threadfix-cli 0.1.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/lib/threadfix/cli/applications.rb +51 -0
  3. data/lib/threadfix/cli/scan.rb +6 -3
  4. data/lib/threadfix/cli/version.rb +1 -1
  5. data/lib/threadfix/cli.rb +9 -0
  6. data/lib/threadfix/client/applications/get_id.rb +57 -0
  7. data/lib/threadfix/client/applications/lookup.rb +47 -0
  8. data/lib/threadfix/client/applications.rb +26 -0
  9. data/lib/threadfix/client/scans/upload.rb +10 -3
  10. data/lib/threadfix/client.rb +2 -1
  11. metadata +9 -15
  12. data/.gitignore +0 -11
  13. data/.rspec +0 -3
  14. data/CHANGE_LOG.md +0 -3
  15. data/Gemfile +0 -6
  16. data/Gemfile.lock +0 -59
  17. data/LICENSE +0 -9
  18. data/README.md +0 -26
  19. data/Rakefile +0 -6
  20. data/threadfix-cli.gemspec +0 -44
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a1e54acd08e9bb3fae80fc89232d76d1e2c2d57b3e94d4d640b687c61cace57f
4
- data.tar.gz: 2269a7fb0d0b9ac1ab02072ce8d507a57383d385a0330655aa73400b9969771a
3
+ metadata.gz: '08558fa9c18007a5c1708420a69386e483c226e9e8c556186656a8c35fed4894'
4
+ data.tar.gz: 457ddbb710dfbb0c643ea3d32a1b4efac65756dcb63723fc0652bb7d9de56dc9
5
5
  SHA512:
6
- metadata.gz: 7b123e7c57c914c821cf434430c46310bd41cf46e5bce6bcab53c0ee882ae0b1742bcc9ba918aeb68a76f9d14058359b2ad7a0c061a79f6d8b2ae87fb02b0a68
7
- data.tar.gz: af0c3b4df849907049b148f73c7d7ebacb6856f0e52ed87de12dcb52a911051413e81a5b737a70e38dae108789bda9ee6df02d541a6dd93b3d721674baa55376
6
+ metadata.gz: 3364224b767303147610b18b165fb82c52351311519631a8b47f55be0991b3cbf45d2d3f35a381282c50649e2b373f771f8b3f8da3a72dec4d1c26e3b7ed08c4
7
+ data.tar.gz: 811b5d28d26cf75c7d9097dadea7be57028537af3ec1df72aa445675422d05e08b305373ae5cdfca2731166110b2091c4397837b554d20676004524f6cc30531
data/lib/threadfix/cli/applications.rb ADDED
@@ -0,0 +1,51 @@
1
+ require "threadfix/client"
2
+ module Threadfix
3
+ module Cli
4
+ class Applications < Thor
5
+ desc "get_id", "gets an application ID from a application name"
6
+ option :host
7
+ option :key, desc: "Authorisation key"
8
+ option :app_name, required: true
9
+ def get_id
10
+ Client.configure do |config|
11
+ config.host = options[:host] if options[:host]
12
+ config.key = options[:key] if options[:key]
13
+ end
14
+
15
+ begin
16
+ response = Client::Applications.get_id(app_name: options[:app_name] )
17
+ if !response.nil?
18
+ puts response
19
+ end
20
+ rescue SocketError => e
21
+ puts "Error: Unable open connection to '#{Client.config.host}'"
22
+ exit 1
23
+ end
24
+ end
25
+
26
+ desc "lookup", "lookup an application ID"
27
+ option :host
28
+ option :key, desc: "Authorisation key"
29
+ option :app_name, required: true
30
+ option :team_name, required: true
31
+ def lookup
32
+ Client.configure do |config|
33
+ config.host = options[:host] if options[:host]
34
+ config.key = options[:key] if options[:key]
35
+ end
36
+
37
+ begin
38
+ response = Client::Applications.lookup(team_name: options[:team_name], app_name: options[:app_name] )
39
+ if response['message'] == ''
40
+ puts "ID: #{response['object']['id']}"
41
+ else
42
+ puts response['message']
43
+ end
44
+ rescue SocketError => e
45
+ puts "Error: Unable open connection to '#{Client.config.host}'"
46
+ exit 1
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
data/lib/threadfix/cli/scan.rb CHANGED
@@ -4,7 +4,7 @@ module Threadfix
4
4
  class Scan < Thor
5
5
  desc "upload", "Uploads a scan to ThreadFix"
6
6
  option :host
7
- option 'app-id', required: true, type: :numeric
7
+ option :app_id, required: true, type: :numeric
8
8
  option :file, required: true, aliases: '-f', desc: "Report to upload"
9
9
  option :key, desc: "Authorisation key"
10
10
  def upload
@@ -14,8 +14,11 @@ module Threadfix
14
14
  end
15
15
 
