Merge pull request #25 from watson-developer-cloud/feature-asoc

Application Security On Cloud

Author: mediumTaj

.travis.yml

@@ -1,5 +1,6 @@
 language: ruby
 cache: bundler
+dist: trusty
 sudo: required
 
 rvm:
@@ -18,9 +19,12 @@ install:
   - npm install -g semantic-release
   - npm install -g @semantic-release/exec
   - bundle install
-
+  - 'if [ "${TRAVIS_TAG}" = "${TRAVIS_BRANCH}" ]; then cd appscan; make asoc-tool; cd ../; fi'
+before_script:
+- 'if [ "${TRAVIS_TAG}" = "${TRAVIS_BRANCH}" ]; then chmod a+x ./appscan/ASOC.sh; fi'
 script:
 - bundle exec rake
+- 'if [ "${TRAVIS_TAG}" = "${TRAVIS_BRANCH}" ]; then ./appscan/ASOC.sh; fi'
 
 before_deploy:
   - bundle exec rake test:appveyor_status

README.md

@@ -6,6 +6,7 @@
 [![codecov.io](https://codecov.io/github/watson-developer-cloud/ruby-sdk/coverage.svg)](https://codecov.io/github/watson-developer-cloud/ruby-sdk)
 [![Gem Version](https://badge.fury.io/rb/ibm_watson.svg)](https://badge.fury.io/rb/ibm_watson)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
+[![CLA assistant](https://cla-assistant.io/readme/badge/watson-developer-cloud/ruby-sdk)](https://cla-assistant.io/watson-developer-cloud/ruby-sdk)
 
 Ruby gem to quickly get started with the various [IBM Watson][wdc] services.
 

appscan/ASOC.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+cd appscan
+make generate-irx
+make upload-file
+make run-scan
+cd ../

appscan/Configfile

@@ -0,0 +1,19 @@
+# URLs to the CISO APIs
+LOGIN_URL ?= 'https://appscan.ibmcloud.com/api/V2/Account/ApiKeyLogin'
+UPLOAD_URL ?= 'https://appscan.ibmcloud.com/api/v2/FileUpload'
+GET_APP_URL ?= 'https://appscan.ibmcloud.com/api/V2/Apps?$$$$filter=Name%20eq%20'
+STATIC_SCAN_URL ?= 'https://appscan.ibmcloud.com/api/v2/Scans/StaticAnalyzer'
+CREATE_APP_URL ?= 'https://appscan.ibmcloud.com/api/V2/Apps'
+GET_ASSET_GROUP_URL ?= 'https://appscan.ibmcloud.com/api/V2/AssetGroups'
+
+APPSCAN_CLIENT_URL ?= https://appscan.ibmcloud.com/api/SCX/StaticAnalyzer/SAClientUtil?os=
+OS ?= linux
+APPSCAN_TOOL := $(APPSCAN_CLIENT_URL)$(OS)
+
+GIT_REPO ?= [email protected]:watson-developer-cloud/ruby-sdk.git
+
+PROJECT_NAME ?= ruby-sdk
+
+# Headers added to curl command
+CONTENT_HEADER_JSON := --header 'Content-Type: application/json'
+ACCEPT_HEADER_JSON := --header 'Accept: application/json'

appscan/Makefile

@@ -0,0 +1,69 @@
+include Configfile
+
+# This will configure a 32-bit architecture on top of a 64-bit linux machine
+config-arch:
+	sudo dpkg --add-architecture i386
+	sudo apt-get update
+	sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386
+
+# Gets the ASoC Client Tool and configures it
+asoc-tool: config-arch
+	$(eval DIR := $(shell pwd))
+	curl -o $(HOME)/client.zip $(APPSCAN_TOOL)
+	mkdir $(HOME)/client ; mkdir $(HOME)/tool
+	unzip -qq $(HOME)/client.zip -d $(HOME)/client
+	cd $(HOME)/client ; ls | xargs -I {} sh -c "cp -r {}/* $(HOME)/tool"
+	rm -rf client
+
+# Clone repo
+clone-repo:
+	git clone $(GIT_REPO)
+
+# Generates the irx file for icp-cert-manager
+generate-irx:
+	cd $(TRAVIS_BUILD_DIR)
+	$(HOME)/tool/bin/appscan.sh prepare -oso
+
+# Login to the AppScan API
+api-login:
+	curl -o $(HOME)/token.json -X POST $(CONTENT_HEADER_JSON) $(ACCEPT_HEADER_JSON) -d '{"KeyId":"$(ASOC_APIKEY)", "KeySecret":"$(ASOC_SECRET)"}' $(LOGIN_URL)
+
+# Uploads the irx file to the AppScan API
+upload-file: api-login
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+	$(eval FILE := fileToUpload=@$(shell pwd)/$(notdir $(shell find $(pwd) -maxdepth 2 -name '*.irx' -print)))
+	
+	curl -o $(HOME)/file.json -X POST --header 'Content-Type: multipart/form-data' $(ACCEPT_HEADER_JSON) $(AUTH) -F $(FILE) $(UPLOAD_URL)
+
+# Checks to see if Cert-Manager-Application already exists.
+# TODO: Error with the url, will come back to this later.
+get-app:
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+	$(eval URL := $(GET_APP_URL)'$(APP_NAME)''')
+
+	curl -X GET $(ACCEPT_HEADER_JSON) $(AUTH) $(URL)
+
+# Assume we have an existing application, then we'll simply run the static scan
+run-scan:
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+	$(eval FILE_ID := "$(shell python getJson.py $(HOME)/file.json "FileId")")
+	$(eval APP_ID := "$(shell python getJson.py app.json "Id")")
+
+	curl -X POST $(CONTENT_HEADER_JSON) $(ACCEPT_HEADER_JSON) $(AUTH) -d '{"ARSAFileId": $(FILE_ID), "ApplicationFileId": $(FILE_ID), "ScanName": "$(TRAVIS_TAG):$(TRAVIS_JOB_NUMBER):$(TRAVIS_COMMIT)", "EnableMailNotification": false, "Locale": "en-US", "AppId": $(APP_ID), "Execute": true, "Personal": false}' $(STATIC_SCAN_URL)
+
+get-asset-group:
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+
+	curl -o asset.json -X GET $(ACCEPT_HEADER_JSON) $(AUTH) $(GET_ASSET_GROUP_URL)
+
+# Create the application only if the application doesn't already exist.
+create-app: get-asset-group
+	$(eval ASSET_GROUP_ID := "$(shell python getJson.py asset.json "Id")")
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+
+	curl -o app.json -X POST $(CONTENT_HEADER_JSON) $(ACCEPT_HEADER_JSON) $(AUTH) -d '{"Name": $(APP_NAME), "AssetGroupId": $(ASSET_GROUP_ID), "BusinessImpact": "Unspecified"}' $(CREATE_APP_URL)

appscan/app.json

@@ -0,0 +1,42 @@
+{
+    "Id": "121195cc-ce37-41e9-83ff-9b730d7ae969",
+    "AssetGroupName": "IBM Watson and Cloud Platform",
+    "DateCreated": null,
+    "LastUpdated": null,
+    "LastComment": null,
+    "RiskRating": "Unknown",
+    "CreatedBy": null,
+    "CriticalIssues": 0,
+    "HighIssues": 0,
+    "MediumIssues": 0,
+    "LowIssues": 0,
+    "IssuesInProgress": 0,
+    "MaxSeverity": "Undetermined",
+    "RR_MaxSeverity": 0,
+    "NewIssues": 0,
+    "OpenIssues": 0,
+    "TotalIssues": 0,
+    "OverallCompliance": null,
+    "ComplianceStatuses": [],
+    "CanBeDeleted": true,
+    "LockedToSubscription": false,
+    "Name": "Watson Ruby SDK",
+    "AssetGroupId": null,
+    "BusinessImpact": "Unspecified",
+    "Url": null,
+    "Description": null,
+    "BusinessUnit": null,
+    "Type": null,
+    "Technology": null,
+    "TestingStatus": "NotStarted",
+    "Hosts": null,
+    "CollateralDamagePotential": "NotDefined",
+    "TargetDistribution": "NotDefined",
+    "ConfidentialityRequirement": "NotDefined",
+    "IntegrityRequirement": "NotDefined",
+    "AvailabilityRequirement": "NotDefined",
+    "Tester": null,
+    "BusinessOwner": null,
+    "DevelopmentContact": null,
+    "PreferredOfferingType": "None"
+  }

appscan/getJson.py

@@ -0,0 +1,22 @@
+import json
+import sys
+
+def main():
+    data = load_data()
+    printFields(data)
+
+def load_data():
+    data = ""
+    filename = sys.argv[1]
+    with open(filename, "r") as read:
+        data = json.load(read)
+    if isinstance(data, list):
+        data = data[0]
+    return data
+
+def printFields(data):
+    fields = sys.argv[2:]
+    for i in fields:
+        print(data[i])
+
+main()