deepsecurity 0.0.19 → 0.0.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.md +15 -0
- data/Gemfile +5 -0
- data/bin/dsc +4 -61
- data/deepsecurity.gemspec +7 -2
- data/dsc.md +20 -18
- data/lib/deepsecurity.rb +11 -12
- data/lib/deepsecurity/manager.rb +55 -122
- data/lib/deepsecurity/soap_interface.rb +57 -0
- data/lib/deepsecurity/transport_object.rb +5 -1
- data/lib/deepsecurity/transport_objects/anti_malware_event.rb +26 -17
- data/lib/deepsecurity/transport_objects/host.rb +45 -36
- data/lib/deepsecurity/transport_objects/host_detail.rb +17 -45
- data/lib/deepsecurity/transport_objects/host_filter.rb +4 -4
- data/lib/deepsecurity/transport_objects/host_group.rb +38 -29
- data/lib/deepsecurity/transport_objects/id_filter.rb +3 -3
- data/lib/deepsecurity/transport_objects/system_event.rb +1 -1
- data/lib/deepsecurity/transport_objects/time_filter.rb +2 -2
- data/lib/deepsecurity/version.rb +1 -1
- data/lib/dsc/anti_malware_event_command.rb +54 -11
- data/lib/dsc/command.rb +388 -72
- data/lib/dsc/host_detail_command.rb +56 -6
- data/lib/savon_helper.rb +30 -1
- data/lib/savon_helper/caching_object.rb +50 -13
- data/lib/savon_helper/dsl.rb +286 -0
- data/lib/savon_helper/mapping_object.rb +89 -339
- data/lib/savon_helper/soap_interface.rb +77 -0
- data/lib/savon_helper/type_mappings.rb +270 -143
- metadata +8 -6
- data/lib/deepsecurity/ds_object.rb +0 -37
@@ -0,0 +1,57 @@
|
|
1
|
+
# @author Udo Schneider <Udo.Schneider@homeaddress.de>
|
2
|
+
|
3
|
+
module DeepSecurity
|
4
|
+
|
5
|
+
class SOAPInterface < SavonHelper::SOAPInterface
|
6
|
+
|
7
|
+
attr_accessor :manager
|
8
|
+
|
9
|
+
# Obtain a new wrapper around the DeepSecurity Manager SOAP API.
|
10
|
+
def initialize(hostname, port=4119, logger, log_level)
|
11
|
+
@hostname = hostname
|
12
|
+
@port = port
|
13
|
+
super("https://#{hostname}:#{port}/webservice/Manager?WSDL",
|
14
|
+
logger,
|
15
|
+
log_level,
|
16
|
+
{:convert_request_keys_to => :none, # or one of [:lower_camelcase, :upcase, :none]
|
17
|
+
:ssl_verify_mode => :none})
|
18
|
+
|
19
|
+
end
|
20
|
+
|
21
|
+
# @!group Request Helper
|
22
|
+
|
23
|
+
# Send an authenticated WebUI Request to the Server for URL +url and return the response body
|
24
|
+
def send_authenticated_http_get(path, sID)
|
25
|
+
logger.debug { "#{self.class}\##{__method__}(#{path.inspect})" }
|
26
|
+
url = "https://#{@hostname}:#{@port}#{path}"
|
27
|
+
request = HTTPI::Request.new(url)
|
28
|
+
request.auth.ssl.verify_mode = :none
|
29
|
+
request.headers = {
|
30
|
+
"Cookie" => "sID=#{sID}"
|
31
|
+
}
|
32
|
+
request.gzip
|
33
|
+
response = HTTPI.get request
|
34
|
+
response.body
|
35
|
+
end
|
36
|
+
|
37
|
+
# Send an authenticated WebUI Request to the Server for URL +url and return the response body
|
38
|
+
def send_authenticated_http_post(path, body, sID)
|
39
|
+
logger.debug { "#{self.class}\##{__method__}(#{path.inspect})" }
|
40
|
+
url = "https://#{@hostname}:#{@port}#{path}"
|
41
|
+
request = HTTPI::Request.new(url)
|
42
|
+
request.auth.ssl.verify_mode = :none
|
43
|
+
request.headers = {
|
44
|
+
"Cookie" => "sID=#{sID}",
|
45
|
+
"Content-Type" => "application/x-www-form-urlencoded"
