inspec/lib/bundles/inspec-compliance/http.rb
Dominik Richter a0e8be2568 bugfix: non-url servers with compliance login
Non-url URIs may have lead to broader crashes than initially fixed. Overwrite all URL resolvers in the plugin to work with these non-schema URLs.

Fixes #1473

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 12:04:21 -04:00

89 lines
2.4 KiB
Ruby

# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
require 'net/http'
require 'uri'
module Compliance
# implements a simple http abstraction on top of Net::HTTP
class HTTP
# generic get requires
def self.get(url, headers = nil, insecure)
uri = _parse_url(url)
req = Net::HTTP::Get.new(uri.path)
if !headers.nil?
headers.each do |key, value|
req.add_field(key, value)
end
end
send_request(uri, req, insecure)
end
# generic post request
def self.post(url, token, insecure, basic_auth = false)
# form request
uri = _parse_url(url)
req = Net::HTTP::Post.new(uri.path)
if basic_auth
req.basic_auth token, ''
else
req['Authorization'] = "Bearer #{token}"
end
req.form_data={}
send_request(uri, req, insecure)
end
# post a file
def self.post_file(url, headers, file_path, insecure)
uri = _parse_url(url)
raise "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
http = Net::HTTP.new(uri.host, uri.port)
# set connection flags
http.use_ssl = (uri.scheme == 'https')
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure
req = Net::HTTP::Post.new(uri.path)
headers.each do |key, value|
req.add_field(key, value)
end
req.body_stream=File.open(file_path, 'rb')
req.add_field('Content-Length', File.size(file_path))
req.add_field('Content-Type', 'application/x-gtar')
boundary = 'INSPEC-PROFILE-UPLOAD'
req.add_field('session', boundary)
res=http.request(req)
res
end
# sends a http requests
def self.send_request(uri, req, insecure)
opts = {
use_ssl: uri.scheme == 'https',
}
opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if insecure
raise "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?
res = Net::HTTP.start(uri.host, uri.port, opts) { |http|
http.request(req)
}
res
rescue OpenSSL::SSL::SSLError => e
raise e unless e.message.include? 'certificate verify failed'
puts "Error: Failed to connect to #{uri}."
puts 'If the server uses a self-signed certificate, please re-run the login command with the --insecure option.'
exit 1
end
def self._parse_url(url)
url = "https://#{url}" if URI.parse(url).scheme.nil?
URI.parse(url)
end
end
end