norad_cli 0.1.0

data/lib/norad_cli/templates/spec/support/test_server/config/environments/development.rb

@@ -0,0 +1,47 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports.
+  config.consider_all_requests_local = true
+
+  # Enable/disable caching. By default caching is disabled.
+  if Rails.root.join('tmp/caching-dev.txt').exist?
+    config.action_controller.perform_caching = true
+
+    config.cache_store = :memory_store
+    config.public_file_server.headers = {
+      'Cache-Control' => 'public, max-age=172800'
+    }
+  else
+    config.action_controller.perform_caching = false
+
+    config.cache_store = :null_store
+  end
+
+  # Don't care if the mailer can't send.
+  config.action_mailer.raise_delivery_errors = false
+
+  config.action_mailer.perform_caching = false
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
+
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+
+  # Use an evented file watcher to asynchronously detect changes in source code,
+  # routes, locales, etc. This feature depends on the listen gem.
+  config.file_watcher = ActiveSupport::EventedFileUpdateChecker
+end

data/lib/norad_cli/templates/spec/support/test_server/config/environments/production.rb

@@ -0,0 +1,78 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable serving static files from the `/public` folder by default since
+  # Apache or NGINX already handles this.
+  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = 'http://assets.example.com'
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+
+  # Mount Action Cable outside main process or domain
+  # config.action_cable.mount_path = nil
+  # config.action_cable.url = 'wss://example.com/cable'
+  # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # Use the lowest log level to ensure availability of diagnostic information
+  # when problems arise.
+  config.log_level = :debug
+
+  # Prepend all log lines with the following tags.
+  config.log_tags = [ :request_id ]
+
+  # Use a different cache store in production.
+  # config.cache_store = :mem_cache_store
+
+  # Use a real queuing backend for Active Job (and separate queues per environment)
+  # config.active_job.queue_adapter     = :resque
+  # config.active_job.queue_name_prefix = "test_server_#{Rails.env}"
+  config.action_mailer.perform_caching = false
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation cannot be found).
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Use a different logger for distributed setups.
+  # require 'syslog/logger'
+  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
+
+  if ENV["RAILS_LOG_TO_STDOUT"].present?
+    logger           = ActiveSupport::Logger.new(STDOUT)
+    logger.formatter = config.log_formatter
+    config.logger = ActiveSupport::TaggedLogging.new(logger)
+  end
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+end

data/lib/norad_cli/templates/spec/support/test_server/config/environments/test.rb

@@ -0,0 +1,42 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+
+  # Configure public file server for tests with Cache-Control for performance.
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = {
+    'Cache-Control' => 'public, max-age=3600'
+  }
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates.
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+  config.action_mailer.perform_caching = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+end

data/lib/norad_cli/templates/spec/support/test_server/config/initializers/application_controller_renderer.rb

@@ -0,0 +1,6 @@
+# Be sure to restart your server when you modify this file.
+
+# ApplicationController.renderer.defaults.merge!(
+#   http_host: 'example.org',
+#   https: false
+# )

data/lib/norad_cli/templates/spec/support/test_server/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/lib/norad_cli/templates/spec/support/test_server/config/initializers/cors.rb

@@ -0,0 +1,16 @@
+# Be sure to restart your server when you modify this file.
+
+# Avoid CORS issues when API is called from the frontend app.
+# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.
+
+# Read more: https://github.com/cyu/rack-cors
+
+# Rails.application.config.middleware.insert_before 0, Rack::Cors do
+#   allow do
+#     origins 'example.com'
+#
+#     resource '*',
+#       headers: :any,
+#       methods: [:get, :post, :put, :patch, :delete, :options, :head]
+#   end
+# end

data/lib/norad_cli/templates/spec/support/test_server/config/initializers/filter_parameter_logging.rb

@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Configure sensitive parameters which will be filtered from the log file.
+Rails.application.config.filter_parameters += [:password]

data/lib/norad_cli/templates/spec/support/test_server/config/initializers/inflections.rb

@@ -0,0 +1,16 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.acronym 'RESTful'
+# end

data/lib/norad_cli/templates/spec/support/test_server/config/initializers/mime_types.rb

@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf

data/lib/norad_cli/templates/spec/support/test_server/config/initializers/new_framework_defaults.rb

