appsec_flow_anvil 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +4 -0
  3. data/Gemfile.lock +70 -0
  4. data/README.md +38 -0
  5. data/anvil.gemspec +22 -0
  6. data/lib/anvil.rb +1 -0
  7. data/lib/anvil/client.rb +33 -0
  8. data/lib/anvil/vulnerability.rb +26 -0
  9. data/lib/anvil/vulnerability_template.rb +26 -0
  10. metadata +93 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: f1ef5f1ef6d42cffa059d9a3854c17e10327cada
4
+ data.tar.gz: 2a755837a94787a33fae454806b4a2bed3d14640
5
+ SHA512:
6
+ metadata.gz: c1bc0a5492309d4affd43dd6518de5f09ec48244c8ba5a56524ccc1656fee61516506ddf98cda8b8afe11ddaafcf6514bbbef9113f3d903de6258bc0aa7d3d09
7
+ data.tar.gz: 8ba0ca2d737060d3528af4560a19de0e28d773c2b462d5740f272226728f88480572b6cfeec05dc667f93f4bce978b06a24dac72ac93a936f7f8cc2784296df1
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gem 'faraday'
4
+ gem 'irbtools', require: 'irbtools/binding'
data/Gemfile.lock ADDED
@@ -0,0 +1,70 @@
1
+ GEM
2
+ remote: https://rubygems.org/
3
+ specs:
4
+ binding.repl (3.0.0)
5
+ cd (1.0.1)
6
+ clipboard (1.1.2)
7
+ code (0.9.2)
8
+ coderay (~> 1.1)
9
+ method_source (~> 0.9)
10
+ coderay (1.1.2)
11
+ debugging (1.1.1)
12
+ binding.repl (~> 3.0)
13
+ paint (>= 0.9, < 3.0)
14
+ every_day_irb (2.0.0)
15
+ cd (~> 1.0)
16
+ fancy_irb (1.1.0)
17
+ paint (>= 0.9, < 3.0)
18
+ unicode-display_width (~> 1.1)
19
+ faraday (0.13.1)
20
+ multipart-post (>= 1.2, < 3)
21
+ ffi (1.9.25)
22
+ hirb (0.7.3)
23
+ instance (0.2.0)
24
+ interactive_editor (0.0.11)
25
+ spoon (>= 0.0.1)
26
+ irbtools (2.2.1)
27
+ binding.repl (~> 3.0)
28
+ clipboard (~> 1.1)
29
+ code (~> 0.9)
30
+ coderay (~> 1.1)
31
+ debugging (~> 1.1)
32
+ every_day_irb (~> 2.0)
33
+ fancy_irb (~> 1.1)
34
+ hirb (~> 0.7, >= 0.7.3)
35
+ instance (~> 0.2)
36
+ interactive_editor (~> 0.0, >= 0.0.10)
37
+ method_locator (~> 0.0, >= 0.0.4)
38
+ methodfinder (~> 2.0)
39
+ ori (~> 0.1.0)
40
+ os
41
+ paint (>= 0.9, < 3.0)
42
+ ruby_engine (~> 1.0)
43
+ ruby_info (~> 1.0)
44
+ ruby_version (~> 1.0)
45
+ wirb (~> 2.0)
46
+ method_locator (0.0.4)
47
+ method_source (0.9.0)
48
+ methodfinder (2.2.1)
49
+ multipart-post (2.0.0)
50
+ ori (0.1.0)
51
+ os (1.0.0)
52
+ paint (2.0.1)
53
+ ruby_engine (1.0.1)
54
+ ruby_info (1.0.1)
55
+ ruby_version (1.0.1)
56
+ spoon (0.0.6)
57
+ ffi
58
+ unicode-display_width (1.4.0)
59
+ wirb (2.1.2)
60
+ paint (>= 0.9, < 3.0)
61
+
62
+ PLATFORMS
63
+ ruby
64
+
65
+ DEPENDENCIES
66
+ faraday
67
+ irbtools
68
+
69
+ BUNDLED WITH
70
+ 1.16.0
data/README.md ADDED
@@ -0,0 +1,38 @@
1
+ # Anvil
2
+
3
+ ## API version support
4
+
5
+ This client supports AppSec Flow
6
+
7
+ ## Installation
8
+
9
+ The Anvil can be installed using Rubygems or Bundler.
10
+
11
+ ### Rubygems
12
+
13
+ ```sh
14
+ gem install appsec_flow_anvil
15
+ ```
16
+
17
+ ### Bundler
18
+
19
+ Add it to your Gemfile
20
+
21
+ gem "appsec_flow_anvil"
22
+
23
+ and follow normal [Bundler](http://gembundler.com/) installation and execution procedures.
24
+
25
+ ## Usage
26
+
27
+ You will use an instance of Anvil::Client with your api code and environment (production, staging) as parameters.
28
+
29
+ ```ruby
30
+ client = Anvil::Client.new('my_api_code', 'staging')
31
+ ```
32
+
33
+ And with the client instance you can create new vulnerabilities on AppSec Flow
34
+
35
+ ```ruby
36
+ client.vulnerabilities.create!(client_impact: 'impact_here', project_id: 9999, vulnerability_model_id: 10,
37
+ failure_type: 'code_review', code_review_code: 'code', evidences: ['/myfile/image.png'])
38
+ ```
data/anvil.gemspec ADDED
@@ -0,0 +1,22 @@
1
+ lib = File.expand_path('../lib', __FILE__)
2
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
+
4
+ Gem::Specification.new do |s|
5
+ s.name = 'appsec_flow_anvil'
6
+ s.version = '0.0.1'
7
+ s.date = '2017-11-19'
8
+ s.summary = 'Armature REST API Client'
9
+ s.description = 'Ruby wrapper for the REST API for Conviso Armature'
10
+ s.authors = ['Anezio Campos']
11
+ s.email = 'newdevas@gmail.com'
12
+ s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
13
+ s.homepage = 'http://app.conviso.com.br'
14
+ s.license = 'MIT'
15
+ s.required_ruby_version = '2.4.2'
16
+ s.bindir = 'exe'
17
+ s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
18
+ s.require_paths = ['lib']
19
+ s.add_development_dependency 'bundler', '~> 1.8'
20
+ s.add_development_dependency 'rake', '~> 10.0'
21
+ s.add_development_dependency 'rspec'
22
+ end
data/lib/anvil.rb ADDED
@@ -0,0 +1 @@
1
+ module Anvil; end
data/lib/anvil/client.rb ADDED
@@ -0,0 +1,33 @@
1
+ module Anvil
2
+ class Client
3
+ attr_reader :api_key, :base_url
4
+
5
+ def initialize(api_key, environment)
6
+ @api_key = api_key
7
+ load_base_url_for(environment)
8
+ end
9
+
10
+ def vulnerabilities
11
+ Anvil::Vulnerability.new(self)
12
+ end
13
+
14
+ def vulnerability_templates
15
+ Anvil::VulnerabilityTemplate.new(self)
16
+ end
17
+
18
+ private
19
+
20
+ def load_base_url_for(environment)
21
+ case environment
22
+ when 'localhost'
23
+ @base_url = 'http://localhost:3000'
24
+ when 'production'
25
+ @base_url = 'https://app.conviso.com.br'
26
+ when 'staging'
27
+ @base_url = 'https://homologa.conviso.com.br'
28
+ else
29
+ raise ArgumentError, "environment must be 'production' or 'staging'"
30
+ end
31
+ end
32
+ end
33
+ end
data/lib/anvil/vulnerability.rb ADDED
@@ -0,0 +1,26 @@
1
+ module Anvil
2
+ class Vulnerability
3
+ attr_reader :client, :args
4
+
5
+ def initialize(client)
6
+ raise ArgumentError, 'client param must be a Client class' if client.class != Anvil::Client
7
+
8
+ @client = client
9
+ end
10
+
11
+ def create!(*params)
12
+ params.first[:evidences].each do |archive_path|
13
+ params.first[:vulnerability_archives_attributes] = [{ archive: Faraday::UploadIO.new(archive_path, 'image/png') }]
14
+ end
15
+ params.first.delete(:evidences)
16
+
17
+ conn = Faraday.new(url: @client.base_url) do |f|
18
+ f.request :multipart
19
+ f.request :url_encoded
20
+ f.adapter :net_http
21
+ end
22
+ conn.post '/api/v2/vulnerabilities', vulnerability: params.first,
23
+ api_key: @client.api_key
24
+ end
25
+ end
26
+ end
data/lib/anvil/vulnerability_template.rb ADDED
@@ -0,0 +1,26 @@
1
+ require 'faraday'
2
+
3
+ module Anvil
4
+ class VulnerabilityTemplate
5
+ attr_reader :client, :args
6
+
7
+ def initialize(client)
8
+ if client.class != Anvil::Client
9
+ raise ArgumentError, "client param must be a Client class"
10
+ end
11
+ @client = client
12
+ end
13
+
14
+ def search(value)
15
+ url = URI.parse("#{@client.base_url}/api/v2/vulnerability_templates/?value=#{value}")
16
+ req = Net::HTTP::Get.new(url.to_s)
17
+ res = Net::HTTP.start(url.host, url.port) { |http| http.request(req) }
18
+ JSON.parse(res.body)
19
+ end
20
+
21
+ def create!(params)
22
+ conn = Faraday.new(:url => "#{@client.base_url}")
23
+ conn.post '/api/v2/vulnerability_templates', vulnerability_template: params
24
+ end
25
+ end
26
+ end
metadata ADDED
@@ -0,0 +1,93 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: appsec_flow_anvil
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Anezio Campos
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2017-11-19 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.8'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.8'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description: Ruby wrapper for the REST API for Conviso Armature
56
+ email: newdevas@gmail.com
57
+ executables: []
58
+ extensions: []
59
+ extra_rdoc_files: []
60
+ files:
61
+ - Gemfile
62
+ - Gemfile.lock
63
+ - README.md
64
+ - anvil.gemspec
65
+ - lib/anvil.rb
66
+ - lib/anvil/client.rb
67
+ - lib/anvil/vulnerability.rb
68
+ - lib/anvil/vulnerability_template.rb
69
+ homepage: http://app.conviso.com.br
70
+ licenses:
71
+ - MIT
72
+ metadata: {}
73
+ post_install_message:
74
+ rdoc_options: []
75
+ require_paths:
76
+ - lib
77
+ required_ruby_version: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - '='
80
+ - !ruby/object:Gem::Version
81
+ version: 2.4.2
82
+ required_rubygems_version: !ruby/object:Gem::Requirement
83
+ requirements:
84
+ - - ">="
85
+ - !ruby/object:Gem::Version
86
+ version: '0'
87
+ requirements: []
88
+ rubyforge_project:
89
+ rubygems_version: 2.6.14
90
+ signing_key:
91
+ specification_version: 4
92
+ summary: Armature REST API Client
93
+ test_files: []