abide_dev_utils 0.12.1 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d6f05434761a55369ffb231c1573ba627aa5c9ebef29d198ccfa16c422d05c48
-  data.tar.gz: 534968456e7eefca691fa6a3cdc46a170dc3ee12060261225fc35adadbc27d18
+  metadata.gz: 863b7f1da9e228c425708434e5adb149a04462c6f9e7a0189799761d9420b6e1
+  data.tar.gz: c221c833c4f6b89d80328b3e3bf2de527bb400fe8df5946af2c46d5be45d1b60
 SHA512:
-  metadata.gz: b9907ee602b3367d4692b5c2102f0c769614f33d22980d5b8c0a14ea7dd15ac19947800eed399e6d68215ea2c21ab670b233209bf62e79399795fc5cc0ca68c2
-  data.tar.gz: edbeac0d044795300b42ac1ddd70623abc9c9e7d322ecf1e5d6356c8b4f875a31e31e02c96397b0bc9ee1a6a815fa342401916d9f87696f0ad68f0bd9d887b75
+  metadata.gz: 715413f107df1c3f52269658b124db9bad5b4113042ca9e18eb11cabd73cb3b83a57e3f2adf13591fc168dc841be1fb93d3e972ce74aafe6888b95802b644316
+  data.tar.gz: 10eed44e5eb6969974f3426cc65c6c7a00cc988fc5a8ef733df50fafd1c395df44d7afec4b18f51c0ae42d5a36204174a88c42679a6eb3616080deccfb38a86f

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    abide_dev_utils (0.12.1)
+    abide_dev_utils (0.13.0)
       amatch (~> 0.4)
       cmdparse (~> 3.0)
       facterdb (>= 1.18)
@@ -17,7 +17,7 @@ GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.6)
-    activesupport (7.0.3)
+    activesupport (7.0.4.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -60,10 +60,10 @@ GEM
     diff-lcs (1.5.0)
     digest-crc (0.6.4)
       rake (>= 12.0.0, < 14.0.0)
-    facter (4.2.11)
+    facter (4.2.14)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
-    facterdb (1.19.0)
+    facterdb (1.21.0)
       facter (< 5.0.0)
       jgrep
     faraday (2.3.0)
@@ -84,7 +84,7 @@ GEM
       octokit (~> 4.6)
       rainbow (>= 2.2.1)
       rake (>= 10.0)
-    google-apis-core (0.7.0)
+    google-apis-core (0.10.0)
       addressable (~> 2.5, >= 2.5.1)
       googleauth (>= 0.16.2, < 2.a)
       httpclient (>= 2.8.1, < 3.a)
@@ -93,25 +93,25 @@ GEM
       retriable (>= 2.0, < 4.a)
       rexml
       webrick
-    google-apis-iamcredentials_v1 (0.13.0)
-      google-apis-core (>= 0.7, < 2.a)
-    google-apis-storage_v1 (0.17.0)
-      google-apis-core (>= 0.7, < 2.a)
+    google-apis-iamcredentials_v1 (0.16.0)
+      google-apis-core (>= 0.9.1, < 2.a)
+    google-apis-storage_v1 (0.19.0)
+      google-apis-core (>= 0.9.0, < 2.a)
     google-cloud-core (1.6.0)
       google-cloud-env (~> 1.0)
       google-cloud-errors (~> 1.0)
     google-cloud-env (1.6.0)
       faraday (>= 0.17.3, < 3.0)
-    google-cloud-errors (1.2.0)
-    google-cloud-storage (1.38.0)
+    google-cloud-errors (1.3.0)
+    google-cloud-storage (1.44.0)
       addressable (~> 2.8)
       digest-crc (~> 0.4)
       google-apis-iamcredentials_v1 (~> 0.1)
-      google-apis-storage_v1 (~> 0.17.0)
+      google-apis-storage_v1 (~> 0.19.0)
       google-cloud-core (~> 1.6)
       googleauth (>= 0.16.2, < 2.a)
       mini_mime (~> 1.0)
-    googleauth (1.2.0)
+    googleauth (1.3.0)
       faraday (>= 0.17.3, < 3.a)
       jwt (>= 1.4, < 3.0)
       memoist (~> 0.16)
@@ -119,31 +119,36 @@ GEM
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
     hashdiff (1.0.1)
-    hiera (3.10.0)
+    hashie (5.0.0)
+    hiera (3.11.0)
     hocon (1.3.1)
     httpclient (2.8.3)
-    i18n (1.10.0)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
     jgrep (1.5.4)
-    jira-ruby (2.2.0)
+    jira-ruby (2.3.0)
       activesupport
       atlassian-jwt
       multipart-post
       oauth (~> 0.5, >= 0.5.0)
-    jwt (2.4.1)
+    jwt (2.7.0)
     locale (2.1.3)
     memoist (0.16.2)
     method_source (1.0.0)
     mini_mime (1.1.2)
-    minitest (5.15.0)
-    mize (0.4.0)
+    minitest (5.17.0)
+    mize (0.4.1)
       protocol (~> 2.0)
     multi_json (1.15.0)
-    multipart-post (2.2.3)
+    multipart-post (2.3.0)
     nio4r (2.5.8)
-    nokogiri (1.13.8-x86_64-darwin)
+    nokogiri (1.14.1-x86_64-darwin)
       racc (~> 1.4)
-    oauth (0.5.10)
+    nokogiri (1.14.1-x86_64-linux)
+      racc (~> 1.4)
+    oauth (0.6.2)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
     octokit (4.25.0)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
@@ -164,9 +169,20 @@ GEM
       coderay (~> 1.1)
       method_source (~> 1.0)
     public_suffix (4.0.7)
-    puppet (7.18.0-universal-darwin)
+    puppet (7.22.0)
+      concurrent-ruby (~> 1.0, < 1.2.0)
+      deep_merge (~> 1.0)
+      facter (> 2.0.1, < 5)
+      fast_gettext (>= 1.1, < 3)
+      hiera (>= 3.2.1, < 4)
+      locale (~> 2.1)
+      multi_json (~> 1.10)
+      puppet-resource_api (~> 1.5)
+      scanf (~> 1.0)
+      semantic_puppet (~> 1.0)
+    puppet (7.22.0-universal-darwin)
       CFPropertyList (~> 2.2)
-      concurrent-ruby (~> 1.0)
+      concurrent-ruby (~> 1.0, < 1.2.0)
       deep_merge (~> 1.0)
       facter (> 2.0.1, < 5)
       fast_gettext (>= 1.1, < 3)
@@ -178,7 +194,7 @@ GEM
       semantic_puppet (~> 1.0)
     puppet-resource_api (1.8.14)
       hocon (>= 1.0)
-    racc (1.6.0)
+    racc (1.6.2)
     rainbow (3.1.1)
     rake (13.0.6)
     regexp_parser (2.5.0)
@@ -221,7 +237,7 @@ GEM
       rubocop (~> 1.19)
     ruby-progressbar (1.11.0)
     ruby2_keywords (0.0.5)
-    ruby_parser (3.19.1)
+    ruby_parser (3.19.2)
       sexp_processor (~> 4.16)
     rubyzip (2.3.2)
     sawyer (0.9.2)
@@ -239,18 +255,22 @@ GEM
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
     sync (0.5.0)
     thor (1.2.1)
     timers (4.3.3)
-    tins (1.31.1)
+    tins (1.32.1)
       sync
     traces (0.4.1)
     trailblazer-option (0.1.2)
-    tzinfo (2.0.4)
+    tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
     uber (0.1.0)
     unicode-display_width (2.1.0)
-    webrick (1.7.0)
+    version_gem (1.1.1)
+    webrick (1.8.1)
 
 PLATFORMS
   x86_64-darwin-19

data/lib/abide_dev_utils/cem/generate/reference.rb

@@ -120,7 +120,11 @@ module AbideDevUtils
           private
 
           def heading_builder
-            @md.add_h2("#{@control.number} - #{@control.title}")
+            if @framework == 'stig'
+              @md.add_h2(@control.id)
+            else
+              @md.add_h2("#{@control.number} - #{@control.title}")
+            end
           end
 
           def control_has_valid_params?
@@ -216,12 +220,13 @@ module AbideDevUtils
             end
             return if out_str.empty?
 