|
46
|
+
}
|
47
|
+
request.gzip
|
48
|
+
request.body = body
|
49
|
+
response = HTTPI.post request
|
50
|
+
response.body
|
51
|
+
end
|
52
|
+
|
53
|
+
# @!endgroup
|
54
|
+
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
@@ -14,7 +14,11 @@ module DeepSecurity
|
|
14
14
|
# @note
|
15
15
|
# It defines it's own DSL to specify attributes, caching and operation. This allows you to completely hide the
|
16
16
|
# type-conversion needed by Savon behind a regular Ruby object.
|
17
|
-
class TransportObject <
|
17
|
+
class TransportObject < SavonHelper::CachingObject
|
18
|
+
|
19
|
+
def manager
|
20
|
+
interface.manager
|
21
|
+
end
|
18
22
|
|
19
23
|
end
|
20
24
|
|
@@ -48,33 +48,42 @@ module DeepSecurity
|
|
48
48
|
attr_integer_accessor :scan_action2
|
49
49
|
attr_string_accessor :summary_scan_result
|
50
50
|
|
51
|
-
|
52
51
|
hint_object_accessor :host,
|
53
|
-
|
54
|
-
|
52
|
+
Host,
|
53
|
+
'The host this event corresponds to'
|
54
|
+
|
55
|
+
|
56
|
+
# cache_by_aspect :anti_malware_event_id
|
57
|
+
|
58
|
+
# @!group High-Level SOAP Wrapper
|
59
|
+
|
60
|
+
def host
|
61
|
+
manager.host(host_id)
|
62
|
+
end
|
55
63
|
|
64
|
+
# @!endgroup
|
65
|
+
|
66
|
+
end
|
56
67
|
|
57
|
-
|
68
|
+
class Manager
|
58
69
|
|
59
70
|
# @!group High-Level SOAP Wrapper
|
60
71
|
|
61
72
|
# Return all AntiMalware events matching the filter
|
62
|
-
# @param [TimeFilter]
|
63
|
-
# @param [HostFilter]
|
64
|
-
# @param [IDFilter]
|
73
|
+
# @param time_filter [TimeFilter]
|
74
|
+
# @param host_filter [HostFilter]
|
75
|
+
# @param event_id_filter [IDFilter]
|
65
76
|
# @return [Array<AntiMalwareEvent>]
|
66
|
-
def
|
67
|
-
|
77
|
+
def anti_malware_events_by_time_host_event(time_filter, host_filter, event_id_filter)
|
78
|
+
interface.antiMalwareEventRetrieve(time_filter, host_filter, event_id_filter)
|
68
79
|
end
|
69
80
|
|
70
|
-
def host
|
71
|
-
Host.find(host_id)
|
72
|
-
end
|
73
81
|
# @!endgroup
|
74
82
|
|
83
|
+
|
75
84
|
end
|
76
85
|
|
77
|
-
class
|
86
|
+
class SOAPInterface
|
78
87
|
|
79
88
|
# @!group Low-Level SOAP Wrapper
|
80
89
|
|
@@ -91,11 +100,11 @@ module DeepSecurity
|
|
91
100
|
#
|
92
101
|
# RETURNS
|
93
102
|
# AntiMalwareEventListTransport object.
|
94
|
-
def antiMalwareEventRetrieve(timeFilter, hostFilter, eventIdFilter, sID =
|
103
|
+
def antiMalwareEventRetrieve(timeFilter, hostFilter, eventIdFilter, sID = manager.sID)
|
95
104
|
request_array(:anti_malware_event_retrieve, AntiMalwareEvent, :anti_malware_events,
|
96
|
-
:timeFilter => timeFilter.
|
97
|
-
:hostFilter => hostFilter.
|
98
|
-
:eventIdFilter => eventIdFilter.
|
105
|
+
:timeFilter => timeFilter.to_savon,
|
106
|
+
:hostFilter => hostFilter.to_savon,
|
107
|
+
:eventIdFilter => eventIdFilter.to_savon,
|
99
108
|
:sID => sID)
|
100
109
|
end
|
101
110
|
|
@@ -79,34 +79,60 @@ module DeepSecurity
|
|
79
79
|
|
80
80
|
# @!group High-Level SOAP Wrapper
|
81
81
|
|
82
|
+
def host_group
|
83
|
+
manager.host_group(host_group_id)
|
84
|
+
end
|
85
|
+
|
86
|
+
#@!endgroup
|
87
|
+
end
|
88
|
+
|
89
|
+
class Manager
|
90
|
+
|
91
|
+
# @!group High-Level SOAP Wrapper
|
92
|
+
|
82
93
|
# Retrieves Hosts.
|
83
94
|
# @return [Array<Host>]
|
84
|
-
def
|
85
|
-
|
95
|
+
def hosts()
|
96
|
+
cache.fetch(Host.cache_key(:all, :all)) do
|
97
|
+
interface.hostRetrieveAll()
|
98
|
+
end
|
86
99
|
end
|
87
100
|
|
88
101
|
# Retrieves a Host by ID.
|
89
|
-
# @param [Integer]
|
102
|
+
# @param id [Integer] Host ID
|
90
103
|
# @return [Host]
|
91
|
-
def
|
92
|
-
|
104
|
+
def host(id)
|
105
|
+
cache.fetch(Host.cache_key(:id, id)) do
|
106
|
+
interface.hostRetrieve(id)
|
107
|
+
end
|
93
108
|
end
|
94
109
|
|
95
110
|
# Retrieves a Host by name.
|
96
|
-
# @param [String] hostname
|
111
|
+
# @param hostname [String] hostname
|
97
112
|
# @return [Host]
|
98
|
-
def
|
99
|
-
|
113
|
+
def host_by_name(hostname)
|
114
|
+
cache.fetch(Host.cache_key(:name, hostname)) do
|
115
|
+
interface.hostRetrieveByName(hostname)
|
116
|
+
end
|
100
117
|
end
|
101
118
|
|
102
|
-
|
103
|
-
|
119
|
+
#@!endgroup
|
120
|
+
|
121
|
+
# @!group Low-Level Screenscraping Wrapper
|
122
|
+
|
123
|
+
def security_profile
|
124
|
+
Manager.current.security_progile(@security_profile_id)
|
104
125
|
end
|
105
126
|
|
106
|
-
|
127
|
+
def dpi_rule_identifiers_for_host(id, argument)
|
128
|
+
payload_filters2_show_rules(id, argument)
|
129
|
+
payload_filters2(:hostID => id, :arguments => argument).map { |hash| hash[:name].split(' ').first }
|
130
|
+
end
|
131
|
+
# @!endgroup
|
132
|
+
|
107
133
|
end
|
108
134
|
|
109
|
-
class
|
135
|
+
class SOAPInterface
|
110
136
|
|
111
137
|
# @!group Low-Level SOAP Wrapper
|
112
138
|
|
@@ -120,11 +146,9 @@ module DeepSecurity
|
|
120
146
|
#
|
121
147
|
# RETURNS
|
122
148
|
# HostTransport object array.
|
123
|
-
def hostRetrieveAll(sID =
|
124
|
-
|
125
|
-
|
126
|
-
:sID => sID)
|
127
|
-
end
|
149
|
+
def hostRetrieveAll(sID = manager.sID)
|
150
|
+
request_array(:host_retrieve_all, Host, nil,
|
151
|
+
:sID => sID)
