deepsecurity 0.0.19 → 0.0.20
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +15 -0
- data/Gemfile +5 -0
- data/bin/dsc +4 -61
- data/deepsecurity.gemspec +7 -2
- data/dsc.md +20 -18
- data/lib/deepsecurity.rb +11 -12
- data/lib/deepsecurity/manager.rb +55 -122
- data/lib/deepsecurity/soap_interface.rb +57 -0
- data/lib/deepsecurity/transport_object.rb +5 -1
- data/lib/deepsecurity/transport_objects/anti_malware_event.rb +26 -17
- data/lib/deepsecurity/transport_objects/host.rb +45 -36
- data/lib/deepsecurity/transport_objects/host_detail.rb +17 -45
- data/lib/deepsecurity/transport_objects/host_filter.rb +4 -4
- data/lib/deepsecurity/transport_objects/host_group.rb +38 -29
- data/lib/deepsecurity/transport_objects/id_filter.rb +3 -3
- data/lib/deepsecurity/transport_objects/system_event.rb +1 -1
- data/lib/deepsecurity/transport_objects/time_filter.rb +2 -2
- data/lib/deepsecurity/version.rb +1 -1
- data/lib/dsc/anti_malware_event_command.rb +54 -11
- data/lib/dsc/command.rb +388 -72
- data/lib/dsc/host_detail_command.rb +56 -6
- data/lib/savon_helper.rb +30 -1
- data/lib/savon_helper/caching_object.rb +50 -13
- data/lib/savon_helper/dsl.rb +286 -0
- data/lib/savon_helper/mapping_object.rb +89 -339
- data/lib/savon_helper/soap_interface.rb +77 -0
- data/lib/savon_helper/type_mappings.rb +270 -143
- metadata +8 -6
- data/lib/deepsecurity/ds_object.rb +0 -37
@@ -0,0 +1,57 @@
|
|
1
|
+
# @author Udo Schneider <Udo.Schneider@homeaddress.de>
|
2
|
+
|
3
|
+
module DeepSecurity
|
4
|
+
|
5
|
+
class SOAPInterface < SavonHelper::SOAPInterface
|
6
|
+
|
7
|
+
attr_accessor :manager
|
8
|
+
|
9
|
+
# Obtain a new wrapper around the DeepSecurity Manager SOAP API.
|
10
|
+
def initialize(hostname, port=4119, logger, log_level)
|
11
|
+
@hostname = hostname
|
12
|
+
@port = port
|
13
|
+
super("https://#{hostname}:#{port}/webservice/Manager?WSDL",
|
14
|
+
logger,
|
15
|
+
log_level,
|
16
|
+
{:convert_request_keys_to => :none, # or one of [:lower_camelcase, :upcase, :none]
|
17
|
+
:ssl_verify_mode => :none})
|
18
|
+
|
19
|
+
end
|
20
|
+
|
21
|
+
# @!group Request Helper
|
22
|
+
|
23
|
+
# Send an authenticated WebUI Request to the Server for URL +url and return the response body
|
24
|
+
def send_authenticated_http_get(path, sID)
|
25
|
+
logger.debug { "#{self.class}\##{__method__}(#{path.inspect})" }
|
26
|
+
url = "https://#{@hostname}:#{@port}#{path}"
|
27
|
+
request = HTTPI::Request.new(url)
|
28
|
+
request.auth.ssl.verify_mode = :none
|
29
|
+
request.headers = {
|
30
|
+
"Cookie" => "sID=#{sID}"
|
31
|
+
}
|
32
|
+
request.gzip
|
33
|
+
response = HTTPI.get request
|
34
|
+
response.body
|
35
|
+
end
|
36
|
+
|
37
|
+
# Send an authenticated WebUI Request to the Server for URL +url and return the response body
|
38
|
+
def send_authenticated_http_post(path, body, sID)
|
39
|
+
logger.debug { "#{self.class}\##{__method__}(#{path.inspect})" }
|
40
|
+
url = "https://#{@hostname}:#{@port}#{path}"
|
41
|
+
request = HTTPI::Request.new(url)
|
42
|
+
request.auth.ssl.verify_mode = :none
|
43
|
+
request.headers = {
|
44
|
+
"Cookie" => "sID=#{sID}",
|
45
|
+
"Content-Type" => "application/x-www-form-urlencoded"
|
46
|
+
}
|
47
|
+
request.gzip
|
48
|
+
request.body = body
|
49
|
+
response = HTTPI.post request
|
50
|
+
response.body
|
51
|
+
end
|
52
|
+
|
53
|
+
# @!endgroup
|
54
|
+
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
@@ -14,7 +14,11 @@ module DeepSecurity
|
|
14
14
|
# @note
|
15
15
|
# It defines it's own DSL to specify attributes, caching and operation. This allows you to completely hide the
|
16
16
|
# type-conversion needed by Savon behind a regular Ruby object.
|
17
|
-
class TransportObject <
|
17
|
+
class TransportObject < SavonHelper::CachingObject
|
18
|
+
|
19
|
+
def manager
|
20
|
+
interface.manager
|
21
|
+
end
|
18
22
|
|
19
23
|
end
|
20
24
|
|
@@ -48,33 +48,42 @@ module DeepSecurity
|
|
48
48
|
attr_integer_accessor :scan_action2
|
49
49
|
attr_string_accessor :summary_scan_result
|
50
50
|
|
51
|
-
|
52
51
|
hint_object_accessor :host,
|
53
|
-
|
54
|
-
|
52
|
+
Host,
|
53
|
+
'The host this event corresponds to'
|
54
|
+
|
55
|
+
|
56
|
+
# cache_by_aspect :anti_malware_event_id
|
57
|
+
|
58
|
+
# @!group High-Level SOAP Wrapper
|
59
|
+
|
60
|
+
def host
|
61
|
+
manager.host(host_id)
|
62
|
+
end
|
55
63
|
|
64
|
+
# @!endgroup
|
65
|
+
|
66
|
+
end
|
56
67
|
|
57
|
-
|
68
|
+
class Manager
|
58
69
|
|
59
70
|
# @!group High-Level SOAP Wrapper
|
60
71
|
|
61
72
|
# Return all AntiMalware events matching the filter
|
62
|
-
# @param [TimeFilter]
|
63
|
-
# @param [HostFilter]
|
64
|
-
# @param [IDFilter]
|
73
|
+
# @param time_filter [TimeFilter]
|
74
|
+
# @param host_filter [HostFilter]
|
75
|
+
# @param event_id_filter [IDFilter]
|
65
76
|
# @return [Array<AntiMalwareEvent>]
|
66
|
-
def
|
67
|
-
|
77
|
+
def anti_malware_events_by_time_host_event(time_filter, host_filter, event_id_filter)
|
78
|
+
interface.antiMalwareEventRetrieve(time_filter, host_filter, event_id_filter)
|
68
79
|
end
|
69
80
|
|
70
|
-
def host
|
71
|
-
Host.find(host_id)
|
72
|
-
end
|
73
81
|
# @!endgroup
|
74
82
|
|
83
|
+
|
75
84
|
end
|
76
85
|
|
77
|
-
class
|
86
|
+
class SOAPInterface
|
78
87
|
|
79
88
|
# @!group Low-Level SOAP Wrapper
|
80
89
|
|
@@ -91,11 +100,11 @@ module DeepSecurity
|
|
91
100
|
#
|
92
101
|
# RETURNS
|
93
102
|
# AntiMalwareEventListTransport object.
|
94
|
-
def antiMalwareEventRetrieve(timeFilter, hostFilter, eventIdFilter, sID =
|
103
|
+
def antiMalwareEventRetrieve(timeFilter, hostFilter, eventIdFilter, sID = manager.sID)
|
95
104
|
request_array(:anti_malware_event_retrieve, AntiMalwareEvent, :anti_malware_events,
|
96
|
-
:timeFilter => timeFilter.
|
97
|
-
:hostFilter => hostFilter.
|
98
|
-
:eventIdFilter => eventIdFilter.
