,7 @@ def get(nsc, uri, content_type = 'text/xml; charset=UTF-8')
     # @param [String] content_type Content type to use when issuing the PUT.
     # @return [String] The response from the call.
     #
-    def put(nsc, uri, payload = nil, content_type = 'text/xml; charset=UTF-8')
+    def put(nsc, uri, payload = nil, content_type = CONTENT_TYPE::XML)
       put = Net::HTTP::Put.new(uri)
       put.set_content_type(content_type)
       put.body = payload.to_s if payload
@@ -46,13 +52,28 @@ def put(nsc, uri, payload = nil, content_type = 'text/xml; charset=UTF-8')
     # @param [String] content_type Content type to use when issuing the POST.
     # @return [String|REXML::Document|Hash] The response from the call.
     #
-    def post(nsc, uri, payload = nil, content_type = 'text/xml')
+    def post(nsc, uri, payload = nil, content_type = CONTENT_TYPE::XML)
       post = Net::HTTP::Post.new(uri)
       post.set_content_type(content_type)
       post.body = payload.to_s if payload
       _request(nsc, post)
     end
 
+    # PATCH call to a Nexpose controller.
+    #
+    # @param [Connection] nsc API connection to a Nexpose console.
+    # @param [String] uri Controller address relative to https://host:port
+    # @param [String|REXML::Document] payload XML document required by the call.
+    # @param [String] content_type Content type to use when issuing the PATCH.
+    # @return [String] The response from the call.
+    #
+    def patch(nsc, uri, payload = nil, content_type = CONTENT_TYPE::XML)
+      patch = Net::HTTP::Patch.new(uri)
+      patch.set_content_type(content_type)
+      patch.body = payload.to_s if payload
+      _request(nsc, patch)
+    end
+
     # POST call to a Nexpose controller that uses a form-post model.
     # This is here to support legacy use of POST in old controllers.
     #
@@ -63,7 +84,7 @@ def post(nsc, uri, payload = nil, content_type = 'text/xml')
     # @param [String] content_type Content type to use when issuing the POST.
     # @return [Hash] The parsed JSON response from the call.
     #
-    def form_post(nsc, uri, parameters, content_type = 'application/x-www-form-urlencoded; charset=UTF-8')
+    def form_post(nsc, uri, parameters, content_type = CONTENT_TYPE::FORM)
       post = Net::HTTP::Post.new(uri)
       post.set_content_type(content_type)
       post.set_form_data(parameters)
@@ -75,7 +96,7 @@ def form_post(nsc, uri, parameters, content_type = 'application/x-www-form-urlen
     # @param [Connection] nsc API connection to a Nexpose console.
     # @param [String] uri Controller address relative to https://host:port
     # @param [String] content_type Content type to use when issuing the DELETE.
-    def delete(nsc, uri, content_type = 'text/xml')
+    def delete(nsc, uri, content_type = CONTENT_TYPE::XML)
       delete = Net::HTTP::Delete.new(uri)
       delete.set_content_type(content_type)
       _request(nsc, delete)

lib/nexpose/dag.rb

@@ -33,7 +33,7 @@ def save(nsc)
       @users.reject! { |id| admins.member? id }
       params = @id ? { 'entityid' => @id, 'mode' => 'edit' } : { 'entityid' => false, 'mode' => false } 
       uri = AJAX.parametrize_uri('/data/assetGroup/saveAssetGroup', params)
-      data = JSON.parse(AJAX.post(nsc, uri, _to_entity_details, 'application/json; charset-utf-8'))
+      data = JSON.parse(AJAX.post(nsc, uri, _to_entity_details, AJAX::CONTENT_TYPE::JSON))
       data['response'] == 'success.'
     end
 

lib/nexpose/filter.rb

@@ -134,6 +134,19 @@ module Field
       # Valid Operators: CONTAINS, NOT_CONTAINS
       SOFTWARE = 'SOFTWARE'
 
