csa-ccm 0.1.0

data/csa-ccm.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "csa/ccm/cli/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "csa-ccm"
+  spec.version       = Csa::Ccm::Cli::VERSION
+  spec.authors       = ["Ribose Inc."]
+  spec.email         = ["open.source@ribose.com"]
+
+  spec.summary       = %q{Parsing and writing of the CSA CCM}
+  spec.description   = %q{Parsing and writing of the CSA CCM located at https://cloudsecurityalliance.org/working-groups/cloud-controls-matrix.}
+  spec.homepage      = "https://open.ribose.com"
+
+  spec.files         = Dir['**/*'].reject { |f| f.match(%r{^(test|spec|features|.git)/|.(gem|gif|png|jpg|jpeg|xml|html|doc|pdf|dtd|ent)$}) }
+
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "rake", "~> 10.0"
+  spec.add_runtime_dependency "rubyXL", "~> 3.4.3"
+  spec.add_runtime_dependency "thor", "~> 0.20.3"
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/exe/csa-ccm

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require_relative "../lib/csa/ccm/cli"
+require_relative "../lib/csa/ccm/cli/command"
+
+Csa::Ccm::Cli::Command.start(ARGV)
+
+exit 0

data/lib/csa/ccm/answer.rb

@@ -0,0 +1,57 @@
+module Csa::Ccm
+
+class Answer
+
+  ATTRIBS = %i(
+    id content
+    control-id question-id
+    notes
+  )
+
+  attr_accessor *ATTRIBS
+
+  def initialize(options={})
+    @examples = []
+    @notes = []
+
+    # puts "options #{options.inspect}"
+
+    options.each_pair do |k, v|
+      next unless v
+      case k
+      when /^example/
+        @examples << v
+      when /^note/
+        @notes << v
+      else
+        # puts"Key #{k}"
+        key = k.gsub("-", "_")
+        self.send("#{key}=", v)
+      end
+    end
+    self
+  end
+
+  def to_hash
+    ATTRIBS.inject({}) do |acc, attrib|
+      value = self.send(attrib)
+      unless value.nil?
+        acc.merge(attrib.to_s => value)
+      else
+        acc
+      end
+    end
+  end
+
+  # # entry-status
+  # ## Must be one of notValid valid superseded retired
+  # def entry_status=(value)
+  #   unless %w(notValid valid superseded retired).include?(value)
+  #     value = "notValid"
+  #   end
+  #   @entry_status = value
+  # end
+
+end
+
+end

data/lib/csa/ccm/cli.rb

@@ -0,0 +1,10 @@
+module Csa::Ccm
+module Cli
+
+end
+end
+
+require_relative "cli/resource"
+require_relative "cli/ui"
+require_relative "matrix"
+require_relative "question"

data/lib/csa/ccm/cli/command.rb

@@ -0,0 +1,113 @@
+require 'rake'
+require 'thor'
+
+require_relative 'ui'
+require_relative '../cli'
+
+module Csa
+  module Ccm
+    module Cli
+      class Command < Thor
+        desc 'ccm-yaml VERSION', 'Generating a machine-readable CCM/CAIQ'
+        option :output_file, aliases: :o, type: :string, desc: 'Optional output YAML file. If missed, the input file’s name will be used'
+
+        def ccm_yaml(version)
+          input_files = Resource.lookup_version(version)
+
+          unless input_files || !input_files.empty?
+            UI.say("No file found for #{version} version")
+            return
+          end
+
+          input_file = input_files.first
+
+          unless File.exist? input_file
+            UI.say('No file found for version')
+            return
+          end
+
+          matrix = Matrix.from_xlsx(version, input_file)
+
+          output_file = options[:output_file] || "caiq-#{version}.yaml"
+          matrix.to_file(output_file)
+        end
+
+        desc "xlsx2yaml XSLT_PATH", "Converting CCM XSLX to YAML"
+        option :output_file, aliases: :o, type: :string, desc: "Optional output YAML file. If missed, the input file’s name will be used"
+
+        def xlsx2yaml(xslt_path)
+          raise 'Not implemented yet'
+        end
+
+        desc "caiq2yaml XSLT_PATH", "Converting a filled CAIQ to YAML"
+        option :output_name, aliases: :n, type: :string, desc: "Optional output CAIQ YAML file. If missed, the input file’s name will be used"
+        option :output_path, aliases: :p, type: :string, desc: "Optional output directory for result file. If missed pwd will be used"
+
+        def caiq2yaml(xslt_path)
+          # if xslt_path.nil?
+          #   puts 'Error: no filepath given as first argument.'
+          #   exit 1
+          # end
+
+          # if Pathname.new(xslt_path).extname != ".xlsx"
+          #   puts 'Error: filepath given must have extension .xlsx.'
+          #   exit 1
+          # end
+
+          # workbook = Csa::Ccm::MatrixWorkbook.new(xslt_path)
+          # workbook.glossary_info.metadata_section.structure
+          # workbook.glossary_info.metadata_section.attributes
+
+          # languages = {}
+
+          # workbook.languages_supported.map do |lang|
+          #   puts "************** WORKING ON LANGUAGE (#{lang})"
+          #   sheet = workbook.language_sheet(lang)
+          #   termsec = sheet.terms_section
+          #   languages[sheet.language_code] = termsec.terms
+          # end
+
+          # collection = Csa::Ccm::ControlDomain.new
+
+          # languages.each_pair do |lang, terms|
+          #   terms.each do |term|
+          #     collection.add_term(term)
+          #   end
+          # end
+
+          # # collection[1206].inspect
+
+          # # FIXME use  instea output dir
+          # output_dir = options[:output_path] || Dir.pwd
+          # output_file = options[:output_name] || File.join(output_dir, Pathname.new(filepath).basename.sub_ext(".yaml"))
+
+          # collection.to_file(output_file)
+
+          # collection_output_dir = File.join(output_dir, "concepts")
+
+          # FileUtils.mkdir_p(collection_output_dir)
+
+          # collection.keys.each do |id|
+          #   collection[id].to_file(File.join(collection_output_dir, "concept-#{id}.yaml"))
+          # end
+
+          # french = workbook.language_sheet("French")
+          # french.sections[3].structure
+          # french.sections[3].terms
+
+          # english = workbook.language_sheet("English")
+          # english.terms_section
+          # english.terms_section.terms
+
+          #pry.binding
+        end
+
+        desc "generate-with-answers ANSWERS_YAML", "Writing to the CAIQ XSLX template using YAML"
+
+        def generate_with_answers(answers)
+          raise 'Not implemented yet'
+        end
+      end
+    end
+  end
+end

