norad_cli 0.1.0

data/lib/norad_cli/cli/sectest.rb

@@ -0,0 +1,183 @@
+# frozen_string_literal: true
+require 'thor'
+require 'git'
+require 'docker'
+require 'norad_cli/support/api_security_container_seed_script'
+require 'rspec'
+
+class Sectest < Thor
+  include Thor::Actions
+
+  def self.source_root
+    File.join(File.dirname(File.expand_path(__FILE__)), '../templates/')
+  end
+
+  desc 'scaffold TESTNAME', 'Create a new security test with standard files + testing'
+  option :test_type, default: 'whole_host', desc: 'The security test type, Options: [authenticated|web_application|brute_force|ssl_crypto|ssh_crypto|whole_host]'
+  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry to store docker images'
+  option :version, default: 'latest', desc: 'The version of the security test'
+  option :base_image, default: 'norad-registry.cisco.com:5000/norad:0.0.1', desc: 'Base Docker image to use (i.e. FROM field in the DOckerfile)'
+  option :authenticated, type: :boolean, default: false, desc: 'Does the security test require authenticating to the unit under test'
+  option :configurable, type: :boolean, default: false, desc: 'Is the security test configurable (e.g. Qualys username and password)'
+  def scaffold(sectest_name)
+    # Grab the current directory
+    repo_dir = Dir.pwd
+
+    # Set options for templates
+    options[:name] = sectest_name
+    options[:spec_class_name] = sectest_name.split('-').map { |t| t =~ /\d+/ ? t : t.capitalize! }.join
+
+    # Error check to ensure this is a norad security test repository
+
+    # Create the security tests standard files
+    template('tool/Dockerfile.erb', "#{repo_dir}/#{sectest_name}/Dockerfile")
+    template('tool/README.md.erb', "#{repo_dir}/#{sectest_name}/README.md")
+    template('tool/manifest.yml.erb', "#{repo_dir}/#{sectest_name}/manifest.yml")
+
+    # Create a starter wrapper script
+    template('tool/wrapper.rb.erb', "#{repo_dir}/#{sectest_name}/#{sectest_name}-wrapper.rb")
+
+    # Create the spec files
+    template('tool/tool_spec.rb.erb', "#{repo_dir}/spec/#{sectest_name}/#{sectest_name}_spec.rb")
+    if options[:authenticated]
+      template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.secure")
+      template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.vulnerable")
+    else
+      template('tool/Dockerfile.unauth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.secure")
+      template('tool/Dockerfile.unauth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.vulnerable")
+    end
+  end
+
+  # Define arguments and options
+  desc 'build SECTESTNAME', 'Builds the docker image for the security test SECTESTNAME'
+  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
+  option :version, default: 'latest', desc: 'The version of the sectest container to build'
+  def build(name)
+    imgs_to_build = {}
+    imgs_to_build[name.to_s] = "#{options[:registry]}/#{name}:#{options[:version]}"
+
+    # Check for the Dockerfile
+    if !dockerfile?(imgs_to_build.keys[0])
+      say("Missing #{imgs_to_build.keys[0]}/Dockerfile", :red)
+      exit(1)
+    end
+
+    # Determine if base image needs to be built
+    base_img = extract_base_img(imgs_to_build.keys[0])
+    while dockerfile?("base/#{base_img[0]}")
+      imgs_to_build["base/#{base_img[0]}"] = base_img[1]
+      base_img = extract_base_img(imgs_to_build.keys[-1])
+    end
+
+    # Build the images in reverse (Note: Hashes enumerate their values in insertion order.)
+    Docker.options[:read_timeout] = 36_000
+    imgs_to_build.keys.reverse_each do |img_dir|
+      say("Building image #{img_dir}...", :green)
+      Docker::Image.build_from_dir(img_dir, t: imgs_to_build[img_dir]) do |v|
+        $stdout.puts v
+      end
+    end
+  end
+
+  # Define arguments and options
+  desc 'build:specs SECTESTNAME', 'Builds the spec images for the security test SECTESTNAME'
+  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
+  option :version, default: 'latest', desc: 'The version of the sectest container to build'
+  define_method 'build:specs' do |name|
+    imgs_to_build = {}
+    imgs_to_build["#{File.expand_path(File.dirname(__FILE__))}/../templates/spec/support/Dockerfile.testserver"] = 'docker-images-test-results-server:latest'
+    imgs_to_build["#{File.expand_path(File.dirname(__FILE__))}/../templates/spec/support/Dockerfile.ubuntu_ssh"] = 'docker-images-test-ubuntu-ssh-server:latest'
+
+    # Determine the Dockerfiles in the assessment spec dir
+    Dir.glob("spec/#{name}/targets/Dockerfile*").each do |entry|
+      entry_components = entry.split('.')
+      imgs_to_build[entry] = "#{name}-#{entry_components[-1]}:latest"
+    end
+
+    # Build the images
+    Docker.options[:read_timeout] = 36_000
+    imgs_to_build.keys.each do |img_dir|
+      say("Building image #{img_dir}...", :green)
+      docker_file = img_dir.split('/')[-1]
+      Docker::Image.build_from_dir(img_dir.gsub(docker_file, ''), dockerfile: docker_file, t: imgs_to_build[img_dir]) do |v|
+        $stdout.puts v
+      end
+    end
+
+    # Pull the apline image for base testing
+    Docker::Image.create('fromImage' => 'alpine:3.4')
+  end
+
+  # Define arguments and options
+  desc 'build:all SECTESTNAME', 'Builds all images for security test SECTESTNAME'
+  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
+  option :version, default: 'latest', desc: 'The version of the sectest container to build'
+  define_method 'build:all' do |name|
+    # Build the tool
+    build(name)
+
+    # Build the specs for testing
+    send('build:specs', name)
+  end
+
+  # Define arguments and options
+  desc 'execute SECTESTNAME ARGUMENTS', 'Executes the specified security test SECTESTNAME w/ ARGUMENTS'
+  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
+  option :version, default: 'latest', desc: 'The version of the tools docker container to build'
+  def execute(name, arguments)
+    # Ensure container exists
+    if !Docker::Image.exist?("#{options[:registry]}/#{name}:#{options[:version]}")
+      say("Requested image #{options[:registry]}/#{name}:#{options[:version]} does not exist!", :red)
+      exit(1)
+    end
+
+    # Setup and run the container
+    env = ['NORAD_ROOT=', %(ASSESSMENT_PATHS=[{"id":"1", "assessment": "1"}]), 'NORAD_SECRET=1234']
+    container = Docker::Container.create(Image: "#{options[:registry]}/#{name}:#{options[:version]}",
+                                         Env: env,
+                                         Cmd: arguments)
+
+    # Start the container, watch stdout
+    container.tap(&:start).attach { |stream, chunk| puts "#{stream}: #{chunk}" }
+  end
+
+  desc 'spec SECTESTNAME', 'Run the rspec tests for SECTESTNAME'
+  option :verbose, type: :boolean, default: false, desc: 'Turn on verbose logging'
+  option :scan_assessment, type: :boolean, default: true, desc: 'Fix me'
+  define_method 'spec' do |name|
+    # Set environment variables
+    ENV['ENABLE_LOGS'] = options[:verbose] ? 'true' : 'false'
+    ENV['SCAN_ASSESSMENT'] = options[:scan_assessment] ? 'true' : 'false'
+    ENV['TEST_RESULTS_SERVER_IMAGE'] = 'docker-images-test-results-server'
+    ENV['UBUNTU_SSH_SERVER_IMAGE'] = 'docker-images-test-ubuntu-ssh-server'
+
+    # Run the tests
+    RSpec::Core::Runner.run(["spec/#{name}/#{name}_spec.rb"], $stderr, $stdout)
+  end
+
+  desc 'seed', 'Create the containers.rb seed to import into the api'
+  option :seedfile, type: :string, default: './containers.rb', desc: 'The name of the seed file to generate'
+  option :docsite, type: :string, default: 'https://norad.gitlab.io/docs/', desc: 'Set the documentation site'
+  def seed
+    # Error check to ensure this is a plugin directory
+
+    # Generate the seed file
+    SeedGenerator.process_manifests(options[:seedfile], options[:docsite])
+  end
+
+  no_tasks do
+    def dockerfile?(img_dir)
+      # Ensure the Dockerfile exists for the new tool
+      File.file?("#{img_dir}/Dockerfile")
+    end
+
+    # Check for a base image
+    def extract_base_img(img_dir)
+      from_line = File.readlines("#{img_dir}/Dockerfile").select { |line| line =~ /^FROM/ }
+      # Check for multiple from lines?
+      from_line_arr = from_line[0].split(' ')
+      from_image = from_line[0][%r{\AFROM\s+(.*?\/)?(.*?)(:.*?)?\Z}i, 2] || raise('bad from')
+      [from_image, from_line_arr[1]]
+    end
+  end
+end

data/lib/norad_cli/support/api_security_container_seed_script.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+require 'yaml'
+
+module SeedGenerator
+  def self.add_container(container_file, m, long_name, docsite, readme_anchor)
+    container_file.write("\n") unless container_file.size.zero?
+    container_file.write("sc = SecurityContainer.where(name: '#{long_name}').first_or_initialize\n")
+    container_file.write("sc.prog_args = '#{m['prog_args']}'\n")
+    container_file.write("sc.default_config = #{symbolized_config(m['default_config'])}\n") if m.key?('default_config')
+    container_file.write("sc.category = :#{m['category'].to_sym}\n")
+    container_file.write("sc.test_types = #{m['test_types']}\n")
+    container_file.write("sc.common_service_type = CommonServiceType.find_by(name: '#{m['common_service_type']}')\n") if m.key?('common_service_type')
+    container_file.write("sc.configurable = #{m['configurable']}\n") if m.key?('configurable')
+    container_file.write("sc.multi_host = #{m['multi_host']}\n") if m.key?('multi_host')
+    container_file.write("sc.help_url = '#{docsite}##{readme_anchor}'\n")
+    container_file.write("sc.save!\n")
+  end
+
+  def self.symbolized_config(config)
+    '{ ' + config.reduce([]) do |a, p|
+      a << "#{p.first}: '#{p.last}'"
+    end.join(', ') + ' }'
+  end
+
+  def self.readme_anchor(readme)
+    title = readme.readline
+    # ## My Test Name123
+    # Trim off ## portion of title, replace spaces with -, and downcase
+    title.match(/\s*##\s+(.+)/)[1].strip.gsub(/[ .]/, '-').downcase
+  end
+
+  def self.process_manifests(seed_file, docsite)
+    File.open(seed_file, 'w') do |container_file|
+      Dir.glob('./**/manifest.yml').each do |p|
+        manifest = YAML.load(File.new(p, 'r').read)
+        readme_anchor = readme_anchor(File.new(p.gsub(/manifest\.yml/, 'README.md')))
+        long_name = "#{manifest['registry']}/#{manifest['name']}:#{manifest['version']}"
+        add_container(container_file, manifest, long_name, docsite, readme_anchor)
+      end
+    end
+  end
+end

data/lib/norad_cli/support/manifest.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require 'safe_yaml'
+SafeYAML::OPTIONS[:default_mode] = :safe
+
+class Manifest
+  attr_accessor :values
+
+  def initialize(manifest_file)
+    f = File.new manifest_file, 'r'
+    @values = YAML.load f.read
+  end
+
+  def name
+    "#{@values['registry']}/#{@values['name']}:#{@values['version']}"
+  end
+end

data/lib/norad_cli/support/readme.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+class Readme
+end

data/lib/norad_cli/templates/.gitignore

@@ -0,0 +1,2 @@
+containers.rb
+*.swp

data/lib/norad_cli/templates/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/lib/norad_cli/templates/CONTRIBUTING.md

@@ -0,0 +1,193 @@
+# How to contribute
+
+This guide is meant to provide guidelines for how to contribute to the Norad docker-images project.
+These procedures should work in the majority of cases.  At times, it will be necessary to step
+outside of these guidelines and Do What Makes Sense. This is a living document that we can continue
+to modify as we define the process that helps us add code quickly and safely.
+
+## Getting Started
+
+* If you haven't already, you'll likely want to set up a [development
+  box](https://gitlab.com/norad/dev-box).  This provides a consistent environment for
+  building assessments.
+
+* Due to the variance in types of assessments that will be written, we do not enforce any sort of
+  style or code quality.  However, if the code you are writing is written in Ruby, you may wish to
+  use [rubocop](https://github.com/bbatsov/rubocop).  You can familiarize yourself with the
+  [style guide](https://github.com/bbatsov/ruby-style-guide).  You can also install a tool into your
+  editor which will help you follow the style guideline. One for vim can be found
+  [here](https://github.com/scrooloose/syntastic).
+
+* You may wish to use the scaffold generator provided in this repository. For more information,
+  please reference [the README](https://gitlab.com/norad/security-modules#scaffolding).
+
+## Making Changes
+
+Fundamentally, we follow the Github Flow(1) methodology for branching and committing code. The
+process essentially breaks down as follows:
+
+1. Assign the feature you are beginning to work on to yourself in JIRA.
+2. Create a feature branch off of the master branch. Note that anything in master is always
+   deployable, so this branch will always have the latest code. Branch names should be descriptive.
+3. Your branch is your branch. Feel free to experiment and commit freely. You may wish to make your
+   life easier when it's time to merge into master by learning about [auto-squashing
+   commits](https://robots.thoughtbot.com/autosquashing-git-commits).
+4. You are free to push the feature branch to the origin as freqently as you wish. This will run the
+   CI suite for the following stages: **validate**, **build**, and **test**.  You can also run the
+   test suite locally on your dev box (refer to the .gitlab-ci.yml file and the scripts in the
+   ```./ci``` directory).  By pushing to the feature branch, you can engage other engineers on the
+   team if you need help. They can checkout your branch and examine the code.
+5. When your feature is done, open a Merge Request in Gitlab.
+
+At this point in process, there is no requirement of any kind for your commit messages. Before
+merging into master, though, you will need a "good commit message" for any commits that aren't being
+squashed. Links to further reading on this topic are available in the Additional Resources section.
+
+## Creating a Manifest File
+
+In addition to creating the Dockerfile and wrapper scripts for your image, you
+will need to create a manifest.yml file in the directory for your new tool.
+This manifest file is used by the CI scripts to create a Merge Request against
+the Norad [API](https://gitlab.com/norad/api) project to add the
+new assessment to the API database. A sample manifest file is included below:
+
+```yaml
+registry: norad-registry.cisco.com:5000
+name: arachni-xss
+version: 0.0.1
+prog_args: '--checks=%{check} %{protocol}://%{target}:%{port}%{url}'
+default_config:
+  protocol: "https"
+  port: '443'
+  url: '/'
+  check: "xss*"
+category: blackbox
+```
+
+## Writing Tests
+
+A testing harness is provided for verifying basic functionality of the
+assessments included in this repository. In general, the following steps
+outline the test-creation process:
+
+1. Create a directory in ```spec/assessments``` by the same name of the image you want to test, e.g. ```spec/assessments/nmap-ssl-dh-param/```
+2. Create an rspec file, also named the same as the image under test, in this directory e.g. ```nmap-ssl-dh-param_spec.rb```
+3. In this directory, create a ```targets/``` directory
+4. Add a ```Dockerfile.secure``` and ```Dockerfile.vulnerable``` to the ```targets/``` directory
+
+The CI scripts will handle building the secure and vulnerable test targets and execute the
+assessment against each. It will make the results available to your Rspec script via instance
+variables. If your assessment requires authentication on the target, the test harness will determine
+this automatically based on the default arguments for the assessment.
+
+### Sample Rspec Script
+```ruby
+require_relative '../../spec_helper.rb'
+
+class NmapSslDhParam
+  extend AssessmentHelpers
+end
+
+describe NmapSslDhParam, scan_assessment: true do
+  context 'for all targets' do
+    it 'should report a single result' do
+      expect(@vulnerable_results.size).to eq(1)
+      expect(@secure_results.size).to eq(1)
+      expect(@base_results.size).to eq(1)
+    end
+  end
+end
+```
+
+## Writing a README
+
+The README.md file included with each assessment is used by the CI suite to update the Norad
+[docs](https://gitlab.com/norad/docs) application with information about the assessment
+it is associated with. The contents of this README are largely up to the author, but should include
+some general information such as:
+
+1. A description of what the assessment tests for
+2. Configuration options table explaining how to configure the asssessment
+3. Whether or not the assessment requires authentication on the target (i.e. SSH)
+4. What requirements, if any, are addressed by the assessment
+
+## Submitting Changes
+
+When your feature is ready, or is at a state where you'd like to formally begin engaging the rest of
+the team, create a [Merge
+Request](https://gitlab.com/norad/security-modules/merge_requests) in Gitlab. Please write
+a meaningful title and detailed description that provides an overview of What your feature does and
+Why it does it. You can leave it to the code itself to explain the How, but feel free to call
+anything out here that you would like the reviewer(s) to pay special attention to.  If you feel that
+someone in particular needs to look at your Merge Request, you may assign the MR to them. Mentioning
+someone in the Merge Request description is another way to alert someone in particular you'd like
+for them to look at your MR, e.g.  ```cc @ravangar```.
+
+## Code Review Process
+
+The Code Review Process is meant to be an open-ended discussion about the feature that is being
+committed. It should address whether the changeset meets the requirements of the feature as well as
+the quality of the code itself. The reviewer(s) should also make sure that the feature includes an
+adequate number of meaningful tests.
+
+Please be polite in both giving and receiving feedback. Remember that it's a review of the code, not
+an individual. As a reviewer, do your best to separate your personal opinion of how you would do
+something from what is objectively constructive criticism. Please review the Thoughtbot guide for
+Code Reviews in the Additional Resources section (3).
+
+Make any changes to your feature branch that you and the reviewer agree should be made, and push
+those changes to your feature branch. This will automatically update your Merge Request. Repeat this
+process until the Merge Request is approved.
+
+The merge request must receive at least one **+1** before it can be merged. If individuals are
+called out to look at something during any point of the review process, they will need to provide a
+**+1** as well before it can be merged.
+
+## Testing and Integration Process
+
+We leverage [Gitlab CI](https://about.gitlab.com/gitlab-ci/) to execute our test suite and integrate
+the merged assessment content into our documentation and API applications as well as push the newly
+created image to our Registry.  The integration is broken down into the following 5 stages:
+
+1. validate (ensure correctness of the manifest file and the existence of a README)
+2. build (attempt to build all of the Docker images in the repository)
+3. test (execute the test suite for the built Docker images)
+4. deploy (push the Docker images to the Norad Registry)*
+5. integrate (open pull requests in the [api](https://gitlab.com/norad/api) and
+   [docs](https://gitlab.com/norad/docs) using the manifest files and the READMEs,
+   respectively)*
+
+*\* only execute on the ```master``` branch*
+
+More details can be found in the
+[.gitlab-ci.yml](https://gitlab.com/norad/security-modules/blob/master/.gitlab-ci.yml)
+file.
+
+## Merge Process
+
+Your feature got approved! Great! Now it's time to merge into master.
+
+1. Before code can be merged to master, **all tests must be passing**. In other words, you need a
+   green check from Gitlab CI.
+2. In order to keep the master branch's commit history clean, you may be required to rebase your
+   feature branch before it can be merged. You may also consider squashing interim commits into one
+   or more block commits. The goal here is to keep the master branch devoid of commits such as
+   "fixing typo" or "trying out this method." Either way, you should rebase your commits on top of
+   the most recent commit to master.  This helps keep the git history organized and commits related
+   to the same feature will be grouped to gether.  To rebase, run the following on your freature
+   branch: ```git fetch orgin master && git rebase -i origin/master```.  See the additional
+   resources for more information on rebasing.
+3. After (force) pushing your rebased feature branch, the Merge Request can be merged **as long as
+   all tests still pass**.
+
+# Additional Resources
+
+1. [Github Flow](https://guides.github.com/introduction/flow/)
+2. [Code Review Guide](https://github.com/thoughtbot/guides/tree/master/code-review)
+3. [Style Guide](https://github.com/bbatsov/ruby-style-guide)
+4. [Git Tips](https://github.com/thoughtbot/guides/blob/master/protocol/git)
+5. [Git Rebase](https://help.github.com/articles/about-git-rebase/)
+6. [Auto-squashing Git Commits](https://robots.thoughtbot.com/autosquashing-git-commits)
+7. [Good Commit Messages](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
+8. [More Good Commit Messages](http://chris.beams.io/posts/git-commit/)
+9. [Even More Good Commit Messages](http://www.alexkras.com/19-git-tips-for-everyday-use/#good-commit-message)

data/lib/norad_cli/templates/LICENSE.erb

@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "{}"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright <%= options[:year] %> <%= options[:company] %>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/lib/norad_cli/templates/README.md

@@ -0,0 +1,2 @@
+FIXME
+------