+      # Valid Operators: IS, IS_NOT, GREATER_THAN, LESS_THAN, IS_APPLIED, IS_NOT_APPLIED
+      # Valid Values: VERY_HIGH, HIGH, NORMAL, LOW, VERY_LOW
+      USER_ADDED_CRITICALITY_LEVEL = 'TAG_CRITICALITY'
+
+      # Valid Operators: IS, IS_NOT, STARTS_WITH, ENDS_WITH, IS_APPLIED, IS_NOT_APPLIED, CONTAINS, NOT_CONTAINS
+      USER_ADDED_CUSTOM_TAG = 'TAG'
+
+      # Valid Operators: IS, IS_NOT, STARTS_WITH, ENDS_WITH, IS_APPLIED, IS_NOT_APPLIED, CONTAINS, NOT_CONTAINS
+      USER_ADDED_TAG_LOCATION = 'TAG_LOCATION'
+
+      # Valid Operators: IS, IS_NOT, STARTS_WITH, ENDS_WITH, IS_APPLIED, IS_NOT_APPLIED, CONTAINS, NOT_CONTAINS
+      USER_ADDED_TAG_OWNER = 'TAG_OWNER'
+
       # Valid Operators: ARE
       # Valid Values: PRESENT, NOT_PRESENT
       VALIDATED_VULNERABILITIES = 'VULNERABILITY_VALIDATED_STATUS'
@@ -171,6 +184,8 @@ module Operator
       IS_NOT_EMPTY = 'IS_NOT_EMPTY'
       INCLUDE = 'INCLUDE'
       DO_NOT_INCLUDE = 'DO_NOT_INCLUDE'
+      IS_APPLIED = 'IS_APPLIED'
+      IS_NOT_APPLIED = 'IS_NOT_APPLIED'
     end
 
     # Specialized values used by certain search fields

lib/nexpose/group.rb

@@ -63,7 +63,7 @@ def delete(connection)
   class AssetGroup < AssetGroupSummary
     include Sanitize
 
-    attr_accessor :name, :description, :id
+    attr_accessor :name, :description, :id , :tags
 
     # Array[Device] of devices associated with this asset group.
     attr_accessor :assets
@@ -73,6 +73,7 @@ class AssetGroup < AssetGroupSummary
     def initialize(name, desc, id = -1, risk = 0.0)
       @name, @description, @id, @risk_score = name, desc, id, risk
       @assets = []
+      @tags = []
     end
 
     def save(connection)
@@ -98,6 +99,11 @@ def to_xml
         xml << %(<device id="#{asset.id}"/>)
       end
       xml << '</Devices>'
+      xml << '<Tags>'
+      @tags.each do |tag|
+        xml << tag.as_xml.to_s
+      end
+      xml << '</Tags>'
       xml << '</AssetGroup>'
     end
 
@@ -133,7 +139,6 @@ def self.load(connection, id)
 
     def self.parse(xml)
       return nil unless xml
-
       group = REXML::XPath.first(xml, 'AssetGroupConfigResponse/AssetGroup')
       asset_group = new(group.attributes['name'],
                         group.attributes['description'],
@@ -146,6 +151,9 @@ def self.parse(xml)
                                          dev.attributes['riskfactor'].to_f,
                                          dev.attributes['riskscore'].to_f)
       end
+      group.elements.each('Tags/Tag') do |tag|
+        asset_group.tags << TagSummary.parse_xml(tag)
+      end
       asset_group
     end
   end

lib/nexpose/site.rb

@@ -128,6 +128,9 @@ class Site
     # Modifying their behavior through the API is not recommended.
     attr_accessor :is_dynamic
 
+    # [Array[TagSummary]] Collection of TagSummary
+    attr_accessor :tags
+
     # Site constructor. Both arguments are optional.
     #
     # @param [String] name Unique name of the site.
@@ -146,6 +149,7 @@ def initialize(name = nil, scan_template = 'full-audit')
       @alerts = []
       @exclude = []
       @users = []
+      @tags = []
     end
 
     # Returns true when the site is dynamic.
@@ -309,6 +313,11 @@ def as_xml
       elem.add_element(sched)
       xml.add_element(elem)
 
+      unless tags.empty?
+        tag_xml = xml.add_element(REXML::Element.new('Tags'))
+        @tags.each { |tag| tag_xml.add_element(tag.as_xml) }
+      end
+
       xml
     end
 
@@ -370,6 +379,10 @@ def self.parse(rexml)
           site.alerts << Alert.parse(alert)
         end
 
+        s.elements.each('Tags/Tag') do |tag|
+          site.tags << TagSummary.parse_xml(tag)
+        end
+
         return site
       end
       nil