sonar-client 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 46f4c95ec260a3eb4b212c2f85c4bee5893dc461
-  data.tar.gz: 4a574ae9f388f0db79f28e80e9dc69b9c97de3eb
+  metadata.gz: 4dc46841e0ddf4f091d927804c15b77b5ad95d33
+  data.tar.gz: 50cfb040770c7b69ef437e09edc48adf1d08fa81
 SHA512:
-  metadata.gz: 8056aa52de648957853d67ad2ebcdb8168e4ee586dc8dfe0bdab2e6ef9d638f6caac2ae142c4eceffd9c598f0e17e402179bfad8a71df5d700b94dbce477b852
-  data.tar.gz: 66db84c021545e129f001839cb8de8e56b221175bbbb202df443d8f35e92ee5dd344c34dbb5ec034599abededc92f805a9d4cdea2b979d9c28a3a180aca684c0
+  metadata.gz: 27c4336fe464f3f988df579531b2795318a12b08055b8fa049cd32104a3a7d1de577480fcc3c96c93cb1739d223ff24f28ee7e7599b052393d9e98996424cffb
+  data.tar.gz: 4f237e0a682fdaf8e90a9c8f63c630a4e4da90e0566550f0f1ff5659edcb99fc10be33c50f8a112d7c03ecde8ccb93230cfc93e8e0053c04e4cd5438ddeb2ca5

data/.travis.yml

@@ -2,14 +2,17 @@ language: ruby
 sudo: false
 cache: bundler
 rvm:
-  - 2.1.5
-  - jruby
+  - 2.2.2
+  - jruby-9.1.5.0
 before_install:
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
   - rake --version
 before_script:
   - bundle exec rake --version
 script: bundle exec rspec
+notifications:
+  email:
+    - r7_labs@rapid7.com
 #
 # Environment variables should be set in Travis repository settings per
 # https://docs.travis-ci.com/user/environment-variables/#Defining-Variables-in-Repository-Settings

data/lib/sonar/cli/cli.rb

@@ -2,11 +2,15 @@
 
 require 'thor'
 require 'sonar/cli/rcfile'
+require 'sonar/search'
 require 'awesome_print'
+require 'table_print'
+
+include Sonar::Search
 
 module Sonar
   class CLI < Thor
-    class_option 'format', type: :string, desc: 'Flat JSON, JSON lines, or pretty printed [flat/lines/pretty]'
+    class_option 'format', type: :string, desc: 'Flat JSON (include empty collections), JSON lines of collection data (default), or pretty printed [flat/lines/pretty]'
 
     def initialize(*)
       @config = Sonar::RCFile.instance.load_file
@@ -24,34 +28,34 @@ module Sonar
       ap @client.usage
     end
 
-    desc 'search [QUERY TYPE] [QUERY TERM]', 'Search anything from Sonars'
+    desc 'search [QUERY TYPE] [QUERY TERM]', 'Search any query type from Sonar or specify \'all\' as QUERY TYPE to search them all.'
     method_option 'record_limit', type: :numeric, aliases: '-n', desc: 'Maximum number of records to fetch'
     method_option 'exact', type: :boolean, aliases: '-e', desc: 'Search for the query string exactly, do not include partial string matches'
-
     def search(type, term)
-      @query = {}
-      @query[type.to_sym] = term
-      @query[:limit] = options['record_limit']
-      @query[:exact] = options['exact']
-      resp = @client.search(@query)
-
-      errors = 0
-      if resp.is_a?(Sonar::Request::RequestIterator)
-        resp.each do |data|
-          errors += 1 if data.key?('errors') || data.key?('error')
-          print_json(cleanup_data(data), options['format'])
+      types = [type]
+
+      if type == 'all'
+        if term =~ IS_IP
+          types = ip_search_type_names
+        else
+          types = domain_search_type_names
         end
-      else
-        errors += 1 if resp.key?('errors') || resp.key?('error')
-        print_json(cleanup_data(resp), options['format'])
       end
 