|
105
|
+
:timeFilter => timeFilter.to_savon,
|
106
|
+
:hostFilter => hostFilter.to_savon,
|
107
|
+
:eventIdFilter => eventIdFilter.to_savon,
|
99
108
|
:sID => sID)
|
100
109
|
end
|
101
110
|
|
@@ -79,34 +79,60 @@ module DeepSecurity
|
|
79
79
|
|
80
80
|
# @!group High-Level SOAP Wrapper
|
81
81
|
|
82
|
+
def host_group
|
83
|
+
manager.host_group(host_group_id)
|
84
|
+
end
|
85
|
+
|
86
|
+
#@!endgroup
|
87
|
+
end
|
88
|
+
|
89
|
+
class Manager
|
90
|
+
|
91
|
+
# @!group High-Level SOAP Wrapper
|
92
|
+
|
82
93
|
# Retrieves Hosts.
|
83
94
|
# @return [Array<Host>]
|
84
|
-
def
|
85
|
-
|
95
|
+
def hosts()
|
96
|
+
cache.fetch(Host.cache_key(:all, :all)) do
|
97
|
+
interface.hostRetrieveAll()
|
98
|
+
end
|
86
99
|
end
|
87
100
|
|
88
101
|
# Retrieves a Host by ID.
|
89
|
-
# @param [Integer]
|
102
|
+
# @param id [Integer] Host ID
|
90
103
|
# @return [Host]
|
91
|
-
def
|
92
|
-
|
104
|
+
def host(id)
|
105
|
+
cache.fetch(Host.cache_key(:id, id)) do
|
106
|
+
interface.hostRetrieve(id)
|
107
|
+
end
|
93
108
|
end
|
94
109
|
|
95
110
|
# Retrieves a Host by name.
|
96
|
-
# @param [String] hostname
|
111
|
+
# @param hostname [String] hostname
|
97
112
|
# @return [Host]
|
98
|
-
def
|
99
|
-
|
113
|
+
def host_by_name(hostname)
|
114
|
+
cache.fetch(Host.cache_key(:name, hostname)) do
|
115
|
+
interface.hostRetrieveByName(hostname)
|
116
|
+
end
|
100
117
|
end
|
101
118
|
|
102
|
-
|
103
|
-
|
119
|
+
#@!endgroup
|
120
|
+
|
121
|
+
# @!group Low-Level Screenscraping Wrapper
|
122
|
+
|
123
|
+
def security_profile
|
124
|
+
Manager.current.security_progile(@security_profile_id)
|
104
125
|
end
|
105
126
|
|
106
|
-
|
127
|
+
def dpi_rule_identifiers_for_host(id, argument)
|
128
|
+
payload_filters2_show_rules(id, argument)
|
129
|
+
payload_filters2(:hostID => id, :arguments => argument).map { |hash| hash[:name].split(' ').first }
|
130
|
+
end
|
131
|
+
# @!endgroup
|
132
|
+
|
107
133
|
end
|
108
134
|
|
109
|
-
class
|
135
|
+
class SOAPInterface
|
110
136
|
|
111
137
|
# @!group Low-Level SOAP Wrapper
|
112
138
|
|
@@ -120,11 +146,9 @@ module DeepSecurity
|
|
120
146
|
#
|
121
147
|
# RETURNS
|
122
148
|
# HostTransport object array.
|
123
|
-
def hostRetrieveAll(sID =
|
124
|
-
|
125
|
-
|
126
|
-
:sID => sID)
|
127
|
-
end
|
149
|
+
def hostRetrieveAll(sID = manager.sID)
|
150
|
+
request_array(:host_retrieve_all, Host, nil,
|
151
|
+
:sID => sID)
|
128
152
|
end
|
129
153
|
|
130
154
|
# Retrieves a Host by ID.
|
@@ -138,10 +162,8 @@ module DeepSecurity
|
|
138
162
|
#
|
139
163
|
# RETURNS
|
140
164
|
# HostTransport object.
|
141
|
-
def hostRetrieve(id, sID =
|
142
|
-
|
143
|
-
request_object(:host_retrieve, Host, :id => id, :sID => sID)
|
144
|
-
end
|
165
|
+
def hostRetrieve(id, sID = manager.sID)
|
166
|
+
request_object(:host_retrieve, Host, :id => id, :sID => sID)
|
145
167
|
end
|
146
168
|
|
147
169
|
# Retrieves a Host by name.
|
@@ -155,25 +177,12 @@ module DeepSecurity
|
|
155
177
|
#
|
156
178
|
# RETURNS
|
157
179
|
# HostTransport object.
|
158
|
-
def hostRetrieveByName(hostname, sID =
|
159
|
-
|
160
|
-
request_object(:host_retrieve_by_name, Host, :hostname => hostname, :sID => sID)
|
161
|
-
end
|
180
|
+
def hostRetrieveByName(hostname, sID = manager.sID)
|
181
|
+
request_object(:host_retrieve_by_name, Host, :hostname => hostname, :sID => sID)
|
162
182
|
end
|
163
183
|
|
164
184
|
# @!endgroup
|
165
185
|
|
166
|
-
# @!group Low-Level Screenscraping Wrapper
|
167
|
-
|
168
|
-
def security_profile
|
169
|
-
Manager.current.security_progile(@security_profile_id)
|
170
|
-
end
|
171
|
-
|
172
|
-
def dpi_rule_identifiers_for_host(id, argument)
|
173
|
-
payload_filters2_show_rules(id, argument)
|
174
|
-
payload_filters2(:hostID => id, :arguments => argument).map { |hash| hash[:name].split(' ').first }
|
175
|
-
end
|
176
|
-
# @!endgroup
|
177
186
|
|
178
187
|
end
|
179
188
|
|
@@ -4,33 +4,6 @@ module DeepSecurity
|
|
4
4
|
# merging states of potentially multiple endpoints (i.e., Agent + Appliance).
|
5
5
|
class HostDetail < Host
|
6
6
|
|
7
|
-
|
8
|
-
attr_integer_accessor :id
|
9
|
-
attr_string_accessor :name
|
10
|
-
attr_string_accessor :description
|
11
|
-
|
12
|
-
attr_string_accessor :display_name,
|
13
|
-
'Computer display name'
|
14
|
-
attr_boolean_accessor :external,
|
15
|
-
'Administrative external boolean for integration purposes.'
|
16
|
-
attr_string_accessor :external_id,
|
17
|
-
'Administrative external ID for integration purposes.'
|
18
|
-
attr_integer_accessor :host_group_id,
|
19
|
-
'Assigned HostGroupTransport ID'
|
20
|
-
attr_enum_accessor :host_type,
|
21
|
-
EnumHostType,
|
22
|
-
'Assigned host type'
|
23
|
-
attr_string_accessor :platform,
|
24
|
-
'Computer platform'
|
25
|
-
attr_integer_accessor :security_profile_id,
|
26
|
-
'Assigned SecurityProfileTransport ID'
|
27
|
-
|
28
|
-
hint_object_accessor :host_group,
|
29
|
-
HostGroup,
|
30
|
-
'The host group this host belongs to'
|
31
|
-
|
32
|
-
# ABOVE is duplicates from Host!
|
33
|
-
|
34
7
|
attr_string_accessor :anti_malware_classic_pattern_version,
|
35
8
|
"Current version of the classic Anti-Malware pattern"
|
36
9
|
attr_string_accessor :anti_malware_engine_version,
|
@@ -124,28 +97,29 @@ module DeepSecurity
|
|
124
97
|
array_object_accessor :host_interfaces,
|
125
98
|
HostInterface
|
126
99
|
|
127
|
-
cache_by_aspect :id, :name
|
100
|
+
# cache_by_aspect :id, :name
|
101
|
+
|
102
|
+
end
|
103
|
+
|
104
|
+
class Manager
|
128
105
|
|
129
106
|
# @!group High-Level SOAP Wrapper
|
130
107
|
|
131
108
|
# Return all HostDetails matching the hosts filter with the given detail level
|
132
|
-
# @param [HostFilter]
|
133
|
-
# @param [EnumHostDetailLevel]
|
109
|
+
# @param host_filter [HostFilter]
|
110
|
+
# @param detail_level [EnumHostDetailLevel]
|
134
111
|
# @return [Array<HostDetail>]
|
135
|
-
def
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
def host_group
|
140
|
-
return nil if host_group_id.nil?
|
141
|
-
HostGroup.find(host_group_id)
|
112
|
+
def host_details(host_filter, detail_level)
|
113
|
+
cache.fetch(HostDetail.cache_key(:all, :all)) do
|
114
|
+
interface.hostDetailRetrieve(host_filter, detail_level)
|
115
|
+
end
|
142
116
|
end
|
143
117
|
|
144
118
|
# @!endgroup
|
145
119
|
|
146
120
|
end
|
147
121
|
|
148
|
-
class
|
122
|
+
class SOAPInterface
|
149
123
|
|
150
124
|
# @!group Low-Level SOAP Wrapper
|
151
125
|
|
@@ -161,13 +135,11 @@ module DeepSecurity
|
|
161
135
|
#
|
162
136
|
# RETURNS
|
163
137
|
# HostDetailTransport object array.
|
164
|
-
def hostDetailRetrieve(hostFilter, hostDetailLevel, sID =
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
:sID => sID)
|
170
|
-
end
|
138
|
+
def hostDetailRetrieve(hostFilter, hostDetailLevel, sID = manager.sID)
|
139
|
+
request_array(:host_detail_retrieve, HostDetail, nil,
|
140
|
+
:hostFilter => hostFilter.to_savon,
|
141
|
+
:hostDetailLevel => EnumHostDetailLevel.key(hostDetailLevel),
|
142
|
+
:sID => sID)
|
171
143
|
end
|
172
144
|
|
173
145
|
# @!endgroup
|
@@ -28,7 +28,7 @@ module DeepSecurity
|
|
28
28
|
end
|
29
29
|
|
30
30
|
# Return a new instance for hosts in the group defined by the given host_group_id.
|
31
|
-
# @param [Integer]
|
31
|
+
# @param host_group_id [Integer]
|
32
32
|
# @return [HostFilter]
|
33
33
|
def self.hosts_in_group(host_group_id)
|
34
34
|
instance = self.new()
|
@@ -38,7 +38,7 @@ module DeepSecurity
|
|
38
38
|
end
|
39
39
|
|
40
40
|
# Return a new instance for hosts in the security profile defined by the given security_profile_id.
|
41
|
-
# @param [Integer]
|
41
|
+
# @param security_profile_id [Integer]
|
42
42
|
# @return [HostFilter]
|
43
43
|
def self.hosts_using_security_profile(security_profile_id)
|
44
44
|
instance = self.new()
|
@@ -48,7 +48,7 @@ module DeepSecurity
|
|
48
48
|
end
|
49
49
|
|
50
50
|
# Return a new instance for hosts in the group and their subgroups defined by the given host_group_id.
|
51
|
-
# @param [Integer]
|
51
|
+
# @param host_group_id [Integer]
|
52
52
|
# @return [HostFilter]
|
53
53
|
def self.hosts_in_group_and_all_subgroups(host_group_id)
|
54
54
|
instance = self.new()
|
@@ -58,7 +58,7 @@ module DeepSecurity
|
|
58
58
|
end
|
59
59
|
|
60
60
|
# Return a new instance for hosts defined by the given host_id.
|
61
|
-
# @param [Integer]
|
61
|
+
# @param host_id [Integer]
|
62
62
|
# @return [HostFilter]
|
63
63
|
def self.specific_host(host_id)
|
64
64
|
instance = self.new()
|
@@ -25,34 +25,49 @@ module DeepSecurity
|
|
25
25
|
# @!group High-Level SOAP Wrapper
|
26
26
|
|
27
27
|
def parent_group
|
28
|
-
return nil if
|
29
|
-
|
28
|
+
return nil if parent_group_id.nil?
|
29
|
+
manager.host_group(parent_group_id)
|
30
30
|
end
|
31
31
|
|
32
|
+
# @!group High-Level SOAP Wrapper
|
33
|
+
end
|
34
|
+
|
35
|
+
class Manager
|
36
|
+
|
37
|
+
# @!group High-Level SOAP Wrapper
|
38
|
+
|
32
39
|
# Retrieves HostGroups.
|
33
40
|
# @return [Array<HostGroup>]
|
34
|
-
def
|
35
|
-
|
41
|
+
def host_groups()
|
42
|
+
cache.fetch(HostGroup.cache_key(:all, :all)) do
|
43
|
+
interface.hostGroupRetrieveAll()
|
44
|
+
end
|
36
45
|
end
|
37
46
|
|
38
47
|
# Retrieves a HostGroup by ID.
|
39
|
-
# @param [Integer]
|
48
|
+
# @param id [Integer] HostGroup ID
|
40
49
|
# @return [HostGroup]
|
41
|
-
def
|
42
|
-
|
50
|
+
def host_group(id)
|
51
|
+
return nil if id.nil?
|
52
|
+
cache.fetch(HostGroup.cache_key(:id, id)) do
|
53
|
+
interface.hostGroupRetrieve(id)
|
54
|
+
end
|
43
55
|
end
|
44
56
|
|
45
57
|
# Retrieves a HostGroup by name.
|
46
|
-
# @param [String] hostname
|
58
|
+
# @param hostname [String] hostname
|
47
59
|
# @return [HostGroup]
|
48
|
-
def
|
49
|
-
|
60
|
+
def host_group_by_name(hostname)
|
61
|
+
return nil if hostname.blank?
|
62
|
+
cache.fetch(HostGroup.cache_key(:name, name)) do
|
63
|
+
interface.hostGroupRetrieveByName(hostname)
|
64
|
+
end
|
50
65
|
end
|
51
66
|
#@!endgroup
|
52
67
|
|
53
68
|
end
|
54
69
|
|
55
|
-
class
|
70
|
+
class SOAPInterface
|
56
71
|
|
57
72
|
# @!group Low-Level SOAP Wrapper
|
58
73
|
|
@@ -66,11 +81,9 @@ module DeepSecurity
|
|
66
81
|
#
|
67
82
|
# RETURNS
|
68
83
|
# HostGroupTransport object array.
|
69
|
-
def hostGroupRetrieveAll(sID =
|
70
|
-
|
71
|
-
|
72
|
-
:sID => sID)
|
73
|
-
end
|
84
|
+
def hostGroupRetrieveAll(sID = manager.sID)
|
85
|
+
request_array(:host_group_retrieve_all, HostGroup, nil,
|
86
|
+
:sID => sID)
|
74
87
|
end
|
75
88
|
|
76
89
|
# Retrieves a Host Group by ID.
|
@@ -84,12 +97,10 @@ module DeepSecurity
|
|
84
97
|
#
|
85
98
|
# RETURNS
|
86
99
|
# HostGroupTransport object.
|
87
|
-
def hostGroupRetrieve(id, sID =
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
:sID => sID)
|
92
|
-
end
|
100
|
+
def hostGroupRetrieve(id, sID = manager.sID)
|
101
|
+
request_object(:host_group_retrieve, HostGroup,
|
102
|
+
:id => id,
|
103
|
+
:sID => sID)
|
93
104
|
end
|
94
105
|
|
95
106
|
|
@@ -100,16 +111,14 @@ module DeepSecurity
|
|
100
111
|
#
|
101
112
|
# PARAMETERS
|
102
113
|
# Name Identifying Host Group name.
|
103
|
-
# sID
|
114
|
+
# sID Authentication session identifier ID.
|
104
115
|
#
|
105
116
|
# RETURNS
|
106
117
|
# HostGroupTransport object.
|
107
|
-
def hostGroupRetrieveByName(name, sID =
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
:sID => sID)
|
112
|
-
end
|
118
|
+
def hostGroupRetrieveByName(name, sID = manager.sID)
|
119
|
+
request_object(:host_group_retrieve_by_name, HostGroup,
|
120
|
+
:name => name,
|
121
|
+
:sID => sID)
|
113
122
|
end
|
114
123
|
|
115
124
|
# @!endgroup
|