emasser 1.0.3 → 3.4.0

data/lib/emasser/put.rb

@@ -129,7 +129,7 @@ module Emasser
     # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
     def update
       # Required fields
-      body = EmassClient::ControlsRequestPutBody.new
+      body = EmassClient::ControlsGet.new
       body.acronym = options[:acronym]
       body.responsible_entities = options[:responsibleEntities]
       body.control_designation = options[:controlDesignation]
@@ -147,11 +147,12 @@ module Emasser
       body.impact = options[:impact] if options[:impact]
       body.impact_description = options[:impactDescription] if options[:impactDescription]
       body.residual_risk_level = options[:residualRiskLevel] if options[:residualRiskLevel]
+      body.test_method = options[:testMethod] if options[:testMethod]
 
       body_array = Array.new(1, body)
 
       begin
-        result = EmassClient::ControlsApi.new.update_control_by_system_id(body_array, options[:systemId])
+        result = EmassClient::ControlsApi.new.update_control_by_system_id(options[:systemId], body_array)
         puts to_output_hash(result).green
       rescue EmassClient::ApiError => e
         puts 'Exception when calling ControlsApi->update_control_by_system_id'.red
@@ -268,9 +269,9 @@ module Emasser
     # Required parameters/fields
     option :systemId, type: :numeric, required: true, desc: 'A numeric value representing the system identification'
     option :poamId, type: :numeric, required: true, desc: 'A numeric value representing the poam identification'
-    option :displayPoamId,
-           type: :numeric, required: true,
-           desc: 'Globally unique identifier for individual POA&M Items, seen on the front-end as "ID"'
+    # option :displayPoamId,
+    #        type: :numeric, required: true,
+    #        desc: 'Globally unique identifier for individual POA&M Items, seen on the front-end as "ID"'
     option :status, type: :string, required: true, enum: ['Ongoing', 'Risk Accepted', 'Completed', 'Not Applicable']
     option :vulnerabilityDescription, type: :string, required: true, desc: 'POA&M vulnerability description'
     option :sourceIdentVuln,
@@ -312,12 +313,13 @@ module Emasser
     # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
     def update
       # Required fields
-      body = EmassClient::PoamRequiredPut.new
+      body = EmassClient::PoamGet.new
       body.poam_id = options[:poamId]
       body.status = options[:status]
       body.vulnerability_description = options[:vulnerabilityDescription]
       body.source_ident_vuln = options[:sourceIdentVuln]
       body.poc_organization = options[:pocOrganization]
+      body.resources = options[:resources]
 
       process_business_logic(body)
 
@@ -345,7 +347,7 @@ module Emasser
       body_array = Array.new(1, body)
 
       begin
-        result = EmassClient::POAMApi.new.update_poam_by_system_id(body_array, options[:systemId])
+        result = EmassClient::POAMApi.new.update_poam_by_system_id(options[:systemId], body_array)
         puts to_output_hash(result).green
       rescue EmassClient::ApiError => e
         puts 'Exception when calling POAMApi->update_poam_by_system_id'.red
@@ -354,7 +356,7 @@ module Emasser
     end
     # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
 
-    # rubocop:disable Metrics/BlockLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+    # rubocop:disable Metrics/AbcSize, Metrics/BlockLength, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
     no_commands do
       def process_business_logic(body)
         #-----------------------------------------------------------------------------
@@ -372,13 +374,18 @@ module Emasser
             puts '    comments'.red
             puts POAMS_PUT_HELP_MESSAGE.yellow
             exit
+          elsif !(options[:scheduledCompletionDate].nil? && options[:milestone].nil?)
+            puts 'When status = "Risk Accepted" POA&M Item CAN NOT be saved with the following parameters/fields:'.red
+            puts '    scheduledCompletionDate, or milestone'.red
+            puts POAMS_PUT_HELP_MESSAGE.yellow
+            exit
           else
             body.comments = options[:comments]
           end
         elsif options[:status] == "Ongoing"
           if options[:scheduledCompletionDate].nil? || options[:milestone].nil?
             puts 'When status = "Ongoing" the following parameters/fields are required:'.red
-            puts '    scheduledCompletionDate, or milestone'.red
+            puts '    scheduledCompletionDate, milestone'.red
             print_milestone_help
             puts POAMS_PUT_HELP_MESSAGE.yellow
             exit
@@ -457,7 +464,7 @@ module Emasser
         puts 'The milestoneId:[value] is optional, if not provided a new milestone is created'.yellow
       end
     end
-    # rubocop:enable Metrics/BlockLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+    # rubocop:enable Metrics/AbcSize, Metrics/BlockLength, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
   end
 
