RubyGems - abide_dev_utils - Versions diffs - 0.11.0 → 0.11.1 - Mend

abide_dev_utils 0.11.0 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -14
data/lib/abide_dev_utils/cem/benchmark.rb +330 -136
data/lib/abide_dev_utils/cem/generate/coverage_report.rb +380 -0
data/lib/abide_dev_utils/cem/generate/reference.rb +157 -33
data/lib/abide_dev_utils/cem/generate.rb +5 -4
data/lib/abide_dev_utils/cem/hiera_data/mapping_data/map_data.rb +110 -0
data/lib/abide_dev_utils/cem/hiera_data/mapping_data/mixins.rb +46 -0
data/lib/abide_dev_utils/cem/hiera_data/mapping_data.rb +146 -0
data/lib/abide_dev_utils/cem/hiera_data/resource_data/control.rb +127 -0
data/lib/abide_dev_utils/cem/hiera_data/resource_data/parameters.rb +90 -0
data/lib/abide_dev_utils/cem/hiera_data/resource_data/resource.rb +102 -0
data/lib/abide_dev_utils/cem/hiera_data/resource_data.rb +310 -0
data/lib/abide_dev_utils/cem/hiera_data.rb +7 -0
data/lib/abide_dev_utils/cem/mapping/mapper.rb +161 -34
data/lib/abide_dev_utils/cem/validate/resource_data.rb +33 -0
data/lib/abide_dev_utils/cem/validate.rb +10 -0
data/lib/abide_dev_utils/cem.rb +0 -1
data/lib/abide_dev_utils/cli/cem.rb +20 -2
data/lib/abide_dev_utils/dot_number_comparable.rb +75 -0
data/lib/abide_dev_utils/errors/cem.rb +10 -0
data/lib/abide_dev_utils/ppt/class_utils.rb +1 -1
data/lib/abide_dev_utils/ppt/code_gen/data_types.rb +51 -0
data/lib/abide_dev_utils/ppt/code_gen/generate.rb +15 -0
data/lib/abide_dev_utils/ppt/code_gen/resource.rb +59 -0
data/lib/abide_dev_utils/ppt/code_gen/resource_types/base.rb +93 -0
data/lib/abide_dev_utils/ppt/code_gen/resource_types/class.rb +17 -0
data/lib/abide_dev_utils/ppt/code_gen/resource_types/manifest.rb +16 -0
data/lib/abide_dev_utils/ppt/code_gen/resource_types/parameter.rb +16 -0
data/lib/abide_dev_utils/ppt/code_gen/resource_types/strings.rb +13 -0
data/lib/abide_dev_utils/ppt/code_gen/resource_types.rb +6 -0
data/lib/abide_dev_utils/ppt/code_gen.rb +15 -0
data/lib/abide_dev_utils/ppt/code_introspection.rb +102 -0
data/lib/abide_dev_utils/ppt/hiera.rb +4 -1
data/lib/abide_dev_utils/ppt/puppet_module.rb +2 -1
data/lib/abide_dev_utils/ppt.rb +3 -0
data/lib/abide_dev_utils/version.rb +1 -1
data/lib/abide_dev_utils/xccdf/parser/helpers.rb +146 -0
data/lib/abide_dev_utils/xccdf/parser/objects.rb +87 -144
data/lib/abide_dev_utils/xccdf/parser.rb +5 -0
data/lib/abide_dev_utils/xccdf/utils.rb +89 -0
data/lib/abide_dev_utils/xccdf.rb +3 -0
metadata +27 -3
data/lib/abide_dev_utils/cem/coverage_report.rb +0 -348

data/lib/abide_dev_utils/xccdf/utils.rb ADDED Viewed

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+require 'abide_dev_utils/validate'
+module AbideDevUtils
+  module XCCDF
+    module Utils
+      # Class for working with directories that contain XCCDF files
+      class FileDir
+        CIS_FILE_NAME_PARTS_PATTERN = /^CIS_(?<subject>[A-Za-z0-9._()-]+)_Benchmark_v(?<version>[0-9.]+)-xccdf$/.freeze
+        def initialize(path)
+          @path = File.expand_path(path)
+          AbideDevUtils::Validate.directory(@path)
+        end
+        def files
+          @files ||= Dir.glob(File.join(@path, '*-xccdf.xml')).map { |f| FileNameData.new(f) }
+        end
+        def fuzzy_find(label, value)
+          files.find { |f| f.fuzzy_match?(label, value) }
+        end
+        def fuzzy_select(label, value)
+          files.select { |f| f.fuzzy_match?(label, value) }
+        end
+        def fuzzy_reject(label, value)
+          files.reject { |f| f.fuzzy_match?(label, value) }
+        end
+        def label?(label)
+          files.select { |f| f.has?(label) }
+        end
+        def no_label?(label)
+          files.reject { |f| f.has?(label) }
+        end
+      end
+      # Parses XCCDF file names into labeled parts
+      class FileNameData
+        CIS_PATTERN = /^CIS_(?<subject>[A-Za-z0-9._()-]+?)(?<stig>_STIG)?_Benchmark_v(?<version>[0-9.]+)-xccdf$/.freeze
+        attr_reader :path, :name, :labeled_parts
+        def initialize(path)
+          @path = path
+          @name = File.basename(path, '.xml')
+          @labeled_parts = File.basename(name, '.xml').match(CIS_PATTERN)&.named_captures
+        end
+        def subject
+          @subject ||= labeled_parts&.fetch('subject', nil)
+        end
+        def stig
+          @stig ||= labeled_parts&.fetch('subject', nil)
+        end
+        def version
+          @version ||= labeled_parts&.fetch('version', nil)
+        end
+        def has?(label)
+          val = send(label.to_sym)
+          !val.nil? && !val.empty?
+        end
+        def fuzzy_match?(label, value)
+          return false unless has?(label)
+          this_val = normalize_char_array(send(label.to_sym).chars)
+          other_val = normalize_char_array(value.chars)
+          other_val.each_with_index do |c, idx|
+            return false unless this_val[idx] == c
+          end
+          true
+        end
+        private
+        def normalize_char_array(char_array)
+          char_array.grep_v(/[^A-Za-z0-9]/).map(&:downcase)[3..]
+        end
+      end
+    end
+  end
+end

data/lib/abide_dev_utils/xccdf.rb CHANGED Viewed

@@ -70,6 +70,7 @@ module AbideDevUtils
       CIS_LEVEL_CODE = /(?:_|^)([Ll]evel_[0-9]|[Ll]1|[Ll]2|[NnBb][GgLl]|#{CIS_NEXT_GEN_WINDOWS})/.freeze
       CIS_CONTROL_PARTS = /#{CIS_CONTROL_NUMBER}#{CIS_LEVEL_CODE}?_+([A-Za-z].*)/.freeze
       CIS_PROFILE_PARTS = /#{CIS_LEVEL_CODE}[_-]+([A-Za-z].*)/.freeze
+      STIG_PROFILE_PARTS = /(STIG)/.freeze
       def xpath(path)
         @xml.xpath(path)
@@ -119,6 +120,8 @@ module AbideDevUtils
       end
       def profile_parts(profile)
+        return ['STIG', ''] if profile == 'STIG'
         parts = control_profile_text(profile).match(CIS_PROFILE_PARTS)
         raise AbideDevUtils::Errors::ProfilePartsError, profile if parts.nil?

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: abide_dev_utils
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.11.1
 platform: ruby
 authors:
 - abide-team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-07-25 00:00:00.000000000 Z
+date: 2022-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -360,10 +360,20 @@ files:
 - lib/abide_dev_utils.rb
 - lib/abide_dev_utils/cem.rb
 - lib/abide_dev_utils/cem/benchmark.rb
-- lib/abide_dev_utils/cem/coverage_report.rb
 - lib/abide_dev_utils/cem/generate.rb
+- lib/abide_dev_utils/cem/generate/coverage_report.rb
 - lib/abide_dev_utils/cem/generate/reference.rb
+- lib/abide_dev_utils/cem/hiera_data.rb
+- lib/abide_dev_utils/cem/hiera_data/mapping_data.rb
+- lib/abide_dev_utils/cem/hiera_data/mapping_data/map_data.rb
+- lib/abide_dev_utils/cem/hiera_data/mapping_data/mixins.rb
+- lib/abide_dev_utils/cem/hiera_data/resource_data.rb
+- lib/abide_dev_utils/cem/hiera_data/resource_data/control.rb
+- lib/abide_dev_utils/cem/hiera_data/resource_data/parameters.rb
+- lib/abide_dev_utils/cem/hiera_data/resource_data/resource.rb
 - lib/abide_dev_utils/cem/mapping/mapper.rb
+- lib/abide_dev_utils/cem/validate.rb
+- lib/abide_dev_utils/cem/validate/resource_data.rb
 - lib/abide_dev_utils/cli.rb
 - lib/abide_dev_utils/cli/abstract.rb
 - lib/abide_dev_utils/cli/cem.rb
@@ -375,6 +385,7 @@ files:
 - lib/abide_dev_utils/comply.rb
 - lib/abide_dev_utils/config.rb
 - lib/abide_dev_utils/constants.rb
+- lib/abide_dev_utils/dot_number_comparable.rb
 - lib/abide_dev_utils/errors.rb
 - lib/abide_dev_utils/errors/base.rb
 - lib/abide_dev_utils/errors/cem.rb
@@ -393,6 +404,17 @@ files:
 - lib/abide_dev_utils/ppt.rb
 - lib/abide_dev_utils/ppt/api.rb
 - lib/abide_dev_utils/ppt/class_utils.rb
+- lib/abide_dev_utils/ppt/code_gen.rb
+- lib/abide_dev_utils/ppt/code_gen/data_types.rb
+- lib/abide_dev_utils/ppt/code_gen/generate.rb
+- lib/abide_dev_utils/ppt/code_gen/resource.rb
+- lib/abide_dev_utils/ppt/code_gen/resource_types.rb
+- lib/abide_dev_utils/ppt/code_gen/resource_types/base.rb
+- lib/abide_dev_utils/ppt/code_gen/resource_types/class.rb
+- lib/abide_dev_utils/ppt/code_gen/resource_types/manifest.rb
+- lib/abide_dev_utils/ppt/code_gen/resource_types/parameter.rb
+- lib/abide_dev_utils/ppt/code_gen/resource_types/strings.rb
+- lib/abide_dev_utils/ppt/code_introspection.rb
 - lib/abide_dev_utils/ppt/facter_utils.rb
 - lib/abide_dev_utils/ppt/hiera.rb
 - lib/abide_dev_utils/ppt/new_obj.rb
@@ -411,9 +433,11 @@ files:
 - lib/abide_dev_utils/xccdf/diff/benchmark/property_existence.rb
 - lib/abide_dev_utils/xccdf/diff/utils.rb
 - lib/abide_dev_utils/xccdf/parser.rb
+- lib/abide_dev_utils/xccdf/parser/helpers.rb
 - lib/abide_dev_utils/xccdf/parser/objects.rb
 - lib/abide_dev_utils/xccdf/parser/objects/digest_object.rb
 - lib/abide_dev_utils/xccdf/parser/objects/numbered_object.rb
+- lib/abide_dev_utils/xccdf/utils.rb
 - new_diff.rb
 homepage: https://github.com/puppetlabs/abide_dev_utils
 licenses:

data/lib/abide_dev_utils/cem/coverage_report.rb DELETED Viewed

@@ -1,348 +0,0 @@
-# frozen_string_literal: true
-require 'date'
-require 'json'
-require 'pathname'
-require 'yaml'
-require 'abide_dev_utils/ppt'
-require 'abide_dev_utils/validate'
-require 'abide_dev_utils/cem/benchmark'
-module AbideDevUtils
-  module CEM
-    # Methods and objects used to construct a report of what CEM enforces versus what
-    # the various compliance frameworks expect to be enforced.
-    module CoverageReport
-      # def self.generate(outfile: 'cem_coverage.yaml', **_filters)
-      #   pupmod = AbideDevUtils::Ppt::PuppetModule.new
-      #   # filter = Filter.new(pupmod, **filters)
-      #   benchmarks = AbideDevUtils::CEM::Benchmark.benchmarks_from_puppet_module(pupmod)
-      #   Report.new(benchmarks).generate(outfile: outfile)
-      # end
-      def self.basic_coverage(format_func: :to_yaml, ignore_benchmark_errors: false)
-        pupmod = AbideDevUtils::Ppt::PuppetModule.new
-        # filter = Filter.new(pupmod, **filters)
-        benchmarks = AbideDevUtils::CEM::Benchmark.benchmarks_from_puppet_module(pupmod,
-                                                                                 ignore_all_errors: ignore_benchmark_errors)
-        benchmarks.map do |b|
-          AbideDevUtils::CEM::CoverageReport::BenchmarkReport.new(b).basic_coverage.send(format_func)
-        end
-      end
-      class Filter
-        KEY_FACT_MAP = {
-          os_family: 'os.family',
-          os_name: 'os.name',
-          os_release_major: 'os.release.major',
-        }.freeze
-        attr_reader(*KEY_FACT_MAP.keys)
-        def initialize(pupmod, **filters)
-          @pupmod = pupmod
-          @benchmark = filters[:benchmark]
-          @profile = filters[:profile]
-          @level = filters[:level]
-          KEY_FACT_MAP.each_key do |k|
-            instance_variable_set "@#{k}", filters[k]
-          end
-        end
-        def resource_data
-          @resource_data ||= find_resource_data
-        end
-        def mapping_data
-          @mapping_data ||= find_mapping_data
-        end
-        private
-        def find_resource_data
-          fact_array = fact_array_for(:os_family, :os_name, :os_release_major)
-          @pupmod.hiera_conf.local_hiera_files_with_facts(*fact_array, hierarchy_name: 'Resource Data').map do |f|
-            YAML.load_file(f.path)
-          end
-        rescue NoMethodError
-          @pupmod.hiera_conf.local_hiera_files(hierarchy_name: 'Resource Data').map { |f| YAML.load_file(f.path) }
-        end
-        def find_mapping_data
-          fact_array = fact_array_for(:os_name, :os_release_major)
-          begin
-            data_array = @pupmod.hiera_conf.local_hiera_files_with_facts(*fact_array, hierarchy_name: 'Mapping Data').map do |f|
-              YAML.load_file(f.path)
-            end
-          rescue NoMethodError
-            data_array = @pupmod.hiera_conf.local_hiera_files(hierarchy_name: 'Mapping Data').map { |f| YAML.load_file(f.path) }
-          end
-          filter_mapping_data_array_by_benchmark!(data_array)
-          filter_mapping_data_array_by_profile!(data_array)
-          filter_mapping_data_array_by_level!(data_array)
-          data_array
-        end
-        def filter_mapping_data_array_by_benchmark!(data_array)
-          return unless @benchmark
-          data_array.select! do |d|
-            d.keys.all? do |k|
-              k == 'benchmark' || k.match?(/::#{@benchmark}::/)
-            end
-          end
-        end
-        def filter_mapping_data_array_by_profile!(data_array)
-          return unless @profile
-          data_array.reject! { |d| nested_hash_value(d, @profile).nil? }
-        end
-        def filter_mapping_data_array_by_level!(data_array)
-          return unless @level
-          data_array.reject! { |d| nested_hash_value(d, @level).nil? }
-        end
-        def nested_hash_value(obj, key)
-          if obj.respond_to?(:key?) && obj.key?(key)
-            obj[key]
-          elsif obj.respond_to?(:each)
-            r = nil
-            obj.find { |*a| r = nested_hash_value(a.last, key) }
-            r
-          end
-        end
-        def filter_stig_mapping_data(data_array); end
-        def fact_array_for(*keys)
-          keys.each_with_object([]) { |(k, _), a| a << fact_filter_value(k) }.compact
-        end
-        def fact_filter_value(key)
-          value = instance_variable_get("@#{key}")
-          return if value.nil? || value.empty?
-          [KEY_FACT_MAP[key], value]
-        end
-      end
-      class OldReport
-        def initialize(benchmarks)
-          @benchmarks = benchmarks
-        end
-        def self.generate
-          coverage = {}
-          coverage['classes'] = {}
-          all_cap = ClassUtils.find_all_classes_and_paths(puppet_class_dir)
-          invalid_classes = find_invalid_classes(all_cap)
-          valid_classes = find_valid_classes(all_cap, invalid_classes)
-          coverage['classes']['invalid'] = invalid_classes
-          coverage['classes']['valid'] = valid_classes
-          hiera = YAML.safe_load(File.open(hiera_path))
-          profile&.gsub!(/^profile_/, '') unless profile.nil?
-          matcher = profile.nil? ? /^profile_/ : /^profile_#{profile}/
-          hiera.each do |k, v|
-            key_base = k.split('::')[-1]
-            coverage['benchmark'] = v if key_base == 'title'
-            next unless key_base.match?(matcher)
-            coverage[key_base] = generate_uncovered_data(v, valid_classes)
-          end
-          coverage
-        end
-        def self.generate_uncovered_data(ctrl_list, valid_classes)
-          out_hash = {}
-          out_hash[:num_total] = ctrl_list.length
-          out_hash[:uncovered] = []
-          out_hash[:covered] = []
-          ctrl_list.each do |c|
-            if valid_classes.include?(c)
-              out_hash[:covered] << c
-            else
-              out_hash[:uncovered] << c
-            end
-          end
-          out_hash[:num_covered] = out_hash[:covered].length
-          out_hash[:num_uncovered] = out_hash[:uncovered].length
-          out_hash[:coverage] = Float(
-            (Float(out_hash[:num_covered]) / Float(out_hash[:num_total])) * 100.0
-          ).floor(3)
-          out_hash
-        end
-        def self.find_valid_classes(all_cap, invalid_classes)
-          all_classes = all_cap.dup.transpose[0]
-          return [] if all_classes.nil?
-          return all_classes - invalid_classes unless invalid_classes.nil?
-          all_classes
-        end
-        def self.find_invalid_classes(all_cap)
-          invalid_classes = []
-          all_cap.each do |cap|
-            invalid_classes << cap[0] unless class_valid?(cap[1])
-          end
-          invalid_classes
-        end
-        def self.class_valid?(manifest_path)
-          compiler = Puppet::Pal::Compiler.new(nil)
-          ast = compiler.parse_file(manifest_path)
-          ast.body.body.statements.each do |s|
-            next unless s.respond_to?(:arguments)
-            next unless s.arguments.respond_to?(:each)
-            s.arguments.each do |i|
-              return false if i.value == 'Not implemented'
-            end
-          end
-          true
-        end
-      end
-      # Class manages organizing report data into various output formats
-      class ReportOutput
-        attr_reader :controls_in_resource_data, :rules_in_map, :timestamp,
-                    :title
-        def initialize(benchmark, controls_in_resource_data, rules_in_map)
-          @benchmark = benchmark
-          @controls_in_resource_data = controls_in_resource_data
-          @rules_in_map = rules_in_map
-          @timestamp = DateTime.now.iso8601
-          @title = "Coverage Report for #{@benchmark.title_key}"
-        end
-        def uncovered
-          @uncovered ||= rules_in_map - controls_in_resource_data
-        end
-        def uncovered_count
-          @uncovered_count ||= uncovered.length
-        end
-        def covered
-          @covered ||= rules_in_map - uncovered
-        end
-        def covered_count
-          @covered_count ||= covered.length
-        end
-        def total_count
-          @total_count ||= rules_in_map.length
-        end
-        def percentage
-          @percentage ||= covered_count.to_f / total_count
-        end
-        def to_h
-          {
-            title: title,
-            timestamp: timestamp,
-            benchmark: benchmark_hash,
-            coverage: coverage_hash,
-          }
-        end
-        def to_json(opts = nil)
-          JSON.generate(to_h, opts)
-        end
-        def to_yaml
-          to_h.to_yaml
-        end
-        def benchmark_hash
-          {
-            title: @benchmark.title,
-            version: @benchmark.version,
-            framework: @benchmark.framework,
-          }
-        end
-        def coverage_hash
-          {
-            total_count: total_count,
-            uncovered_count: uncovered_count,
-            uncovered: uncovered,
-            covered_count: covered_count,
-            covered: covered,
-            percentage: percentage,
-            controls_in_resource_data: controls_in_resource_data,
-            rules_in_map: rules_in_map,
-          }
-        end
-      end
-      # Creates ReportOutput objects based on the given Benchmark
-      class BenchmarkReport
-        def initialize(benchmark)
-          @benchmark = benchmark
-        end
-        def controls_in_resource_data
-          @controls_in_resource_data ||= find_controls_in_resource_data
-        end
-        def controls_in_mapping_data
-          @controls_in_mapping_data ||= find_controls_in_mapping_data
-        end
-        def basic_coverage(level: nil, profile: nil)
-          map_type = @benchmark.map_type(controls_in_resource_data[0])
-          rules_in_map = @benchmark.rules_in_map(map_type, level: level, profile: profile)
-          AbideDevUtils::CEM::CoverageReport::ReportOutput.new(@benchmark, controls_in_resource_data, rules_in_map)
-        end
-        private
-        def find_controls_in_resource_data
-          controls = @benchmark.resource_data["#{@benchmark.module_name}::resources"].each_with_object([]) do |(rname, rval), arr|
-            arr << case rval['controls'].class.to_s
-                   when 'Hash'
-                     rval['controls'].keys
-                   when 'Array'
-                     rval['controls']
-                   else
-                     raise "Invalid controls type: #{rval['controls'].class}"
-                   end
-          end
-          controls.flatten.uniq.select do |c|
-            case @benchmark.framework
-            when 'cis'
-              @benchmark.map_type(c) != 'vulnid'
-            when 'stig'
-              @benchmark.map_type(c) == 'vulnid'
-            else
-              raise "Cannot find controls for framework #{@benchmark.framework}"
-            end
-          end
-        end
-        def find_controls_in_mapping_data
-          controls = @benchmark.map_data[0].each_with_object([]) do |(_, mapping), arr|
-            mapping.each do |level, profs|
-              next if level == 'benchmark'
-              profs.each do |_, ctrls|
-                arr << ctrls.keys
-                arr << ctrls.values
-              end
-            end
-          end
-          controls.flatten.uniq
-        end
-      end
-    end
-  end
-end