class InspecPlugins::Compliance::HTTP

implements a simple http abstraction on top of Net::HTTP

Public Class Methods

_parse_url(url) click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb, line 111
def self._parse_url(url)
  url = "https://#{url}" if URI.parse(url).scheme.nil?
  URI.parse(url)
end
get(url, headers = nil, insecure) click to toggle source

generic get requires

# File lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb, line 10
def self.get(url, headers = nil, insecure)
  uri = _parse_url(url)
  req = Net::HTTP::Get.new(uri.path)
  headers&.each do |key, value|
    req.add_field(key, value)
  end
  send_request(uri, req, insecure)
end
post(url, token, insecure, basic_auth = false) click to toggle source

generic post request

# File lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb, line 20
def self.post(url, token, insecure, basic_auth = false)
  # form request
  uri = _parse_url(url)
  req = Net::HTTP::Post.new(uri.path)
  if basic_auth
    req.basic_auth token, ""
  else
    req["Authorization"] = "Bearer #{token}"
  end
  req.form_data = {}

  send_request(uri, req, insecure)
end
post_file(url, headers, file_path, insecure) click to toggle source

post a file

# File lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb, line 45
def self.post_file(url, headers, file_path, insecure)
  uri = _parse_url(url)
  raise "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?

  http = Net::HTTP.new(uri.host, uri.port)

  # set connection flags
  http.use_ssl = (uri.scheme == "https")
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure

  req = Net::HTTP::Post.new(uri.path)
  headers.each do |key, value|
    req.add_field(key, value)
  end

  req.body_stream = File.open(file_path, "rb")
  req.add_field("Content-Length", File.size(file_path))
  req.add_field("Content-Type", "application/x-gzip")

  boundary = "INSPEC-PROFILE-UPLOAD"
  req.add_field("session", boundary)
  res = http.request(req)
  res
end
post_multipart_file(url, headers, file_path, insecure) click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb, line 70
def self.post_multipart_file(url, headers, file_path, insecure)
  uri = _parse_url(url)
  raise "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?

  http = Net::HTTP.new(uri.host, uri.port)

  # set connection flags
  http.use_ssl = (uri.scheme == "https")
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure

  File.open(file_path) do |tar|
    req = Net::HTTP::Post::Multipart.new(uri, "file" => UploadIO.new(tar, "application/x-gzip", File.basename(file_path)))
    headers.each do |key, value|
      req.add_field(key, value)
    end
    res = http.request(req)
    return res
  end
end
post_with_headers(url, headers, body, insecure) click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb, line 34
def self.post_with_headers(url, headers, body, insecure)
  uri = _parse_url(url)
  req = Net::HTTP::Post.new(uri.path)
  req.body = body unless body.nil?
  headers&.each do |key, value|
    req.add_field(key, value)
  end
  send_request(uri, req, insecure)
end
send_request(uri, req, insecure) click to toggle source

sends a http requests

# File lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb, line 91
def self.send_request(uri, req, insecure)
  opts = {
    use_ssl: uri.scheme == "https",
  }
  opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if insecure

  raise "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?

  res = Net::HTTP.start(uri.host, uri.port, opts) do |http|
    http.request(req)
  end
  res
rescue OpenSSL::SSL::SSLError => e
  raise e unless e.message.include? "certificate verify failed"

  puts "Error: Failed to connect to #{uri}."
  puts "If the server uses a self-signed certificate, please re-run the login command with the --insecure option."
  exit 1
end