emasser 3.4.1 → 3.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.dockerignore +8 -8
- data/.env-example +12 -12
- data/.github/release-drafter.yml +15 -15
- data/.github/workflows/codeql-analysis.yml +70 -70
- data/.github/workflows/draft-release.yml +15 -15
- data/.github/workflows/gh-pages.yml +32 -32
- data/.github/workflows/push-to-docker-mail.yml +28 -28
- data/.github/workflows/push-to-docker.yml +35 -35
- data/.github/workflows/release.yml +42 -42
- data/.github/workflows/rubocop.yml +23 -23
- data/.github/workflows/test-cli.yml +39 -72
- data/.gitignore +19 -19
- data/.mergify.yml +25 -25
- data/.rubocop.yml +83 -80
- data/.rubocop_todo.yml +27 -27
- data/CHANGELOG.md +66 -16
- data/Dockerfile +44 -44
- data/Gemfile +8 -8
- data/Gemfile.lock +108 -104
- data/LICENSE.md +15 -15
- data/README.md +179 -178
- data/Rakefile +18 -18
- data/_config.yml +1 -1
- data/docs/features.md +1677 -1437
- data/docs/redoc/index.html +1230 -1230
- data/emasser.gemspec +44 -44
- data/exe/emasser +5 -5
- data/lib/emasser/cli.rb +37 -37
- data/lib/emasser/configuration.rb +49 -49
- data/lib/emasser/constants.rb +22 -26
- data/lib/emasser/delete.rb +210 -148
- data/lib/emasser/errors.rb +14 -14
- data/lib/emasser/get.rb +1401 -949
- data/lib/emasser/help/approvalCac_post_mapper.md +20 -20
- data/lib/emasser/help/approvalPac_post_mapper.md +20 -20
- data/lib/emasser/help/artifacts_del_mapper.md +9 -9
- data/lib/emasser/help/artifacts_post_mapper.md +59 -59
- data/lib/emasser/help/artifacts_put_mapper.md +34 -34
- data/lib/emasser/help/cloudresource_post_mapper.md +62 -62
- data/lib/emasser/help/cmmc_get_mapper.md +4 -4
- data/lib/emasser/help/container_post_mapper.md +44 -44
- data/lib/emasser/help/controls_put_mapper.md +74 -74
- data/lib/emasser/help/milestone_del_mapper.md +11 -11
- data/lib/emasser/help/milestone_post_mapper.md +14 -14
- data/lib/emasser/help/milestone_put_mapper.md +23 -23
- data/lib/emasser/help/poam_del_mapper.md +5 -5
- data/lib/emasser/help/poam_post_mapper.md +93 -93
- data/lib/emasser/help/poam_put_mapper.md +107 -107
- data/lib/emasser/help/staticcode_clear_mapper.md +16 -16
- data/lib/emasser/help/staticcode_post_mapper.md +21 -21
- data/lib/emasser/help/testresults_post_mapper.md +21 -21
- data/lib/emasser/help.rb +11 -11
- data/lib/emasser/input_converters.rb +21 -21
- data/lib/emasser/options_parser.rb +20 -20
- data/lib/emasser/output_converters.rb +125 -111
- data/lib/emasser/post.rb +830 -830
- data/lib/emasser/put.rb +588 -588
- data/lib/emasser/version.rb +5 -5
- data/lib/emasser.rb +19 -19
- metadata +16 -10
@@ -1,107 +1,107 @@
|
|
1
|
-
Endpoint request parameters/fields
|
2
|
-
|
3
|
-
Field Data Type Details
|
4
|
-
-------------------------------------------------------------------------------------------------
|
5
|
-
systemId Integer [Required] Unique eMASS identifier. Will need to provide correct number.
|
6
|
-
poamId Integer [Required] Unique POA&M identifier. Will need to provide correct number.
|
7
|
-
displayPoamId Integer [Required] Globally unique identifier for individual POA&M Items, seen on the front-end as "ID".
|
8
|
-
status String [Required] Values include the following: (Ongoing,Risk Accepted,Completed,Not Applicable.
|
9
|
-
vulnerabilityDescription String [Required] Provide a description of the POA&M Item. 2000 Characters.
|
10
|
-
sourceIdentVuln String [Required] Include Source Identifying Vulnerability text. 2000 Characters.
|
11
|
-
pocOrganization String [Required] Organization/Office represented. 100 Characters.
|
12
|
-
resources String [Required] List of resources used. 250 Characters.
|
13
|
-
|
14
|
-
milestones JSON [Conditional] Please see Notes 1 for more details.
|
15
|
-
pocFirstName String [Conditional] First name of POC. 100 Characters.
|
16
|
-
pocLastName String [Conditional] Last name of POC. 100 Characters.
|
17
|
-
pocEmail String [Conditional] Email address of POC. 100 Characters.
|
18
|
-
pocPhoneNumber String [Conditional] Phone number of POC (area code) ***-**** format. 100 Characters.
|
19
|
-
severity String [Conditional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
20
|
-
scheduledCompletionDate Date [Conditional] Required for ongoing and completed POA&M items. Unix time format.
|
21
|
-
completionDate Date [Conditional] Field is required for completed POA&M items. Unix time format.
|
22
|
-
comments String [Conditional] Field is required for completed and risk accepted POA&M items. 2000 Characters.
|
23
|
-
isActive Boolean [Conditional] Optionally used in PUT to delete milestones when updating a POA&M
|
24
|
-
|
25
|
-
externalUid String [Optional] Unique identifier external to the eMASS application for use with associating POA&M Items. 100 Characters.
|
26
|
-
controlAcronym String [Optional] Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined.
|
27
|
-
cci String [Optional] CCI associated with the test result.
|
28
|
-
securityChecks String [Optional] Security Checks that are associated with the POA&M.
|
29
|
-
rawSeverity String [Optional] Values include the following: (I, II, III)
|
30
|
-
|
31
|
-
relevanceOfThreat String [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
32
|
-
likelihood String [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
33
|
-
impact String [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
34
|
-
impactDescription String [Optional] Include description of Security Control's impact.
|
35
|
-
residualRiskLevel String [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
36
|
-
recommendations String [Optional] Include recommendations. Character Limit 2,000.
|
37
|
-
mitigation String [Optional] Include mitigation explanation. 2000 Characters.
|
38
|
-
|
39
|
-
isInherited String [Read-Only] Indicates whether a POA&M Item is inherited.
|
40
|
-
reviewStatus string [Read-Only] Values include the following options: (Not Approved, Under Review, Approved)
|
41
|
-
extensionDate Date [Read-Only] Value returned for a POA&M Item with review status "Approved" and has a milestone
|
42
|
-
with a scheduled completion date that extends beyond the POA&M Item’s scheduled completion date.
|
43
|
-
|
44
|
-
If any poc information is provided all POC fields are required. See additional details for POC fields below.
|
45
|
-
To delete a milestone through the POA&M PUT you must include it as inactive by setting isActive=false.
|
46
|
-
If a milestone Id is not provided a new milestone is created.
|
47
|
-
|
48
|
-
Business Rules
|
49
|
-
|
50
|
-
|
51
|
-
The following fields are required based on the value of the `status` field
|
52
|
-
|Value |Required Fields
|
53
|
-
|----------------|--------------------------------------------------------
|
54
|
-
|Risk Accepted |comments, resources
|
55
|
-
|Ongoing |scheduledCompletionDate, resources, milestones (at least 1)
|
56
|
-
|Completed |scheduledCompletionDate, comments, resources,
|
57
|
-
| |completionDate, milestones (at least 1)
|
58
|
-
|Not Applicable |POAM can not be created
|
59
|
-
|
60
|
-
If a POC email is supplied, the application will attempt to locate a user
|
61
|
-
already registered within the application and pre-populate any information
|
62
|
-
not explicitly supplied in the request. If no such user is found, these
|
63
|
-
fields are required within the request.