16
16
  begin
17
- response = Client::Scans.upload(file_path: options[:file], app_id: options['app-id'] )
18
- puts response['message']
17
+ response = Client::Scans.upload(file_path: options[:file], app_id: options[:app_id] )
18
+ message = response['message']
19
+ message = message + " (ID: #{response['object']['id']})" if response['object'] && response['object']['id']
20
+
21
+ puts message
19
22
  rescue Errno::ENOENT => e
20
23
  puts "Error: File or directory '#{options[:file]}' doesn't exist."
21
24
  exit 1
data/lib/threadfix/cli/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Threadfix
2
2
  module Cli
3
- VERSION = "0.1.0"
3
+ VERSION = "0.3.1"
4
4
  end
5
5
  end
data/lib/threadfix/cli.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  require 'thor'
2
2
  require "threadfix/cli/version"
3
3
  require "threadfix/cli/scan"
4
+ require "threadfix/cli/applications"
4
5
  require "threadfix/client"
5
6
 
6
7
  module Threadfix
@@ -8,7 +9,15 @@ module Threadfix
8
9
 
9
10
  class Error < StandardError; end
10
11
 
12
+ desc "version", "print version"
13
+ def version
14
+ puts Cli::VERSION
15
+ end
16
+
11
17
  desc "scan <command>", "manage scans"
12
18
  subcommand "scan", Cli::Scan
19
+
20
+ desc "applications <command>", "manage applications"
21
+ subcommand "applications", Cli::Applications
13
22
  end
14
23
  end
data/lib/threadfix/client/applications/get_id.rb ADDED
@@ -0,0 +1,57 @@
1
+ module Threadfix
2
+ module Client
3
+ module Applications
4
+ class GetId
5
+ # https://denimgroup.atlassian.net/wiki/spaces/TDOC/pages/664567813/List+Applications+-+API
6
+ API_VERSION='v2.7.5'
7
+
8
+ attr_reader :app_name
9
+
10
+ def initialize(options={})
11
+ @app_name = options[:app_name]
12
+ end
13
+
14
+ def perform!
15
+ begin
16
+ puts "GET #{endpoint.to_s}" if ENV['DEBUG']
17
+ r = RestClient.get(
18
+ endpoint.to_s,
19
+ { :accept => "application/json", :Authorization => "APIKEY #{apiKey}" }
20
+ )
21
+ body = JSON.parse(r.body)
22
+
23
+ begin
24
+ body.fetch('object')
25
+ .find{ |a| a.fetch('name').downcase == app_name.downcase}.fetch('id')
26
+ rescue => e
27
+ puts "App '#{app_name}' was not found."
28
+ nil # return nil if data not found
29
+ end
30
+ rescue RestClient::NotFound => e
31
+ puts "Endpoint not found (using API version: #{API_VERSION})"
32
+ puts e.message if ENG['DEBUG']
33
+ raise e
34
+ rescue RestClient::ExceptionWithResponse => e
35
+ puts e.message if ENG['DEBUG']
36
+ raise e
37
+ end
38
+ end
39
+
40
+ private
41
+
42
+ def endpoint
43
+ URI("#{host}/rest/#{API_VERSION}/applications")
44
+ end
45
+
46
+ def host
47
+ Client.config.host
48
+ end
49
+
50
+ def apiKey
51
+ Client.config.key
52
+ end
53
+ end
54
+
55
+ end
56
+ end
57
+ end
data/lib/threadfix/client/applications/lookup.rb ADDED
@@ -0,0 +1,47 @@
1
+ module Threadfix
2
+ module Client
3
+ module Applications
4
+ class Lookup
5
+ API_VERSION='v2.5.0.2'
6
+
7
+ attr_reader :team_name, :app_name
8
+
9
+ def initialize(options={})
10
+ @team_name = options[:team_name]
11
+ @app_name = options[:app_name]
12
+ end
13
+
14
+ def perform!
15
+ begin
16
+ puts "GET #{endpoint.to_s}" if ENV['DEBUG']
17
+ r = RestClient.get(
18
+ endpoint.to_s,
19
+ { :accept => "application/json", :Authorization => "APIKEY #{apiKey}" }
20
+ )
21
+ JSON.parse(r.body)
22
+ rescue RestClient::NotFound => e
23
+ puts "Endpoint not found (using API version: #{API_VERSION})"
24
+ raise e
25
+ rescue RestClient::ExceptionWithResponse => e
26
+ raise e
27
+ end
28
+ end
29
+
30
+ private
31
+
32
+ def endpoint
33
+ URI("#{host}/rest/#{API_VERSION}/applications/#{team_name}/lookup?name=#{app_name}")
34
+ end
35
+
36
+ def host
37
+ Client.config.host
38
+ end
39
+
40
+ def apiKey
41
+ Client.config.key
42
+ end
43
+ end
44
+
45
+ end
46
+ end
47
+ end
data/lib/threadfix/client/applications.rb ADDED
@@ -0,0 +1,26 @@
1
+ require "threadfix/client/applications/lookup"
2
+ require "threadfix/client/applications/get_id"
3
+
4
+ module Threadfix
5
+ module Client
6
+ module Applications
7
+ class <<self
8
+
9
+ # @param options[app_name]
10
+ # @param options[team_name]
11
+ # @return Hash
12
+ def lookup(options={})
13
+ action = Lookup.new(options)
14
+ action.perform!
15
+ end
16
+
17
+ # @param options[app_name]
18
+ # @return Hash
19
+ def get_id(options={})
20
+ action = GetId.new(options)
21
+ action.perform!
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
data/lib/threadfix/client/scans/upload.rb CHANGED
@@ -1,12 +1,13 @@
1
1
  require 'rest-client'
2
2
  require 'json'
3
+ require 'uri'
3
4
 
4
5
  module Threadfix
5
6
  module Client
6
7
  module Scans
7
8
  class Upload
8
- API_VERSION='2.5'
9
- attr_accessor :file_path, :app_id
9
+ API_VERSION='v2.5'
10
+ attr_reader :file_path, :app_id
10
11
 
11
12
  def initialize(options={})
12
13
  @file_path = options[:file_path]
@@ -15,8 +16,9 @@ module Threadfix
15
16
 
16
17
  def perform!
17
18
  begin
19
+ puts "POST #{endpoint.to_s}" if ENV['DEBUG']
18
20
  r = RestClient.post(
19
- "#{host}/rest/#{API_VERSION}/applications/#{app_id}/upload",
21
+ endpoint.to_s,
20
22
  { file: file },
21
23
  { :accept => "application/json", :Authorization => "APIKEY #{apiKey}" }
22
24
  )
@@ -25,12 +27,17 @@ module Threadfix
25
27
  puts "Endpoint not found (using API version: #{API_VERSION})"
26
28
  raise e
27
29
  rescue RestClient::ExceptionWithResponse => e
30
+ puts e.message
28
31
  raise e
29
32
  end
30
33
  end
31
34
 
32
35
  private
33
36
 
37
+ def endpoint
38
+ URI("#{host}/rest/#{API_VERSION}/applications/#{app_id}/upload")
39
+ end
40
+
34
41
  def file
35
42
  File.new(file_path, 'rb')
36
43
  end
data/lib/threadfix/client.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require "threadfix/client/scans"
2
+ require "threadfix/client/applications"
2
3
 
3
4
  module Threadfix
4
5
  module Client
@@ -15,7 +16,7 @@ module Threadfix
15
16
  attr_accessor :host, :key
16
17
 
17
18
  def initialize
18
- @host = ENV['HOST']
19
+ @host = ENV['THREADFIX_HOST']
19
20
  @key = ENV['THREADFIX_TOKEN']
20
21
  end
21
22
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: threadfix-cli
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dave Elliott
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-08 00:00:00.000000000 Z
11
+ date: 2022-02-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '10.0'
61
+ version: '13.0'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '10.0'
68
+ version: '13.0'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rspec
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -88,24 +88,19 @@ executables:
88
88
  extensions: []
89
89
  extra_rdoc_files: []
90
90
  files:
91
- - ".gitignore"
92
- - ".rspec"
93
- - CHANGE_LOG.md
94
- - Gemfile
95
- - Gemfile.lock
96
- - LICENSE
97
- - README.md
98
- - Rakefile
99
91
  - bin/console
100
92
  - bin/setup
101
93
  - bin/threadfix
102
94
  - lib/threadfix/cli.rb
95
+ - lib/threadfix/cli/applications.rb
103
96
  - lib/threadfix/cli/scan.rb
104
97
  - lib/threadfix/cli/version.rb
105
98
  - lib/threadfix/client.rb
99
+ - lib/threadfix/client/applications.rb
100
+ - lib/threadfix/client/applications/get_id.rb
101
+ - lib/threadfix/client/applications/lookup.rb
106
102
  - lib/threadfix/client/scans.rb
107
103
  - lib/threadfix/client/scans/upload.rb
108
- - threadfix-cli.gemspec
109
104
  homepage: https://github.com/DDAZZA/threadfix-cli
110
105
  licenses: []
111
106
  metadata:
@@ -127,8 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
127
122
  - !ruby/object:Gem::Version
128
123
  version: '0'
129
124
  requirements: []
130
- rubyforge_project:
131
- rubygems_version: 2.7.6
125
+ rubygems_version: 3.2.32
132
126
  signing_key:
133
127
  specification_version: 4
134
128
  summary: CLI to upload scan report to ThreadFix
data/.gitignore DELETED
@@ -1,11 +0,0 @@
1
- /.bundle/
2
- /.yardoc
3
- /_yardoc/
4
- /coverage/
5
- /doc/
6
- /pkg/
7
- /spec/reports/
8
- /tmp/
9
-
10
- # rspec failure tracking
11
- .rspec_status
data/.rspec DELETED
@@ -1,3 +0,0 @@
1
- --format documentation
2
- --color
3
- --require spec_helper
data/CHANGE_LOG.md DELETED
@@ -1,3 +0,0 @@
1
- # v0.1.0
2
-
3
- - Initial release to upload scans
data/Gemfile DELETED
@@ -1,6 +0,0 @@
1
- source "https://rubygems.org"
2
-
3
- # Specify your gem's dependencies in threadfix-cli.gemspec
4
- gemspec
5
-
6
- gem 'pry'
data/Gemfile.lock DELETED
@@ -1,59 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- threadfix (0.1.0)
5
- rest-client
6
- thor
7
-
8
- GEM
9
- remote: https://rubygems.org/
10
- specs:
11
- coderay (1.1.2)
12
- diff-lcs (1.3)
13
- domain_name (0.5.20180417)
14
- unf (>= 0.0.5, < 1.0.0)
15
- http-cookie (1.0.3)
16
- domain_name (~> 0.5)
17
- method_source (0.9.2)
18
- mime-types (3.2.2)
19
- mime-types-data (~> 3.2015)
20
- mime-types-data (3.2019.0331)
21
- netrc (0.11.0)
22
- pry (0.12.2)
23
- coderay (~> 1.1.0)
24
- method_source (~> 0.9.0)
25
- rake (10.5.0)
26
- rest-client (2.0.2)
27
- http-cookie (>= 1.0.2, < 2.0)
28
- mime-types (>= 1.16, < 4.0)
29
- netrc (~> 0.8)
30
- rspec (3.8.0)
31
- rspec-core (~> 3.8.0)
32
- rspec-expectations (~> 3.8.0)
33
- rspec-mocks (~> 3.8.0)
34
- rspec-core (3.8.0)
35
- rspec-support (~> 3.8.0)
36
- rspec-expectations (3.8.2)
37
- diff-lcs (>= 1.2.0, < 2.0)
38
- rspec-support (~> 3.8.0)
39
- rspec-mocks (3.8.0)
40
- diff-lcs (>= 1.2.0, < 2.0)
41
- rspec-support (~> 3.8.0)
42
- rspec-support (3.8.0)
43
- thor (0.20.3)
44
- unf (0.1.4)
45
- unf_ext
46
- unf_ext (0.0.7.5)
47
-
48
- PLATFORMS
49
- ruby
50
-
51
- DEPENDENCIES
52
- bundler (~> 2.0)
53
- pry
54
- rake (~> 10.0)
55
- rspec (~> 3.0)
56
- threadfix!
57
-
58
- BUNDLED WITH
59
- 2.0.1
data/LICENSE DELETED
@@ -1,9 +0,0 @@
1
- MIT License
2
-
3
- Copyright (c) 2019 David Elliott
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
6
-
7
- The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
8
-
9
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md DELETED
@@ -1,26 +0,0 @@
1
- # Threadfix
2
- Command line tool to upload a static analysis report to ThreadFix
3
-
4
- ## Installation
5
-
6
- Install it with:
7
-
8
- ```ruby
9
- $ gem install threadfix
10
- ```
11
-
12
- ## Usage
13
-
14
- ```ruby
15
- $ threadfix scan upload --app-id <APP-ID> --host <Server> --key <Auth Key> --file ./repo/results.json
16
- ```
17
-
18
- ## Development
19
-
20
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
21
-
22
- To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
23
-
24
- ## Contributing
25
-
26
- Bug reports and pull requests are welcome on GitHub at https://github.com/DDAZZA/threadfix-cli.
data/Rakefile DELETED
@@ -1,6 +0,0 @@
1
- require "bundler/gem_tasks"
2
- require "rspec/core/rake_task"
3
-
4
- RSpec::Core::RakeTask.new(:spec)
5
-
6
- task :default => :spec
data/threadfix-cli.gemspec DELETED
@@ -1,44 +0,0 @@
1
-
2
- lib = File.expand_path("../lib", __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require "threadfix/cli/version"
5
-
6
- Gem::Specification.new do |spec|
7
- spec.name = "threadfix-cli"
8
- spec.version = Threadfix::Cli::VERSION
9
- spec.authors = ["Dave Elliott"]
10
- spec.email = ["ddazza@gmail.com"]
11
-
12
- spec.summary = %q{CLI to upload scan report to ThreadFix}
13
- spec.description = %q{Command line tool to upload a static analysis report to ThreadFix}
14
- spec.homepage = "https://github.com/DDAZZA/threadfix-cli"
15
-
16
- # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
17
- # to allow pushing to a single host or delete this section to allow pushing to any host.
18
- if spec.respond_to?(:metadata)
19
- # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
20
-
21
- spec.metadata["homepage_uri"] = spec.homepage
22
- spec.metadata["source_code_uri"] = "https://github.com/DDAZZA/threadfix-cli"
23
- spec.metadata["changelog_uri"] = "https://github.com/DDAZZA/threadfix-cli/blob/master/CHANGE_LOG.md"
24
- else
25
- raise "RubyGems 2.0 or newer is required to protect against " \
26
- "public gem pushes."
27
- end
28
-
29
- # Specify which files should be added to the gem when it is released.
30
- # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
31
- spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
32
- `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
33
- end
34
- spec.bindir = "bin"
35
- spec.executables = "threadfix"
36
- spec.require_paths = ["lib"]
37
-
38
- spec.add_runtime_dependency "thor", '0.20.3'
39
- spec.add_runtime_dependency "rest-client", '2.0.2'
40
-
41
- spec.add_development_dependency "bundler", "~> 2.0"
42
- spec.add_development_dependency "rake", "~> 10.0"
43
- spec.add_development_dependency "rspec", "~> 3.0"
44
- end