   # Update Milestones items to a system.
@@ -482,7 +489,7 @@ module Emasser
            type: :numeric, required: false, desc: 'The scheduled completion date - Unix time format'
 
     def update
-      body = EmassClient::MilestonesRequestPutBody.new
+      body = EmassClient::MilestonesGet.new
       body.milestone_id = options[:milestoneId]
       body.description = options[:description]
       body.scheduled_completion_date = options[:scheduledCompletionDate]
@@ -490,12 +497,12 @@ module Emasser
 
       begin
         # Get milestones in one or many poa&m items in a system
-        result = EmassClient::POAMApi
+        result = EmassClient::MilestonesApi
                  .new
-                 .update_milestone_by_system_id_and_poam_id(body_array, options[:systemId], options[:poamId])
+                 .update_milestone_by_system_id_and_poam_id(options[:systemId], options[:poamId], body_array)
         puts to_output_hash(result).green
       rescue EmassClient::ApiError => e
-        puts 'Exception when calling POAMApi->update_milestone_by_system_id_and_poam_id'.red
+        puts 'Exception when calling MilestonesApi->update_milestone_by_system_id_and_poam_id'.red
         puts to_output_hash(e)
       end
     end
@@ -539,7 +546,7 @@ module Emasser
 
     # rubocop:disable Metrics/CyclomaticComplexity
     def update
-      body = EmassClient::ArtifactsRequestPutBody.new
+      body = EmassClient::ArtifactsGet.new
       body.filename = options[:filename]
       body.type = options[:type]
       body.category = options[:category]
@@ -555,7 +562,7 @@ module Emasser
       body_array = Array.new(1, body)
 
       begin
-        result = EmassClient::ArtifactsApi.new.update_artifact_by_system_id(body_array, options[:systemId])
+        result = EmassClient::ArtifactsApi.new.update_artifact_by_system_id(options[:systemId], body_array)
         puts to_output_hash(result).green
       rescue EmassClient::ApiError => e
         puts 'Exception when calling ArtifactsApi->update_artifact_by_system_id'.red