-            out_str.unshift("    #{@control.title.dump}:")
+            @control.title.nil? ? out_str.unshift("    #{@control.id.dump}:") : out_str.unshift("    #{@control.title.dump}:")
             out_str.unshift('  control_configs:')
             out_str.unshift("#{@module_name}::config:")
             @md.add_ul('Hiera Configuration Example:')
             @md.add_code_block(out_str.join("\n"), language: 'yaml')
           rescue StandardError => e
+            require 'pry'; binding.pry
             err_msg = [
               "Failed to generate config example for control #{@control.id}",
               "Error: #{e.message}",

data/lib/abide_dev_utils/cem/mapping/mapper.rb

@@ -6,13 +6,13 @@ require 'abide_dev_utils/cem/hiera_data/mapping_data/mixins'
 module AbideDevUtils
   module CEM
     module Mapping
-      ALL_TYPES = %w[hiera_title_num number hiera_title vulnid title].freeze
+      ALL_TYPES = %w[hiera_title_num number hiera_title title vulnid ruleid].freeze
       FRAMEWORK_TYPES = {
         'cis' => %w[hiera_title_num number hiera_title title],
-        'stig' => %w[hiera_title_num number hiera_title vulnid title],
+        'stig' => %w[vulnid ruleid],
       }.freeze
       CIS_TYPES = %w[hiera_title_num number hiera_title title].freeze
-      STIG_TYPES = %w[hiera_title_num number hiera_title vulnid title].freeze
+      STIG_TYPES = %w[vulnid ruleid].freeze
 
       # Represents a single map data file
       class MapData
@@ -168,6 +168,8 @@ module AbideDevUtils
             'hiera_title'
           when %r{^V-[0-9]{6}$}
             'vulnid'
+          when %r{^SV-[0-9]+r[0-9]+_rule$}
+            'ruleid'
           else
             'title'
           end

data/lib/abide_dev_utils/cli/jira.rb

@@ -22,6 +22,7 @@ module Abide
         add_command(JiraGetIssueCommand.new)
         add_command(JiraNewIssueCommand.new)
         add_command(JiraFromCoverageCommand.new)
+        add_command(JiraFromXccdfCommand.new)
       end
     end
 
@@ -113,5 +114,27 @@ module Abide
         end
       end
     end
+
+    class JiraFromXccdfCommand < CmdParse::Command
+      CMD_NAME = 'from_xccdf'
+      CMD_SHORT = 'Creates a parent issue with subtasks from a xccdf file'
+      CMD_LONG = 'Creates a parent issue with subtasks for a benchmark and any uncovered controls'
+      def initialize
+        super(CMD_NAME, takes_commands: false)
+        short_desc(CMD_SHORT)
+        long_desc(CMD_LONG)
+        argument_desc(PATH: 'An XCCDF file', PROJECT: 'A Jira project')
+        options.on('-d', '--dry-run', 'Print to console instead of saving objects') { |_| @data[:dry_run] = true }
+        options.on('-e [EPIC]', '--epic [EPIC]', 'If given, tasks will be created and assigned to this epic. Takes form <PROJECT>-<NUM>') { |e| @data[:epic] = e }
+      end
+
+      def execute(path, project)
+        Abide::CLI::VALIDATE.file(path)
+        @data[:dry_run] = false if @data[:dry_run].nil?
+        client = JIRA.client(options: {})
+        proj = JIRA.project(client, project)
+        JIRA.new_issues_from_xccdf(client, proj, path, epic: @data[:epic], dry_run: @data[:dry_run])
+      end
+    end
   end
 end

data/lib/abide_dev_utils/errors/jira.rb

@@ -9,6 +9,10 @@ module AbideDevUtils
         @default = 'Failed to create Jira issue:'
       end
 
+      class CreateEpicError < GenericError
+        @default = 'Failed to create Jira epic:'
+      end
+
       class CreateSubtaskError < GenericError
         @default = 'Failed to create Jira subtask for issue:'
       end

data/lib/abide_dev_utils/jira.rb

@@ -11,6 +11,7 @@ module AbideDevUtils
     ERRORS = AbideDevUtils::Errors::Jira
     COV_PARENT_SUMMARY_PREFIX = '::BENCHMARK:: '
     COV_CHILD_SUMMARY_PREFIX = '::CONTROL:: '
+    PROGRESS_BAR_FORMAT = '%a %e %P% Created: %c of %C'
 
     def self.project(client, project)
       client.Project.find(project)
@@ -18,6 +19,11 @@ module AbideDevUtils
 
     def self.issue(client, issue)
       client.Issue.find(issue)
+    rescue URI::InvalidURIError
+      iss = client.Issue.all.find { |i| i.summary == issue }
+      raise ERRORS::FindIssueError, issue unless iss
+
+      iss
     end
 
     def self.myself(client)
@@ -25,11 +31,19 @@ module AbideDevUtils
     end
 
     def self.issuetype(client, id)
-      client.Issuetype.find(id)
+      if id.match?(%r{^\d+$})
+        client.Issuetype.find(id)
+      else
+        client.Issuetype.all.find { |i| i.name == id }
+      end
     end
 
     def self.priority(client, id)
-      client.Priority.find(id)
+      if id.match?(%r{^\d+$})
+        client.Priority.find(id)
+      else
+        client.Priority.all.find { |i| i.name == id }
+      end
     end
 
     def self.all_project_issues_attrs(project)
@@ -37,21 +51,50 @@ module AbideDevUtils
       raw_issues.collect(&:attrs)
     end
 
-    def self.new_issue(client, project, summary, dry_run: false)
+    def self.add_issue_label(iss, label, dry_run: false)
+      return if dry_run || iss.labels.include?(label)
+
+      iss.labels << profile_summary
+      iss.save
+    end
+
+    def self.new_issue(client, project, summary, labels: ['abide_dev_utils'], epic: nil, dry_run: false)
       if dry_run
         sleep(0.2)
-        return Dummy.new
+        return Dummy.new(summary)
       end
       fields = {}
       fields['summary'] = summary
       fields['project'] = project(client, project)
       fields['reporter'] = myself(client)
-      fields['issuetype'] = issuetype(client, '3')
+      fields['issuetype'] = issuetype(client, 'Task')
       fields['priority'] = priority(client, '6')
-      issue = client.Issue.build
-      raise ERRORS::CreateIssueError, issue.attrs unless issue.save({ 'fields' => fields })
+      fields['labels'] = labels
+      epic = issue(client, epic) if epic && !epic.is_a?(JIRA::Resource::Issue)
+      fields['customfield_10006'] = epic.key if epic # Epic_Link
+      iss = client.Issue.build
+      raise ERRORS::CreateIssueError, iss.attrs unless iss.save({ 'fields' => fields })
 
-      issue
+      iss
+    end
+
+    def self.new_epic(client, project, summary, dry_run: false)
+      AbideDevUtils::Output.simple("#{dr_prefix(dry_run)}Creating epic '#{summary}'")
+      if dry_run
+        sleep(0.2)
+        return Dummy.new(summary)
+      end
+      fields = {
+        'summary' => summary,
+        'project' => project(client, project),
+        'reporter' => myself(client),
+        'issuetype' => issuetype(client, 'Epic'),
+        'customfield_10007' => summary, # Epic Name
+      }
+      iss = client.Issue.build
+      raise ERRORS::CreateEpicError, iss.attrs unless iss.save({ 'fields' => fields })
+
+      iss
     end
 
     # This should probably be threaded in the future
@@ -135,15 +178,54 @@ module AbideDevUtils
       end
     end
 
-    # def self.new_issues_from_comply_report(client, project, report, dry_run: false)
-    #   dr_prefix = dry_run ? 'DRY RUN: ' : ''
-    #   i_attrs = all_project_issues_attrs(project)
-    #   rep_sums = summaries_from_coverage_report(report)
-    #   rep_sums.each do |k, v|
-    #     next if summary_exist?(k, i_attrs)
+    def self.new_issues_from_xccdf(client, project, xccdf_path, epic: nil, dry_run: false)
+      i_attrs = all_project_issues_attrs(project)
+      xccdf = AbideDevUtils::XCCDF::Benchmark.new(xccdf_path)
+      # We need to get the actual epic Issue object, or create it if it doesn't exist
+      epic = if epic.nil?
+               new_epic_summary = "#{COV_PARENT_SUMMARY_PREFIX}#{xccdf.title}"
+               if summary_exist?(new_epic_summary, i_attrs)
+                 issue(client, new_epic_summary)
+               else
+                 unless AbideDevUtils::Prompt.yes_no("#{dr_prefix(dry_run)}Create new epic '#{new_epic_summary}'?")
+                   AbideDevUtils::Output.simple("#{dr_prefix(dry_run)}Aborting")
+                   exit(0)
+                 end
+                 new_epic(client, project.key, new_epic_summary, dry_run: dry_run)
+               end
+             else
+               issue(client, epic)
+             end
+      # Now we need to find out which issues we need to create for the benchmark
+      # The profiles that the control belongs to will be added as an issue label
+      to_create = {}
+      summaries_from_xccdf(xccdf).each do |profile_summary, control_summaries|
+        control_summaries.reject { |s| summary_exist?(s, i_attrs) }.each do |control_summary|
+          if to_create.key?(control_summary)
+            to_create[control_summary] << profile_summary.split.join('_').downcase
+          else
+            to_create[control_summary] = [profile_summary.split.join('_').downcase]
+          end
+        end
+      end
+
+      unless AbideDevUtils::Prompt.yes_no("#{dr_prefix(dry_run)}Create #{to_create.keys.count} new Jira issues?")
+        AbideDevUtils::Output.simple("#{dr_prefix(dry_run)}Aborting")
+        exit(0)
+      end
 
