abide_dev_utils 0.14.2 → 0.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b6af74f2a0eea495b7bf71fd843c668f556ee83cf45e3b6ebfafe4242278dcee
-  data.tar.gz: 6e9f6f60bc30f135bd4f2c6f35962626e81db410fc0c17631761c84e4551e1db
+  metadata.gz: 220a0a755c0e337d22a853e106935f4355564e51a759eb93967e3aeba5a9f020
+  data.tar.gz: e0272122e07a4e53d3efa71486de5dc7a0229ca0d22214b3311c94df0c90100b
 SHA512:
-  metadata.gz: d61f39d043c94ab0ee2db46bd0374c99803fc720022606361f319e3b245c429700bffec7e9157ef11045cc7f5e25b21833b8bdc820ca1dcb32e7022ae7c89e3c
-  data.tar.gz: c2463568c53de7d0e0dfa0e4950484db5df6965888d2cae2b145f4dfba2816105f41aa413da4c07c9642da33c2a6b264a5cfd6504874db1de0f6de0eeef51675
+  metadata.gz: c7710f102655653f4181694c8dd076acff1dfd8040120c54157bc77a89f3db4a892854d2110ac4a47974ead2fdc23c3b3028c4459aa9e7bf75145e71fcebad0b
+  data.tar.gz: a5d0d101010f6ba4129346c4c4447f433b5a61e36e9000c3dab653a1709b78ff08203ec2dd014e61489d09eb2a78badfb51e233d8cbe33d85c903c3654cae90f

data/Gemfile.lock

@@ -1,8 +1,7 @@
 PATH
   remote: .
   specs:
-    abide_dev_utils (0.14.2)
-      amatch (~> 0.4)
+    abide_dev_utils (0.16.0)
       cmdparse (~> 3.0)
       facterdb (>= 1.21)
       google-cloud-storage (~> 1.34)
@@ -18,16 +17,13 @@ GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.6)
-    activesupport (7.0.4.1)
+    activesupport (7.0.4.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    amatch (0.4.1)
-      mize
-      tins (~> 1.0)
     ast (2.4.2)
     async (1.30.2)
       console (~> 1.10)
@@ -61,7 +57,7 @@ GEM
     diff-lcs (1.5.0)
     digest-crc (0.6.4)
       rake (>= 12.0.0, < 14.0.0)
-    facter (4.3.0)
+    facter (4.4.1)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     facterdb (1.21.0)
@@ -112,7 +108,7 @@ GEM
       google-cloud-core (~> 1.6)
       googleauth (>= 0.16.2, < 2.a)
       mini_mime (~> 1.0)
-    googleauth (1.3.0)
+    googleauth (1.5.2)
       faraday (>= 0.17.3, < 3.a)
       jwt (>= 1.4, < 3.0)
       memoist (~> 0.16)
@@ -122,7 +118,7 @@ GEM
     hashdiff (1.0.1)
     hashie (5.0.0)
     hiera (3.12.0)
-    hocon (1.3.1)
+    hocon (1.4.0)
     httpclient (2.8.3)
     i18n (1.12.0)
       concurrent-ruby (~> 1.0)
@@ -132,18 +128,16 @@ GEM
       atlassian-jwt
       multipart-post
       oauth (~> 0.5, >= 0.5.0)
-    jwt (2.7.0)
+    jwt (2.7.1)
     locale (2.1.3)
     memoist (0.16.2)
     method_source (1.0.0)
     mini_mime (1.1.2)
-    minitest (5.17.0)
-    mize (0.4.1)
-      protocol (~> 2.0)
+    minitest (5.18.0)
     multi_json (1.15.0)
     multipart-post (2.3.0)
     nio4r (2.5.8)
-    nokogiri (1.14.2-x86_64-darwin)
+    nokogiri (1.15.2-x86_64-darwin)
       racc (~> 1.4)
     oauth (0.6.2)
       snaky_hash (~> 2.0)
@@ -155,8 +149,6 @@ GEM
     parallel (1.22.1)
     parser (3.1.2.0)
       ast (~> 2.4.1)
-    protocol (2.0.0)
-      ruby_parser (~> 3.0)
     protocol-hpack (1.4.2)
     protocol-http (0.22.6)
     protocol-http1 (0.14.4)
@@ -168,7 +160,7 @@ GEM
       coderay (~> 1.1)
       method_source (~> 1.0)
     public_suffix (4.0.7)
-    puppet (7.23.0-universal-darwin)
+    puppet (7.24.0-universal-darwin)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0, < 1.2.0)
       deep_merge (~> 1.0)
@@ -182,9 +174,9 @@ GEM
       semantic_puppet (~> 1.0)
     puppet-resource_api (1.8.14)
       hocon (>= 1.0)
-    puppet-strings (3.0.1)
-      rgen (~> 0.9.0)
-      yard (~> 0.9.5)
+    puppet-strings (4.0.0)
+      rgen (~> 0.9)
+      yard (~> 0.9)
     racc (1.6.2)
     rainbow (3.1.1)
     rake (13.0.6)
@@ -229,8 +221,6 @@ GEM
       rubocop (~> 1.19)
     ruby-progressbar (1.11.0)
     ruby2_keywords (0.0.5)
-    ruby_parser (3.20.0)
-      sexp_processor (~> 4.16)
     rubyzip (2.3.2)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
@@ -240,8 +230,7 @@ GEM
       childprocess (>= 0.5, < 5.0)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2)
-    semantic_puppet (1.0.4)
-    sexp_processor (4.16.1)
+    semantic_puppet (1.1.0)
     signet (0.17.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
@@ -250,24 +239,21 @@ GEM
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    sync (0.5.0)
-    thor (1.2.1)
+    thor (1.2.2)
     timers (4.3.3)
-    tins (1.32.1)
-      sync
     traces (0.4.1)
     trailblazer-option (0.1.2)
-    tzinfo (2.0.5)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     uber (0.1.0)
     unicode-display_width (2.1.0)
-    version_gem (1.1.1)
-    webrick (1.7.0)
-    yard (0.9.28)
-      webrick (~> 1.7.0)
+    version_gem (1.1.2)
+    webrick (1.8.1)
+    yard (0.9.34)
 
