RubyGems - neetob - Versions diffs - 0.5.16 → 0.5.17 - Mend

neetob 0.5.16 → 0.5.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/ssl_certificates_over_thirty_days_from_expiry.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module InstancesAndAddons
+        module NeetoDeploy
+          class SslCertificatesOverThirtyDaysFromExpiry < CLI::Base
+            def initialize
+              super()
+            end
+            def run
+              ui.success "### 3.1.1. Checking whether SSL certificates are over 30 days from expiry"
+              apps_data = [["App", "Certificates status", "Comments", "Audit Passed"]]
+              ui.info("\n", print_to_audit_log: false)
+              Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
+                ui.info("Checking Certificates status for #{app}", print_to_audit_log: false)
+                certificates_status = Neetob::CLI::NeetoDeploy::Certificates.new(app).run
+                audit_passed = nil
+                comments = nil
+                if certificates_status.is_a?(Hash) && certificates_status["error"] == "Forbidden"
+                  audit_passed = "No"
+                  comments = "You do not have permission to access the certificates for this app."
+                else
+                  audit_passed = certificates_status.any? { |certificate| certificate["expires_before_30_days"] } ? "No" : "Yes"
+                  if audit_passed == "No"
+                    certificates_failing_audit = certificates_status.select { |certificate| certificate["expires_before_30_days"] }.map { |certificate| certificate["name"] }
+                    comments = "Certificates #{certificates_failing_audit.join(", ")} are expiring in less than 30 days."
+                  end
+                end
+                apps_data << [app, certificates_status, comments, audit_passed]
+              end
+              ui.print_table(apps_data)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/misc/main.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+require_relative "ssl_certs_setup_for_auto_renewal"
+require_relative "sparkpost_sub_account_used_for_all_apps"
+require_relative "redirections_working_correctly"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Misc
+        class Main < CLI::Base
+          def initialize
+            super()
+          end
+          def run
+            ui.success("# 4. Running miscellaneous checks")
+            ui.info "\n"
+            ui.success("## 4.1. [Manual] Checking whether SSL certs are set up for auto-renewal for all the apps")
+            SslCertsSetupForAutoRenewal.new.run
+            ui.info "\n"
+            ui.success("## 4.2. [Manual] Checking whether we are using Sparkpost sub-account for all the apps")
+            SparkpostSubAccountUsedForAllApps.new.run
+            ui.info "\n"
+            ui.success("## 4.3. Checking whether redirections are set correctly")
+            RedirectionsWorkingCorrectly.new.run
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/misc/redirections_working_correctly.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Misc
+        class RedirectionsWorkingCorrectly < CLI::Base
+          REDIRECTIONS_LIST = [
+            { source: "https://academy.bigbinary.com", destination: "https://bigbinaryacademy.com" }
+          ]
+          def initialize
+            super()
+          end
+          def run
+            table_data = [["Source", "Destination", "Status", "Audit passed"]]
+            REDIRECTIONS_LIST.each do |redirection|
+              check = Redirections::Check.new(redirection[:source], redirection[:destination])
+              status = check.run ? "Working" : "Not working"
+              audit_passed = status == "Working" ? "Yes" : "No"
+              table_data << [redirection[:source], redirection[:destination], status, audit_passed]
+            end
+            ui.print_table(table_data)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/misc/sparkpost_sub_account_used_for_all_apps.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Misc
+        class SparkpostSubAccountUsedForAllApps < CLI::Base
+          def initialize
+            super()
+          end
+          def run
+            repo_data = [["App",
+"SPARKPOST_PASSWORD env variable first 4 characters same as corresponding sub-account in Sparkpost dashboard", "Comments", "Audit Passed"]]
+            ui.info "\n"
+            ui.info "#### Please manually check and add Yes/No for all the following checks:"
+            ui.info "- Get the first 4 characters of the SPARKPOST_PASSWORD environment variable for the app"
+            ui.info "- Go to https://app.sparkpost.com/account/api-keys"
+            ui.info "- Match the first 4 characters against the API keys values"
+            ui.info "- Verify that the API key belongs to the subaccount for same app. Accordingly add Yes/No in the 2nd column"
+            ui.info "- Finally, set Audit Passed as Yes only if the last check passed, otherwise set it as No and add a comment in the Comments column"
+            ui.info "\n"
+            NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+              repo_data << [repo, nil, nil]
+            end
+            ui.print_table(repo_data)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/misc/ssl_certs_setup_for_auto_renewal.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Misc
+        class SslCertsSetupForAutoRenewal < CLI::Base
+          def initialize
+            super()
+          end
+          def run
+            domains_data = [["Domain", "Listed on certmanager", "Comments", "Audit Passed"]]
+            ui.info("\n", print_to_audit_log: false)
+            ui.info "#### Please manually check and add Yes/No for all the following checks on https://certmanager.neeto.com for the domains listed in the table below:"
