abide_dev_utils 0.11.1 → 0.11.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 85fb0e453df008a48284f03fe59bd1577b733498ce030039e215bf1863e1767c
|
|
4
|
+
data.tar.gz: 9a89ac46e8506ea059044006a5c50d8132847fa2a8f9a6b726174ed51ab6421c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f221ac5c9c15db1414005ca4017dda7a9f848d8b7586d4b8a3ede9ecaf5fc8e35187ab2f172e127cad92a1d483befe31fa17278279b54b33abcc1d25f7a21a6
|
|
7
|
+
data.tar.gz: b9f3e5553a03faed668600c94b44759ee4554165e20722b7c6d5108add327ba23a6986e707034647b3eed400e6217b032eb058e537a74f26d11a004cf309bcfd
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
abide_dev_utils (0.11.
|
|
4
|
+
abide_dev_utils (0.11.2)
|
|
5
5
|
amatch (~> 0.4)
|
|
6
6
|
cmdparse (~> 3.0)
|
|
7
7
|
facterdb (>= 1.18)
|
|
@@ -60,10 +60,10 @@ GEM
|
|
|
60
60
|
diff-lcs (1.5.0)
|
|
61
61
|
digest-crc (0.6.4)
|
|
62
62
|
rake (>= 12.0.0, < 14.0.0)
|
|
63
|
-
facter (4.2.
|
|
63
|
+
facter (4.2.11)
|
|
64
64
|
hocon (~> 1.3)
|
|
65
65
|
thor (>= 1.0.1, < 2.0)
|
|
66
|
-
facterdb (1.
|
|
66
|
+
facterdb (1.19.0)
|
|
67
67
|
facter (< 5.0.0)
|
|
68
68
|
jgrep
|
|
69
69
|
faraday (2.3.0)
|
|
@@ -84,7 +84,7 @@ GEM
|
|
|
84
84
|
octokit (~> 4.6)
|
|
85
85
|
rainbow (>= 2.2.1)
|
|
86
86
|
rake (>= 10.0)
|
|
87
|
-
google-apis-core (0.
|
|
87
|
+
google-apis-core (0.7.0)
|
|
88
88
|
addressable (~> 2.5, >= 2.5.1)
|
|
89
89
|
googleauth (>= 0.16.2, < 2.a)
|
|
90
90
|
httpclient (>= 2.8.1, < 3.a)
|
|
@@ -93,25 +93,25 @@ GEM
|
|
|
93
93
|
retriable (>= 2.0, < 4.a)
|
|
94
94
|
rexml
|
|
95
95
|
webrick
|
|
96
|
-
google-apis-iamcredentials_v1 (0.
|
|
97
|
-
google-apis-core (>= 0.
|
|
98
|
-
google-apis-storage_v1 (0.
|
|
99
|
-
google-apis-core (>= 0.
|
|
96
|
+
google-apis-iamcredentials_v1 (0.13.0)
|
|
97
|
+
google-apis-core (>= 0.7, < 2.a)
|
|
98
|
+
google-apis-storage_v1 (0.17.0)
|
|
99
|
+
google-apis-core (>= 0.7, < 2.a)
|
|
100
100
|
google-cloud-core (1.6.0)
|
|
101
101
|
google-cloud-env (~> 1.0)
|
|
102
102
|
google-cloud-errors (~> 1.0)
|
|
103
103
|
google-cloud-env (1.6.0)
|
|
104
104
|
faraday (>= 0.17.3, < 3.0)
|
|
105
105
|
google-cloud-errors (1.2.0)
|
|
106
|
-
google-cloud-storage (1.
|
|
106
|
+
google-cloud-storage (1.38.0)
|
|
107
107
|
addressable (~> 2.8)
|
|
108
108
|
digest-crc (~> 0.4)
|
|
109
109
|
google-apis-iamcredentials_v1 (~> 0.1)
|
|
110
|
-
google-apis-storage_v1 (~> 0.
|
|
110
|
+
google-apis-storage_v1 (~> 0.17.0)
|
|
111
111
|
google-cloud-core (~> 1.6)
|
|
112
112
|
googleauth (>= 0.16.2, < 2.a)
|
|
113
113
|
mini_mime (~> 1.0)
|
|
114
|
-
googleauth (1.
|
|
114
|
+
googleauth (1.2.0)
|
|
115
115
|
faraday (>= 0.17.3, < 3.a)
|
|
116
116
|
jwt (>= 1.4, < 3.0)
|
|
117
117
|
memoist (~> 0.16)
|
|
@@ -119,7 +119,7 @@ GEM
|
|
|
119
119
|
os (>= 0.9, < 2.0)
|
|
120
120
|
signet (>= 0.16, < 2.a)
|
|
121
121
|
hashdiff (1.0.1)
|
|
122
|
-
hiera (3.
|
|
122
|
+
hiera (3.10.0)
|
|
123
123
|
hocon (1.3.1)
|
|
124
124
|
httpclient (2.8.3)
|
|
125
125
|
i18n (1.10.0)
|
|
@@ -130,7 +130,7 @@ GEM
|
|
|
130
130
|
atlassian-jwt
|
|
131
131
|
multipart-post
|
|
132
132
|
oauth (~> 0.5, >= 0.5.0)
|
|
133
|
-
jwt (2.
|
|
133
|
+
jwt (2.4.1)
|
|
134
134
|
locale (2.1.3)
|
|
135
135
|
memoist (0.16.2)
|
|
136
136
|
method_source (1.0.0)
|
|
@@ -139,9 +139,9 @@ GEM
|
|
|
139
139
|
mize (0.4.0)
|
|
140
140
|
protocol (~> 2.0)
|
|
141
141
|
multi_json (1.15.0)
|
|
142
|
-
multipart-post (2.
|
|
142
|
+
multipart-post (2.2.3)
|
|
143
143
|
nio4r (2.5.8)
|
|
144
|
-
nokogiri (1.13.
|
|
144
|
+
nokogiri (1.13.8-x86_64-darwin)
|
|
145
145
|
racc (~> 1.4)
|
|
146
146
|
oauth (0.5.10)
|
|
147
147
|
octokit (4.25.0)
|
|
@@ -164,7 +164,7 @@ GEM
|
|
|
164
164
|
coderay (~> 1.1)
|
|
165
165
|
method_source (~> 1.0)
|
|
166
166
|
public_suffix (4.0.7)
|
|
167
|
-
puppet (7.
|
|
167
|
+
puppet (7.18.0-universal-darwin)
|
|
168
168
|
CFPropertyList (~> 2.2)
|
|
169
169
|
concurrent-ruby (~> 1.0)
|
|
170
170
|
deep_merge (~> 1.0)
|
|
@@ -234,9 +234,9 @@ GEM
|
|
|
234
234
|
rubyzip (>= 1.2.2)
|
|
235
235
|
semantic_puppet (1.0.4)
|
|
236
236
|
sexp_processor (4.16.1)
|
|
237
|
-
signet (0.
|
|
237
|
+
signet (0.17.0)
|
|
238
238
|
addressable (~> 2.8)
|
|
239
|
-
faraday (>= 0.17.5, < 3.
|
|
239
|
+
faraday (>= 0.17.5, < 3.a)
|
|
240
240
|
jwt (>= 1.5, < 3.0)
|
|
241
241
|
multi_json (~> 1.10)
|
|
242
242
|
sync (0.5.0)
|
|
@@ -21,6 +21,11 @@ module AbideDevUtils
|
|
|
21
21
|
@dependent = []
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
+
# Returns a representation of the actual manifest backing this resource.
|
|
25
|
+
# This is used to gather information from the Puppet code about this
|
|
26
|
+
# resource.
|
|
27
|
+
# @return [AbideDevUtils::Ppt::CodeIntrospection::Manifest]
|
|
28
|
+
# @return [nil] if the manifest could not be found or could not be parsed
|
|
24
29
|
def manifest
|
|
25
30
|
@manifest ||= load_manifest
|
|
26
31
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require 'json'
|
|
4
|
+
require 'shellwords'
|
|
4
5
|
require 'timeout'
|
|
5
6
|
require 'yaml'
|
|
6
7
|
require 'abide_dev_utils/markdown'
|
|
@@ -58,6 +59,8 @@ module AbideDevUtils
|
|
|
58
59
|
|
|
59
60
|
# Generates a markdown reference doc
|
|
60
61
|
class MarkdownGenerator
|
|
62
|
+
SPECIAL_CONTROL_IDS = %w[dependent cem_options cem_protected].freeze
|
|
63
|
+
|
|
61
64
|
def initialize(benchmarks, module_name, file: 'REFERENCE.md')
|
|
62
65
|
@benchmarks = benchmarks
|
|
63
66
|
@module_name = module_name
|
|
@@ -72,7 +75,7 @@ module AbideDevUtils
|
|
|
72
75
|
total: benchmark.controls.length)
|
|
73
76
|
md.add_h1(benchmark.title_key)
|
|
74
77
|
benchmark.controls.each do |control|
|
|
75
|
-
next if
|
|
78
|
+
next if SPECIAL_CONTROL_IDS.include? control.id
|
|
76
79
|
next if benchmark.framework == 'stig' && control.id_map_type != 'vulnid'
|
|
77
80
|
|
|
78
81
|
control_md = ControlMarkdown.new(control, @md, @module_name, benchmark.framework)
|
|
@@ -91,12 +94,15 @@ module AbideDevUtils
|
|
|
91
94
|
attr_reader :benchmarks, :md
|
|
92
95
|
end
|
|
93
96
|
|
|
97
|
+
class ConfigExampleError < StandardError; end
|
|
98
|
+
|
|
94
99
|
class ControlMarkdown
|
|
95
|
-
def initialize(control, md, module_name, framework)
|
|
100
|
+
def initialize(control, md, module_name, framework, formatter: nil)
|
|
96
101
|
@control = control
|
|
97
102
|
@md = md
|
|
98
103
|
@module_name = module_name
|
|
99
104
|
@framework = framework
|
|
105
|
+
@formatter = formatter.nil? ? TypeExprValueFormatter : formatter
|
|
100
106
|
@control_data = {}
|
|
101
107
|
end
|
|
102
108
|
|
|
@@ -128,7 +134,6 @@ module AbideDevUtils
|
|
|
128
134
|
return unless @control.resource.manifest?
|
|
129
135
|
|
|
130
136
|
@control.resource.manifest.declaration.parameters&.find { |x| x.name == "$#{ctrl_param[:name]}" }
|
|
131
|
-
#raise "Cannot find resource parameter for param #{ctrl_param[:name]}" unless rparam
|
|
132
137
|
end
|
|
133
138
|
|
|
134
139
|
def param_type_expr(ctrl_param, rsrc_param)
|
|
@@ -204,36 +209,110 @@ module AbideDevUtils
|
|
|
204
209
|
@control.param_hashes.each do |param_hash|
|
|
205
210
|
next if param_hash[:name] == 'No parameters'
|
|
206
211
|
|
|
207
|
-
val =
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
elsif @control_data[param_hash[:name]][:default]
|
|
211
|
-
@control_data[param_hash[:name]][:default]
|
|
212
|
-
elsif @control_data[param_hash[:name]][:type_expr]
|
|
213
|
-
"<#{@control_data[param_hash[:name]][:type_expr]}>"
|
|
214
|
-
else
|
|
215
|
-
'undef'
|
|
216
|
-
end
|
|
212
|
+
val = @formatter.format(@control_data[param_hash[:name]][:default],
|
|
213
|
+
@control_data[param_hash[:name]][:type_expr],
|
|
214
|
+
optional_strategy: :placeholder)
|
|
217
215
|
out_str << "#{indent}#{param_hash[:name]}: #{val}"
|
|
218
216
|
end
|
|
219
217
|
return if out_str.empty?
|
|
220
218
|
|
|
221
|
-
|
|
222
|
-
out_str.unshift(" #{@control.title.dump}:")
|
|
223
|
-
rescue NoMethodError
|
|
224
|
-
require 'pry'
|
|
225
|
-
binding.pry
|
|
226
|
-
end
|
|
219
|
+
out_str.unshift(" #{@control.title.dump}:")
|
|
227
220
|
out_str.unshift(' control_configs:')
|
|
228
221
|
out_str.unshift("#{@module_name}::config:")
|
|
229
222
|
@md.add_ul('Hiera Configuration Example:')
|
|
230
223
|
@md.add_code_block(out_str.join("\n"), language: 'yaml')
|
|
224
|
+
rescue StandardError => e
|
|
225
|
+
err_msg = [
|
|
226
|
+
"Failed to generate config example for control #{@control.id}",
|
|
227
|
+
"Error: #{e.message}",
|
|
228
|
+
"Control: Data #{@control_data.inspect}",
|
|
229
|
+
e.backtrace.join("\n")
|
|
230
|
+
].join("\n")
|
|
231
|
+
raise ConfigExampleError, err_msg
|
|
231
232
|
end
|
|
232
233
|
|
|
233
234
|
def resource_reference_builder
|
|
234
235
|
@md.add_ul("Resource: #{@md.code(@control.resource.to_reference)}")
|
|
235
236
|
end
|
|
236
237
|
end
|
|
238
|
+
|
|
239
|
+
# Holds methods for formmating values based on type expressions
|
|
240
|
+
class TypeExprValueFormatter
|
|
241
|
+
UNDEF_VAL = 'undef'
|
|
242
|
+
|
|
243
|
+
# Formats a value based on a type expression.
|
|
244
|
+
# @param value [Any] the value to format
|
|
245
|
+
# @param type_expr [String] the type expression to use for formatting
|
|
246
|
+
# @param optional_strategy [Symbol] the strategy to use for optional values
|
|
247
|
+
# @return [Any] the formatted value
|
|
248
|
+
def self.format(value, type_expr, optional_strategy: :undef)
|
|
249
|
+
return value if value == 'No parameters'
|
|
250
|
+
|
|
251
|
+
case type_expr
|
|
252
|
+
when /^(String|Stdlib::(Unix|Windows|Absolute)path|Enum)/
|
|
253
|
+
quote(value)
|
|
254
|
+
when /^Optional\[/
|
|
255
|
+
optional(value, type_expr, strategy: optional_strategy)
|
|
256
|
+
else
|
|
257
|
+
return type_expr_placeholder(type_expr) if value.nil?
|
|
258
|
+
|
|
259
|
+
quote(value)
|
|
260
|
+
end
|
|
261
|
+
end
|
|
262
|
+
|
|
263
|
+
# Escapes and quotes a string. If value is not a string, returns value.
|
|
264
|
+
# @param value [Any] the string to quote.
|
|
265
|
+
# @return [String] the quoted string.
|
|
266
|
+
# @return [Any] the value if it is not a string.
|
|
267
|
+
def self.quote(value)
|
|
268
|
+
if value.is_a?(String)
|
|
269
|
+
value.inspect
|
|
270
|
+
else
|
|
271
|
+
value
|
|
272
|
+
end
|
|
273
|
+
end
|
|
274
|
+
|
|
275
|
+
# Checks if a value is considered undef.
|
|
276
|
+
# @param value [Any] the value to check.
|
|
277
|
+
# @return [Boolean] true if value is considered undef (nil or 'undef').
|
|
278
|
+
def self.undef?(value)
|
|
279
|
+
value.nil? || value == UNDEF_VAL
|
|
280
|
+
end
|
|
281
|
+
|
|
282
|
+
# Returns the display representation of the value with an Optional type expression.
|
|
283
|
+
# If the value is not nil or 'undef', returns the quoted form of the value.
|
|
284
|
+
# @param value [Any] the value to format.
|
|
285
|
+
# @param type_expr [String] the type expression.
|
|
286
|
+
# @param strategy [Symbol] the strategy to use. Valid strategies are :undef and :placeholder.
|
|
287
|
+
# :undef will return 'undef' if the value is nil or 'undef'.
|
|
288
|
+
# :placeholder will return a peeled type expression placeholder if the value is nil or 'undef'.
|
|
289
|
+
# @return [String] the formatted value.
|
|
290
|
+
# @return [Any] the quoted value if it is not nil.
|
|
291
|
+
def self.optional(value, type_expr, strategy: :undef)
|
|
292
|
+
return UNDEF_VAL if undef?(value) && strategy == :undef
|
|
293
|
+
return type_expr_placeholder(peel_type_expr(type_expr)) if undef?(value) && strategy == :placeholder
|
|
294
|
+
|
|
295
|
+
quote(value)
|
|
296
|
+
end
|
|
297
|
+
|
|
298
|
+
# Returns a "peeled" type expression. Peeling a type expression removes the
|
|
299
|
+
# first layer of the type expression. For example, if the type expression is
|
|
300
|
+
# Optional[String], the peeled type expression is String.
|
|
301
|
+
# @param type_expr [String] the type expression to peel.
|
|
302
|
+
# @return [String] the peeled type expression.
|
|
303
|
+
def self.peel_type_expr(type_expr)
|
|
304
|
+
return type_expr unless type_expr.include?('[')
|
|
305
|
+
|
|
306
|
+
type_expr.match(/^[A-Z][a-z0-9_]*\[(?<peeled>[A-Za-z0-9:,_{}=>\[\]\\\s]+)\]$/)[:peeled]
|
|
307
|
+
end
|
|
308
|
+
|
|
309
|
+
# Formats the type expression as a placeholder.
|
|
310
|
+
# @param type_expr [String] The type expression to format.
|
|
311
|
+
# @return [String] The formatted type expression.
|
|
312
|
+
def self.type_expr_placeholder(type_expr)
|
|
313
|
+
"<<Type #{type_expr}>>"
|
|
314
|
+
end
|
|
315
|
+
end
|
|
237
316
|
end
|
|
238
317
|
end
|
|
239
318
|
end
|
|
@@ -29,6 +29,8 @@ module AbideDevUtils
|
|
|
29
29
|
te = param.respond_to?(:type_expr) ? param.type_expr : param
|
|
30
30
|
if te.respond_to? :left_expr
|
|
31
31
|
display_type_expr_with_left_expr(te)
|
|
32
|
+
elsif te.respond_to? :entries
|
|
33
|
+
display_type_expr_with_entries(te)
|
|
32
34
|
elsif te.respond_to? :cased_value
|
|
33
35
|
te.cased_value
|
|
34
36
|
elsif te.respond_to? :value
|
|
@@ -45,6 +47,17 @@ module AbideDevUtils
|
|
|
45
47
|
keys.tr!('"', '') unless cased == 'Enum'
|
|
46
48
|
"#{cased}#{keys}"
|
|
47
49
|
end
|
|
50
|
+
|
|
51
|
+
# Used by #display_type_expr
|
|
52
|
+
def display_type_expr_with_entries(te)
|
|
53
|
+
te.entries.each_with_object({}) do |x, hsh|
|
|
54
|
+
key = nil
|
|
55
|
+
val = nil
|
|
56
|
+
key = display_value(x.key) if x.respond_to? :key
|
|
57
|
+
val = display_type_expr(x.value) if x.respond_to? :value
|
|
58
|
+
hsh[key] = val if key
|
|
59
|
+
end
|
|
60
|
+
end
|
|
48
61
|
end
|
|
49
62
|
end
|
|
50
63
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: abide_dev_utils
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.11.
|
|
4
|
+
version: 0.11.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- abide-team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-08-
|
|
11
|
+
date: 2022-08-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|