ssh_scan_api 0.0.1.pre2 → 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +7 -2
  3. data/.travis.yml +57 -10
  4. data/Gemfile +1 -2
  5. data/README.md +14 -16
  6. data/Rakefile +7 -1
  7. data/bin/ssh_scan_api +2 -12
  8. data/lib/ssh_scan_api.rb +6 -7
  9. data/lib/ssh_scan_api/api.rb +251 -186
  10. data/lib/ssh_scan_api/authenticator.rb +25 -19
  11. data/lib/ssh_scan_api/constants.rb +58 -0
  12. data/lib/ssh_scan_api/models/scan.rb +7 -0
  13. data/lib/ssh_scan_api/target_validator.rb +50 -0
  14. data/lib/ssh_scan_api/version.rb +3 -1
  15. data/ssh_scan_api.gemspec +8 -8
  16. metadata +38 -26
  17. data/lib/ssh_scan_api/database.rb +0 -61
  18. data/lib/ssh_scan_api/database/mongo.rb +0 -67
  19. data/lib/ssh_scan_api/database/sqlite.rb +0 -91
  20. data/lib/ssh_scan_api/job_queue.rb +0 -24
  21. data/lib/ssh_scan_api/stats.rb +0 -52
data/lib/ssh_scan_api/authenticator.rb CHANGED
@@ -1,30 +1,36 @@
1
1
  module SSHScan
2
- class Authenticator
3
- attr_reader :config
2
+ module Api
3
+ class Authenticator
4
+ attr_reader :config
4
5
 
5
- def initialize(config)
6
- @config = config
7
- end
6
+ def initialize(config = {})
7
+ @config = config
8
+ end
8
9
 
9
- def self.from_config_file(config_file)
10
- opts = YAML.load_file(config_file)
11
- SSHScan::Authenticator.new(opts)
12
- end
10
+ def self.from_config_file(config_file)
11
+ opts = YAML.load_file(config_file)
12
+ SSHScan::Api::Authenticator.new(opts)
13
+ end
13
14
 
14
- def valid_token?(token)
15
- if @config["users"]
16
- @config["users"].each do |user|
17
- return true if user["token"] == token
15
+ def valid_token?(token)
16
+ if @config["users"]
17
+ @config["users"].each do |user|
18
+ return true if user["token"] == token
19
+ end
18
20
  end
19
- end
20
21
 
21
- if @config["workers"]
22
- @config["workers"].each do |worker|
23
- return true if worker["token"] == token
22
+ if @config["workers"]
23
+ @config["workers"].each do |worker|
24
+ return true if worker["token"] == token
25
+ end
26
+ end
27
+
28
+ if ENV['sshscan.worker.token'] == token
29
+ return true
24
30
  end
25
- end
26
31
 
27
- return false
32
+ return false
33
+ end
28
34
  end
29
35
  end
30
36
  end
data/lib/ssh_scan_api/constants.rb ADDED
@@ -0,0 +1,58 @@
1
+ module SSHScan
2
+ module Api
3
+ module Constants
4
+ CONTRIBUTE_JSON = {
5
+ :name => "ssh_scan api",
6
+ :description => "An api for performing ssh compliance \
7
+ and policy scanning",
8
+ :repository => {
9
+ :url => "https://github.com/mozilla/ssh_scan",
10
+ :tests => "https://travis-ci.org/mozilla/ssh_scan",
11
+ },
12
+ :participate => {
13
+ :home => "https://github.com/mozilla/ssh_scan",
14
+ :docs => "https://github.com/mozilla/ssh_scan",
15
+ :irc => "irc://irc.mozilla.org/#infosec",
16
+ :irc_contacts => [
17
+ "claudijd",
18
+ "pwnbus",
19
+ "kang",
20
+ ],
21
+ :gitter => "https://gitter.im/mozilla-ssh_scan/Lobby",
22
+ :gitter_contacts => [
23
+ "claudijd",
24
+ "pwnbus",
25
+ "kang",
26
+ "jinankjain",
27
+ "agaurav77"
28
+ ],
29
+ },
30
+ :bugs => {
31
+ :list => "https://github.com/mozilla/ssh_scan/issues",
32
+ },
33
+ :keywords => [
34
+ "ruby",
35
+ "sinatra",
36
+ ],
37
+ :urls => {
38
+ :dev => "https://sshscan.rubidus.com",
39
+ }
40
+ }.freeze
41
+
42
+ VALID_CHAR_LIST = (("0".."9").to_a + ("a".."z").to_a + ("A".."Z").to_a + [":", ".", "-"]).freeze
43
+
44
+ INVALID_TARGET_REGEXES = [
45
+ '^127\.', # Forbid IPv4 localhosts
46
+ '^::1', # Forbid IPv6 localhosts
47
+ '^10\.', # Forbid RFC1918
48
+ '^192\.168', # Forbid RFC1918
49
+ '^172\.(1[6-9]|2[0-9]|3[0-1])' # Forbid RFC1918
50
+ ].freeze
51
+
52
+ INVALID_TARGET_STRINGS = [
53
+ 'localhost', # Forbid localhost ref verbatim
54
+ 'notallowed.example.com', # an FQDN example, so we know can prevent a FQDN from being scanned for whatever reason
55
+ ].freeze
56
+ end
57
+ end
58
+ end
data/lib/ssh_scan_api/models/scan.rb ADDED
@@ -0,0 +1,7 @@
1
+ require 'sinatra/activerecord'
2
+
3
+ class SSHScan::Scan < ActiveRecord::Base
4
+ validates_presence_of :target
5
+ validates_presence_of :port
6
+ validates_presence_of :state
7
+ end
data/lib/ssh_scan_api/target_validator.rb ADDED
@@ -0,0 +1,50 @@
1
+ require 'ssh_scan_api/constants'
2
+
3
+
4
+ module SSHScan
5
+ module Api
6
+ class TargetValidator
7
+ def initialize(config = {})
8
+ @invalid_target_regexes = config["invalid_target_regexes"] || SSHScan::Api::Constants::INVALID_TARGET_REGEXES
9
+ @invalid_target_strings = config["invalid_target_strings"] || SSHScan::Api::Constants::INVALID_TARGET_STRINGS
10
+ @valid_char_list = config["valid_char_list"] || SSHScan::Api::Constants::VALID_CHAR_LIST
11
+ end
12
+
13
+ def invalid_char?(target_string)
14
+ target_string.chars.each do |char|
15
+ return true unless @valid_char_list.include?(char)
16
+ end
17
+
18
+ return false
19
+ end
20
+
21
+ def invalid?(target_string)
22
+ !valid?(target_string)
23
+ end
24
+
25
+ def valid?(target_string)
26
+ return false unless target_string.is_a?(String)
27
+ return false if target_string.empty?
28
+ return false if invalid_char?(target_string)
29
+
30
+ if @invalid_target_regexes.is_a?(::Array)
31
+ @invalid_target_regexes.each do |invalid_regex|
32
+ if target_string.match(Regexp.new(invalid_regex))
33
+ return false
34
+ end
35
+ end
36
+ end
37
+
38
+ if @invalid_target_strings.is_a?(::Array)
39
+ @invalid_target_strings.each do |invalid_string|
40
+ if target_string.chomp.downcase == invalid_string.chomp.downcase
41
+ return false
42
+ end
43
+ end
44
+ end
45
+
46
+ return true
47
+ end
48
+ end
49
+ end
50
+ end
data/lib/ssh_scan_api/version.rb CHANGED
@@ -1,3 +1,5 @@
1
1
  module SSHScan
2
- API_VERSION = '0.0.1.pre2'
2
+ module Api
3
+ VERSION = '0.0.1'
4
+ end
3
5
  end
data/ssh_scan_api.gemspec CHANGED
@@ -1,10 +1,9 @@
1
- $: << "lib"
2
- require 'ssh_scan_api/version'
1
+ require_relative 'lib/ssh_scan_api/version'
3
2
  require 'date'
4
3
 
5
4
  Gem::Specification.new do |s|
6
5
  s.name = 'ssh_scan_api'
7
- s.version = SSHScan::API_VERSION
6
+ s.version = SSHScan::Api::VERSION
8
7
  s.authors = ["Harsh Vardhan", "Rishabh Saxena", "Ashish Gaurav", "Jonathan Claudius" ]
9
8
  s.date = Date.today.to_s
10
9
  s.email = 'jclaudius@mozilla.com'
@@ -26,18 +25,19 @@ Gem::Specification.new do |s|
26
25
  s.description = 'An API for performing SSH scans'
27
26
  s.homepage = 'http://rubygems.org/gems/ssh_scan_api'
28
27
 
