norad_cli 0.1.12 → 0.1.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1fdbc2f98f7a10dba2deb40bfc554540a1b9c630
-  data.tar.gz: 9e9fb1b781796471420babc6bd263d3e4ce971f0
+  metadata.gz: ca54e887d7d704e64bbc278a2b4cc8afbbd0674c
+  data.tar.gz: 1201b3922139b899cc42785f6def1c58f9ea1f71
 SHA512:
-  metadata.gz: b831f86443219c3fd5ca7f68d8dab0d8ecdb86cb960763406725fad24f34ea782f03efed5e3fcc94ef0f1d9c89e3e4cf3ccaef790770e464f76323949cd6ca4a
-  data.tar.gz: 330c0fd1a7e51ebda7791087043c7ed4797a620b6e54cdd042d339c7a78ccd00ed4936dfcb081ae1daa19864685843a763220dc16468c305818adefc9cf3efab
+  metadata.gz: e28eaea3ca41e1e69c2021c1a770fa692b4f4d50b9343a021475fbb77855325e700023ba02328486bb7629b9c1c65759720475a7ede4f9fbaa78eb827b7a91a8
+  data.tar.gz: fc56350a7b03f7b7a037a8d3b692c6c2fb80e10020e793786f1f30d0389bf9effa228fdced9beba35b4932a924d000d24f76c50104527bacb70b305ab5f24748

data/.gitignore

@@ -7,3 +7,6 @@
 /pkg/
 /spec/reports/
 /tmp/
+
+# Editor files
+*.swp

data/.rubocop.yml

@@ -13,12 +13,14 @@ Metrics/LineLength:
 Metrics/MethodLength:
   Exclude:
     - 'lib/norad_cli/support/api_security_container_seed_script.rb'
+    - 'lib/norad_cli/support/sectest_container.rb'
     - 'lib/norad_cli/cli/sectest.rb'
 Metrics/AbcSize:
   Exclude:
     - 'lib/norad_cli/support/api_security_container_seed_script.rb'
     - 'lib/norad_cli/cli/sectest.rb'
     - 'lib/norad_cli/support/manifest_spec.rb'
+    - 'lib/norad_cli/support/sectest_container.rb'
 Metrics/BlockLength:
   Exclude:
     - 'spec/**/*'

data/README.md

@@ -15,7 +15,7 @@ The above site contains all the necessary information to install Docker on a Mac
 This utility can be installed simply by:
 
 ```
-$ gem install norad
+$ gem install norad_cli
 ```
 
 Once installed, a norad executable should be available.
@@ -101,14 +101,66 @@ The sectest subcommand is where general security test tool development occurs.
 ```
 $ norad help sectest
 Commands:
-  norad sectest build SECTESTNAME              # Builds the docker image for the security test SECTESTNAME
-  norad sectest build:all SECTESTNAME          # Builds all images for security test SECTESTNAME
-  norad sectest build:specs SECTESTNAME        # Builds the spec images for the security test SECTESTNAME
-  norad sectest execute SECTESTNAME ARGUMENTS  # Executes the specified security test SECTESTNAME w/ ARGUMENTS
-  norad sectest help [COMMAND]                 # Describe subcommands or one specific subcommand
-  norad sectest scaffold TESTNAME              # Create a new security test with standard files + testing
-  norad sectest seed                           # Create the containers.rb seed to import into the api
-  norad sectest spec SECTESTNAME               # Run the rspec tests for security tool SECTESTNAME
+  norad sectest build                       # Build all sectest images and specs for the entire repository
+  norad sectest build:all SECTESTNAME       # Build sectest images for SECTESTNAME and all testing images for SECTESTNAME
+  norad sectest build:image SECTESTNAME     # Build the docker image for the security test SECTESTNAME
+  norad sectest build:specs SECTESTNAME     # Build the spec images (test images) for the security test SECTESTNAME
+  norad sectest execute SECTESTNAME         # Execute SECTESTNAME against an arbitrary target
+  norad sectest help [COMMAND]              # Describe subcommands or one specific subcommand
+  norad sectest scaffold TESTNAME           # Create a new security test with standard files + testing
+  norad sectest seed                        # Create the containers.rb seed to import into the api
+  norad sectest spec                        # Run all rspec tests for the entire repo (all sectests)
+  norad sectest spec:image SECTESTNAME      # Run the rspec tests for SECTESTNAME
+  norad sectest validate                    # Validate all manifest.yml and readme.md
+  norad sectest validate:image SECTESTNAME  # Validate SECTESTNAME manifest.yml and readme.md
+```
+
+### Sectest Execute Command
+
+The execute command enables users to run any SECTESTNAME container against an arbitrary target.  To see the available options for the subcommand, run:
+
+```
+$ norad sectest -h execute
+Usage:
+  norad execute SECTESTNAME
+
+Options:
+  -d, [--debug], [--no-debug]    # Turn on debugging messages (e.g. Docker build logs to stdout)
+  -f, [--format], [--no-format]  # Print the JSON results formatted
+  -r, [--registry=REGISTRY]      # The Docker registry for Docker images
+                                 # Default: norad-registry.cisco.com:5000
+  -v, [--version=VERSION]        # The version of the sectest container to build
+                                 # Default: latest
+
+Execute SECTESTNAME against an arbitrary target
+```
+
+Since the execute command runs arbitrary SECTESTNAME containers, it must support dynamically setting options for those containers.  Therefore, the command supports gathering and printing help with any SECTESTNAME container.  To get the help for a container run:
+
+```
+$ norad sectest execute SECTESTNAME -h
+```
+
+The execute subcommand reads the SECTESTNAME's manifest.yml to determine all available options.  An example of this behavior is:
+
+```
+$ norad sectest execute sec-ops-sudo -h
+Usage:
+  norad execute sec-ops-sudo
+
+Options:
+  -d, [--debug], [--no-debug]    # Turn on debugging messages (e.g. Docker build logs to stdout)
+  -f, [--format], [--no-format]  # Print the JSON results formatted
+  -r, [--registry=REGISTRY]      # The Docker registry for Docker images
+                                 # Default: norad-registry.cisco.com:5000
+  -v, [--version=VERSION]        # The version of the sectest container to build
+                                 # Default: latest
+  -t, [--target=TARGET]          # The IP or FQDN of the host to test
+  -u, [--ssh-user=SSH_USER]      # If the sectest requires authentication, then the username for authentication
+  -p, [--port=PORT]              # The port to use for testing
+  -k, [--ssh-key=SSH_KEY]        # If the sectest requires authentication, then the path to the ssh key file
+
+Execute sec-ops-sudo against an arbitrary target
 ```
 
 ## Development

data/WALKTHROUGH.md

@@ -44,18 +44,18 @@ Now, for this example, we will be creating a security test using the ping utilit
 ```
 $ norad help sectest
 Commands:
-  norad sectest build                          # Build all sectest images and specs for the entire repository
-  norad sectest build:all SECTESTNAME          # Build sectest images for SECTESTNAME and all testing images for SECTESTNAME
-  norad sectest build:image SECTESTNAME        # Build the docker image for the security test SECTESTNAME
-  norad sectest build:specs SECTESTNAME        # Build the spec images (test images) for the security test SECTESTNAME
-  norad sectest execute SECTESTNAME ARGUMENTS  # Executes the specified security test SECTESTNAME w/ ARGUMENTS
-  norad sectest help [COMMAND]                 # Describe subcommands or one specific subcommand
-  norad sectest scaffold TESTNAME              # Create a new security test with standard files + testing
-  norad sectest seed                           # Create the containers.rb seed to import into the api
-  norad sectest spec                           # Run all rspec tests for the entire repo (all sectests)
-  norad sectest spec:image SECTESTNAME         # Run the rspec tests for SECTESTNAME
-  norad sectest validate                       # Validate all manifest.yml and readme.md
-  norad sectest validate:image SECTESTNAME     # Validate SECTESTNAME manifest.yml and readme.md
+  norad sectest build                       # Build all sectest images and specs for the entire repository
+  norad sectest build:all SECTESTNAME       # Build sectest images for SECTESTNAME and all testing images for SECTESTNAME
+  norad sectest build:image SECTESTNAME     # Build the docker image for the security test SECTESTNAME
+  norad sectest build:specs SECTESTNAME     # Build the spec images (test images) for the security test SECTESTNAME
+  norad sectest execute SECTESTNAME         # Execute SECTESTNAME against an arbitrary target
+  norad sectest help [COMMAND]              # Describe subcommands or one specific subcommand
+  norad sectest scaffold TESTNAME           # Create a new security test with standard files + testing
+  norad sectest seed                        # Create the containers.rb seed to import into the api
+  norad sectest spec                        # Run all rspec tests for the entire repo (all sectests)
+  norad sectest spec:image SECTESTNAME      # Run the rspec tests for SECTESTNAME
+  norad sectest validate                    # Validate all manifest.yml and readme.md
+  norad sectest validate:image SECTESTNAME  # Validate SECTESTNAME manifest.yml and readme.md
 ```
 
 To start off, we use the scaffold command to create all of the required files to create a security test.  The scaffold subcommand includes several options:

data/lib/norad_cli/cli/sectest.rb

@@ -3,28 +3,74 @@ require 'thor'
 require 'git'
 require 'docker'
 require 'norad_cli/support/api_security_container_seed_script'
+require 'norad_cli/support/sectest_container'
 require 'rspec'
+require 'json'
+require 'rainbow'
 
 class Sectest < Thor
   include Thor::Actions
 
+  @reserved_sectest_args = { target: ['-t', 'The IP or FQDN of the host to test'],
+                             ssh_user: ['-u', 'If the sectest requires authentication, then the username for authentication'],
+                             ssh_key: ['-k', 'If the sectest requires authentication, then the path to the ssh key file'],
+                             port: ['-p', 'The port to use for testing'],
+                             service_username: ['-e', 'FILL ME IN'],
+                             service_password: ['-r', 'FILL ME IN'],
+                             web_service_protocolweb_service_url_blacklist: ['-b', 'FILL ME IN'],
+                             web_service_auth_type: ['-a', 'FILL ME IN'],
+                             web_service_starting_page_path: ['-g', 'FILL ME IN'],
+                             web_service_login_form_username_field_name: ['-l', 'FILL ME IN'],
+                             web_service_login_form_password_field_name: ['-m', 'FILL ME IN'] }
+
   def self.source_root
     File.join(File.dirname(File.expand_path(__FILE__)), '../templates/')
   end
 
+  # Loads a manifest file depending on the command
+  # rubocop:disable Style/GuardClause
+  def self.load_manifest
+    @sectest_manifest = {}
+
+    # Set defaults just in case no manifest.yml to overwrite
+    @sectest_manifest['registry'] = 'norad-registry.cisco.com:5000'
+    @sectest_manifest['version'] = 'latest'
+
+    # Dynamically add options and description based on the needs of the sectest container
+    if %w(build build:all build:image build:specs execute).include?(ARGV[1]) && ARGV[2] && !ARGV[2].start_with?('-', '--')
+      # Read in the program arguments
+      if File.exist?("sectests/#{ARGV[2]}/manifest.yml")
+        @sectest_manifest = YAML.safe_load(File.read("sectests/#{ARGV[2]}/manifest.yml"))
+      else
+        puts Rainbow("Error: #{ARGV[2]} sectest does not exist or it is missing sectests/#{ARGV[2]}/manifest.yml").red
+        puts Rainbow('Exiting...').red
+        exit(1)
+      end
+    end
+  end
+  # rubocop:enable Style/GuardClause
+
+  def initialize(*args)
+    super
+
+    # Check if the command is being run from the repository root (all commands must be)
+    root_dir?
+  end
+
+  # Load the manifest file if necessary
+  # Correct set default registry and version
+  load_manifest
+
   desc 'scaffold TESTNAME', 'Create a new security test with standard files + testing'
   option :test_type, aliases: '-t', default: 'whole_host', desc: 'The security test type, Options: [authenticated|web_application|brute_force|ssl_crypto|ssh_crypto|whole_host]'
-  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry to store docker images'
-  option :version, aliases: '-v', default: 'latest', desc: 'The version of the security test'
+  option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry to store docker images'
+  option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the security test'
   option :base_image, aliases: '-b', default: 'norad-registry.cisco.com:5000/norad:0.0.1', desc: 'Base Docker image to use (i.e. FROM field in the Dockerfile)'
   option :configurable, type: :boolean, aliases: '-c', desc: 'Is the security test configurable (e.g. Qualys username and password)'
   def scaffold(sectest_name)
     # Grab the current directory
     repo_dir = Dir.pwd
 
-    # Check for the root_dir
-    root_dir?
-
     # Check for valid test types
     if !%w(authenticated web_application brute_force ssl_crypto ssh_crypto whole_host).include?(options[:test_type])
       say("#{options[:test_type]} is not a supported test type", :red)
@@ -58,12 +104,10 @@ class Sectest < Thor
   end
 
   desc 'build', 'Build all sectest images and specs for the entire repository'
-  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
-  option :version, aliases: '-v', default: 'latest', desc: 'The version of the sectest container to build'
+  option :debug, aliases: '-d', type: :boolean, default: true, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
+  option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
   def build
-    # Check for the root_dir
-    root_dir?
-
     # Error check to ensure this is a plugin directory
     Dir.glob('sectests/*').select do |f|
       if File.directory? f
@@ -75,12 +119,10 @@ class Sectest < Thor
 
   # Define arguments and options
   desc 'build:image SECTESTNAME', 'Build the docker image for the security test SECTESTNAME'
-  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
-  option :version, aliases: '-v', default: 'latest', desc: 'The version of the sectest container to build'
+  option :debug, aliases: '-d', type: :boolean, default: true, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
+  option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
   define_method 'build:image' do |name|
-    # Check for the root_dir
-    root_dir?
-
     imgs_to_build = {}
     imgs_to_build["sectests/#{name}"] = "#{options[:registry]}/#{name}:#{options[:version]}"
 
@@ -102,19 +144,17 @@ class Sectest < Thor
     imgs_to_build.keys.reverse_each do |img_dir|
       say("Building image #{img_dir}...", :green)
       Docker::Image.build_from_dir(img_dir, t: imgs_to_build[img_dir]) do |v|
-        $stdout.puts v
+        $stdout.puts v if options[:debug]
       end
     end
   end
 
   # Define arguments and options
   desc 'build:specs SECTESTNAME', 'Build the spec images (test images) for the security test SECTESTNAME'
-  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
-  option :version, aliases: '-v', default: 'latest', desc: 'The version of the sectest container to build'
+  option :debug, aliases: '-d', type: :boolean, default: true, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
+  option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
   define_method 'build:specs' do |name|
-    # Check for the root_dir
-    root_dir?
-
     imgs_to_build = {}
     imgs_to_build["#{File.expand_path(File.dirname(__FILE__))}/../templates/spec/support/Dockerfile.testserver"] = 'docker-images-test-results-server:latest'
     imgs_to_build["#{File.expand_path(File.dirname(__FILE__))}/../templates/spec/support/Dockerfile.ubuntu_ssh"] = 'docker-images-test-ubuntu-ssh-server:latest'
@@ -131,7 +171,7 @@ class Sectest < Thor
       say("Building image #{img_dir}...", :green)
       docker_file = img_dir.split('/')[-1]
       Docker::Image.build_from_dir(img_dir.gsub(docker_file, ''), dockerfile: docker_file, t: imgs_to_build[img_dir]) do |v|
-        $stdout.puts v
+        $stdout.puts v if options[:debug]
       end
     end
 
@@ -141,12 +181,10 @@ class Sectest < Thor
 
   # Define arguments and options
   desc 'build:all SECTESTNAME', 'Build sectest images for SECTESTNAME and all testing images for SECTESTNAME'
-  option :registry, aliases: '-r', default: 'norad-registry.cisco.com:5000', desc: 'The Docker registry for Docker images'
-  option :version, aliases: '-v', default: 'latest', desc: 'The version of the sectest container to build'
+  option :debug, aliases: '-d', type: :boolean, default: true, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
+  option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
   define_method 'build:all' do |name|
-    # Check for the root_dir
-    root_dir?
-
     # Build the sectest image
     send('build:image', name)
 
@@ -154,13 +192,56 @@ class Sectest < Thor
     send('build:specs', name)
   end
 
+  # Dynamically add options and description based on the needs of the sectest container
+  if ARGV[1] == 'execute' && ARGV[2] && !ARGV[2].start_with?('-', '--')
+    desc "execute #{ARGV[2]}", "Execute #{ARGV[2]} against an arbitrary target"
+
+    # Dynamically create options
+    @sectest_manifest['prog_args'].scan(/{(.*?)}/).each do |ar|
+      if @reserved_sectest_args.key?(ar[0].to_sym)
+        option ar[0].to_sym, aliases: @reserved_sectest_args[ar[0].to_sym][0], desc: @reserved_sectest_args[ar[0].to_sym][1]
+      else
+        option ar[0].to_sym
+      end
+    end
+  else
+    desc 'execute SECTESTNAME', 'Execute SECTESTNAME against an arbitrary target'
+  end
+  option :debug, aliases: '-d', type: :boolean, default: false, desc: 'Turn on debugging messages (e.g. Docker build logs to stdout)'
+  option :format, aliases: '-f', type: :boolean, default: false, desc: 'Print the JSON results formatted'
+  option :registry, aliases: '-r', default: @sectest_manifest['registry'], desc: 'The Docker registry for Docker images'
+  option :version, aliases: '-v', default: @sectest_manifest['version'], desc: 'The version of the sectest container to build'
+  def execute(sectest_name)
+    # Ensure the results server is built by building the images specs (code reuse)
+    send('build:specs', sectest_name)
+
+    # Build the sectest image if necessary
+    send('build:image', sectest_name)
+
+    # Allocate an instance of the sectest
+    sectest_instance = NoradCli::SecTestContainer.new(ARGV[2], options)
+
+    # Start the test
+    sectest_instance.start
+
+    # Print any debugging
+    sectest_instance.output(options[:target]) if options[:debug]
+
+    # Get the results
+    results = sectest_instance.results
+
+    say('Results are:', :green)
+    formatted_results = options[:format] ? JSON.pretty_generate(JSON.parse(results)) : results
+    puts formatted_results
+
+    # Cleanup the sectest container
+    sectest_instance.shutdown
+  end
+
   desc 'spec:image SECTESTNAME', 'Run the rspec tests for SECTESTNAME'
   option :verbose, aliases: '-v', type: :boolean, desc: 'Turn on verbose logging'
   option :debug, aliases: '-d', type: :boolean, desc: 'Turn on debugging'
   define_method 'spec:image' do |name|
-    # Check for the root_dir
-    root_dir?
-
     # Set environment variables
     if options[:verbose]
       ENV['ENABLE_LOGS'] = 'true'
@@ -189,9 +270,6 @@ class Sectest < Thor
   option :verbose, aliases: '-v', type: :boolean, default: false, desc: 'Turn on verbose logging'
   option :debug, aliases: '-d', type: :boolean, desc: 'Turn on debugging'
   def spec
-    # Check for the root_dir
-    root_dir?
-
     # Error check to ensure this is a plugin directory
     Dir.glob('sectests/*').select do |f|
       if File.directory? f
@@ -205,18 +283,12 @@ class Sectest < Thor
   option :seedfile, aliases: '-s', type: :string, default: './containers.rb', desc: 'The name of the seed file to generate'
   option :docsite, aliases: '-d', type: :string, default: 'https://norad.gitlab.io/docs/', desc: 'Set the documentation site'
   def seed
-    # Check for the root_dir
-    root_dir?
-
     # Generate the seed file
     SeedGenerator.process_manifests(options[:seedfile], options[:docsite])
   end
 
   desc 'validate:image SECTESTNAME', 'Validate SECTESTNAME manifest.yml and readme.md'
   define_method 'validate:image' do |name|
-    # Check for the root_dir
-    root_dir?
-
     # Validate the readme file
     ENV['sectest_name'] = name
     RSpec.clear_examples
@@ -229,13 +301,10 @@ class Sectest < Thor
 
   desc 'validate', 'Validate all manifest.yml and readme.md'
   def validate
-    # Check for the root_dir
-    root_dir?
-
     # Error check to ensure this is a plugin directory
     Dir.glob('sectests/*').select do |f|
       if File.directory? f
-        # Build all for the sectest
+        # Validate manifest and readme for the sectest
         send('validate:image', f.split('/')[-1])
       end
     end

data/lib/norad_cli/support/results_server.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+module NoradCli
+  class ResultsServer
+    attr_accessor :container
+
+    def initialize(test_results_server_image)
+      @container = Docker::Container.create(
+        Image: test_results_server_image,
+        HostConfig: { PublishAllPorts: true }
+      )
+    end
+
+    def start
+      @container.start
+      sleep 5 # sleep rather than wait since we are daemonizing a containe
+      refresh
+    end
+
+    def refresh
+      @container.refresh! # get more details
+    end
+
+    def shutdown
+      @container.stop
+      @container.delete(force: true)
+    end
+
+    def host_port
+      @container.info['NetworkSettings']['Ports']['3000/tcp'].first['HostPort']
+    end
+  end
+end

data/lib/norad_cli/support/sectest_container.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+require 'norad_cli/support/results_server.rb'
+require 'net/http'
+require 'securerandom'
+require 'rainbow'
+
+module NoradCli
+  class SecTestContainer
+    attr_accessor :container
+    attr_accessor :assessment_id
+    attr_accessor :sectest_image
+    attr_accessor :results_server
+
+    def initialize(sectest_name, options)
+      # Generate a random assessment id
+      @assessment_id = SecureRandom.hex(32)
+
+      @sectest_image = "#{options['registry']}/#{sectest_name}:#{options[:version]}"
+
+      # Create a results server
+      @results_server = NoradCli::ResultsServer.new('docker-images-test-results-server')
+
+      ENV['ENABLE_LOGS'] = 'true'
+      env = [
+        'NORAD_ROOT=http://results:3000',
+        %(ASSESSMENT_PATHS=[{"id":"singletest", "assessment": "/results/#{@assessment_id}"}]),
+        'NORAD_SECRET=1234'
+      ]
+
+      # Create the container
+      @container = Docker::Container.create(Image: @sectest_image,
+                                            Cmd: prog_args(sectest_name, options),
+                                            Env: env,
+                                            HostConfig: { Links: ["#{@results_server.container.id}:results"] })
+    end
+
+    # Format the prog_args appropriately for the container
+    def prog_args(sectest_name, options)
+      # Grab the program arguments (minus other function options)
+      # Options is a Thor::CoreExt::HashWithIndifferentAccess (except does not work)
+      prog_arg_hash = options.each_with_object({}) do |(k, v), hsh|
+        hsh[k.to_sym] = v unless k == 'debug' || k == 'registry' || k == 'version'
+      end
+
+      # Load the prog_arg format
+      sectest_options ||= YAML.safe_load(File.read("sectests/#{sectest_name}/manifest.yml"))
+
+      # Load an ssh key if necess
+      prog_arg_hash[:ssh_key] = load_ssh_key(prog_arg_hash[:ssh_key]) if prog_arg_hash.key?(:ssh_key)
+
+      # Fill out the prog_args and return
+      begin
+        format(sectest_options['prog_args'], prog_arg_hash).split(' ')
+      rescue KeyError
+        puts Rainbow('Error: The containers required arguments were not set.').red
+        puts Rainbow("Arguments in %{} should be set: #{sectest_options['prog_args']}").red
+        puts Rainbow("Arguments given: #{prog_arg_hash}").red
+        puts Rainbow("Run 'norad sectest execute #{sectest_name} -h' to see how to set arguments!").red
+        puts Rainbow('Exiting...').red
+        exit(1)
+      end
+    end
+
+    def start
+      # Start the results server container
+      @results_server.start
+
+      # Start the sectest container
+      @container.start
+      @container.wait(60 * 10)
+    end
+
+    def output(target)
+      # Output container logs for debugging
+      @container.stop
+      c_state = @container.json['State']
+
+      # Print the entire state regardless of error or not to aid in debugging
+      puts Rainbow("[DEBUG] Container #{@sectest_image}'s Final State").green
+      puts Rainbow('-------------------------').green
+      c_state.each do |key, value|
+        puts Rainbow("#{key}: #{value}").green
+      end
+
+      puts Rainbow("\n[DEBUG] Logs for target #{@sectest_image} run against #{target}:").green
+
+      # Print logs regardless of ExitCode
+      puts Rainbow(@container.logs(stdout: true, stderr: true)).green
+    end
+
+    def results
+      # Get the results
+      url = "http://localhost:#{@results_server.host_port}/results?assessment_id=#{@assessment_id}"
+      uri = URI.parse(url)
+      http = Net::HTTP.new(uri.host, uri.port)
+      request = Net::HTTP::Get.new(uri)
+      response = http.request(request)
+      if response.code == '200'
+        response.body
+      else
+        puts Rainbow('Error retrieving results\nExiting...').red
+        shutdown
+        exit(1)
+      end
+    end
+
+    def shutdown
+      # Stop the sectest image container and delete
+      @container.stop
+      @container.delete(force: true)
+
+      # Cleanup/Garbage collect the results server
+      @results_server.shutdown
+    end
+
+    private
+
+    # Replace ssh key file with encoded ssh key
+    def load_ssh_key(ssh_key_file)
+      if File.exist?(ssh_key_file)
+        Base64.strict_encode64(File.read(ssh_key_file))
+      else
+        puts Rainbow("Error: SSH Key file: #{ssh_key_file} does not exist!\nExiting..\n").red
+        exit(1)
+      end
+    end
+  end
+end

data/lib/norad_cli/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module NoradCli
-  VERSION = '0.1.12'
+  VERSION = '0.1.13'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: norad_cli
 version: !ruby/object:Gem::Version
-  version: 0.1.12
+  version: 0.1.13
 platform: ruby
 authors:
 - Blake Hitchcock
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-16 00:00:00.000000000 Z
+date: 2017-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: git
@@ -197,6 +197,8 @@ files:
 - lib/norad_cli/support/api_security_container_seed_script.rb
 - lib/norad_cli/support/manifest_spec.rb
 - lib/norad_cli/support/readme_spec.rb
+- lib/norad_cli/support/results_server.rb
+- lib/norad_cli/support/sectest_container.rb
 - lib/norad_cli/templates/.gitignore
 - lib/norad_cli/templates/.rspec
 - lib/norad_cli/templates/CONTRIBUTING.md
@@ -275,7 +277,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.10
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Command line interface for norad.