Class: Sectest

Inherits:
Thor
  • Object
show all
Includes:
Thor::Actions
Defined in:
lib/norad_cli/cli/sectest.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(*args) ⇒ Sectest

rubocop:enable Style/GuardClause



53
54
55
56
57
58
 
# File 'lib/norad_cli/cli/sectest.rb', line 53

def initialize(*args)
  super

  # Check if the command is being run from the repository root (all commands must be)
  root_dir?
end

Class Method Details

.load_manifestObject

Loads a manifest file depending on the command rubocop:disable Style/GuardClause



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/norad_cli/cli/sectest.rb', line 32

def self.load_manifest
  @sectest_manifest = {}

  # Set defaults just in case no manifest.yml to overwrite
  @sectest_manifest['registry'] = 'norad-registry.cisco.com:5000'
  @sectest_manifest['version'] = 'latest'

  # Dynamically add options and description based on the needs of the sectest container
  if %w(build build:all build:image build:specs execute).include?(ARGV[1]) && ARGV[2] && !ARGV[2].start_with?('-', '--')
    # Read in the program arguments
    if File.exist?("sectests/#{ARGV[2]}/manifest.yml")
      @sectest_manifest = YAML.safe_load(File.read("sectests/#{ARGV[2]}/manifest.yml"))
    else
      puts Rainbow("Error: #{ARGV[2]} sectest does not exist or it is missing sectests/#{ARGV[2]}/manifest.yml").red
      puts Rainbow('Exiting...').red
      exit(1)
    end
  end
end

.source_rootObject 



26
27
28
 
# File 'lib/norad_cli/cli/sectest.rb', line 26

def self.source_root
  File.join(File.dirname(File.expand_path(__FILE__)), '../templates/')
end

Instance Method Details

#buildObject 



110
111
112
113
114
115
116
117
118
 
# File 'lib/norad_cli/cli/sectest.rb', line 110

def build
  # Error check to ensure this is a plugin directory
  Dir.glob('sectests/*').select do |f|
    if File.directory? f
      # Build all for the sectest
      send('build:all', f.split('/')[-1])
    end
  end
end

#execute(sectest_name) ⇒ Object 



214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
 
# File 'lib/norad_cli/cli/sectest.rb', line 214

def execute(sectest_name)
  # Ensure the results server is built by building the images specs (code reuse)
  send('build:specs', sectest_name)

  # Build the sectest image if necessary
  send('build:image', sectest_name)

  # Allocate an instance of the sectest
  sectest_instance = NoradCli::SecTestContainer.new(ARGV[2], options)

  # Start the test
  sectest_instance.start

  # Print any debugging
  sectest_instance.output(options[:target]) if options[:debug]

  # Get the results
  results = sectest_instance.results

  say('Results are:', :green)
  formatted_results = options[:format] ? JSON.pretty_generate(JSON.parse(results)) : results
  puts formatted_results

  # Cleanup the sectest container
  sectest_instance.shutdown
end

#scaffold(sectest_name) ⇒ Object 



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/norad_cli/cli/sectest.rb', line 70

def scaffold(sectest_name)
  # Grab the current directory
  repo_dir = Dir.pwd

  # Check for valid test types
  if !%w(authenticated web_application brute_force ssl_crypto ssh_crypto whole_host).include?(options[:test_type])
    say("#{options[:test_type]} is not a supported test type", :red)
    say('Exiting...', :red)
    exit(1)
  end

  # Set options for templates
  options[:name] = sectest_name
  options[:spec_class_name] = sectest_name.split('-').map { |t| t =~ /\d+/ ? t : t.capitalize! }.join

  # Error check to ensure this is a norad security test repository

  # Create the security tests standard files
  template('tool/Dockerfile.erb', "#{repo_dir}/sectests/#{sectest_name}/Dockerfile")
  template('tool/README.md.erb', "#{repo_dir}/sectests/#{sectest_name}/README.md")
  template('tool/manifest.yml.erb', "#{repo_dir}/sectests/#{sectest_name}/manifest.yml")

  # Create a starter wrapper script
  template('tool/wrapper.rb.erb', "#{repo_dir}/sectests/#{sectest_name}/#{sectest_name}-wrapper.rb")

  # Create the spec files
  template('tool/tool_spec.rb.erb', "#{repo_dir}/spec/#{sectest_name}/#{sectest_name}_spec.rb")
  if options[:test_type] == 'authenticated'
    template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.secure")
    template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.vulnerable")
  else
    template('tool/Dockerfile.unauth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.secure")
    template('tool/Dockerfile.unauth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.vulnerable")
  end
end

#seedObject 



285
286
287
288
 
# File 'lib/norad_cli/cli/sectest.rb', line 285

def seed
  # Generate the seed file
  SeedGenerator.process_manifests(options[:seedfile], options[:docsite])
end

#specObject 



272
273
274
275
276
277
278
279
280
 
# File 'lib/norad_cli/cli/sectest.rb', line 272

def spec
  # Error check to ensure this is a plugin directory
  Dir.glob('sectests/*').select do |f|
    if File.directory? f
      # Build all for the sectest
      send('spec:image', f.split('/')[-1])
    end
  end
end

#validateObject 



303
304
305
306
307
308
309
310
311
 
# File 'lib/norad_cli/cli/sectest.rb', line 303

def validate
  # Error check to ensure this is a plugin directory
  Dir.glob('sectests/*').select do |f|
    if File.directory? f
      # Validate manifest and readme for the sectest
      send('validate:image', f.split('/')[-1])
    end
  end
end