norad_beacon 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 14e982822ee749402ff3bd736746133ffb7a4369
4
+ data.tar.gz: 7a186075cf787bbdf0b8a19fce1f4cac2d08b9a2
5
+ SHA512:
6
+ metadata.gz: 996a5517ef20c314631e4c4f07e47a5534dd2fab78a7809a41aca682dd5158ff9f58a2acb15306e609fb7e3bf58e700a0dda3ae3a7d97f178b94e579fb29f86e
7
+ data.tar.gz: a01bb23b25b3293b4670c299f6e6d9d0f65c0c60f6786aa6b971cca1488be8320ca83e6326276ceb33b70b428983b4afd8b582aca366614351c80e92b4566c3f
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.gitlab-ci.yml ADDED
@@ -0,0 +1,46 @@
1
+ stages:
2
+ - static_analysis
3
+ - security_test
4
+ - behavior_test
5
+ - release
6
+
7
+ image: ruby:2.3.3
8
+
9
+ cache:
10
+ key: "$CI_BUILD_NAME"
11
+ paths:
12
+ - vendor/bundle
13
+
14
+ variables:
15
+ NORAD_ROOT: 'http://127.0.0.1'
16
+
17
+ before_script:
18
+ - bundle install --jobs=4
19
+
20
+ rubocop:
21
+ stage: static_analysis
22
+ script: bundle exec rake rubocop
23
+
24
+ bundle_audit:
25
+ stage: security_test
26
+ script: bundle exec bundle-audit check --update
27
+
28
+ rspec:
29
+ stage: behavior_test
30
+ script: bundle exec rspec
31
+
32
+ publish:
33
+ stage: release
34
+ script:
35
+ - echo "---" > ~/.gem/credentials
36
+ - COLON=':' && echo "${COLON}rubygems_api_key${COLON} ${RUBYGEMS_API_KEY}" >> ~/.gem/credentials
37
+ - git config --global user.email "norad.dev@gmail.com"
38
+ - git config --global user.name "Norad Release"
39
+ - git config --global push.default simple
40
+ - chmod 0600 ~/.gem/credentials
41
+ - bundle exec rake build
42
+ - bundle exec rake release:guard_clean
43
+ - gem push `ls ./pkg/norad_beacon-*.gem`
44
+ - rm -fr ~/.gem
45
+ only:
46
+ - master
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.rubocop.yml ADDED
@@ -0,0 +1,6 @@
1
+ AllCops:
2
+ TargetRubyVersion: 2.3
3
+ Documentation:
4
+ Enabled: false
5
+ Metrics/LineLength:
6
+ Max: 120
data/.ruby-gemset ADDED
@@ -0,0 +1 @@
1
+ beacon-gem
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 2.3.2
data/.travis.yml ADDED
@@ -0,0 +1,4 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.2
4
+ before_install: gem install bundler -v 1.10.6
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,102 @@
1
+ # How to contribute
2
+
3
+ This guide is meant to provide guidelines for how to contribute to the Norad Beacon project. These
4
+ procedures should work in the majority of cases. At times, it will be necessary to step outside of
5
+ these guidelines and Do What Makes Sense. This is an living document that we can continue to modify
6
+ as we define the process that helps us add code quickly and safely.
7
+
8
+ ## Getting Started
9
+
10
+ * If you haven't already, you'll want to set up a [development box](https://gitlab.cisco.com/norad/dev-box).
11
+ This provides a consistent environment for running tests.
12
+ * We use [rubocop](https://github.com/bbatsov/rubocop) to enforce code quality and style guidelines.
13
+ You can familiarize yourself with the [style guide](https://github.com/bbatsov/ruby-style-guide).
14
+ You can also install a tool into your editor which will help you follow the style guideline. One
15
+ for vim can be found [here](https://github.com/scrooloose/syntastic).
16
+
17
+ ## Making Changes
18
+
19
+ Fundamentally, we follow the Github Flow(1) methodology for branching and committing code. The
20
+ process essentially breaks down as follows:
21
+
22
+ 1. Assign the feature you are beginning to work on to yourself in JIRA.
23
+ 2. Create a feature branch off of the master branch. Note that anything in master is always
24
+ deployable, so this branch will always have the latest code. Branch names should be descriptive.
25
+ 3. Your branch is your branch. Feel free to experiment and commit freely. You may wish to make your
26
+ life easier when it's time to merge into master by learning about [auto-squashing
27
+ commits](https://robots.thoughtbot.com/autosquashing-git-commits).[^1]
28
+ 4. You are free to push the feature branch to the origin as freqently as you wish. This will run the
29
+ CI suite. You can also run the test suite locally on your dev box. By pushing to the feature
30
+ branch, you can engage other engineers on the team if you need help. They can checkout your
31
+ branch and examine the code.