data/lib/csa/ccm/cli/resource.rb

@@ -0,0 +1,34 @@
+require 'rubyXL'
+require 'yaml'
+
+require_relative '../../../ext/string'
+
+module Csa
+  module Ccm
+    module Cli
+      class Resource
+        def self.root_gem
+          Pathname.new(__dir__).join('..', '..', '..', '..')
+        end
+
+        def self.lookup_version(version)
+          Dir["#{root_gem}/resources/**/*v#{version}*.xlsx"]
+        end
+
+        def self.from_xlsx(xslt_path)
+          raise 'Not implemented yet'
+        end
+
+        def from_caiq(xslt_path, output_name, output_path)
+          raise 'Not implemented yet'
+        end
+
+        def self.to_file(hash, output_file)
+          File.open(output_file, 'w') { |f| f.write hash.to_yaml(line_width: 9999) }
+        rescue Errno::ENOENT => e
+          UI.say("Cannot write result to #{output_file} because: #{e.message}")
+        end
+      end
+    end
+  end
+end

data/lib/csa/ccm/cli/ui.rb

@@ -0,0 +1,18 @@
+require 'thor'
+
+module Csa::Ccm::Cli
+  class UI < Thor
+    def self.ask(message)
+      new.ask(message)
+    end
+
+    def self.say(message)
+      new.say(message)
+    end
+
+    def self.run(command)
+      require "open3"
+      Open3.capture3(command)
+    end
+  end
+end

data/lib/csa/ccm/cli/version.rb

@@ -0,0 +1,7 @@
+module Csa
+  module Ccm
+  	module Cli
+      VERSION = "0.1.0"
+    end
+  end
+end

data/lib/csa/ccm/control.rb

@@ -0,0 +1,47 @@
+module Csa::Ccm
+
+class Control
+  ATTRIBS = %i(
+    id name specification questions
+  )
+
+  attr_accessor *ATTRIBS
+
+  def initialize(options={})
+    options.each_pair do |k,v|
+      self.send("#{k}=", v)
+    end
+
+    @questions ||= {}
+
+    self
+  end
+
+  def to_hash
+    ATTRIBS.inject({}) do |acc, attrib|
+      value = self.send(attrib)
+
+      unless value.nil?
+        if attrib == :questions
+          value = value.inject([]) do |acc, (k, v)|
+            acc << v.to_hash
+            acc
+          end
+        end
+
+        acc.merge(attrib.to_s => value)
+      else
+        acc
+      end
+    end
+  end
+
+  def to_file(filename)
+    File.open(filename,"w") do |file|
+      file.write(to_hash.to_yaml)
+    end
+  end
+
+end
+
+end

data/lib/csa/ccm/control_domain.rb

@@ -0,0 +1,49 @@
+require_relative "control"
+
+module Csa::Ccm
+
+class ControlDomain
+  ATTRIBS = %i(
+    id name controls
+  )
+
+  attr_accessor *ATTRIBS
+
+  def initialize(options={})
+    options.each_pair do |k,v|
+      self.send("#{k}=", v)
+    end
+
+    @controls ||= {}
+
+    self
+  end
+
+  def to_hash
+    ATTRIBS.inject({}) do |acc, attrib|
+      value = self.send(attrib)
+
+      unless value.nil?
+        if attrib == :controls
+          value = value.inject([]) do |acc, (k, v)|
+            acc << v.to_hash
+            acc
+          end
+        end
+
+        acc.merge(attrib.to_s => value)
+      else
+        acc
+      end
+    end
+  end
+
+  def to_file(filename)
+    File.open(filename,"w") do |file|
+      file.write(to_hash.to_yaml)
+    end
+  end
+
+end
+
+end