@@ -0,0 +1,18 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains migration options to ease your Rails 5.0 upgrade.
+#
+# Read the Rails 5.0 release notes for more info on each option.
+
+# Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`.
+# Previous versions had false.
+ActiveSupport.to_time_preserves_timezone = true
+
+# Require `belongs_to` associations by default. Previous versions had false.
+Rails.application.config.active_record.belongs_to_required_by_default = true
+
+# Do not halt callback chains when a callback returns false. Previous versions had true.
+ActiveSupport.halt_callback_chains_on_return_false = false
+
+# Configure SSL options to enable HSTS with subdomains. Previous versions had false.
+Rails.application.config.ssl_options = { hsts: { subdomains: true } }

data/lib/norad_cli/templates/spec/support/test_server/config/initializers/wrap_parameters.rb

@@ -0,0 +1,14 @@
+# Be sure to restart your server when you modify this file.
+
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json]
+end
+
+# To enable root element in JSON for ActiveRecord objects.
+# ActiveSupport.on_load(:active_record) do
+#   self.include_root_in_json = true
+# end

data/lib/norad_cli/templates/spec/support/test_server/config/locales/en.yml

@@ -0,0 +1,23 @@
+# Files in the config/locales directory are used for internationalization
+# and are automatically loaded by Rails. If you want to use locales other
+# than English, add the necessary files in this directory.
+#
+# To use the locales, use `I18n.t`:
+#
+#     I18n.t 'hello'
+#
+# In views, this is aliased to just `t`:
+#
+#     <%= t('hello') %>
+#
+# To use a different locale, set it with `I18n.locale`:
+#
+#     I18n.locale = :es
+#
+# This would use the information in config/locales/es.yml.
+#
+# To learn more, please read the Rails Internationalization guide
+# available at http://guides.rubyonrails.org/i18n.html.
+
+en:
+  hello: "Hello world"

data/lib/norad_cli/templates/spec/support/test_server/config/puma.rb

@@ -0,0 +1,47 @@
+# Puma can serve each request in a thread from an internal thread pool.
+# The `threads` method setting takes two numbers a minimum and maximum.
+# Any libraries that use thread pools should be configured to match
+# the maximum value specified for Puma. Default is set to 5 threads for minimum
+# and maximum, this matches the default thread size of Active Record.
+#
+threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }.to_i
+threads threads_count, threads_count
+
+# Specifies the `port` that Puma will listen on to receive requests, default is 3000.
+#
+port        ENV.fetch("PORT") { 3000 }
+
+# Specifies the `environment` that Puma will run in.
+#
+environment ENV.fetch("RAILS_ENV") { "development" }
+
+# Specifies the number of `workers` to boot in clustered mode.
+# Workers are forked webserver processes. If using threads and workers together
+# the concurrency of the application would be max `threads` * `workers`.
+# Workers do not work on JRuby or Windows (both of which do not support
+# processes).
+#
+# workers ENV.fetch("WEB_CONCURRENCY") { 2 }
+
+# Use the `preload_app!` method when specifying a `workers` number.
+# This directive tells Puma to first boot the application and load code
+# before forking the application. This takes advantage of Copy On Write
+# process behavior so workers use less memory. If you use this option
+# you need to make sure to reconnect any threads in the `on_worker_boot`
+# block.
+#
+# preload_app!
+
+# The code in the `on_worker_boot` will be called if you are using
+# clustered mode by specifying a number of `workers`. After each worker
+# process is booted this block will be run, if you are using `preload_app!`
+# option you will want to use this block to reconnect to any threads
+# or connections that may have been created at application boot, Ruby
+# cannot share connections between processes.
+#
+# on_worker_boot do
+#   ActiveRecord::Base.establish_connection if defined?(ActiveRecord)
+# end
+
+# Allow puma to be restarted by `rails restart` command.
+plugin :tmp_restart

data/lib/norad_cli/templates/spec/support/test_server/config/routes.rb

@@ -0,0 +1,5 @@
+Rails.application.routes.draw do
+  resources :results, only: :index
+  post 'results/:id', to: 'results#create', id: /\w{64}/
+  # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
+end

data/lib/norad_cli/templates/spec/support/test_server/config/secrets.yml

@@ -0,0 +1,20 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key is used for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+# You can use `rails secret` to generate a secure secret key.
+
+# Make sure the secrets in this file are kept private
+# if you're sharing your code publicly.
+
+development:
+  secret_key_base: ec6cd62d2b6c1d0bdcf8aa8201664093fb5c3f806b90951147d90f37144e98376918d7f684f2c3d9bff57dd0814aef571d36fa887b5714a56be853b82dfba5cf
+
+test:
+  secret_key_base: 3e0a6065aa63760f26d3e8afb9a948fe5d1e125b4a5bd11196d6479cd6255f3861ae2da41cbcdb820707441e7fae2221815af17c804c90131e9d574c73dc0350
+
+production:
+  secret_key_base: ec6cd62d2b6c1d0bdcf8aa8201664093fb5c3f806b90951147d90f37144e98376918d7f684f2c3d9bff57dd0814aef571d36fa887b5714a56be853b82dfba5cf

data/lib/norad_cli/templates/spec/support/test_server/config.ru

@@ -0,0 +1,5 @@
+# This file is used by Rack-based servers to start the application.
+
+require_relative 'config/environment'
+
+run Rails.application

data/lib/norad_cli/templates/spec/support/test_server/db/migrate/20160725144604_create_results.rb

@@ -0,0 +1,15 @@
+class CreateResults < ActiveRecord::Migration[5.0]
+  def change
+    create_table :results do |t|
+      t.string :assessment_id
+      t.string :status
+      t.text :output
+      t.string :title
+      t.string :description
+      t.string :nid
+      t.string :sir
+
+      t.timestamps
+    end
+  end
+end

data/lib/norad_cli/templates/spec/support/test_server/db/schema.rb

@@ -0,0 +1,2 @@
+ActiveRecord::Schema.define(version: 0) do
+end

data/lib/norad_cli/templates/spec/support/test_server/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-agent: *
+# Disallow: /

data/lib/norad_cli/templates/tool/Dockerfile.auth.target.erb

@@ -0,0 +1,2 @@
+FROM docker-images-test-ubuntu-ssh-server:latest
+MAINTAINER Blake Hitchcock

data/lib/norad_cli/templates/tool/Dockerfile.erb

@@ -0,0 +1,11 @@
+# Set the base image to norad
+FROM <%= options[:base_image] %>
+
+# Copy the wrapper script
+COPY <%= options[:name] %>-wrapper.rb /<%= options[:name] %>-wrapper.rb
+RUN chmod 755 /<%= options[:name] %>-wrapper.rb
+
+#Home
+WORKDIR /
+
+ENTRYPOINT ["/<%= options[:name] %>-wrapper.rb"]

data/lib/norad_cli/templates/tool/Dockerfile.unauth.target.erb

@@ -0,0 +1,5 @@
+FROM ubuntu:14.04
+RUN apt-get -y update
+RUN apt-get -y install openssh-server
+RUN mkdir /var/run/sshd && chmod 0755 /var/run/sshd
+CMD ["/usr/sbin/sshd", "-D"]

data/lib/norad_cli/templates/tool/README.md.erb

@@ -0,0 +1,17 @@
+## <%= options[:name] %>
+
+### Description
+
+FIXME: Describe the tool used in the container and how the container operates
+
+### Configuration Options
+
+Argument | Default Value | Description
+-------- | ------------- | -----------
+FIXME    | FIXME         | FIXME
+
+<% if options[:authenticated] %>
+**Requires Authentication on Target:** Yes
+<% else %>
+**Requires Authentication on Target:** No
+<% end %>

data/lib/norad_cli/templates/tool/manifest.yml.erb

@@ -0,0 +1,19 @@
+registry: <%= options[:registry] %>
+name: <%= options[:name] %>
+version: <%= options[:version] %>
+<% if options[:authenticated] %>
+prog_args: '%{target} %{ssh_user} %{ssh_port} %{ssh_key}'
+default_config:
+  ssh_port: 22
+category: whitebox
+<% else %>
+prog_args: '%{target} %{fixme_custom_option}'
+category: blackbox
+<% end %>
+test_types:
+  - <%= options[:test_type] %> 
+<% if options[:configurable] %>
+configurable: true
+<% else %>
+configurable: false
+<% end %>

data/lib/norad_cli/templates/tool/tool_spec.rb.erb

@@ -0,0 +1,55 @@
+require_relative '../spec_helper.rb'
+
+class <%= options[:spec_class_name] %>
+  extend AssessmentHelpers
+   def self.default_test_config
+    {  }
+  end 
+end
+
+describe <%= options[:spec_class_name] %>, scan_assessment: true do
+  context 'for all targets' do
+    it 'should report results' do
+      expect(@vulnerable_results.size).to be > 0
+      expect(@secure_results.size).to be > 0
+    end
+  end
+
+  context 'for vulnerable machine' do
+    before :each do
+      @result = @vulnerable_results.first
+    end
+
+    it 'should report a failure' do
+      expect(@result['status']).to eq('fail')
+    end
+  end
+
+  context 'for secure machine' do
+    before :each do
+      @result = @secure_results.first
+    end
+
+    it 'should report a passing result' do
+      expect(@result['status']).to eq('pass')
+    end
+
+    it 'should set the sir rating to no impact' do
+      expect(@result['sir']).to eq('no_impact')
+    end
+  end
+
+  context 'for machine with all ports closed' do
+    before :each do
+      @result = @base_results.first
+    end
+
+    it 'should report a passing result' do
+      expect(@result['status']).to eq('pass')
+    end
+
+    it 'should set the sir rating to no impact' do
+      expect(@result['sir']).to eq('no_impact')
+    end
+  end
+end

data/lib/norad_cli/templates/tool/wrapper.rb.erb

@@ -0,0 +1,47 @@
+#!/usr/bin/env ruby
+require 'norad_beacon'
+
+def run(args)
+  timeout = 3600 # set timeout for runner to 1 hour
+
+  # Allocate a runner
+  runner = NoradBeacon::Runner.new('FIXME:FULL_PATH_TO_TOOL_IN_CONTAINER',
+                              ['FIXME:TOOL_OPTION', 'FIXME:TOOL_OPTION', 'FIXME:TOOL_OPTION'].flatten,
+                              timeout)
+
+  # Execute the runner
+  runner.execute
+
+  # Ensure the tool created results
+  runner.parse_results do |fh|
+    ############################
+    # Parse the results        #
+    # JSON Example below       #
+    ############################
+    results_hash = JSON.parse(fh.read())
+    id = 'FIXME:SOME_ID'
+    status = 'fail' # Possible status: pass, fail, error
+    raw_output = 'FIXME: Any raw output'
+    title = 'FIXME: Any title'
+    description = 'FIXME: Any description'
+    cvss = 'FIXME: CVSS score'
+
+    # Add the result to the runner's result set
+    # Note: Multiple results can be added, they will show up individually
+    runner.result_set.add(NoradBeacon::Result.new(id, status, raw_output, title, description, cvss))
+  end
+rescue Exception => e
+  puts "An exception occurred: #{e.inspect}"
+  puts e.backtrace
+
+  status = 'error'
+  raw_output = 'Internal error occurred'
+  title = 'Failed to run the tests'
+  description = 'Internal error occurred'
+  runner.result_set.add(NoradBeacon::Result.new('0', status, raw_output, title, description))
+ensure
+  # Save the results to Norad
+  NoradBeacon::NoradAPI.post_results(runner.result_set)
+end
+
+run(ARGV)

data/lib/norad_cli/version.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+module NoradCli
+  VERSION = '0.1.0'
+end

data/lib/norad_cli.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+require 'norad_cli/version'
+require 'norad_cli/cli/main'
+
+module Norad
+  # Your code goes here...
+end

data/norad_cli.gemspec

@@ -0,0 +1,38 @@
+# coding: utf-8
+# frozen_string_literal: true
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'norad_cli/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'norad_cli'
+  spec.version       = NoradCli::VERSION
+  spec.authors       = ['Blake Hitchcock', 'Brian Manifold', 'Roger Seagle']
+  spec.email         = ['rbhitchcock@gmail.com', 'bmanifold@gmail.com ', 'roger.seagle@gmail.com']
+
+  spec.summary       = 'Command line interface for norad.'
+  spec.description   = 'Command line interface for norad.'
+  spec.homepage      = 'https://gitlab.com/norad/cli'
+  spec.license       = 'Apache-2.0'
+  spec.required_ruby_version = '~> 2.3.0'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'bin'
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  # Regular Dependencies
+  spec.add_dependency 'git'
+  spec.add_dependency 'thor'
+  spec.add_dependency 'docker-api'
+  spec.add_dependency 'safe_yaml'
+  spec.add_dependency 'rspec', '~> 3.0'
+
+  # Development Dependencies
+  spec.add_development_dependency 'bundler', '~> 1.12'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rainbow', '~> 2.1.0' # There is a bug in rainbow 2.2.1
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rubocop', '~> 0.47'
+  spec.add_development_dependency 'bundler-audit', '~> 0.5'
+end