controls 1.5.1 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: afef162bcbc4d24e5943361cb4e5b55c4fbe2b06
-  data.tar.gz: ab9875952d506d826d3464593790a30368ca179a
+  metadata.gz: c454bb91456860e8b28060cca709a3955d7e227e
+  data.tar.gz: d1069c59e852f48ebb04e6fb3acfa517177dd320
 SHA512:
-  metadata.gz: cfd01f6176f85cca3499c7d226d2eed978e26e620a4625ceb700e9f95f4b00858142669065206adbc644946a9712d254cb079b7bb0f458c5fd3aa6e921602308
-  data.tar.gz: 1ac3ddf95b414e5a3bb3007c149650ae204fde284d08666601711a743c6d5ddb84223bd9c60a5a63aae27450359304217b6aea6cb8cc6c6a509ca97038fc1b17
+  metadata.gz: a61b496ef91f6570129fea1491fca80862715227c5a8556dfd9aaa1c46d81d20e3a4273de70fb96b47d6442872951ebdcf3bc99e9cb87f138fe59b67ad5c8153
+  data.tar.gz: c2e8ce4004164c97f9650fd6e63c5078a47674f840ee460cfcd7f2075178f0838acfe00e53aea27e3bae40442e6dca7a38a2f8f7988c12c149797ce0062a0762

data/.gitignore

@@ -17,3 +17,4 @@ test/version_tmp
 tmp
 docs/crash.log
 docs/output/
+.watsonrc

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 2.1.0
+env:
+  - CONTROLS_API_ENDPOINT="https://controlsinsight.apiary.io/insight/controls/api"

data/Gemfile

@@ -2,3 +2,12 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in controls.gemspec
 gemspec
+
+group :test do
+  gem 'rake'
+  gem 'rspec'
+end
+
+group :documentation do
+  gem 'yard'
+end

data/README.md

@@ -1,4 +1,6 @@
 # controlsinsight client gem
+[![Build Status](https://travis-ci.org/erran/controls.rb.png?branch=master)](https://travis-ci.org/erran/controls.rb)
+
 The **controls**insight (controls) gem interfaces with [Rapid7's **controls**insight API](http://rapid7.github.io/controlsinsight.rb).
 
 ## Installation

data/Rakefile

@@ -1,3 +1,8 @@
 require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
-task :default => :install
+RSpec::Core::RakeTask.new(:spec) do |task|
+  task.rspec_opts = "--require ./spec/spec_helper.rb --format documentation --color"
+end
+
+task :default => :spec

data/apiary.apib

@@ -0,0 +1,60 @@
+FORMAT: 1A
+HOST: https://nexpose.local:3780/insight/controls/api/
+
+# ControlsInsight
+Notes API is a *short texts saving* service similar to its physical paper presence on your table.
+
+# Group Assessments
+## Assessment Collection [/assessments]
+### Assessments [GET]
+
++ Response 200 (application/json)
+
+            {
+              "id": 1,
+              "assessing": false,
+              "highRiskAssetCount": 0,
+              "mediumRiskAssetCount": 24,
+              "lowRiskAssetCount": 0,
+              "totalAssetCount": 24,
+              "overallRiskScore": 4.004146038088617,
+              "timestamp": 1393184605912
+            }
+
+## Assessment [/assessments/{assessment_id}]
+### Assessment by ID [GET]
+
++ Parameters
+    + assessment_id (optional, integer, `1`) ... The ID of the assessment to retreive.
+
++ Response 200 (application/json)
+
+            {
+              "id": 1,
+              "assessing": false,
+              "highRiskAssetCount": 0,
+              "mediumRiskAssetCount": 24,
+              "lowRiskAssetCount": 0,
+              "totalAssetCount": 24,
+              "overallRiskScore": 4.004146038088617,
+              "timestamp": 1393184605912
+            }
+
+# Group Search
+## Assets [/assets/search?query={query}]
+### Asset Search [GET]
+
++ Parameters
+    + query (required, string, `10.4.19`) ... The free text query. This can be a full/partial hostname or IP address.
+
++ Response 200 (application/json)
+
+        [
+          {
+            "uuid": "db899a57-347c-4df9-9ce2-6932dc4adf38>",
+            "riskScore": 5.554266115196547,
+            "riskLevel": "MEDIUM",
+            "hostName": "CMMNCTR2K7R2-U",
+            "ipaddress": "10.4.19.25"
+          }
+        ]

data/controls.gemspec

@@ -24,7 +24,4 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency 'bundler', '~> 1.3'
   spec.add_development_dependency 'netrc'
-  spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'vcr'
-  spec.add_development_dependency 'yard'
 end

data/lib/controls/client.rb

@@ -1,15 +1,18 @@
 require 'json'
 require 'faraday'
-require 'nokogiri'
 require 'rack/utils'
 require 'controls/authentication'
 require 'controls/configurable'
 require 'controls/client/assessments'
 require 'controls/client/assets'
+require 'controls/client/events'
 require 'controls/client/coverage'
+require 'controls/client/configurations'
 require 'controls/client/guidance'
+require 'controls/client/prioritized_guidance'
 require 'controls/client/security_controls'
 require 'controls/client/threats'
+require 'controls/client/threat_vectors'
 require 'controls/client/trends'
 require 'controls/response'
 
@@ -20,10 +23,14 @@ module Controls
     include Controls::Configurable
     include Controls::Client::Assessments
     include Controls::Client::Assets
+    include Controls::Client::Events
     include Controls::Client::Coverage
+    include Controls::Client::Configurations
     include Controls::Client::Guidance
+    include Controls::Client::PrioritizedGuidance
     include Controls::Client::SecurityControls
     include Controls::Client::Threats
+    include Controls::Client::ThreatVectors
     include Controls::Client::Trends
 
     # A few messages to show the user of Controls::Client in the case that a bad certificate is encountered
@@ -94,7 +101,7 @@ module Controls
         path: path
       }
 
-      if !resp.headers['content-type'].eql?("application/json;charset=UTF-8")
+      if !resp.headers['content-type'] =~ /^application\/json/
         fail exception('Invalid content-type error')
       end
 
@@ -119,7 +126,7 @@ module Controls
         path: path
       }
 
-      if !resp.headers['content-type'].eql?("application/json;charset=UTF-8")
+      if !resp.headers['content-type'] =~ /^application\/json/
         fail exception('Invalid content-type error')
       end
 
@@ -194,7 +201,7 @@ module Controls
         path: path
       }
 
-      if !resp.headers['content-type'].eql?("application/json;charset=UTF-8")
+      if !resp.headers['content-type'] =~ /^application\/json/
         fail exception('Invalid content-type error')
       end
 

data/lib/controls/client/events.rb

@@ -0,0 +1,21 @@
+module Controls
+  class Client
+    # A module to encapsulate API methods related to events
+    # @since API v1.0
+    # @version v1.6.0
+    module Events
+      # @!group Event Methods
+
+
+      # Either returns a list of all events or all events by type
+      #
+      # @param [Hash] params the query parameters to send with the request
+      # @option params [String] :filter (:all) the event type to filter by
+      # @raise [Controls::NotFound] if the uuid didn't match any events
+      # @return [Hash] a hash representing the matching event
+      def events(params = {})
+        get '/events', params
+      end
+    end
+  end
+end

data/lib/controls/client/guidance.rb

@@ -1,13 +1,9 @@
-require 'controls/client/prioritized_guidance'
-
 module Controls
   class Client
     # A module to encapsulate API methods related to guidance
     # @since API v1.0
     # @version v1.0.0
     module Guidance
-      include PrioritizedGuidance
-
       # @!group Guidance Methods
 
       # @param [String] name the name of the guidance to search for

data/lib/controls/client/security_controls.rb

@@ -1,5 +1,3 @@
-require 'controls/client/configurations'
-
 module Controls
   class Client
     # A module to encapsulate API methods related to security controls and
@@ -7,8 +5,6 @@ module Controls
     # @since API v1.0
     # @version v1.0.0
     module SecurityControls
-      include Configurations
-
       #!@group Security Control Methods
 
       # @param [String] control the name of the security control name to

data/lib/controls/client/threats.rb

@@ -1,13 +1,9 @@
-require 'controls/client/threat_vectors'
-
 module Controls
   class Client
     # A module to encapsulate API methods related to threats and threat vectors
     # @since API v1.0
     # @version v1.0.0
     module Threats
-      include ThreatVectors
-
       # @!group Threat Methods
 
       # @param [String] threat the threat name to search for

data/lib/controls/default.rb

@@ -31,7 +31,8 @@ module Controls
       # @return [String] the API endpoint's URI as a URL
       def api_endpoint
         endpoint = ENV['CONTROLS_API_ENDPOINT'] || API_ENDPOINT
-        URI.parse(endpoint).to_s
+        # [todo] - this raises an exception, it is only used for URI validation so it's being commented out for now
+        # URI.parse(endpoint).to_s
       end
 
       # @return [String] the API version to connect to

data/lib/controls/ext/dish/plate.rb

@@ -5,18 +5,17 @@ module Dish
       camel_case_key = method.split('_').map(&:capitalize).join
       camel_case_key[0] = camel_case_key[0].downcase
 
-      if method.end_with?('?')
+      if method.end_with? '?'
         key = camel_case_key[0..-2]
         _check_for_presence(key)
-      elsif method.end_with?('=')
+      elsif method.end_with? '='
         key = camel_case_key[0..-2]
         _set_value(key, args.first)
       else
-        value = _get_value(camel_case_key)
-        if value.nil? && !_allowed_keys.include?(camel_case_key)
-          super(method.to_sym, *args, &block)
+        if @_original_hash.key?(camel_case_key)
+          _get_value(camel_case_key)
         else
-          value
+          super(method.to_sym, *args, &block)
         end
       end
     end
@@ -42,18 +41,17 @@ module Dish
       "#<#{self.class}: #{vars.join(', ')}>"
     end
 
+    alias_method :to_h, :as_hash
+
     def to_json(*args)
       as_hash.to_json(*args)
     end
 
     private
+
     def _set_value(key, value)
       value = _convert_value(value, self.class.coercions[key])
       @_original_hash[key] = value
     end
-
-    def _allowed_keys
-      []
-    end
   end
 end

data/lib/controls/objects.rb

@@ -2,10 +2,14 @@ require 'dish'
 require 'controls/ext/dish/plate'
 require 'controls/objects/assessment'
 require 'controls/objects/asset'
+require 'controls/objects/event'
+require 'controls/objects/product_change_event_payload'
 require 'controls/objects/configuration'
 require 'controls/objects/guidance'
 require 'controls/objects/security_control'
+require 'controls/objects/security_control_change_event_payload'
 require 'controls/objects/security_control_coverage'
+require 'controls/objects/site_change_event_payload'
 require 'controls/objects/threat'
 require 'controls/objects/threat_vector'
 require 'controls/objects/trend'

data/lib/controls/objects/coverage_information.rb

@@ -1,7 +1,6 @@
 module Controls
   class CoverageInformation < Dish::Plate
     def to_s
-      # [todo] - generate this
       "#<#{self.class}: total: #{total}, covered: #{covered}, uncovered: #{uncovered}, percent_covered: #{percent_covered}>"
     end
   end

data/lib/controls/objects/event.rb

@@ -0,0 +1,18 @@
+module Controls
+  class Event < Dish::Plate
+    coerce :createdAt, ->(value) { Time.at(value / 1000) if value }
+
+    def payload
+      value = _get_value('payload')
+      Dish(value, Controls.const_get("#{type}Payload"))
+    end
+
+    def inspect
+      super.sub('Event', type)
+    end
+
+    def to_s
+      type
+    end
+  end
+end

data/lib/controls/objects/product_change_event_payload.rb

@@ -0,0 +1,4 @@
+module Controls
+  class ProductChangeEventPayload < Dish::Plate
+  end
+end

data/lib/controls/objects/security_control_change_event_payload.rb

@@ -0,0 +1,4 @@
+module Controls
+  class SecurityControlChangeEventPayload < Dish::Plate
+  end
+end

data/lib/controls/objects/site_change_event_payload.rb

@@ -0,0 +1,4 @@
+module Controls
+  class SiteChangeEventPayload < Dish::Plate
+  end
+end

data/lib/controls/version.rb

@@ -1,4 +1,4 @@
 module Controls
   # The version of the Controls gem
-  VERSION = '1.5.1'
+  VERSION = '1.6.0'
 end

data/spec/controls/client/assessments_spec.rb

@@ -0,0 +1,24 @@
+describe '/api/assessments' do
+  before do
+    login_to_environment
+  end
+
+  context 'GET /api/assessments' do
+    it 'returns a list of assessments' do
+      assessments = Controls.assessments
+
+      expect(assessments).to match_assessment_format
+    end
+  end
+
+  context 'GET /api/assessments/1' do
+    it 'returns a single assessment' do
+      assessment = Controls.assessments(1)
+
+      expect(assessment).to match_assessment_format
+      expect(assessment.id).to eq(1)
+      expect(assessment.assessing?).to be_false
+      expect(assessment.overall_risk_score).to be_within(5.0).of(5.0)
+    end
+  end
+end

data/spec/controls/client/events_spec.rb

@@ -0,0 +1,54 @@
+#describe '/api/events' do
+#  before do
+#    login_to_environment
+#  end
+#
+#  context 'GET /api/events' do
+#    it 'returns a list of events' do
+#      events = Controls.events
+#
+#      expect(events).to match_format(event_format)
+#    end
+#  end
+#
+#  context 'GET /api/events?filter=ProductChangeEvent' do
+#    it 'returns a list of events' do
+#      events = Controls.events filter: 'ProductChangeEvent'
+#
+#      expect(events).to match_format(event_format)
+#      expect(events.map(&:payload)).to match_format(product_change_format)
+#    end
+#  end
+#
+#  context 'GET /api/events?filter=SecurityControlChangeEvent' do
+#    it 'returns a list of events' do
+#      events = Controls.events filter: 'SecurityControlChangeEvent'
+#      expected_payload_format = security_control_change_format
+#
+#      expect(events).to match_format(event_format)
+#      expect(events.map(&:payload)).to match_format(expected_payload_format)
+#
+#      events.map(&:payload).each do |payload|
+#        payload.keys.map(&:to_sym).each do |key|
+#          expect(payload.send(key)).to match_format(expected_payload_format[key].last)
+#        end
+#      end
+#    end
+#  end
+#
+#  context 'GET /api/events?filter=SiteChangeEvent' do
+#    it 'returns a list of events' do
+#      events = Controls.events filter: 'SiteChangeEvent'
+#      expected_payload_format = site_change_format
+#
+#      expect(events).to match_format(event_format)
+#      expect(events.map(&:payload)).to match_format(expected_payload_format)
+#
+#      events.map(&:payload).each do |payload|
+#        payload.keys.map(&:to_sym).each do |key|
+#          expect(payload.send(key)).to match_format(expected_payload_format[key].last)
+#        end
+#      end
+#    end
+#  end
+#end