abide_dev_utils 0.9.5 → 0.10.1

data/lib/abide_dev_utils/xccdf/parser.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'abide_dev_utils/files'
+require 'abide_dev_utils/xccdf/parser/objects'
+
+module AbideDevUtils
+  module XCCDF
+    # Contains methods and classes for parsing XCCDF files,
+    module Parser
+      def self.parse(file_path)
+        doc = AbideDevUtils::Files::Reader.read(file_path)
+        benchmark = AbideDevUtils::XCCDF::Parser::Objects::Benchmark.new(doc)
+        Linker.resolve_links(benchmark)
+        benchmark
+      end
+
+      # Links XCCDF objects by reference.
+      # Each link is resolved and then a bidirectional link is established
+      # between the two objects.
+      module Linker
+        def self.resolve_links(benchmark)
+          link_profile_rules(benchmark)
+          link_rule_values(benchmark)
+        end
+
+        def self.link_profile_rules(benchmark)
+          rules = benchmark.find_children_by_class(AbideDevUtils::XCCDF::Parser::Objects::Rule, recurse: true)
+          benchmark.profile.each do |profile|
+            profile.xccdf_select.each do |sel|
+              rules.select { |rule| rule.id == sel.idref }.each do |rule|
+                rule.add_link(profile)
+                profile.add_link(rule)
+              end
+            end
+          end
+        end
+
+        def self.link_rule_values(benchmark)
+          rules = benchmark.find_children_by_class(AbideDevUtils::XCCDF::Parser::Objects::Rule, recurse: true)
+          benchmark.value.each do |value|
+            rules.each do |rule|
+              unless rule.find_children_by_attribute_value('value-id', value.id, recurse: true).empty?
+                rule.add_link(value)
+                value.add_link(rule)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/abide_dev_utils/xccdf.rb

@@ -34,21 +34,17 @@ module AbideDevUtils
 
     # Diffs two xccdf files
     def self.diff(file1, file2, opts)
+      require 'abide_dev_utils/xccdf/diff'
       bm1 = Benchmark.new(file1)
       bm2 = Benchmark.new(file2)
-      profile = opts.fetch(:profile, nil)
-      profile_diff = if profile.nil?
-                       bm1.diff_profiles(bm2).each do |_, v|
-                         v.transform_values! { |x| x.map!(&:to_s) }
-                       end
-                     else
-                       bm1.diff_profiles(bm2)[profile].transform_values! { |x| x.map!(&:to_s) }
-                     end
-      profile_key = profile.nil? ? 'all_profiles' : profile
-      {
-        'benchmark' => bm1.diff_title_version(bm2),
-        profile_key => profile_diff
-      }
+      AbideDevUtils::XCCDF::Diff.diff_benchmarks(bm1, bm2, opts)
+    end
+
+    # Use new-style diff
+    def self.new_style_diff(file1, file2, opts)
+      require 'abide_dev_utils/xccdf/diff/benchmark'
+      bm_diff = AbideDevUtils::XCCDF::Diff::BenchmarkDiff.new(file1, file2, opts)
+      bm_diff.diff
     end
 
     # Common constants and methods included by nearly everything else
@@ -164,25 +160,6 @@ module AbideDevUtils
         diff_properties.map { |x| send(x) } == other.diff_properties.map { |x| other.send(x) }
       end
 
-      def default_diff_opts
-        {
-          similarity: 1,
-          strict: true,
-          strip: true,
-          array_path: true,
-          delimiter: '//',
-          use_lcs: false
-        }
-      end
-
-      def diff(other, **opts)
-        Hashdiff.diff(
-          to_h,
-          other.to_h,
-          default_diff_opts.merge(opts)
-        )
-      end
-
       def abide_object?
         true
       end
@@ -231,9 +208,12 @@ module AbideDevUtils
         profiles.select { |x| x.title == profile_title }.controls
       end
 
