abide_dev_utils 0.18.2 → 0.18.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b4687964cd4b5d202b892c1fbcbc26bae0a4b7ca50892510e66aa1e2ba0a99bb
-  data.tar.gz: e13bbfac5991052c33a8626eed6354454522a5bb3d9211a2d387aa1a5890f191
+  metadata.gz: 78c9c17693c37ea1fef9d03a39f7694a033a985c162e3c2df82ac3305491e747
+  data.tar.gz: f207165591c42fc17694f792ec17f0ce8e6bf502e14f326135a0bfb02a42a521
 SHA512:
-  metadata.gz: 87c903786292eb538ae1e210734fa539b6b551d2cb5d29886175c234e196d29f9cce8627b08e72dedf661945bc8796980c5da5d737a63acfac8216265a7d06a5
-  data.tar.gz: f8ba2cdcb7f2074990563c2791d82d51bd171142446410f5700a7c64bcb36c761034b2bb1a2324b756a66563bc8c18ab949d7fc3454a08cee44e74d9306d3743
+  metadata.gz: '0210948da62d9eecf039617acef3be3fe21143eacd0aa4593ec9d1f3fdfde7ca5d0cc0ef15d60e9dad12432ab170e010e6c28b54f31ca3fa8442820ce64b9cd9'
+  data.tar.gz: c332682a7c2a918ade7f6c8a84f9cb90ebd0d4ab5197f79b9a645db0b5610a37205f7b29797d039e58a27802909ab79303d755ea273d5407e7e77169c2cbe512

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    abide_dev_utils (0.18.2)
+    abide_dev_utils (0.18.3)
       cmdparse (~> 3.0)
       facterdb (~> 2.1.0)
       google-cloud-storage (~> 1.34)
@@ -208,8 +208,8 @@ GEM
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
+    rexml (3.3.6)
+      strscan
     rgen (0.9.1)
     rspec (3.11.0)
       rspec-core (~> 3.11.0)

data/lib/abide_dev_utils/cli/sce.rb

@@ -54,12 +54,8 @@ module Abide
         options.on('-L [LEVEL]', '--level [LEVEL]', 'Specify the level to show coverage for') do |l|
           @data[:level] = l
         end
-        options.on('-I', '--ignore-benchmark-errors', 'Ignores errors while generating benchmark reports') do
-          @data[:ignore_all] = true
-        end
-        options.on('-X [XCCDF_DIR]', '--xccdf-dir [XCCDF_DIR]',
-                   'If specified, the coverage report will be correlated with info from the benchmark XCCDF files') do |d|
-          @data[:xccdf_dir] = d
+        options.on('-I', '--no-ignore-benchmark-errors', 'Does not ignore errors while generating benchmark reports') do
+          @data[:ignore_benchmark_errors] = false
         end
         options.on('-v', '--verbose', 'Will output the report to the console') { @data[:verbose] = true }
         options.on('-q', '--quiet', 'Will not output anything to the console') { @data[:quiet] = true }
@@ -70,15 +66,17 @@ module Abide
         out_format = @data.fetch(:format, 'yaml')
         quiet = @data.fetch(:quiet, false)
         console = @data.fetch(:verbose, false) && !quiet
+        ignore = @data.fetch(:ignore_benchmark_errors, true)
         generate_opts = {
           benchmark: @data[:benchmark],
           profile: @data[:profile],
           level: @data[:level],
-          ignore_benchmark_errors: @data.fetch(:ignore_all, false),
-          xccdf_dir: @data[:xccdf_dir]
+          ignore_benchmark_errors: ignore
         }
         AbideDevUtils::Output.simple('Generating coverage report...') unless quiet
         coverage = AbideDevUtils::Sce::Generate::CoverageReport.generate(format_func: :to_h, opts: generate_opts)
+        raise 'No coverage data found' if coverage.empty?
+
         AbideDevUtils::Output.simple("Saving coverage report to #{file_name}...")
         case out_format
         when /yaml/i

data/lib/abide_dev_utils/sce/generate/coverage_report.rb

@@ -14,24 +14,36 @@ module AbideDevUtils
       # Methods and objects used to construct a report of what SCE enforces versus what
       # the various compliance frameworks expect to be enforced.
       module CoverageReport
+        # Generate a coverage report for a Puppet module
+        # @param format_func [Symbol] the format function to use
+        # @param opts [Hash] options for generating the report
+        # @option opts [String] :benchmark the benchmark to generate the report for
+        # @option opts [String] :profile the profile to generate the report for
+        # @option opts [String] :level the level to generate the report for
+        # @option opts [Symbol] :format_func the format function to use
+        # @option opts [Boolean] :ignore_benchmark_errors ignore all errors when loading benchmarks
         def self.generate(format_func: :to_h, opts: {})
           opts = ReportOptions.new(opts)
           benchmarks = AbideDevUtils::Sce::BenchmarkLoader.benchmarks_from_puppet_module(
-            ignore_all_errors: opts.ignore_all_errors
+            ignore_all_errors: opts.ignore_benchmark_errors
           )
-          benchmarks.map do |b|
+          benchmarks.filter_map do |b|
+            next if opts.benchmark && !Regexp.new(Regexp.escape(opts.benchmark)).match?(b.title_key)
+            next if opts.profile && b.mapper.profiles.none?(opts.profile)
+            next if opts.level && b.mapper.levels.none?(opts.level)
+
             BenchmarkReport.new(b, opts).run.send(format_func)
           end
         end
 
+        # Holds options for generating a report
         class ReportOptions
           DEFAULTS = {
             benchmark: nil,
             profile: nil,
             level: nil,
             format_func: :to_h,
-            ignore_all_errors: false,
-            xccdf_dir: nil
+            ignore_benchmark_errors: false
           }.freeze
 
           attr_reader(*DEFAULTS.keys)
@@ -44,7 +56,7 @@ module AbideDevUtils
           end
 
           def report_type
-            @report_type ||= (xccdf_dir.nil? ? :basic_coverage : :correlated_coverage)
+            :basic_coverage
           end
         end
 
@@ -150,94 +162,17 @@ module AbideDevUtils
           end
         end
 
-        class OldReport
-          def initialize(benchmarks)
-            @benchmarks = benchmarks
-          end
-
-          def self.generate
-            coverage = {}
-            coverage['classes'] = {}
-            all_cap = ClassUtils.find_all_classes_and_paths(puppet_class_dir)
-            invalid_classes = find_invalid_classes(all_cap)
-            valid_classes = find_valid_classes(all_cap, invalid_classes)
-            coverage['classes']['invalid'] = invalid_classes
-            coverage['classes']['valid'] = valid_classes
-            hiera = YAML.safe_load(File.open(hiera_path))
-            profile&.gsub!(/^profile_/, '') unless profile.nil?
-
-            matcher = profile.nil? ? /^profile_/ : /^profile_#{profile}/
-            hiera.each do |k, v|
-              key_base = k.split('::')[-1]
-              coverage['benchmark'] = v if key_base == 'title'
-              next unless key_base.match?(matcher)
-
-              coverage[key_base] = generate_uncovered_data(v, valid_classes)
-            end
-            coverage
-          end
-
-          def self.generate_uncovered_data(ctrl_list, valid_classes)
-            out_hash = {}
-            out_hash[:num_total] = ctrl_list.length
-            out_hash[:uncovered] = []
-            out_hash[:covered] = []
-            ctrl_list.each do |c|
-              if valid_classes.include?(c)
-                out_hash[:covered] << c
-              else
-                out_hash[:uncovered] << c
-              end
-            end
-            out_hash[:num_covered] = out_hash[:covered].length
-            out_hash[:num_uncovered] = out_hash[:uncovered].length
-            out_hash[:coverage] = Float(
-              (Float(out_hash[:num_covered]) / Float(out_hash[:num_total])) * 100.0
-            ).floor(3)
-            out_hash
-          end
-
-          def self.find_valid_classes(all_cap, invalid_classes)
-            all_classes = all_cap.dup.transpose[0]
-            return [] if all_classes.nil?
-
-            return all_classes - invalid_classes unless invalid_classes.nil?
-
-            all_classes
-          end
-
-          def self.find_invalid_classes(all_cap)
-            invalid_classes = []
-            all_cap.each do |cap|
-              invalid_classes << cap[0] unless class_valid?(cap[1])
-            end
-            invalid_classes
-          end
-
-          def self.class_valid?(manifest_path)
-            compiler = Puppet::Pal::Compiler.new(nil)
-            ast = compiler.parse_file(manifest_path)
-            ast.body.body.statements.each do |s|
-              next unless s.respond_to?(:arguments)
-              next unless s.arguments.respond_to?(:each)
-
-              s.arguments.each do |i|
-                return false if i.value == 'Not implemented'
-              end
-            end
-            true
-          end
-        end
-
         # Class manages organizing report data into various output formats
         class ReportOutput
           attr_reader :controls_in_resource_data, :rules_in_map, :timestamp,
                       :title
 
-          def initialize(benchmark, controls_in_resource_data, rules_in_map)
+          def initialize(benchmark, controls_in_resource_data, rules_in_map, profile: nil, level: nil)
             @benchmark = benchmark
             @controls_in_resource_data = controls_in_resource_data
             @rules_in_map = rules_in_map
+            @profile = profile
+            @level = level
             @timestamp = DateTime.now.iso8601
             @title = "Coverage Report for #{@benchmark.title_key}"
           end
@@ -287,7 +222,9 @@ module AbideDevUtils
             {
               title: @benchmark.title,
               version: @benchmark.version,
-              framework: @benchmark.framework
+              framework: @benchmark.framework,
+              profile: @profile || 'all',
+              level: @level || 'all'
             }
           end
 
@@ -310,6 +247,8 @@ module AbideDevUtils
           def initialize(benchmark, opts = ReportOptions.new)
             @benchmark = benchmark
             @opts = opts
+            @special_control_names = %w[sce_options sce_protected]
+            @stig_map_types = %w[vulnid ruleid]
           end
 
           def run
@@ -327,7 +266,7 @@ module AbideDevUtils
           def basic_coverage(level: @opts.level, profile: @opts.profile)
             map_type = @benchmark.map_type(controls_in_resource_data[0])
             rules_in_map = @benchmark.rules_in_map(map_type, level: level, profile: profile)
-            ReportOutput.new(@benchmark, controls_in_resource_data, rules_in_map)
+            ReportOutput.new(@benchmark, controls_in_resource_data, rules_in_map, profile: profile, level: level)
           end
 
           # def correlated_coverage(level: @opts.level, profile: @opts.profile)
@@ -348,35 +287,19 @@ module AbideDevUtils
                      end
             end
             controls.flatten.uniq.select do |c|
-              case @benchmark.framework
-              when 'cis'
-                @benchmark.map_type(c) != 'vulnid'
-              when 'stig'
-                @benchmark.map_type(c) == 'vulnid'
+              if @special_control_names.include? c
+                false
               else
-                raise "Cannot find controls for framework #{@benchmark.framework}"
-              end
-            end
-          end
-
-          def find_controls_in_mapping_data
-            controls = @benchmark.map_data[0].each_with_object([]) do |(_, mapping), arr|
-              mapping.each do |level, profs|
-                next if level == 'benchmark'
-
-                profs.each do |_, ctrls|
-                  arr << ctrls.keys
-                  arr << ctrls.values
+                case @benchmark.framework
+                when 'cis'
+                  @stig_map_types.none? @benchmark.map_type(c)
+                when 'stig'
+                  @stig_map_types.include? @benchmark.map_type(c)
+                else
+                  raise "Cannot find controls for framework #{@benchmark.framework}"
                 end
               end
             end
-            controls.flatten.uniq
-          end
-        end
-
-        class ReportOutputCorrelation
-          def initialize(cov_rep)
-            @cov_rep = cov_rep
           end
         end
       end

data/lib/abide_dev_utils/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AbideDevUtils
-  VERSION = "0.18.2"
+  VERSION = "0.18.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: abide_dev_utils
 version: !ruby/object:Gem::Version
-  version: 0.18.2
+  version: 0.18.3
 platform: ruby
 authors:
 - abide-team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-06-24 00:00:00.000000000 Z
+date: 2024-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -486,7 +486,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.19
+rubygems_version: 3.5.18
 signing_key:
 specification_version: 4
 summary: Helper utilities for developing compliance Puppet code