Class: Nexpose::Site

Inherits:
APIObject show all
Includes:
JsonSerializer
Defined in:
lib/nexpose/site.rb

Overview

Configuration object representing a Nexpose site.

For a basic walk-through, see https://github.com/rapid7/nexpose-client/wiki/Using-Sites

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from JsonSerializer

#deserialize, #serialize, #to_hash

Methods inherited from APIObject

#object_from_hash

Constructor Details

#initialize(name = nil, scan_template_id = 'full-audit-without-web-spider') ⇒ Site

Site constructor. Both arguments are optional.

Parameters:

  • name (String) (defaults to: nil)

    Unique name of the site.

  • scan_template_id (String) (defaults to: 'full-audit-without-web-spider')

    ID of the scan template to use.



160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
# File 'lib/nexpose/site.rb', line 160

def initialize(name = nil, scan_template_id = 'full-audit-without-web-spider')
  @name                  = name
  @scan_template_id      = scan_template_id
  @id                    = -1
  @risk_factor           = 1.0
  @config_version        = 3
  @schedules             = []
  @blackouts             = []
  @included_scan_targets = { addresses: [], asset_groups: [] }
  @excluded_scan_targets = { addresses: [], asset_groups: [] }
  @site_credentials      = []
  @shared_credentials    = []
  @web_credentials       = []
  @alerts                = []
  @users                 = []
  @tags                  = []
end

Instance Attribute Details

#alertsObject

Array

Collection of real-time alerts.



135
136
137
# File 'lib/nexpose/site.rb', line 135

def alerts
  @alerts
end

#auto_engine_selection_enabledObject

Scan the assets with last scanned engine or not.



128
129
130
# File 'lib/nexpose/site.rb', line 128

def auto_engine_selection_enabled
  @auto_engine_selection_enabled
end

#blackoutsObject

Array

Blackout starting dates, times and duration for blackout periods.



112
113
114
# File 'lib/nexpose/site.rb', line 112

def blackouts
  @blackouts
end

#config_versionObject

Configuration version. Default: 3



145
146
147
# File 'lib/nexpose/site.rb', line 145

def config_version
  @config_version
end

#descriptionObject

Description of the site.



90
91
92
# File 'lib/nexpose/site.rb', line 90

def description
  @description
end

#discovery_configObject

discovery config of the discovery connection associated with this site if it is dynamic.



151
152
153
# File 'lib/nexpose/site.rb', line 151

def discovery_config
  @discovery_config
end

#engine_idObject

Scan Engine to use. Will use the default engine if nil or -1.



106
107
108
# File 'lib/nexpose/site.rb', line 106

def engine_id
  @engine_id
end

#excluded_scan_targetsObject

Excluded scan targets. May be IPv4, IPv6, DNS names, IPRanges or assetgroup ids.



96
97
98
# File 'lib/nexpose/site.rb', line 96

def excluded_scan_targets
  @excluded_scan_targets
end

#idObject

The site ID. An ID of -1 is used to designate a site that has not been saved to a Nexpose console.



84
85
86
# File 'lib/nexpose/site.rb', line 84

def id
  @id
end

#included_scan_targetsObject

Included scan targets. May be IPv4, IPv6, DNS names, IPRanges or assetgroup ids.



93
94
95
# File 'lib/nexpose/site.rb', line 93

def included_scan_targets
  @included_scan_targets
end

#nameObject

Unique name of the site. Required.



87
88
89
# File 'lib/nexpose/site.rb', line 87

def name
  @name
end

#organizationObject

Information about the organization that this site belongs to. Used by some reports.



139
140
141
# File 'lib/nexpose/site.rb', line 139

def organization
  @organization
end

#risk_factorObject

The risk factor associated with this site. Default: 1.0



115
116
117
# File 'lib/nexpose/site.rb', line 115

def risk_factor
  @risk_factor
end

#scan_template_idObject

Scan template to use when starting a scan job. Default: full-audit-without-web-spider



99
100
101
# File 'lib/nexpose/site.rb', line 99

def scan_template_id
  @scan_template_id
end

#scan_template_nameObject

Friendly name of scan template to use when starting a scan job. Value is populated when a site is saved or loaded from a console.



