controls 1.7.4 → 1.7.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 065fa99a2640d1220a1ff42cc3e5cce250bb4b50
-  data.tar.gz: 54b996ced517d7709a9a0462e7407bc39e31c379
+  metadata.gz: 6c245dec5cdf4115335c576ae0019c5f7a25835e
+  data.tar.gz: 38bbd0e485cc4713699eb4b6749192596b0a7f73
 SHA512:
-  metadata.gz: 674bcfba75b727fac6740e128171ea14603855725bf1f5e7c8d3fce2abf67d3924fc54ef2e9d084e6e9d84751340e9112f13390c378ebeb1b32aab8fcaba3208
-  data.tar.gz: d0d18bd18e12f54ab6f32cca5c8726da967d255202905e4c668080dbafca77a0d95d05de93dd8c219f7d28329f12fdb84029fbdf6c12049172e0df595ee807ab
+  metadata.gz: 79b1f36d95c8832c9f51fa9a6947a39d50bbf1e3fef4b4fda3c8f38988a90ede0abe35e49f1d6ce3fbe8d92df8ceb2e3bb94a4e77a0634964fa9c48a6862604c
+  data.tar.gz: a7534a3fccc7a0ffee58b73a510a17809afccb12c89d37b8c3e251bfb0e1efdef986d8396395203a17085a74aba6b360d3684b06ede233e4c28e69e2d4b7e18c

data/.travis.yml

@@ -3,3 +3,6 @@ rvm:
   - 2.1.0
 env:
   - CONTROLS_API_ENDPOINT="https://controlsinsight.apiary.io/insight/controls/api"
+  - CONTROLS_WEB_ENDPOINT="https://controlsinsight.apiary.io/insight/controls"
+  - CONTROLS_USERNAME="johndoe"
+  - CONTROLS_PASSWORD="Password123!"

data/apiary.apib

@@ -8,25 +8,6 @@ Notes API is a *short texts saving* service similar to its physical paper presen
 ## Assessment Collection [/assessments]
 ### Assessments [GET]
 
-+ Response 200 (application/json)
-
-            {
-              "id": 1,
-              "assessing": false,
-              "highRiskAssetCount": 0,
-              "mediumRiskAssetCount": 24,
-              "lowRiskAssetCount": 0,
-              "totalAssetCount": 24,
-              "overallRiskScore": 4.004146038088617,
-              "timestamp": 1393184605912
-            }
-
-## Assessment [/assessments/{assessment_id}]
-### Assessment by ID [GET]
-
-+ Parameters
-    + assessment_id (optional, integer, `1`) ... The ID of the assessment to retreive.
-
 + Response 200 (application/json)
 
             [
@@ -42,6 +23,25 @@ Notes API is a *short texts saving* service similar to its physical paper presen
                 }
             ]
 
+## Assessment [/assessments/{assessment_id}]
+### Assessment by ID [GET]
+
++ Parameters
+    + assessment_id (optional, integer, `1`) ... The ID of the assessment to retreive.
+
++ Response 200 (application/json)
+
+            {
+              "id": 1,
+              "assessing": false,
+              "highRiskAssetCount": 0,
+              "mediumRiskAssetCount": 24,
+              "lowRiskAssetCount": 0,
+              "totalAssetCount": 24,
+              "overallRiskScore": 4.004146038088617,
+              "timestamp": 1393184605912
+            }
+
 # Group Search
 ## Assets [/assets/search?query={query}]
 ### Asset Search [GET]
@@ -51,12 +51,12 @@ Notes API is a *short texts saving* service similar to its physical paper presen
 
 + Response 200 (application/json)
 
-        [
-          {
+        {
+          "resources": {
             "uuid": "db899a57-347c-4df9-9ce2-6932dc4adf38>",
             "riskScore": 5.554266115196547,
             "riskLevel": "MEDIUM",
             "hostName": "CMMNCTR2K7R2-U",
             "ipaddress": "10.4.19.25"
           }
-        ]
+        }

data/lib/controls/client.rb

@@ -121,6 +121,7 @@ module Controls
     # @return [Array,Hash] an array or hash of parsed JSON data
     def put(path, body = {}, headers = {}, &block)
       headers = connection_options[:headers].merge(headers)
+      headers['content-type'] = 'application/json'
       url = URI.escape(File.join(api_endpoint, path))
       resp = middleware.put(url, body, headers, &block)
       @_last_request = {
@@ -132,7 +133,7 @@ module Controls
         fail exception('Invalid content-type error')
       end
 
-      Response.parse(resp.body, path)
+      resp.status
     rescue Faraday::Error::ConnectionFailed => e
       if e.message =~ /^SSL_connect/
         warn(*SSL_WARNING)

data/lib/controls/client/security_controls.rb

@@ -36,9 +36,10 @@ module Controls
       # @param [Array[Hash{String=>String,Boolean}]] controls a list of controls to update
       # @return [void]
       def update_security_controls(controls)
-        # [review] - this style is a discouraged for Arrays, but we want to treat controls as an Array of Hashes
-        if controls.is_a? Array
+        if controls.kind_of? Array
           put '/security_controls', controls.to_json
+        elsif controls.is_a? Controls::SecurityControl
+          put "/security_controls/#{controls.name}", controls.to_json
         elsif controls.is_a? Hash
           put "/security_controls/#{controls['name']}", controls.to_json
         end

data/lib/controls/version.rb

@@ -1,4 +1,4 @@
 module Controls
   # The version of the Controls gem
-  VERSION = '1.7.4'
+  VERSION = '1.7.5'
 end

