controls 1.0.2 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/docs/index.md +2 -1
- data/lib/controls/client.rb +43 -9
- data/lib/controls/client/assets.rb +11 -1
- data/lib/controls/client/security_controls.rb +26 -0
- data/lib/controls/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b4c24961d1145261cb33c03a110b650f41eea255
|
4
|
+
data.tar.gz: 4df1a60e8405bbc41f875b9f6dad838bab803021
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8e9d57de39f63b248311e1642149d05f09884543dcb6953266e1478ab14d01c6293ac32cc3913ecb4c218d8bc987b464bc01a1c970c2b887c0667226a46ac37f
|
7
|
+
data.tar.gz: d873718f6aaab45b0511fd5b658aa3c57827168185112ca89b973b261ac23fd4e4ba1422255a2e011c5f613a3a0539a7c15fa96b2d8945ac93c45349cac19f5c
|
data/docs/index.md
CHANGED
@@ -38,7 +38,8 @@ Controls.get '/'
|
|
38
38
|
### Curl
|
39
39
|
```bash
|
40
40
|
# Use -k to allow a self-signed certificate
|
41
|
-
curl -H 'Accept: application/json' --netrc-file ~/.rapid7_netrc -ik
|
41
|
+
curl -H 'Accept: application/json' --netrc-file ~/.rapid7_netrc -ik \
|
42
|
+
https://nexpose.local:3780/insight/controls/api/1.0
|
42
43
|
```
|
43
44
|
|
44
45
|
### Ruby
|
data/lib/controls/client.rb
CHANGED
@@ -23,9 +23,12 @@ module Controls
|
|
23
23
|
include Controls::Client::Threats
|
24
24
|
include Controls::Client::Trends
|
25
25
|
|
26
|
-
|
27
|
-
|
28
|
-
|
26
|
+
# A few messages to show the user of Controls::Client in the case that a bad certificate is encountered
|
27
|
+
SSL_WARNING = [
|
28
|
+
'The API endpoint used a self-signed or invalid SSL certificate.',
|
29
|
+
'To allow this connection temporarily use `Controls.verify_ssl = false`.',
|
30
|
+
'See the Controls.rb wiki on GitHub for more information on SSL verification.'
|
31
|
+
]
|
29
32
|
|
30
33
|
# Creates a new {Controls::Client} object
|
31
34
|
#
|
@@ -54,10 +57,14 @@ module Controls
|
|
54
57
|
end
|
55
58
|
end
|
56
59
|
|
60
|
+
# Whether the middleware is currently set to verify SSL connections
|
57
61
|
def verify_ssl
|
58
62
|
middleware.ssl[:verify].nil? || !!middleware.ssl[:verify]
|
59
63
|
end
|
60
64
|
|
65
|
+
# Sets the middleware to to verify the SSL on true, or disregard it on false
|
66
|
+
#
|
67
|
+
# @param [Boolean] verify whether to verify SSL or not
|
61
68
|
def verify_ssl=(verify)
|
62
69
|
middleware.ssl[:verify] = !!verify
|
63
70
|
end
|
@@ -89,14 +96,13 @@ module Controls
|
|
89
96
|
end
|
90
97
|
end
|
91
98
|
|
92
|
-
|
93
|
-
# A wrapper for GET requests
|
99
|
+
# A wrapper for PUT requests
|
94
100
|
#
|
95
101
|
# @return [Array,Hash] an array or hash of parsed JSON data
|
96
|
-
def
|
102
|
+
def put(path, body = {}, headers = {}, &block)
|
97
103
|
headers = connection_options[:headers].merge(headers)
|
98
|
-
url = URI.escape(File.join(
|
99
|
-
resp = middleware.
|
104
|
+
url = URI.escape(File.join(api_endpoint, path))
|
105
|
+
resp = middleware.put(url, body, headers, &block)
|
100
106
|
|
101
107
|
Response.parse(resp.body)