32
+ 5. When your feature is done, open a Merge Request in Gitlab.
33
+
34
+ At this point in process, there is no requirement of any kind for your commit messages. Before
35
+ merging into master, though, you will need a "good commit message" for any commits that aren't being
36
+ squashed. Links to further reading on this topic are available in the Additional Resources section.
37
+
38
+ ## Submitting Changes
39
+
40
+ When your feature is ready, or is at a state where you'd like to formally begin engaging the rest of
41
+ the team, create a [Merge Request](https://gitlab.cisco.com/norad/beacon/merge_requests)
42
+ in Gitlab. Please write a meaningful title and detailed description that provides an overview of
43
+ What your feature does and Why it does it. You can leave it to the code itself to explain the How,
44
+ but feel free to call anything out here that you would like the reviewer(s) to pay special attention
45
+ to. If you feel that someone in particular needs to look at your Merge Request, you may assign the
46
+ MR to them. Mentioning someone in the Merge Request description is another way to alert someone in
47
+ particular you'd like for them to look at your MR, e.g. ```cc @bmanifol```.
48
+
49
+ **ProTips**
50
+
51
+ * Gitlab will autofill the title and description with your most recent commit when opening the Merge
52
+ Request. So, writing a good commit for your last commit before opening the Merge Request can help
53
+ you kill two birds with one stone.
54
+
55
+ ## Code Review Process
56
+
57
+ The Code Review Process is meant to be an open-ended discussion about the feature that is being
58
+ committed. It should address whether the changeset meets the requirements of the feature as well as
59
+ the quality of the code itself. The reviewer(s) should also make sure that the feature includes an
60
+ adequate number of meaningful tests.
61
+
62
+ Please be polite in both giving and receiving feedback. Remember that it's a review of the code, not
63
+ an individual. As a reviewer, do your best to separate your personal opinion of how you would do
64
+ something from what is objectively constructive criticism. Please review the Thoughtbot guide for
65
+ Code Reviews in the Additional Resources section (3).
66
+
67
+ Make any changes to your feature branch that you and the reviewer agree should be made, and push
68
+ those changes to your feature branch. This will automatically update your Merge Request. Repeat this
69
+ process until the Merge Request is approved.
70
+
71
+ The merge request must receive at least one **+1** before it can be merged. If individuals are
72
+ called out to look at something during any point of the review process, they will need to provide a
73
+ **+1** as well before it can be merged.
74
+
75
+ ## Merge Process
76
+
77
+ Your feature got approved! Great! Now it's time to merge into master.
78
+
79
+ 1. Before code can be merged to master, **all tests must be passing**. In other words, you need a
80
+ green check from Gitlab CI.
81
+ 2. In order to keep the master branch's commit history clean, you may be required to rebase your
82
+ feature branch before it can be merged. This is a loose a requirement, but please consider
83
+ squashing interim commits into one or more block commits. The goal here is to keep the master
84
+ branch devoid of commits such as "fixing typo" or "trying out this method." To rebase, run the
85
+ following on your freature branch: ```git rebase -i origin/master```. See the additional
86
+ resources for more information on rebasing.
87
+ 3. After (force) pushing your rebased feature branch, the Merge Request can be merged **as long as
88
+ all tests still pass**.
89
+
90
+ # Additional Resources
91
+
92
+ 1. [Github Flow](https://guides.github.com/introduction/flow/)
93
+ 2. [Code Review Guide](https://github.com/thoughtbot/guides/tree/master/code-review)
94
+ 3. [Style Guide](https://github.com/bbatsov/ruby-style-guide)
95
+ 4. [Git Tips](https://github.com/thoughtbot/guides/blob/master/protocol/git)
96
+ 5. [Git Rebase](https://help.github.com/articles/about-git-rebase/)
97
+ 6. [Auto-squashing Git Commits](https://robots.thoughtbot.com/autosquashing-git-commits)
98
+ 7. [Good Commit Messages](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
99
+ 8. [More Good Commit Messages](http://chris.beams.io/posts/git-commit/)
100
+ 9. [Even More Good Commit Messages](http://www.alexkras.com/19-git-tips-for-everyday-use/#good-commit-message)
101
+
102
+ [^1]: Some background and additional reading on squashing commits. [Squashing Commits with Git](https://davidwalsh.name/squash-commits-git) deals with squashing commits in a feature branch. [git rebase --autosquash](https://coderwall.com/p/hh-4ea/git-rebase-autosquash) picks up where the previous article leaves off and explains how the "git rebase" option "--autosquash" complements squashing commits.
data/Gemfile ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+ source 'https://rubygems.org'
3
+
4
+ # Specify your gem's dependencies in norad.gemspec
5
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,201 @@
1
+ Apache License
2
+ Version 2.0, January 2004
3
+ http://www.apache.org/licenses/
4
+
5
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+ 1. Definitions.
8
+
9
+ "License" shall mean the terms and conditions for use, reproduction,
10
+ and distribution as defined by Sections 1 through 9 of this document.
11
+
12
+ "Licensor" shall mean the copyright owner or entity authorized by
13
+ the copyright owner that is granting the License.
14
+
15
+ "Legal Entity" shall mean the union of the acting entity and all
16
+ other entities that control, are controlled by, or are under common
17
+ control with that entity. For the purposes of this definition,
18
+ "control" means (i) the power, direct or indirect, to cause the
19
+ direction or management of such entity, whether by contract or
20
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
+ outstanding shares, or (iii) beneficial ownership of such entity.
22
+
23
+ "You" (or "Your") shall mean an individual or Legal Entity
24
+ exercising permissions granted by this License.
25
+
26
+ "Source" form shall mean the preferred form for making modifications,
27
+ including but not limited to software source code, documentation
28
+ source, and configuration files.
29
+
30
+ "Object" form shall mean any form resulting from mechanical
31
+ transformation or translation of a Source form, including but
32
+ not limited to compiled object code, generated documentation,
33
+ and conversions to other media types.
34
+
35
+ "Work" shall mean the work of authorship, whether in Source or
36
+ Object form, made available under the License, as indicated by a
37
+ copyright notice that is included in or attached to the work
38
+ (an example is provided in the Appendix below).
39
+
40
+ "Derivative Works" shall mean any work, whether in Source or Object
41
+ form, that is based on (or derived from) the Work and for which the
42
+ editorial revisions, annotations, elaborations, or other modifications
43
+ represent, as a whole, an original work of authorship. For the purposes
44
+ of this License, Derivative Works shall not include works that remain
45
+ separable from, or merely link (or bind by name) to the interfaces of,
46
+ the Work and Derivative Works thereof.
47
+
48
+ "Contribution" shall mean any work of authorship, including
49
+ the original version of the Work and any modifications or additions
50
+ to that Work or Derivative Works thereof, that is intentionally
51
+ submitted to Licensor for inclusion in the Work by the copyright owner
52
+ or by an individual or Legal Entity authorized to submit on behalf of
53
+ the copyright owner. For the purposes of this definition, "submitted"
54
+ means any form of electronic, verbal, or written communication sent
55
+ to the Licensor or its representatives, including but not limited to
56
+ communication on electronic mailing lists, source code control systems,
57
+ and issue tracking systems that are managed by, or on behalf of, the
58
+ Licensor for the purpose of discussing and improving the Work, but
59
+ excluding communication that is conspicuously marked or otherwise
60
+ designated in writing by the copyright owner as "Not a Contribution."
61
+
62
+ "Contributor" shall mean Licensor and any individual or Legal Entity
63
+ on behalf of whom a Contribution has been received by Licensor and
64
+ subsequently incorporated within the Work.
65
+
66
+ 2. Grant of Copyright License. Subject to the terms and conditions of
67
+ this License, each Contributor hereby grants to You a perpetual,
68
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
+ copyright license to reproduce, prepare Derivative Works of,
70
+ publicly display, publicly perform, sublicense, and distribute the
71
+ Work and such Derivative Works in Source or Object form.
72
+
73
+ 3. Grant of Patent License. Subject to the terms and conditions of
74
+ this License, each Contributor hereby grants to You a perpetual,
75
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
+ (except as stated in this section) patent license to make, have made,
77
+ use, offer to sell, sell, import, and otherwise transfer the Work,
78
+ where such license applies only to those patent claims licensable
79
+ by such Contributor that are necessarily infringed by their
80
+ Contribution(s) alone or by combination of their Contribution(s)
81
+ with the Work to which such Contribution(s) was submitted. If You
82
+ institute patent litigation against any entity (including a
83
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
84
+ or a Contribution incorporated within the Work constitutes direct
85
+ or contributory patent infringement, then any patent licenses
86
+ granted to You under this License for that Work shall terminate
87
+ as of the date such litigation is filed.
