abide_dev_utils 0.6.0 → 0.9.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +2 -2
- data/.rubocop.yml +1 -1
- data/CODEOWNERS +1 -0
- data/Gemfile.lock +273 -0
- data/abide_dev_utils.gemspec +7 -6
- data/lib/abide_dev_utils/cli/comply.rb +26 -7
- data/lib/abide_dev_utils/cli/puppet.rb +18 -0
- data/lib/abide_dev_utils/cli/xccdf.rb +77 -11
- data/lib/abide_dev_utils/comply.rb +240 -169
- data/lib/abide_dev_utils/errors/comply.rb +4 -0
- data/lib/abide_dev_utils/errors/general.rb +9 -0
- data/lib/abide_dev_utils/errors/xccdf.rb +12 -0
- data/lib/abide_dev_utils/gcloud.rb +2 -1
- data/lib/abide_dev_utils/output.rb +7 -3
- data/lib/abide_dev_utils/ppt/api.rb +219 -0
- data/lib/abide_dev_utils/ppt/score_module.rb +162 -0
- data/lib/abide_dev_utils/ppt.rb +22 -19
- data/lib/abide_dev_utils/validate.rb +5 -1
- data/lib/abide_dev_utils/version.rb +1 -1
- data/lib/abide_dev_utils/xccdf.rb +627 -11
- metadata +30 -16
- data/.dockerignore +0 -1
- data/Dockerfile +0 -23
- data/lib/abide_dev_utils/xccdf/cis/hiera.rb +0 -166
- data/lib/abide_dev_utils/xccdf/cis.rb +0 -3
- data/lib/abide_dev_utils/xccdf/utils.rb +0 -85
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: abide_dev_utils
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.9.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
7
|
+
- abide-team
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -108,6 +108,20 @@ dependencies:
|
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '1.34'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: hashdiff
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '1.0'
|
118
|
+
type: :runtime
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '1.0'
|
111
125
|
- !ruby/object:Gem::Dependency
|
112
126
|
name: bundler
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -290,22 +304,23 @@ dependencies:
|
|
290
304
|
- - "~>"
|
291
305
|
- !ruby/object:Gem::Version
|
292
306
|
version: '1.8'
|
293
|
-
description: Provides a CLI with helpful utilities for developing
|
307
|
+
description: Provides a CLI with helpful utilities for developing compliance Puppet
|
308
|
+
code
|
294
309
|
email:
|
295
|
-
-
|
310
|
+
- abide-team@puppet.com
|
296
311
|
executables:
|
297
312
|
- abide
|
298
313
|
extensions: []
|
299
314
|
extra_rdoc_files: []
|
300
315
|
files:
|
301
|
-
- ".dockerignore"
|
302
316
|
- ".gitignore"
|
303
317
|
- ".rspec"
|
304
318
|
- ".rubocop.yml"
|
305
319
|
- ".rubocop_todo.yml"
|
306
320
|
- CHANGELOG.md
|
307
|
-
-
|
321
|
+
- CODEOWNERS
|
308
322
|
- Gemfile
|
323
|
+
- Gemfile.lock
|
309
324
|
- LICENSE.txt
|
310
325
|
- README.md
|
311
326
|
- Rakefile
|
@@ -339,24 +354,23 @@ files:
|
|
339
354
|
- lib/abide_dev_utils/mixins.rb
|
340
355
|
- lib/abide_dev_utils/output.rb
|
341
356
|
- lib/abide_dev_utils/ppt.rb
|
357
|
+
- lib/abide_dev_utils/ppt/api.rb
|
342
358
|
- lib/abide_dev_utils/ppt/class_utils.rb
|
343
359
|
- lib/abide_dev_utils/ppt/coverage.rb
|
344
360
|
- lib/abide_dev_utils/ppt/new_obj.rb
|
361
|
+
- lib/abide_dev_utils/ppt/score_module.rb
|
345
362
|
- lib/abide_dev_utils/prompt.rb
|
346
363
|
- lib/abide_dev_utils/resources/generic_spec.erb
|
347
364
|
- lib/abide_dev_utils/validate.rb
|
348
365
|
- lib/abide_dev_utils/version.rb
|
349
366
|
- lib/abide_dev_utils/xccdf.rb
|
350
|
-
|
351
|
-
- lib/abide_dev_utils/xccdf/cis/hiera.rb
|
352
|
-
- lib/abide_dev_utils/xccdf/utils.rb
|
353
|
-
homepage: https://github.com/hsnodgrass/abide_dev_utils
|
367
|
+
homepage: https://github.com/puppetlabs/abide_dev_utils
|
354
368
|
licenses:
|
355
369
|
- MIT
|
356
370
|
metadata:
|
357
|
-
homepage_uri: https://github.com/
|
358
|
-
source_code_uri: https://github.com/
|
359
|
-
changelog_uri: https://github.com/
|
371
|
+
homepage_uri: https://github.com/puppetlabs/abide_dev_utils
|
372
|
+
source_code_uri: https://github.com/puppetlabs/abide_dev_utils
|
373
|
+
changelog_uri: https://github.com/puppetlabs/abide_dev_utils
|
360
374
|
post_install_message:
|
361
375
|
rdoc_options: []
|
362
376
|
require_paths:
|
@@ -365,7 +379,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
365
379
|
requirements:
|
366
380
|
- - ">="
|
367
381
|
- !ruby/object:Gem::Version
|
368
|
-
version: 2.
|
382
|
+
version: 2.7.0
|
369
383
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
370
384
|
requirements:
|
371
385
|
- - ">="
|
@@ -375,5 +389,5 @@ requirements: []
|
|
375
389
|
rubygems_version: 3.1.4
|
376
390
|
signing_key:
|
377
391
|
specification_version: 4
|
378
|
-
summary: Helper utilities for developing
|
392
|
+
summary: Helper utilities for developing compliance Puppet code
|
379
393
|
test_files: []
|
data/.dockerignore
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
Gemfile.lock
|
data/Dockerfile
DELETED
@@ -1,23 +0,0 @@
|
|
1
|
-
FROM ruby:2.7.3-alpine
|
2
|
-
|
3
|
-
ARG version
|
4
|
-
|
5
|
-
RUN mkdir /extvol && \
|
6
|
-
apk update && \
|
7
|
-
apk add git build-base
|
8
|
-
|
9
|
-
VOLUME /extvol
|
10
|
-
|
11
|
-
WORKDIR /usr/src/app
|
12
|
-
|
13
|
-
RUN mkdir -p ./lib/abide_dev_utils/
|
14
|
-
COPY Gemfile abide_dev_utils.gemspec ./
|
15
|
-
COPY lib/abide_dev_utils/version.rb lib/abide_dev_utils
|
16
|
-
RUN bundle install
|
17
|
-
|
18
|
-
COPY . .
|
19
|
-
|
20
|
-
RUN bundle exec rake build && \
|
21
|
-
gem install pkg/abide_dev_utils-${version}.gem
|
22
|
-
|
23
|
-
ENTRYPOINT [ "abide" ]
|
@@ -1,166 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'yaml'
|
4
|
-
require 'nokogiri'
|
5
|
-
require 'abide_dev_utils/errors'
|
6
|
-
require 'abide_dev_utils/xccdf/utils'
|
7
|
-
|
8
|
-
module AbideDevUtils
|
9
|
-
module XCCDF
|
10
|
-
module CIS
|
11
|
-
# Creates a Hiera structure by parsing a CIS XCCDF benchmark
|
12
|
-
# @!attribute [r] title
|
13
|
-
# @!attribute [r] version
|
14
|
-
# @!attribute [r] yaml_title
|
15
|
-
class Hiera
|
16
|
-
include AbideDevUtils::XCCDF::Utils
|
17
|
-
|
18
|
-
# CONTROL_PREFIX = /^[\d.]+_/.freeze
|
19
|
-
# UNDERSCORED = /(\s|\(|\)|-|\.)/.freeze
|
20
|
-
# XPATHS = {
|
21
|
-
# benchmark: {
|
22
|
-
# all: 'xccdf:Benchmark',
|
23
|
-
# title: 'xccdf:Benchmark/xccdf:title',
|
24
|
-
# version: 'xccdf:Benchmark/xccdf:version'
|
25
|
-
# },
|
26
|
-
# profiles: {
|
27
|
-
# all: 'xccdf:Benchmark/xccdf:Profile',
|
28
|
-
# relative_title: './xccdf:title',
|
29
|
-
# relative_select: './xccdf:select'
|
30
|
-
# }
|
31
|
-
# }.freeze
|
32
|
-
# NEXT_GEN_WINDOWS = /(next_generation_windows_security)/.freeze
|
33
|
-
|
34
|
-
attr_reader :title, :version
|
35
|
-
|
36
|
-
# Creates a new Hiera object
|
37
|
-
# @param xccdf_file [String] path to an XCCDF file
|
38
|
-
# @param parent_key_prefix [String] a string to be prepended to the
|
39
|
-
# top-level key in the Hiera structure. Useful for namespacing
|
40
|
-
# the top-level key.
|
41
|
-
def initialize(xccdf_file, parent_key_prefix: nil, num: false)
|
42
|
-
@doc = parse(xccdf_file)
|
43
|
-
@title = xpath(CIS_XPATHS[:benchmark][:title]).children.to_s
|
44
|
-
@version = xpath(CIS_XPATHS[:benchmark][:version]).children.to_s
|
45
|
-
@profiles = xpath(CIS_XPATHS[:profiles][:all])
|
46
|
-
@parent_key = make_parent_key(@doc, parent_key_prefix)
|
47
|
-
@hash = make_hash(@doc, number_format: num)
|
48
|
-
end
|
49
|
-
|
50
|
-
def yaml_title
|
51
|
-
normalize_string(@title)
|
52
|
-
end
|
53
|
-
|
54
|
-
# Convert the Hiera object to a hash
|
55
|
-
# @return [Hash]
|
56
|
-
def to_h
|
57
|
-
@hash
|
58
|
-
end
|
59
|
-
|
60
|
-
# Convert the Hiera object to a string
|
61
|
-
# @return [String]
|
62
|
-
def to_s
|
63
|
-
@hash.inspect
|
64
|
-
end
|
65
|
-
|
66
|
-
# Convert the Hiera object to YAML string
|
67
|
-
# @return [String] YAML-formatted string
|
68
|
-
def to_yaml
|
69
|
-
yh = @hash.transform_keys do |k|
|
70
|
-
[@parent_key, k].join('::').strip
|
71
|
-
end
|
72
|
-
yh.to_yaml
|
73
|
-
end
|
74
|
-
|
75
|
-
# If a method gets called on the Hiera object which is not defined,
|
76
|
-
# this sends that method call to hash, then doc, then super.
|
77
|
-
def method_missing(method, *args, &block)
|
78
|
-
return true if ['exist?', 'exists?'].include?(method.to_s)
|
79
|
-
|
80
|
-
return @hash.send(method, *args, &block) if @hash.respond_to?(method)
|
81
|
-
|
82
|
-
return @doc.send(method, *args, &block) if @doc.respond_to?(method)
|
83
|
-
|
84
|
-
super(method, *args, &block)
|
85
|
-
end
|
86
|
-
|
87
|
-
# Checks the respond_to? of hash, doc, or super
|
88
|
-
def respond_to_missing?(method_name, include_private = false)
|
89
|
-
return true if ['exist?', 'exists?'].include?(method_name.to_s)
|
90
|
-
|
91
|
-
@hash || @doc || super
|
92
|
-
end
|
93
|
-
|
94
|
-
private
|
95
|
-
|
96
|
-
attr_accessor :doc, :hash, :parent_key, :profiles
|
97
|
-
|
98
|
-
# # Accepts a path to an xccdf xml file and returns a parsed Nokogiri object of the file
|
99
|
-
# # @param xccdf_file [String] path to an xccdf xml file
|
100
|
-
# # @return [Nokogiri::Node] A Nokogiri node object of the XML document
|
101
|
-
# def parse(xccdf_file)
|
102
|
-
# raise AbideDevUtils::Errors::FileNotFoundError, xccdf_file unless File.file?(xccdf_file)
|
103
|
-
|
104
|
-
# Nokogiri.XML(File.open(xccdf_file))
|
105
|
-
# end
|
106
|
-
|
107
|
-
def make_hash(doc, number_format: false)
|
108
|
-
hash = { 'title' => @title, 'version' => @version }
|
109
|
-
profiles = doc.xpath('xccdf:Benchmark/xccdf:Profile')
|
110
|
-
profiles.each do |p|
|
111
|
-
title = normalize_profile_name(p.xpath('./xccdf:title').children.to_s)
|
112
|
-
hash[title.to_s] = []
|
113
|
-
selects = p.xpath('./xccdf:select')
|
114
|
-
selects.each do |s|
|
115
|
-
hash[title.to_s] << normalize_control_name(s['idref'].to_s, number_format: number_format)
|
116
|
-
end
|
117
|
-
end
|
118
|
-
hash
|
119
|
-
end
|
120
|
-
|
121
|
-
# def normalize_str(str)
|
122
|
-
# nstr = str.downcase
|
123
|
-
# nstr.gsub!(/[^a-z0-9]$/, '')
|
124
|
-
# nstr.gsub!(/^[^a-z]/, '')
|
125
|
-
# nstr.gsub!(/^(l1_|l2_|ng_)/, '')
|
126
|
-
# nstr.delete!('(/|\\|\+)')
|
127
|
-
# nstr.gsub!(UNDERSCORED, '_')
|
128
|
-
# nstr.strip!
|
129
|
-
# nstr
|
130
|
-
# end
|
131
|
-
|
132
|
-
# def normalize_profile_name(prof)
|
133
|
-
# prof_name = normalize_str("profile_#{prof}")
|
134
|
-
# prof_name.gsub!(NEXT_GEN_WINDOWS, 'ngws')
|
135
|
-
# prof_name.strip!
|
136
|
-
# prof_name
|
137
|
-
# end
|
138
|
-
|
139
|
-
# def normalize_ctrl_name(ctrl, num)
|
140
|
-
# return num_normalize_ctrl(ctrl) if num
|
141
|
-
|
142
|
-
# name_normalize_ctrl(ctrl)
|
143
|
-
# end
|
144
|
-
|
145
|
-
# def name_normalize_ctrl(ctrl)
|
146
|
-
# new_ctrl = ctrl.split('benchmarks_rule_')[-1].gsub(CONTROL_PREFIX, '')
|
147
|
-
# normalize_str(new_ctrl)
|
148
|
-
# end
|
149
|
-
|
150
|
-
# def num_normalize_ctrl(ctrl)
|
151
|
-
# part = ctrl.split('benchmarks_rule_')[-1]
|
152
|
-
# numpart = CONTROL_PREFIX.match(part).to_s.chop.gsub(UNDERSCORED, '_')
|
153
|
-
# "c#{numpart}"
|
154
|
-
# end
|
155
|
-
|
156
|
-
def make_parent_key(doc, prefix)
|
157
|
-
doc_title = normalize_string(doc.xpath(CIS_XPATHS[:benchmark][:title]).children.to_s)
|
158
|
-
return doc_title if prefix.nil?
|
159
|
-
|
160
|
-
sepped_prefix = prefix.end_with?('::') ? prefix : "#{prefix}::"
|
161
|
-
"#{sepped_prefix.chomp}#{doc_title}"
|
162
|
-
end
|
163
|
-
end
|
164
|
-
end
|
165
|
-
end
|
166
|
-
end
|
@@ -1,85 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'nokogiri'
|
4
|
-
require 'abide_dev_utils/validate'
|
5
|
-
require 'pry'
|
6
|
-
|
7
|
-
module AbideDevUtils
|
8
|
-
module XCCDF
|
9
|
-
module Utils
|
10
|
-
CONTROL_PREFIX = /^[\d.]+_/.freeze
|
11
|
-
UNDERSCORED = /(\s|\(|\)|-|\.)/.freeze
|
12
|
-
CIS_NEXT_GEN_WINDOWS = /(next_generation_windows_security)/.freeze
|
13
|
-
CIS_XPATHS = {
|
14
|
-
benchmark: {
|
15
|
-
all: 'xccdf:Benchmark',
|
16
|
-
title: 'xccdf:Benchmark/xccdf:title',
|
17
|
-
version: 'xccdf:Benchmark/xccdf:version'
|
18
|
-
},
|
19
|
-
profiles: {
|
20
|
-
all: 'xccdf:Benchmark/xccdf:Profile',
|
21
|
-
relative_title: './xccdf:title',
|
22
|
-
relative_select: './xccdf:select'
|
23
|
-
}
|
24
|
-
}.freeze
|
25
|
-
|
26
|
-
def parse(xccdf_file)
|
27
|
-
AbideDevUtils::Validate.file(xccdf_file)
|
28
|
-
File.open(xccdf_file) { |f| Nokogiri::XML(f) }
|
29
|
-
end
|
30
|
-
|
31
|
-
def normalize_string(str)
|
32
|
-
nstr = str.downcase
|
33
|
-
nstr.gsub!(/[^a-z0-9]$/, '')
|
34
|
-
nstr.gsub!(/^[^a-z]/, '')
|
35
|
-
nstr.gsub!(/^(l1_|l2_|ng_)/, '')
|
36
|
-
nstr.delete!('(/|\\|\+)')
|
37
|
-
nstr.gsub!(UNDERSCORED, '_')
|
38
|
-
nstr.strip!
|
39
|
-
nstr
|
40
|
-
end
|
41
|
-
|
42
|
-
def normalize_profile_name(prof)
|
43
|
-
prof_name = normalize_string("profile_#{prof}")
|
44
|
-
prof_name.gsub!(NEXT_GEN_WINDOWS, 'ngws')
|
45
|
-
prof_name.strip!
|
46
|
-
prof_name
|
47
|
-
end
|
48
|
-
|
49
|
-
def normalize_control_name(control, number_format: false)
|
50
|
-
return number_normalize_control(control) if number_format
|
51
|
-
|
52
|
-
name_normalize_control(control)
|
53
|
-
end
|
54
|
-
|
55
|
-
def name_normalize_control(control)
|
56
|
-
new_ctrl = control.split('benchmarks_rule_')[-1].gsub(CONTROL_PREFIX, '')
|
57
|
-
normalize_string(new_ctrl)
|
58
|
-
end
|
59
|
-
|
60
|
-
def number_normalize_control(control)
|
61
|
-
part = control.split('benchmarks_rule_')[-1]
|
62
|
-
numpart = CONTROL_PREFIX.match(part).to_s.chop.gsub(UNDERSCORED, '_')
|
63
|
-
"c#{numpart}"
|
64
|
-
end
|
65
|
-
|
66
|
-
def text_normalize_control(control)
|
67
|
-
control = control['idref'].to_s unless control.respond_to?(:split)
|
68
|
-
|
69
|
-
control.split('benchmarks_rule_')[-1].tr('_', ' ')
|
70
|
-
end
|
71
|
-
|
72
|
-
def all_cis_recommendations(parsed_xccdf)
|
73
|
-
parsed_xccdf.xpath('//xccdf:select').uniq
|
74
|
-
end
|
75
|
-
|
76
|
-
def find_cis_recommendation(name, recommendations, number_format: false)
|
77
|
-
recommendations.each do |reco|
|
78
|
-
if normalize_control_name(reco['idref'].to_s, number_format: number_format) == name
|
79
|
-
return text_normalize_control(reco['idref'].to_s)
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|
85
|
-
end
|