|
102
108
|
rescue Faraday::Error::ConnectionFailed => e
|
@@ -107,6 +113,10 @@ module Controls
|
|
107
113
|
end
|
108
114
|
end
|
109
115
|
|
116
|
+
# A list of methods for API connections available to the {Controls::Client}
|
117
|
+
#
|
118
|
+
# @note Any methods defined in a child module will be returned.
|
119
|
+
# @return [Array<Symbol>] the methods defined in {Controls::Client} that are API related
|
110
120
|
def api_methods
|
111
121
|
mods = Controls::Client.included_modules.map do |mod|
|
112
122
|
if mod.to_s =~ /^Controls::Client::/
|
@@ -117,12 +127,15 @@ module Controls
|
|
117
127
|
mods.compact.map { |mod| mod.instance_methods(false) }.flatten.sort
|
118
128
|
end
|
119
129
|
|
130
|
+
# A set of references from the "documentation" API endpoint /api
|
131
|
+
#
|
132
|
+
# @param [String] version the API version to collect documentation from
|
120
133
|
def references(version = '1.0')
|
121
134
|
version = '1.0' unless version =~ /\d.\d/
|
122
135
|
|
123
136
|
web_get "/api/#{version}"
|
124
137
|
|
125
|
-
# Use generate_ruby
|
138
|
+
# [review] - Use Response#generate_ruby
|
126
139
|
@references = Hash[Response.parse(resp.body).sort]
|
127
140
|
rescue Faraday::Error::ConnectionFailed => e
|
128
141
|
if e.message =~ /^SSL_connect/
|
@@ -132,6 +145,10 @@ module Controls
|
|
132
145
|
end
|
133
146
|
end
|
134
147
|
|
148
|
+
# Compares {#options} or with the given options hash
|
149
|
+
#
|
150
|
+
# @param [Hash] opts whether the options are the same or different
|
151
|
+
# @return whether the options are the same or different
|
135
152
|
def same_options?(opts)
|
136
153
|
opts.hash.eql? options.hash
|
137
154
|
end
|
@@ -149,5 +166,22 @@ module Controls
|
|
149
166
|
end # end
|
150
167
|
RUBY
|
151
168
|
end
|
169
|
+
|
170
|
+
# A wrapper for GET requests to the Controls endpoint root (web endpoint)
|
171
|
+
#
|
172
|
+
# @return [Array,Hash] an array or hash of parsed JSON data
|
173
|
+
def web_get(path, params = {}, headers = {})
|
174
|
+
headers = connection_options[:headers].merge(headers)
|
175
|
+
url = URI.escape(File.join(web_endpoint, path))
|
176
|
+
resp = middleware.get(url, params, headers)
|
177
|
+
|
178
|
+
Response.parse(resp.body)
|
179
|
+
rescue Faraday::Error::ConnectionFailed => e
|
180
|
+
if e.message =~ /^SSL_connect/
|
181
|
+
warn(*SSL_WARNING)
|
182
|
+
else
|
183
|
+
raise e
|
184
|
+
end
|
185
|
+
end
|
152
186
|
end
|
153
187
|
end
|
@@ -6,6 +6,7 @@ module Controls
|
|
6
6
|
module Assets
|
7
7
|
# @!group Asset Methods
|
8
8
|
|
9
|
+
# [todo] - use @overload here for assets(params) vs assets(uuid) vs assets({ uuid: 'uuid-string', other: 'param' })
|
9
10
|
# @note since the uuid is an optional param it has been added to the
|
10
11
|
# params options hash
|
11
12
|
# @raise [Controls::NotFound] if the uuid didn't match any assets
|
@@ -18,13 +19,22 @@ module Controls
|
|
18
19
|
params = {}
|
19
20
|
end
|
20
21
|
|
21
|
-
if uuid
|
22
|
+
if uuid && !uuid.empty?
|
22
23
|
get "/assets/#{uuid}", params
|
23
24
|
else
|
24
25
|
get '/assets', params
|
25
26
|
end
|
26
27
|
end
|
27
28
|
|
29
|
+
# [todo] - change the name to asset_search/search_assets?
|
30
|
+
# @param [String] query the query to retreive assets for
|
31
|
+
# @param [Hash] params the option hash to be turned into query parameters
|
32
|
+
# @return [Hash] a hash representing the matching assets
|
33
|
+
def assets_search(query, params = {})
|
34
|
+
params[:q] = query
|
35
|
+
get "/assets/search", params
|
36
|
+
end
|
37
|
+
|
28
38
|
# @param [String] guidance the guidance name to search by
|
29
39
|
# @return [Array<Hash>] an array of hashes that represent assets
|
30
40
|
def applicable_assets(guidance, params = {})
|
@@ -13,6 +13,7 @@ module Controls
|
|
13
13
|
|
14
14
|
# @param [String] control the name of the security control name to
|
15
15
|
# retrieve
|
16
|
+
# @todo warn that this method returns a different object now?
|
16
17
|
# @return [Hash] a hash representing a security control
|
17
18
|
def security_controls(control = nil)
|
18
19
|
if control
|
@@ -22,6 +23,31 @@ module Controls
|
|
22
23
|
end
|
23
24
|
end
|
24
25
|
|
26
|
+
# @param [String] control the name of the security control name to
|
27
|
+
# retrieve
|
28
|
+
# @todo add a since note? this replaces security_controls and security_controls now returns a new object
|
29
|
+
# @return [Hash] a hash representing a security control coverage
|
30
|
+
def security_controls_coverage(control = nil)
|
31
|
+
if control
|
32
|
+
get "/coverage/security_controls/#{control}"
|
33
|
+
else
|
34
|
+
get '/coverage/security_controls'
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
# Updates the specified security control(s)
|
39
|
+
#
|
40
|
+
# @param [Array[Hash{String=>String,Boolean}] controls a list of controls to update
|
41
|
+
# @return [void]
|
42
|
+
def update_security_controls(controls)
|
43
|
+
# [review] - this style is a discouraged for Arrays, but we want to treat controls as an Array of Hashes
|
44
|
+
if controls.is_a? Array
|
45
|
+
put '/security_controls', controls.to_json
|
46
|
+
elsif controls.is_a? Hash
|
47
|
+
put "/security_controls/#{control['name']}", control.to_json
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
25
51
|
# @param [String] vector the threat vector to search for securuty controls
|
26
52
|
# by
|
27
53
|
# @return [Array<Hash>] a list of hashes representing threats
|
data/lib/controls/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: controls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Erran Carey
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2014-01-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|