controls 1.7.6 → 1.7.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e3090d635c0d18a35479c7821930b53e1068ccae
-  data.tar.gz: 68c3be9f61e4e37ded0aaa335f540fe5016e7f78
+  metadata.gz: 3e6a9bd17f0766f610281ebc13747a1ef6ee630c
+  data.tar.gz: 3474dd374d83875e8e17063db12ebdadfcb719fe
 SHA512:
-  metadata.gz: f0bc75c87fd92513706d4864e2b7ddccaa66b9c7aaeaba61cd12ceb2e1d913b168e22d02b173fc2818c1b7726f3798693bf5e00f0c2614fe7d67da296022bf73
-  data.tar.gz: 90f11277cc0112b547aa5db0a8e72b1054fabf391c357aa658bd8624868b29433800f677174fc954895a9e0d91ba6a8ec331316e647bce368dc3d2b717bdccb5
+  metadata.gz: 9a6c8af6d7629a5d7260058f3e79b6cdb2410a9d5037161e58633596972d6eceda82c5b2648c3586c6a6e98aa200c109049f80ea8c751af23b6ba3f44a4cbe23
+  data.tar.gz: 161e19f2e28c9c7cfae24fed1c0bdf94d103911dedbba878887d2868fa738e00372101d449e46d0b81901b3c1a857a62667cd9c6d9d3adab9b14524bf24799dc

data/.travis.yml

@@ -2,7 +2,4 @@ language: ruby
 rvm:
   - 2.1.0
 env:
-  - CONTROLS_API_ENDPOINT="https://controlsinsight.apiary.io/insight/controls/api"
-  - CONTROLS_WEB_ENDPOINT="https://controlsinsight.apiary.io/insight/controls"
-  - CONTROLS_USERNAME="johndoe"
-  - CONTROLS_PASSWORD="Password123!"
+  - CONTROLS_API_ENDPOINT="https://controlsinsight.apiary.io/insight/controls/api" CONTROLS_WEB_ENDPOINT="https://controlsinsight.apiary.io/insight/controls" CONTROLS_USERNAME="johndoe" CONTROLS_PASSWORD="Password123!"

data/README.md

@@ -1,7 +1,7 @@
 # controlsinsight client gem
 [![Build Status](https://travis-ci.org/erran/controls.rb.png?branch=master)](https://travis-ci.org/erran/controls.rb)
 
-The **controls**insight (controls) gem interfaces with [Rapid7's **controls**insight API](http://rapid7.github.io/controlsinsight.rb).
+The controlsinsight (controls) gem interfaces with [Rapid7's controlsinsight API](http://rapid7.github.io/controlsinsight.rb).
 
 ## Installation
 Add this line to your application's Gemfile:
@@ -33,7 +33,7 @@ Controls.api_endpoint = "#{Controls.web_endpoint}/api/1.0"
 # If your endpoint uses a self-signed cert. turn off SSL cert. verification
 Controls.verify_ssl = false
 
-Controls.login :user => 'admin', :password => 'password'
+Controls.login(username: 'admin', password: 'password')
 
 Controls.client.api_methods
 # => [:applicable_assets, :assessments, :asset_search, :assets, :assets_by_configuration, :assets_by_guidance, ..., :uncovered_assets, :undefended_assets, :update_security_controls]
@@ -163,7 +163,7 @@ Controls.threat_vectors('network-borne')
 
 ### Trends
 ```ruby
-# Retrieve a set of statistics over time
+# Retrieve a list of trend points over time
 Controls.threat_trends('overall-malware')
 # => [#<Controls::Trend: grade: 1.1723226070935302, assessment_timestamp: 2013-12-15 10:07:39 -0600, total_assets: 18>,
 #     #<Controls::Trend: grade: 3.2684235618866317, assessment_timestamp: 2014-02-06 17:58:06 -0600, total_assets: 42>]

data/apiary.apib

@@ -2,7 +2,6 @@ FORMAT: 1A
 HOST: https://nexpose.local:3780/insight/controls/api/
 
 # ControlsInsight
-Notes API is a *short texts saving* service similar to its physical paper presence on your table.
