norad_cli 0.1.15 → 0.1.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -0
- data/lib/norad_cli/cli/sectest.rb +38 -35
- data/lib/norad_cli/support/sectest_container.rb +3 -3
- data/lib/norad_cli/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8860651242fcd0bf3b1705504a70f600823d6aac
|
|
4
|
+
data.tar.gz: 21aa5ac57a4b9a8c76ead029a59d4e6d57b9762d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cd71776227fa2fe192b53349624b8f09d4f2843554b0146d48c172c1a8339692e6fc338d00ac022032e71539a26f552dbc2935be61eb135cbbc413329c5989c9
|
|
7
|
+
data.tar.gz: b05c1f5a97cb2bca7a72239e04f99fb4d74e0a35f6a20a8a095baabb0217d99dd7b3e3694df6af78c48beabdf606f327bc3d12e42c29fa505c56ca4a6cdd0fe7
|
data/.rubocop.yml
CHANGED
|
@@ -15,13 +15,14 @@ class Sectest < Thor
|
|
|
15
15
|
ssh_user: ['-u', 'If the sectest requires authentication, then the username for authentication'],
|
|
16
16
|
ssh_key: ['-k', 'If the sectest requires authentication, then the path to the ssh key file'],
|
|
17
17
|
port: ['-p', 'The port to use for testing'],
|
|
18
|
-
service_username: ['-e', '
|
|
19
|
-
service_password: ['-r', '
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
18
|
+
service_username: ['-e', 'Username to authenticate with the service, e.g. web application, database server, etc'],
|
|
19
|
+
service_password: ['-r', 'Password to authenticate with the service'],
|
|
20
|
+
web_service_protocol: ['-c', 'Protocol used to load the web application, http or https'],
|
|
21
|
+
web_service_url_blacklist: ['-b', 'Comma separated list of words to avoid when spidering web application links'],
|
|
22
|
+
web_service_auth_type: ['-a', 'Authentication method used by the web application'],
|
|
23
|
+
web_service_starting_page_path: ['-g', 'Path where web application scan should begin, e.g. /'],
|
|
24
|
+
web_service_login_form_username_field_name: ['-l', 'HTML form field name for the username portion of web application authentication'],
|
|
25
|
+
web_service_login_form_password_field_name: ['-m', 'HTML form field name for the password portion of web application authentication'] }
|
|
25
26
|
|
|
26
27
|
def self.source_root
|
|
27
28
|
File.join(File.dirname(File.expand_path(__FILE__)), '../templates/')
|
|
@@ -29,20 +30,24 @@ class Sectest < Thor
|
|
|
29
30
|
|
|
30
31
|
# Loads a manifest file depending on the command
|
|
31
32
|
# rubocop:disable Style/GuardClause
|
|
32
|
-
def self.load_manifest
|
|
33
|
-
|
|
33
|
+
def self.load_manifest(sectest_name)
|
|
34
|
+
@@sectest_manifest = {}
|
|
34
35
|
|
|
35
36
|
# Set defaults just in case no manifest.yml to overwrite
|
|
36
|
-
|
|
37
|
-
|
|
37
|
+
@@sectest_manifest['registry'] = 'norad-registry.cisco.com:5000'
|
|
38
|
+
@@sectest_manifest['version'] = 'latest'
|
|
38
39
|
|
|
39
40
|
# Dynamically add options and description based on the needs of the sectest container
|
|
40
|
-
if %w(build build:all build:image build:specs execute).include?(ARGV[1]) &&
|
|
41
|
+
if %w(build build:all build:image build:specs execute).include?(ARGV[1]) && sectest_name && !sectest_name.start_with?('-', '--')
|
|
41
42
|
# Read in the program arguments
|
|
42
|
-
if File.exist?("sectests/#{
|
|
43
|
-
|
|
43
|
+
if File.exist?("sectests/#{sectest_name}/manifest.yml")
|
|
44
|
+
@@sectest_manifest = YAML.safe_load(File.read("sectests/#{sectest_name}/manifest.yml"))
|
|
45
|
+
|
|
46
|
+
# Precautionary, remove all leading and trailing whitespace
|
|
47
|
+
@@sectest_manifest['registry'].strip!
|
|
48
|
+
@@sectest_manifest['version'].strip!
