cem_spec_helper 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 51e588d74479bd14587fff43945c874086cf658ac9527515fa575a99ea066d82
+  data.tar.gz: f9423bb06d63509853cb5245c694b55cdb000a9a900a83bfd0436f75b0b59a2a
+SHA512:
+  metadata.gz: 79d0477dffb4aa1ed729761da0660146335652526f0be9abed5ef55bdac601f3df96d0aa6f0125f77355d62d8023315927aa483ca806a4be907c6f5973822f18
+  data.tar.gz: 221401fe507c2cb80f07f7ffde91bc53f508e6e614cf4101ac2e60f7d64926cba5322dd5a6d8a977b85daf6e1fa82955d753b8e30e4e375181a527627fd6327e

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2023-09-20
+
+- Initial release

data/CODEOWNERS

@@ -0,0 +1 @@
+* @puppetlabs/abide-team

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Perforce Software
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,16 @@
+# CemSpecHelper
+
+CemSpecHelper provides methods, classes, modules, etc. to help with RSpec testing the CEM modules.
+
+Currently, this provides the backing methods for the CEM data tests.
+
+## Usage
+
+Make sure that `cem_spec_helper` is declared as a dependency in the module's `Gemfile`. Then, add this to `spec/spec_helper.rb`:
+
+```ruby
+require 'cem_spec_helper'
+include CemSpecHelper
+```
+
+Then you're all set.

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/lib/cem_spec_helper/mapping_data_spec.rb

@@ -0,0 +1,127 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+module CemSpecHelper
+  module MappingDataSpec
+    MAP_ROOT = File.join(Dir.pwd, 'spec', 'fixtures', 'data', 'mapping').freeze
+    SYNTHETIC_MAP_ROOT = File.join(Dir.pwd, 'spec', 'fixtures', 'unit', 'puppet_x', 'puppetlabs', 'cem', 'data_processor', 'mapping').freeze
+
+    def load_mapping_data
+      # Get frameworks with maps
+      Dir[File.join(MAP_ROOT, '*')].each_with_object([]) do |fw_dir, arr|
+        framework = File.basename(fw_dir)
+        # Get OS' in frameworks
+        Dir[File.join(fw_dir, '*')].each do |os_dir|
+          os = File.basename(os_dir)
+          # Get major OS versions in OS'
+          Dir[File.join(os_dir, '*')].each do |ver_dir|
+            ver = File.basename(ver_dir)
+            mapping = Mapping.new(framework, os, ver)
+            # Get map names and load map files
+            Dir[File.join(ver_dir, '*.yaml')].each do |map_file|
+              map_type = File.basename(map_file, '.yaml')
+              mapping.add_map(map_type, map_file)
+            end
+            arr << mapping
+          end
+        end
+      end
+    end
+
+    def load_synthetic_mapping_data
+      # Get frameworks with maps
+      Dir[File.join(SYNTHETIC_MAP_ROOT, '*')].each_with_object([]) do |fw_dir, arr|
+        framework = File.basename(fw_dir)
+        mapping = Mapping.new(framework, 'Synthetic', '1')
+        # Get map names and load map files
+        Dir[File.join(fw_dir, '*.yaml')].each do |map_file|
+          map_type = File.basename(map_file, '.yaml')
+          mapping.add_map(map_type, map_file)
+        end
+        arr << mapping
+      end
+    end
+
+    def synthetic_mapping_data
+      @synthetic_mapping_data ||= load_synthetic_mapping_data
+    end
+
+    def mapping_data
+      @mapping_data ||= load_mapping_data
+    end
+
+    class Mapping
+      attr_reader :framework, :os, :majver, :module_name
+
+      def initialize(framework, os, majver, module_name: 'cem_linux')
+        @framework = framework
+        @os = os
+        @majver = majver
+        @module_name = module_name
+        @maps = {}
+      end
+
+      def maps
+        @maps.values
+      end
+
+      def add_map(type, map_file)
+        @maps[type] = YAML.load_file(map_file)
+      end
+
+      def map_types
+        @maps.keys
+      end
+
+      def verify_map_size(keys_with_array_val = find_keys_with_array_val(@maps.dup))
+        result = keys_with_array_val.each_with_object([]) do |(id, map), res|
+          actual_length = 1 + map.length
+          res << id if actual_length != map_types.length
+        end
+        raise "IDs with incorrect map size:\n#{result.join("\n")}" unless result.empty?
+
+        true
+      end
+
+      def verify_one_to_one
+        results = @maps.keys.each_with_object([]) do |t, arr|
+          keys_with_array_val = find_keys_with_array_val(@maps[t])
+          keys_with_array_val.each do |k, v|
+            keys_with_array_val.each do |o_k, o_v|
+              next if o_k == k
+
+              diff = v - o_v
+              arr << k if diff.length < v.length
+            end
+          end
+        end
+        results.compact!
+        results.uniq!
+        raise "IDs with one-to-many or many-to-many relationships:\n#{results.join("\n")}" unless results.empty?
+
+        true
+      end
+
+      def to_s
+        "Mapping[#{framework}, #{os}, #{majver}]"
+      end
+
+      private
+
+      def top_key(type)
+        [module_name, 'mappings', framework, type].join('::')
+      end
+
+      def find_keys_with_array_val(hsh)
+        results = {}
+        hsh.each do |key, val|
+          results[key] = val if val.is_a?(Array)
+
+          results.merge!(find_keys_with_array_val(val)) if val.is_a?(Hash)
+        end
+        results
+      end
+    end
+  end
+end

data/lib/cem_spec_helper/resource_data_spec.rb

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+module CemSpecHelper
+  module ResourceDataSpec
+    DATA_ROOT = File.join(Dir.pwd, 'spec', 'fixtures', 'data')
+    REDHAT_FAMILY_ROOT = File.join(DATA_ROOT, 'RedHat')
+    REDHAT_ROOT_DIR = File.join(REDHAT_FAMILY_ROOT, 'RedHat')
+    REDHAT_MAJVER = [7, 8].freeze
+    CENTOS_ROOT_DIR = File.join(REDHAT_FAMILY_ROOT, 'CentOS')
+    CENTOS_MAJVER = [7].freeze
+    ORACLE_ROOT_DIR = File.join(REDHAT_FAMILY_ROOT, 'OracleLinux')
+    ORACLE_MAJVER = [7, 8].freeze
+    ALMA_ROOT_DIR = File.join(REDHAT_FAMILY_ROOT, 'AlmaLinux')
+    ALMA_MAJVER = [8].freeze
+    WINDOWS_ROOT_DIR = File.join(DATA_ROOT, 'windows')
+    WINDOWS_MAJVER = [10, 2016, 2019, 2022].freeze
+
+    SYNTHETIC_DATA_ROOT = File.join(Dir.pwd, 'spec', 'fixtures', 'unit', 'puppet_x', 'puppetlabs', 'cem', 'data_processor')
+
+    SPECIAL_CONTROLS = ['cem_options', 'cem_protected'].freeze
+
+    def find_resource_data(distro, majver = nil, as_objects: false)
+      case distro
+      when 'RedHat'
+        redhat_resource_data(majver, as_objects: as_objects)
+      when 'CentOS'
+        centos_resource_data(majver, as_objects: as_objects)
+      when 'OracleLinux'
+        oracle_resource_data(majver, as_objects: as_objects)
+      when 'AlmaLinux'
+        alma_resource_data(majver, as_objects: as_objects)
+      when 'Windows'
+        windows_resource_data(majver, as_objects: as_objects)
+      when 'Synthetic'
+        load_resource_data(SYNTHETIC_DATA_ROOT, 'test_resource_data', as_objects: as_objects)
+      else
+        raise "Unknown distro: #{distro}"
+      end
+    end
+
+    def redhat_resource_data(majver = nil, as_objects: false)
+      raise ArgumentError, "major version #{majver} not found" unless majver.nil? || REDHAT_MAJVER.include?(majver.to_i)
+
+      load_resource_data(REDHAT_ROOT_DIR, majver, as_objects: as_objects)
+    end
+
+    def centos_resource_data(majver = nil, as_objects: false)
+      raise ArgumentError, "major version #{majver} not found" unless majver.nil? || CENTOS_MAJVER.include?(majver.to_i)
+
+      load_resource_data(CENTOS_ROOT_DIR, majver, as_objects: as_objects)
+    end
+
+    def oracle_resource_data(majver = nil, as_objects: false)
+      raise ArgumentError, "major version #{majver} not found" unless majver.nil? || ORACLE_MAJVER.include?(majver.to_i)
+
+      load_resource_data(ORACLE_ROOT_DIR, majver, as_objects: as_objects)
+    end
+
+    def alma_resource_data(majver = nil, as_objects: false)
+      raise ArgumentError, "major version #{majver} not found" unless majver.nil? || ALMA_MAJVER.include?(majver.to_i)
+
+      load_resource_data(ALMA_ROOT_DIR, majver, as_objects: as_objects)
+    end
+
+    def windows_resource_data(majver = nil, as_objects: false)
+      raise ArgumentError, "major version #{majver} not found" unless majver.nil? || WINDOWS_MAJVER.include?(majver.to_i)
+
+      load_resource_data(WINDOWS_ROOT_DIR, majver, as_objects: as_objects)
+    end
+
+    def synthetic_resource_data(as_objects: false)
+      load_resource_data(SYNTHETIC_DATA_ROOT, 'test_resource_data', as_objects: as_objects)
+    end
+
+    # Finds all resources that only implement a single control
+    # @param distro [String]
+    # @param majver [String]
+    # @param benchmark [String] either cis or stig
+    # @return [Hash] A hash of control_name => [resource type, resource title]
+    def single_control_resources(distro, majver = nil, benchmark = 'cis')
+      resources = find_resource_data(distro, majver, as_objects: true)
+      resources.select! { |res| res.controls(include_special: false).length == 1 }
+      resources.map! do |res|
+        [res.controls.first, [res.type, res.title]]
+      end
+      resources = resources.to_h
+      # Reduce to just benchmark-related keypairs
+      case benchmark
+      when 'cis'
+        resources.reject! { |k, _v| k.match?(%r{^V-}) }
+      when 'stig'
+        resources.select! { |k, _v| k.match?(%r{^V-}) }
+      end
+      resources
+    end
+
+    def load_resource_data(root_dir, majver = nil, as_objects: false)
+      raise "root_dir \"#{root_dir}\" is not a valid path" unless File.directory?(root_dir)
+
+      unless majver.nil?
+        file_path = File.join(root_dir, "#{majver}.yaml")
+        raise "Resource data file \"#{file_path}\" not found" unless File.file?(file_path)
+
+        resources = YAML.load_file(file_path)['cem_linux::resources']
+        final_resources = as_objects ? resources.map { |k, v| Resource.new(k, v) } : resources
+        return final_resources
+      end
+
+      Dir[File.join(root_dir, '*')].each_with_object({}) do |rdata, hsh|
+        resources = YAML.load_file(rdata)['cem_linux::resources']
+        final_resources = as_objects ? resources.map { |k, v| Resource.new(k, v) } : resources
+        hsh[File.basename(rdata, '.yaml')] = final_resources
+      end
+    end
+
+    def duplicate_controls(rdata_objects)
+      all_controls = rdata_objects.map(&:controls).flatten
+      # Lets go O(n^2) solution!
+      all_controls.select { |c| all_controls.count(c) > 1 }.reject { |c| SPECIAL_CONTROLS.include?(c) }.uniq
+    end
+
+    class Resource
+      attr_reader :title, :type
+
+      def initialize(title, data)
+        @title = title
+        @data = data
+        @type = @data['type']
+        @no_params = false
+        @control_data = load_control_data
+      end
+
+      def controls(include_special: true)
+        ctrls = @no_params ? @control_data : @control_data.keys
+        return ctrls if include_special
+
+        ctrls.reject { |c| SPECIAL_CONTROLS.include?(c) }
+      end
+
+      def params
+        # rubocop:disable Style/CollectionMethods
+        control_data.map { |_, v| v if v.is_a?(Hash) }.flatten.compact.uniq.inject(:merge)
+        # rubocop:enable Style/CollectionMethods
+      end
+
+      def verify_no_duplicate_controls
+        controls.uniq == controls
+      end
+
+      private
+
+      def load_control_data
+        @no_params = if @data['controls'].is_a?(Array)
+                      true
+                    else
+                      false
+                    end
+        @data['controls']
+      end
+    end
+  end
+end

data/lib/cem_spec_helper/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module CemSpecHelper
+  VERSION = "0.1.0"
+end

data/lib/cem_spec_helper.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module CemSpecHelper
+  # Makes it so the CemSpecHelper module has to be included in the spec_helper.rb file.
+  def self.included(base)
+    require 'cem_spec_helper/mapping_data_spec'
+    require 'cem_spec_helper/resource_data_spec'
+    require 'cem_spec_helper/version'
+
+    module PuppetX; end
+    module PuppetX::CEM; end
+
+    RSpec.configure do |config|
+      config.include CemSpecHelper::MappingDataSpec
+      config.extend CemSpecHelper::MappingDataSpec
+      config.include CemSpecHelper::ResourceDataSpec
+      config.extend CemSpecHelper::ResourceDataSpec
+    end
+  end
+end

data/sig/cem_spec_helper.rbs

@@ -0,0 +1,4 @@
+module CemSpecHelper
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,57 @@
+--- !ruby/object:Gem::Specification
+name: cem_spec_helper
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- abide-team
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-09-21 00:00:00.000000000 Z
+dependencies: []
+description: Provides helper methods, classes, modules, etc. for RSpec testing the
+  CEM modules
+email:
+- abide-team@perforce.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CODEOWNERS
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/cem_spec_helper.rb
+- lib/cem_spec_helper/mapping_data_spec.rb
+- lib/cem_spec_helper/resource_data_spec.rb
+- lib/cem_spec_helper/version.rb
+- sig/cem_spec_helper.rbs
+homepage: https://github.com/puppetlabs/cem_spec_helper
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/puppetlabs/cem_spec_helper
+  source_code_uri: https://github.com/puppetlabs/cem_spec_helper
+  changelog_uri: https://github.com/puppetlabs/cem_spec_helper
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.18
+signing_key:
+specification_version: 4
+summary: Spec helper for testing the CEM modules
+test_files: []