norad_cli 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f67e3b7d29e50815d288e17ba88cf0791e5cc808
-  data.tar.gz: b1b7675b3bab7237fc7cfa9b094181d9918cbb29
+  metadata.gz: 9f317f6169f280d37dcf3f342361e7c4254f5599
+  data.tar.gz: 942032c69b1630bebd3107617799abda9e1a713f
 SHA512:
-  metadata.gz: 24c52f33dd524c6057465193569229968f3eb90e48963a530919191450e91b504d6112bfaacbad903e95259d61590eb72ed6e35e4911884a9d6b692948c0c2ec
-  data.tar.gz: bf5fb027e9df8357164c6c9971b24a5db7077ed822fcb5d7eff24220199028f061811e247923fc82b35e9ece3121bd06f246225aecb659c9dd2beee27472d2e6
+  metadata.gz: ba8692954a43ba7fb99e902e8f8d6351f696f3f448d988aecf58a857f4c3b8f4c6ee807670dd5dd9bf12dfcf4b20523baa690659c45ed5cad278519584fe65a4
+  data.tar.gz: dce51da0d3e7daffe7e306885fb19b4d5f565ff46884f309bc92ca1b48b0c18fe4d0430a99e430ee31414bedf56206f847d0bdad2b5d975049b446f553218f1b

data/.gitlab-ci.yml

@@ -4,7 +4,7 @@ stages:
 #  - behavior_test
   - release
 
-image: ruby:2.3.3
+image: ruby:2.4.0
 
 cache:
   key: "$CI_BUILD_NAME"

data/.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.4
   DisplayCopNames: true
   Exclude:
     - 'lib/norad_cli/templates/spec/**/*'
@@ -32,3 +32,6 @@ Security/YAMLLoad:
   Exclude:
     - 'lib/norad_cli/support/manifest.rb' 
     - 'lib/norad_cli/support/api_security_container_seed_script.rb'
+Performance/RegexpMatch:
+  Exclude:
+    - 'lib/norad_cli/cli/sectest.rb'

data/.ruby-version

@@ -1 +1 @@
-2.3.3
+2.4.0

data/lib/norad_cli/cli/secrepo.rb

@@ -20,7 +20,7 @@ class Repo < Thor
     Git.init(repo_name)
 
     # Create the necessary directories
-    %w(base spec).each do |dirrepo_name|
+    %w(base spec sectests).each do |dirrepo_name|
       empty_directory "#{repo_name}/#{dirrepo_name}"
     end
 

data/lib/norad_cli/cli/sectest.rb

@@ -13,16 +13,16 @@ class Sectest < Thor
   end
 
   desc 'scaffold TESTNAME', 'Create a new security test with standard files + testing'
-  option :test_type, default: 'whole_host', desc: 'The security test type, Options: [authenticated|web_application|brute_force|ssl_crypto|ssh_crypto|whole_host]'
-  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry to store docker images'
-  option :version, default: 'latest', desc: 'The version of the security test'
-  option :base_image, default: 'norad-registry.cisco.com:5000/norad:0.0.1', desc: 'Base Docker image to use (i.e. FROM field in the DOckerfile)'
-  option :authenticated, type: :boolean, default: false, desc: 'Does the security test require authenticating to the unit under test'
-  option :configurable, type: :boolean, default: false, desc: 'Is the security test configurable (e.g. Qualys username and password)'
+  option :test_type, aliases: '-t', default: 'whole_host', desc: 'The security test type, Options: [authenticated|web_application|brute_force|ssl_crypto|ssh_crypto|whole_host]'
+  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry to store docker images'
+  option :version, aliases: '-v', default: 'latest', desc: 'The version of the security test'
+  option :base_image, aliases: '-b', default: 'norad-registry.cisco.com:5000/norad:0.0.1', desc: 'Base Docker image to use (i.e. FROM field in the Dockerfile)'
+  option :configurable, type: :boolean, aliases: '-c', desc: 'Is the security test configurable (e.g. Qualys username and password)'
   def scaffold(sectest_name)
     # Grab the current directory
     repo_dir = Dir.pwd
 
+    puts options[:configurable]
     # Set options for templates
     options[:name] = sectest_name
     options[:spec_class_name] = sectest_name.split('-').map { |t| t =~ /\d+/ ? t : t.capitalize! }.join
@@ -30,16 +30,16 @@ class Sectest < Thor
     # Error check to ensure this is a norad security test repository
 
     # Create the security tests standard files
-    template('tool/Dockerfile.erb', "#{repo_dir}/#{sectest_name}/Dockerfile")
-    template('tool/README.md.erb', "#{repo_dir}/#{sectest_name}/README.md")
-    template('tool/manifest.yml.erb', "#{repo_dir}/#{sectest_name}/manifest.yml")
+    template('tool/Dockerfile.erb', "#{repo_dir}/sectests/#{sectest_name}/Dockerfile")
+    template('tool/README.md.erb', "#{repo_dir}/sectests/#{sectest_name}/README.md")
+    template('tool/manifest.yml.erb', "#{repo_dir}/sectests/#{sectest_name}/manifest.yml")
 
     # Create a starter wrapper script
-    template('tool/wrapper.rb.erb', "#{repo_dir}/#{sectest_name}/#{sectest_name}-wrapper.rb")
+    template('tool/wrapper.rb.erb', "#{repo_dir}/sectests/#{sectest_name}/#{sectest_name}-wrapper.rb")
 
     # Create the spec files
     template('tool/tool_spec.rb.erb', "#{repo_dir}/spec/#{sectest_name}/#{sectest_name}_spec.rb")
-    if options[:authenticated]
+    if options[:test_type] == 'authenticated'
       template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.secure")
       template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.vulnerable")
     else
@@ -48,13 +48,26 @@ class Sectest < Thor
     end
   end
 
+  desc 'build', 'Build all sectest images and specs for the entire repository'
+  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: 'latest', desc: 'The version of the sectest container to build'
+  def build
+    # Error check to ensure this is a plugin directory
+    Dir.glob('sectests/*').select do |f|
+      if File.directory? f
+        # Build all for the sectest
+        send('build:all', f.split('/')[-1])
+      end
+    end
+  end
+
   # Define arguments and options
-  desc 'build SECTESTNAME', 'Builds the docker image for the security test SECTESTNAME'
-  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
-  option :version, default: 'latest', desc: 'The version of the sectest container to build'
-  def build(name)
+  desc 'build:image SECTESTNAME', 'Build the docker image for the security test SECTESTNAME'
+  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: 'latest', desc: 'The version of the sectest container to build'
+  define_method 'build:image' do |name|
     imgs_to_build = {}
-    imgs_to_build[name.to_s] = "#{options[:registry]}/#{name}:#{options[:version]}"
+    imgs_to_build["sectests/#{name}"] = "#{options[:registry]}/#{name}:#{options[:version]}"
 
     # Check for the Dockerfile
     if !dockerfile?(imgs_to_build.keys[0])
@@ -80,9 +93,9 @@ class Sectest < Thor
   end
 
   # Define arguments and options
-  desc 'build:specs SECTESTNAME', 'Builds the spec images for the security test SECTESTNAME'
-  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
-  option :version, default: 'latest', desc: 'The version of the sectest container to build'
+  desc 'build:specs SECTESTNAME', 'Build the spec images (test images) for the security test SECTESTNAME'
+  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: 'latest', desc: 'The version of the sectest container to build'
   define_method 'build:specs' do |name|
     imgs_to_build = {}
     imgs_to_build["#{File.expand_path(File.dirname(__FILE__))}/../templates/spec/support/Dockerfile.testserver"] = 'docker-images-test-results-server:latest'
@@ -109,21 +122,21 @@ class Sectest < Thor
   end
 
   # Define arguments and options
-  desc 'build:all SECTESTNAME', 'Builds all images for security test SECTESTNAME'
-  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
-  option :version, default: 'latest', desc: 'The version of the sectest container to build'
+  desc 'build:all SECTESTNAME', 'Build sectest images for SECTESTNAME and all testing images for SECTESTNAME'
+  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: 'latest', desc: 'The version of the sectest container to build'
   define_method 'build:all' do |name|
-    # Build the tool
-    build(name)
+    # Build the sectest image
+    send('build:image', name)
 
-    # Build the specs for testing
+    # Build the specs for testing the sectest
     send('build:specs', name)
   end
 
   # Define arguments and options
   desc 'execute SECTESTNAME ARGUMENTS', 'Executes the specified security test SECTESTNAME w/ ARGUMENTS'
-  option :registry, default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
-  option :version, default: 'latest', desc: 'The version of the tools docker container to build'
+  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: 'latest', desc: 'The version of the tools docker container to build'
   def execute(name, arguments)
     # Ensure container exists
     if !Docker::Image.exist?("#{options[:registry]}/#{name}:#{options[:version]}")
@@ -141,10 +154,10 @@ class Sectest < Thor
     container.tap(&:start).attach { |stream, chunk| puts "#{stream}: #{chunk}" }
   end
 
-  desc 'spec SECTESTNAME', 'Run the rspec tests for SECTESTNAME'
-  option :verbose, type: :boolean, default: false, desc: 'Turn on verbose logging'
-  option :scan_assessment, type: :boolean, default: true, desc: 'Fix me'
-  define_method 'spec' do |name|
+  desc 'spec:image SECTESTNAME', 'Run the rspec tests for SECTESTNAME'
+  option :verbose, aliases: '-v', type: :boolean, default: false, desc: 'Turn on verbose logging'
+  option :scan_assessment, aliases: '-s', type: :boolean, default: true, desc: 'Fix me'
+  define_method 'spec:image' do |name|
     # Set environment variables
     ENV['ENABLE_LOGS'] = options[:verbose] ? 'true' : 'false'
     ENV['SCAN_ASSESSMENT'] = options[:scan_assessment] ? 'true' : 'false'
@@ -155,9 +168,22 @@ class Sectest < Thor
     RSpec::Core::Runner.run(["spec/#{name}/#{name}_spec.rb"], $stderr, $stdout)
   end
 
+  desc 'spec', 'Run all rspec tests for the entire repo (all sectests)'
+  option :verbose, aliases: '-v', type: :boolean, default: false, desc: 'Turn on verbose logging'
+  option :scan_assessment, aliases: '-s', type: :boolean, default: true, desc: 'Fix me'
+  def spec
+    # Error check to ensure this is a plugin directory
+    Dir.glob('sectests/*').select do |f|
+      if File.directory? f
+        # Build all for the sectest
+        send('spec:image', f.split('/')[-1])
+      end
+    end
+  end
+
   desc 'seed', 'Create the containers.rb seed to import into the api'
-  option :seedfile, type: :string, default: './containers.rb', desc: 'The name of the seed file to generate'
-  option :docsite, type: :string, default: 'https://norad.gitlab.io/docs/', desc: 'Set the documentation site'
+  option :seedfile, aliases: '-s', type: :string, default: './containers.rb', desc: 'The name of the seed file to generate'
+  option :docsite, aliases: '-d', type: :string, default: 'https://norad.gitlab.io/docs/', desc: 'Set the documentation site'
   def seed
     # Error check to ensure this is a plugin directory
 

data/lib/norad_cli/templates/spec/spec_helper.rb

@@ -107,7 +107,7 @@ if ENV['SCAN_ASSESSMENT']
 
     define_method :manifest_file do
       assessment_path = @parent.nil? ? assessment_name : "#{@parent}/variants/#{assessment_name}"
-      "./#{assessment_path}/manifest.yml"
+      "./sectests/#{assessment_path}/manifest.yml"
     end
 
     define_method :options do

data/lib/norad_cli/templates/tool/manifest.yml.erb

@@ -1,19 +1,27 @@
 registry: <%= options[:registry] %>
 name: <%= options[:name] %>
 version: <%= options[:version] %>
-<% if options[:authenticated] %>
+<% if options[:test_type] == 'authenticated' -%>
 prog_args: '%{target} %{ssh_user} %{ssh_port} %{ssh_key}'
 default_config:
   ssh_port: 22
+test_types:
+  - <%= options[:test_type] %>
 category: whitebox
-<% else %>
+configurable: true
+<% elsif options[:configurable] -%>
 prog_args: '%{target} %{fixme_custom_option}'
-category: blackbox
-<% end %>
+default_config:
+  fixme_custom_option: some_default_value
 test_types:
-  - <%= options[:test_type] %> 
-<% if options[:configurable] %>
+  - <%= options[:test_type] %>
+category: blackbox
 configurable: true
-<% else %>
+<% else -%>
+prog_args: '%{target}'
+test_types:
+  - <%= options[:test_type] %>
+category: blackbox
 configurable: false
-<% end %>
+<% end -%>
+

data/lib/norad_cli/templates/tool/tool_spec.rb.erb

@@ -2,9 +2,10 @@ require_relative '../spec_helper.rb'
 
 class <%= options[:spec_class_name] %>
   extend AssessmentHelpers
-   def self.default_test_config
-    {  }
-  end 
+# Uncomment and use to set default config values for testing purporse
+#   def self.default_test_config
+#    {  }
+#  end 
 end
 
 describe <%= options[:spec_class_name] %>, scan_assessment: true do

data/lib/norad_cli/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module NoradCli
-  VERSION = '0.1.0'
+  VERSION = '0.1.1'
 end

data/norad_cli.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
   spec.description   = 'Command line interface for norad.'
   spec.homepage      = 'https://gitlab.com/norad/cli'
   spec.license       = 'Apache-2.0'
-  spec.required_ruby_version = '~> 2.3.0'
+  spec.required_ruby_version = '~> 2.4.0'
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = 'bin'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: norad_cli
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Blake Hitchcock
@@ -172,9 +172,7 @@ email:
 - 'bmanifold@gmail.com '
 - roger.seagle@gmail.com
 executables:
-- console
 - norad
-- setup
 extensions: []
 extra_rdoc_files: []
 files:
@@ -190,9 +188,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- bin/console
 - bin/norad
-- bin/setup
 - lib/norad_cli.rb
 - lib/norad_cli/cli/main.rb
 - lib/norad_cli/cli/secrepo.rb
@@ -270,7 +266,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - "~>"
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/bin/console

@@ -1,15 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require 'bundler/setup'
-require 'norad'
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require 'pry'
-# Pry.start
-
-require 'irb'
-IRB.start

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here