Return nexpose_id via API using vulnid

[ben-git-hub99]

Hi,

I would like to see if the ability exists or can be easily created to pull the nexpose_id via API just in general. The SQL query is incredibly slow SELECT nexpose_id from dim_vulnerability where vulnerability_id = 'xxx'

I am aware that #list_device_vulns exists. However, if the vulnerability was resolved prior, this causes my code to throw an exception or force a full scan.

This would help resolve 2 major bugs in our code deployment. Thanks!

Here is some example code.

      a = nsc.list_device_vulns(d)
      id = ''
      a.each {|v| v.console_id == vulnid.to_i ? (id = v.id) : (raise Exception.new("No vulnerability found."))}```

[gschneider-r7]

How are you intending to look up the vulnerability ID? What would you be passing in as params to find it?

[ben-git-hub99]

Via the NXID field in ticket creation, I already have the device_id and vuln_id. I would simply provide the numerical vuln_id from the ticket as a parameter. Sorry, should have clarified that.

[ben-git-hub99]

The value corresponds as so - https://127.0.0.1:3780/vulnerability/vuln-summary.jsp?vulnid=29225

Normally, I would provide the devid and vulnid, but if devid is Nil, it throws the error.

[gschneider-r7]

I think I'm still not quite following, at what point are you getting the numeric vuln ID when using the API? The natural ID should always be present in any responses that provide vulnerabilities.

[ben-git-hub99]

When generating tickets using nexpose_ticketing gem, an NXID is generated. It looks something like this: NXID: 187d20000d29225

187 = site number
20000 = device id
29225 = vuln id
https://127.0.0.1:3780/vulnerability/vuln-summary.jsp?vulnid=29225&devid=20000

Querying the device using the following code and then passing the id for template creation:

d = '20000'
a = nsc.list_device_vulns(d)
id = ''
a.each {|v| v.console_id == vulnid.to_i ? (id = v.id) : ()}
...
template.enable_vuln_check(id)

In this case, the id should be 'apache-httpd-cve-2012-0883' However, the vulnerability is reporting as no longer existent. Thus, when passing the nil id, the template can't be created. This is the reason for the exception prior.

If I could just do something like id = nsc.list_natural_id(vulnid) , this would meet my needs because the template could always be created and just for cya reasons, we would rescan the issue once more.

[gschneider-r7]

I see now. Unfortunately it doesn't look like there is a trivial way to do this currently through existing APIs in Nexpose.

What might work is to do a one-time SQL query export of all vuln IDs and vuln natural IDs, so you can map them quickly offline. You'd have to re-generate weekly to keep up with content updates. You could probably even store it in a sqlite DB for potentially faster lookup (vs searching a csv file).

[ben-git-hub99]

Is it possible for this functionality to be included in the future? It looks like passing the site parameter to the sql query greatly decreases the processing time. I will do that for now.

[gschneider-r7]

I don't think we'll add an API for that to Nexpose since the use case is limited. I think it would make more sense to have the ticketing gem put the natural ID somewhere and not force users to rely on numeric IDs that are unique to each console.

[gschneider-r7]

I opened rapid7/nexpose_ticketing#8 to help move along any changes there (if necessary). I'm closing this issue since IMO the ticketing gem should be providing the natural IDs.