Class: Sectest

Inherits:

Thor

Object
Thor
Sectest

show all

Includes:: Thor::Actions

Defined in:: lib/norad_cli/cli/sectest.rb

Class Method Summary collapse

.load_manifest(sectest_name) ⇒ Object

Loads a manifest file depending on the command rubocop:disable Style/GuardClause.
.source_root ⇒ Object

Instance Method Summary collapse

#build ⇒ Object
#execute(sectest_name) ⇒ Object
#initialize(*args) ⇒ Sectest constructor

rubocop:enable Style/GuardClause.
#scaffold(sectest_name) ⇒ Object
#seed ⇒ Object
#spec ⇒ Object
#validate ⇒ Object

Constructor Details

#initialize(*args) ⇒ `Sectest`

rubocop:enable Style/GuardClause

# File 'lib/norad_cli/cli/sectest.rb', line 58

def initialize(*args)
  super

  # Check if the command is being run from the repository root (all commands must be)
  root_dir?
end

Class Method Details

.load_manifest(sectest_name) ⇒ `Object`

Loads a manifest file depending on the command rubocop:disable Style/GuardClause

# File 'lib/norad_cli/cli/sectest.rb', line 33

def self.load_manifest(sectest_name)
  @@sectest_manifest = {}

  # Set defaults just in case no manifest.yml to overwrite
  @@sectest_manifest['registry'] = 'norad-registry.cisco.com:5000'
  @@sectest_manifest['version'] = 'latest'

  # Dynamically add options and description based on the needs of the sectest container
  if %w(build build:all build:image build:specs execute).include?(ARGV[1]) && sectest_name && !sectest_name.start_with?('-', '--')
    # Read in the program arguments
    if File.exist?("sectests/#{sectest_name}/manifest.yml")
      @@sectest_manifest = YAML.safe_load(File.read("sectests/#{sectest_name}/manifest.yml"))

      # Precautionary, remove all leading and trailing whitespace
      @@sectest_manifest['registry'].strip!
      @@sectest_manifest['version'].strip!
    else
      puts Rainbow("Error: #{sectest_name} sectest does not exist or it is missing sectests/#{sectest_name}/manifest.yml").red
      puts Rainbow('Exiting...').red
      exit(1)
    end
  end
end

.source_root ⇒ `Object`



27
28
29

# File 'lib/norad_cli/cli/sectest.rb', line 27

def self.source_root
  File.join(File.dirname(File.expand_path(__FILE__)), '../templates/')
end

Instance Method Details

#build ⇒ `Object`

# File 'lib/norad_cli/cli/sectest.rb', line 113

def build
  # Error check to ensure this is a plugin directory
  Dir.glob('sectests/*').select do |f|
    # Skip if the entry is not a directory
    next if !File.directory? f

    # Grab the name of the sectest
    sectest_name = f.split('/')[-1]

    # Load the manifest for the sectest
    Sectest.load_manifest(sectest_name)

    # Build all for the sectest
    send('build:all', sectest_name)
  end
end

#execute(sectest_name) ⇒ `Object`

# File 'lib/norad_cli/cli/sectest.rb', line 216

def execute(sectest_name)
  # Warn users if debugging is enabled
  say('Warning: Debug enabled: containers must be removed manually', :yellow) && sleep(2) if options['debug']

  # Ensure the results server is built by building the images specs (code reuse)
  send('build:specs', sectest_name)

  # Build the sectest image if necessary
  send('build:image', sectest_name)

  # Allocate an instance of the sectest
  sectest_instance = NoradCli::SecTestContainer.new(ARGV[2], @@sectest_manifest['registry'],
                                                    @@sectest_manifest['version'], options)

  # Start the test
  sectest_instance.start

  # Print any debugging
  sectest_instance.output(options[:target]) if options[:debug]

  # Get the results
  results = sectest_instance.results

  say('Results are:', :green)
  formatted_results = options[:format] ? JSON.pretty_generate(JSON.parse(results)) : results
  puts formatted_results

  # Cleanup the sectest container
  sectest_instance.shutdown

  # Warn users if debugging is enabled
  say('Warning: Debug enabled: containers must be removed manually', :yellow) if options['debug']
end

#scaffold(sectest_name) ⇒ `Object`

# File 'lib/norad_cli/cli/sectest.rb', line 75

def scaffold(sectest_name)
  # Grab the current directory
  repo_dir = Dir.pwd

  # Check for valid test types
  if !%w(authenticated web_application brute_force ssl_crypto ssh_crypto whole_host).include?(options[:test_type])
    say("#{options[:test_type]} is not a supported test type", :red)
    say('Exiting...', :red)
    exit(1)
  end

  # Set options for templates
  options[:name] = sectest_name
  options[:spec_class_name] = sectest_name.split('-').map { |t| t =~ /\d+/ ? t : t.capitalize! }.join

  # Error check to ensure this is a norad security test repository

  # Create the security tests standard files
  template('tool/Dockerfile.erb', "#{repo_dir}/sectests/#{sectest_name}/Dockerfile")
  template('tool/README.md.erb', "#{repo_dir}/sectests/#{sectest_name}/README.md")
  template('tool/manifest.yml.erb', "#{repo_dir}/sectests/#{sectest_name}/manifest.yml")

  # Create a starter wrapper script
  template('tool/wrapper.rb.erb', "#{repo_dir}/sectests/#{sectest_name}/#{sectest_name}-wrapper.rb")

  # Create the spec files
  template('tool/tool_spec.rb.erb', "#{repo_dir}/spec/#{sectest_name}/#{sectest_name}_spec.rb")
  if options[:test_type] == 'authenticated'
    template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.secure")
    template('tool/Dockerfile.auth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.vulnerable")
  else
    template('tool/Dockerfile.unauth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.secure")
    template('tool/Dockerfile.unauth.target.erb', "#{repo_dir}/spec/#{sectest_name}/targets/Dockerfile.vulnerable")
  end
end

#seed ⇒ `Object`

# File 'lib/norad_cli/cli/sectest.rb', line 294

def seed
  # Generate the seed file
  SeedGenerator.process_manifests(options[:seedfile], options[:docsite])
end

#spec ⇒ `Object`

# File 'lib/norad_cli/cli/sectest.rb', line 281

def spec
  # Error check to ensure this is a plugin directory
  Dir.glob('sectests/*').select do |f|
    if File.directory? f
      # Build all for the sectest
      send('spec:image', f.split('/')[-1])
    end
  end
end

#validate ⇒ `Object`

# File 'lib/norad_cli/cli/sectest.rb', line 312

def validate
  # Error check to ensure this is a plugin directory
  Dir.glob('sectests/*').select do |f|
    if File.directory? f
      # Validate manifest and readme for the sectest
      send('validate:image', f.split('/')[-1])
    end
  end
end

Class: Sectest

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(*args) ⇒ Sectest

Class Method Details

.load_manifest(sectest_name) ⇒ Object

.source_root ⇒ Object

Instance Method Details

#build ⇒ Object

#execute(sectest_name) ⇒ Object

#scaffold(sectest_name) ⇒ Object

#seed ⇒ Object

#spec ⇒ Object

#validate ⇒ Object

#initialize(*args) ⇒ `Sectest`

.load_manifest(sectest_name) ⇒ `Object`

.source_root ⇒ `Object`

#build ⇒ `Object`

#execute(sectest_name) ⇒ `Object`

#scaffold(sectest_name) ⇒ `Object`

#seed ⇒ `Object`

#spec ⇒ `Object`

#validate ⇒ `Object`