29
- s.add_dependency('ssh_scan', '0.0.17.pre')
30
- s.add_dependency('mongo')
31
- s.add_dependency('sqlite3')
28
+ s.add_dependency('ssh_scan', '0.0.35')
32
29
  s.add_dependency('sinatra')
33
30
  s.add_dependency('sinatra-contrib')
31
+ s.add_dependency('sinatra-activerecord')
32
+ s.add_dependency('pg', '~> 0.21')
34
33
  s.add_dependency('thin')
35
34
  s.add_dependency('haml')
36
- s.add_dependency('secure_headers')
35
+ s.add_dependency('secure_headers', '3.6.4')
37
36
  s.add_development_dependency('rack-test')
37
+ s.add_development_dependency('coveralls')
38
38
  s.add_development_dependency('pry')
39
39
  s.add_development_dependency('rspec', '~> 3.0')
40
40
  s.add_development_dependency('rspec-its', '~> 1.2')
41
- s.add_development_dependency('rake', '~> 10.3')
41
+ s.add_development_dependency('rake')
42
42
  s.add_development_dependency('rubocop')
43
43
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ssh_scan_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1.pre2
4
+ version: 0.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Harsh Vardhan
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2017-03-02 00:00:00.000000000 Z
14
+ date: 2018-06-26 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: ssh_scan
@@ -19,16 +19,16 @@ dependencies:
19
19
  requirements:
20
20
  - - '='
21
21
  - !ruby/object:Gem::Version
22
- version: 0.0.17.pre
22
+ version: 0.0.35
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
26
26
  requirements:
27
27
  - - '='
28
28
  - !ruby/object:Gem::Version
29
- version: 0.0.17.pre
29
+ version: 0.0.35
30
30
  - !ruby/object:Gem::Dependency
31
- name: mongo
31
+ name: sinatra
32
32
  requirement: !ruby/object:Gem::Requirement
33
33
  requirements:
34
34
  - - ">="
@@ -42,7 +42,7 @@ dependencies:
42
42
  - !ruby/object:Gem::Version
43
43
  version: '0'
44
44
  - !ruby/object:Gem::Dependency
45
- name: sqlite3
45
+ name: sinatra-contrib
46
46
  requirement: !ruby/object:Gem::Requirement
47
47
  requirements:
48
48
  - - ">="
@@ -56,7 +56,7 @@ dependencies:
56
56
  - !ruby/object:Gem::Version
57
57
  version: '0'
58
58
  - !ruby/object:Gem::Dependency
59
- name: sinatra
59
+ name: sinatra-activerecord
60
60
  requirement: !ruby/object:Gem::Requirement
61
61
  requirements:
62
62
  - - ">="
@@ -70,19 +70,19 @@ dependencies:
70
70
  - !ruby/object:Gem::Version
71
71
  version: '0'
72
72
  - !ruby/object:Gem::Dependency
73
- name: sinatra-contrib
73
+ name: pg
74
74
  requirement: !ruby/object:Gem::Requirement
75
75
  requirements:
76
- - - ">="
76
+ - - "~>"
77
77
  - !ruby/object:Gem::Version
78
- version: '0'
78
+ version: '0.21'
79
79
  type: :runtime
80
80
  prerelease: false
81
81
  version_requirements: !ruby/object:Gem::Requirement
82
82
  requirements:
83
- - - ">="
83
+ - - "~>"
84
84
  - !ruby/object:Gem::Version
85
- version: '0'
85
+ version: '0.21'
86
86
  - !ruby/object:Gem::Dependency
87
87
  name: thin
88
88
  requirement: !ruby/object:Gem::Requirement
@@ -113,12 +113,26 @@ dependencies:
113
113
  version: '0'
114
114
  - !ruby/object:Gem::Dependency
115
115
  name: secure_headers
116
+ requirement: !ruby/object:Gem::Requirement
117
+ requirements:
118
+ - - '='
119
+ - !ruby/object:Gem::Version
120
+ version: 3.6.4
121
+ type: :runtime
122
+ prerelease: false
123
+ version_requirements: !ruby/object:Gem::Requirement
124
+ requirements:
125
+ - - '='
126
+ - !ruby/object:Gem::Version
127
+ version: 3.6.4
128
+ - !ruby/object:Gem::Dependency
129
+ name: rack-test
116
130
  requirement: !ruby/object:Gem::Requirement
117
131
  requirements:
118
132
  - - ">="
119
133
  - !ruby/object:Gem::Version
120
134
  version: '0'
121
- type: :runtime
135
+ type: :development
122
136
  prerelease: false
123
137
  version_requirements: !ruby/object:Gem::Requirement
124
138
  requirements:
@@ -126,7 +140,7 @@ dependencies:
126
140
  - !ruby/object:Gem::Version
127
141
  version: '0'
128
142
  - !ruby/object:Gem::Dependency
129
- name: rack-test
143
+ name: coveralls
130
144
  requirement: !ruby/object:Gem::Requirement
131
145
  requirements:
132
146
  - - ">="
@@ -185,16 +199,16 @@ dependencies:
185
199
  name: rake
186
200
  requirement: !ruby/object:Gem::Requirement
187
201
  requirements:
188
- - - "~>"
202
+ - - ">="
189
203
  - !ruby/object:Gem::Version
190
- version: '10.3'
204
+ version: '0'
191
205
  type: :development
192
206
  prerelease: false
193
207
  version_requirements: !ruby/object:Gem::Requirement
194
208
  requirements:
195
- - - "~>"
209
+ - - ">="
196
210
  - !ruby/object:Gem::Version
197
- version: '10.3'
211
+ version: '0'
198
212
  - !ruby/object:Gem::Dependency
199
213
  name: rubocop
200
214
  requirement: !ruby/object:Gem::Requirement
@@ -227,11 +241,9 @@ files:
227
241
  - lib/ssh_scan_api.rb
228
242
  - lib/ssh_scan_api/api.rb
229
243
  - lib/ssh_scan_api/authenticator.rb
230
- - lib/ssh_scan_api/database.rb
231
- - lib/ssh_scan_api/database/mongo.rb
232
- - lib/ssh_scan_api/database/sqlite.rb
233
- - lib/ssh_scan_api/job_queue.rb
234
- - lib/ssh_scan_api/stats.rb
244
+ - lib/ssh_scan_api/constants.rb
245
+ - lib/ssh_scan_api/models/scan.rb
246
+ - lib/ssh_scan_api/target_validator.rb
235
247
  - lib/ssh_scan_api/version.rb
236
248
  - ssh_scan_api.gemspec
237
249
  homepage: http://rubygems.org/gems/ssh_scan_api
@@ -249,12 +261,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
249
261
  version: '0'
250
262
  required_rubygems_version: !ruby/object:Gem::Requirement
251
263
  requirements:
252
- - - ">"
264
+ - - ">="
253
265
  - !ruby/object:Gem::Version
254
- version: 1.3.1
266
+ version: '0'
255
267
  requirements: []
256
268
  rubyforge_project:
257
- rubygems_version: 2.6.2
269
+ rubygems_version: 2.6.13
258
270
  signing_key:
259
271
  specification_version: 4
260
272
  summary: ssh_scan API
data/lib/ssh_scan_api/database.rb DELETED
@@ -1,61 +0,0 @@
1
- require 'ssh_scan_api/database/mongo'
2
- require 'ssh_scan_api/database/sqlite'
3
-
4
- module SSHScan
5
- class Database
6
- attr_reader :database
7
-
8
- # @param [SSHScan::Database::MongoDb, SSHScan::Database::SQLite] database
9
- def initialize(database)
10
- @database = database
11
- end
12
-
13
- # @param [Hash] opts
14
- # @return [SSHScan::Database]
15
- def self.from_hash(opts)
16
- database_options = opts["database"]
17
-
18
- # Figure out what database object to load
19
- case database_options["type"]
20
- when "sqlite"
21
- database = SSHScan::DB::SQLite.from_hash(database_options)
22
- when "mongodb"
23
- database = SSHScan::DB::MongoDb.from_hash(database_options)
24
- else
25
- raise "Database type of #{database_options[:type].class} not supported"
26
- end
27
-
28
- SSHScan::Database.new(database)
29
- end
30
-
31
- # @param [String] worker_id
32
- # @param [String] uuid
33
- # @param [Hash] result
34
- # @return [Nil]
35
- def add_scan(worker_id, uuid, result, socket)
36
- @database.add_scan(worker_id, uuid, result, socket)
37
- return nil
38
- end
39
-
40
- # @param [String] uuid
41
- # @return [Nil]
42
- def delete_scan(uuid)
43
- @database.delete_scan(uuid)
44
- end
45
-
46
- # @return [Nil]
47
- def delete_all
48
- @database.delete_all
49
- end
50
-
51
- # @return [Hash] result
52
- def find_scan_result(uuid)
53
- @database.find_scan_result(uuid)
54
- end
55
-
56
- # @return [Hash] result
57
- def fetch_cached_result(socket)
58
- @database.fetch_cached_result(socket)
59
- end
60
- end
61
- end