-      raise Search::SearchError.new("Encountered #{errors} errors while searching") if errors > 0
+      types.each do |type|
+        @query = {}
+        @query[type.to_sym] = term
+        @query[:limit] = options['record_limit']
+        @query[:exact] = options['exact']
+        resp = @client.search(@query)
+        handle_search_response(resp)
+      end
     end
 
     desc 'types', 'List all Sonar query types'
     def types
-      ap Search::QUERY_TYPES_MAP
+      tp.set :io, $stdout
+      tp QUERY_TYPES, :name, { description: { width: 100 } }, :input
     end
 
     desc 'config', 'Sonar config file location'

data/lib/sonar/search.rb

@@ -2,21 +2,25 @@
 
 module Sonar
   module Search
+
+    # Allow IP queries to be in the form of "1.", "1.2.", "1.2.3.", and "1.2.3.4"
+    IS_IP = /^(\d{1,3}\.|\d{1,3}\.\d{1,3}\.|\d{1,3}\.\d{1,3}\.\d{1,3}\.|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/
+
     # Implemented search query types
-    QUERY_TYPES_MAP = {
-      'certificate' => 'Certificate lookup',
-      'certips'     => 'Certificate to IPs',
-      'rdns'        => 'IP to Reverse DNS Lookup or DNS Lookup to IP',
-      'fdns'        => 'Domains to IP or IPs to Domain',
-      'ipcerts'     => 'IP to Certificates',
-      'namecerts'   => 'Domain to Certificates',
-      'links_to'    => 'HTTP References to Domain',
-      'ports'       => 'Open Ports',
-      'processed'   => 'Open Ports (Processed)',
-      'raw'         => 'Open Ports (Raw)',
-      'sslcert'     => 'Certificate Details',
-      'whois_ip'    => 'Whois (IP)'
-    }
+    QUERY_TYPES = [
+      { name: 'certificate', description: 'Certificate lookup', input: 'sha' },
+      { name: 'certips', description: 'Certificate to IPs', input: 'sha' },
+      { name: 'rdns', description: 'IP to Reverse DNS Lookup or DNS Lookup to IP', input: 'ip' },
+      { name: 'fdns', description: 'Domains to IP or IPs to Domain', input: 'domain' },
+      { name: 'ipcerts', description: 'IP to Certificates', input: 'ip' },
+      { name: 'namecerts', description: 'Domain to Certificates', input: 'domain' },
+      { name: 'links_to', description: 'HTTP References to Domain', input: 'domain' },
+      { name: 'ports', description: 'Open Ports', input: 'ip' },
+      { name: 'processed', description: 'Open Ports (Processed)', input: 'ip' },
+      { name: 'raw', description: 'Open Ports (Raw)', input: 'ip' },
+      { name: 'sslcert', description: 'Certificate Details', input: 'sha' },
+      { name: 'all', description: 'Search all appropriate search types for an IP or domain', input: 'all' }
+    ]
 
     ##
     # Generic exception for errors encountered while searching
@@ -24,6 +28,41 @@ module Sonar
     class SearchError < StandardError
     end
 
+    def ip_search_type_names
+      ip_search_types.map { |type| type[:name] }
+    end
+
+    def domain_search_type_names
+      domain_search_types.map { |type| type[:name] }
+    end
+
+    def ip_search_types
+      QUERY_TYPES.select { |type| type[:input] == 'ip' }
+    end
+
+    def domain_search_types
+      QUERY_TYPES.select { |type| type[:input] == 'domain' }
+    end
+
+    def query_type_names
+      QUERY_TYPES.map { |type| type[:name] }
+    end
+
+    def handle_search_response(resp)
+      errors = 0
+      if resp.is_a?(Sonar::Request::RequestIterator)
+        resp.each do |data|
+          errors += 1 if data.key?('errors') || data.key?('error')
+          print_json(cleanup_data(data), options['format'])
+        end
+      else
+        errors += 1 if resp.key?('errors') || resp.key?('error')
+        print_json(cleanup_data(resp), options['format'])
+      end
+
+      raise Search::SearchError.new("Encountered #{errors} errors while searching") if errors > 0
+    end
+
     ##
     # Get search
     #
@@ -32,7 +71,7 @@ module Sonar
     #
     # @return [Hashie::Mash] with response of search
     def search(params = {})
-      type_query = params.select { |k, _v| QUERY_TYPES_MAP.keys.include?(k.to_s) }.first
+      type_query = params.select { |k, _v| query_type_names.include?(k.to_s) }.first
       fail ArgumentError, "The query type provided is invalid or not yet implemented." unless type_query
       type = type_query[0].to_sym
       params[:q] = type_query[1]

data/lib/sonar/version.rb

@@ -1,3 +1,3 @@
 module Sonar
-  VERSION = "0.1.3"
+  VERSION = "0.1.4"
 end

data/sonar-client.gemspec

@@ -23,6 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'multi_json'
   spec.add_dependency 'thor'
   spec.add_dependency 'awesome_print'
+  spec.add_dependency 'table_print'
 
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake"

data/spec/sonar/cli_spec.rb

@@ -82,6 +82,29 @@ describe Sonar::CLI do
         end
       end
     end
+
+    describe 'sonar types command' do
+      it 'returns all sonar search types' do
+        output = run_command('types')
+        expect(output).to match(/Certificate to IPs/)
+      end
+    end
+
+    describe 'search all command' do
+      before do
+        allow_any_instance_of(Sonar::Client).to receive(:search).and_return(
+          Sonar::Client.new.search(fdns: '208.118.227.20', exact: true)
+        )
+      end
+      it 'returns results when searching for an IP' do
+        output = run_command('search all 208.118.227.20')
+        expect(output).to match(/rapid7\.com/)
+      end
+      it 'returns results when searching for a domain' do
+        output = run_command('search all rapid7.com')
+        expect(output).to match(/208\.118\.227\.20/)
+      end
+    end
   end
 
   def run_command(args)

data/spec/sonar/search_spec.rb

@@ -4,6 +4,24 @@ require 'spec_helper'
 describe Sonar::Search do
   let(:client) { Sonar::Client.new }
 
+  describe "#ip_search_type_names" do
+    it 'includes rdns' do
+      expect(subject.ip_search_type_names).to include('rdns')
+    end
+    it 'does not include fdns' do
+      expect(subject.ip_search_type_names).to_not include('fdns')
+    end
+  end
+
+  describe "#domain_search_type_names" do
+    it 'includes fdns' do
+      expect(subject.domain_search_type_names).to include('fdns')
+    end
+    it 'does not include rdns' do
+      expect(subject.domain_search_type_names).to_not include('rdns')
+    end
+  end
+
   describe "parameters" do
     describe "query type" do
       context "with an invalid query type" do
@@ -15,12 +33,12 @@ describe Sonar::Search do
 
     describe "exact" do
       it "shouldn't match anything when #exact is true" do
-        resp = client.search(rdns: "1.1.", exact: true)
+        resp = client.search(fdns: ".rapid7.com", exact: true)
         expect(resp["collection"].size).to eq(0)
       end
       it "should match when #exact is false" do
-        resp = client.search(rdns: "1.1.", exact: false)
-        expect(resp["collection"].first["address"]).to match(/^1.1./)
+        resp = client.search(fdns: ".rapid7.com", exact: false)
+        expect(resp["collection"].size).to be > 0 
       end
     end
 
@@ -152,14 +170,6 @@ describe Sonar::Search do
     end
   end
 
-  context "whois_ip" do
-    let(:resp) { client.search(whois_ip: '208.118.227.10') }
-
-    xit "should find rapid7.com" do
-      expect(resp['name']).to eq('TWDX-208-118-227-0-1')
-    end
-  end
-
   # TODO: actually check response
   context "raw" do
     let(:resp) { client.search(raw: '208.118.227.10') }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sonar-client
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
 platform: ruby
 authors:
 - Paul Deardorff & HD Moore
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-22 00:00:00.000000000 Z
+date: 2017-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: table_print
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -296,4 +310,3 @@ test_files:
 - spec/sonar/user_spec.rb
 - spec/sonar_spec.rb
 - spec/spec_helper.rb
-has_rdoc: