qualys 0.1.4 → 0.1.5

data/spec/fixtures/vcr_cassettes/unlogged.yml

@@ -0,0 +1,45 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://qualysapi.qualys.eu/api/2.0/fo/scan/?action=list
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      X-Requested-With:
+      - Qualys Ruby Client v0.1.3
+  response:
+    status:
+      code: 401
+      message: Unauthorized
+    headers:
+      Date:
+      - Mon, 11 Dec 2017 12:54:07 GMT
+      Server:
+      - Qualys
+      X-Xss-Protection:
+      - '1'
+      X-Content-Type-Options:
+      - nosniff
+      X-Frame-Options:
+      - SAMEORIGIN
+      Transfer-Encoding:
+      - chunked
+      Content-Type:
+      - text/xml;charset=UTF-8
+    body:
+      encoding: UTF-8
+      string: |
+        <?xml version="1.0" encoding="UTF-8" ?>
+        <!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.eu/api/2.0/simple_return.dtd">
+        <SIMPLE_RETURN>
+          <RESPONSE>
+            <DATETIME>2017-12-11T12:54:07Z</DATETIME>
+            <CODE>2000</CODE>
+            <TEXT>Bad Login/Password</TEXT>
+          </RESPONSE>
+        </SIMPLE_RETURN>
+    http_version: 
+  recorded_at: Mon, 11 Dec 2017 12:54:07 GMT
+recorded_with: VCR 4.0.0

data/spec/fixtures/vcr_cassettes/wrong.yml

@@ -0,0 +1,101 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://qualysapi.qualys.eu/api/2.0/fo/scan
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      X-Requested-With:
+      - Qualys Ruby Client v0.1.3
+  response:
+    status:
+      code: 301
+      message: Moved Permanently
+    headers:
+      Date:
+      - Mon, 11 Dec 2017 12:58:49 GMT
+      Server:
+      - Qualys
+      Location:
+      - https://qualysapi.qualys.eu/api/2.0/fo/scan/
+      Content-Length:
+      - '255'
+      Content-Type:
+      - text/html; charset=iso-8859-1
+    body:
+      encoding: UTF-8
+      string: |
+        <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+        <html><head>
+        <title>301 Moved Permanently</title>
+        </head><body>
+        <h1>Moved Permanently</h1>
+        <p>The document has moved <a href="http://qualysapi.qualys.eu:443/api/2.0/fo/scan/">here</a>.</p>
+        </body></html>
+    http_version: 
+  recorded_at: Mon, 11 Dec 2017 12:58:49 GMT
+- request:
+    method: get
+    uri: https://qualysapi.qualys.eu/api/2.0/fo/scan/
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      X-Requested-With:
+      - Qualys Ruby Client v0.1.3
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Date:
+      - Mon, 11 Dec 2017 12:58:49 GMT
+      Server:
+      - Qualys
+      X-Xss-Protection:
+      - '1'
+      X-Content-Type-Options:
+      - nosniff
+      X-Frame-Options:
+      - SAMEORIGIN
+      Expires:
+      - Thu, 19 Nov 1981 08:52:00 GMT
+      Cache-Control:
+      - no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+      Pragma:
+      - no-cache
+      X-Ratelimit-Limit:
+      - '300'
+      X-Ratelimit-Window-Sec:
+      - '3600'
+      X-Concurrency-Limit-Limit:
+      - '2'
+      X-Concurrency-Limit-Running:
+      - '0'
+      X-Ratelimit-Towait-Sec:
+      - '0'
+      X-Ratelimit-Remaining:
+      - '294'
+      Connection:
+      - close
+      Transfer-Encoding:
+      - chunked
+      Content-Type:
+      - text/xml;charset=UTF-8
+    body:
+      encoding: UTF-8
+      string: |
+        <?xml version="1.0" encoding="UTF-8" ?>
+        <!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.eu/api/2.0/simple_return.dtd">
+        <SIMPLE_RETURN>
+          <RESPONSE>
+            <DATETIME>2017-12-11T12:58:49Z</DATETIME>
+            <CODE>1903</CODE>
+            <TEXT>Missing required parameter(s): action</TEXT>
+          </RESPONSE>
+        </SIMPLE_RETURN>
+    http_version: 
+  recorded_at: Mon, 11 Dec 2017 12:58:49 GMT
+recorded_with: VCR 4.0.0

data/spec/qualys/api_spec.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'rubygems'
+
+describe Qualys::Api do
+  describe 'api_get' do
+    let(:query) { Qualys::Api.api_get('/scan/', query: { action: 'list' }) }
+    let(:wrong_query) { Qualys::Api.api_get('/scan') }
+    let(:not_existing_query) { Qualys::Api.api_get('/nonExisting', query: { action: 'list' }) }
+
+    it 'query the API' do
+      VCR.use_cassette('api_get') do
+        expect(query.response.code).to eq '200'
+      end
+    end
+    it 'raises appropriatly' do
+      VCR.use_cassette('unlogged') do
+        expect { query }.to raise_error(Qualys::Api::AuthorizationRequired, 'Please Login Before Communicating With The API')
+      end
+
+      VCR.use_cassette('wrong') do
+        expect { wrong_query }.to raise_error(Qualys::Api::InvalidResponse)
+      end
+    end
+  end
+end

data/spec/qualys/report_spec.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Qualys::Report, type: :model do
+  let(:report) { Qualys::Report.global_report }
+
+  describe '#templates' do
+    it 'gets all the templates' do
+      VCR.use_cassette('templates') do
+        expect(Qualys::Report.templates.first['ID']).to eq '91078694'
+      end
+    end
+  end
+
+  describe '#find_by_id' do
+    it 'loads the report' do
+      VCR.use_cassette('templates') do
+        VCR.use_cassette('load_global_report') do
+          expect(Qualys::Report.find_by_id(4_888_430)).to be_kind_of Qualys::Report
+        end
+      end
+    end
+
+    it 'returns nil when the report does not exist ' do
+      VCR.use_cassette('templates') do
+        VCR.use_cassette('try_load_not_existing_report') do
+          expect(Qualys::Report.find_by_id(4_888_480)).to be_nil
+        end
+      end
+    end
+  end
+
+  describe '#create_global_report' do
+    it 'gets the report id' do
+      VCR.use_cassette('templates') do
+        VCR.use_cassette('create_global_report') do
+          expect(Qualys::Report.create_global_report).to eq '4888438'
+        end
+      end
+    end
+  end
+
+  describe '#global_report' do
+    it 'loads the report' do
+      VCR.use_cassette('templates') do
+        VCR.use_cassette('global_report') do
+          stub_const('Qualys::Report::TIMEOUT', 0)
+          expect(Qualys::Report.global_report).to be_kind_of(Qualys::Report)
+        end
+      end
+    end
+  end
+
+  describe '#hosts' do
+    it 'gets all the host' do
+      VCR.use_cassette('templates') do
+        VCR.use_cassette('global_report') do
+          stub_const('Qualys::Report::TIMEOUT', 0)
+          expect(report.hosts).to all(be_kind_of(Qualys::Host))
+        end
+      end
+    end
+  end
+end

data/spec/qualys/scans_spec.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Qualys::Scans, type: :model do
+  let(:scans) { Qualys::Scans.all }
+
+  describe '#all' do
+    it 'gets all the scans' do
+      VCR.use_cassette('scans') do
+        expect(scans.size).to eq 5
+        expect(scans).to all(be_an(Qualys::Scan))
+      end
+    end
+
+    it 'does not return scan if there is no' do
+      VCR.use_cassette('emptyscans') do
+        expect(scans).to eq []
+      end
+    end
+  end
+
+  describe '#get' do
+    it 'gets the scan' do
+      VCR.use_cassette('get') do
+        details = Qualys::Scans.get('scan/1512633883.79354')
+        expect(details.first.keys).to include('ip', 'dns', 'netbios', 'qid', 'instance',
+                                              'protocol', 'port', 'ssl', 'fqdn')
+      end
+    end
+  end
+end
+
+RSpec.describe Qualys::Scan, type: :model do
+  let(:scan) { Qualys::Scans.all[1] }
+  let(:error_scan) { Qualys::Scans.all[0] }
+
+  describe '#initialize' do
+    it 'has all fields filled' do
+      VCR.use_cassette('scan') do
+        expect(scan.ref).to eq 'scan/1512633883.79354'
+        expect(scan.title).to eq 'shellshock 20171207'
+        expect(scan.type).to eq 'On-Demand'
+        expect(scan.date).to eq '2017-12-07T08:04:43Z'
+        expect(scan.duration).to eq '00:07:02'
+        expect(scan.status).to eq 'Finished'
+        expect(scan.target).to eq '47.69.112.62'
+        expect(scan.user).to eq 'thomas'
+      end
+    end
+  end
+
+  describe '#details' do
+    it 'returns the details' do
+      VCR.use_cassette('scan') do
+        VCR.use_cassette('get') do
+          expect(scan.details.first.keys).to include('ip', 'dns', 'netbios', 'qid', 'instance',
+                                                     'protocol', 'port', 'ssl', 'fqdn')
+        end
+      end
+    end
+  end
+
+  describe '#finished' do
+    it 'returns returns a bolean' do
+      VCR.use_cassette('scan') do
+        expect(scan.finished?).to be true
+      end
+
+      VCR.use_cassette('scan') do
+        expect(error_scan.finished?).to be false
+      end
+    end
+  end
+end

data/spec/qualys/version_spec.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'qualys/version'
+
+require 'spec_helper'
+
+describe Qualys do
+  it 'has a version' do
+    expect(Qualys).to be_const_defined('VERSION')
+  end
+end

data/spec/qualys/vulnerability_spec.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Qualys::Vulnerability, type: :model do
+  let(:vulnerabilities) { Qualys::Report.global_report.hosts.first.vulnerabilities }
+  let(:vulnerability) { vulnerabilities[0] }
+  let(:vulnerability_with_cve) { vulnerabilities[5] }
+  let(:rich_vulnerability) { vulnerabilities[11] }
+
+  describe '#initialize' do
+    it 'initialize all elements for a basic vulnerability' do
+      stub_const('Qualys::Report::TIMEOUT', 0)
+      VCR.use_cassette('templates') do
+        VCR.use_cassette('global_report') do
+          expect(vulnerability).to be_kind_of(Qualys::Vulnerability)
+          expect(vulnerability.qid).to eq 'qid_38173'
+          expect(vulnerability.type).to eq 'Vuln'
+          expect(vulnerability.port).to eq '25'
+          expect(vulnerability.service).to eq 'smtp'
+          expect(vulnerability.protocol).to eq 'tcp'
+          expect(vulnerability.ssl).to eq 'true'
+          expect(vulnerability.result).to eq 'Certificate #0 CN=localhost.localdomain self signed certificate'
+          expect(vulnerability.first_found).to eq '2017-12-07T08:12:19Z'
+          expect(vulnerability.last_found).to eq '2017-12-07T08:12:19Z'
+          expect(vulnerability.times_found).to eq '1'
+          expect(vulnerability.status).to eq 'New'
+        end
+      end
+    end
+
+    it 'initializes the details' do
+      stub_const('Qualys::Report::TIMEOUT', 0)
+      VCR.use_cassette('templates') do
+        VCR.use_cassette('global_report') do
+          expect(vulnerability.details['id']).to eq vulnerability.qid
+          expect(vulnerability.cve_code_list).to be_nil
+          expect(vulnerability.title).to eq 'SSL Certificate - Signature Verification Failed Vulnerability'
+          expect(vulnerability.severity).to eq '2'
+          expect(vulnerability.category).to eq 'General remote services'
+          expect(vulnerability.threat).to start_with 'An SSL Certificate associates an entity (person, organization'
+          expect(vulnerability.impact).to start_with 'By exploiting this vulnerability, man-in-the-middle attacks'
+          expect(vulnerability.solution).to start_with 'Please install a server certificate signed by a trusted'
+          expect(vulnerability.pci_flag).to eq '1'
+          expect(vulnerability.correlation).to be_nil
+          expect(vulnerability.vendor_reference_list).to be_nil
+          expect(vulnerability.last_update).to be_nil
+          expect(vulnerability.url).to eq 'https://qualysguard.qualys.eu/fo/common/vuln_info.php?id=38173'
+        end
+      end
+    end
+  end
+end

data/spec/qualys_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe Qualys do
+  describe '#configure' do
+    it 'configures' do
+      expect do
+        Qualys.configure do |config|
+          config.username = 'Thomas'
+          config.password = 'verysafepass'
+        end
+      end.not_to raise_error
+
+      expect do
+        Qualys.configure do |config|
+          config.password = nil
+        end
+      end.to raise_error("Configuration parameter missing: 'password'. Please add it to the Qualys.configure block")
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,37 @@
+require 'coveralls'
+Coveralls.wear!
+
+require 'qualys'
+require 'vcr'
+
+SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new([
+                                                                 SimpleCov::Formatter::HTMLFormatter,
+                                                                 Coveralls::SimpleCov::Formatter
+                                                               ])
+SimpleCov.start
+
+VCR.configure do |config|
+  config.cassette_library_dir = 'spec/fixtures/vcr_cassettes'
+  config.hook_into :webmock
+end
+
+RSpec.configure do |config|
+  config.before(:suite) do
+    Qualys.configure do |qualys_config|
+      qualys_config.username = 'Thomas'
+      qualys_config.password = 'thomasPassword'
+    end
+
+    Qualys::Api.base_uri = 'https://qualysapi.qualys.eu/api/2.0/fo/'
+
+    VCR.use_cassette('login') do
+      Qualys::Auth.login
+    end
+  end
+
+  config.after(:suite) do
+    VCR.use_cassette('logout') do
+      Qualys::Auth.logout
+    end
+  end
+end

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: qualys
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Mike Mackintosh
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-25 00:00:00.000000000 Z
+date: 2017-12-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: json
+  name: erubis
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -25,21 +25,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: erubis
+  name: httparty
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.15'
 - !ruby/object:Gem::Dependency
-  name: httparty
+  name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,7 +95,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: vcr
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -109,7 +109,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: vcr
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -123,7 +123,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -143,10 +143,12 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
-- ".rock.yml"
 - ".rspec"
+- ".rubocop.yml"
+- ".rubocop_todo.yml"
 - ".travis.yml"
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -156,10 +158,33 @@ files:
 - lib/qualys/auth.rb
 - lib/qualys/compliance.rb
 - lib/qualys/config.rb
-- lib/qualys/reports.rb
+- lib/qualys/host.rb
+- lib/qualys/report.rb
 - lib/qualys/scans.rb
 - lib/qualys/version.rb
+- lib/qualys/vulnerability.rb
 - qualys.gemspec
+- spec/fixtures/vcr_cassettes/api_get.yml
+- spec/fixtures/vcr_cassettes/create_global_report.yml
+- spec/fixtures/vcr_cassettes/emptyscans.yml
+- spec/fixtures/vcr_cassettes/get.yml
+- spec/fixtures/vcr_cassettes/global_report.yml
+- spec/fixtures/vcr_cassettes/load_global_report.yml
+- spec/fixtures/vcr_cassettes/login.yml
+- spec/fixtures/vcr_cassettes/logout.yml
+- spec/fixtures/vcr_cassettes/scan.yml
+- spec/fixtures/vcr_cassettes/scans.yml
+- spec/fixtures/vcr_cassettes/templates.yml
+- spec/fixtures/vcr_cassettes/try_load_not_existing_report.yml
+- spec/fixtures/vcr_cassettes/unlogged.yml
+- spec/fixtures/vcr_cassettes/wrong.yml
+- spec/qualys/api_spec.rb
+- spec/qualys/report_spec.rb
+- spec/qualys/scans_spec.rb
+- spec/qualys/version_spec.rb
+- spec/qualys/vulnerability_spec.rb
+- spec/qualys_spec.rb
+- spec/spec_helper.rb
 homepage: http://github.com/mikemackintosh/ruby-qualys
 licenses:
 - MIT
@@ -184,4 +209,25 @@ rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: qualys API Client
-test_files: []
+test_files:
+- spec/fixtures/vcr_cassettes/api_get.yml
+- spec/fixtures/vcr_cassettes/create_global_report.yml
+- spec/fixtures/vcr_cassettes/emptyscans.yml
+- spec/fixtures/vcr_cassettes/get.yml
+- spec/fixtures/vcr_cassettes/global_report.yml
+- spec/fixtures/vcr_cassettes/load_global_report.yml
+- spec/fixtures/vcr_cassettes/login.yml
+- spec/fixtures/vcr_cassettes/logout.yml
+- spec/fixtures/vcr_cassettes/scan.yml
+- spec/fixtures/vcr_cassettes/scans.yml
+- spec/fixtures/vcr_cassettes/templates.yml
+- spec/fixtures/vcr_cassettes/try_load_not_existing_report.yml
+- spec/fixtures/vcr_cassettes/unlogged.yml
+- spec/fixtures/vcr_cassettes/wrong.yml
+- spec/qualys/api_spec.rb
+- spec/qualys/report_spec.rb
+- spec/qualys/scans_spec.rb
+- spec/qualys/version_spec.rb
+- spec/qualys/vulnerability_spec.rb
+- spec/qualys_spec.rb
+- spec/spec_helper.rb