88
+
89
+ 4. Redistribution. You may reproduce and distribute copies of the
90
+ Work or Derivative Works thereof in any medium, with or without
91
+ modifications, and in Source or Object form, provided that You
92
+ meet the following conditions:
93
+
94
+ (a) You must give any other recipients of the Work or
95
+ Derivative Works a copy of this License; and
96
+
97
+ (b) You must cause any modified files to carry prominent notices
98
+ stating that You changed the files; and
99
+
100
+ (c) You must retain, in the Source form of any Derivative Works
101
+ that You distribute, all copyright, patent, trademark, and
102
+ attribution notices from the Source form of the Work,
103
+ excluding those notices that do not pertain to any part of
104
+ the Derivative Works; and
105
+
106
+ (d) If the Work includes a "NOTICE" text file as part of its
107
+ distribution, then any Derivative Works that You distribute must
108
+ include a readable copy of the attribution notices contained
109
+ within such NOTICE file, excluding those notices that do not
110
+ pertain to any part of the Derivative Works, in at least one
111
+ of the following places: within a NOTICE text file distributed
112
+ as part of the Derivative Works; within the Source form or
113
+ documentation, if provided along with the Derivative Works; or,
114
+ within a display generated by the Derivative Works, if and
115
+ wherever such third-party notices normally appear. The contents
116
+ of the NOTICE file are for informational purposes only and
117
+ do not modify the License. You may add Your own attribution
118
+ notices within Derivative Works that You distribute, alongside
119
+ or as an addendum to the NOTICE text from the Work, provided
120
+ that such additional attribution notices cannot be construed
121
+ as modifying the License.
122
+
123
+ You may add Your own copyright statement to Your modifications and
124
+ may provide additional or different license terms and conditions
125
+ for use, reproduction, or distribution of Your modifications, or
126
+ for any such Derivative Works as a whole, provided Your use,
127
+ reproduction, and distribution of the Work otherwise complies with
128
+ the conditions stated in this License.
129
+
130
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
131
+ any Contribution intentionally submitted for inclusion in the Work
132
+ by You to the Licensor shall be under the terms and conditions of
133
+ this License, without any additional terms or conditions.
134
+ Notwithstanding the above, nothing herein shall supersede or modify
135
+ the terms of any separate license agreement you may have executed
136
+ with Licensor regarding such Contributions.
137
+
138
+ 6. Trademarks. This License does not grant permission to use the trade
139
+ names, trademarks, service marks, or product names of the Licensor,
140
+ except as required for reasonable and customary use in describing the
141
+ origin of the Work and reproducing the content of the NOTICE file.
142
+
143
+ 7. Disclaimer of Warranty. Unless required by applicable law or
144
+ agreed to in writing, Licensor provides the Work (and each
145
+ Contributor provides its Contributions) on an "AS IS" BASIS,
146
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
+ implied, including, without limitation, any warranties or conditions
148
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
+ PARTICULAR PURPOSE. You are solely responsible for determining the
150
+ appropriateness of using or redistributing the Work and assume any
151
+ risks associated with Your exercise of permissions under this License.
152
+
153
+ 8. Limitation of Liability. In no event and under no legal theory,
154
+ whether in tort (including negligence), contract, or otherwise,
155
+ unless required by applicable law (such as deliberate and grossly
156
+ negligent acts) or agreed to in writing, shall any Contributor be
157
+ liable to You for damages, including any direct, indirect, special,
158
+ incidental, or consequential damages of any character arising as a
159
+ result of this License or out of the use or inability to use the
160
+ Work (including but not limited to damages for loss of goodwill,
161
+ work stoppage, computer failure or malfunction, or any and all
162
+ other commercial damages or losses), even if such Contributor
163
+ has been advised of the possibility of such damages.
164
+
165
+ 9. Accepting Warranty or Additional Liability. While redistributing
166
+ the Work or Derivative Works thereof, You may choose to offer,
167
+ and charge a fee for, acceptance of support, warranty, indemnity,
168
+ or other liability obligations and/or rights consistent with this
169
+ License. However, in accepting such obligations, You may act only
170
+ on Your own behalf and on Your sole responsibility, not on behalf
171
+ of any other Contributor, and only if You agree to indemnify,
172
+ defend, and hold each Contributor harmless for any liability
173
+ incurred by, or claims asserted against, such Contributor by reason
174
+ of your accepting any such warranty or additional liability.
175
+
176
+ END OF TERMS AND CONDITIONS
177
+
178
+ APPENDIX: How to apply the Apache License to your work.
179
+
180
+ To apply the Apache License to your work, attach the following
181
+ boilerplate notice, with the fields enclosed by brackets "{}"
182
+ replaced with your own identifying information. (Don't include
183
+ the brackets!) The text should be enclosed in the appropriate
184
+ comment syntax for the file format. We also recommend that a
185
+ file or class name and description of purpose be included on the
186
+ same "printed page" as the copyright notice for easier
187
+ identification within third-party archives.
188
+
189
+ Copyright 2015 Cisco Systems, Inc.
190
+
191
+ Licensed under the Apache License, Version 2.0 (the "License");
192
+ you may not use this file except in compliance with the License.
193
+ You may obtain a copy of the License at
194
+
195
+ http://www.apache.org/licenses/LICENSE-2.0
196
+
197
+ Unless required by applicable law or agreed to in writing, software
198
+ distributed under the License is distributed on an "AS IS" BASIS,
199
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200
+ See the License for the specific language governing permissions and
201
+ limitations under the License.
data/README.md ADDED
@@ -0,0 +1,41 @@
1
+ # Beacon
2
+
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/beacon`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+
5
+ TODO: Delete this and the text above, and describe your gem
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'norad_beacon'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install norad_beacon
22
+
23
+ ## Usage
24
+
25
+ TODO: Write usage instructions here
26
+
27
+ ## Development
28
+
29
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
30
+
31
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome on our Gitlab server at https://gitlab.cisco.com/norad/beacon.
36
+
37
+
38
+ ## License
39
+
40
+ The gem is available as open source under the terms of the [Apache 2.0 license](https://www.apache.org/licenses/LICENSE-2.0).
41
+
data/Rakefile ADDED
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+ require 'bundler/gem_tasks'
3
+ require 'rspec/core/rake_task'
4
+ require 'rubocop/rake_task'
5
+
6
+ RuboCop::RakeTask.new
7
+
8
+ RSpec::Core::RakeTask.new(:spec)
9
+
10
+ task default: :spec
data/bin/console ADDED
@@ -0,0 +1,15 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require 'bundler/setup'
5
+ require 'norad_beacon'
6
+
7
+ # You can add fixtures and/or initialization code here to make experimenting
8
+ # with your gem easier. You can also use a different console, if you like.
9
+
10
+ # (If you use this, don't forget to add pry to your Gemfile!)
11
+ # require "pry"
12
+ # Pry.start
13
+
14
+ require 'irb'
15
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,7 @@
1
+ #!/bin/bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+
5
+ bundle install
6
+
7
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,21 @@
1
+ # frozen_string_literal: true
2
+ require 'norad_beacon/version'
3
+ require 'norad_beacon/runner'
4
+ require 'norad_beacon/multi_runner'
5
+ require 'norad_beacon/result'
6
+ require 'norad_beacon/resultset'
7
+ require 'norad_beacon/exceptions'
8
+ require 'norad_beacon/container_options'
9
+ require 'norad_beacon/api'
10
+
11
+ module NoradBeacon
12
+ # Retrieves encrypted credentials stored
13
+ # locally on the docker container.
14
+ # @return [Hash]
15
+ def self.container_options
16
+ ContainerOptions.new.values
17
+ rescue NoradBeaconError => e
18
+ puts "Unable to load local container options: #{e.message}"
19
+ {}
20
+ end
21
+ end
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+ require 'httparty'
3
+
4
+ module NoradBeacon
5
+ # Class to post results
6
+ class NoradAPI
7
+ include HTTParty
8
+ @norad_root = ENV.fetch('NORAD_ROOT')
9
+
10
+ def self.post_results(results)
11
+ auth_header = { 'NORAD-SIGNATURE' => results.compute_signature }
12
+ address = @norad_root + results.url
13
+ post(
14
+ address,
15
+ body: results.payload, headers: { 'Content-Type' => 'application/json' }.merge(auth_header)
16
+ )
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,70 @@
1
+ # frozen_string_literal: true
2
+ require 'safe_yaml'
3
+
4
+ SafeYAML::OPTIONS[:default_mode] = :safe
5
+
6
+ module NoradBeacon
7
+ class ContainerOptions
8
+ CONTAINERS_FILE_URI = '/containers.yml.enc'
9
+ AES_KEY_SIZE = 128
10
+ attr_reader :values
11
+
12
+ def initialize
13
+ @values = File.exist?(CONTAINERS_FILE_URI) ? decrypt_and_load : {}
14
+ end
15
+
16
+ private
17
+
18
+ # Reads encrypted credentials from disk, decrypts the
19
+ # credentials, and loads and returns the YAML.
20
+ # @return [Hash]
21
+ # rubocop:disable YAMLLoad
22
+ def decrypt_and_load
23
+ aes_key = load_key_from_env
24
+ symbolize YAML.load(decrypt_containers_file(aes_key))
25
+ rescue Psych::SyntaxError
26
+ raise NoradBeaconError, e.message
27
+ end
28
+ # rubocop:enable YAMLLoad
29
+
30
+ # Load the Base64 encoded key from the environment
31
+ # @return [String] AES Key
32
+ def load_key_from_env
33
+ Base64.strict_decode64(ENV.fetch('NORAD_CONTAINERS_FILE_KEY'))
34
+ rescue ArgumentError => e
35
+ raise NoradBeaconError, e.message
36
+ end
37
+
38
+ # Decrypt the contents of the containers options file
39
+ # @param aes_key [String]
40
+ # @return [String] decrypted contents of the file
41
+ def decrypt_containers_file(aes_key)
42
+ decipher = OpenSSL::Cipher::AES.new(AES_KEY_SIZE, :CBC)
43
+ decipher.decrypt
44
+ decipher.key = aes_key
45
+ encrypted_data = File.read(CONTAINERS_FILE_URI, mode: 'rb')
46
+ decipher.iv = encrypted_data[0..16] # First 16 bytes of this file is the IV
47
+ decipher.update(encrypted_data[16..-1]) + decipher.final
48
+ rescue Errno::ENOENT, OpenSSL::Cipher::CipherError => e
49
+ raise NoradBeaconError, e.message
50
+ end
51
+
52
+ # Symbolize the keys for a deeply nested array
53
+ # Adapted from ActiveSupport's implementation
54
+ #
55
+ # @param object [Object] some value we wish to symbolize
56
+ # @return [Hash] a hash with symbolized keys
57
+ def symbolize(object)
58
+ case object
59
+ when Hash
60
+ object.each_with_object({}) do |(k, v), result|
61
+ result[k.respond_to?(:to_sym) ? k.to_sym : k] = symbolize(v)
62
+ end
63
+ when Array
64
+ object.map { |el| symbolize(el) }
65
+ else
66
+ object
67
+ end
68
+ end
69
+ end
70
+ end
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+ class NoradBeaconError < StandardError
3
+ end
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+ require 'childprocess'
3
+
4
+ module NoradBeacon
5
+ class MultiRunner < Runner
6
+ attr_reader :result_sets
7
+
8
+ # Initialize an instance of the MultiRunner class
9
+ #
10
+ # @param prog [String] the program to execute
11
+ # @param args [Array] list of arguments to pass to the program
12
+ # @param timeout [Fixnum] optionally specify the timeout for the sub process
13
+ # @return [NoradBeacon::Runner] an instance of the Runner class
14
+ def initialize(prog, args, timeout = 600)
15
+ raise ArgumentError, 'args must be an Array' unless args.is_a?(Array)
16
+ @prog = prog
17
+ @timeout = timeout
18
+ @results_file = "/tmp/#{@prog}.#{Time.now.strftime('%Y%m%d-%H%M%S')}"
19
+ @result_sets = []
20
+ @args = format_args(args)
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,37 @@
1
+ # frozen_string_literal: true
2
+ require 'json'
3
+
4
+ module NoradBeacon
5
+ class Result
6
+ # rubocop:disable ParameterLists
7
+ def initialize(nid, status, output, title, description, sir = 'unevaluated')
8
+ @nid = nid
9
+ @sir = cvss_to_sir(sir)
10
+ @status = status
11
+ @output = output
12
+ @title = title
13
+ @description = description
14
+ end
15
+ # rubocop:enable ParameterLists
16
+
17
+ def to_json(*a)
18
+ {
19
+ nid: @nid, sir: @sir, status: @status, output: @output, title: @title, description: @description
20
+ }.to_json(*a)
21
+ end
22
+
23
+ private
24
+
25
+ def cvss_to_sir(sir)
26
+ return sir if sir !~ /\A\d+\.?\d*\z/
27
+ case sir.to_f
28
+ when 0.0..3.9 then return 'low'
29
+ when 4.0..6.9 then return 'medium'
30
+ when 7.0..8.9 then return 'high'
31
+ when 9.0..10.0 then return 'critical'
32
+ else
33
+ return 'unevaluated'
34
+ end
35
+ end
36
+ end
37
+ end
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+ require 'json'
3
+ require 'openssl'
4
+
5
+ module NoradBeacon
6
+ class ResultSet
7
+ attr_accessor :url
8
+
9
+ def initialize(assessment_url = nil)
10
+ @results = []
11
+ @url = assessment_url || JSON.parse(ENV.fetch('ASSESSMENT_PATHS')).first['assessment']
12
+ end
13
+
14
+ def add(result)
15
+ @results.push(result)
16
+ end
17
+
18
+ def payload
19
+ @payload ||= { results: @results, timestamp: Time.now.to_i }.to_json
20
+ end
21
+
22
+ def compute_signature
23
+ OpenSSL::HMAC.hexdigest('sha256', ENV['NORAD_SECRET'], payload)
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,75 @@
1
+ # frozen_string_literal: true
2
+ require 'childprocess'
3
+
4
+ module NoradBeacon
5
+ class Runner
6
+ attr_reader :result_set, :exit_code
7
+
8
+ # Class method to return results file
9
+ def self.results_file
10
+ @results_fn ||= "/tmp/norad.results.#{Time.now.strftime('%Y%m%d-%H%M%S')}"
11
+ end
12
+
13
+ # Initialize an instance of the Runner class
14
+ #
15
+ # @param prog [String] the program to execute
16
+ # @param args [Array] list of arguments to pass to the program
17
+ # @param timeout [Fixnum] optionally specify the timeout for the sub process
18
+ # @return [NoradBeacon::Runner] an instance of the Runner class
19
+ def initialize(prog, args, timeout = 600)
20
+ raise ArgumentError, 'args must be an Array' unless args.is_a?(Array)
21
+ @prog = prog
22
+ @timeout = timeout
23
+ @result_set = NoradBeacon::ResultSet.new
24
+ @args = format_args(args)
25
+ @exit_code = nil
26
+ end
27
+
28
+ # Execute the command
29
+ def execute(stdout_results = false)
30
+ process = ChildProcess.build(@prog, *@args)
31
+ set_child_proc_io(process, stdout_results)
32
+ process.start
33
+ begin
34
+ process.poll_for_exit(@timeout)
35
+ rescue ChildProcess::TimeoutError
36
+ puts 'Beacon Timeout reached. Stopping the process...'
37
+ process.stop # tries increasingly harsher methods to kill the process.
38
+ end
39
+ @exit_code = process.exit_code
40
+ end
41
+
42
+ # Parse the results stored in the results file
43
+ def parse_results
44
+ raw_results = File.open(self.class.results_file, 'r')
45
+ yield raw_results
46
+ raw_results.close
47
+ end
48
+
49
+ private
50
+
51
+ # Replaces the filename delimeter and any local options we need to override
52
+ #
53
+ # @param args [Array] list of arguments to format
54
+ # @return [Array] formatted list of arguments
55
+ def format_args(args)
56
+ local_opts = NoradBeacon.container_options[(ENV['NORAD_SECURITY_CONTAINER_NAME'] || '').to_sym] || {}
57
+ args.map do |arg|
58
+ begin
59
+ next format(arg, local_opts) if arg =~ /\A%\{[a-zA-Z_][a-zA-Z_0-9]*\}\z/
60
+ arg
61
+ rescue KeyError, ArgumentError
62
+ arg
63
+ end
64
+ end.compact
65
+ end
66
+
67
+ def set_child_proc_io(process, stdout_results)
68
+ if stdout_results
69
+ process.io.stdout = File.open(self.class.results_file, 'w')
70
+ else
71
+ process.io.inherit!
72
+ end
73
+ end
74
+ end
75
+ end
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+ module NoradBeacon
3
+ VERSION = '0.1.1'
4
+ end
@@ -0,0 +1,34 @@
1
+ # coding: utf-8
2
+ # frozen_string_literal: true
3
+ lib = File.expand_path('../lib', __FILE__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require 'norad_beacon/version'
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = 'norad_beacon'
9
+ spec.version = NoradBeacon::VERSION
10
+ spec.authors = ['Blake Hitchcock', 'Brian Manifold', 'Roger Seagle']
11
+ spec.email = ['rbhitchcock@gmail.com', 'bmanifold@gmail.com ', 'roger.seagle@gmail.com']
12
+
13
+ spec.summary = 'Gem to help with posting blackbox results to Norad.'
14
+ spec.description = 'Gem to help with posting blackbox results to Norad.'
15
+ spec.homepage = 'https://gitlab.com/norad/beacon'
16
+ spec.license = 'Apache-2.0'
17
+ spec.required_ruby_version = '~> 2.3.0'
18
+
19
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
20
+ spec.bindir = 'exe'
21
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
22
+ spec.require_paths = ['lib']
23
+
24
+ spec.add_dependency 'httparty'
25
+ spec.add_dependency 'childprocess'
26
+
27
+ spec.add_runtime_dependency 'safe_yaml', '~> 1.0.4'
28
+
29
+ spec.add_development_dependency 'bundler', '~> 1.10'
30
+ spec.add_development_dependency 'rake', '~> 10.0'
31
+ spec.add_development_dependency 'rubocop'
32
+ spec.add_development_dependency 'rspec'
33
+ spec.add_development_dependency 'bundler-audit', '~> 0.5'
34
+ end
metadata ADDED
@@ -0,0 +1,184 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: norad_beacon
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.1
5
+ platform: ruby
6
+ authors:
7
+ - Blake Hitchcock
8
+ - Brian Manifold
9
+ - Roger Seagle
10
+ autorequire:
11
+ bindir: exe
12
+ cert_chain: []
13
+ date: 2017-01-17 00:00:00.000000000 Z
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: httparty
17
+ requirement: !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - ">="
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ requirements:
26
+ - - ">="
27
+ - !ruby/object:Gem::Version
28
+ version: '0'
29
+ - !ruby/object:Gem::Dependency
30
+ name: childprocess
31
+ requirement: !ruby/object:Gem::Requirement
32
+ requirements:
33
+ - - ">="
34
+ - !ruby/object:Gem::Version
35
+ version: '0'
36
+ type: :runtime
37
+ prerelease: false
38
+ version_requirements: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - ">="
41
+ - !ruby/object:Gem::Version
42
+ version: '0'
43
+ - !ruby/object:Gem::Dependency
44
+ name: safe_yaml
45
+ requirement: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - "~>"
48
+ - !ruby/object:Gem::Version