data/lib/csa/ccm/matrix.rb

@@ -0,0 +1,187 @@
+require_relative "control_domain"
+require_relative "control"
+require_relative "question"
+
+module Csa::Ccm
+
+class Matrix
+  ATTRIBS = %i(
+    version title source_file workbook source_path control_domains
+  )
+
+  attr_accessor *ATTRIBS
+
+  def initialize(options={})
+    options.each_pair do |k,v|
+      self.send("#{k}=", v)
+    end
+
+    if source_path
+      @workbook = RubyXL::Parser.parse(source_path)
+    end
+
+    @control_domains ||= {}
+
+    self
+  end
+
+  def source_file
+    @source_file || File.basename(source_path)
+  end
+
+  def worksheet
+    workbook.worksheets.first
+  end
+
+  def title
+    worksheet = workbook.worksheets.first
+    worksheet[0][2].value
+  end
+
+  def metadata
+    {
+      'version' => version,
+      'title' => title,
+      'source_file' => source_file
+    }
+  end
+
+  class Row
+    ATTRIBS = %i(
+      control_domain_id control_id question_id control_spec
+      question_content answer_yes answer_no answer_na notes
+      control_domain_description
+    )
+
+    attr_accessor *ATTRIBS
+
+    def initialize(ruby_xl_row)
+      @control_domain_description = ruby_xl_row[0].value
+      @control_id = ruby_xl_row[1].value
+      @question_id = ruby_xl_row[2].value
+      @control_spec = ruby_xl_row[3].value
+      @question_content = ruby_xl_row[4].value
+      @answer_yes = ruby_xl_row[5].value
+      @answer_no = ruby_xl_row[6].value
+      @answer_na = ruby_xl_row[7].value
+
+      # In 3.0.1 2017-09-01, Rows 276 and 277's control ID says "LG-02" but it should be "STA-05" instead.
+      @control_id = question_id.split(".").first if question_id
+      @control_domain_id = control_id.split("-").first if control_id
+
+      # puts "HERE IN ROW! #{ruby_xl_row.cells.map(&:value)}"
+
+      puts control_domain_description
+      puts control_id
+      puts question_id
+
+      self
+    end
+
+    def control_domain_name
+      return nil if control_domain_description.nil?
+      name, _, control_name = control_domain_description.split(/(\n)/)
+      name
+    end
+
+    def control_name
+      return nil if control_domain_description.nil?
+      name, _, control_name = control_domain_description.split(/(\n)/)
+      control_name
+    end
+  end
+
+  def row(i)
+    Row.new(worksheet[i])
+  end
+
+  def self.from_xlsx(version, input_file)
+    matrix = Matrix.new(
+      version: version,
+      source_path: input_file
+    )
+
+    all_rows = matrix.worksheet.sheet_data.rows
+    start_row = 4 # FIXME add some basic logic to calculate it
+
+    last_control_domain = nil
+    last_control_id = nil
+    last_control_specification = nil
+
+    worksheet = matrix.worksheet
+
+    row_number = start_row
+    max_row_number = all_rows.length - 1
+
+    # We loop over all Questions
+    (start_row..max_row_number).each do |row_number|
+
+      puts "looping row #{row_number}"
+      row = matrix.row(row_number)
+      # Skip row if there is no question-id
+      puts "row #{row.question_id}"
+      # require 'pry'
+      # binding.pry
+      next if row.question_id.nil?
+
+      puts "domain_id #{row.control_domain_id}"
+
+      domain_id = row.control_domain_id
+      unless domain_id.nil?
+
+        control_domain = matrix.control_domains[domain_id] ||
+          ControlDomain.new(
+            id: row.control_domain_id,
+            name: row.control_domain_name
+          )
+
+        puts "control_domain #{control_domain.to_hash}"
+
+        # Store the Control Domain
+        matrix.control_domains[domain_id] = control_domain
+      end
+
+      control_id = row.control_id
+      unless control_id.nil?
+
+        control_domain = matrix.control_domains[domain_id]
+        control = control_domain.controls[control_id] || Control.new(
+          id: row.control_id,
+          name: row.control_name,
+          specification: row.control_spec
+        )
+
+        puts "control #{control.to_hash}"
+        # Store the Control
+        control_domain.controls[control_id] = control
+      end
+
+      question = matrix.control_domains[domain_id].controls[control_id]
+      # Store the Question
+      puts question.to_hash
+      control.questions[row.question_id] = Question.new(id: row.question_id, content: row.question_content)
+    end
+
+    matrix
+  end
+
+  def to_hash
+    {
+      "ccm" => {
+        "metadata" => metadata.to_hash,
+        "control_domains" => control_domains.inject([]) do |acc, (k, v)|
+            acc << v.to_hash
+            acc
+          end
+      }
+    }
+  end
+
+  def to_file(filename)
+    File.open(filename,"w") do |file|
+      file.write(to_hash.to_yaml)
+    end
+  end
+
+end
+end