http_observatory 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8705f933037bbacf62aeaedbc2ff9780863c7435
+  data.tar.gz: 8bcce65b569a306e0cbe1c19c62fc206534f27e0
+SHA512:
+  metadata.gz: 43842f6bd243c41ab1dd41c8e26df00b6bacd7bc7cbd5cddc672db54762ead8cd966f2a683b92e5a30f207128d931e5d8cc9357ef131ec358e88d868b695840a
+  data.tar.gz: 082eee075dc7aafd81a027d6304588e07acf387a11a3d4dcb64ee61ec08cca5fb76175c90b5b0a9dd78b6356e1bdc69021b765d5960e7f98242b171b717cb98b

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 Simon Franzen
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,34 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'HttpObservatory'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/lib/http_observatory.rb

@@ -0,0 +1,4 @@
+require "http_observatory/engine"
+module HttpObservatory
+end
+

data/lib/http_observatory/api.rb

@@ -0,0 +1,47 @@
+module HttpObservatory
+  #
+  # Api for application
+  #
+  class Api
+    class << self
+
+      def get_analyze(host)
+        response = Request.get('analyze', { 'host' => host })
+        Scan.new(response)
+      end
+
+      def post_analyze(host, params={})
+        response = Request.post('analyze', { 'host' => host, 'hidden' => params[:hidden], 'rescan' => params[:rescan] })
+        Scan.new(response)
+      end
+
+      def get_scan_results(scan_id)
+        response = Request.get("getScanResults", { 'scan' => scan_id })
+        response.keys.map{|key| TestResult.new(response[key]) }
+      end
+
+      def get_recent_scans(params={})
+        params[:min] = params[:min] ? params[:min] : 0
+        params[:max] = params[:max] ? params[:max] : 20
+        response = Request.get('getRecentScans', { min: params[:min], max: params[:max] })
+        RecentScans.new(response)
+      end
+
+      def get_host_history(host)
+        response = Request.get("getHostHistory", { 'host' => host })
+        response.map{|history| HostHistory.new(history) }
+      end
+
+      def get_grade_distribution
+        response = Request.get('getGradeDistribution')
+        GradeDistribution.new(response)
+      end
+
+      def get_scanner_states
+        response = Request.get('getScannerStates')
+        ScannerStates.new(response)
+      end
+
+    end
+  end
+end

data/lib/http_observatory/connection.rb

@@ -0,0 +1,19 @@
+require 'faraday'
+require 'json'
+
+module HttpObservatory
+	#
+	# See https://github.com/mozilla/http-observatory/blob/master/httpobs/docs/api.md
+	#
+	class Connection
+	  BASE = 'https://http-observatory.security.mozilla.org/api/v1'
+
+	  def self.api
+	    Faraday.new(url: BASE) do |faraday|
+	      faraday.response :logger
+	      faraday.adapter Faraday.default_adapter
+	      faraday.headers['Content-Type'] = 'application/json'
+	    end
+	  end
+	end
+end

data/lib/http_observatory/engine.rb

@@ -0,0 +1,16 @@
+require "http_observatory/models/base"
+require "http_observatory/models/grade_distribution"
+require "http_observatory/models/host_history"
+require "http_observatory/models/recent_scans"
+require "http_observatory/models/scan"
+require "http_observatory/models/test_result"
+require "http_observatory/models/scanner_states"
+require "http_observatory/connection"
+require "http_observatory/request"
+require "http_observatory/api"
+
+module HttpObservatory
+  class Engine < ::Rails::Engine
+    isolate_namespace HttpObservatory
+  end
+end

data/lib/http_observatory/models/base.rb

@@ -0,0 +1,17 @@
+module HttpObservatory
+
+	#
+    # Base Class for API objects
+    # 
+	class Base
+		attr_accessor :errors
+
+		def initialize(args = {})
+			args.each do |name, value|
+				attr_name = name.to_s.downcase.underscore
+				send("#{attr_name}=", value) if respond_to?("#{attr_name}=")
+			end
+		end
+	end
+
+end

data/lib/http_observatory/models/grade_distribution.rb

@@ -0,0 +1,16 @@
+module HttpObservatory
+
+	#
+    # Host History Object
+    # 
+    # https://github.com/mozilla/http-observatory/blob/master/httpobs/docs/api.md#grade-distribution
+    # 
+	class GradeDistribution < Base
+		attr_accessor :distribution
+
+		def initialize(args = {})
+			self.distribution = args
+		end
+
+	end
+end

data/lib/http_observatory/models/host_history.rb

@@ -0,0 +1,23 @@
+module HttpObservatory
+
+	#
+    # Host History Object
+    # 
+    # https://github.com/mozilla/http-observatory/blob/master/httpobs/docs/api.md#host-history
+    # 
+	class HostHistory < Base
+		
+		attr_accessor 	:end_time,
+						:end_time_unix_timestamp,
+						:grade,
+						:scan_id,
+						:score
+
+		# def initialize(args = {})
+		# 	super(args)
+		# end
+
+	end
+
+
+end

data/lib/http_observatory/models/recent_scans.rb

@@ -0,0 +1,15 @@
+module HttpObservatory
+	#
+    # Recent Scans Object
+    # 
+    # https://github.com/mozilla/http-observatory/blob/master/httpobs/docs/api.md#recent-scans
+    # 
+	class RecentScans < Base
+		attr_accessor :results
+
+		def initialize(args = {})
+			self.results = args
+		end
+
+	end
+end

data/lib/http_observatory/models/scan.rb

@@ -0,0 +1,35 @@
+module HttpObservatory
+
+    #
+    # Scan Object
+    # 
+    # https://github.com/mozilla/http-observatory/blob/master/httpobs/docs/api.md#scan
+    # 
+    # The scan can exist in one of six states:
+    # * ABORTED aborted for internal technical reasons
+    # * FAILED failed to complete, typically due to the site being unavailable or timing out
+    # * FINISHED completed successfully
+    # * PENDING issued by the API but not yet picked up by a scanner instance
+    # * STARTING assigned to a scanning instance
+    # * RUNNING currently in the process of scanning a website
+
+    class Scan < Base
+        attr_accessor :end_time,            # timestamp for when the scan completed
+                    :grade,                 # final grade assessed upon a completed scan
+                    :hidden,                # whether the scan results are unlisted on the recent results page
+                    :response_headers,      # the entirety of the HTTP response headers
+                    :likelihood_indicator,  # Mozilla risk likelihod indicator that is the equivalent of the grade 
+                    :scan_id,               # unique ID number assigned to the scan
+                    :score,                 # final score assessed upon a completed (FINISHED) scan
+                    :start_time,            # timestamp for when the scan was first requested
+                    :state,                 # the current state of the scan
+                    :tests_failed,          # the number of subtests that were assigned a fail result
+                    :tests_passed,          # the number of subtests that were assigned a passing result
+                    :tests_quantity         # the total number of tests available and assessed at the time of the scan
+
+        # def initialize(args = {})
+        #     super(args)
+        # end
+
+    end
+end

data/lib/http_observatory/models/scanner_states.rb

@@ -0,0 +1,20 @@
+module HttpObservatory
+    #
+    # Scanner State
+    # 
+    # https://github.com/mozilla/http-observatory/blob/master/httpobs/docs/api.md#scanner-state
+    # 
+    class ScannerStates < Base
+
+        attr_accessor   :aborted,   # aborted for internal technical reasons
+                        :failed,    # failed to complete, typically due to the site being unavailable or timing out
+                        :finished,  # completed successfully
+                        :pending,   # issued by the API but not yet picked up by a scanner instance
+                        :starting,  # assigned to a scanning instance
+                        :running    # currently in the process of scanning a website
+
+        # def initialize(args = {})
+        #     super(args)
+        # end
+    end
+end

data/lib/http_observatory/models/test_result.rb

@@ -0,0 +1,25 @@
+module HttpObservatory
+    #
+    # Scan Object
+    # 
+    # https://github.com/mozilla/http-observatory/blob/master/httpobs/docs/api.md#tests
+    # 
+    class TestResult < Base
+
+        attr_accessor :expectation, # the expectation for a test result going in
+        :name,                      # the name of the test; this should be the same as the parent object's name
+        :output,                    # artifacts related to the test; these can vary widely between tests and are not guaranteed to be stable 
+        :pass,                      # whether the test passed or failed; a test that meets or exceeds the expectation will be marked as passed
+        :result,                    # result of the test
+        :score_description,         # short description describing what result means
+        :score_modifier             # how much the result of the test affected the final score; should range between +5 and -50
+
+        # output data
+        # data    generally as close to the raw output of the test as is possible. For example, in the strict-transport-security test, output -> data contains the raw Strict-Transport-Security header
+        # ???? other values under output have keys that vary; for example, the strict-transport-security test has a includeSubDomains key that is either set to True or False. Similarly, the redirection test contains a route key that contains an array of the URLs that were redirected to. See example below for more available keys.
+
+        # def initialize(args = {})
+        #     super(args)
+        # end
+    end
+end

data/lib/http_observatory/request.rb

@@ -0,0 +1,39 @@
+module HttpObservatory
+
+  class Request
+    class << self
+
+      def get(path, query = {})
+        response, status = get_json(path, query)
+        status == 200 ? response : errors(response)
+      end
+
+      def post(path, query)
+        response, status = post_json(path, query)
+        status == 201 ? response : errors(response)
+      end
+
+      def errors(response)
+        error = { errors: { status: response["status"], message: response["message"] } }
+        response.merge(error)
+      end
+
+      def get_json(root_path, query = {})
+        query_string = query.map{|k,v| "#{k}=#{v}"}.join("&")
+        response = api.get("#{root_path}?#{query_string}")
+        [JSON.parse(response.body), response.status]
+      end
+
+      def post_json(root_path, query = {})
+        query_string = query.map{|k,v| "#{k}=#{v}"}.join("&")
+        response = api.post("#{root_path}?#{query_string}")
+        [JSON.parse(response.body), response.status]
+      end
+
+      def api
+        Connection.api
+      end
+    end
+  end
+
+end

data/lib/http_observatory/version.rb

@@ -0,0 +1,3 @@
+module HttpObservatory
+  VERSION = "0.0.1"
+end

data/lib/tasks/http_observatory_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :http_observatory do
+#   # Task goes here
+# end

data/test/api_test.rb

@@ -0,0 +1,21 @@
+require 'test_helper'
+
+class ApiTest < ActiveSupport::TestCase
+
+	# just a test if requests are working
+	setup do
+		WebMock.stub_request(:any, /api\/v1/).to_return(body: {}.to_json, status: 200,
+    headers: { 'Content-Length' => 3 })
+	end
+
+	test 'api_text' do
+		HttpObservatory::Api.get_analyze('www.zauberware.com')
+		HttpObservatory::Api.post_analyze('www.zauberware.com')
+		HttpObservatory::Api.get_scan_results(123123123)
+		HttpObservatory::Api.get_host_history('www.zauberware.com')
+		HttpObservatory::Api.get_recent_scans
+		HttpObservatory::Api.get_grade_distribution
+		HttpObservatory::Api.get_scanner_states
+	end
+
+end

data/test/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/test/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

data/test/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .