abide_dev_utils 0.9.7 → 0.11.0

data/lib/abide_dev_utils/xccdf/parser.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'abide_dev_utils/files'
+require 'abide_dev_utils/xccdf/parser/objects'
+
+module AbideDevUtils
+  module XCCDF
+    # Contains methods and classes for parsing XCCDF files,
+    module Parser
+      def self.parse(file_path)
+        doc = AbideDevUtils::Files::Reader.read(file_path)
+        benchmark = AbideDevUtils::XCCDF::Parser::Objects::Benchmark.new(doc)
+        Linker.resolve_links(benchmark)
+        benchmark
+      end
+
+      # Links XCCDF objects by reference.
+      # Each link is resolved and then a bidirectional link is established
+      # between the two objects.
+      module Linker
+        def self.resolve_links(benchmark)
+          link_profile_rules(benchmark)
+          link_rule_values(benchmark)
+        end
+
+        def self.link_profile_rules(benchmark)
+          rules = benchmark.find_children_by_class(AbideDevUtils::XCCDF::Parser::Objects::Rule, recurse: true)
+          benchmark.profile.each do |profile|
+            profile.xccdf_select.each do |sel|
+              rules.select { |rule| rule.id == sel.idref }.each do |rule|
+                rule.add_link(profile)
+                profile.add_link(rule)
+              end
+            end
+          end
+        end
+
+        def self.link_rule_values(benchmark)
+          rules = benchmark.find_children_by_class(AbideDevUtils::XCCDF::Parser::Objects::Rule, recurse: true)
+          benchmark.value.each do |value|
+            rules.each do |rule|
+              unless rule.find_children_by_attribute_value('value-id', value.id, recurse: true).empty?
+                rule.add_link(value)
+                value.add_link(rule)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/abide_dev_utils/xccdf.rb

@@ -34,21 +34,17 @@ module AbideDevUtils
 
     # Diffs two xccdf files
     def self.diff(file1, file2, opts)
+      require 'abide_dev_utils/xccdf/diff'
       bm1 = Benchmark.new(file1)
       bm2 = Benchmark.new(file2)
-      profile = opts.fetch(:profile, nil)
-      profile_diff = if profile.nil?
-                       bm1.diff_profiles(bm2).each do |_, v|
-                         v.transform_values! { |x| x.map!(&:to_s) }
-                       end
-                     else
-                       bm1.diff_profiles(bm2)[profile].transform_values! { |x| x.map!(&:to_s) }
-                     end
-      profile_key = profile.nil? ? 'all_profiles' : profile
-      {
-        'benchmark' => bm1.diff_title_version(bm2),
-        profile_key => profile_diff
-      }
+      AbideDevUtils::XCCDF::Diff.diff_benchmarks(bm1, bm2, opts)
+    end
+
+    # Use new-style diff
+    def self.new_style_diff(file1, file2, opts)
+      require 'abide_dev_utils/xccdf/diff/benchmark'
+      bm_diff = AbideDevUtils::XCCDF::Diff::BenchmarkDiff.new(file1, file2, opts)
+      bm_diff.diff
     end
 
     # Common constants and methods included by nearly everything else
@@ -164,25 +160,6 @@ module AbideDevUtils
         diff_properties.map { |x| send(x) } == other.diff_properties.map { |x| other.send(x) }
       end
 
-      def default_diff_opts
-        {
-          similarity: 1,
-          strict: true,
-          strip: true,
-          array_path: true,
-          delimiter: '//',
-          use_lcs: false
-        }
-      end
-
-      def diff(other, **opts)
-        Hashdiff.diff(
-          to_h,
-          other.to_h,
-          default_diff_opts.merge(opts)
-        )
-      end
-
       def abide_object?
         true
       end
@@ -231,9 +208,12 @@ module AbideDevUtils
         profiles.select { |x| x.title == profile_title }.controls
       end
 
-      def gen_map(dir: nil, type: 'CIS', parent_key_prefix: '', **_)
+      def gen_map(dir: nil, type: 'cis', parent_key_prefix: '', version_output_dir: false, **_)
         os, ver = facter_platform
-        mapping_dir = dir ? File.expand_path(File.join(dir, type, os, ver)) : ''
+        output_path = [type, os, ver]
+        output_path.unshift(File.expand_path(dir)) if dir
+        output_path << version if version_output_dir
+        mapping_dir = File.expand_path(File.join(output_path))
         parent_key_prefix = '' if parent_key_prefix.nil?
         MAP_INDICES.each_with_object({}) do |idx, h|
           map_file_path = "#{mapping_dir}/#{idx}.yaml"
@@ -257,33 +237,6 @@ module AbideDevUtils
         }
       end
 
-      def diff_title_version(other)
-        Hashdiff.diff(
-          to_h.reject { |k, _| k.to_s == 'profiles' },
-          other.to_h.reject { |k, _| k.to_s == 'profiles' },
-          default_diff_opts
-        )
-      end
-
-      def diff_profiles(other)
-        this_diff = {}
-        other_hash = other.to_h[:profiles]
-        to_h[:profiles].each do |name, data|
-          diff_h = Hashdiff.diff(data, other_hash[name], default_diff_opts).each_with_object({}) do |x, a|
-            val_to = x.length == 4 ? x[3] : nil
-            a_key = x[2].is_a?(Hash) ? x[2][:title] : x[2]
-            a[a_key] = [] unless a.key?(a_key)
-            a[a_key] << ChangeSet.new(change: x[0], key: x[1], value: x[2], value_to: val_to)
-          end
-          this_diff[name] = diff_h
-        end
-        this_diff
-      end
-
-      def diff_controls(other)
-        controls.diff(other.controls)
-      end
-
       def map_indexed(index: 'title', framework: 'cis', key_prefix: '')
         c_map = profiles.each_with_object({}) do |profile, obj|
           obj[profile.level.downcase] = {} unless obj[profile.level.downcase].is_a?(Hash)
@@ -396,69 +349,6 @@ module AbideDevUtils
       end
     end
 
-    class ChangeSet
-      attr_reader :change, :key, :value, :value_to
-
-      def initialize(change:, key:, value:, value_to: nil)
-        validate_change(change)
-        @change = change
-        @key = key
-        @value = value
-        @value_to = value_to
-      end
-
-      def to_s
-        val_to_str = value_to.nil? ? ' ' : " to #{value_to} "
-        "#{change_string} value #{value}#{val_to_str}at #{key}"
-      end
-
-      def can_merge?(other)
-        return false unless (change == '-' && other.change == '+') || (change == '+' && other.change == '-')
-        return false unless key == other.key || value_hash_equality(other)
-
-        true
-      end
-
-      def merge(other)
-        unless can_merge?(other)
-          raise ArgumentError, 'Cannot merge. Possible causes: change is identical; key or value do not match'
-        end
-
-        new_to_value = value == other.value ? nil : other.value
-        ChangeSet.new(
-          change: '~',
-          key: key,
-          value: value,
-          value_to: new_to_value
-        )
-      end
-
-      private
-
-      def value_hash_equality(other)
-        equality = false
-        value.each do |k, v|
-          equality = true if v == other.value[k]
-        end
-        equality
-      end
-
-      def validate_change(change)
-        raise ArgumentError, "Change type #{change} in invalid" unless ['+', '-', '~'].include?(change)
-      end
-
-      def change_string
-        case change
-        when '-'
-          'remove'
-        when '+'
-          'add'
-        else
-          'change'
-        end
-      end
-    end
-
     class ObjectContainer
       include AbideDevUtils::XCCDF::Common
 

data/new_diff.rb

@@ -0,0 +1,48 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'yaml'
+require 'pry'
+require 'abide_dev_utils/xccdf/diff/benchmark'
+
+xml_file1 = File.expand_path(ARGV[0])
+xml_file2 = File.expand_path(ARGV[1])
+legacy_config = ARGV.length > 2 ? YAML.load_file(File.expand_path(ARGV[2])) : nil
+
+def convert_legacy_config(config, num_title_diff, key_format: :hiera_num)
+  nt_diff = num_title_diff.diff(key: :number)
+  updated_config = config['config']['control_configs'].each_with_object({}) do |(key, value), h|
+    next if value.nil?
+
+    diff_key = key.to_s.gsub(/^c/, '').tr('_', '.') if key_format == :hiera_num
+    if nt_diff.key?(diff_key)
+      if nt_diff[diff_key][0][:diff] == :number
+        new_key = "c#{nt_diff[diff_key][0][:other_number].to_s.tr('.', '_')}"
+        h[new_key] = value
+        puts "Converted #{key} to #{new_key}"
+      elsif nt_diff[diff_key][0][:diff] == :title
+
+        h[key] = value
+      end
+    else
+      h[key] = value
+    end
+  end
+  { 'config' => { 'control_configs' => updated_config } }.to_yaml
+end
+
+start_time = Time.now
+
+bm_diff = AbideDevUtils::XCCDF::Diff::BenchmarkDiff.new(xml_file1, xml_file2)
+self_nc_count, other_nc_count = bm_diff.numbered_children_counts
+puts "Benchmark numbered children count: #{self_nc_count}"
+puts "Other benchmark numbered children count: #{other_nc_count}"
+puts "Rule count difference: #{bm_diff.numbered_children_count_diff}"
+num_diff = bm_diff.number_title_diff
+binding.pry if legacy_config.nil?
+File.open('/tmp/legacy_converted.yaml', 'w') do |f|
+  converted = convert_legacy_config(legacy_config, num_diff)
+  f.write(converted)
+end
+
+puts "Computation time: #{Time.now - start_time}"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: abide_dev_utils
 version: !ruby/object:Gem::Version
-  version: 0.9.7
+  version: 0.11.0
 platform: ruby
 authors:
 - abide-team
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-03-02 00:00:00.000000000 Z
+date: 2022-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.13'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.13'
 - !ruby/object:Gem::Dependency
   name: cmdparse
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +122,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: amatch
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: facterdb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.18'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.18'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -330,8 +358,15 @@ files:
 - bin/setup
 - exe/abide
 - lib/abide_dev_utils.rb
+- lib/abide_dev_utils/cem.rb
+- lib/abide_dev_utils/cem/benchmark.rb
+- lib/abide_dev_utils/cem/coverage_report.rb
+- lib/abide_dev_utils/cem/generate.rb
+- lib/abide_dev_utils/cem/generate/reference.rb
+- lib/abide_dev_utils/cem/mapping/mapper.rb
 - lib/abide_dev_utils/cli.rb
 - lib/abide_dev_utils/cli/abstract.rb
+- lib/abide_dev_utils/cli/cem.rb
 - lib/abide_dev_utils/cli/comply.rb
 - lib/abide_dev_utils/cli/jira.rb
 - lib/abide_dev_utils/cli/puppet.rb
@@ -342,6 +377,7 @@ files:
 - lib/abide_dev_utils/constants.rb
 - lib/abide_dev_utils/errors.rb
 - lib/abide_dev_utils/errors/base.rb
+- lib/abide_dev_utils/errors/cem.rb
 - lib/abide_dev_utils/errors/comply.rb
 - lib/abide_dev_utils/errors/gcloud.rb
 - lib/abide_dev_utils/errors/general.rb
@@ -351,19 +387,34 @@ files:
 - lib/abide_dev_utils/files.rb
 - lib/abide_dev_utils/gcloud.rb
 - lib/abide_dev_utils/jira.rb
+- lib/abide_dev_utils/markdown.rb
 - lib/abide_dev_utils/mixins.rb
 - lib/abide_dev_utils/output.rb
 - lib/abide_dev_utils/ppt.rb
 - lib/abide_dev_utils/ppt/api.rb
 - lib/abide_dev_utils/ppt/class_utils.rb
-- lib/abide_dev_utils/ppt/coverage.rb
+- lib/abide_dev_utils/ppt/facter_utils.rb
+- lib/abide_dev_utils/ppt/hiera.rb
 - lib/abide_dev_utils/ppt/new_obj.rb
+- lib/abide_dev_utils/ppt/puppet_module.rb
 - lib/abide_dev_utils/ppt/score_module.rb
 - lib/abide_dev_utils/prompt.rb
 - lib/abide_dev_utils/resources/generic_spec.erb
 - lib/abide_dev_utils/validate.rb
 - lib/abide_dev_utils/version.rb
 - lib/abide_dev_utils/xccdf.rb
+- lib/abide_dev_utils/xccdf/diff.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark/number_title.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark/profile.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark/property.rb
+- lib/abide_dev_utils/xccdf/diff/benchmark/property_existence.rb
+- lib/abide_dev_utils/xccdf/diff/utils.rb
+- lib/abide_dev_utils/xccdf/parser.rb
+- lib/abide_dev_utils/xccdf/parser/objects.rb
+- lib/abide_dev_utils/xccdf/parser/objects/digest_object.rb
+- lib/abide_dev_utils/xccdf/parser/objects/numbered_object.rb
+- new_diff.rb
 homepage: https://github.com/puppetlabs/abide_dev_utils
 licenses:
 - MIT
@@ -371,7 +422,7 @@ metadata:
   homepage_uri: https://github.com/puppetlabs/abide_dev_utils
   source_code_uri: https://github.com/puppetlabs/abide_dev_utils
   changelog_uri: https://github.com/puppetlabs/abide_dev_utils
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -386,8 +437,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Helper utilities for developing compliance Puppet code
 test_files: []

data/lib/abide_dev_utils/ppt/coverage.rb

@@ -1,86 +0,0 @@
-# frozen_string_literal: true
-
-require 'json'
-require 'pathname'
-require 'yaml'
-require 'puppet_pal'
-require 'abide_dev_utils/ppt/class_utils'
-
-module AbideDevUtils
-  module Ppt
-    class CoverageReport
-      def self.generate(puppet_class_dir, hiera_path, profile = nil)
-        coverage = {}
-        coverage['classes'] = {}
-        all_cap = ClassUtils.find_all_classes_and_paths(puppet_class_dir)
-        invalid_classes = find_invalid_classes(all_cap)
-        valid_classes = find_valid_classes(all_cap, invalid_classes)
-        coverage['classes']['invalid'] = invalid_classes
-        coverage['classes']['valid'] = valid_classes
-        hiera = YAML.safe_load(File.open(hiera_path))
-        profile&.gsub!(/^profile_/, '') unless profile.nil?
-
-        matcher = profile.nil? ? /^profile_/ : /^profile_#{profile}/
-        hiera.each do |k, v|
-          key_base = k.split('::')[-1]
-          coverage['benchmark'] = v if key_base == 'title'
-          next unless key_base.match?(matcher)
-
-          coverage[key_base] = generate_uncovered_data(v, valid_classes)
-        end
-        coverage
-      end
-
-      def self.generate_uncovered_data(ctrl_list, valid_classes)
-        out_hash = {}
-        out_hash[:num_total] = ctrl_list.length
-        out_hash[:uncovered] = []
-        out_hash[:covered] = []
-        ctrl_list.each do |c|
-          if valid_classes.include?(c)
-            out_hash[:covered] << c
-          else
-            out_hash[:uncovered] << c
-          end
-        end
-        out_hash[:num_covered] = out_hash[:covered].length
-        out_hash[:num_uncovered] = out_hash[:uncovered].length
-        out_hash[:coverage] = Float(
-          (Float(out_hash[:num_covered]) / Float(out_hash[:num_total])) * 100.0
-        ).floor(3)
-        out_hash
-      end
-
-      def self.find_valid_classes(all_cap, invalid_classes)
-        all_classes = all_cap.dup.transpose[0]
-        return [] if all_classes.nil?
-
-        return all_classes - invalid_classes unless invalid_classes.nil?
-
-        all_classes
-      end
-
-      def self.find_invalid_classes(all_cap)
-        invalid_classes = []
-        all_cap.each do |cap|
-          invalid_classes << cap[0] unless class_valid?(cap[1])
-        end
-        invalid_classes
-      end
-
-      def self.class_valid?(manifest_path)
-        compiler = Puppet::Pal::Compiler.new(nil)
-        ast = compiler.parse_file(manifest_path)
-        ast.body.body.statements.each do |s|
-          next unless s.respond_to?(:arguments)
-          next unless s.arguments.respond_to?(:each)
-
-          s.arguments.each do |i|
-            return false if i.value == 'Not implemented'
-          end
-        end
-        true
-      end
-    end
-  end
-end