 
 # Group Assessments
 ## Assessment Collection [/assessments]
@@ -59,4 +58,4 @@ Notes API is a *short texts saving* service similar to its physical paper presen
             "hostName": "CMMNCTR2K7R2-U",
             "ipaddress": "10.4.19.25"
           }
-        }
+        }

data/lib/controls/client.rb

@@ -97,6 +97,7 @@ module Controls
     def get(path, params = {}, headers = {})
       headers = connection_options[:headers].merge(headers)
       url = URI.escape(File.join(api_endpoint, path))
+      puts url, params, headers
       resp = middleware.get(url, params, headers)
       @_last_request = {
         response: resp,
@@ -107,7 +108,7 @@ module Controls
         fail exception('Invalid content-type error')
       end
 
-      Response.parse(resp.body, path)
+      Response.parse(resp.body, resp.status, path)
     rescue Faraday::Error::ConnectionFailed => e
       if e.message =~ /^SSL_connect/
         warn(*SSL_WARNING)
@@ -135,7 +136,7 @@ module Controls
 
       return resp.status if resp.status == 200
 
-      Response.parse(resp.body, path)
+      Response.parse(resp.body, resp.status, path)
     rescue Faraday::Error::ConnectionFailed => e
       if e.message =~ /^SSL_connect/
         warn(*SSL_WARNING)

data/lib/controls/client/configurations.rb

@@ -7,17 +7,6 @@ module Controls
     module Configurations
       # @!group Configuration Methods
 
-      # @param [String] configuration the name of the configuration to search
-      #   for
-      # @return [Array<Hash>] a list of hashes representing configurations
-      def configurations(configuration = nil)
-        if configuration
-          get "/configurations/#{configuration}"
-        else
-          get "/configurations"
-        end
-      end
-
       # @param [String] control the security control look up configurations for
       # @return [Array<Hash>] a list of hashes representing configurations
       def security_control_configurations(control)

data/lib/controls/client/coverage.rb

@@ -7,7 +7,8 @@ module Controls
     module Coverage
       # Either returns coverage for all security controls or one by name
       #
-      # @param [String] security_control_name the security control to return coverage for
+      # @param [String] security_control_name the security control to return
+      #   coverage for
       # @return [Array<Controls::SecurityControlCoverage>,Controls::SecurityControlCoverage]
       def security_control_coverage(security_control_name = nil)
         if security_control_name
@@ -16,6 +17,19 @@ module Controls
           get '/coverage/security_controls'
         end
       end
+
+      # Either returns coverage for all configurations or one by name
+      #
+      # @param [String] configuration_name the security control to return
+      #   coverage for
+      # @return [Array<Controls::ConfigurationCoverage>,Controls::ConfigurationCoverage]
+      def configuration_coverage(configuration_name = nil)
+        if security_control_name
+          get "/coverage/configurations/#{configuration_name}"
+        else
+          get '/coverage/configurations'
+        end
+      end
     end
   end
 end

data/lib/controls/configurable.rb

@@ -69,7 +69,8 @@ module Controls
 
       self
     end
-    # NOTE: This method currently leaves some "updated defaults" intact
+
+    # [note] - This method currently leaves some "updated defaults" intact
     # alias_method :reset!, :setup
 
     private

data/lib/controls/objects.rb

@@ -1,16 +1,18 @@
 require 'dish'
 require 'controls/ext/dish/plate'
 require 'controls/objects/assessment'
+require 'controls/objects/asset_collection'
 require 'controls/objects/asset'
+require 'controls/objects/configuration'
 require 'controls/objects/error'
 require 'controls/objects/event'
-require 'controls/objects/product_change_event_payload'
-require 'controls/objects/configuration'
 require 'controls/objects/guidance'
-require 'controls/objects/security_control'
+require 'controls/objects/prioritized_guidance'
+require 'controls/objects/product_change_event_payload'
 require 'controls/objects/security_control_change_event_payload'
 require 'controls/objects/security_control_coverage'
+require 'controls/objects/security_control'
 require 'controls/objects/site_change_event_payload'
-require 'controls/objects/threat'
 require 'controls/objects/threat_vector'
+require 'controls/objects/threat'
 require 'controls/objects/trend'

data/lib/controls/objects/asset.rb

@@ -1,12 +1,14 @@
-require 'controls/objects/security_control_finding'
-
 module Controls
   # A representation of the Asset resource
   class Asset < Dish::Plate
     coerce :discoveredAt, ->(value) { Time.at(value / 1000) if value }
 
+    # Retreives the security control and configuration findings for this
+    # {Asset} instance by UUID
+    #
+    # @return [Array<SecurityControlFindings>]
     def findings
-      Controls.client.findings_by_asset_uuid(uuid)
+      @findings ||= Controls.client.findings_by_asset_uuid(uuid)
     end
 
     # Returns the hostname, IP, and OS of the asset
@@ -19,49 +21,4 @@ module Controls
       %(#{host_name} (#{ipaddress}) - #{operating_system})
     end
   end
-
-  # A collection of Asset resources
-  class AssetCollection < Dish::Plate
-    coerce :resources, Asset
-
-    # [todo] - metaprogram any proxy methods?
-    #        - be sure to define method_missing AND respond_to_missing?
-
-    # Acts as a proxy to resources.map
-    #
-    # @yield [resource] gives three resources
-    def map(&block)
-      resources.map(*args, &block)
-    end
-
-    # Acts as a proxy to resources.first
-    #
-    # @return [Controls::Asset]
-    def first
-      resources.first
-    end
-
-    # Acts as a proxy to resources.last
-    #
-    # @return [Controls::Asset] the last asset in the
-    #   {Controls::AssetCollection}
-    def last
-      resources.last
-    end
-
-    # Acts as a proxy to resources.[]
-    #
-    # @param [Fixnum] index the index of the asset to fetch
-    # @return [Controls::Asset] the asset by index
-    def [](index)
-      resources[index]
-    end
-
-    # Returns a comma separated list of IP addresses
-    #
-    # @return [String]
-    def to_s
-      resources.sort_by(&:ipaddress).map(&:to_s).join("\n")
-    end
-  end
 end

data/lib/controls/objects/asset_collection.rb

@@ -0,0 +1,48 @@
+require 'controls/objects/asset'
+
+module Controls
+  # A collection of Asset resources
+  class AssetCollection < Dish::Plate
+    coerce :resources, Asset
+
+    # [todo] - metaprogram any proxy methods?
+    #        - be sure to define method_missing AND respond_to_missing?
+
+    # Acts as a proxy to resources.map
+    #
+    # @yield [resource] gives three resources
+    def map(&block)
+      resources.map(*args, &block)
+    end
+
+    # Acts as a proxy to resources.first
+    #
+    # @return [Controls::Asset]
+    def first
+      resources.first
+    end
+
+    # Acts as a proxy to resources.last
+    #
+    # @return [Controls::Asset] the last asset in the
+    #   {Controls::AssetCollection}
+    def last
+      resources.last
+    end
+
+    # Acts as a proxy to resources.[]
+    #
+    # @param [Fixnum] index the index of the asset to fetch
+    # @return [Controls::Asset] the asset by index
+    def [](index)
+      resources[index]
+    end
+
+    # Returns a comma separated list of IP addresses
+    #
+    # @return [String]
+    def to_s
+      resources.sort_by(&:ipaddress).map(&:to_s).join("\n")
+    end
+  end
+end

data/lib/controls/objects/configuration.rb

@@ -8,12 +8,19 @@ module Controls
     coerce :assessmentTimestamp, ->(value) { Time.at(value / 1000) if value }
     coerce :coverage, Controls::CoverageInformation
 
+    # Allows for comparison with other objects with coverage information
+    #
+    # @return [Fixnum] returns one of the following based on the percent of
+    #   assets that are covered -1 (less than `other`), 0 (equal to `other`),
+    #   or 1 (greater than `other`)
     def <=>(other)
       return unless other.respond_to? :coverage
       coverage.percent_covered <=> other.coverage.percent_covered
     end
 
-    # [review] - define this in Dish?
+    # [review] - shouldn't this be covered by the Dish coercion?
+    # @return [Boolean] true if the method is :coverage otherwise calls
+    #   `Dish::Plate#method_missing`
     def respond_to?(method_name, *)
       if method_name.eql? :coverage
         true

data/lib/controls/objects/configuration_coverage.rb

@@ -0,0 +1,42 @@
+require 'controls/objects/coverage_information'
+
+module Controls
+  # A representation of the Configuration resource with coverage information
+  class ConfigurationCoverage < Dish::Plate
+    include Comparable
+
+    coerce :assessmentTimestamp, ->(value) { Time.at(value / 1000) if value }
+    coerce :coverage, Controls::CoverageInformation
+
+    def <=>(other)
+      return unless other.respond_to? :coverage
+      coverage.percent_covered <=> other.coverage.percent_covered
+    end
+
+    # [review] - define this in Dish?
+    def respond_to?(method_name, *)
+      if method_name.eql? :coverage
+        true
+      else
+        super
+      end
+    end
+
+    def without_coverage
+      Controls::Configuration.new(enabled: enabled, name: name)
+    end
+
+    def without_coverage!
+      @_original_hash.delete_if do |key, _value|
+        not %w[enabled name].include?(key)
+      end
+    end
+
+    # The title of the configuration
+    #
+    # @return [String]
+    def to_s
+      title
+    end
+  end
+end

data/lib/controls/objects/coverage_information.rb

@@ -4,12 +4,19 @@ module Controls
   class CoverageInformation < Dish::Plate
     include Comparable
 
+    # Allows for sorting of objects that have :coverage ({CoverageInformation})
+    #
+    # @return [Fixnum] returns one of the following based on the percent of
+    #   assets that are covered -1 (less than `other`), 0 (equal to `other`),
+    #   or 1 (greater than `other`)
     def <=>(other)
       return unless other.respond_to? :percent_covered
       percent_covered <=> other.percent_covered
     end
 
-    # [review] - define this in Dish?
+    # [review] - shouldn't this be covered by the Dish coercion?
+    # @return [Boolean] true if the method is :percent_covered otherwise calls
+    #   `Dish::Plate#method_missing`
     def respond_to?(method_name, *)
       if method_name.eql? :percent_covered
         true

data/lib/controls/objects/error.rb

@@ -3,14 +3,17 @@ module Controls
   #
   # [review] - subclass Dish::Plate instead of StandardError?
   class Error < StandardError
-    # @!attribute message
-    #   The message related to the error
-    attr_accessor :message
-
-    # @!attribute message
-    #   The status code for the error response
-    attr_accessor :status
-
+    # @!attribute [rw] message
+    #   @return [String] the message related to the error
+    # @!attribute [rw] status
+    #   @return [String] the status code for the error response
+    attr_accessor :message, :status
+
+    # @param [Hash] attributes the key/value pairs to set instance variables
+    #   with
+    # @option :message [String] the error's associated message
+    # @option :status [String] the error's associated status code
+    # @return [self] the {Controls::Error} with the given attributes
     def initialize(attributes = {})
       @__attributes__ = attributes
       @__attributes__.each do |attribute, value|
@@ -18,10 +21,8 @@ module Controls
       end
     end
 
-    def to_h
-      @__attributes__
-    end
-
+    # @return [String] a string representing the error and all of it's
+    #   attributes
     def inspect
       vars = to_h.map do |attribute, value|
         "#{attribute}: #{value}"
@@ -30,12 +31,25 @@ module Controls
       "#<#{self.class}: #{vars.join(', ')}>"
     end
 
+    # @return [String] the JSON representation of the attributes
+    def to_json
+      @__attributes__.to_json
+    end
+
+    # @return [Hash] the attributes used to initialize this error
+    def to_h
+      @__attributes__
+    end
+
+    # @return [String] the error message if available otherwise calls {#inspect}
     def to_s
       @message or inspect
     end
 
     private
 
+    # @!attribute [r] message
+    #   @return [String] the message related to the error
     attr_reader :__attributes__
   end
 end

data/lib/controls/objects/guidance.rb

@@ -1,22 +1,20 @@
 module Controls
-  Guidance = Class.new(Dish::Plate)
-  Guidance::Section = Class.new(Dish::Plate)
-  Guidance::Reference = Class.new(Dish::Plate) do
-    private
-    def _allowed_keys
-      %w[url]
-    end
-  end
+  # An object to represent the guidance resource returned by the
+  # ControlsInsight API
+  class Guidance < Dish::Plate
+    # [review] - Is there another way to ensure a proper subclass setup?
+    require 'controls/objects/guidance/reference'
+
+    # A {Controls::Guidance} instance includes HTML markup in a sections list
+    Section = Class.new(Dish::Plate)
 
-  class Guidance
     coerce :assessmentTimestamp, ->(value) { Time.at(value / 1000) if value }
     coerce :references, Reference
     coerce :sections, Section
 
+    # @return [String] the title of the guidance
     def to_s
       title
     end
   end
-
-  PrioritizedGuidance = Class.new(Guidance)
 end

data/lib/controls/objects/guidance/reference.rb

@@ -0,0 +1,17 @@
+require 'controls/objects/guidance'
+
+module Controls
+  class Guidance
+    # A object that represents the reference resource of a {Controls::Guidance}
+    class Reference < Dish::Plate
+      private
+
+      # Ensures that calling url wouldn't raise a KeyError when {nil}
+      #
+      # @return [Array] the keys that are allowed to be {nil}
+      def _allowed_keys
+        %w[url]
+      end
+    end
+  end
+end

data/lib/controls/objects/prioritized_guidance.rb

@@ -0,0 +1,8 @@
+require 'controls/objects/guidance'
+
+module Controls
+  # A guidance subclass for when guidance is returned with priority.
+  #
+  # [todo] - this should include Comparable
+  PrioritizedGuidance = Class.new(Guidance)
+end

data/lib/controls/objects/security_control.rb

@@ -1,5 +1,8 @@
 module Controls
+  # An object to represent the security control resource (without coverage)
+  # returned by the ControlsInsight API
   class SecurityControl < Dish::Plate
+    # @return [String] the name of the security control
     def to_s
       name
     end

data/lib/controls/objects/security_control_coverage.rb

@@ -1,19 +1,26 @@
 require 'controls/objects/coverage_information'
 
 module Controls
+  # A representation of the SecuritControl resource with coverage information
   class SecurityControlCoverage < Dish::Plate
     include Comparable
 
-
     coerce :assessmentTimestamp, ->(value) { Time.at(value / 1000) if value }
     coerce :coverage, Controls::CoverageInformation
 
+    # Allows for comparison with other objects with coverage information
+    #
+    # @return [Fixnum] returns one of the following based on the percent of
+    #   assets that are covered -1 (less than `other`), 0 (equal to `other`),
+    #   or 1 (greater than `other`)
     def <=>(other)
       return unless other.respond_to? :coverage
       coverage.percent_covered <=> other.coverage.percent_covered
     end
 
-    # [review] - define this in Dish?
+    # [review] - shouldn't this be covered by the Dish coercion?
+    # @return [Boolean] true if the method is :coverage otherwise calls
+    #   `Dish::Plate#method_missing`
     def respond_to?(method_name, *)
       if method_name.eql? :coverage
         true
@@ -22,16 +29,27 @@ module Controls
       end
     end
 
+    # Converts the object into a {Controls::SecurityControl} by name and
+    # whether it is enabled/disabled
+    #
+    # @return {Controls::SecurityControl}
     def without_coverage
       Controls::SecurityControl.new(enabled: enabled, name: name)
     end
 
+    # Removes the coverage from the {SecurityControlCoverage} object, making it
+    # equivalent to a {SecurityControl} in terms of duck-typing
+    #
+    # @return {Controls::SecurityControl}
     def without_coverage!
