appsec_flow_anvil 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +4 -0
  3. data/Gemfile.lock +70 -0
  4. data/README.md +38 -0
  5. data/anvil.gemspec +22 -0
  6. data/lib/anvil.rb +1 -0
  7. data/lib/anvil/client.rb +33 -0
  8. data/lib/anvil/vulnerability.rb +26 -0
  9. data/lib/anvil/vulnerability_template.rb +26 -0
  10. metadata +93 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: f1ef5f1ef6d42cffa059d9a3854c17e10327cada
4
+ data.tar.gz: 2a755837a94787a33fae454806b4a2bed3d14640
5
+ SHA512:
6
+ metadata.gz: c1bc0a5492309d4affd43dd6518de5f09ec48244c8ba5a56524ccc1656fee61516506ddf98cda8b8afe11ddaafcf6514bbbef9113f3d903de6258bc0aa7d3d09
7
+ data.tar.gz: 8ba0ca2d737060d3528af4560a19de0e28d773c2b462d5740f272226728f88480572b6cfeec05dc667f93f4bce978b06a24dac72ac93a936f7f8cc2784296df1
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gem 'faraday'
4
+ gem 'irbtools', require: 'irbtools/binding'
data/Gemfile.lock ADDED
@@ -0,0 +1,70 @@
1
+ GEM
2
+ remote: https://rubygems.org/
3
+ specs:
4
+ binding.repl (3.0.0)
5
+ cd (1.0.1)
6
+ clipboard (1.1.2)
7
+ code (0.9.2)
8
+ coderay (~> 1.1)
9
+ method_source (~> 0.9)
10
+ coderay (1.1.2)
11
+ debugging (1.1.1)
12
+ binding.repl (~> 3.0)
13
+ paint (>= 0.9, < 3.0)
14
+ every_day_irb (2.0.0)
15
+ cd (~> 1.0)
16
+ fancy_irb (1.1.0)
17
+ paint (>= 0.9, < 3.0)
18
+ unicode-display_width (~> 1.1)
19
+ faraday (0.13.1)
20
+ multipart-post (>= 1.2, < 3)
21
+ ffi (1.9.25)
22
+ hirb (0.7.3)
23
+ instance (0.2.0)
24
+ interactive_editor (0.0.11)
25
+ spoon (>= 0.0.1)
26
+ irbtools (2.2.1)
27
+ binding.repl (~> 3.0)
28
+ clipboard (~> 1.1)
29
+ code (~> 0.9)
30
+ coderay (~> 1.1)
31
+ debugging (~> 1.1)
32
+ every_day_irb (~> 2.0)
33
+ fancy_irb (~> 1.1)
34
+ hirb (~> 0.7, >= 0.7.3)
35
+ instance (~> 0.2)
36
+ interactive_editor (~> 0.0, >= 0.0.10)
37
+ method_locator (~> 0.0, >= 0.0.4)
38
+ methodfinder (~> 2.0)
39
+ ori (~> 0.1.0)
40
+ os
41
+ paint (>= 0.9, < 3.0)
42
+ ruby_engine (~> 1.0)
43
+ ruby_info (~> 1.0)
44
+ ruby_version (~> 1.0)
45
+ wirb (~> 2.0)
46
+ method_locator (0.0.4)
47
+ method_source (0.9.0)
48
+ methodfinder (2.2.1)
49
+ multipart-post (2.0.0)
50
+ ori (0.1.0)
51
+ os (1.0.0)
52
+ paint (2.0.1)
53
+ ruby_engine (1.0.1)
54
+ ruby_info (1.0.1)
55
+ ruby_version (1.0.1)
56
+ spoon (0.0.6)
57
+ ffi
58
+ unicode-display_width (1.4.0)
59
+ wirb (2.1.2)
60
+ paint (>= 0.9, < 3.0)
61
+
62
+ PLATFORMS
63
+ ruby
64
+
65
+ DEPENDENCIES
66
+ faraday
67
+ irbtools
68
+
69
+ BUNDLED WITH
70
+ 1.16.0
data/README.md ADDED
@@ -0,0 +1,38 @@
1
+ # Anvil
2
+
3
+ ## API version support
4
+
5
+ This client supports AppSec Flow
6
+
7
+ ## Installation
8
+
9
+ The Anvil can be installed using Rubygems or Bundler.
10
+
11
+ ### Rubygems
12
+
13
+ ```sh
14
+ gem install appsec_flow_anvil
15
+ ```
16
+
17
+ ### Bundler
18
+
19
+ Add it to your Gemfile
20
+
21
+ gem "appsec_flow_anvil"
22
+
23
+ and follow normal [Bundler](http://gembundler.com/) installation and execution procedures.
24
+
25
+ ## Usage
26
+
27
+ You will use an instance of Anvil::Client with your api code and environment (production, staging) as parameters.
28
+
29
+ ```ruby
30
+ client = Anvil::Client.new('my_api_code', 'staging')
31
+ ```
32
+
33
+ And with the client instance you can create new vulnerabilities on AppSec Flow
34
+
35
+ ```ruby
36
+ client.vulnerabilities.create!(client_impact: 'impact_here', project_id: 9999, vulnerability_model_id: 10,
37
+ failure_type: 'code_review', code_review_code: 'code', evidences: ['/myfile/image.png'])
38
+ ```
data/anvil.gemspec ADDED
@@ -0,0 +1,22 @@
1
+ lib = File.expand_path('../lib', __FILE__)
2
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
+
4
+ Gem::Specification.new do |s|
5
+ s.name = 'appsec_flow_anvil'
6
+ s.version = '0.0.1'
7
+ s.date = '2017-11-19'
8
+ s.summary = 'Armature REST API Client'
9
+ s.description = 'Ruby wrapper for the REST API for Conviso Armature'
10
+ s.authors = ['Anezio Campos']
11
+ s.email = 'newdevas@gmail.com'
12
+ s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
13
+ s.homepage = 'http://app.conviso.com.br'
14
+ s.license = 'MIT'
15
+ s.required_ruby_version = '2.4.2'
16
+ s.bindir = 'exe'
17
+ s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
18
+ s.require_paths = ['lib']
19
+ s.add_development_dependency 'bundler', '~> 1.8'
20
+ s.add_development_dependency 'rake', '~> 10.0'
21
+ s.add_development_dependency 'rspec'
22
+ end
data/lib/anvil.rb ADDED
@@ -0,0 +1 @@
1
+ module Anvil; end
data/lib/anvil/client.rb ADDED
@@ -0,0 +1,33 @@
1
+ module Anvil
2
+ class Client
3
+ attr_reader :api_key, :base_url
4
+
5
+ def initialize(api_key, environment)
6
+ @api_key = api_key
7
+ load_base_url_for(environment)
8
+ end
9
+
10
+ def vulnerabilities
11
+ Anvil::Vulnerability.new(self)
12
+ end
13
+
14
+ def vulnerability_templates
15
+ Anvil::VulnerabilityTemplate.new(self)
16
+ end
17
+
18
+ private
19
+
20
+ def load_base_url_for(environment)
21
+ case environment
22
+ when 'localhost'
23
+ @base_url = 'http://localhost:3000'
24
+ when 'production'
25
+ @base_url = 'https://app.conviso.com.br'
26
+ when 'staging'
27
+ @base_url = 'https://homologa.conviso.com.br'
28
+ else
29
+ raise ArgumentError, "environment must be 'production' or 'staging'"
30
+ end
31
+ end
32
+ end
33
+ end
data/lib/anvil/vulnerability.rb ADDED
@@ -0,0 +1,26 @@
1
+ module Anvil
2
+ class Vulnerability
3
+ attr_reader :client, :args
4
+
5
+ def initialize(client)
6
+ raise ArgumentError, 'client param must be a Client class' if client.class != Anvil::Client
7
+
8
+ @client = client
9
+ end
10
+
11
+ def create!(*params)
12
+ params.first[:evidences].each do |archive_path|
13
+ params.first[:vulnerability_archives_attributes] = [{ archive: Faraday::UploadIO.new(archive_path, 'image/png') }]
14
+ end
15
+ params.first.delete(:evidences)
16
+
17
+ conn = Faraday.new(url: @client.base_url) do |f|
18
+ f.request :multipart
19
+ f.request :url_encoded
20
+ f.adapter :net_http
21
+ end
22
+ conn.post '/api/v2/vulnerabilities', vulnerability: params.first,
23
+ api_key: @client.api_key
24
+ end
25
+ end
26
+ end
data/lib/anvil/vulnerability_template.rb ADDED
@@ -0,0 +1,26 @@
1
+ require 'faraday'
2
+
3
+ module Anvil
4
+ class VulnerabilityTemplate
5
+ attr_reader :client, :args
6
+
7
+ def initialize(client)
8
+ if client.class != Anvil::Client
9
+ raise ArgumentError, "client param must be a Client class"
10
+ end
11
+ @client = client
12
+ end
13
+
14
+ def search(value)
15
+ url = URI.parse("#{@client.base_url}/api/v2/vulnerability_templates/?value=#{value}")
16
+ req = Net::HTTP::Get.new(url.to_s)
17
+ res = Net::HTTP.start(url.host, url.port) { |http| http.request(req) }
18
+ JSON.parse(res.body)
19
+ end
20
+
21
+ def create!(params)
22
+ conn = Faraday.new(:url => "#{@client.base_url}")
23
+ conn.post '/api/v2/vulnerability_templates', vulnerability_template: params
24
+ end
25
+ end
26
+ end
metadata ADDED
@@ -0,0 +1,93 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: appsec_flow_anvil
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Anezio Campos
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2017-11-19 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.8'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.8'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description: Ruby wrapper for the REST API for Conviso Armature
56
+ email: newdevas@gmail.com
57
+ executables: []
58
+ extensions: []
59
+ extra_rdoc_files: []
60
+ files:
61
+ - Gemfile
62
+ - Gemfile.lock
63
+ - README.md
64
+ - anvil.gemspec
65
+ - lib/anvil.rb
66
+ - lib/anvil/client.rb
67
+ - lib/anvil/vulnerability.rb
68
+ - lib/anvil/vulnerability_template.rb
69
+ homepage: http://app.conviso.com.br
70
+ licenses:
71
+ - MIT
72
+ metadata: {}
73
+ post_install_message:
74
+ rdoc_options: []
75
+ require_paths:
76
+ - lib
77
+ required_ruby_version: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - '='
80
+ - !ruby/object:Gem::Version
81
+ version: 2.4.2
82
+ required_rubygems_version: !ruby/object:Gem::Requirement
83
+ requirements:
84
+ - - ">="
85
+ - !ruby/object:Gem::Version
86
+ version: '0'
87
+ requirements: []
88
+ rubyforge_project:
89
+ rubygems_version: 2.6.14
90
+ signing_key:
91
+ specification_version: 4
92
+ summary: Armature REST API Client
93
+ test_files: []