103
104
105
# File 'lib/nexpose/site.rb', line 103

def scan_template_name
  @scan_template_name
end

#schedulesObject

Array

Schedule starting dates and times for scans, and set their frequency.



109
110
111
# File 'lib/nexpose/site.rb', line 109

def schedules
  @schedules
end

#search_criteriaObject

Asset filter criteria if this site is dynamic.



148
149
150
# File 'lib/nexpose/site.rb', line 148

def search_criteria
  @search_criteria
end

#shared_credentialsObject

Array

Collection of shared credentials associated with this site.



122
123
124
# File 'lib/nexpose/site.rb', line 122

def shared_credentials
  @shared_credentials
end

#site_credentialsObject

Array

Collection of credentials associated with this site. Does not

include shared credentials.



119
120
121
# File 'lib/nexpose/site.rb', line 119

def site_credentials
  @site_credentials
end

#tagsObject

Array

Collection of TagSummary



154
155
156
# File 'lib/nexpose/site.rb', line 154

def tags
  @tags
end

#usersObject

Array

List of user IDs for users who have access to the site.



142
143
144
# File 'lib/nexpose/site.rb', line 142

def users
  @users
end

#web_credentialsObject

Array

Collection of web credentials associated with the site.



125
126
127
# File 'lib/nexpose/site.rb', line 125

def web_credentials
  @web_credentials
end

Class Method Details

.copy(connection, id) ⇒ Site

Copy an existing configuration from a Nexpose instance. Returned object will reset the site ID and append “Copy” to the existing name.

Parameters:

  • connection (Connection)

    Connection to the security console.

  • id (Fixnum)

    Site ID of an existing site.

Returns:

  • (Site)

    Site configuration loaded from a Nexpose console.



496
497
498
499
500
501
# File 'lib/nexpose/site.rb', line 496

def self.copy(connection, id)
  site      = self.load(connection, id)
  site.id   = -1
  site.name = "#{site.name} Copy"
  site
end

.from_hash(hash) ⇒ Object



390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
# File 'lib/nexpose/site.rb', line 390

def self.from_hash(hash)
  site = new(hash[:name], hash[:scan_template_id])
  hash.each do |k, v|
    site.instance_variable_set("@#{k}", v)
  end

  # Convert each string address to either a HostName or IPRange object
  included_scan_targets = { addresses: [], asset_groups: [] }
  site.included_scan_targets[:addresses].each { |asset| included_scan_targets[:addresses] << HostOrIP.convert(asset) }
  included_scan_targets[:asset_groups] = site.included_scan_targets[:asset_groups]
  site.included_scan_targets = included_scan_targets

  excluded_scan_targets = { addresses: [], asset_groups: [] }
  site.excluded_scan_targets[:addresses].each { |asset| excluded_scan_targets[:addresses] << HostOrIP.convert(asset) }
  excluded_scan_targets[:asset_groups] = site.excluded_scan_targets[:asset_groups]
  site.excluded_scan_targets = excluded_scan_targets

  site
end

.json_initializer(data) ⇒ Object



484
485
486
# File 'lib/nexpose/site.rb', line 484

def self.json_initializer(data)
  new(data[:name], data[:scan_template_id])
end

.load(nsc, id) ⇒ Site

Load an site from the provided console.

Parameters:

  • nsc (Connection)

    Active connection to a Nexpose console.

  • id (String)

    Unique identifier of a site.

Returns:

  • (Site)

    The requested site, if found.



452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
# File 'lib/nexpose/site.rb', line 452

def self.load(nsc, id)
  uri  = "/api/2.1/site_configurations/#{id}"
  resp = AJAX.get(nsc, uri, AJAX::CONTENT_TYPE::JSON)
  hash = JSON.parse(resp, symbolize_names: true)
  site = self.json_initializer(hash).deserialize(hash)

  # Convert each string address to either a HostName or IPRange object
  included_addresses = hash[:included_scan_targets][:addresses]
  site.included_scan_targets[:addresses] = []
  included_addresses.each { |asset| site.include_asset(asset) }

  excluded_addresses = hash[:excluded_scan_targets][:addresses]
  site.excluded_scan_targets[:addresses] = []
  excluded_addresses.each { |asset| site.exclude_asset(asset) }

  site.organization       = Organization.create(site.organization)
  site.schedules          = (hash[:schedules] || []).map { |schedule| Nexpose::Schedule.from_hash(schedule) }
  site.blackouts          = (hash[:blackouts] || []).map { |blackout| Nexpose::Blackout.from_hash(blackout) }
  site.site_credentials   = hash[:site_credentials].map { |cred| Nexpose::SiteCredentials.new.object_from_hash(nsc, cred) }
  site.shared_credentials = hash[:shared_credentials].map { |cred| Nexpose::SiteCredentials.new.object_from_hash(nsc, cred) }
  site.discovery_config   = Nexpose::DiscoveryConnection.new.object_from_hash(nsc, hash[:discovery_config]) unless hash[:discovery_config].nil?
  site.search_criteria    = Nexpose::DiscoveryConnection::Criteria.parseHash(hash[:search_criteria]) unless hash[:search_criteria].nil?
  site.alerts             = Alert.load_alerts(hash[:alerts])
  site.tags               = Tag.load_tags(hash[:tags])
  site.web_credentials = hash[:web_credentials].map { |web_cred| (
  web_cred[:service] == Nexpose::WebCredentials::WebAppAuthType::HTTP_HEADER ?
      Nexpose::WebCredentials::Headers.new(web_cred[:name], web_cred[:baseURL], web_cred[:soft403Pattern], web_cred[:id]).object_from_hash(nsc, web_cred) :
      Nexpose::WebCredentials::HTMLForms.new(web_cred[:name], web_cred[:baseURL], web_cred[:loginURL], web_cred[:soft403Pattern], web_cred[:id]).object_from_hash(nsc, web_cred)) }

  site
end

Instance Method Details

#add_user(user_id) ⇒ Object



374
375
376
377
378
379
380
# File 'lib/nexpose/site.rb', line 374

def add_user(user_id)
  unless user_id.is_a?(Numeric) && user_id > 0
    raise 'Invalid user id. A user id must be a positive number and refer to an existing system user.'
  end

  @users << { id: user_id }
end

#delete(connection) ⇒ Boolean

Delete this site from a Nexpose console.

Parameters:

  • connection (Connection)

    Connection to console where this site will be saved.

Returns:

  • (Boolean)

    Whether or not the site was successfully deleted.



534
535
536
537
# File 'lib/nexpose/site.rb', line 534

def delete(connection)
  r = connection.execute(%(<SiteDeleteRequest session-id="#{connection.session_id}" site-id="#{@id}"/>))
  r.success
end

#exclude_asset(asset) ⇒ Object

Adds an asset to this site excluded scan targets, resolving whether an IP or hostname is provided.

Parameters:

  • asset (String)

    Identifier of an asset, either IP or host name.



315
316
317
# File 'lib/nexpose/site.rb', line 315

def exclude_asset(asset)
  @excluded_scan_targets[:addresses] << HostOrIP.convert(asset)
end

#exclude_asset_group(asset_group_id) ⇒ Object

Adds an asset group ID to this site excluded scan targets.

Parameters:

  • asset_group_id (Integer)

    Identifier of an assetGroupID.



350
351
352
353
# File 'lib/nexpose/site.rb', line 350

def exclude_asset_group(asset_group_id)
  validate_asset_group(asset_group_id)
  @excluded_scan_targets[:asset_groups] << asset_group_id.to_i
end

#exclude_ip_range(from, to) ⇒ Object

Adds assets to this site excluded scan targets by IP address range.

Parameters:

  • from (String)

    Beginning IP address of a range.

  • to (String)

    Ending IP address of a range.



286
287
288
289
290
291
292
293
294
# File 'lib/nexpose/site.rb', line 286

def exclude_ip_range(from, to)
  from_ip = IPAddr.new(from)
  to_ip   = IPAddr.new(to)
  (from_ip..to_ip)
  raise 'Invalid IP range specified' if (from_ip..to_ip).to_a.size.zero?
  @excluded_scan_targets[:addresses] << IPRange.new(from, to)
rescue ArgumentError => e
  raise "#{e.message} in given IP range"
end

#excluded_addressesArray[IPRange|HostName]

Returns the array of excluded scan target addresses.