-    #     progress = AbideDevUtils::Output.progress(title: "#{dr_prefix}Creating Tasks", total: nil)
-    #     v.each do |s|
+      progress = AbideDevUtils::Output.progress(title: "#{dr_prefix(dry_run)}Creating issues",
+                                                total: to_create.keys.count,
+                                                format: PROGRESS_BAR_FORMAT)
+      to_create.each do |control_summary, labels|
+        abrev = control_summary.length > 40 ? control_summary[0..60] : control_summary
+        progress.log("#{dr_prefix(dry_run)}Creating #{abrev}...")
+        new_issue(client, project.key, control_summary, labels: labels, epic: epic, dry_run: dry_run)
+        progress.increment
+      end
+      progress.finish
+      AbideDevUtils::Output.simple("#{dr_prefix(dry_run)}Done creating tasks in Epic '#{epic.summary}'")
+    end
 
     def self.merge_options(options)
       config.merge(options)
@@ -177,12 +259,32 @@ module AbideDevUtils
       summaries.transform_keys { |k| "#{COV_PARENT_SUMMARY_PREFIX}#{benchmark}-#{k}"}
     end
 
-    # def self.summaries_from_comply_report(report)
-    #   summaries = {}
-    #   report.each do |_, v|
-    # end
+    def self.summaries_from_xccdf(xccdf)
+      summaries = {}
+      xccdf.profiles.each do |profile|
+        sum_key = "#{profile.level}_#{profile.title}".split.join('_').downcase
+        summaries[sum_key] = profile.controls.collect do |control|
+          control_id = control.respond_to?(:vulnid) ? control.vulnid : control.number
+          summary = "#{control_id} - #{control.title}"
+          summary = "#{summary[0..251]}..." if summary.length > 255
+          summary
+        end
+      end
+      summaries
+    end
+
+    def self.dr_prefix(dry_run)
+      dry_run ? 'DRY RUN: ' : ''
+    end
 
     class Dummy
+      attr_reader :summary, :key
+
+      def initialize(summary = 'dummy summary')
+        @summary = summary
+        @key = 'DUM-111'
+      end
+
       def attrs
         { 'fields' => {
           'project' => 'dummy',

data/lib/abide_dev_utils/output.rb

@@ -41,8 +41,8 @@ module AbideDevUtils
       FWRITER.write_yml(yml_out, file: file) unless file.nil?
     end
 
-    def self.progress(title: 'Progress', start: 0, total: 100)
-      ProgressBar.create(title: title, starting_at: start, total: total)
+    def self.progress(title: 'Progress', start: 0, total: 100, format: nil)
+      ProgressBar.create(title: title, starting_at: start, total: total, format: format)
     end
   end
 end

data/lib/abide_dev_utils/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AbideDevUtils
-  VERSION = "0.12.1"
+  VERSION = "0.13.0"
 end

data/lib/abide_dev_utils/xccdf.rb

@@ -157,7 +157,8 @@ module AbideDevUtils
             raise AbideDevUtils::Errors::ControlPartsError, control
           end
           rule_id = group.xpath('Rule/@id').first.value
-          return [vuln_id, rule_id]
+          title = group.xpath('Rule/title').text
+          return [vuln_id, rule_id, title]
         else
           raise AbideDevUtils::Errors::ControlPartsError, control
         end
@@ -658,8 +659,8 @@ module AbideDevUtils
     class StigControl < XccdfElement
       def initialize(control, benchmark)
         super(control, benchmark)
-        @vulnid, @ruleid = control_parts(control_profile_text(control))
-        properties :vulnid, :ruleid
+        @vulnid, @ruleid, @title = control_parts(control_profile_text(control))
+        properties :vulnid, :ruleid, :title
       end
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: abide_dev_utils
 version: !ruby/object:Gem::Version
-  version: 0.12.1
+  version: 0.13.0
 platform: ruby
 authors:
 - abide-team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-08-22 00:00:00.000000000 Z
+date: 2023-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri