added cve tag to xml file

2013-08-23 14:02:09 +02:00
parent 55089646c2
commit 1f5cb4b0a0
7 changed files with 126 additions and 52 deletions
--- a/lib/common/models/vulnerability.rb
+++ b/lib/common/models/vulnerability.rb
@@ -5,22 +5,24 @@ require 'vulnerability/output'
 class Vulnerability
  include Vulnerability::Output

-  attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules
+  attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules, :cve

  #
  # @param [ String ] title The title of the vulnerability
  # @param [ String ] type  The type of the vulnerability
  # @param [ Array ] references References urls
  # @param [ Array ] metasploit_modules Metasploit modules for the vulnerability
-	# @param [ String ] fixed_in  Vuln fixed in Version X
+  # @param [ String ] fixed_in  Vuln fixed in Version X
+  # @param [ Array ] cve CVE numbers for the vulnerability
  #
  # @return [ Vulnerability ]
-  def initialize(title, type, references, metasploit_modules = [], fixed_in = '')
+  def initialize(title, type, references, metasploit_modules = [], fixed_in = '', cve = [])
    @title              = title
    @type               = type
    @references         = references
    @metasploit_modules = metasploit_modules
-    @fixed_in						= fixed_in
+    @fixed_in           = fixed_in
+    @cve                = cve
  end

  # @param [ Vulnerability ] other
@@ -32,6 +34,7 @@ class Vulnerability
        type == other.type &&
        references == other.references &&
        fixed_in == other.fixed_in &&
+        cve == other.cve &&
        metasploit_modules == other.metasploit_modules
  end
  # :nocov:
@@ -47,7 +50,8 @@ class Vulnerability
      xml_node.search('type').text,
      xml_node.search('reference').map(&:text),
      xml_node.search('metasploit').map(&:text),
-      xml_node.search('fixed_in').text
+      xml_node.search('fixed_in').text,
+      xml_node.search('cve').map(&:text)
    )
  end

--- a/lib/common/models/vulnerability/output.rb
+++ b/lib/common/models/vulnerability/output.rb
@@ -10,6 +10,9 @@ class Vulnerability
      references.each do |r|
        puts ' | ' + red("* Reference: #{r}")
      end
+      cve.each do |c|
+        puts ' | ' + red("* CVE-#{c} - #{Output.cve_url(c)}")
+      end
      metasploit_modules.each do |m|
        puts ' | ' + red("* Metasploit module: #{Output.metasploit_module_url(m)}")
      end
@@ -22,5 +25,9 @@ class Vulnerability
      "http://www.metasploit.com/modules/#{module_path}"
    end

+    def self.cve_url(cve)
+      "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE#{cve}"
+    end
+
  end
 end