data/lib/emasser/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Emasser
-  VERSION = '1.0.3'
+  VERSION = '3.4.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: emasser
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 3.4.0
 platform: ruby
 authors:
 - Amndeep Singh Mann
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-01-14 00:00:00.000000000 Z
+date: 2022-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -90,14 +90,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -238,10 +238,10 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.5'
-description: emasser can be used as a gem or used from the command line to access
-  eMASS via thei API.
+description: emasser can be used as a gem or used from the command line (CL) to access
+  eMASS endpoints via their API.
 email:
-- saf@mitre.org
+- saf@groups.mitre.org
 executables:
 - emasser
 extensions: []
@@ -252,7 +252,6 @@ files:
 - ".github/release-drafter.yml"
 - ".github/workflows/codeql-analysis.yml"
 - ".github/workflows/draft-release.yml"
-- ".github/workflows/generate_docs.yml"
 - ".github/workflows/gh-pages.yml"
 - ".github/workflows/push-to-docker-mail.yml"
 - ".github/workflows/push-to-docker.yml"
@@ -271,27 +270,13 @@ files:
 - README.md
 - Rakefile
 - _config.yml
-- docs/developers.md
 - docs/features.md
+- docs/images/emasser_architecture.jpg
 - docs/redoc/index.html
-- docs/swagger/dist/favicon-16x16.png
-- docs/swagger/dist/favicon-32x32.png
-- docs/swagger/dist/oauth2-redirect.html
-- docs/swagger/dist/swagger-ui-bundle.js
-- docs/swagger/dist/swagger-ui-bundle.js.map
-- docs/swagger/dist/swagger-ui-es-bundle-core.js
-- docs/swagger/dist/swagger-ui-es-bundle-core.js.map
-- docs/swagger/dist/swagger-ui-es-bundle.js
-- docs/swagger/dist/swagger-ui-es-bundle.js.map
-- docs/swagger/dist/swagger-ui-standalone-preset.js
-- docs/swagger/dist/swagger-ui-standalone-preset.js.map
-- docs/swagger/dist/swagger-ui.css
-- docs/swagger/dist/swagger-ui.css.map
-- docs/swagger/dist/swagger-ui.js
-- docs/swagger/dist/swagger-ui.js.map
-- docs/swagger/index.html
 - emasser.gemspec
 - exe/emasser
+- images/emasser_architecture.jpg
+- images/emasser_diagram-Page-3.jpg
 - lib/emasser.rb
 - lib/emasser/cli.rb
 - lib/emasser/configuration.rb
@@ -305,7 +290,9 @@ files:
 - lib/emasser/help/artifacts_del_mapper.md
 - lib/emasser/help/artifacts_post_mapper.md
 - lib/emasser/help/artifacts_put_mapper.md
+- lib/emasser/help/cloudresource_post_mapper.md
 - lib/emasser/help/cmmc_get_mapper.md
+- lib/emasser/help/container_post_mapper.md
 - lib/emasser/help/controls_put_mapper.md
 - lib/emasser/help/milestone_del_mapper.md
 - lib/emasser/help/milestone_post_mapper.md
@@ -325,7 +312,8 @@ files:
 homepage: https://saf.mitre.org
 licenses:
 - Apache-2.0
-metadata: {}
+metadata:
+  github_repo: ssh://github.com/mitre/emasser
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -341,7 +329,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: Provide an automated capability for invoving eMASS API endpoints

data/.github/workflows/generate_docs.yml

@@ -1,33 +0,0 @@
-name: generate-docs
-
-# Run on each push to main
-on:
-  push:
-    branches: [ main ]
-
-jobs:
-  test_job:
-    runs-on: ubuntu-latest
-    name: Generate Document with redoc
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-
-      # use the public name of the action
-      - name: redoc-cli test
-        uses: seeebiii/redoc-cli-github-action@v9
-        with:
-          args: 'bundle emass_client/eMASSRestOpenApi.yaml -o docs/redoc/index.html'
-
-      - name: check result
-        run: |
-          ls -al
-          test -f docs/redoc/index.html || (echo "Fail to generate docs/redoc/index.html from previous step." && exit 1)
-
-      - name: deploy
-        uses: peaceiris/actions-gh-pages@v3
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: ./docs/redoc
-          destination_dir: docs/redoc
-          enable_jekyll: true

