ssh_scan_api 0.0.1.pre2 → 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +7 -2
- data/.travis.yml +57 -10
- data/Gemfile +1 -2
- data/README.md +14 -16
- data/Rakefile +7 -1
- data/bin/ssh_scan_api +2 -12
- data/lib/ssh_scan_api.rb +6 -7
- data/lib/ssh_scan_api/api.rb +251 -186
- data/lib/ssh_scan_api/authenticator.rb +25 -19
- data/lib/ssh_scan_api/constants.rb +58 -0
- data/lib/ssh_scan_api/models/scan.rb +7 -0
- data/lib/ssh_scan_api/target_validator.rb +50 -0
- data/lib/ssh_scan_api/version.rb +3 -1
- data/ssh_scan_api.gemspec +8 -8
- metadata +38 -26
- data/lib/ssh_scan_api/database.rb +0 -61
- data/lib/ssh_scan_api/database/mongo.rb +0 -67
- data/lib/ssh_scan_api/database/sqlite.rb +0 -91
- data/lib/ssh_scan_api/job_queue.rb +0 -24
- data/lib/ssh_scan_api/stats.rb +0 -52
@@ -1,30 +1,36 @@
|
|
1
1
|
module SSHScan
|
2
|
-
|
3
|
-
|
2
|
+
module Api
|
3
|
+
class Authenticator
|
4
|
+
attr_reader :config
|
4
5
|
|
5
|
-
|
6
|
-
|
7
|
-
|
6
|
+
def initialize(config = {})
|
7
|
+
@config = config
|
8
|
+
end
|
8
9
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
10
|
+
def self.from_config_file(config_file)
|
11
|
+
opts = YAML.load_file(config_file)
|
12
|
+
SSHScan::Api::Authenticator.new(opts)
|
13
|
+
end
|
13
14
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
15
|
+
def valid_token?(token)
|
16
|
+
if @config["users"]
|
17
|
+
@config["users"].each do |user|
|
18
|
+
return true if user["token"] == token
|
19
|
+
end
|
18
20
|
end
|
19
|
-
end
|
20
21
|
|
21
|
-
|
22
|
-
|
23
|
-
|
22
|
+
if @config["workers"]
|
23
|
+
@config["workers"].each do |worker|
|
24
|
+
return true if worker["token"] == token
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
if ENV['sshscan.worker.token'] == token
|
29
|
+
return true
|
24
30
|
end
|
25
|
-
end
|
26
31
|
|
27
|
-
|
32
|
+
return false
|
33
|
+
end
|
28
34
|
end
|
29
35
|
end
|
30
36
|
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
module SSHScan
|
2
|
+
module Api
|
3
|
+
module Constants
|
4
|
+
CONTRIBUTE_JSON = {
|
5
|
+
:name => "ssh_scan api",
|
6
|
+
:description => "An api for performing ssh compliance \
|
7
|
+
and policy scanning",
|
8
|
+
:repository => {
|
9
|
+
:url => "https://github.com/mozilla/ssh_scan",
|
10
|
+
:tests => "https://travis-ci.org/mozilla/ssh_scan",
|
11
|
+
},
|
12
|
+
:participate => {
|
13
|
+
:home => "https://github.com/mozilla/ssh_scan",
|
14
|
+
:docs => "https://github.com/mozilla/ssh_scan",
|
15
|
+
:irc => "irc://irc.mozilla.org/#infosec",
|
16
|
+
:irc_contacts => [
|
17
|
+
"claudijd",
|
18
|
+
"pwnbus",
|
19
|
+
"kang",
|
20
|
+
],
|
21
|
+
:gitter => "https://gitter.im/mozilla-ssh_scan/Lobby",
|
22
|
+
:gitter_contacts => [
|
23
|
+
"claudijd",
|
24
|
+
"pwnbus",
|
25
|
+
"kang",
|
26
|
+
"jinankjain",
|
27
|
+
"agaurav77"
|
28
|
+
],
|
29
|
+
},
|
30
|
+
:bugs => {
|
31
|
+
:list => "https://github.com/mozilla/ssh_scan/issues",
|
32
|
+
},
|
33
|
+
:keywords => [
|
34
|
+
"ruby",
|
35
|
+
"sinatra",
|
36
|
+
],
|
37
|
+
:urls => {
|
38
|
+
:dev => "https://sshscan.rubidus.com",
|
39
|
+
}
|
40
|
+
}.freeze
|
41
|
+
|
42
|
+
VALID_CHAR_LIST = (("0".."9").to_a + ("a".."z").to_a + ("A".."Z").to_a + [":", ".", "-"]).freeze
|
43
|
+
|
44
|
+
INVALID_TARGET_REGEXES = [
|
45
|
+
'^127\.', # Forbid IPv4 localhosts
|
46
|
+
'^::1', # Forbid IPv6 localhosts
|
47
|
+
'^10\.', # Forbid RFC1918
|
48
|
+
'^192\.168', # Forbid RFC1918
|
49
|
+
'^172\.(1[6-9]|2[0-9]|3[0-1])' # Forbid RFC1918
|
50
|
+
].freeze
|
51
|
+
|
52
|
+
INVALID_TARGET_STRINGS = [
|
53
|
+
'localhost', # Forbid localhost ref verbatim
|
54
|
+
'notallowed.example.com', # an FQDN example, so we know can prevent a FQDN from being scanned for whatever reason
|
55
|
+
].freeze
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
require 'ssh_scan_api/constants'
|
2
|
+
|
3
|
+
|
4
|
+
module SSHScan
|
5
|
+
module Api
|
6
|
+
class TargetValidator
|
7
|
+
def initialize(config = {})
|
8
|
+
@invalid_target_regexes = config["invalid_target_regexes"] || SSHScan::Api::Constants::INVALID_TARGET_REGEXES
|
9
|
+
@invalid_target_strings = config["invalid_target_strings"] || SSHScan::Api::Constants::INVALID_TARGET_STRINGS
|
10
|
+
@valid_char_list = config["valid_char_list"] || SSHScan::Api::Constants::VALID_CHAR_LIST
|
11
|
+
end
|
12
|
+
|
13
|
+
def invalid_char?(target_string)
|
14
|
+
target_string.chars.each do |char|
|
15
|
+
return true unless @valid_char_list.include?(char)
|
16
|
+
end
|
17
|
+
|
18
|
+
return false
|
19
|
+
end
|
20
|
+
|
21
|
+
def invalid?(target_string)
|
22
|
+
!valid?(target_string)
|
23
|
+
end
|
24
|
+
|
25
|
+
def valid?(target_string)
|
26
|
+
return false unless target_string.is_a?(String)
|
27
|
+
return false if target_string.empty?
|
28
|
+
return false if invalid_char?(target_string)
|
29
|
+
|
30
|
+
if @invalid_target_regexes.is_a?(::Array)
|
31
|
+
@invalid_target_regexes.each do |invalid_regex|
|
32
|
+
if target_string.match(Regexp.new(invalid_regex))
|
33
|
+
return false
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
if @invalid_target_strings.is_a?(::Array)
|
39
|
+
@invalid_target_strings.each do |invalid_string|
|
40
|
+
if target_string.chomp.downcase == invalid_string.chomp.downcase
|
41
|
+
return false
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
return true
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
data/lib/ssh_scan_api/version.rb
CHANGED
data/ssh_scan_api.gemspec
CHANGED
@@ -1,10 +1,9 @@
|
|
1
|
-
|
2
|
-
require 'ssh_scan_api/version'
|
1
|
+
require_relative 'lib/ssh_scan_api/version'
|
3
2
|
require 'date'
|
4
3
|
|
5
4
|
Gem::Specification.new do |s|
|
6
5
|
s.name = 'ssh_scan_api'
|
7
|
-
s.version = SSHScan::
|
6
|
+
s.version = SSHScan::Api::VERSION
|
8
7
|
s.authors = ["Harsh Vardhan", "Rishabh Saxena", "Ashish Gaurav", "Jonathan Claudius" ]
|
9
8
|
s.date = Date.today.to_s
|
10
9
|
s.email = 'jclaudius@mozilla.com'
|
@@ -26,18 +25,19 @@ Gem::Specification.new do |s|
|
|
26
25
|
s.description = 'An API for performing SSH scans'
|
27
26
|
s.homepage = 'http://rubygems.org/gems/ssh_scan_api'
|
28
27
|
|
29
|
-
s.add_dependency('ssh_scan', '0.0.
|
30
|
-
s.add_dependency('mongo')
|
31
|
-
s.add_dependency('sqlite3')
|
28
|
+
s.add_dependency('ssh_scan', '0.0.35')
|
32
29
|
s.add_dependency('sinatra')
|
33
30
|
s.add_dependency('sinatra-contrib')
|
31
|
+
s.add_dependency('sinatra-activerecord')
|
32
|
+
s.add_dependency('pg', '~> 0.21')
|
34
33
|
s.add_dependency('thin')
|
35
34
|
s.add_dependency('haml')
|
36
|
-
s.add_dependency('secure_headers')
|
35
|
+
s.add_dependency('secure_headers', '3.6.4')
|
37
36
|
s.add_development_dependency('rack-test')
|
37
|
+
s.add_development_dependency('coveralls')
|
38
38
|
s.add_development_dependency('pry')
|
39
39
|
s.add_development_dependency('rspec', '~> 3.0')
|
40
40
|
s.add_development_dependency('rspec-its', '~> 1.2')
|
41
|
-
s.add_development_dependency('rake'
|
41
|
+
s.add_development_dependency('rake')
|
42
42
|
s.add_development_dependency('rubocop')
|
43
43
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ssh_scan_api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.1
|
4
|
+
version: 0.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Harsh Vardhan
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2018-06-26 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: ssh_scan
|
@@ -19,16 +19,16 @@ dependencies:
|
|
19
19
|
requirements:
|
20
20
|
- - '='
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 0.0.
|
22
|
+
version: 0.0.35
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
requirements:
|
27
27
|
- - '='
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
version: 0.0.
|
29
|
+
version: 0.0.35
|
30
30
|
- !ruby/object:Gem::Dependency
|
31
|
-
name:
|
31
|
+
name: sinatra
|
32
32
|
requirement: !ruby/object:Gem::Requirement
|
33
33
|
requirements:
|
34
34
|
- - ">="
|
@@ -42,7 +42,7 @@ dependencies:
|
|
42
42
|
- !ruby/object:Gem::Version
|
43
43
|
version: '0'
|
44
44
|
- !ruby/object:Gem::Dependency
|
45
|
-
name:
|
45
|
+
name: sinatra-contrib
|
46
46
|
requirement: !ruby/object:Gem::Requirement
|
47
47
|
requirements:
|
48
48
|
- - ">="
|
@@ -56,7 +56,7 @@ dependencies:
|
|
56
56
|
- !ruby/object:Gem::Version
|
57
57
|
version: '0'
|
58
58
|
- !ruby/object:Gem::Dependency
|
59
|
-
name: sinatra
|
59
|
+
name: sinatra-activerecord
|
60
60
|
requirement: !ruby/object:Gem::Requirement
|
61
61
|
requirements:
|
62
62
|
- - ">="
|
@@ -70,19 +70,19 @@ dependencies:
|
|
70
70
|
- !ruby/object:Gem::Version
|
71
71
|
version: '0'
|
72
72
|
- !ruby/object:Gem::Dependency
|
73
|
-
name:
|
73
|
+
name: pg
|
74
74
|
requirement: !ruby/object:Gem::Requirement
|
75
75
|
requirements:
|
76
|
-
- - "
|
76
|
+
- - "~>"
|
77
77
|
- !ruby/object:Gem::Version
|
78
|
-
version: '0'
|
78
|
+
version: '0.21'
|
79
79
|
type: :runtime
|
80
80
|
prerelease: false
|
81
81
|
version_requirements: !ruby/object:Gem::Requirement
|
82
82
|
requirements:
|
83
|
-
- - "
|
83
|
+
- - "~>"
|
84
84
|
- !ruby/object:Gem::Version
|
85
|
-
version: '0'
|
85
|
+
version: '0.21'
|
86
86
|
- !ruby/object:Gem::Dependency
|
87
87
|
name: thin
|
88
88
|
requirement: !ruby/object:Gem::Requirement
|
@@ -113,12 +113,26 @@ dependencies:
|
|
113
113
|
version: '0'
|
114
114
|
- !ruby/object:Gem::Dependency
|
115
115
|
name: secure_headers
|
116
|
+
requirement: !ruby/object:Gem::Requirement
|
117
|
+
requirements:
|
118
|
+
- - '='
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: 3.6.4
|
121
|
+
type: :runtime
|
122
|
+
prerelease: false
|
123
|
+
version_requirements: !ruby/object:Gem::Requirement
|
124
|
+
requirements:
|
125
|
+
- - '='
|
126
|
+
- !ruby/object:Gem::Version
|
127
|
+
version: 3.6.4
|
128
|
+
- !ruby/object:Gem::Dependency
|
129
|
+
name: rack-test
|
116
130
|
requirement: !ruby/object:Gem::Requirement
|
117
131
|
requirements:
|
118
132
|
- - ">="
|
119
133
|
- !ruby/object:Gem::Version
|
120
134
|
version: '0'
|
121
|
-
type: :
|
135
|
+
type: :development
|
122
136
|
prerelease: false
|
123
137
|
version_requirements: !ruby/object:Gem::Requirement
|
124
138
|
requirements:
|
@@ -126,7 +140,7 @@ dependencies:
|
|
126
140
|
- !ruby/object:Gem::Version
|
127
141
|
version: '0'
|
128
142
|
- !ruby/object:Gem::Dependency
|
129
|
-
name:
|
143
|
+
name: coveralls
|
130
144
|
requirement: !ruby/object:Gem::Requirement
|
131
145
|
requirements:
|
132
146
|
- - ">="
|
@@ -185,16 +199,16 @@ dependencies:
|
|
185
199
|
name: rake
|
186
200
|
requirement: !ruby/object:Gem::Requirement
|
187
201
|
requirements:
|
188
|
-
- - "
|
202
|
+
- - ">="
|
189
203
|
- !ruby/object:Gem::Version
|
190
|
-
version: '
|
204
|
+
version: '0'
|
191
205
|
type: :development
|
192
206
|
prerelease: false
|
193
207
|
version_requirements: !ruby/object:Gem::Requirement
|
194
208
|
requirements:
|
195
|
-
- - "
|
209
|
+
- - ">="
|
196
210
|
- !ruby/object:Gem::Version
|
197
|
-
version: '
|
211
|
+
version: '0'
|
198
212
|
- !ruby/object:Gem::Dependency
|
199
213
|
name: rubocop
|
200
214
|
requirement: !ruby/object:Gem::Requirement
|
@@ -227,11 +241,9 @@ files:
|
|
227
241
|
- lib/ssh_scan_api.rb
|
228
242
|
- lib/ssh_scan_api/api.rb
|
229
243
|
- lib/ssh_scan_api/authenticator.rb
|
230
|
-
- lib/ssh_scan_api/
|
231
|
-
- lib/ssh_scan_api/
|
232
|
-
- lib/ssh_scan_api/
|
233
|
-
- lib/ssh_scan_api/job_queue.rb
|
234
|
-
- lib/ssh_scan_api/stats.rb
|
244
|
+
- lib/ssh_scan_api/constants.rb
|
245
|
+
- lib/ssh_scan_api/models/scan.rb
|
246
|
+
- lib/ssh_scan_api/target_validator.rb
|
235
247
|
- lib/ssh_scan_api/version.rb
|
236
248
|
- ssh_scan_api.gemspec
|
237
249
|
homepage: http://rubygems.org/gems/ssh_scan_api
|
@@ -249,12 +261,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
249
261
|
version: '0'
|
250
262
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
251
263
|
requirements:
|
252
|
-
- - "
|
264
|
+
- - ">="
|
253
265
|
- !ruby/object:Gem::Version
|
254
|
-
version:
|
266
|
+
version: '0'
|
255
267
|
requirements: []
|
256
268
|
rubyforge_project:
|
257
|
-
rubygems_version: 2.6.
|
269
|
+
rubygems_version: 2.6.13
|
258
270
|
signing_key:
|
259
271
|
specification_version: 4
|
260
272
|
summary: ssh_scan API
|
@@ -1,61 +0,0 @@
|
|
1
|
-
require 'ssh_scan_api/database/mongo'
|
2
|
-
require 'ssh_scan_api/database/sqlite'
|
3
|
-
|
4
|
-
module SSHScan
|
5
|
-
class Database
|
6
|
-
attr_reader :database
|
7
|
-
|
8
|
-
# @param [SSHScan::Database::MongoDb, SSHScan::Database::SQLite] database
|
9
|
-
def initialize(database)
|
10
|
-
@database = database
|
11
|
-
end
|
12
|
-
|
13
|
-
# @param [Hash] opts
|
14
|
-
# @return [SSHScan::Database]
|
15
|
-
def self.from_hash(opts)
|
16
|
-
database_options = opts["database"]
|
17
|
-
|
18
|
-
# Figure out what database object to load
|
19
|
-
case database_options["type"]
|
20
|
-
when "sqlite"
|
21
|
-
database = SSHScan::DB::SQLite.from_hash(database_options)
|
22
|
-
when "mongodb"
|
23
|
-
database = SSHScan::DB::MongoDb.from_hash(database_options)
|
24
|
-
else
|
25
|
-
raise "Database type of #{database_options[:type].class} not supported"
|
26
|
-
end
|
27
|
-
|
28
|
-
SSHScan::Database.new(database)
|
29
|
-
end
|
30
|
-
|
31
|
-
# @param [String] worker_id
|
32
|
-
# @param [String] uuid
|
33
|
-
# @param [Hash] result
|
34
|
-
# @return [Nil]
|
35
|
-
def add_scan(worker_id, uuid, result, socket)
|
36
|
-
@database.add_scan(worker_id, uuid, result, socket)
|
37
|
-
return nil
|
38
|
-
end
|
39
|
-
|
40
|
-
# @param [String] uuid
|
41
|
-
# @return [Nil]
|
42
|
-
def delete_scan(uuid)
|
43
|
-
@database.delete_scan(uuid)
|
44
|
-
end
|
45
|
-
|
46
|
-
# @return [Nil]
|
47
|
-
def delete_all
|
48
|
-
@database.delete_all
|
49
|
-
end
|
50
|
-
|
51
|
-
# @return [Hash] result
|
52
|
-
def find_scan_result(uuid)
|
53
|
-
@database.find_scan_result(uuid)
|
54
|
-
end
|
55
|
-
|
56
|
-
# @return [Hash] result
|
57
|
-
def fetch_cached_result(socket)
|
58
|
-
@database.fetch_cached_result(socket)
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|