|
|
44
49
|
else
|
|
45
|
-
puts Rainbow("Error: #{
|
|
50
|
+
puts Rainbow("Error: #{sectest_name} sectest does not exist or it is missing sectests/#{sectest_name}/manifest.yml").red
|
|
46
51
|
puts Rainbow('Exiting...').red
|
|
47
52
|
exit(1)
|
|
48
53
|
end
|
|
@@ -59,12 +64,12 @@ class Sectest < Thor
|
|
|
59
64
|
|
|
60
65
|
# Load the manifest file if necessary
|
|
61
66
|
# Correct set default registry and version
|
|
62
|
-
load_manifest
|
|
67
|
+
load_manifest(ARGV[2])
|
|
63
68
|
|
|
64
69
|
desc 'scaffold TESTNAME', 'Create a new security test with standard files + testing'
|
|
65
70
|
option :test_type, aliases: '-t', default: 'whole_host', desc: 'The security test type, Options: [authenticated|web_application|brute_force|ssl_crypto|ssh_crypto|whole_host]'
|
|
66
|
-
option :registry, aliases: '-r', default:
|
|
67
|
-
option :version, aliases: '-v', default:
|
|
71
|
+
option :registry, aliases: '-r', default: @@sectest_manifest['registry'], desc: 'The Docker registry to store docker images'
|
|
72
|
+
option :version, aliases: '-v', default: @@sectest_manifest['version'], desc: 'The version of the security test'
|
|
68
73
|
option :base_image, aliases: '-b', default: 'norad-registry.cisco.com:5000/norad:0.0.1', desc: 'Base Docker image to use (i.e. FROM field in the Dockerfile)'
|
|
69
74
|
option :configurable, type: :boolean, aliases: '-c', desc: 'Is the security test configurable (e.g. Qualys username and password)'
|
|
70
75
|
def scaffold(sectest_name)
|
|
@@ -105,26 +110,29 @@ class Sectest < Thor
|
|
|
105
110
|
|
|
106
111
|
desc 'build', 'Build all sectest images and specs for the entire repository'
|
|
107
112
|
option :debug, aliases: '-d', type: :boolean, default: true, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
|
|
108
|
-
option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
|
|
109
|
-
option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
|
|
110
113
|
def build
|
|
111
114
|
# Error check to ensure this is a plugin directory
|
|
112
115
|
Dir.glob('sectests/*').select do |f|
|
|
113
|
-
if
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
116
|
+
# Skip if the entry is not a directory
|
|
117
|
+
next if !File.directory? f
|
|
118
|
+
|
|
119
|
+
# Grab the name of the sectest
|
|
120
|
+
sectest_name = f.split('/')[-1]
|
|
121
|
+
|
|
122
|
+
# Load the manifest for the sectest
|
|
123
|
+
Sectest.load_manifest(sectest_name)
|
|
124
|
+
|
|
125
|
+
# Build all for the sectest
|
|
126
|
+
send('build:all', sectest_name)
|
|
117
127
|
end
|
|
118
128
|
end
|
|
119
129
|
|
|
120
130
|
# Define arguments and options
|
|
121
131
|
desc 'build:image SECTESTNAME', 'Build the docker image for the security test SECTESTNAME'
|
|
122
132
|
option :debug, aliases: '-d', type: :boolean, default: true, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
|
|
123
|
-
option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
|
|
124
|
-
option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
|
|
125
133
|
define_method 'build:image' do |name|
|
|
126
134
|
imgs_to_build = {}
|
|
127
|
-
imgs_to_build["sectests/#{name}"] = "#{
|
|
135
|
+
imgs_to_build["sectests/#{name}"] = "#{@@sectest_manifest['registry']}/#{name}:#{@@sectest_manifest['version']}"
|
|
128
136
|
|
|
129
137
|
# Check for the Dockerfile
|
|
130
138
|
if !dockerfile?(imgs_to_build.keys[0])
|
|
@@ -152,8 +160,6 @@ class Sectest < Thor
|
|
|
152
160
|
# Define arguments and options
|
|
153
161
|
desc 'build:specs SECTESTNAME', 'Build the spec images (test images) for the security test SECTESTNAME'
|
|
154
162
|
option :debug, aliases: '-d', type: :boolean, default: true, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
|
|
155
|
-
option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
|
|
156
|
-
option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
|
|
157
163
|
define_method 'build:specs' do |name|
|
|
158
164
|
imgs_to_build = {}
|
|
159
165
|
imgs_to_build["#{File.expand_path(File.dirname(__FILE__))}/../templates/spec/support/Dockerfile.testserver"] = 'docker-images-test-results-server:latest'
|
|
@@ -182,8 +188,6 @@ class Sectest < Thor
|
|
|
182
188
|
# Define arguments and options
|
|
183
189
|
desc 'build:all SECTESTNAME', 'Build sectest images for SECTESTNAME and all testing images for SECTESTNAME'
|
|
184
190
|
option :debug, aliases: '-d', type: :boolean, default: true, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
|
|
185
|
-
option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
|
|
186
|
-
option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
|
|
187
191
|
define_method 'build:all' do |name|
|
|
188
192
|
# Build the sectest image
|
|
189
193
|
send('build:image', name)
|
|
@@ -197,7 +201,7 @@ class Sectest < Thor
|
|
|
197
201
|
desc "execute #{ARGV[2]}", "Execute #{ARGV[2]} against an arbitrary target"
|
|
198
202
|
|
|
199
203
|
# Dynamically create options
|
|
200
|
-
|
|
204
|
+
@@sectest_manifest['prog_args'].scan(/{(.*?)}/).each do |ar|
|
|
201
205
|
if @reserved_sectest_args.key?(ar[0].to_sym)
|
|
202
206
|
option ar[0].to_sym, aliases: @reserved_sectest_args[ar[0].to_sym][0], desc: @reserved_sectest_args[ar[0].to_sym][1]
|
|
203
207
|
else
|
|
@@ -209,8 +213,6 @@ class Sectest < Thor
|
|
|
209
213
|
end
|
|
210
214
|
option :debug, aliases: '-d', type: :boolean, default: false, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
|
|
211
215
|
option :format, aliases: '-f', type: :boolean, default: false, desc: 'Print the JSON results formatted'
|
|
212
|
-
option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
|
|
213
|
-
option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
|
|
214
216
|
def execute(sectest_name)
|
|
215
217
|
# Ensure the results server is built by building the images specs (code reuse)
|
|
216
218
|
send('build:specs', sectest_name)
|
|
@@ -219,7 +221,8 @@ class Sectest < Thor
|
|
|
219
221
|
send('build:image', sectest_name)
|
|
220
222
|
|
|
221
223
|
# Allocate an instance of the sectest
|
|
222
|
-
sectest_instance = NoradCli::SecTestContainer.new(ARGV[2],
|
|
224
|
+
sectest_instance = NoradCli::SecTestContainer.new(ARGV[2], @@sectest_manifest['registry'],
|
|
225
|
+
@@sectest_manifest['version'], options)
|
|
223
226
|
|
|
224
227
|
# Start the test
|
|
225
228
|
sectest_instance.start
|
|
@@ -11,11 +11,11 @@ module NoradCli
|
|
|
11
11
|
attr_accessor :sectest_image
|
|
12
12
|
attr_accessor :results_server
|
|
13
13
|
|
|
14
|
-
def initialize(sectest_name, options)
|
|
14
|
+
def initialize(sectest_name, registry, version, options)
|
|
15
15
|
# Generate a random assessment id
|
|
16
16
|
@assessment_id = SecureRandom.hex(32)
|
|
17
17
|
|
|
18
|
-
@sectest_image = "#{
|
|
18
|
+
@sectest_image = "#{registry}/#{sectest_name}:#{version}"
|
|
19
19
|
|
|
20
20
|
# Create a results server
|
|
21
21
|
@results_server = NoradCli::ResultsServer.new('docker-images-test-results-server')
|
|
@@ -39,7 +39,7 @@ module NoradCli
|
|
|
39
39
|
# Grab the program arguments (minus other function options)
|
|
40
40
|
# Options is a Thor::CoreExt::HashWithIndifferentAccess (except does not work)
|
|
41
41
|
prog_arg_hash = options.each_with_object({}) do |(k, v), hsh|
|
|
42
|
-
hsh[k.to_sym] = v unless k == 'debug'
|
|
42
|
+
hsh[k.to_sym] = v unless k == 'debug'
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
# Load the prog_arg format
|
data/lib/norad_cli/version.rb
CHANGED