data/docs/developers.md

@@ -1,115 +0,0 @@
-# Developers Instructions
-
-The documentation provided here is an OpenAPI (v3.0.3) Specification  compliant describing, producing, consuming, and visualizing the eMASS RESTful API web services (endpoints) as described in the eMASS REST API (v3.2) document, dated October 21, 2021.
-
-The API is documented in YAML and can be viewed utilizing Swagger Editor or Visual Studio Code (VSC) with swagger and yaml extensions.
-
-### Viewing the API via Swagger
-
-There are online tool options for viewing and editing OpenAPI compliant RESTfull APIs like the eMASS API documentations. Some of these tools are Swagger Editor or SwaggerHub. <strong>We discourage the utilization of any online capability for editing a controlled unclassified API document</strong>.
-
-To install the Swagger Editor offline from its repository follow these [instructions](https://github.com/swagger-api/swagger-editor).
-
-### Generate the API documentation (to view in a web browser-html)
-eMASS API documentation can be found [here](/docs/redoc/index.html)
-
-To generate the API documentation that can be viewable in a totally dependency-free (and nice looking) HTML use the `redoc-cli` command line tool.
-
-
-Install the tool via `npm`:
-```bash
-npm install -g redoc-cli
-```
-To generate the HTML document, use the following command:
-```bash
-redoc-cli bundle -o ./output/eMASS.html eMASSRestOpenApi.yaml
-```
-
-The command above assumes that the generated file is placed in a subfolder relative to the current folder called output, and that the eMASSRestApi.yaml is in the current working directory. The generated file is called eMASS.html and can be viewed in any web browser.
-
-### Setting up Visual Studio Code
-Install these Extensions (Ctrl+Shift+X):
-* YAML ([link](https://marketplace.visualstudio.com/items?itemName=redhat.vscode-yaml))
-* Swagger Viewer ([link](https://marketplace.visualstudio.com/items?itemName=Arjun.swagger-viewer))
-* OpenAPI Swagger Editor ([link](https://marketplace.visualstudio.com/items?itemName=42Crunch.vscode-openapi))
-* Swagger Snippets ([link](https://marketplace.visualstudio.com/items?itemName=adisreyaj.swagger-snippets), optional)
-
-Open the eMASS Rest API file by selecting File -> Open Folder and select the folder containing the eMASSRestApi.yaml file. Open the file into the editor and select the "OpenApi: show preview using default render" (Ctrl+K V)
-
-Once the mock server is running, we can utilize the "Try it Out" on each of the API endpoints to test the API documentation with mock data.
-
-### Using PRISM HTTP mock Server
-Install prism (if not installed) via npm:
-``` npm
-npm install -g @stoplight/prism-cli
-```
-
-Run the prism server on the localhost, use the -p parameter to set the port (using 4010)
-``` node
-prism mock -p 4010 eMASSRestOpenApi.yaml
-```
-
-To invoke the mock server interactive use the -d parameter (provides fake responses using x-faker)
-``` node
-prism mock -d -p 4010 eMASSRestOpenAPI.yaml
-```
-**Note:**
-* The Prism starting commands above assumes that the current path contains the eMASSRestAPI.yaml file
-* If using VSC, Prism restarts automatically when the yaml file is modified and saved
-* Use `npx` instead of `npm` to install packages locally, but still be able to run them as if they were global
-
-Now you can access the fake API endpoints utilizing either CURL or the Swagger Editor. The following curl command invokes the systems endpoint with a path parameter of policy=rmf:
-``` node
-curl -X GET "http://localhost:4010/api/systems?policy=rmf" -H  "accept: application/json" -H  "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" -H  "user-uid: 1647389405"
-```
-Note: The API expects the api-key and user-uid headers.
-
-## Swagger Codegen
-### Clone the source code
-Follow these instruction to generate the eMASS client API library (software development kit - SDK):
-``` git
-git clone https://github.com/swagger-api/swagger-codegen
-cd swagger-codegen
-git checkout 3.0.0
-mvn clean package
-```
-Alternatively, you can follow instruction listed in [Swagger Codegen](https://github.com/swagger-api/swagger-codegen/tree/3.0.0#getting-started). The eMASS API utilized the OpenAPI version 3.0 standards, ensure that the proper `Swagger Codegen` is utilized to generate the client SDK.
-
-
-### Build the Client SDK
-
-NOTE: The current [handlebar templates](https://github.com/swagger-api/swagger-codegen/tree/3.0.0#modifying-the-client-library-format) do not provide a configuration variable where a keypassword can be defined  containing the client certificate passphrase used by libcurl wrapper Typhoeus. For this reason, we have provided [updated templates](./swagger-codegen/ruby_template) that can be utilized in the interim until the necessary fixes are integrated into the [main repository](https://github.com/swagger-api/swagger-codegen/tree/3.0.0)
-
-After cloning the appropriate `Swagger Codegen` baseline (3.0.0) generate the SDK (make sure you are in the cloned directory, e.g; /path/to/codegen/swagger-codegen)
-
-To generate the client SDK with provided templates use:
-``` node
-java -jar swagger-codegen-cli generate generate -i /path/to/yaml/eMASSRestOpenApi.yaml -l ruby -t emass_client/swagger-codegen/ruby_template -o /path/to/sdk/emass_api_client
-```
-
-
-To generate without specifying the templates use:
-``` node
-java -jar swagger-codegen-cli generate -i /path/to/yaml/eMASSRestOpenApi.yaml -l ruby -o /path/to/sdk/emass_api_client
-```
-Note: The command listed above is for generating a ruby client SDK. Other languages are available, see instructions [here](https://github.com/swagger-api/swagger-codegen/tree/3.0.0#to-generate-a-sample-client-library)
-
-## Ruby Client
-Information about the swagger generated ruby client SDK refer to the [ruby_client](./ruby_client) directory.
-
-
----
-
-NOTICE
-
-© 2020 The MITRE Corporation.
-
-Approved for Public Release; Distribution Unlimited. Case Number 18-3678.
-NOTICE
-
-MITRE hereby grants express written permission to use, reproduce, distribute, modify, and otherwise leverage this software to the extent permitted by the licensed terms provided in the LICENSE.md file included with this project.
-NOTICE
-
-This software was produced for the U. S. Government under Contract Number HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General.
-
-No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation. DISA STIGs are published by DISA, see: https://public.cyber.mil/privacy-security/