data/spec/controls/client/assessments_spec.rb

@@ -1,3 +1,5 @@
+require_relative '../../spec_helper'
+
 describe '/api/assessments' do
   before do
     login_to_environment

data/spec/controls/client/assets_spec.rb

@@ -0,0 +1,52 @@
+require_relative '../../spec_helper.rb'
+
+describe '/api/assets' do
+  before do
+    login_to_environment
+  end
+
+  context 'GET /api/assets' do
+    it 'returns a paginated asset collection' do
+      assets = Controls.assets
+
+      expect(assets).to be_kind_of(Controls::AssetCollection)
+    end
+
+    it 'respects pageable parameters' do
+      asset_collection = Controls.assets(
+        'page.sort' => 'os',
+        'page.size' => 20,
+        'page.sort.dir' => 'DESC'
+      )
+      expect(asset_collection).to be_kind_of(Controls::AssetCollection)
+
+      sort = asset_collection.sort.first
+      expect(sort.ascending?).to be_false
+      expect(sort.direction).to eq('DESC')
+      expect(sort.property).to eq('os')
+
+      operating_systems = asset_collection.resources.map(&:operating_system)
+      expect(operating_systems).to eq(operating_systems.sort.reverse)
+    end
+
+    it 'returns a 400 Bad Request on a bad page.sort parameter' do
+      asset_collection = expect {
+        Controls.assets(
+          'page.sort' => 'asdfghjkl;'
+        )
+      }.not_to raise_error, "expected: 200 OK\ngot: 500 Internal Server Error"
+      expect(asset_collection).to be_kind_of(Controls::Error)
+    end
+  end
+
+  context 'GET /api/assets/search?query=Windows' do
+    it 'returns only assets with Windows assets' do
+      asset_collection = Controls.asset_search('Windows')
+      expect(asset_collection).to be_kind_of(Controls::AssetCollection)
+
+      asset_collection.resources.map(&:operating_system).each do |operating_system|
+        expect(operating_system).to match(/^windows/i)
+      end
+    end
+  end
+end

data/spec/controls/client/security_controls_spec.rb

@@ -0,0 +1,29 @@
+require_relative '../../spec_helper.rb'
+
+describe '/api/security_controls' do
+  before do
+    login_to_environment
+  end
+
+  context 'GET /api/security_controls' do
+    it 'returns a list of security controls' do
+      security_controls = Controls.security_controls
+
+      security_controls.each do |security_control|
+        enabled_is_boolean = [TrueClass, FalseClass].include?(security_control.enabled.class)
+        expect(enabled_is_boolean).to be_true
+      end
+    end
+  end
+
+  context 'GET /api/security_controls/desktops-with-antivirus-deployed' do
+    it 'returns a single security control' do
+      security_control = Controls.security_controls('desktops-with-antivirus-deployed')
+
+      expect(security_control.name).to eq('desktops-with-antivirus-deployed')
+
+      enabled_is_boolean = [TrueClass, FalseClass].include?(security_control.enabled.class)
+      expect(enabled_is_boolean).to be_true
+    end
+  end
+end

data/spec/matchers.rb

@@ -3,19 +3,20 @@ require 'rspec/expectations'
 # Assessment Matchers
 RSpec::Matchers.define :match_assessment_format do
   match do |resource|
-    # Reverses the coercion
     [
       resource.high_risk_asset_count,
       resource.id,
       resource.low_risk_asset_count,
       resource.medium_risk_asset_count,
-      resource.timestamp.to_i,
+      resource.timestamp.to_i, # Reverses the coercion
       resource.total_asset_count
     ].each do |attribute|
       expect(attribute.class).to eq(Fixnum)
     end
 
-    expect([TrueClass, FalseClass].include?(resource.assessing.class)).to be_true
-    expect([Float].include?(resource.overall_risk_score.class)).to be_true
+    assessing_is_boolean = [TrueClass, FalseClass].include?(resource.assessing.class)
+    risk_score_is_float = [Float].include?(resource.overall_risk_score.class)
+    expect(assessing_is_boolean).to be_true
+    expect(risk_score_is_float).to be_true
   end
 end

data/spec/spec_helper.rb

@@ -5,6 +5,8 @@ module SpecHelpers
   def login_to_environment
     # Allow self-signed certs in continuous integration
     Controls.verify_ssl = false
+    Controls.api_endpoint = ENV['CONTROLS_API_ENDPOINT']
+    Controls.web_endpoint = ENV['CONTROLS_WEB_ENDPOINT']
     Controls.login(ENV['CONTROLS_USERNAME'], ENV['CONTROLS_PASSWORD'])
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: controls
 version: !ruby/object:Gem::Version
-  version: 1.7.4
+  version: 1.7.5
 platform: ruby
 authors:
 - Erran Carey
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-25 00:00:00.000000000 Z
+date: 2014-04-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dish
@@ -136,6 +136,8 @@ files:
 - lib/controls/response.rb
 - lib/controls/version.rb
 - spec/controls/client/assessments_spec.rb
+- spec/controls/client/assets_spec.rb
+- spec/controls/client/security_controls_spec.rb
 - spec/matchers.rb
 - spec/spec_helper.rb
 homepage: ''
@@ -164,6 +166,8 @@ specification_version: 4
 summary: This gem interfaces to Rapid7's **controls**insight API.
 test_files:
 - spec/controls/client/assessments_spec.rb
+- spec/controls/client/assets_spec.rb
+- spec/controls/client/security_controls_spec.rb
 - spec/matchers.rb
 - spec/spec_helper.rb
 has_rdoc: