RubyGems - ssh_scan_api - Versions diffs - 0.0.1.pre2 → 0.0.1 - Mend

ssh_scan_api 0.0.1.pre2 → 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml +5 -5
data/.gitignore +7 -2
data/.travis.yml +57 -10
data/Gemfile +1 -2
data/README.md +14 -16
data/Rakefile +7 -1
data/bin/ssh_scan_api +2 -12
data/lib/ssh_scan_api.rb +6 -7
data/lib/ssh_scan_api/api.rb +251 -186
data/lib/ssh_scan_api/authenticator.rb +25 -19
data/lib/ssh_scan_api/constants.rb +58 -0
data/lib/ssh_scan_api/models/scan.rb +7 -0
data/lib/ssh_scan_api/target_validator.rb +50 -0
data/lib/ssh_scan_api/version.rb +3 -1
data/ssh_scan_api.gemspec +8 -8
metadata +38 -26
data/lib/ssh_scan_api/database.rb +0 -61
data/lib/ssh_scan_api/database/mongo.rb +0 -67
data/lib/ssh_scan_api/database/sqlite.rb +0 -91
data/lib/ssh_scan_api/job_queue.rb +0 -24
data/lib/ssh_scan_api/stats.rb +0 -52

data/lib/ssh_scan_api/authenticator.rb CHANGED

@@ -1,30 +1,36 @@
 module SSHScan
-  class Authenticator
-    attr_reader :config
+  module Api
+    class Authenticator
+      attr_reader :config
-    def initialize(config)
-      @config = config
-    end
+      def initialize(config = {})
+        @config = config
+      end
-    def self.from_config_file(config_file)
-      opts = YAML.load_file(config_file)
-      SSHScan::Authenticator.new(opts)
-    end
+      def self.from_config_file(config_file)
+        opts = YAML.load_file(config_file)
+        SSHScan::Api::Authenticator.new(opts)
+      end
-    def valid_token?(token)
-      if @config["users"]
-        @config["users"].each do |user|
-          return true if user["token"] == token
+      def valid_token?(token)
+        if @config["users"]
+          @config["users"].each do |user|
+            return true if user["token"] == token
+          end
         end
-      end
-      if @config["workers"]
-        @config["workers"].each do |worker|
-          return true if worker["token"] == token
+        if @config["workers"]
+          @config["workers"].each do |worker|
+            return true if worker["token"] == token
+          end
+        end
+        if ENV['sshscan.worker.token'] == token
+          return true
         end
-      end
-      return false
+        return false
+      end
     end
   end
 end

data/lib/ssh_scan_api/constants.rb ADDED

@@ -0,0 +1,58 @@
+module SSHScan
+  module Api
+    module Constants
+      CONTRIBUTE_JSON = {
+        :name => "ssh_scan api",
+        :description => "An api for performing ssh compliance \
+  and policy scanning",
+        :repository => {
+          :url => "https://github.com/mozilla/ssh_scan",
+          :tests => "https://travis-ci.org/mozilla/ssh_scan",
+        },
+        :participate => {
+          :home => "https://github.com/mozilla/ssh_scan",
+          :docs => "https://github.com/mozilla/ssh_scan",
+          :irc => "irc://irc.mozilla.org/#infosec",
+          :irc_contacts => [
+            "claudijd",
+            "pwnbus",
+            "kang",
+          ],
+          :gitter => "https://gitter.im/mozilla-ssh_scan/Lobby",
+          :gitter_contacts => [
+            "claudijd",
+            "pwnbus",
+            "kang",
+            "jinankjain",
+            "agaurav77"
+          ],
+        },
+        :bugs => {
+          :list => "https://github.com/mozilla/ssh_scan/issues",
+        },
+        :keywords => [
+          "ruby",
+          "sinatra",
+        ],
+        :urls => {
+          :dev => "https://sshscan.rubidus.com",
+        }
+      }.freeze
+      VALID_CHAR_LIST = (("0".."9").to_a + ("a".."z").to_a + ("A".."Z").to_a + [":", ".", "-"]).freeze
+      INVALID_TARGET_REGEXES = [
+        '^127\.', # Forbid IPv4 localhosts
+        '^::1',    # Forbid IPv6 localhosts
+        '^10\.', # Forbid RFC1918
+        '^192\.168', # Forbid RFC1918
+        '^172\.(1[6-9]|2[0-9]|3[0-1])' # Forbid RFC1918
+      ].freeze
+      INVALID_TARGET_STRINGS = [
+        'localhost',               # Forbid localhost ref verbatim
+        'notallowed.example.com',  # an FQDN example, so we know can prevent a FQDN from being scanned for whatever reason
+      ].freeze
+    end
+  end
+end

data/lib/ssh_scan_api/models/scan.rb ADDED

@@ -0,0 +1,7 @@
+require 'sinatra/activerecord'
+class SSHScan::Scan < ActiveRecord::Base
+  validates_presence_of :target
+  validates_presence_of :port
+  validates_presence_of :state
+end

data/lib/ssh_scan_api/target_validator.rb ADDED

@@ -0,0 +1,50 @@
+require 'ssh_scan_api/constants'
+module SSHScan
+  module Api
+    class TargetValidator
+      def initialize(config = {})
+        @invalid_target_regexes = config["invalid_target_regexes"] || SSHScan::Api::Constants::INVALID_TARGET_REGEXES
+        @invalid_target_strings = config["invalid_target_strings"] || SSHScan::Api::Constants::INVALID_TARGET_STRINGS
+        @valid_char_list = config["valid_char_list"] || SSHScan::Api::Constants::VALID_CHAR_LIST
+      end
+      def invalid_char?(target_string)
+        target_string.chars.each do |char|
+          return true unless @valid_char_list.include?(char)
+        end
+        return false
+      end
+      def invalid?(target_string)
+        !valid?(target_string)
+      end
+      def valid?(target_string)
+        return false unless target_string.is_a?(String)
+        return false if target_string.empty?
+        return false if invalid_char?(target_string)
+        if @invalid_target_regexes.is_a?(::Array)
+          @invalid_target_regexes.each do |invalid_regex|
+            if target_string.match(Regexp.new(invalid_regex))
+              return false
+            end
+          end
+        end
+        if @invalid_target_strings.is_a?(::Array)
+          @invalid_target_strings.each do |invalid_string|
+            if target_string.chomp.downcase == invalid_string.chomp.downcase
+              return false
+            end
+          end
+        end
+        return true
+      end
+    end
+  end
+end

data/lib/ssh_scan_api/version.rb CHANGED

@@ -1,3 +1,5 @@
 module SSHScan
-  API_VERSION = '0.0.1.pre2'
+  module Api
+    VERSION = '0.0.1'
+  end
 end

data/ssh_scan_api.gemspec CHANGED

@@ -1,10 +1,9 @@
-$: << "lib"
-require 'ssh_scan_api/version'
+require_relative 'lib/ssh_scan_api/version'
 require 'date'
 Gem::Specification.new do |s|
   s.name = 'ssh_scan_api'
-  s.version = SSHScan::API_VERSION
+  s.version = SSHScan::Api::VERSION
   s.authors = ["Harsh Vardhan", "Rishabh Saxena", "Ashish Gaurav", "Jonathan Claudius" ]
   s.date = Date.today.to_s
   s.email = 'jclaudius@mozilla.com'
@@ -26,18 +25,19 @@ Gem::Specification.new do |s|
   s.description = 'An API for performing SSH scans'
   s.homepage = 'http://rubygems.org/gems/ssh_scan_api'
-  s.add_dependency('ssh_scan', '0.0.17.pre')
-  s.add_dependency('mongo')
-  s.add_dependency('sqlite3')
+  s.add_dependency('ssh_scan', '0.0.35')
   s.add_dependency('sinatra')
   s.add_dependency('sinatra-contrib')
+  s.add_dependency('sinatra-activerecord')
+  s.add_dependency('pg', '~> 0.21')
   s.add_dependency('thin')
   s.add_dependency('haml')
-  s.add_dependency('secure_headers')
+  s.add_dependency('secure_headers', '3.6.4')
   s.add_development_dependency('rack-test')
+  s.add_development_dependency('coveralls')
   s.add_development_dependency('pry')
   s.add_development_dependency('rspec', '~> 3.0')
   s.add_development_dependency('rspec-its', '~> 1.2')
-  s.add_development_dependency('rake', '~> 10.3')
+  s.add_development_dependency('rake')
   s.add_development_dependency('rubocop')
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ssh_scan_api
 version: !ruby/object:Gem::Version
-  version: 0.0.1.pre2
+  version: 0.0.1
 platform: ruby
 authors:
 - Harsh Vardhan
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-03-02 00:00:00.000000000 Z
+date: 2018-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ssh_scan
@@ -19,16 +19,16 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.17.pre
+        version: 0.0.35
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.17.pre
+        version: 0.0.35
 - !ruby/object:Gem::Dependency
-  name: mongo
+  name: sinatra
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -42,7 +42,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: sinatra-contrib
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -56,7 +56,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sinatra
+  name: sinatra-activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -70,19 +70,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sinatra-contrib
+  name: pg
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.21'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.21'
 - !ruby/object:Gem::Dependency
   name: thin
   requirement: !ruby/object:Gem::Requirement
@@ -113,12 +113,26 @@ dependencies:
         version: '0'
 - !ruby/object:Gem::Dependency
   name: secure_headers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.6.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.6.4
+- !ruby/object:Gem::Dependency
+  name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -126,7 +140,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rack-test
+  name: coveralls
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -185,16 +199,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.3'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.3'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
@@ -227,11 +241,9 @@ files:
 - lib/ssh_scan_api.rb
 - lib/ssh_scan_api/api.rb
 - lib/ssh_scan_api/authenticator.rb
-- lib/ssh_scan_api/database.rb
-- lib/ssh_scan_api/database/mongo.rb
-- lib/ssh_scan_api/database/sqlite.rb
-- lib/ssh_scan_api/job_queue.rb
-- lib/ssh_scan_api/stats.rb
+- lib/ssh_scan_api/constants.rb
+- lib/ssh_scan_api/models/scan.rb
+- lib/ssh_scan_api/target_validator.rb
 - lib/ssh_scan_api/version.rb
 - ssh_scan_api.gemspec
 homepage: http://rubygems.org/gems/ssh_scan_api
@@ -249,12 +261,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.2
+rubygems_version: 2.6.13
 signing_key:
 specification_version: 4
 summary: ssh_scan API

data/lib/ssh_scan_api/database.rb DELETED

@@ -1,61 +0,0 @@
-require 'ssh_scan_api/database/mongo'
-require 'ssh_scan_api/database/sqlite'
-module SSHScan
-  class Database
-    attr_reader :database
-    # @param [SSHScan::Database::MongoDb, SSHScan::Database::SQLite] database
-    def initialize(database)
-      @database = database
-    end
-    # @param [Hash] opts
-    # @return [SSHScan::Database]
-    def self.from_hash(opts)
-      database_options = opts["database"]
-      # Figure out what database object to load
-      case database_options["type"]
-      when "sqlite"
-        database = SSHScan::DB::SQLite.from_hash(database_options)
-      when "mongodb"
-        database = SSHScan::DB::MongoDb.from_hash(database_options)
-      else
-        raise "Database type of #{database_options[:type].class} not supported"
-      end
-      SSHScan::Database.new(database)
-    end
-    # @param [String] worker_id
-    # @param [String] uuid
-    # @param [Hash] result
-    # @return [Nil]
-    def add_scan(worker_id, uuid, result, socket)
-      @database.add_scan(worker_id, uuid, result, socket)
-      return nil
-    end
-    # @param [String] uuid
-    # @return [Nil]
-    def delete_scan(uuid)
-      @database.delete_scan(uuid)
-    end
-    # @return [Nil]
-    def delete_all
-      @database.delete_all
-    end
-    # @return [Hash] result
-    def find_scan_result(uuid)
-      @database.find_scan_result(uuid)
-    end
-    # @return [Hash] result
-    def fetch_cached_result(socket)
-      @database.fetch_cached_result(socket)
-    end
-  end
-end