+            ui.info "- Check whether the certificate for the domain is listed on certmanager"
+            ui.info "- Finally, set Audit Passed as Yes only if certificate for the domain is listed, otherwise set it as No, and add a comment in the Comments column"
+            ui.info("\n")
+            Neetob::CLI::Cloudflare::Base::ZONE_IDS.keys.select { |domain|
+ domain.to_s.include?(".com") }.map do |domain|
+              domains_data << [domain, nil, nil, nil]
+            end
+            ui.print_table(domains_data)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/perform.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+require_relative "security/main"
+require_relative "databases/main"
+require_relative "instances_and_addons/main"
+require_relative "misc/main"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      class Perform < CLI::Base
+        attr_accessor :sandbox, :month
+        def initialize(month, sandbox = false)
+          super()
+          @month = month
+          @sandbox = sandbox
+        end
+        def run
+          Thread.current[:audit_mode] = true
+          markdown_file_name = "audit-report-#{DateTime.now.to_i}.md"
+          Thread.current[:markdown_file_name] = markdown_file_name
+          ui.success("## Starting the audit for #{month}")
+          ui.info "\n"
+          Security::Main.new.run
+          ui.info "\n"
+          Databases::Main.new.run
+          ui.info "\n"
+          InstancesAndAddons::Main.new.run
+          ui.info "\n"
+          Misc::Main.new.run
+          ui.info "\n"
+          ui.success("## Audit for #{month} completed successfully.")
+          ui.success("## Audit report is written to #{markdown_file_name}")
+          ui.success("## Please update the manual audit part and post the audit in Github.")
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/code/brakeman.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        module Code
+          class Brakeman < CLI::Base
+            def initialize
+              super()
+            end
+            def run
+              ui.success("### 1.1.3. Checking whether running `bundle exec brakeman` throws any vulnerabilities")
+              repo_data = [["Repository", "Vulnerabilities Found", "Comments", "Audit Passed"]]
+              ui.info "\n"
+              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+                ui.info("Checking Brakeman run results for #{repo}", print_to_audit_log: false)
+                brakeman_run_result = Neetob::CLI::Github::Brakeman.new([repo]).run
+                vulnerabilities_found = "No"
+                audit_passed = "No"
+                comments = nil
+                if brakeman_run_result && brakeman_run_result.include?("No warnings found")
+                  audit_passed = "Yes"
+                else
+                  vulnerabilities_found = "Yes"
+                  comments = brakeman_run_result.gsub("\n", "<br>")
+                end
+                repo_data << [repo, vulnerabilities_found, comments, audit_passed]
+              end
+              ui.print_table(repo_data)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/code/bundle_audit.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+require_relative "../../../github/bundle_audit"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        module Code
+          class BundleAudit < CLI::Base
+            def initialize
+              super()
+            end
+            def run
+              ui.success("### 1.1.1. Checking whether running `bundle-audit check` throws any vulnerabilities")
+              repo_data = [["Repository", "Vulnerabilities Found", "Comments", "Audit Passed"]]
+              ui.info "\n"
+              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+                ui.info("Checking bundle audit run results for #{repo}", print_to_audit_log: false)
+                bundle_audit_result = Neetob::CLI::Github::BundleAudit.new([repo]).run
+                vulnerabilities_found = "No"
+                audit_passed = "No"
+                comments = nil
+                if bundle_audit_result && bundle_audit_result.include?("No vulnerabilities found")
+                  audit_passed = "Yes"
+                else
+                  vulnerabilities_found = "Yes"
+                  comments = bundle_audit_result.gsub("\n", "<br>")
+                end
+                repo_data << [repo, vulnerabilities_found, comments, audit_passed]
+              end
+              ui.print_table(repo_data)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/code/main.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+require_relative "bundle_audit"
+require_relative "yarn_audit"
+require_relative "brakeman"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        module Code
+          class Main < CLI::Base
+            def initialize
+              super()
+            end
+            def run
+              BundleAudit.new.run
+              ui.info "\n"
+              YarnAudit.new.run
+              ui.info "\n"
+              Brakeman.new.run
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/code/yarn_audit.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+require_relative "../../../github/yarn_audit"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        module Code
+          class YarnAudit < CLI::Base
+            def initialize
+              super()
+            end
+            def run
+              ui.success("### 1.1.2. Checking whether running `yarn audit` throws any vulnerabilities")
+              repo_data = [["Repository", "Vulnerabilities Found", "Comments", "Audit Passed"]]
+              ui.info "\n"
+              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+                ui.info("Checking yarn audit run results for #{repo}", print_to_audit_log: false)
+                yarn_audit_result = Neetob::CLI::Github::YarnAudit.new([repo]).run
+                vulnerabilities_found = "No"
+                audit_passed = "No"
+                comments = nil
+                if yarn_audit_result && yarn_audit_result.include?("0 vulnerabilities found")
+                  audit_passed = "Yes"
+                else
+                  vulnerabilities_found = "Yes"
+                  vulnerabilities = yarn_audit_result.split("\n").select { |line|
+ line.include?("vulnerabilities found") }.first.strip
+                  severity = yarn_audit_result.split("\n").select { |line|
+ line.include?("Severity:") }.first.strip.gsub("|", ",")
+                  comments = "#{vulnerabilities}<br>#{severity}"
+                end
+                repo_data << [repo, vulnerabilities_found, comments, audit_passed]
+              end
+              ui.print_table(repo_data)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/github/dependabot_prs_merged.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+require_relative "../../../github/repositories/pull_requests"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        module Github
+          class DependabotPrsMerged < CLI::Base
+            def initialize
+              super()
+            end
+            def run
+              ui.success("### 1.2.2. Checking whether all dependabot PRs created before 2 days have been merged")
+              ui.info "\n"
+              repo_data = [[
+                "Repository",
+                "All dependabot PRs older than 2 days have been merged",
+                "Comments",
+                "Audit Passed"
+                ]
+              ]
+              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+                ui.info "Checking #{repo}...", print_to_audit_log: false
+                pull_requests = Neetob::CLI::Github::Repositories::PullRequests.new([repo]).run[0]
+                dependabot_prs = pull_requests.select { |pr| pr[:user][:login] == "dependabot[bot]" }
+                dependabot_prs_older_than_2_days = dependabot_prs.select { |pr| pr[:created_at] < 2.days.ago }
+                dependabot_prs_older_than_2_days_merged = "No"
+                audit_passed = "No"
+                comments = nil
+                if dependabot_prs_older_than_2_days.empty?
+                  audit_passed = dependabot_prs_older_than_2_days_merged = "Yes"
+                else
+                  comments = "PRs older than 2 days: #{dependabot_prs_older_than_2_days.map { |pr| pr[:number] }.join(', ')}"
+                end
+                repo_data << [repo, dependabot_prs_older_than_2_days_merged, comments, audit_passed]
+              end
+              ui.print_table(repo_data)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/github/dependabot_turned_on.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+require_relative "../../../github/repositories/get_security_details.rb"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        module Github
+          class DependabotTurnedOn < CLI::Base
+            def initialize
+              super()
+            end
+            def run
+              ui.success("### 1.2.1. [Manual] Checking whether dependabot is turned on for the repository")
+              ui.info "\n"
+              ui.info "#### Please manually check and add Yes/No for all the following checks on the Honeybadger dashboard for the apps listed in the table below:"
+              ui.info "- Repository > Settings > Code security > Dependabot alerts are enabled"
+              ui.info "- Repository > Settings > Code security > Dependabot security updates are enabled"
+              ui.info "- Repository > Settings > Actions > Dependabot on Actions runners is enabled"
+              ui.info "- Finally, set Audit Passed as Yes only if all the checks are passed for the app, otherwise set it as No, and add a comment in the Comments column"
+              ui.info "\n"
+              repo_data = [[
+                "Repository",
+                "Dependabot alerts enabled",
+                "Dependabot security updates enabled",
+                "Dependabot on Actions runners",
+                "Comments",
+                "Audit Passed"
+                ]
+              ]
+              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+                repo_data << [repo, nil, nil, nil, nil]
+              end
+              ui.print_table(repo_data)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/github/main.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+require_relative "dependabot_turned_on"
+require_relative "dependabot_prs_merged"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        module Github
+          class Main < CLI::Base
+            def initialize
+              super()
+            end
+            def run
+              DependabotTurnedOn.new.run
+              ui.info "\n"
+              DependabotPrsMerged.new.run
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/main.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+require_relative "code/main"
+require_relative "github/main"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        class Main < CLI::Base
+          def initialize
+            super()
+          end
+          def run
+            ui.success("# 1. Running security audit")
+            ui.info "\n"
+            ui.success("## 1.1. Checking code for security vulnerabilities")
+            ui.info "\n"
+            Code::Main.new.run
+            ui.info "\n"
+            ui.success("## 1.2. Checking github repos for security vulnerabilities")
+            ui.info "\n"
+            Github::Main.new.run
+            ui.info "\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/neeto_deploy/autoscaling_config.rb CHANGED Viewed

@@ -12,7 +12,12 @@ module Neetob
         end
         def run
-          ui.success(`neetodeploy autoscaling_config list -a #{app}`)
+          result = `neetodeploy autoscaling_config list -a #{app}`
+          if Thread.current[:audit_mode]
+            JSON.parse(result) rescue result
+          else
+            ui.success(result)
+          end
         end
       end
     end

data/lib/neetob/cli/neeto_deploy/certificates.rb CHANGED Viewed

@@ -18,6 +18,9 @@ module Neetob
           parseable_result = certificates_command_result.strip.gsub("=>", ":")
           parsed_certificates_result = JSON.parse(parseable_result)
+          return parsed_certificates_result if Thread.current[:audit_mode]
           if parsed_certificates_result.empty?
             ui.error("No certificates found for the app with name \"#{app}\".")
           else

data/lib/neetob/cli/neeto_deploy/config_vars/list.rb CHANGED Viewed

@@ -17,9 +17,15 @@ module Neetob
           def run
             matching_apps = find_all_matching_apps_or_repos(apps, :neetodeploy, sandbox)
+            results = []
             matching_apps.each do |app|
-              ui.info("\nConfig of #{app}\n")
-              ui.success(`neetodeploy env list -a #{app}`)
+              ui.info("\nConfig of #{app}\n") unless Thread.current[:audit_mode]
+              result = `neetodeploy env list -a #{app}`
+              results << result
+              ui.success(result) unless Thread.current[:audit_mode]
+            end
+            if Thread.current[:audit_mode]
+              results
             end
           end
         end

data/lib/neetob/cli/neeto_deploy/scheduled_exports.rb CHANGED Viewed

@@ -12,7 +12,12 @@ module Neetob
         end
         def run
-          ui.success(`neetodeploy addon scheduled_exports_enabled -a #{app}`)
+          result = `neetodeploy addon scheduled_exports_enabled -a #{app}`
+          if Thread.current[:audit_mode]
+            result
+          else
+            ui.success(result)
+          end
         end
       end
     end

data/lib/neetob/cli/redirections/check.rb CHANGED Viewed

@@ -21,12 +21,22 @@ module Neetob
           if response.code.in? %w(301 302 308)
             if response["location"].chomp("/") == destination.chomp("/")
-              ui.success("The redirection from #{source} to #{destination} is working properly.")
+              ui.success(
+                "The redirection from #{source} to #{destination} is working properly.",
+                print_to_audit_log: false)
             else
-              ui.error("The redirection from #{source} to #{destination} is not working properly.")
+              ui.error(
+                "The redirection from #{source} to #{destination} is not working properly.",
+                print_to_audit_log: false)
             end
           else
-            ui.error("The redirection from #{source} to #{destination} is not working properly.")
+            ui.error(
+              "The redirection from #{source} to #{destination} is not working properly.",
+              print_to_audit_log: false)
+          end
+          if Thread.current[:audit_mode]
+            response.code.in?(%w(301 302 308)) && (response["location"].chomp("/") == destination.chomp("/"))
           end
         end
       end

data/lib/neetob/cli/sre/base.rb CHANGED Viewed

@@ -291,6 +291,16 @@ module Neetob
               dns: "neetoengage.com",
               app: "neeto-engage-web-production"
             }
+          },
+          "NeetoPlaydash": {
+            "staging": {
+              dns: "neetoplaydash.net",
+              app: "neeto-playdash-web-staging"
+            },
+            "production": {
+              dns: "neetoplaydash.com",
+              app: "neeto-playdash-web-production"
+            }
           }
         }

data/lib/neetob/cli/sre/check_essential_env.rb CHANGED Viewed

@@ -59,6 +59,15 @@ module Neetob
             # TODO: Optimize once github.com/bigbinary/neeto-deploy-web/issues/3745 is done
             begin
               env_table = `neetodeploy env list -a #{app}`
+              json_parse_result = JSON.parse(env_table) rescue nil
+              if json_parse_result && json_parse_result["error"] == "Forbidden"
+                if Thread.current[:audit_mode]
+                  return json_parse_result
+                else
+                  ui.error("You do not have permission to access the config vars for this app.")
+                  return
+                end
+              end
               envs = {}
               env_table.each_line do |line|
                 match = line.match(/^\| (\w+) +\| (.+?) +\|$/)
@@ -67,15 +76,21 @@ module Neetob
               required_keys = REQUIRED_KEYS + REQUIRED_KEYS_NEETODEPLOY
               compare_envs(required_keys, envs, app)
             rescue => exception
+              binding.pry
               ui.error(exception.message)
             end
           end
           def compare_envs(required_keys, envs, app)
             all_keys_present = required_keys.all? { |key| envs.has_key?(key) }
-            all_keys_present ?
-              ui.success("#{app} has all required envs") :
-              ui.error("#{app} doesn't have all required envs. Missing #{required_keys - envs.keys}")
+            result = { all_keys_present:, missing_keys: required_keys - envs.keys }
+            if Thread.current[:audit_mode]
+              result
+            else
+              all_keys_present ?
+                ui.success("#{app} has all required envs") :
+                ui.error("#{app} doesn't have all required envs. Missing #{required_keys - envs.keys}")
+            end
           end
       end
     end