|
64
|
-
- pocOrganization, pocFirstName, pocLastName, pocEmail, pocPhoneNumber
|
65
|
-
|
66
|
-
Business logic, the following rules apply when adding POA&Ms
|
67
|
-
|
68
|
-
- POA&M Item cannot be saved if associated Security Control or AP is inherited.
|
69
|
-
- POA&M Item cannot be created manually if a Security Control or AP is Not Applicable.
|
70
|
-
- Completed POA&M Item cannot be saved if Completion Date is in the future.
|
71
|
-
- Completed POA&M Item cannot be saved if Completion Date (completionDate) is in the future.
|
72
|
-
- Risk Accepted POA&M Item cannot be saved with a Scheduled Completion Date (scheduledCompletionDate) or Milestones
|
73
|
-
- POA&M Item with a review status of "Not Approved" cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date.
|
74
|
-
- POA&M Item with a review status of "Approved" can be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date.
|
75
|
-
- POA&M Items that have a status of "Completed" and a status of "Ongoing" cannot be saved without Milestones.
|
76
|
-
- POA&M Items that have a status of "Risk Accepted" cannot have milestones.
|
77
|
-
- POA&M Items with a review status of "Approved" that have a status of "Completed" and "Ongoing" cannot update Scheduled Completion Date.
|
78
|
-
- POA&M Items that have a review status of "Approved" are required to have a Severity Value assigned.
|
79
|
-
- POA&M Items cannot be updated if they are included in an active package.
|
80
|
-
- Archived POA&M Items cannot be updated.
|
81
|
-
- POA&M Items with a status of "Not Applicable" will be updated through test result creation.
|
82
|
-
- If the Security Control or Assessment Procedure does not exist in the system we may have to just import POA&M Item at the System Level.
|
83
|
-
|
84
|
-
|
85
|
-
The following parameters/fields have the following character limitations:
|
86
|
-
- POA&M Item cannot be saved if the Point of Contact fields exceed 100 characters:
|
87
|
-
- Office / Organization (pocOrganization)
|
88
|
-
- First Name (pocFirstName)
|
89
|
-
- Last Name (pocLastName)
|
90
|
-
- Email (email)
|
91
|
-
- Phone Number (pocPhoneNumber)
|
92
|
-
- POA&M Item cannot be saved if Mitigation field (mitigation) exceeds 2,000 characters.
|
93
|
-
- POA&M Item cannot be saved if Source Identifying Vulnerability field (sourceIdentVuln) exceeds 2,000 characters.
|
94
|
-
- POA&M Item cannot be saved if Comments field (comments) exceeds 2,000 characters
|
95
|
-
- POA&M Item cannot be saved if Resource field (resource) exceeds 250 characters.
|
96
|
-
- POA&M Items cannot be saved if Milestone Description (description) exceeds 2,000 characters.
|
97
|
-
|
98
|
-
Example:
|
99
|
-
|
100
|
-
bundle exec exe/emasser put poams update --systemId [value] --poamId [value] --status [value] --vulnerabilityDescription [value] --sourceIdentVuln [value] --reviewStatus [value]
|
101
|
-
|
102
|
-
Notes:
|
103
|
-
1 - The format for milestones is:
|
104
|
-
--milestone milestoneId:[value] description:[value] scheduledCompletionDate:[value]
|
105
|
-
2 - The example is only showing the required fields. Refer to instructions listed above for conditional and optional fields requirements.
|
106
|
-
3 - If a field is misrepresented (wrong value) the following response may be provided by the server:
|
107
|
-
Response body: {"meta":{"code":500,"errorMessage":"Sorry! Something went wrong on our end. Please contact emass_support@bah.com for assistance."}}
|
1
|
+
Endpoint request parameters/fields
|
2
|
+
|
3
|
+
Field Data Type Details
|
4
|
+
-------------------------------------------------------------------------------------------------
|
5
|
+
systemId Integer [Required] Unique eMASS identifier. Will need to provide correct number.
|
6
|
+
poamId Integer [Required] Unique POA&M identifier. Will need to provide correct number.
|
7
|
+
displayPoamId Integer [Required] Globally unique identifier for individual POA&M Items, seen on the front-end as "ID".
|
8
|
+
status String [Required] Values include the following: (Ongoing,Risk Accepted,Completed,Not Applicable.
|
9
|
+
vulnerabilityDescription String [Required] Provide a description of the POA&M Item. 2000 Characters.
|
10
|
+
sourceIdentVuln String [Required] Include Source Identifying Vulnerability text. 2000 Characters.
|
11
|
+
pocOrganization String [Required] Organization/Office represented. 100 Characters.
|
12
|
+
resources String [Required] List of resources used. 250 Characters.
|
13
|
+
|
14
|
+
milestones JSON [Conditional] Please see Notes 1 for more details.
|
15
|
+
pocFirstName String [Conditional] First name of POC. 100 Characters.
|
16
|
+
pocLastName String [Conditional] Last name of POC. 100 Characters.
|
17
|
+
pocEmail String [Conditional] Email address of POC. 100 Characters.
|
18
|
+
pocPhoneNumber String [Conditional] Phone number of POC (area code) ***-**** format. 100 Characters.
|
19
|
+
severity String [Conditional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
20
|
+
scheduledCompletionDate Date [Conditional] Required for ongoing and completed POA&M items. Unix time format.
|
21
|
+
completionDate Date [Conditional] Field is required for completed POA&M items. Unix time format.
|
22
|
+
comments String [Conditional] Field is required for completed and risk accepted POA&M items. 2000 Characters.
|
23
|
+
isActive Boolean [Conditional] Optionally used in PUT to delete milestones when updating a POA&M
|
24
|
+
|
25
|
+
externalUid String [Optional] Unique identifier external to the eMASS application for use with associating POA&M Items. 100 Characters.
|
26
|
+
controlAcronym String [Optional] Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined.
|
27
|
+
cci String [Optional] CCI associated with the test result.
|
28
|
+
securityChecks String [Optional] Security Checks that are associated with the POA&M.
|
29
|
+
rawSeverity String [Optional] Values include the following: (I, II, III)
|
30
|
+
|
31
|
+
relevanceOfThreat String [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
32
|
+
likelihood String [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
33
|
+
impact String [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
34
|
+
impactDescription String [Optional] Include description of Security Control's impact.
|
35
|
+
residualRiskLevel String [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
|
36
|
+
recommendations String [Optional] Include recommendations. Character Limit 2,000.
|
37
|
+
mitigation String [Optional] Include mitigation explanation. 2000 Characters.
|
38
|
+
|
39
|
+
isInherited String [Read-Only] Indicates whether a POA&M Item is inherited.
|
40
|
+
reviewStatus string [Read-Only] Values include the following options: (Not Approved, Under Review, Approved)
|
41
|
+
extensionDate Date [Read-Only] Value returned for a POA&M Item with review status "Approved" and has a milestone
|
42
|
+
with a scheduled completion date that extends beyond the POA&M Item’s scheduled completion date.
|
43
|
+
|
44
|
+
If any poc information is provided all POC fields are required. See additional details for POC fields below.
|
45
|
+
To delete a milestone through the POA&M PUT you must include it as inactive by setting isActive=false.
|
46
|
+
If a milestone Id is not provided a new milestone is created.
|
47
|
+
|
48
|
+
Business Rules
|
49
|
+
|
50
|
+
|
51
|
+
The following fields are required based on the value of the `status` field
|
52
|
+
|Value |Required Fields
|
53
|
+
|----------------|--------------------------------------------------------
|
54
|
+
|Risk Accepted |comments, resources
|
55
|
+
|Ongoing |scheduledCompletionDate, resources, milestones (at least 1)
|
56
|
+
|Completed |scheduledCompletionDate, comments, resources,
|
57
|
+
| |completionDate, milestones (at least 1)
|
58
|
+
|Not Applicable |POAM can not be created
|
59
|
+
|
60
|
+
If a POC email is supplied, the application will attempt to locate a user
|
61
|
+
already registered within the application and pre-populate any information
|
62
|
+
not explicitly supplied in the request. If no such user is found, these
|
63
|
+
fields are required within the request.
