more reference tags, fixes issue #268

lib/common/models/vulnerability.rb

@@ -5,24 +5,20 @@ require 'vulnerability/output'
 class Vulnerability
   include Vulnerability::Output
 
-  attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules, :cve
+  attr_accessor :title, :references, :type, :fixed_in
 
   #
   # @param [ String ] title The title of the vulnerability
   # @param [ String ] type  The type of the vulnerability
-  # @param [ Array ] references References urls
-  # @param [ Array ] metasploit_modules Metasploit modules for the vulnerability
+  # @param [ Hash ] references References
   # @param [ String ] fixed_in  Vuln fixed in Version X
-  # @param [ Array ] cve CVE numbers for the vulnerability
   #
   # @return [ Vulnerability ]
-  def initialize(title, type, references, metasploit_modules = [], fixed_in = '', cve = [])
+  def initialize(title, type, references = {}, fixed_in = '')
     @title              = title
     @type               = type
     @references         = references
-    @metasploit_modules = metasploit_modules
     @fixed_in           = fixed_in
-    @cve                = cve
   end
 
   # @param [ Vulnerability ] other
@@ -33,9 +29,7 @@ class Vulnerability
     title == other.title &&
         type == other.type &&
         references == other.references &&
-        fixed_in == other.fixed_in &&
-        cve == other.cve &&
-        metasploit_modules == other.metasploit_modules
+        fixed_in == other.fixed_in
   end
   # :nocov:
 
@@ -45,13 +39,21 @@ class Vulnerability
   #
   # @return [ Vulnerability ]
   def self.load_from_xml_node(xml_node)
+		references = {}
+		refs = xml_node.search('references')
+		if refs
+			references[:url] = refs.search('url').map(&:text)
+			references[:cve] = refs.search('cve').map(&:text)
+			references[:secunia] = refs.search('secunia').map(&:text)
+			references[:osvdb] = refs.search('osvdb').map(&:text)
+			references[:metasploit] = refs.search('metasploit').map(&:text)
+			references[:exploitdb] = refs.search('exploitdb').map(&:text)
+		end
     new(
       xml_node.search('title').text,
       xml_node.search('type').text,
-      xml_node.search('reference').map(&:text),
-      xml_node.search('metasploit').map(&:text),
+      references,
       xml_node.search('fixed_in').text,
-      xml_node.search('cve').map(&:text)
     )
   end
 

lib/common/models/vulnerability/output.rb

@@ -7,16 +7,28 @@ class Vulnerability
     def output
       puts ' |'
       puts ' | ' + red("* Title: #{title}")
-      references.each do |r|
-        puts ' | ' + red("* Reference: #{r}")
-      end
-      cve.each do |c|
-        puts ' | ' + red("* CVE-#{c} - #{Output.cve_url(c)}")
-      end
-      metasploit_modules.each do |m|
-        puts ' | ' + red("* Metasploit module: #{Output.metasploit_module_url(m)}")
-      end
-    end
+      references.each do |key, urls|
+				urls.each do |u|
+					case(key)
+					when :url
+						url = u
+					when :metasploit
+						url = Output.metasploit_module_url(u)
+					when :secunia
+						url = Output.secunia_url(u)
+					when :osvdb
+						url = Output.osvdb_url(u)
+					when :cve
+						url = Output.cve_url(u)
+					when :exploitdb
+						url = Output.exploitdb_url(u)
+					else
+						url = u
+					end
+					puts ' | ' + red("* Reference: #{url}") if url
+				end
+			end
+		end
 
     # @return [ String ] The url to the metasploit module page
     def self.metasploit_module_url(module_path)
@@ -27,7 +39,19 @@ class Vulnerability
 
     def self.cve_url(cve)
       "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{cve}"
-    end
+		end
+
+		def self.osvdb_url(id)
+			"http://osvdb.org/#{id}"
+		end
+
+		def self.secunia_url(id)
+			"http://secunia.com/advisories/#{id}"
+		end
+
+		def self.exploitdb_url(id)
+			"http://www.exploit-db.com/exploits/#{id}/"
+		end
 
   end
 end