Returns:



206
207
208
# File 'lib/nexpose/site.rb', line 206

def excluded_addresses
  @excluded_scan_targets[:addresses]
end

#excluded_addresses=(new_addresses) ⇒ Array[IPRange|HostName]

Sets the array of excluded scan target addresses.

Parameters:

  • new_addresses (Array[IPRange|HostName])

    The new array of scan target addresses.

Returns:



213
214
215
# File 'lib/nexpose/site.rb', line 213

def excluded_addresses=(new_addresses)
  @excluded_scan_targets[:addresses] = new_addresses
end

#excluded_asset_groupsArray[Fixnum]

Returns the array of IDs for excluded scan target asset groups.

Returns:

  • (Array[Fixnum])

    Array of IDs for excluded asset groups.



219
220
221
# File 'lib/nexpose/site.rb', line 219

def excluded_asset_groups
  @excluded_scan_targets[:asset_groups]
end

#excluded_asset_groups=(new_asset_groups) ⇒ Array[Fixnum]

Sets the array IDs for excluded scan target asset groups.

Parameters:

  • new_asset_groups (Array[Fixnum])

    The new array of IDs for scan target asset groups.

Returns:

  • (Array[Fixnum])

    Array of IDs of the updated scan target asset groups.



226
227
228
# File 'lib/nexpose/site.rb', line 226

def excluded_asset_groups=(new_asset_groups)
  @excluded_scan_targets[:asset_groups] = new_asset_groups
end

#include_asset(asset) ⇒ Object

Adds an asset to this site included scan targets, resolving whether an IP or hostname is provided.

Parameters:

  • asset (String)

    Identifier of an asset, either IP or host name.



269
270
271
# File 'lib/nexpose/site.rb', line 269

def include_asset(asset)
  @included_scan_targets[:addresses] << HostOrIP.convert(asset)
end

#include_asset_group(asset_group_id) ⇒ Object

Adds an asset group ID to this site included scan targets.

Parameters:

  • asset_group_id (Integer)

    Identifier of an assetGroupID.



332
333
334
335
# File 'lib/nexpose/site.rb', line 332

def include_asset_group(asset_group_id)
  validate_asset_group(asset_group_id)
  @included_scan_targets[:asset_groups] << asset_group_id.to_i
end

#include_ip_range(from, to) ⇒ Object

Adds assets to this site by IP address range.

Parameters:

  • from (String)

    Beginning IP address of a range.

  • to (String)

    Ending IP address of a range.



240
241
242
243
244
245
246
247
248
# File 'lib/nexpose/site.rb', line 240

def include_ip_range(from, to)
  from_ip = IPAddr.new(from)
  to_ip   = IPAddr.new(to)
  (from_ip..to_ip)
  raise 'Invalid IP range specified' if (from_ip..to_ip).to_a.size.zero?
  @included_scan_targets[:addresses] << IPRange.new(from, to)
rescue ArgumentError => e
  raise "#{e.message} in given IP range"
end

#included_addressesArray[IPRange|HostName]

Returns the array of included scan target addresses.

Returns:



180
181
182
# File 'lib/nexpose/site.rb', line 180

def included_addresses
  @included_scan_targets[:addresses]
end

#included_addresses=(new_addresses) ⇒ Array[IPRange|HostName]

Sets the array of included scan target addresses.

Parameters:

  • new_addresses (Array[IPRange|HostName])

    The new array of scan target addresses.

Returns:



187
188
189
# File 'lib/nexpose/site.rb', line 187

def included_addresses=(new_addresses)
  @included_scan_targets[:addresses] = new_addresses
end

#included_asset_groupsArray[Fixnum]

Returns the array of IDs for included scan target asset groups.

Returns:

  • (Array[Fixnum])

    Array of included asset groups.



193
194
195
# File 'lib/nexpose/site.rb', line 193

def included_asset_groups
  @included_scan_targets[:asset_groups]
end

#included_asset_groups=(new_asset_groups) ⇒ Array[Fixnum] Array of IDs of the updated scan target asset groups.

Sets the array of IDs for included scan target asset groups.

Parameters:

  • Array[Fixnum] (Array[Fixnum] new_asset_groups The new array of IDs for scan target asset groups.)

    new_asset_groups The new array of IDs for scan target asset groups.

Returns:

  • (Array[Fixnum] Array of IDs of the updated scan target asset groups.)

    Array Array of IDs of the updated scan target asset groups.



200
201
202
# File 'lib/nexpose/site.rb', line 200

def included_asset_groups=(new_asset_groups)
  @included_scan_targets[:asset_groups] = new_asset_groups
end

#is_dynamic?Boolean Also known as: dynamic?

Returns true when the site is dynamic.

Returns:

  • (Boolean)


231
232
233
# File 'lib/nexpose/site.rb', line 231

def is_dynamic?
  !@discovery_config.nil?
end

#remove_excluded_asset(asset) ⇒ Object

Removes an asset to this site excluded scan targets, resolving whether an IP or hostname is provided.

Parameters:

  • asset (String)

    Identifier of an asset, either IP or host name.



324
325
326
# File 'lib/nexpose/site.rb', line 324

def remove_excluded_asset(asset)
  @excluded_scan_targets[:addresses].reject! { |existing_asset| existing_asset == HostOrIP.convert(asset) }
end

#remove_excluded_asset_group(asset_group_id) ⇒ Object

Adds an asset group ID to this site excluded scan targets.

Parameters:

  • asset_group_id (Integer)

    Identifier of an assetGroupID.



359
360
361
362
# File 'lib/nexpose/site.rb', line 359

def remove_excluded_asset_group(asset_group_id)
  validate_asset_group(asset_group_id)
  @excluded_scan_targets[:asset_groups].reject! { |t| t.eql? asset_group_id.to_i }
end

#remove_excluded_ip_range(from, to) ⇒ Object

Remove assets from this site excluded scan targets by IP address range.

Parameters:

  • from (String)

    Beginning IP address of a range.

  • to (String)

    Ending IP address of a range.



300
301
302
303
304
305
306
307
308
# File 'lib/nexpose/site.rb', line 300

def remove_excluded_ip_range(from, to)
  from_ip = IPAddr.new(from)
  to_ip   = IPAddr.new(to)
  (from_ip..to_ip)
  raise 'Invalid IP range specified' if (from_ip..to_ip).to_a.size.zero?
  @excluded_scan_targets[:addresses].reject! { |t| t.eql? IPRange.new(from, to) }
rescue ArgumentError => e
  raise "#{e.message} in given IP range"
end

#remove_included_asset(asset) ⇒ Object

Remove an asset to this site included scan targets, resolving whether an IP or hostname is provided.

Parameters:

  • asset (String)

    Identifier of an asset, either IP or host name.



278
279
280
# File 'lib/nexpose/site.rb', line 278

def remove_included_asset(asset)
  @included_scan_targets[:addresses].reject! { |existing_asset| existing_asset == HostOrIP.convert(asset) }
end

#remove_included_asset_group(asset_group_id) ⇒ Object

Adds an asset group ID to this site included scan targets.

Parameters:

  • asset_group_id (Integer)

    Identifier of an assetGroupID.



341
342
343
344
# File 'lib/nexpose/site.rb', line 341

def remove_included_asset_group(asset_group_id)
  validate_asset_group(asset_group_id)
  @included_scan_targets[:asset_groups].reject! { |t| t.eql? asset_group_id.to_i }
end

#remove_included_ip_range(from, to) ⇒ Object

Remove assets to this site by IP address range.

Parameters:

  • from (String)

    Beginning IP address of a range.

  • to (String)

    Ending IP address of a range.



254
255
256
257
258
259
260
261
262
# File 'lib/nexpose/site.rb', line 254

def remove_included_ip_range(from, to)
  from_ip = IPAddr.new(from)
  to_ip   = IPAddr.new(to)
  (from_ip..to_ip)
  raise 'Invalid IP range specified' if (from_ip..to_ip).to_a.size.zero?
  @included_scan_targets[:addresses].reject! { |t| t.eql? IPRange.new(from, to) }
rescue ArgumentError => e
  raise "#{e.message} in given IP range"
end

#remove_user(user_id) ⇒ Object



382
383
384
385
386
387
388
# File 'lib/nexpose/site.rb', line 382

def remove_user(user_id)
  unless user_id.is_a?(Numeric) && user_id > 0
    raise 'Invalid user id. A user id must be a positive number and refer to an existing system user.'
  end

  @users.delete_if { |h| h[:id] == user_id }
end

#save(connection) ⇒ Fixnum

Saves this site to a Nexpose console. If the site is dynamic, connection and asset filter changes must be saved through the DiscoveryConnection#update_site call.

Parameters:

  • connection (Connection)

    Connection to console where this site will be saved.

Returns:

  • (Fixnum)

    Site ID assigned to this configuration, if successful.



510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
# File 'lib/nexpose/site.rb', line 510

def save(connection)
  new_site = @id == -1

  if new_site
    resp = AJAX.post(connection, '/api/2.1/site_configurations/', to_json, AJAX::CONTENT_TYPE::JSON)
    @id = resp.to_i
  else
    AJAX.put(connection, "/api/2.1/site_configurations/#{@id}", to_json, AJAX::CONTENT_TYPE::JSON)
  end

  # Retrieve the scan engine and shared credentials and add them to the site configuration
  site_config         = Site.load(connection, @id)
  @engine_id          = site_config.engine_id
  @shared_credentials = site_config.shared_credentials
  @alerts             = site_config.alerts

  @id
end

#scan(connection, sync_id = nil, blackout_override = false) ⇒ Scan

Scan this site.

Parameters:

  • connection (Connection)

    Connection to console where scan will be launched.

  • sync_id (String) (defaults to: nil)

    Optional synchronization token.

  • blackout_override (Boolean) (defaults to: false)

    Optional. Given suffencent permissions, force bypass blackout and start scan.

Returns:

  • (Scan)

    Scan launch information.



546
547
548
549
550
551
552
553
554
555
# File 'lib/nexpose/site.rb', line 546

def scan(connection, sync_id = nil, blackout_override = false)
  xml = REXML::Element.new('SiteScanRequest')
  xml.add_attributes({ 'session-id' => connection.session_id,
                       'site-id' => @id,
                       'sync-id' => sync_id })

  xml.add_attributes({ 'force' => true }) if blackout_override
  response = connection.execute(xml, '1.1', timeout: connection.timeout)
  Scan.parse(response.res) if response.success
end

#to_hObject



414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
# File 'lib/nexpose/site.rb', line 414

def to_h
  included_scan_targets = { addresses: @included_scan_targets[:addresses].compact,
                            asset_groups: @included_scan_targets[:asset_groups].compact }
  excluded_scan_targets = { addresses: @excluded_scan_targets[:addresses].compact,
                            asset_groups: @excluded_scan_targets[:asset_groups].compact }
  hash = { id: @id,
           name: @name,
           description: @description,
           auto_engine_selection_enabled: @auto_engine_selection_enabled,
           included_scan_targets: included_scan_targets,
           excluded_scan_targets: excluded_scan_targets,
           engine_id: @engine_id,
           scan_template_id: @scan_template_id,
           risk_factor: @risk_factor,
           schedules: (@schedules || []).map(&:to_h),
           shared_credentials: (@shared_credentials || []).map(&:to_h),
           site_credentials: (@site_credentials || []).map(&:to_h),
           web_credentials: (@web_credentials || []).map(&:to_h),
           discovery_config: @discovery_config.to_h,
           search_criteria: @search_criteria.to_h,
           tags: (@tags || []).map(&:to_h),
           alerts: (@alerts || []).map(&:to_h),
           organization: @organization.to_h,
           users: users }
  # @TODO: Revisit this for 2.0.0 update
  # Only pass in blackouts if they were actually specified (for backwards compatibility)
  hash[:blackouts] = @blackouts.map(&:to_h) if @blackouts && @blackouts.any?

  hash
end

#to_jsonObject



410
411
412
# File 'lib/nexpose/site.rb', line 410

def to_json
  JSON.generate(to_h)
end

#validate_asset_group(asset_group_id) ⇒ Object



364
365
366
367
368
369
370
371
372
# File 'lib/nexpose/site.rb', line 364

def validate_asset_group(asset_group_id)
  begin
    Integer(asset_group_id)
  rescue ArgumentError => e
    raise "Invalid asset_group id. #{e.message}"
  end

  raise 'Invalid asset_group id. Must be positive number.' if asset_group_id.to_i < 1
end