qualys_api 0.1.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e8bf69f413aab3dbba9bb8f5024877232de85fb9
+  data.tar.gz: 780302f4ae8b704f543cbe959ad906d81376f7cb
+SHA512:
+  metadata.gz: f1d5cf468747754584462c2d887c7e1ee638829a9ed2b9f6e12956195826059275d85550cc82bc2e5c836583c4e23ab6c0682edad7c67ae235695e09137c652f
+  data.tar.gz: ecb6fc5ce33b2aa67df249d59a624eaba979ed6039ad6e45eee0211b1e1b70601128fbec1e654a07288e481af080b8410af552609c46e33e17006e2cb9d875bd

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in qualys_api.gemspec
+gemspec

data/README.md

@@ -0,0 +1,35 @@
+# QualysApi
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/qualys_api`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'qualys_api'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install qualys_api
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/qualys_api.

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "qualys_api"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/qualys_api.rb

@@ -0,0 +1,16 @@
+
+require 'faraday'
+require 'faraday_middleware'
+
+require "qualys_api/version"
+
+require "qualys_api/base"
+
+require "qualys_api/types/scan"
+require "qualys_api/types/host"
+require "qualys_api/types/issue"
+require "qualys_api/types/knowledge"
+
+require "qualys_api/knowledge"
+require "qualys_api/auth"
+require "qualys_api/scan"

data/lib/qualys_api/auth.rb

@@ -0,0 +1,19 @@
+module Qualys
+  class Auth < Qualys::Base
+    def initialize(username, password, server=:na)
+      super(username, password, server)
+
+      @username = username
+      @password = password
+    end
+    
+    def login
+      params = { action: 'login', username: @username, password: @password }
+      response = post('/api/2.0/fo/session/', params )
+
+      Qualys::Config.session_key = response.headers['set-cookie']
+
+      true
+    end
+  end
+end

data/lib/qualys_api/base.rb

@@ -0,0 +1,118 @@
+module Qualys
+  class Exception < RuntimeError; end
+  class InvalidResponse < RuntimeError; end
+  class InvalidLogin < RuntimeError; end
+  class InvalidRegion < RuntimeError; end
+
+  class Base
+    PLATFORMS = {
+      na: 'https://qualysapi.qualys.com/api/2.0/fo/',
+      na2: 'https://qualysapi.qg2.apps.qualys.com/api/2.0/fo/',
+      na3: 'https://qualysapi.qg3.apps.qualys.com/api/2.0/fo/',
+      eu: 'https://qualysapi.qualys.eu/api/2.0/fo/',
+      eu1: 'https://qualysapi.qg2.apps.qualys.eu/api/2.0/fo/',
+      in: 'https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/'
+    }.freeze
+
+    def initialize(username, password, server = :na)
+      raise Qualys::InvalidRegion if PLATFORMS[server].nil?
+
+      @server = PLATFORMS[server]
+
+      @conn = Faraday.new(url: @server) do |faraday|
+        faraday.request :url_encoded
+        faraday.adapter Faraday.default_adapter
+        faraday.response :xml,  content_type: /\bxml$/
+        faraday.response :json, content_type: /\bjson$/
+      end
+
+      @conn.basic_auth(username, password)
+    end
+
+    def get(url, params = {})
+      response = @conn.get do |req|
+        req.url url
+        req.params = params
+        req.headers['X-Requested-With'] = 'ruby qualys_api'
+      end
+
+      if response.status.eql?(401)
+        raise Qualys::LoginRequired, 'Invalid Login Credentials'
+      elsif !response.status.eql?(200)
+        raise Qualys::InvalidResponse, 'Invalid Response Received'
+      end
+
+      response
+    end
+
+    def post(url, params = {})
+      response = @conn.post do |req|
+        req.url url
+        req.body = params
+        req.headers['X-Requested-With'] = 'ruby qualys_api'
+      end
+
+      if response.status.eql?(401)
+        raise Qualys::LoginRequired, 'Invalid Login Credentials'
+      elsif !response.status.eql?(200)
+        raise Qualys::InvalidResponse, 'Invalid Response Received'
+      end
+
+      response
+    end
+  end
+
+  module Config
+    extend self
+
+    attr_accessor :session_key
+  end
+
+  module Type
+    class Base
+      def initialize(hash)
+        @raw_hash = downcase_hash(hash)
+      end
+
+      def method_missing(name, *args, &block)
+        @raw_hash[name] if @raw_hash.key? name
+        @raw_hash.each { |k, v| return v if k.to_s.to_sym == name }
+        super.method_missing name
+      end
+
+      def respond_to?(name, include_private = false)
+        return true if @raw_hash.key? name
+        @raw_hash.each { |k, _v| return true if k.to_s.to_sym == name }
+        super
+      end
+
+      private
+
+      def downcase_hash(value)
+        case value
+        when Array
+          value.map { |v| downcase_hash(v) }
+        # or `value.map(&method(:convert_hash_keys))`
+        when Hash
+          Hash[value.map { |k, v| [k.downcase, downcase_hash(v)] }]
+        else
+          value
+        end
+      end
+    end
+  end
+end
+
+class Hash
+  def method_missing(name, *args, &block)
+    self[name] if key? name
+    each { |k, v| return v if k.to_s.to_sym == name }
+    super.method_missing name
+  end
+
+  def respond_to?(name, include_private = false)
+    return true if key? name
+    each { |k, _v| return true if k.to_s.to_sym == name }
+    super
+  end
+end

data/lib/qualys_api/knowledge.rb

@@ -0,0 +1,59 @@
+module Qualys
+  class KnowledgeBase < Qualys::Base
+
+    def get_all
+      uri = '/api/2.0/fo/knowledge_base/vuln/'
+      params = {
+        action: 'list',
+        details: 'All'
+      }
+
+      response = get(uri, params)
+
+      unless response.body['KNOWLEDGE_BASE_VULN_LIST_OUTPUT']['RESPONSE'].has_key? 'VULN_LIST'
+        return []
+      end
+
+      kb = response.body['KNOWLEDGE_BASE_VULN_LIST_OUTPUT']['RESPONSE']['VULN_LIST']['VULN']
+
+      if kb.class == Hash
+        return [Qualys::Knowledge.new(kb)]
+      elsif kb.class == Array
+        kb.map! do |qid|
+          Qualys::Knowledge.new(qid)
+        end
+      else
+        return []
+      end
+    end
+
+    def get_qid(qids)
+      raise ArgumentError if qids.nil?
+
+      uri = '/api/2.0/fo/knowledge_base/vuln/'
+      params = {
+        action: 'list',
+        details: 'All',
+        ids: qids
+      }
+
+      response = get(uri, params)
+
+      unless response.body['KNOWLEDGE_BASE_VULN_LIST_OUTPUT']['RESPONSE'].has_key? 'VULN_LIST'
+        return []
+      end
+
+      kb = response.body['KNOWLEDGE_BASE_VULN_LIST_OUTPUT']['RESPONSE']['VULN_LIST']['VULN']
+
+      if kb.class == Hash
+        return [Qualys::Knowledge.new(kb)]
+      elsif kb.class == Array
+        kb.map! do |qid|
+          Qualys::Knowledge.new(qid)
+        end
+      else
+        return []
+      end
+    end
+  end
+end

data/lib/qualys_api/scan.rb

@@ -0,0 +1,54 @@
+module Qualys
+  class Scans < Qualys::Base
+    def get_scans
+      uri = '/api/2.0/fo/scan/'
+      params = {
+        action: 'list',
+      }
+
+      response = get(uri, params)
+
+      unless response.body['SCAN_LIST_OUTPUT']['RESPONSE'].has_key? 'SCAN_LIST'
+        return []
+      end
+
+      scans = response.body['SCAN_LIST_OUTPUT']['RESPONSE']['SCAN_LIST']['SCAN']
+
+      if scans.class == Hash
+        return [Qualys::Scan.new(scans)]
+      elsif scans.class == Array
+        scans.map! do |scan|
+          Qualys::Scan.new(scan)
+        end
+      else
+        return []
+      end
+    end
+
+    def get_scan(scan_ref)
+      raise ArgumentError if scan_ref.nil?
+
+      uri = '/api/2.0/fo/scan/'
+      params = {
+        action: 'fetch',
+        mode: 'extended',
+        output_format: 'json',
+        scan_ref: scan_ref
+      }
+
+      response = get(uri, params)
+
+      issues = JSON.parse(response.body)
+
+      if issues.class == Hash
+        return [Qualys::Issue.new(issues)]
+      elsif issues.class == Array
+        issues.map! do |issue|
+          Qualys::Issue.new(issue)
+        end
+      else
+        return []
+      end
+    end
+  end
+end

data/lib/qualys_api/types/host.rb

@@ -0,0 +1,4 @@
+module Qualys
+  class Host < Qualys::Type::Base
+  end
+end

data/lib/qualys_api/types/issue.rb

@@ -0,0 +1,4 @@
+module Qualys
+  class Issue < Qualys::Type::Base
+  end
+end

data/lib/qualys_api/types/knowledge.rb

@@ -0,0 +1,4 @@
+module Qualys
+  class Knowledge < Qualys::Type::Base
+  end
+end

data/lib/qualys_api/types/scan.rb

@@ -0,0 +1,4 @@
+module Qualys
+  class Scan < Qualys::Type::Base
+  end
+end

data/lib/qualys_api/version.rb

@@ -0,0 +1,3 @@
+module Qualys
+  VERSION = "0.1.4"
+end

data/qualys_api.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'qualys_api/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "qualys_api"
+  spec.version       = Qualys::VERSION
+  spec.authors       = ["Stephen Kapp"]
+  spec.email         = ["mort666@virus.org"]
+
+  spec.summary       = %q{Qualys API Wrapper}
+  spec.description   = %q{Qualys API Wrapper, supports scan result download and knowledge base access}
+  spec.homepage      = "https://github.com/mort666/qualys_api"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "faraday"
+  spec.add_dependency "faraday_middleware"
+  spec.add_dependency "multi_xml"
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "vcr", "~> 3.0"
+  spec.add_development_dependency "webmock", "~> 1.22"
+end

metadata

@@ -0,0 +1,173 @@
+--- !ruby/object:Gem::Specification
+name: qualys_api
+version: !ruby/object:Gem::Version
+  version: 0.1.4
+platform: ruby
+authors:
+- Stephen Kapp
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-09-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: multi_xml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.22'
+description: Qualys API Wrapper, supports scan result download and knowledge base
+  access
+email:
+- mort666@virus.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/qualys_api.rb
+- lib/qualys_api/auth.rb
+- lib/qualys_api/base.rb
+- lib/qualys_api/knowledge.rb
+- lib/qualys_api/scan.rb
+- lib/qualys_api/types/host.rb
+- lib/qualys_api/types/issue.rb
+- lib/qualys_api/types/knowledge.rb
+- lib/qualys_api/types/scan.rb
+- lib/qualys_api/version.rb
+- qualys_api.gemspec
+homepage: https://github.com/mort666/qualys_api
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.12
+signing_key: 
+specification_version: 4
+summary: Qualys API Wrapper
+test_files: []