 PLATFORMS
   x86_64-darwin-19
+  x86_64-darwin-20
   x86_64-linux
 
 DEPENDENCIES

data/abide_dev_utils.gemspec

@@ -41,7 +41,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'selenium-webdriver', '~> 4.0.0.beta4'
   spec.add_dependency 'google-cloud-storage', '~> 1.34'
   spec.add_dependency 'hashdiff', '~> 1.0'
-  spec.add_dependency 'amatch', '~> 0.4'
   spec.add_dependency 'facterdb', '>= 1.21'
 
   # Dev dependencies

data/lib/abide_dev_utils/cem/generate/reference.rb

@@ -85,7 +85,7 @@ module AbideDevUtils
                 next if benchmark.framework == 'stig' && control.id_map_type != 'vulnid'
 
                 control_md = ControlMarkdown.new(control, @md, @strings, @module_name, benchmark.framework, opts: @opts)
-                control_md.generate!
+                control_md.generate! if control_md.verify_profile_and_level_selections
                 progress_bar.increment unless @opts[:quiet]
               rescue StandardError => e
                 raise "Failed to generate markdown for control #{control.id}. Original message: #{e.message}"
@@ -248,6 +248,8 @@ module AbideDevUtils
             @framework = framework
             @formatter = formatter.nil? ? TypeExprValueFormatter : formatter
             @opts = opts
+            @valid_level = []
+            @valid_profile = []
             @control_data = {}
           end
 
@@ -262,6 +264,43 @@ module AbideDevUtils
             resource_reference_builder
           end
 
+          # This function act as a filter for controls based on the profile and level selections.
+          # There are few scanarios that can happen:
+          # 1. If no selections are made for profile or level, then all profiles and levels of control will be selected.
+          # 2. If selections are made for profile, then only the selected profile and all levels of control will be selected.
+          # 3. If selections are made for level, then only the selected level and all profiles of control will be selected.
+          # This function adds in some runtime overhead because we're checking each control's level and profile which is
+          # what we're going to be doing later when building the level and profile markdown, but this is
+          # necessary to ensure that the reference.md is generated the way we want it to be.
+          def verify_profile_and_level_selections
+            return true if @opts[:select_profile].nil? && @opts[:select_level].nil?
+
+            if @opts[:select_profile].nil? && !@opts[:select_level].nil?
+              @control.levels.each do |level|
+                @valid_level << level if select_control_level(level)
+              end
+
+              return true unless @valid_level.empty?
+            elsif !@opts[:select_profile].nil? && @opts[:select_level].nil?
+              @control.profiles.each do |profile|
+                @valid_profile << profile if select_control_profile(profile)
+              end
+
+              return true unless @valid_profile.empty?
+            elsif !@opts[:select_profile].nil? && !@opts[:select_level].nil?
+              @control.levels.each do |level|
+                @valid_level << level if select_control_level(level)
+              end
+
+              @control.profiles.each do |profile|
+                @valid_profile << profile if select_control_profile(profile)
+              end
+
+              # As long as there are valid profiles and levels for the control at this stage, all is good
+              !@valid_level.empty? && !@valid_profile.empty?
+            end
+          end
+
           private
 
           def heading_builder
@@ -340,18 +379,36 @@ module AbideDevUtils
           def control_levels_builder
             return unless @control.levels
 
+            # @valid_level is populated in verify_profile_and_level_selections from the fact that we've given
+            # the generator a list of levels we want to use. If we didn't give it a list of levels, then we
+            # want to use all of the levels that the control supports from @control.
             @md.add_ul('Supported Levels:')
-            @control.levels.each do |l|
-              @md.add_ul(@md.code(l), indent: 1)
+            if @valid_level.empty?
+              @control.levels.each do |l|
+                @md.add_ul(@md.code(l), indent: 1)
+              end
+            else
+              @valid_level.each do |l|
+                @md.add_ul(@md.code(l), indent: 1)
+              end
             end
           end
 
           def control_profiles_builder
             return unless @control.profiles
 
+            # @valid_profile is populated in verify_profile_and_level_selections from the fact that we've given
+            # the generator a list of profiles we want to use. If we didn't give it a list of profiles, then we
+            # want to use all of the profiles that the control supports from @control.
             @md.add_ul('Supported Profiles:')
-            @control.profiles.each do |l|
-              @md.add_ul(@md.code(l), indent: 1)
+            if @valid_profile.empty?
+              @control.profiles.each do |l|
+                @md.add_ul(@md.code(l), indent: 1)
+              end
+            else
+              @valid_profile.each do |l|
+                @md.add_ul(@md.code(l), indent: 1)
+              end
             end
           end
 
@@ -364,6 +421,18 @@ module AbideDevUtils
             end
           end
 
+          # Function that returns true if the profile is in the list of profiles that we want to use.
+          # @param profile [String] the profile to filter
+          def select_control_profile(profile)
+            @opts[:select_profile].include? profile
+          end
+
+          # Function that returns true if the level is in the list of levels that we want to use.
+          # @param level [String] the level to filter
+          def select_control_level(level)
+            @opts[:select_level].include? level
+          end
+
           def dependent_controls_builder
             dep_ctrls = @control.resource.dependent_controls
             return if dep_ctrls.nil? || dep_ctrls.empty?

data/lib/abide_dev_utils/cli/cem.rb

@@ -4,7 +4,7 @@ require 'abide_dev_utils/cem'
 require 'abide_dev_utils/files'
 require 'abide_dev_utils/output'
 require 'abide_dev_utils/validate'
-require 'abide_dev_utils/xccdf/diff/benchmark'
+require 'abide_dev_utils/xccdf/diff'
 require 'abide_dev_utils/cli/abstract'
 
 module Abide
@@ -113,6 +113,12 @@ module Abide
         options.on('-s', '--strict', 'Fails if there are any errors') do
           @data[:strict] = true
         end
+        options.on('-p [PROFILE]', '--select-profile [PROFILE]', 'The list of profiles that the reference.md will use separated by commas') do |pr|
+          @data[:select_profile] = pr.split(',')
+        end
+        options.on('-l [LEVEL]', '--select-level [LEVEL]', 'The list of level that the reference.md will use separated by commas') do |l|
+          @data[:select_level] = l.split(',')
+        end
       end
 
       def execute
@@ -162,13 +168,14 @@ module Abide
       end
 
       def execute(config_file, cur_xccdf, new_xccdf)
-        AbideDevUtils::Validate.file(config_file, extension: 'yaml')
-        AbideDevUtils::Validate.file(cur_xccdf, extension: 'xml')
-        config_hiera = AbideDevUtils::Files::Reader.read(config_file, safe: true)
-        diff = AbideDevUtils::XCCDF::Diff::BenchmarkDiff.new(cur_xccdf, new_xccdf).diff[:diff][:number_title]
-        new_config_hiera, change_report = AbideDevUtils::CEM.update_legacy_config_from_diff(config_hiera, diff)
-        AbideDevUtils::Output.yaml(new_config_hiera, console: @data[:verbose], file: @data[:out_file])
-        AbideDevUtils::Output.simple(change_report) unless @data[:quiet]
+        warn 'This command is currently non-functional'
+        # AbideDevUtils::Validate.file(config_file, extension: 'yaml')
+        # AbideDevUtils::Validate.file(cur_xccdf, extension: 'xml')
+        # config_hiera = AbideDevUtils::Files::Reader.read(config_file, safe: true)
+        # diff = AbideDevUtils::XCCDF::Diff::BenchmarkDiff.new(cur_xccdf, new_xccdf).diff[:diff][:number_title]
+        # new_config_hiera, change_report = AbideDevUtils::CEM.update_legacy_config_from_diff(config_hiera, diff)
+        # AbideDevUtils::Output.yaml(new_config_hiera, console: @data[:verbose], file: @data[:out_file])
+        # AbideDevUtils::Output.simple(change_report) unless @data[:quiet]
       end
     end
 

data/lib/abide_dev_utils/cli/jira.rb

@@ -23,6 +23,7 @@ module Abide
         add_command(JiraNewIssueCommand.new)
         add_command(JiraFromCoverageCommand.new)
         add_command(JiraFromXccdfCommand.new)
+        add_command(JiraFromXccdfDiffCommand.new)
       end
     end
 
@@ -46,7 +47,7 @@ module Abide
     end
 
     class JiraGetIssueCommand < CmdParse::Command
-      CMD_NAME = 'get_issue'
+      CMD_NAME = 'get-issue'
       CMD_SHORT = 'Gets a specific issue'
       CMD_LONG = 'Returns JSON of a specific issue from key (<project>-<num>)'
       def initialize
@@ -67,7 +68,7 @@ module Abide
     end
 
     class JiraNewIssueCommand < CmdParse::Command
-      CMD_NAME = 'new_issue'
+      CMD_NAME = 'new-issue'
       CMD_SHORT = 'Creates a new issue in a project'
       CMD_LONG = 'Allows you to create a new issue in a project'
       def initialize
@@ -93,7 +94,7 @@ module Abide
     end
 
     class JiraFromCoverageCommand < CmdParse::Command
-      CMD_NAME = 'from_coverage'
+      CMD_NAME = 'from-coverage'
       CMD_SHORT = 'Creates a parent issue with subtasks from a coverage report'
       CMD_LONG = 'Creates a parent issue with subtasks for a benchmark and any uncovered controls'
       def initialize
@@ -116,7 +117,7 @@ module Abide
     end
 
     class JiraFromXccdfCommand < CmdParse::Command
-      CMD_NAME = 'from_xccdf'
+      CMD_NAME = 'from-xccdf'
       CMD_SHORT = 'Creates a parent issue with subtasks from a xccdf file'
       CMD_LONG = 'Creates a parent issue with subtasks for a benchmark and any uncovered controls'
       def initialize
@@ -136,5 +137,48 @@ module Abide
         JIRA.new_issues_from_xccdf(client, proj, path, epic: @data[:epic], dry_run: @data[:dry_run])
       end
     end
+
+    class JiraFromXccdfDiffCommand < CmdParse::Command
+      CMD_NAME = 'from-xccdf-diff'
+      CMD_SHORT = 'Creates an Epic with tasks from a xccdf diff'
+      CMD_LONG = 'Creates an Epic with tasks for changes in a diff of two XCCDF files'
+      def initialize
+        super(CMD_NAME, takes_commands: false)
+        short_desc(CMD_SHORT)
+        long_desc(CMD_LONG)
+        argument_desc(PATH1: 'An XCCDF file', PATH2: 'An XCCDF file', PROJECT: 'A Jira project')
+        options.on('-d', '--dry-run', 'Print to console instead of saving objects') { |_| @data[:dry_run] = true }
+        options.on('-y', '--yes', 'Automatically approve all yes / no prompts') { |_| @data[:auto_approve] = true }
+        options.on('-e [EPIC]', '--epic [EPIC]', 'If given, tasks will be created and assigned to this epic. Takes form <PROJECT>-<NUM>') { |e| @data[:epic] = e }
+        options.on('-p [PROFILE]', '--profile', 'Only diff rules belonging to the matching profile. Takes a string that is treated as RegExp') do |x|
+          @data[:diff_opts] ||= {}
+          @data[:diff_opts][:profile] = x
+        end
+        options.on('-l [LEVEL]', '--level', 'Only diff rules belonging to the matching level. Takes a string that is treated as RegExp') do |x|
+          @data[:diff_opts] ||= {}
+          @data[:diff_opts][:level] = x
+        end
+        options.on('-i [PROPS]', '--ignore-changed-properties', 'Ignore changes to specified properties. Takes a comma-separated list.') do |x|
+          @data[:diff_opts] ||= {}
+          @data[:diff_opts][:ignore_changed_properties] = x.split(',')
+        end
+      end
+
+      def execute(path1, path2, project)
+        Abide::CLI::VALIDATE.file(path1)
+        Abide::CLI::VALIDATE.file(path2)
+        @data[:dry_run] = false if @data[:dry_run].nil?
+        client = JIRA.client(options: {})
+        proj = JIRA.project(client, project)
+        JIRA.new_issues_from_xccdf_diff(client,
+                                        proj,
+                                        path1,
+                                        path2,
+                                        epic: @data[:epic],
+                                        dry_run: @data[:dry_run],
+                                        auto_approve: @data[:auto_approve],
+                                        diff_opts: @data[:diff_opts])
+      end
+    end
   end
 end

data/lib/abide_dev_utils/cli/xccdf.rb

@@ -104,27 +104,21 @@ module Abide
         super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
         argument_desc(FILE1: CMD_FILE1_ARG, FILE2: CMD_FILE2_ARG)
         options.on('-o [PATH]', '--out-file', 'Save the report as a yaml file') { |x| @data[:outfile] = x }
-        options.on('-p [PROFILE]', '--profile', 'Only diff and specific profile in the benchmarks') do |x|
+        options.on('-p [PROFILE]', '--profile', 'Only diff rules belonging to the matching profile. Takes a string that is treated as RegExp') do |x|
           @data[:profile] = x
         end
-        options.on('-l [LEVEL]', '--level', 'Only diff the specific level in the benchmarks') do |x|
+        options.on('-l [LEVEL]', '--level', 'Only diff rules belonging to the matching level. Takes a string that is treated as RegExp') do |x|
           @data[:level] = x
         end
-        options.on('-r', '--raw', 'Output the diff in raw hash format') { @data[:raw] = true }
+        options.on('-i [PROPS]', '--ignore-changed-properties', 'Ignore changes to specified properties. Takes a comma-separated list.') do |x|
+          @data[:ignore_changed_properties] = x.split(',')
+        end
+        options.on('-r', '--raw', 'Output the diff in raw format') { @data[:raw] = true }
         options.on('-q', '--quiet', 'Show no output in the terminal') { @data[:quiet] = false }
-        options.on('--no-diff-profiles', 'Do not diff the profiles in the XCCDF files') { @data[:diff_profiles] = false }
-        options.on('--no-diff-controls', 'Do not diff the controls in the XCCDF files') { @data[:diff_controls] = false }
-        options.on('--old-style', 'Use old-style diffs') { @data[:old_style] = true }
       end
 