-      def gen_map(dir: nil, type: 'CIS', parent_key_prefix: '', **_)
+      def gen_map(dir: nil, type: 'cis', parent_key_prefix: '', version_output_dir: false, **_)
         os, ver = facter_platform
-        mapping_dir = dir ? File.expand_path(File.join(dir, type, os, ver)) : ''
+        output_path = [type, os, ver]
+        output_path.unshift(File.expand_path(dir)) if dir
+        output_path << version if version_output_dir
+        mapping_dir = File.expand_path(File.join(output_path))
         parent_key_prefix = '' if parent_key_prefix.nil?
         MAP_INDICES.each_with_object({}) do |idx, h|
           map_file_path = "#{mapping_dir}/#{idx}.yaml"
@@ -257,33 +237,6 @@ module AbideDevUtils
         }
       end
 
-      def diff_title_version(other)
-        Hashdiff.diff(
-          to_h.reject { |k, _| k.to_s == 'profiles' },
-          other.to_h.reject { |k, _| k.to_s == 'profiles' },
-          default_diff_opts
-        )
-      end
-
-      def diff_profiles(other)
-        this_diff = {}
-        other_hash = other.to_h[:profiles]
-        to_h[:profiles].each do |name, data|
-          diff_h = Hashdiff.diff(data, other_hash[name], default_diff_opts).each_with_object({}) do |x, a|
-            val_to = x.length == 4 ? x[3] : nil
-            a_key = x[2].is_a?(Hash) ? x[2][:title] : x[2]
-            a[a_key] = [] unless a.key?(a_key)
-            a[a_key] << ChangeSet.new(change: x[0], key: x[1], value: x[2], value_to: val_to)
-          end
-          this_diff[name] = diff_h
-        end
-        this_diff
-      end
-
-      def diff_controls(other)
-        controls.diff(other.controls)
-      end
-
       def map_indexed(index: 'title', framework: 'cis', key_prefix: '')
         c_map = profiles.each_with_object({}) do |profile, obj|
           obj[profile.level.downcase] = {} unless obj[profile.level.downcase].is_a?(Hash)
@@ -298,7 +251,16 @@ module AbideDevUtils
 
       def facter_platform
         cpe = xpath('xccdf:Benchmark/xccdf:platform')[0]['idref'].split(':')
-        [cpe[4].split('_')[0], cpe[5].split('.')[0]]
+        if cpe.length > 4
+          product_name = cpe[4].split('_')
+          product_version = cpe[5].split('.') unless cpe[5].nil?
+          return [product_name[0], product_version[0]] unless product_version[0] == '-'
+
+          return [product_name[0], product_name[-1]] if product_version[0] == '-'
+        end
+
+        product = cpe[3].split('_')
+        [product[0], product[-1]] # This should wrap the name i.e 'Windows' and the version '10'
       end
 
       # Converts object to Hiera-formatted YAML
@@ -387,69 +349,6 @@ module AbideDevUtils
       end
     end
 
-    class ChangeSet
-      attr_reader :change, :key, :value, :value_to
-
-      def initialize(change:, key:, value:, value_to: nil)
-        validate_change(change)
-        @change = change
-        @key = key
-        @value = value
-        @value_to = value_to
-      end
-
-      def to_s
-        val_to_str = value_to.nil? ? ' ' : " to #{value_to} "
-        "#{change_string} value #{value}#{val_to_str}at #{key}"
-      end
-
-      def can_merge?(other)
-        return false unless (change == '-' && other.change == '+') || (change == '+' && other.change == '-')
-        return false unless key == other.key || value_hash_equality(other)
-
-        true
-      end
-
-      def merge(other)
-        unless can_merge?(other)
-          raise ArgumentError, 'Cannot merge. Possible causes: change is identical; key or value do not match'
-        end
-
-        new_to_value = value == other.value ? nil : other.value
-        ChangeSet.new(
-          change: '~',
-          key: key,
-          value: value,
-          value_to: new_to_value
-        )
-      end
-
-      private
-
-      def value_hash_equality(other)
-        equality = false
-        value.each do |k, v|
-          equality = true if v == other.value[k]
-        end
-        equality
-      end
-
-      def validate_change(change)
-        raise ArgumentError, "Change type #{change} in invalid" unless ['+', '-', '~'].include?(change)
-      end
-
-      def change_string
-        case change
-        when '-'
-          'remove'
-        when '+'
-          'add'
-        else
-          'change'
-        end
-      end
-    end
-
     class ObjectContainer
       include AbideDevUtils::XCCDF::Common
 

data/new_diff.rb

@@ -0,0 +1,48 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'yaml'
+require 'pry'
+require 'abide_dev_utils/xccdf/diff/benchmark'
+
+xml_file1 = File.expand_path(ARGV[0])
+xml_file2 = File.expand_path(ARGV[1])
+legacy_config = ARGV.length > 2 ? YAML.load_file(File.expand_path(ARGV[2])) : nil
+
+def convert_legacy_config(config, num_title_diff, key_format: :hiera_num)
+  nt_diff = num_title_diff.diff(key: :number)
+  updated_config = config['config']['control_configs'].each_with_object({}) do |(key, value), h|
+    next if value.nil?
+
+    diff_key = key.to_s.gsub(/^c/, '').tr('_', '.') if key_format == :hiera_num
+    if nt_diff.key?(diff_key)
+      if nt_diff[diff_key][0][:diff] == :number
+        new_key = "c#{nt_diff[diff_key][0][:other_number].to_s.tr('.', '_')}"
+        h[new_key] = value
+        puts "Converted #{key} to #{new_key}"
+      elsif nt_diff[diff_key][0][:diff] == :title
+
+        h[key] = value
+      end
+    else
+      h[key] = value
+    end
+  end
+  { 'config' => { 'control_configs' => updated_config } }.to_yaml
+end
+
+start_time = Time.now
+
+bm_diff = AbideDevUtils::XCCDF::Diff::BenchmarkDiff.new(xml_file1, xml_file2)
+self_nc_count, other_nc_count = bm_diff.numbered_children_counts
+puts "Benchmark numbered children count: #{self_nc_count}"
+puts "Other benchmark numbered children count: #{other_nc_count}"
+puts "Rule count difference: #{bm_diff.numbered_children_count_diff}"
+num_diff = bm_diff.number_title_diff
+binding.pry if legacy_config.nil?
+File.open('/tmp/legacy_converted.yaml', 'w') do |f|
+  converted = convert_legacy_config(legacy_config, num_diff)
+  f.write(converted)
+end
+
+puts "Computation time: #{Time.now - start_time}"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: abide_dev_utils
 version: !ruby/object:Gem::Version
-  version: 0.9.5
+  version: 0.10.1
 platform: ruby
 authors:
 - abide-team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-02-10 00:00:00.000000000 Z
+date: 2022-06-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.13'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.13'
 - !ruby/object:Gem::Dependency
   name: cmdparse
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +122,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: amatch
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -330,8 +344,10 @@ files:
 - bin/setup
 - exe/abide
 - lib/abide_dev_utils.rb
+- lib/abide_dev_utils/cem.rb
 - lib/abide_dev_utils/cli.rb
 - lib/abide_dev_utils/cli/abstract.rb
+- lib/abide_dev_utils/cli/cem.rb
 - lib/abide_dev_utils/cli/comply.rb
 - lib/abide_dev_utils/cli/jira.rb
 - lib/abide_dev_utils/cli/puppet.rb
@@ -364,6 +380,18 @@ files:
 - lib/abide_dev_utils/validate.rb
 - lib/abide_dev_utils/version.rb
 - lib/abide_dev_utils/xccdf.rb
+- lib/abide_dev_utils/xccdf/diff.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark/number_title.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark/profile.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark/property.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark/property_existence.rb
+- lib/abide_dev_utils/xccdf/diff/utils.rb
+- lib/abide_dev_utils/xccdf/parser.rb
+- lib/abide_dev_utils/xccdf/parser/objects.rb
+- lib/abide_dev_utils/xccdf/parser/objects/digest_object.rb
+- lib/abide_dev_utils/xccdf/parser/objects/numbered_object.rb
+- new_diff.rb
 homepage: https://github.com/puppetlabs/abide_dev_utils
 licenses:
 - MIT
@@ -386,7 +414,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Helper utilities for developing compliance Puppet code