49
+ version: 1.0.4
50
+ type: :runtime
51
+ prerelease: false
52
+ version_requirements: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - "~>"
55
+ - !ruby/object:Gem::Version
56
+ version: 1.0.4
57
+ - !ruby/object:Gem::Dependency
58
+ name: bundler
59
+ requirement: !ruby/object:Gem::Requirement
60
+ requirements:
61
+ - - "~>"
62
+ - !ruby/object:Gem::Version
63
+ version: '1.10'
64
+ type: :development
65
+ prerelease: false
66
+ version_requirements: !ruby/object:Gem::Requirement
67
+ requirements:
68
+ - - "~>"
69
+ - !ruby/object:Gem::Version
70
+ version: '1.10'
71
+ - !ruby/object:Gem::Dependency
72
+ name: rake
73
+ requirement: !ruby/object:Gem::Requirement
74
+ requirements:
75
+ - - "~>"
76
+ - !ruby/object:Gem::Version
77
+ version: '10.0'
78
+ type: :development
79
+ prerelease: false
80
+ version_requirements: !ruby/object:Gem::Requirement
81
+ requirements:
82
+ - - "~>"
83
+ - !ruby/object:Gem::Version
84
+ version: '10.0'
85
+ - !ruby/object:Gem::Dependency
86
+ name: rubocop
87
+ requirement: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - ">="
90
+ - !ruby/object:Gem::Version
91
+ version: '0'
92
+ type: :development
93
+ prerelease: false
94
+ version_requirements: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - ">="
97
+ - !ruby/object:Gem::Version
98
+ version: '0'
99
+ - !ruby/object:Gem::Dependency
100
+ name: rspec
101
+ requirement: !ruby/object:Gem::Requirement
102
+ requirements:
103
+ - - ">="
104
+ - !ruby/object:Gem::Version
105
+ version: '0'
106
+ type: :development
107
+ prerelease: false
108
+ version_requirements: !ruby/object:Gem::Requirement
109
+ requirements:
110
+ - - ">="
111
+ - !ruby/object:Gem::Version
112
+ version: '0'
113
+ - !ruby/object:Gem::Dependency
114
+ name: bundler-audit
115
+ requirement: !ruby/object:Gem::Requirement
116
+ requirements:
117
+ - - "~>"
118
+ - !ruby/object:Gem::Version
119
+ version: '0.5'
120
+ type: :development
121
+ prerelease: false
122
+ version_requirements: !ruby/object:Gem::Requirement
123
+ requirements:
124
+ - - "~>"
125
+ - !ruby/object:Gem::Version
126
+ version: '0.5'
127
+ description: Gem to help with posting blackbox results to Norad.
128
+ email:
129
+ - rbhitchcock@gmail.com
130
+ - 'bmanifold@gmail.com '
131
+ - roger.seagle@gmail.com
132
+ executables: []
133
+ extensions: []
134
+ extra_rdoc_files: []
135
+ files:
136
+ - ".gitignore"
137
+ - ".gitlab-ci.yml"
138
+ - ".rspec"
139
+ - ".rubocop.yml"
140
+ - ".ruby-gemset"
141
+ - ".ruby-version"
142
+ - ".travis.yml"
143
+ - CONTRIBUTING.md
144
+ - Gemfile
145
+ - LICENSE
146
+ - README.md
147
+ - Rakefile
148
+ - bin/console
149
+ - bin/setup
150
+ - lib/norad_beacon.rb
151
+ - lib/norad_beacon/api.rb
152
+ - lib/norad_beacon/container_options.rb
153
+ - lib/norad_beacon/exceptions.rb
154
+ - lib/norad_beacon/multi_runner.rb
155
+ - lib/norad_beacon/result.rb
156
+ - lib/norad_beacon/resultset.rb
157
+ - lib/norad_beacon/runner.rb
158
+ - lib/norad_beacon/version.rb
159
+ - norad_beacon.gemspec
160
+ homepage: https://gitlab.com/norad/beacon
161
+ licenses:
162
+ - Apache-2.0
163
+ metadata: {}
164
+ post_install_message:
165
+ rdoc_options: []
166
+ require_paths:
167
+ - lib
168
+ required_ruby_version: !ruby/object:Gem::Requirement
169
+ requirements:
170
+ - - "~>"
171
+ - !ruby/object:Gem::Version
172
+ version: 2.3.0
173
+ required_rubygems_version: !ruby/object:Gem::Requirement
174
+ requirements:
175
+ - - ">="
176
+ - !ruby/object:Gem::Version
177
+ version: '0'
178
+ requirements: []
179
+ rubyforge_project:
180
+ rubygems_version: 2.6.8
181
+ signing_key:
182
+ specification_version: 4
183
+ summary: Gem to help with posting blackbox results to Norad.
184
+ test_files: []