|
64
|
+
- pocOrganization, pocFirstName, pocLastName, pocEmail, pocPhoneNumber
|
65
|
+
|
66
|
+
Business logic, the following rules apply when adding POA&Ms
|
67
|
+
|
68
|
+
- POA&M Item cannot be saved if associated Security Control or AP is inherited.
|
69
|
+
- POA&M Item cannot be created manually if a Security Control or AP is Not Applicable.
|
70
|
+
- Completed POA&M Item cannot be saved if Completion Date is in the future.
|
71
|
+
- Completed POA&M Item cannot be saved if Completion Date (completionDate) is in the future.
|
72
|
+
- Risk Accepted POA&M Item cannot be saved with a Scheduled Completion Date (scheduledCompletionDate) or Milestones
|
73
|
+
- POA&M Item with a review status of "Not Approved" cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date.
|
74
|
+
- POA&M Item with a review status of "Approved" can be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date.
|
75
|
+
- POA&M Items that have a status of "Completed" and a status of "Ongoing" cannot be saved without Milestones.
|
76
|
+
- POA&M Items that have a status of "Risk Accepted" cannot have milestones.
|
77
|
+
- POA&M Items with a review status of "Approved" that have a status of "Completed" and "Ongoing" cannot update Scheduled Completion Date.
|
78
|
+
- POA&M Items that have a review status of "Approved" are required to have a Severity Value assigned.
|
79
|
+
- POA&M Items cannot be updated if they are included in an active package.
|
80
|
+
- Archived POA&M Items cannot be updated.
|
81
|
+
- POA&M Items with a status of "Not Applicable" will be updated through test result creation.
|
82
|
+
- If the Security Control or Assessment Procedure does not exist in the system we may have to just import POA&M Item at the System Level.
|
83
|
+
|
84
|
+
|
85
|
+
The following parameters/fields have the following character limitations:
|
86
|
+
- POA&M Item cannot be saved if the Point of Contact fields exceed 100 characters:
|
87
|
+
- Office / Organization (pocOrganization)
|
88
|
+
- First Name (pocFirstName)
|
89
|
+
- Last Name (pocLastName)
|
90
|
+
- Email (email)
|
91
|
+
- Phone Number (pocPhoneNumber)
|
92
|
+
- POA&M Item cannot be saved if Mitigation field (mitigation) exceeds 2,000 characters.
|
93
|
+
- POA&M Item cannot be saved if Source Identifying Vulnerability field (sourceIdentVuln) exceeds 2,000 characters.
|
94
|
+
- POA&M Item cannot be saved if Comments field (comments) exceeds 2,000 characters
|
95
|
+
- POA&M Item cannot be saved if Resource field (resource) exceeds 250 characters.
|
96
|
+
- POA&M Items cannot be saved if Milestone Description (description) exceeds 2,000 characters.
|
97
|
+
|
98
|
+
Example:
|
99
|
+
|
100
|
+
bundle exec exe/emasser put poams update --systemId [value] --poamId [value] --status [value] --vulnerabilityDescription [value] --sourceIdentVuln [value] --reviewStatus [value]
|
101
|
+
|
102
|
+
Notes:
|
103
|
+
1 - The format for milestones is:
|
104
|
+
--milestone milestoneId:[value] description:[value] scheduledCompletionDate:[value]
|
105
|
+
2 - The example is only showing the required fields. Refer to instructions listed above for conditional and optional fields requirements.
|
106
|
+
3 - If a field is misrepresented (wrong value) the following response may be provided by the server:
|
107
|
+
Response body: {"meta":{"code":500,"errorMessage":"Sorry! Something went wrong on our end. Please contact emass_support@bah.com for assistance."}}
|
@@ -1,16 +1,16 @@
|
|
1
|
-
Add static code scans into a system asset module
|
2
|
-
|
3
|
-
Endpoint request parameters/fields
|
4
|
-
|
5
|
-
Field Data Type Details
|
6
|
-
------------------------------------------------------------------------------------------
|
7
|
-
systemId Integer [Required] Unique system identifier
|
8
|
-
applicationName String [Required] Name of the software application that was assessed
|
9
|
-
version String [Required] The version of the application
|
10
|
-
clearFindings* Boolean [Required] To clear an application's findings set it to true
|
11
|
-
|
12
|
-
*The clearFindings field is an optional field, but required with a value of "True" to clear out all application findings for a single application/version pairing.
|
13
|
-
|
14
|
-
Example:
|
15
|
-
|
16
|
-
bundle exec exe/emasser post scan_findings clear --systemId [value] --applicationName [value] --version [value] --clearFindings
|
1
|
+
Add static code scans into a system asset module
|
2
|
+
|
3
|
+
Endpoint request parameters/fields
|
4
|
+
|
5
|
+
Field Data Type Details
|
6
|
+
------------------------------------------------------------------------------------------
|
7
|
+
systemId Integer [Required] Unique system identifier
|
8
|
+
applicationName String [Required] Name of the software application that was assessed
|
9
|
+
version String [Required] The version of the application
|
10
|
+
clearFindings* Boolean [Required] To clear an application's findings set it to true
|
11
|
+
|
12
|
+
*The clearFindings field is an optional field, but required with a value of "True" to clear out all application findings for a single application/version pairing.
|
13
|
+
|
14
|
+
Example:
|
15
|
+
|
16
|
+
bundle exec exe/emasser post scan_findings clear --systemId [value] --applicationName [value] --version [value] --clearFindings
|
@@ -1,21 +1,21 @@
|
|
1
|
-
Add static code scans into a system asset module
|
2
|
-
|
3
|
-
Endpoint request parameters/fields
|
4
|
-
|
5
|
-
Field Data Type Details
|
6
|
-
-------------------------------------------------------------------------------------------------
|
7
|
-
systemId Integer [Required] Unique system identifier
|
8
|
-
applicationName String [Required] Name of the software application that was assessed
|
9
|
-
version String [Required] The version of the application
|
10
|
-
codeCheckName String [Required] Name of the software vulnerability or weakness
|
11
|
-
scanDate Integer [Required] The findings scan date - Unix time format
|
12
|
-
cweId String [Required] The Common Weakness Enumerator (CWE) identifier
|
13
|
-
|
14
|
-
rawSeverity* String [Optional] Values include the following: (Low, Medium, Moderate, High, Critical)
|
15
|
-
count Integer [Optional] Number of instances observed for a specified finding
|
16
|
-
|
17
|
-
*rawSeverity: In eMASS, values of "Critical" will appear as "Very High", and values of “Medium” will appear as "Moderate". Any values not listed as options in the list above will map to “Unknown” and appear as blank values.
|
18
|
-
|
19
|
-
Example:
|
20
|
-
|
21
|
-
bundle exec exe/emasser post scan_findings add --systemId [value] --applicationName [value] --version [value] --codeCheckName [value] --scanDate [value] --cweId [value]
|
1
|
+
Add static code scans into a system asset module
|
2
|
+
|
3
|
+
Endpoint request parameters/fields
|
4
|
+
|
5
|
+
Field Data Type Details
|
6
|
+
-------------------------------------------------------------------------------------------------
|
7
|
+
systemId Integer [Required] Unique system identifier
|
8
|
+
applicationName String [Required] Name of the software application that was assessed
|
9
|
+
version String [Required] The version of the application
|
10
|
+
codeCheckName String [Required] Name of the software vulnerability or weakness
|
11
|
+
scanDate Integer [Required] The findings scan date - Unix time format
|
12
|
+
cweId String [Required] The Common Weakness Enumerator (CWE) identifier
|
13
|
+
|
14
|
+
rawSeverity* String [Optional] Values include the following: (Low, Medium, Moderate, High, Critical)
|
15
|
+
count Integer [Optional] Number of instances observed for a specified finding
|
16
|
+
|
17
|
+
*rawSeverity: In eMASS, values of "Critical" will appear as "Very High", and values of “Medium” will appear as "Moderate". Any values not listed as options in the list above will map to “Unknown” and appear as blank values.
|
18
|
+
|
19
|
+
Example:
|
20
|
+
|
21
|
+
bundle exec exe/emasser post scan_findings add --systemId [value] --applicationName [value] --version [value] --codeCheckName [value] --scanDate [value] --cweId [value]
|
@@ -1,21 +1,21 @@
|
|
1
|
-
Endpoint request body parameters/fields
|
2
|
-
|
3
|
-
Field Data Type Details
|
4
|
-
-------------------------------------------------------------------------------------------------
|
5
|
-
systemId Integer [Required] Unique eMASS identifier. Will need to provide correct number
|
6
|
-
cci String [Required] CCI associated with the test result.
|
7
|
-
isInherited Boolean [Read-Only] Indicates whether a test result is inherited.
|
8
|
-
testedBy String [Required] Last Name, First Name. 100 Characters.
|
9
|
-
testDate Date [Required] Unix time format.
|
10
|
-
description String [Required] Include description of test result. 4000 Characters.
|
11
|
-
type String [Read-Only] Indicates the location in the Control Approval Chain when the test result is submitted.
|
12
|
-
complianceStatus String [Required] Values include the following: (Compliant, Non-Compliant, Not Applicable)
|
13
|
-
|
14
|
-
control String [Read-Only] Control acronym associated with the test result. NIST SP 800-53 Revision 4 defined.
|
15
|
-
|
16
|
-
Example:
|
17
|
-
|
18
|
-
bundle exec exe/emasser post test_results add --systemId [value] --cci [value] --testedBy [value] --testDate [value] --description [value] --complianceStatus [value]
|
19
|
-
|
20
|
-
Note: If no POA&Ms or AP exist for the control (system), you will get this response:
|
21
|
-
"You have entered a Non-Compliant Test Result. You must create a POA&M Item for this Control and/or AP if one does not already exist."
|
1
|
+
Endpoint request body parameters/fields
|
2
|
+
|
3
|
+
Field Data Type Details
|
4
|
+
-------------------------------------------------------------------------------------------------
|
5
|
+
systemId Integer [Required] Unique eMASS identifier. Will need to provide correct number
|
6
|
+
cci String [Required] CCI associated with the test result.
|
7
|
+
isInherited Boolean [Read-Only] Indicates whether a test result is inherited.
|
8
|
+
testedBy String [Required] Last Name, First Name. 100 Characters.
|
9
|
+
testDate Date [Required] Unix time format.
|
10
|
+
description String [Required] Include description of test result. 4000 Characters.
|
11
|
+
type String [Read-Only] Indicates the location in the Control Approval Chain when the test result is submitted.
|
12
|
+
complianceStatus String [Required] Values include the following: (Compliant, Non-Compliant, Not Applicable)
|
13
|
+
|
14
|
+
control String [Read-Only] Control acronym associated with the test result. NIST SP 800-53 Revision 4 defined.
|
15
|
+
|
16
|
+
Example:
|
17
|
+
|
18
|
+
bundle exec exe/emasser post test_results add --systemId [value] --cci [value] --testedBy [value] --testDate [value] --description [value] --complianceStatus [value]
|
19
|
+
|
20
|
+
Note: If no POA&Ms or AP exist for the control (system), you will get this response:
|
21
|
+
"You have entered a Non-Compliant Test Result. You must create a POA&M Item for this Control and/or AP if one does not already exist."
|
data/lib/emasser/help.rb
CHANGED
@@ -1,11 +1,11 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Emasser::Help
|
4
|
-
class << self
|
5
|
-
def text(namespaced_command)
|
6
|
-
path = namespaced_command.to_s.tr(':', '/')
|
7
|
-
path = File.expand_path("../help/#{path}.md", __FILE__)
|
8
|
-
File.read(path) if File.exist?(path)
|
9
|
-
end
|
10
|
-
end
|
11
|
-
end
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Emasser::Help
|
4
|
+
class << self
|
5
|
+
def text(namespaced_command)
|
6
|
+
path = namespaced_command.to_s.tr(':', '/')
|
7
|
+
path = File.expand_path("../help/#{path}.md", __FILE__)
|
8
|
+
File.read(path) if File.exist?(path)
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -1,21 +1,21 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'active_support/inflector'
|
4
|
-
require 'active_support/core_ext/hash'
|
5
|
-
|
6
|
-
module InputConverters
|
7
|
-
# Method uses utility class "underscore" from ActiveSupport
|
8
|
-
include ActiveSupport::Inflector
|
9
|
-
|
10
|
-
# Given the full hash of options, select the truly optional ones and then
|
11
|
-
# convert the camelCase optional CLI parameters to underscore as the Swagger auto
|
12
|
-
# generated code converts all camelCase variable within the yaml to an underscore format
|
13
|
-
# This will result in a properly formatted hash of parameters for the API request.
|
14
|
-
# example: controlAcronyms TO control_acronyms
|
15
|
-
#
|
16
|
-
# As an alternative, declare the options in underscore case and only select for the optional_options.
|
17
|
-
def to_input_hash(optional_options_keys, full_options)
|
18
|
-
optional_options_hash = full_options.select { |option| optional_options_keys.include?(option.to_sym) }
|
19
|
-
optional_options_hash.transform_keys { |k| k.to_s.underscore.to_sym }
|
20
|
-
end
|
21
|
-
end
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'active_support/inflector'
|
4
|
+
require 'active_support/core_ext/hash'
|
5
|
+
|
6
|
+
module InputConverters
|
7
|
+
# Method uses utility class "underscore" from ActiveSupport
|
8
|
+
include ActiveSupport::Inflector
|
9
|
+
|
10
|
+
# Given the full hash of options, select the truly optional ones and then
|
11
|
+
# convert the camelCase optional CLI parameters to underscore as the Swagger auto
|
12
|
+
# generated code converts all camelCase variable within the yaml to an underscore format
|
13
|
+
# This will result in a properly formatted hash of parameters for the API request.
|
14
|
+
# example: controlAcronyms TO control_acronyms
|
15
|
+
#
|
16
|
+
# As an alternative, declare the options in underscore case and only select for the optional_options.
|
17
|
+
def to_input_hash(optional_options_keys, full_options)
|
18
|
+
optional_options_hash = full_options.select { |option| optional_options_keys.include?(option.to_sym) }
|
19
|
+
optional_options_hash.transform_keys { |k| k.to_s.underscore.to_sym }
|
20
|
+
end
|
21
|
+
end
|
@@ -1,20 +1,20 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module OptionsParser
|
4
|
-
def required_options(initializer)
|
5
|
-
options_that_are(initializer, :required)
|
6
|
-
end
|
7
|
-
|
8
|
-
def optional_options(initializer)
|
9
|
-
options_that_are(initializer, :optional)
|
10
|
-
end
|
11
|
-
|
12
|
-
private
|
13
|
-
|
14
|
-
def options_that_are(initializer, constraint)
|
15
|
-
raise(ArgumentError, 'constraint must be required or optional') unless %i[required optional].include?(constraint)
|
16
|
-
|
17
|
-
method = constraint.eql?(:required) ? :select : :reject
|
18
|
-
initializer[2][:current_command].options.send(method) { |_k, v| v.required }
|
19
|
-
end
|
20
|
-
end
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module OptionsParser
|
4
|
+
def required_options(initializer)
|
5
|
+
options_that_are(initializer, :required)
|
6
|
+
end
|
7
|
+
|
8
|
+
def optional_options(initializer)
|
9
|
+
options_that_are(initializer, :optional)
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def options_that_are(initializer, constraint)
|
15
|
+
raise(ArgumentError, 'constraint must be, required or optional') unless %i[required optional].include?(constraint)
|
16
|
+
|
17
|
+
method = constraint.eql?(:required) ? :select : :reject
|
18
|
+
initializer[2][:current_command].options.send(method) { |_k, v| v.required }
|
19
|
+
end
|
20
|
+
end
|