|
128
152
|
end
|
129
153
|
|
130
154
|
# Retrieves a Host by ID.
|
@@ -138,10 +162,8 @@ module DeepSecurity
|
|
138
162
|
#
|
139
163
|
# RETURNS
|
140
164
|
# HostTransport object.
|
141
|
-
def hostRetrieve(id, sID =
|
142
|
-
|
143
|
-
request_object(:host_retrieve, Host, :id => id, :sID => sID)
|
144
|
-
end
|
165
|
+
def hostRetrieve(id, sID = manager.sID)
|
166
|
+
request_object(:host_retrieve, Host, :id => id, :sID => sID)
|
145
167
|
end
|
146
168
|
|
147
169
|
# Retrieves a Host by name.
|
@@ -155,25 +177,12 @@ module DeepSecurity
|
|
155
177
|
#
|
156
178
|
# RETURNS
|
157
179
|
# HostTransport object.
|
158
|
-
def hostRetrieveByName(hostname, sID =
|
159
|
-
|
160
|
-
request_object(:host_retrieve_by_name, Host, :hostname => hostname, :sID => sID)
|
161
|
-
end
|
180
|
+
def hostRetrieveByName(hostname, sID = manager.sID)
|
181
|
+
request_object(:host_retrieve_by_name, Host, :hostname => hostname, :sID => sID)
|
162
182
|
end
|
163
183
|
|
164
184
|
# @!endgroup
|
165
185
|
|
166
|
-
# @!group Low-Level Screenscraping Wrapper
|
167
|
-
|
168
|
-
def security_profile
|
169
|
-
Manager.current.security_progile(@security_profile_id)
|
170
|
-
end
|
171
|
-
|
172
|
-
def dpi_rule_identifiers_for_host(id, argument)
|
173
|
-
payload_filters2_show_rules(id, argument)
|
174
|
-
payload_filters2(:hostID => id, :arguments => argument).map { |hash| hash[:name].split(' ').first }
|
175
|
-
end
|
176
|
-
# @!endgroup
|
177
186
|
|
178
187
|
end
|
179
188
|
|
@@ -4,33 +4,6 @@ module DeepSecurity
|
|
4
4
|
# merging states of potentially multiple endpoints (i.e., Agent + Appliance).
|
5
5
|
class HostDetail < Host
|
6
6
|
|
7
|
-
|
8
|
-
attr_integer_accessor :id
|
9
|
-
attr_string_accessor :name
|
10
|
-
attr_string_accessor :description
|
11
|
-
|
12
|
-
attr_string_accessor :display_name,
|
13
|
-
'Computer display name'
|
14
|
-
attr_boolean_accessor :external,
|
15
|
-
'Administrative external boolean for integration purposes.'
|
16
|
-
attr_string_accessor :external_id,
|
17
|
-
'Administrative external ID for integration purposes.'
|
18
|
-
attr_integer_accessor :host_group_id,
|
19
|
-
'Assigned HostGroupTransport ID'
|
20
|
-
attr_enum_accessor :host_type,
|
21
|
-
EnumHostType,
|
22
|
-
'Assigned host type'
|
23
|
-
attr_string_accessor :platform,
|
24
|
-
'Computer platform'
|
25
|
-
attr_integer_accessor :security_profile_id,
|
26
|
-
'Assigned SecurityProfileTransport ID'
|
27
|
-
|
28
|
-
hint_object_accessor :host_group,
|
29
|
-
HostGroup,
|
30
|
-
'The host group this host belongs to'
|
31
|
-
|
32
|
-
# ABOVE is duplicates from Host!
|
33
|
-
|
34
7
|
attr_string_accessor :anti_malware_classic_pattern_version,
|
35
8
|
"Current version of the classic Anti-Malware pattern"
|
36
9
|
attr_string_accessor :anti_malware_engine_version,
|
@@ -124,28 +97,29 @@ module DeepSecurity
|
|
124
97
|
array_object_accessor :host_interfaces,
|
125
98
|
HostInterface
|
126
99
|
|
127
|
-
cache_by_aspect :id, :name
|
100
|
+
# cache_by_aspect :id, :name
|
101
|
+
|
102
|
+
end
|
103
|
+
|
104
|
+
class Manager
|
128
105
|
|
129
106
|
# @!group High-Level SOAP Wrapper
|
130
107
|
|
131
108
|
# Return all HostDetails matching the hosts filter with the given detail level
|
132
|
-
# @param [HostFilter]
|
133
|
-
# @param [EnumHostDetailLevel]
|
109
|
+
# @param host_filter [HostFilter]
|
110
|
+
# @param detail_level [EnumHostDetailLevel]
|
134
111
|
# @return [Array<HostDetail>]
|
135
|
-
def
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
def host_group
|
140
|
-
return nil if host_group_id.nil?
|
141
|
-
HostGroup.find(host_group_id)
|
112
|
+
def host_details(host_filter, detail_level)
|
113
|
+
cache.fetch(HostDetail.cache_key(:all, :all)) do
|
114
|
+
interface.hostDetailRetrieve(host_filter, detail_level)
|
115
|
+
end
|
142
116
|
end
|
143
117
|
|
144
118
|
# @!endgroup
|
145
119
|
|
146
120
|
end
|
147
121
|
|
148
|
-
class
|
122
|
+
class SOAPInterface
|
149
123
|
|
150
124
|
# @!group Low-Level SOAP Wrapper
|
151
125
|
|
@@ -161,13 +135,11 @@ module DeepSecurity
|
|
161
135
|
#
|
162
136
|
# RETURNS
|
163
137
|
# HostDetailTransport object array.
|
164
|
-
def hostDetailRetrieve(hostFilter, hostDetailLevel, sID =
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
:sID => sID)
|
170
|
-
end
|
138
|
+
def hostDetailRetrieve(hostFilter, hostDetailLevel, sID = manager.sID)
|
139
|
+
request_array(:host_detail_retrieve, HostDetail, nil,
|
140
|
+
:hostFilter => hostFilter.to_savon,
|
141
|
+
:hostDetailLevel => EnumHostDetailLevel.key(hostDetailLevel),
|
142
|
+
:sID => sID)
|
171
143
|
end
|
172
144
|
|
173
145
|
# @!endgroup
|
@@ -28,7 +28,7 @@ module DeepSecurity
|
|
28
28
|
end
|
29
29
|
|
30
30
|
# Return a new instance for hosts in the group defined by the given host_group_id.
|
31
|
-
# @param [Integer]
|
31
|
+
# @param host_group_id [Integer]
|
32
32
|
# @return [HostFilter]
|
33
33
|
def self.hosts_in_group(host_group_id)
|
34
34
|
instance = self.new()
|
@@ -38,7 +38,7 @@ module DeepSecurity
|
|
38
38
|
end
|
39
39
|
|
40
40
|
# Return a new instance for hosts in the security profile defined by the given security_profile_id.
|
41
|
-
# @param [Integer]
|
41
|
+
# @param security_profile_id [Integer]
|
42
42
|
# @return [HostFilter]
|
43
43
|
def self.hosts_using_security_profile(security_profile_id)
|
44
44
|
instance = self.new()
|
@@ -48,7 +48,7 @@ module DeepSecurity
|
|
48
48
|
end
|
49
49
|
|
50
50
|
# Return a new instance for hosts in the group and their subgroups defined by the given host_group_id.
|
51
|
-
# @param [Integer]
|
51
|
+
# @param host_group_id [Integer]
|
52
52
|
# @return [HostFilter]
|
53
53
|
def self.hosts_in_group_and_all_subgroups(host_group_id)
|
54
54
|
instance = self.new()
|
@@ -58,7 +58,7 @@ module DeepSecurity
|
|
58
58
|
end
|
59
59
|
|
60
60
|
# Return a new instance for hosts defined by the given host_id.
|
61
|
-
# @param [Integer]
|
61
|
+
# @param host_id [Integer]
|
62
62
|
# @return [HostFilter]
|
63
63
|
def self.specific_host(host_id)
|
64
64
|
instance = self.new()
|
@@ -25,34 +25,49 @@ module DeepSecurity
|
|
25
25
|
# @!group High-Level SOAP Wrapper
|
26
26
|
|
27
27
|
def parent_group
|
28
|
-
return nil if
|
29
|
-
|
28
|
+
return nil if parent_group_id.nil?
|
29
|
+
manager.host_group(parent_group_id)
|
30
30
|
end
|
31
31
|
|
32
|
+
# @!group High-Level SOAP Wrapper
|
33
|
+
end
|
34
|
+
|
35
|
+
class Manager
|
36
|
+
|
37
|
+
# @!group High-Level SOAP Wrapper
|
38
|
+
|
32
39
|
# Retrieves HostGroups.
|
33
40
|
# @return [Array<HostGroup>]
|
34
|
-
def
|
35
|
-
|
41
|
+
def host_groups()
|
42
|
+
cache.fetch(HostGroup.cache_key(:all, :all)) do
|
43
|
+
interface.hostGroupRetrieveAll()
|
44
|
+
end
|
36
45
|
end
|
37
46
|
|
38
47
|
# Retrieves a HostGroup by ID.
|
39
|
-
# @param [Integer]
|
48
|
+
# @param id [Integer] HostGroup ID
|
40
49
|
# @return [HostGroup]
|
41
|
-
def
|
42
|
-
|
50
|
+
def host_group(id)
|
51
|
+
return nil if id.nil?
|
52
|
+
cache.fetch(HostGroup.cache_key(:id, id)) do
|
53
|
+
interface.hostGroupRetrieve(id)
|
54
|
+
end
|
43
55
|
end
|
44
56
|
|
45
57
|
# Retrieves a HostGroup by name.
|
46
|
-
# @param [String] hostname
|
58
|
+
# @param hostname [String] hostname
|
47
59
|
# @return [HostGroup]
|
48
|
-
def
|
49
|
-
|
60
|
+
def host_group_by_name(hostname)
|
61
|
+
return nil if hostname.blank?
|
62
|
+
cache.fetch(HostGroup.cache_key(:name, name)) do
|
63
|
+
interface.hostGroupRetrieveByName(hostname)
|
64
|
+
end
|
50
65
|
end
|
51
66
|
#@!endgroup
|
52
67
|
|
53
68
|
end
|
54
69
|
|
55
|
-
class
|
70
|
+
class SOAPInterface
|
56
71
|
|
57
72
|
# @!group Low-Level SOAP Wrapper
|
58
73
|
|
@@ -66,11 +81,9 @@ module DeepSecurity
|
|
66
81
|
#
|
67
82
|
# RETURNS
|
68
83
|
# HostGroupTransport object array.
|
69
|
-
def hostGroupRetrieveAll(sID =
|
70
|
-
|
71
|
-
|
72
|
-
:sID => sID)
|
73
|
-
end
|
84
|
+
def hostGroupRetrieveAll(sID = manager.sID)
|
85
|
+
request_array(:host_group_retrieve_all, HostGroup, nil,
|
86
|
+
:sID => sID)
|
74
87
|
end
|
75
88
|
|
76
89
|
# Retrieves a Host Group by ID.
|
@@ -84,12 +97,10 @@ module DeepSecurity
|
|
84
97
|
#
|
85
98
|
# RETURNS
|
86
99
|
# HostGroupTransport object.
|
87
|
-
def hostGroupRetrieve(id, sID =
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
:sID => sID)
|
92
|
-
end
|
100
|
+
def hostGroupRetrieve(id, sID = manager.sID)
|
101
|
+
request_object(:host_group_retrieve, HostGroup,
|
102
|
+
:id => id,
|
103
|
+
:sID => sID)
|
93
104
|
end
|
94
105
|
|
95
106
|
|
@@ -100,16 +111,14 @@ module DeepSecurity
|
|
100
111
|
#
|
101
112
|
# PARAMETERS
|
102
113
|
# Name Identifying Host Group name.
|
103
|
-
# sID
|
114
|
+
# sID Authentication session identifier ID.
|
104
115
|
#
|
105
116
|
# RETURNS
|
106
117
|
# HostGroupTransport object.
|
107
|
-
def hostGroupRetrieveByName(name, sID =
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
:sID => sID)
|
112
|
-
end
|
118
|
+
def hostGroupRetrieveByName(name, sID = manager.sID)
|
119
|
+
request_object(:host_group_retrieve_by_name, HostGroup,
|
120
|
+
:name => name,
|
121
|
+
:sID => sID)
|
113
122
|
end
|
114
123
|
|
115
124
|
# @!endgroup
|