Class: Sectest

Inherits:
Thor
  • Object
show all
Includes:
Thor::Actions
Defined in:
lib/norad_cli/cli/sectest.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.source_rootObject 



11
12
13
 
# File 'lib/norad_cli/cli/sectest.rb', line 11

def self.source_root
  File.join(File.dirname(File.expand_path(__FILE__)), '../templates/')
end

Instance Method Details

#build(name) ⇒ Object 



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/norad_cli/cli/sectest.rb', line 55

def build(name)
  imgs_to_build = {}
  imgs_to_build[name.to_s] = "#{options[:registry]}/#{name}:#{options[:version]}"

  # Check for the Dockerfile
  if !dockerfile?(imgs_to_build.keys[0])
    say("Missing #{imgs_to_build.keys[0]}/Dockerfile", :red)
    exit(1)
  end

  # Determine if base image needs to be built
  base_img = extract_base_img(imgs_to_build.keys[0])
  while dockerfile?("base/#{base_img[0]}")
    imgs_to_build["base/#{base_img[0]}"] = base_img[1]
    base_img = extract_base_img(imgs_to_build.keys[-1])
  end

  # Build the images in reverse (Note: Hashes enumerate their values in insertion order.)
  Docker.options[:read_timeout] = 36_000
  imgs_to_build.keys.reverse_each do |img_dir|
    say("Building image #{img_dir}...", :green)
    Docker::Image.build_from_dir(img_dir, t: imgs_to_build[img_dir]) do |v|
      $stdout.puts v
    end
  end
end

#execute(name, arguments) ⇒ Object 



127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
 
# File 'lib/norad_cli/cli/sectest.rb', line 127

def execute(name, arguments)
  # Ensure container exists
  if !Docker::Image.exist?("#{options[:registry]}/#{name}:#{options[:version]}")
    say("Requested image #{options[:registry]}/#{name}:#{options[:version]} does not exist!", :red)
    exit(1)
  end

  # Setup and run the container
  env = ['NORAD_ROOT=', %(ASSESSMENT_PATHS=[{"id":"1", "assessment": "1"}]), 'NORAD_SECRET=1234']
  container = Docker::Container.create(Image: "#{options[:registry]}/#{name}:#{options[:version]}",
                                       Env: env,
                                       Cmd: arguments)

  # Start the container, watch stdout
  container.tap(&:start).attach { |stream, chunk| puts "#{stream}: #{chunk}" }
end

#scaffold(sectest_name) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/norad_cli/cli/sectest.rb', line 22

def scaffold(sectest_name)
  # Grab the current directory
  repo_dir = Dir.pwd

  # Set options for templates
  options[:name] = sectest_name
  options[:spec_class_name] = sectest_name.split('-').map { |t| t =~ /\d+/ ? t : t.capitalize! }.join

  # Error check to ensure this is a norad security test repository

  # Create the security tests standard files
  template('tool/Dockerfile.erb', "#{repo_dir}/#{sectest_name}/Dockerfile")
  template('tool/README.md.erb', "#{repo_dir}/#{sectest_name}/README.md")
  template('tool/manifest.yml.erb', "#{repo_dir}/#{sectest_name}/manifest.yml")

  # Create a starter wrapper script
  template('tool/wrapper.rb.erb', "#{repo_dir}/#{sectest_name}/#{sectest_name}-wrapper.rb")

  # Create the spec files
  template('tool/tool_spec.rb.erb', "#{repo_dir}/spec/#{sectest_name}/#{sectest_name}_spec.rb")
  if options[:authenticated]
    template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.secure")
    template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.vulnerable")
  else
    template('tool/Dockerfile.unauth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.secure")
    template('tool/Dockerfile.unauth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.vulnerable")
  end
end

#seedObject 



161
162
163
164
165
166
 
# File 'lib/norad_cli/cli/sectest.rb', line 161

def seed
  # Error check to ensure this is a plugin directory

  # Generate the seed file
  SeedGenerator.process_manifests(options[:seedfile], options[:docsite])
end