       @_original_hash.delete_if do |key, _value|
         not %w[enabled name].include?(key)
       end
     end
 
+    # The title of the security control
+    #
+    # @return [String]
     def to_s
       title
     end

data/lib/controls/objects/security_control_finding.rb

@@ -1,10 +1,13 @@
 require 'controls/objects/configuration_finding'
 
 module Controls
+  # An object to represent the highest level of the finding API resources
   class SecurityControlFinding < Dish::Plate
     coerce :assessmentTimestamp, ->(value) { Time.at(value / 1000) if value }
     coerce :findings, Controls::ConfigurationFinding
 
+    # @return [String] a representation of the findings prefixed with the
+    #   collection name
     def to_s
       "#{name}: #{findings.map { |finding| "\n  #{finding}"  }.join}"
     end

data/lib/controls/objects/threat.rb

@@ -1,7 +1,9 @@
 module Controls
+  # A representation of the threat API resource
   class Threat < Dish::Plate
     coerce :assessmentTimestamp, ->(value) { Time.at(value / 1000) if value }
 
+    # @return [String] the title of the threat
     def to_s
       title
     end

data/lib/controls/objects/threat_vector.rb

@@ -1,7 +1,9 @@
 module Controls
+  # A representation of the threat vector API resource
   class ThreatVector < Dish::Plate
     coerce :assessmentTimestamp, ->(value) { Time.at(value / 1000) if value }
 
+    # @return [String] the title of the threat vector
     def to_s
       title
     end

data/lib/controls/objects/trend.rb

@@ -1,7 +1,9 @@
 module Controls
+  # A object to represent the
   class Trend < Dish::Plate
     coerce :assessmentTimestamp, ->(value) { Time.at(value / 1000) if value }
 
+    # @return [String] the grade of the trend
     def to_s
       format('%05.2f', grade)
     end

data/lib/controls/response.rb

@@ -7,11 +7,11 @@ module Controls
 
     # Returns the parsed JSON response after marshaling through Dish
     #
-    # @param [String] obj the JSON object to parse
+    # @param [String] response_body the JSON object to parse
     # @param [String] path the requested API endpoint's path
     # @return [Dish::Plate,Object] a marshaled representation of the JSON response
-    def parse(obj, path = nil)
-      hash_or_array = JSON.parse(obj)
+    def parse(response_body, response_status = nil, path = nil)
+      hash_or_array = JSON.parse(response_body)
 
       if hash_or_array.is_a?(Hash) && hash_or_array.key?('message') && hash_or_array.key?('documentationUrl')
         type = Controls::Error
@@ -41,6 +41,13 @@ module Controls
         end
 
       Dish(hash_or_array, type)
+    rescue JSON::ParserError
+      opts = { message: 'An error occurred', status: response_status }
+      opts.delete_if do |_, value|
+        value.nil?
+      end
+
+      Controls::Error.new(opts)
     end
   end
 end

data/lib/controls/version.rb

@@ -1,4 +1,4 @@
 module Controls
   # The version of the Controls gem
-  VERSION = '1.7.6'
+  VERSION = '1.7.7'
 end

data/spec/controls/client/assessments_spec.rb

@@ -10,6 +10,7 @@ describe '/api/assessments' do
       assessments = Controls.assessments
 
       assessments.each do |assessment|
+        expect(assessment).to be_kind_of(Controls::Assessment)
         expect(assessment).to match_assessment_format
       end
     end
@@ -19,6 +20,7 @@ describe '/api/assessments' do
     it 'returns a single assessment' do
       assessment = Controls.assessments(1)
 
+      expect(assessment).to be_kind_of(Controls::Assessment)
       expect(assessment).to match_assessment_format
       expect(assessment.id).to eq(1)
       expect(assessment.assessing?).to be_false

data/spec/controls/client/assets_spec.rb

@@ -30,18 +30,20 @@ describe '/api/assets' do
     end
 
     it 'returns a 400 Bad Request on a bad page.sort parameter' do
-      asset_collection = expect {
-        Controls.assets(
-          'page.sort' => 'asdfghjkl;'
-        )
-      }.not_to raise_error, "expected: 200 OK\ngot: 500 Internal Server Error"
-      expect(asset_collection).to be_kind_of(Controls::Error)
+      error = Controls.assets(
+        'page.sort' => 'asdfghjkl'
+      )
+
+      expect(error).to be_kind_of(Controls::Error)
+      expect(error.status).to eq('400')
+      expect(error.message).to eq('Invalid sort parameter: asdfghjkl: ASC')
     end
   end
 
   context 'GET /api/assets/search?query=Windows' do
     it 'returns only assets with Windows assets' do
       asset_collection = Controls.asset_search('Windows')
+      expect(asset_collection).not_to be_kind_of(Controls::Error)
       expect(asset_collection).to be_kind_of(Controls::AssetCollection)
 
       asset_collection.resources.map(&:operating_system).each do |operating_system|
@@ -49,4 +51,43 @@ describe '/api/assets' do
       end
     end
   end
+
+  context 'GET /api/guidance/enable-email-attachment-filtering/applicable_assets' do
+    it 'returns a 400 Bad Request on a bad page.sort parameter' do
+      error = Controls.applicable_assets(
+        'enable-email-attachment-filtering',
+        'page.sort' => 'asdfghjkl'
+      )
+
+      expect(error).to be_kind_of(Controls::Error)
+      expect(error.status).to eq('400')
+      expect(error.message).to eq('Invalid sort parameter: asdfghjkl: ASC')
+    end
+  end
+
+  context 'GET /api/security_control/desktops-with-antivirus-deployed/uncovered_assets' do
+    it 'returns a 400 Bad Request on a bad page.sort parameter' do
+      error = Controls.uncovered_assets(
+        'desktops-with-antivirus-deployed',
+        'page.sort' => 'asdfghjkl'
+      )
+
+      expect(error).to be_kind_of(Controls::Error)
+      expect(error.message).to eq('Invalid sort parameter: asdfghjkl: ASC')
+      expect(error.status).to eq('400')
+    end
+  end
+
+  context 'GET /api/threat_vectors/network-borne/undefended_assets' do
+    it 'returns a 400 Bad Request on a bad page.sort parameter' do
+      error = Controls.undefended_assets(
+        'network-borne',
+        'page.sort' => 'asdfghjkl'
+      )
+
+      expect(error).to be_kind_of(Controls::Error)
+      expect(error.message).to eq('Invalid sort parameter: asdfghjkl: ASC')
+      expect(error.status).to eq('400')
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: controls
 version: !ruby/object:Gem::Version
-  version: 1.7.6
+  version: 1.7.7
 platform: ruby
 authors:
 - Erran Carey
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-15 00:00:00.000000000 Z
+date: 2014-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dish
@@ -118,12 +118,16 @@ files:
 - lib/controls/objects.rb
 - lib/controls/objects/assessment.rb
 - lib/controls/objects/asset.rb
+- lib/controls/objects/asset_collection.rb
 - lib/controls/objects/configuration.rb
+- lib/controls/objects/configuration_coverage.rb
 - lib/controls/objects/configuration_finding.rb
 - lib/controls/objects/coverage_information.rb
 - lib/controls/objects/error.rb
 - lib/controls/objects/event.rb
 - lib/controls/objects/guidance.rb
+- lib/controls/objects/guidance/reference.rb
+- lib/controls/objects/prioritized_guidance.rb
 - lib/controls/objects/product_change_event_payload.rb
 - lib/controls/objects/security_control.rb
 - lib/controls/objects/security_control_change_event_payload.rb