Top Level Namespace

Defined Under Namespace

Modules: DASHPANEL_TYPE, DataMapper, EVENT_TYPE, GEO, LINK_TYPE, NOTIF_CLASS, SECT_TYPE, VULN_PRIORITY, VulnreportAuth Classes: AllocationNotification, AllocationPreset, Application, AuditRecord, Comment, DashConfig, ExportFormat, Flag, Link, MonthlyAllocation, Notification, Organization, RecordType, Salesforce, Section, Setting, Test, User, VRCron, VRDashConfig, VRLinkedObject, VulnType, Vulnerability, Vulnreport

Constant Summary

MONITOR_EVENT_TYPES =

Fill in here as needed for custom alerts - see documentation

[]
NON_RT_DASHPANELS =
[DASHPANEL_TYPE::MYACTIVE,DASHPANEL_TYPE::MY_WNO_TESTS,DASHPANEL_TYPE::MY_PASSED,DASHPANEL_TYPE::MY_FAILED,DASHPANEL_TYPE::MY_ALL,DASHPANEL_TYPE::MY_APPROVALS]
VALID_EMAIL_REGEX =

Regular expression used to check if string is valid email

/\A[\w+\-.]+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i

Instance Method Summary (collapse)

Instance Method Details

- (Object) data_mapper

Copyright © 2016, salesforce.com, inc. All rights reserved. Licensed under the BSD 3-Clause license. For full license text, see LICENSE.txt file in the repo root or opensource.org/licenses/BSD-3-Clause



8
# File 'lib/dataMapperMakeDirty.rb', line 8

require 'data_mapper'

- (Void) finalizeVRDashConfigs(vrdcs)

Finalize the registration process for custom code-based DashConfigs. This function ensures that all custom code-based DashConfigs that have been registered in the past have code files that were registered during init. Any custom code-based DashConfigs whose subclasses were not loaded during this init will be deactivated and users/orgs using them reset to default dashboard.

Parameters:

  • vrdcs (Array)

    Array of unique keys of DashConfigs that have been registered

Returns:

  • (Void)


158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
# File 'lib/funcs.rb', line 158

def finalizeVRDashConfigs(vrdcs)
	toRemove = Array.new
	dcs = DashConfig.all(:customCode => true)
	
	dcs.each do |dc|
		if(!vrdcs.include?(dc.customKey))
			toRemove << dc
		end
	end

	toRemove.each do |dcObj|
		logputs "REMOVING VRDashConfig #{dcObj.name} (key: #{dcObj.customKey}) because code file not registered"
		
		dcObj.active = false
		dcObj.save
		
		Organization.all(dashconfig => dcObj.id).each do |org|
			org.dashconfig = 0
			org.save
		end

		User.all(:dashOverride => dcObj.id).each do |u|
			u.dashOverride = 0
			u.save
		end
	end
end

- (Void) finalizeVRLinkedObjects(vrlos)

Finalize the registration process for custom VRLinkedObjects. This function ensures that any custom linked object used by a RecordType has been registered during this init. If not, that RT is unlinked but no linked IDs of any Applications are removed, so that if the VRLinkedObject is restored they will resume functioning normally.

Parameters:

  • vrlos (Array)

    Array of unique keys of VRLinkedObjects that have been registered

Returns:

  • (Void)


203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
# File 'lib/funcs.rb', line 203

def finalizeVRLinkedObjects(vrlos)
	toRemove = Array.new
	rts = RecordType.all(:isLinked => true)
	
	rts.each do |rt|
		if(!vrlos.include?(rt.linkedObjectKey))
			toRemove << rt.linkedObjectKey
		end
	end

	toRemove.each do |loKey|
		logputs "REMOVING VRLinkedObject (key: #{loKey}) because code file not registered"
		
		RecordType.all(:isLinked => true, :linkedObjectKey => loKey).each do |rt|
			rt.isLinked = false
			rt.save
		end
	end
end

- (String) formatCommas(n)

Given a number, return a string of the number properly formatted with commas

Parameters:

  • n (Integer)

    Number to format with commas

Returns:

  • (String)

    Comma-formatted string representing the number



227
228
229
# File 'lib/funcs.rb', line 227

def formatCommas(n)
	return n.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse
end

- (String) geoToString(geo)

Convert a GEO enum value (integer) to a String representing the geo

Parameters:

  • geo (Fixnum)

    the GEO Enum value

Returns:

  • (String)

    the String representing that geo



255
256
257
258
259
260
261
262
263
264
265
266
# File 'lib/funcs.rb', line 255

def geoToString(geo)
	return "USA" if(geo == GEO::USA)
	return "North America" if(geo == GEO::NA)
	return "Central America" if(geo == GEO::CA)
	return "South America" if(geo == GEO::SA)
	return "Japan" if(geo == GEO::JP)
	return "China" if(geo == GEO::CN)
	return "APAC" if(geo == GEO::APAC)
	return "UK" if(geo == GEO::UK)
	return "EU" if(geo == GEO::EU)
	return "EMEA" if(geo == GEO::EMEA)
end

- (Integer) getPanelRecordsCount(records)

Given the records for a dash panel, count the total number of records including children (which would not be included by .size since children are nested within the parent element)

Parameters:

  • records (Array<Hash>)

    Array of record hashes prepared for dashboard

Returns:

  • (Integer)

    Accurate size count including children



362
363
364
365
366
367
368
369
370
# File 'lib/funcs.rb', line 362

def getPanelRecordsCount(records)
	size = 0
	records.each do |rec|
		size += 1
		size += rec[:children].size if(!rec[:children].nil?)
	end

	return size
end

- (String) getSetting(key)

Get the value of a Setting stored in database

Parameters:

  • key (String)

    Setting key

Returns:

  • (String)

    Setting value



12
13
14
15
16
# File 'lib/funcs.rb', line 12

def getSetting(key)
	s = Setting.first(:setting_key => key)
	return nil if s.nil?
	return s.setting_value
end

- (String) idTo18(id)

Convert a SFDC 15-character (case sensitive) EID to an 18-char (API/case insensitive) EID Important because all API calls return 18-char EIDs (but can take 15 or 18 as input) so we need to make sure the EIDs we store/compare against are consistent

Parameters:

  • id (String)

    15-char EID

Returns:

  • (String)

    converted 18-char EID, or id if id is not 15 characters long



298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
# File 'lib/funcs.rb', line 298

def idTo18(id)
	id = id.strip
	return id if(id.length != 15)

	map = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ012345'
	extra = ''

	id.scan(/.{5}/).each do |chunk|
		bits = []
		
		chunk.scan(/.{1}/).each do |char|
			bits.unshift( (char.to_i == 0 && char != 0 && char.downcase != char) ? 1 : 0)
		end
		
		ind = bits.inject(0) do |ind, bit|
			ind + ind + bit
		end

		extra += map[ind..ind]
	end

	return id + extra
end

- (Boolean) isValidEmail?(e)

Check if string is a valid email address

Uses: VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i

Parameters:

  • e (String)

    String to check

Returns:

  • (Boolean)

    true if e is a valid email address, false otherwise



352
353
354
# File 'lib/funcs.rb', line 352

def isValidEmail?(e)
	return !(e =~ VALID_EMAIL_REGEX).nil?
end

- (AuditRecord) logAudit(event, targetType, target, blob = nil, uid = session[:uid])

Shortcut to log a basic audit record for the active user

Parameters:

  • event (EVENT_TYPE)

    Type of event

  • uid (Integer) (defaults to: session[:uid])

    User ID of actor

  • targetType (LINK_TYPE)

    Type of target

  • target (String)

    EID of target

Returns:



50
51
52
53
54
55
56
# File 'lib/funcs.rb', line 50

def logAudit(event, targetType, target, blob=nil, uid=session[:uid])
	if(blob.nil?)
		return AuditRecord.create(:event_at => DateTime.now, :event_type => event, :actor => uid, :target_a_type => targetType, :target_a => target.to_s)
	else
		return AuditRecord.create(:event_at => DateTime.now, :event_type => event, :actor => uid, :target_a_type => targetType, :target_a => target.to_s, :blob => blob.to_json)
	end
end

- (Object) logputs(str)

Output a log string with the time and date prepended

Parameters:

  • str (String)

    Text to output to log



36
37
38
39
40
41
# File 'lib/funcs.rb', line 36

def logputs(str)
	str == "" if(str.nil?)

	dstr = Time.now.strftime("[%d/%b/%Y %H:%M:%S] ")
	puts dstr + str
end

- (String) panelTypeToString(pt)

Convert a DASHPANEL_TYPE enum value (integer) to a String representing the panel type

Parameters:

Returns:

  • (String)

    the String representing that panel type



272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
# File 'lib/funcs.rb', line 272

def panelTypeToString(pt)
	return "My Active Reviews (All)" if (pt == DASHPANEL_TYPE::MYACTIVE)
	return "My Active Reviews (Type)" if (pt == DASHPANEL_TYPE::MYACTIVE_RT)
	return "My New Reviews (All)" if (pt == DASHPANEL_TYPE::MY_WNO_TESTS)
	return "My New Reviews (Type)" if (pt == DASHPANEL_TYPE::MY_WNO_TESTS_RT)
	return "In-Progress Reviews" if (pt == DASHPANEL_TYPE::STATUS_NEW_AND_INPROG)
	return "Passed Reviews" if (pt == DASHPANEL_TYPE::STATUS_PASSED)
	return "Failed Reviews" if (pt == DASHPANEL_TYPE::STATUS_FAILED)
	return "Closed Reviews" if (pt == DASHPANEL_TYPE::STATUS_CLOSED)
	return "All Reviews" if (pt == DASHPANEL_TYPE::ALL_APPS)
	return "New Reviews (No Tests)" if (pt == DASHPANEL_TYPE::APPS_WNO_TESTS)
	return "My Passed Reviews" if (pt == DASHPANEL_TYPE::MY_PASSED)
	return "My Failed Reviews" if (pt == DASHPANEL_TYPE::MY_FAILED)
	return "My Completed (All) Reviews" if (pt == DASHPANEL_TYPE::MY_ALL)
	return "Pending Approvals (All)" if (pt == DASHPANEL_TYPE::MY_APPROVALS)
	return "Pending Approvals (Type)" if (pt == DASHPANEL_TYPE::MY_APPROVALS_RT)

	return "UNK"
end

- (Object) pony

Copyright © 2016, salesforce.com, inc. All rights reserved. Licensed under the BSD 3-Clause license. For full license text, see LICENSE.txt file in the repo root or opensource.org/licenses/BSD-3-Clause



8
# File 'crons/allocation_preset.rb', line 8

require 'pony'

- (Boolean) registerVRCron(cron, scheduler, enabled = true)

Register a cron job with the Vulnreport scheduler instance create the appropriate Redis keys for Vulnreport cronjob admin/management and tracking functions.

Parameters:

  • cron (VRCron)

    The subclass of VRCron being registered as a VR cronjob

  • scheduler (Rufus::Scheduler)

    The Scheduler instance Vulnreport is using

  • enabled (Boolean) (defaults to: true)

    Whether this cronjob should be registered as enabled. False in dev environment.

Returns:

  • (Boolean)

    True if registration was successful, false otherwise



65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/funcs.rb', line 65

def registerVRCron(cron, scheduler, enabled=true)
	logputs "VRCron Registered: #{cron.vrcron_name}"

	if(cron.vrcron_type.nil? || cron.vrcron_schedule.nil?)
		logputs "\tCron has no type or no schedule, SKIPPING REGISTRATION"
		Rollbar.error("Cron registered with no type or schedule", {:CronName => cron.vrcron_name})
		return false
	elsif(!cron.respond_to?(:cron))
		logputs "\tCron has no cron method, SKIPPING REGISTRATION"
		Rollbar.error("Cron registered with no cron method", {:CronName => cron.vrcron_name})
		return false
	else
		logputs "\tType: #{cron.vrcron_type}, Schedule: #{cron.vrcron_schedule}"
		
		if(cron.vrcron_type == :every && enabled)
			scheduler.every(cron.vrcron_schedule) do
				begin
					cron.cron()
				rescue => e
					Rollbar.error(e, "#{cron.vrcron_name} Cron Job Failure")
				end
			end

			return true
		elsif(cron.vrcron_type == :cron && enabled)
			scheduler.cron(cron.vrcron_schedule) do
				begin
					cron.cron()
				rescue => e
					Rollbar.error(e, "#{cron.vrcron_name} Cron Job Failure")
				end
			end

			return true
		elsif(!enabled)
			logputs "\tCron registered as not enabled, did not schedule"
		else
			logputs "\t\tInvalid type, SKIPPING REGISTRATION"
			Rollbar.error("Cron registered invalid type", {:CronName => cron.vrcron_name, :CronType => cron.vrcron_type})
			return false
		end
	end
end

- (Boolean) registerVRDashConfig(dc)

Register a custom code-based DashConfig with Vulnreport and, if needed, create the appropriate database entries for a new DashConfig object.

Parameters:

Returns:

  • (Boolean)

    True if registration was successful, false otherwise



114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# File 'lib/funcs.rb', line 114

def registerVRDashConfig(dc)
	logputs "VRDashConfig Registered: #{dc.vrdash_name} (key: #{dc.vrdash_key})"

	dcObj = DashConfig.first(:customKey => dc.vrdash_key.to_s)
	if(!dcObj.nil?)
		logputs "\tVRDashConfig #{dc.vrdash_name} (key: #{dc.vrdash_key}) already exists as ID #{dcObj.id}"
		# Check for any new settings
		curSettingKeys = dcObj.getSettingsForDash.keys
		
		dc.vrdash_settings.keys.each do |k|
			if(!curSettingKeys.include?(k))
				logputs "\t\tVRDashConfig #{dc.vrdash_name} (key: #{dc.vrdash_key}) has new setting (#{k.to_s})"
				dcObj.customSettings[k] = {:name => dc.vrdash_settings[k][:name], :val => dc.vrdash_settings[k][:default]}
				dcObj.make_dirty(:customSettings)
			end
		end

		dcObj.save
	else
		logputs "\tCreating VRDashConfig #{dc.vrdash_name} (key: #{dc.vrdash_key})"
		dcObj = DashConfig.create(:name => dc.vrdash_name, :active => false, :customCode => true, :customKey => dc.vrdash_key)
		logputs "\t\tCreated DC ID #{dcObj.id}"
		settingsHash = Hash.new
		
		dc.vrdash_settings.keys.each do |k|	
			settingsHash[k] = {:name => dc.vrdash_settings[k][:name], :val => dc.vrdash_settings[k][:default]}
		end
		
		dcObj.customSettings = settingsHash
		dcObj.make_dirty(:customSettings)

		dcObj.save
	end

	return true
end

- (Boolean) registerVRLinkedObject(lo)

Register a custom VRLinkedObject with Vulnreport.

Parameters:

Returns:

  • (Boolean)

    True if registration was successful, false otherwise



190
191
192
193
194
# File 'lib/funcs.rb', line 190

def registerVRLinkedObject(lo)
	logputs "VRLinkedObject Registered: #{lo.vrlo_name} (key: #{lo.vrlo_key})"

	return true
end

- (String) report_html(tid)

Generate the HTML for Test's export report

Parameters:

  • tid (Integer)

    ID of Test to generate report for

Returns:

  • (String)

    HTML



326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
# File 'lib/funcs.rb', line 326

def report_html(tid)
	@test = Test.get(tid)
	@app = @test.application

	rt = RecordType.get(@app.record_type)

	if(rt.exportFormat.nil? || rt.exportFormat == 0)
		f = File.open("exportTemplates/default.erb", "rb")
		renderer = ERB.new(f.read)
		return renderer.result(binding)
	else
		ef = ExportFormat.get(rt.exportFormat)
		f = File.open("exportTemplates/" + ef.filename + ".erb", "rb")
		renderer = ERB.new(f.read)
		return renderer.result(binding)
	end
end

- (Object) rubygems

Copyright © 2016, salesforce.com, inc. All rights reserved. Licensed under the BSD 3-Clause license. For full license text, see LICENSE.txt file in the repo root or opensource.org/licenses/BSD-3-Clause



8
# File 'web.rb', line 8

require 'rubygems'

- (Object) savon

Copyright © 2016, salesforce.com, inc. All rights reserved. Licensed under the BSD 3-Clause license. For full license text, see LICENSE.txt file in the repo root or opensource.org/licenses/BSD-3-Clause



8
# File 'lib/salesforce.rb', line 8

require 'savon'

- (Boolean) setSetting(key, value)

Set the value of a Setting. Create if none exists

Parameters:

  • key (String)

    Setting key

  • value (String)

    new/initial Setting value

Returns:

  • (Boolean)

    success



23
24
25
26
27
28
29
30
31
# File 'lib/funcs.rb', line 23

def setSetting(key, value)
	s = Setting.first(:setting_key => key)
	if(s.nil?)
		s = Setting.create(:setting_key => key)
	end

	s.setting_value = value
	return s.save
end

- (String) vulnPriorityToString(level, rtid = nil)

Convert a Vulnerability Priority ENUM value (integer) to a String representing the priority

Parameters:

Returns:

  • (String)

    the String representing that priority



235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
# File 'lib/funcs.rb', line 235

def vulnPriorityToString(level, rtid=nil)
	rt = nil
	rt = RecordType.get(rtid) unless rtid.nil?

	if(rtid.nil? || rt.nil?)
		return "Critical" if (level == VULN_PRIORITY::CRITICAL)
		return "High" if (level == VULN_PRIORITY::HIGH)
		return "Medium" if (level == VULN_PRIORITY::MEDIUM)
		return "Low" if (level == VULN_PRIORITY::LOW)
		return "Informational" if (level == VULN_PRIORITY::INFORMATIONAL)
		return "None"
	end

	return rt.getVulnPriorityString(level)
end