data/docs/swagger/dist/oauth2-redirect.html

@@ -1,75 +0,0 @@
-<!doctype html>
-<html lang="en-US">
-<head>
-    <title>Swagger UI: OAuth2 Redirect</title>
-</head>
-<body>
-<script>
-    'use strict';
-    function run () {
-        var oauth2 = window.opener.swaggerUIRedirectOauth2;
-        var sentState = oauth2.state;
-        var redirectUrl = oauth2.redirectUrl;
-        var isValid, qp, arr;
-
-        if (/code|token|error/.test(window.location.hash)) {
-            qp = window.location.hash.substring(1);
-        } else {
-            qp = location.search.substring(1);
-        }
-
-        arr = qp.split("&");
-        arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
-        qp = qp ? JSON.parse('{' + arr.join() + '}',
-                function (key, value) {
-                    return key === "" ? value : decodeURIComponent(value);
-                }
-        ) : {};
-
-        isValid = qp.state === sentState;
-
-        if ((
-          oauth2.auth.schema.get("flow") === "accessCode" ||
-          oauth2.auth.schema.get("flow") === "authorizationCode" ||
-          oauth2.auth.schema.get("flow") === "authorization_code"
-        ) && !oauth2.auth.code) {
-            if (!isValid) {
-                oauth2.errCb({
-                    authId: oauth2.auth.name,
-                    source: "auth",
-                    level: "warning",
-                    message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
-                });
-            }
-
-            if (qp.code) {
-                delete oauth2.state;
-                oauth2.auth.code = qp.code;
-                oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
-            } else {
-                let oauthErrorMsg;
-                if (qp.error) {
-                    oauthErrorMsg = "["+qp.error+"]: " +
-                        (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
-                        (qp.error_uri ? "More info: "+qp.error_uri : "");
-                }
-
-                oauth2.errCb({
-                    authId: oauth2.auth.name,
-                    source: "auth",
-                    level: "error",
-                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server"
-                });
-            }
-        } else {
-            oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
-        }
-        window.close();
-    }
-
-    window.addEventListener('DOMContentLoaded', function () {
-      run();
-    });
-</script>
-</body>
-</html>