       def execute(file1, file2)
-        diffreport = if @data[:old_style]
-                       AbideDevUtils::XCCDF.diff(file1, file2, @data)
-                     else
-                       dr = AbideDevUtils::XCCDF.new_style_diff(file1, file2, @data)
-                       dr[:diff][:number_title].map! { |d| d[:text] }
-                       dr
-                     end
+        diffreport = AbideDevUtils::XCCDF.diff(file1, file2, @data)
         AbideDevUtils::Output.yaml(diffreport, console: @data.fetch(:quiet, true), file: @data.fetch(:outfile, nil))
       end
     end

data/lib/abide_dev_utils/config.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'yaml'
+require_relative 'files'
 
 module AbideDevUtils
   module Config
@@ -9,15 +9,12 @@ module AbideDevUtils
     def self.to_h(path = DEFAULT_PATH)
       return {} unless File.file?(path)
 
-      h = YAML.safe_load(File.open(path), [Symbol])
+      h = AbideDevUtils::Files::Reader.read(path)
       h.transform_keys(&:to_sym)
     end
 
     def to_h(path = DEFAULT_PATH)
-      return {} unless File.file?(path)
-
-      h = YAML.safe_load(File.open(path), [Symbol])
-      h.transform_keys(&:to_sym)
+      self.class.to_h(path)
     end
 
     def self.config_section(section, path = DEFAULT_PATH)

data/lib/abide_dev_utils/files.rb

@@ -12,12 +12,7 @@ module AbideDevUtils
         extension = File.extname(path)
         case extension
         when /\.yaml|\.yml/
-          require 'yaml'
-          if safe
-            YAML.safe_load(File.read(path))
-          else
-            YAML.load_file(path)
-          end
+          read_yaml(path, safe: safe, opts: opts)
         when '.json'
           require 'json'
           return JSON.parse(File.read(path), opts) if safe
@@ -34,6 +29,21 @@ module AbideDevUtils
           File.read(path)
         end
       end
+
+      def self.read_yaml(path, safe: true, opts: { permitted_classes: [Symbol] })
+        permitted_classes = opts[:permitted_classes] || [Symbol]
+        if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.0.0')
+          require 'psych'
+          return Psych.safe_load_file(path, permitted_classes: permitted_classes) if safe
+
+          Psych.load_file(path)
+        else
+          require 'yaml'
+          return YAML.safe_load(File.read(path), permitted_classes) if safe
+
+          YAML.load(File.read(path)) # rubocop:disable Security/YAMLLoad
+        end
+      end
     end
 
     class Writer

data/lib/abide_dev_utils/jira.rb

@@ -11,6 +11,7 @@ module AbideDevUtils
     ERRORS = AbideDevUtils::Errors::Jira
     COV_PARENT_SUMMARY_PREFIX = '::BENCHMARK:: '
     COV_CHILD_SUMMARY_PREFIX = '::CONTROL:: '
+    UPD_EPIC_SUMMARY_PREFIX = '::BENCHMARK UPDATE::'
     PROGRESS_BAR_FORMAT = '%a %e %P% Created: %c of %C'
 
     def self.project(client, project)
@@ -58,7 +59,7 @@ module AbideDevUtils
       iss.save
     end
 
-    def self.new_issue(client, project, summary, labels: ['abide_dev_utils'], epic: nil, dry_run: false)
+    def self.new_issue(client, project, summary, description: nil, labels: ['abide_dev_utils'], epic: nil, dry_run: false)
       if dry_run
         sleep(0.2)
         return Dummy.new(summary)
@@ -69,6 +70,7 @@ module AbideDevUtils
       fields['reporter'] = myself(client)
       fields['issuetype'] = issuetype(client, 'Task')
       fields['priority'] = priority(client, '6')
+      fields['description'] = description if description
       fields['labels'] = labels
       epic = issue(client, epic) if epic && !epic.is_a?(JIRA::Resource::Issue)
       fields['customfield_10006'] = epic.key if epic # Epic_Link
@@ -227,6 +229,72 @@ module AbideDevUtils
       AbideDevUtils::Output.simple("#{dr_prefix(dry_run)}Done creating tasks in Epic '#{epic.summary}'")
     end
 
+    def self.new_issues_from_xccdf_diff(client, project, xccdf1_path, xccdf2_path, epic: nil, dry_run: false, auto_approve: false, diff_opts: {})
+      require 'abide_dev_utils/xccdf/diff'
+      diff = AbideDevUtils::XCCDF::Diff::BenchmarkDiff.new(xccdf1_path, xccdf2_path, diff_opts)
+      i_attrs = all_project_issues_attrs(project)
+      # We need to get the actual epic Issue object, or create it if it doesn't exist
+      epic = if epic.nil?
+               new_epic_summary = "#{UPD_EPIC_SUMMARY_PREFIX}#{diff.this.title}: v#{diff.this.version} -> #{diff.other.version}"
+               if summary_exist?(new_epic_summary, i_attrs)
+                 issue(client, new_epic_summary)
+               else
+                 unless AbideDevUtils::Prompt.yes_no("#{dr_prefix(dry_run)}Create new epic '#{new_epic_summary}'?", auto_approve: auto_approve)
+                   AbideDevUtils::Output.simple("#{dr_prefix(dry_run)}Aborting")
+                   exit(0)
+                 end
+                 new_epic(client, project.key, new_epic_summary, dry_run: dry_run)
+               end
+             else
+               issue(client, epic)
+             end
+      to_create = {}
+      diff.diff[:rules].each do |key, val|
+        next if val.empty?
+
+        val.each do |v|
+          case key
+          when :added
+            sum = "Add rule #{v[:number]} - #{v[:title]}"
+            sum = "#{sum[0..60]}..." if sum.length > 60
+            to_create[sum] = <<~DESC
+              Rule #{v[:number]} - #{v[:title]} is added with #{diff.other.title} #{diff.other.version}
+            DESC
+          when :removed
+            sum = "Remove rule #{v[:number]} - #{v[:title]}"
+            sum = "#{sum[0..60]}..." if sum.length > 60
+            to_create[sum] = <<~DESC
+              Rule #{v[:number]} - #{v[:title]} is removed from #{diff.this.title} #{diff.this.version}
+            DESC
+          else
+            sum = "Update rule \"#{v[:from]}\""
+            sum = "#{sum[0..60]}..." if sum.length > 60
+            to_create[sum] = <<~DESC
+              Rule #{v[:from]} is updated in #{diff.other.title} #{diff.other.version}:
+              #{v[:changes].collect { |k, v| "#{k}: #{v}" }.join("\n")}
+            DESC
+          end
+        end
+      end
+      approved_create = {}
+      to_create.each do |summary, description|
+        if AbideDevUtils::Prompt.yes_no("#{dr_prefix(dry_run)}Create new issue '#{summary}' with description:\n#{description}", auto_approve: auto_approve)
+          approved_create[summary] = description
+        end
+      end
+      AbideDevUtils::Output.simple("#{dr_prefix(dry_run)}Creating #{approved_create.keys.count} new Jira issues")
+      progress = AbideDevUtils::Output.progress(title: "#{dr_prefix(dry_run)}Creating issues",
+                                                total: approved_create.keys.count,
+                                                format: PROGRESS_BAR_FORMAT)
+      approved_create.each do |summary, description|
+        progress.log("#{dr_prefix(dry_run)}Creating #{summary}...")
+        new_issue(client, project.key, summary, description: description, labels: [], epic: epic, dry_run: dry_run)
+        progress.increment
+      end
+      progress.finish
+      AbideDevUtils::Output.simple("#{dr_prefix(dry_run)}Done creating tasks in Epic '#{epic.summary}'")
+    end
+
     def self.merge_options(options)
       config.merge(options)
     end

data/lib/abide_dev_utils/prompt.rb

@@ -4,7 +4,9 @@ require 'io/console'
 
 module AbideDevUtils
   module Prompt
-    def self.yes_no(msg)
+    def self.yes_no(msg, auto_approve: false)
+      return true if auto_approve
+
       print "#{msg} (Y/n): "
       return true if $stdin.cooked(&:gets).match?(/^[Yy].*/)
 

data/lib/abide_dev_utils/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AbideDevUtils
-  VERSION = "0.14.2"
+  VERSION = "0.16.0"
 end