emasser 3.10.0 → 3.22.0

data/lib/emasser/help/software_post_mapper.md

@@ -0,0 +1,59 @@
+Endpoint request parameters/fields
+
+Field                   Data Type  Details
+-------------------------------------------------------------------------------------------------
+systemId                Integer    [Required] Unique eMASS identifier. Will need to provide correct number.
+softwareVendor          String     [Required] Vendor of the software asset. Character Limit = 100.
+softwareName            String     [Required] Name of the software asset. Character Limit = 100.
+version                 String     [Required] Version of the software asset. Character Limit = 100.
+
+approvalDate            Date       [Conditional] Approval date of the software asset. If Approval Status is set to “Unapproved”
+                                                 or “In Progress”, Approval Date will be set to null. Unix date format.
+
+softwareType*           String     [Optional] Type of the software asset. Character Limit = 100.
+parentSystem            String     [Optional] Parent system of the software asset. Character Limit = 100.
+subsystem               String     [Optional] Subsystem of the software asset. Character Limit = 100.
+network                 String     [Optional] Network of the software asset. Character Limit = 100.
+hostingEnvironment      String     [Optional] Hosting environment of the software asset. Character Limit = 100.
+softwareDependencies    String     [Optional] Dependencies for the software asset. Character Limit = 100.
+cryptographicHash       String     [Optional] Cryptographic hash for the software asset. Character Limit = 100.
+inServiceData           String     [Optional] In service data for the software asset. Character Limit = 100.
+itBudgetUii             String     [Optional] IT budget UII for the software asset. Character Limit = 50.
+fiscalYear              String     [Optional] Fiscal year (FY) for the software asset. Character Limit = 20.
+popEndDate              Date       [Optional] Period of performance (POP) end date for the software asset. Unix time format.
+licenseOrContract       String     [Optional] License or contract for the software asset. Character Limit = 250.
+licenseTerm             String     [Optional] License term for the software asset. Character Limit = 100.
+costPerLicense          Double     [Optional] Cost per license for the software asset. Number will be converted to display 2 decimal points.
+totalLicenses           Integer    [Optional] Number of total licenses for the software asset.
+totalLicenseCost        Double     [Optional] Total cost of the licenses for the software asset. Number will be converted to display 2 decimal points.
+licensesUsed            Integer    [Optional] Number of licenses used for the software asset.
+licensePoc              String     [Optional] Point of contact (POC) for the software asset. Character Limit = 100.
+licenseRenewalDate      Date       [Optional] License renewal date for the software asset. Unix date format.
+licenseExpirationDate   Date       [Optional] License expiration date for the software asset. Unix date format.
+approvalStatus**        String     [Optional] Approval status of the software asset. Character Limit = 100.
+releaseDate             Date       [Optional] Release date of the software asset. Unix date format.
+maintenanceDate         Date       [Optional] Maintenance date of the software asset. Unix date format.
+retirementDate          Date       [Optional] Retirement date of the software asset. Unix date format.
+endOfLifeSupportDate    Date       [Optional] End of life/support date of the software asset. Unix date format.
+criticalAsset           Boolean    [Optional] Indicates whether the asset is a critical information system asset. The default value is false.
+location                String     [Optional] Location of the software asset Character Limit = 250.
+purpose                 String     [Optional] Purpose of the software asset. Character Limit = 1,000.
+extendedEndOfLifeSupportDate Date  [Optional] If set, the Extended End of Life/Support Date cannot occur prior to the End of Life/Support Date. Unix date format.
+unsupportedOperatingSystem Boolean [Optional] Unsupported operating system. VA only.
+unapprovedSoftwareFromTrm  Boolean [Optional] Unapproved software from TRM. VA only.
+approvedWaiver             Boolean [Optional] Approved waiver. VA only.
+
+
+* Software Type - default values include the following options, however custom values can be entered to create new options:
+  COTS Application, GOTS Application, Office Automation, Security Application, Server Application, Web Application
+
+** Approval Status default values include the following options, however custom values can be entered to create new options:
+  Approved - DISA UC APL, Approved - FIPS 140-2, Approved - NIAP CCVES,
+  Approved - NSA Crypto, Approved - NSA CSfC, In Progress, Unapproved
+
+
+Example:
+
+bundle exec exe/emasser post software add [-s, --systemId] <value> [-V, --softwareVendor] <value>  [-N, --softwareName] <value> [-v --version] <value>
+
+Note: The example does not list any optional or conditional fields

data/lib/emasser/help/software_put_mapper.md

@@ -0,0 +1,60 @@
+Endpoint request parameters/fields
+
+Field                   Data Type  Details
+-------------------------------------------------------------------------------------------------
+systemId                Integer    [Required] Unique eMASS identifier. Will need to provide correct number.
+softwareId              String     [Required] Unique software identifier.
+softwareVendor          String     [Required] Vendor of the software asset. Character Limit = 100.
+softwareName            String     [Required] Name of the software asset. Character Limit = 100.
+version                 String     [Required] Version of the software asset. Character Limit = 100.
+
+approvalDate            Date       [Conditional] Approval date of the software asset. If Approval Status is set to “Unapproved”
+                                                 or “In Progress”, Approval Date will be set to null. Unix date format.
+
+softwareType*           String     [Optional] Type of the software asset. Character Limit = 100.
+parentSystem            String     [Optional] Parent system of the software asset. Character Limit = 100.
+subsystem               String     [Optional] Subsystem of the software asset. Character Limit = 100.
+network                 String     [Optional] Network of the software asset. Character Limit = 100.
+hostingEnvironment      String     [Optional] Hosting environment of the software asset. Character Limit = 100.
+softwareDependencies    String     [Optional] Dependencies for the software asset. Character Limit = 100.
+cryptographicHash       String     [Optional] Cryptographic hash for the software asset. Character Limit = 100.
+inServiceData           String     [Optional] In service data for the software asset. Character Limit = 100.
+itBudgetUii             String     [Optional] IT budget UII for the software asset. Character Limit = 50.
+fiscalYear              String     [Optional] Fiscal year (FY) for the software asset. Character Limit = 20.
+popEndDate              Date       [Optional] Period of performance (POP) end date for the software asset. Unix time format.
+licenseOrContract       String     [Optional] License or contract for the software asset. Character Limit = 250.
+licenseTerm             String     [Optional] License term for the software asset. Character Limit = 100.
+costPerLicense          Double     [Optional] Cost per license for the software asset. Number will be converted to display 2 decimal points.
+totalLicenses           Integer    [Optional] Number of total licenses for the software asset.
+totalLicenseCost        Double     [Optional] Total cost of the licenses for the software asset. Number will be converted to display 2 decimal points.
+licensesUsed            Integer    [Optional] Number of licenses used for the software asset.
+licensePoc              String     [Optional] Point of contact (POC) for the software asset. Character Limit = 100.
+licenseRenewalDate      Date       [Optional] License renewal date for the software asset. Unix date format.
+licenseExpirationDate   Date       [Optional] License expiration date for the software asset. Unix date format.
+approvalStatus**        String     [Optional] Approval status of the software asset. Character Limit = 100.
+releaseDate             Date       [Optional] Release date of the software asset. Unix date format.
+maintenanceDate         Date       [Optional] Maintenance date of the software asset. Unix date format.
+retirementDate          Date       [Optional] Retirement date of the software asset. Unix date format.
+endOfLifeSupportDate    Date       [Optional] End of life/support date of the software asset. Unix date format.
+criticalAsset           Boolean    [Optional] Indicates whether the asset is a critical information system asset. The default value is false.
+location                String     [Optional] Location of the software asset Character Limit = 250.
+purpose                 String     [Optional] Purpose of the software asset. Character Limit = 1,000.
+extendedEndOfLifeSupportDate Date  [Optional] If set, the Extended End of Life/Support Date cannot occur prior to the End of Life/Support Date. Unix date format.
+unsupportedOperatingSystem Boolean [Optional] Unsupported operating system. VA only.
+unapprovedSoftwareFromTrm  Boolean [Optional] Unapproved software from TRM. VA only.
+approvedWaiver             Boolean [Optional] Approved waiver. VA only.
+
+
+* Software Type - default values include the following options, however custom values can be entered to create new options:
+  COTS Application, GOTS Application, Office Automation, Security Application, Server Application, Web Application
+
+** Approval Status default values include the following options, however custom values can be entered to create new options:
+  Approved - DISA UC APL, Approved - FIPS 140-2, Approved - NIAP CCVES,
+  Approved - NSA Crypto, Approved - NSA CSfC, In Progress, Unapproved
+
+
+Example:
+
+bundle exec exe/emasser post software update [-s, --systemId] <value> [-S --softwareId] <value> [-V, --softwareVendor] <value>  [-N, --softwareName] <value> [-v --version] <value>
+
+Note: The example does not list any optional or conditional fields

data/lib/emasser/help/staticcode_post_mapper.md

@@ -11,10 +11,6 @@ codeCheckName           String     [Required] Name of the software vulnerability
 scanDate                Integer    [Required] The findings scan date - Unix time format
 cweId                   String     [Required] The Common Weakness Enumerator (CWE) identifier
 
-rawSeverity*            String     [Optional] Values include the following: (Low, Medium, Moderate, High, Critical)
-count                   Integer    [Optional] Number of instances observed for a specified finding
-
-*rawSeverity: In eMASS, values of "Critical" will appear as "Very High", and values of “Medium” will appear as "Moderate". Any values not listed as options in the list above will map to “Unknown” and appear as blank values.
 
 Example:
 

data/lib/emasser/help/testresults_post_mapper.md

@@ -2,20 +2,17 @@ Endpoint request body parameters/fields
 
 Field            Data Type   Details
 -------------------------------------------------------------------------------------------------
-systemId         Integer     [Required] Unique eMASS identifier. Will need to provide correct number
-cci              String      [Required] CCI associated with the test result.
-isInherited      Boolean     [Read-Only] Indicates whether a test result is inherited.
-testedBy         String      [Required] Last Name, First Name. 100 Characters. 
-testDate         Date        [Required] Unix time format.
-description      String      [Required] Include description of test result. 4000 Characters.
-type             String      [Read-Only] Indicates the location in the Control Approval Chain when the test result is submitted.
-complianceStatus String      [Required] Values include the following: (Compliant, Non-Compliant, Not Applicable)
+systemId            Integer  [Required] Unique eMASS identifier. Will need to provide correct number
+assessmentProcedure String   [Required] The Security Control Assessment Procedure being assessed.
+testedBy            String   [Required] Last Name, First Name. 100 Characters. 
+testDate            Date     [Required] Unix time format.
+description         String   [Required] Include description of test result. 4000 Characters.
+complianceStatus    String   [Required] Values include the following: (Compliant, Non-Compliant, Not Applicable)
 
-control          String      [Read-Only] Control acronym associated with the test result. NIST SP 800-53 Revision 4 defined.
 
 Example:
 
-bundle exec exe/emasser post test_results add --systemId [value] --cci [value] --testedBy [value] --testDate [value] --description [value] --complianceStatus [value]
+bundle exec exe/emasser post test_results add [-s --systemId] <value> --assessmentProcedure <value> --testedBy <value> --testDate <value? --description <value> --complianceStatus <value>
 
-Note: If no POA&Ms or AP exist for the control (system), you will get this response:
+Note: If no POA&Ms or Assessment Procedure exist for the control (system), you will get this response:
 "You have entered a Non-Compliant Test Result. You must create a POA&M Item for this Control and/or AP if one does not already exist."

data/lib/emasser/output_converters.rb

@@ -2,7 +2,7 @@
 
 module OutputConverters
   # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Style/TernaryParentheses
-  # rubocop:disable Style/IfWithBooleanLiteralBranches, Style/RescueStandardError, Metrics/BlockNesting
+  # rubocop:disable Style/IfWithBooleanLiteralBranches, Style/RescueStandardError, Metrics/BlockNesting, Style/RedundantCondition
   def to_output_hash(obj)
     diplay_nulls = (ENV.fetch('EMASSER_CLI_DISPLAY_NULL', 'true').eql? 'true') ? true : false
     diplay_datetime = (ENV.fetch('EMASSER_EPOCH_TO_DATETIME', 'false').eql? 'true') ? true : false
@@ -20,66 +20,76 @@ module OutputConverters
       if !diplay_nulls
         clean_obj = {}
         data_obj = {}
-        obj.each do |key, value|
-          if key.to_s.include?('meta')
-            obj_entry = {}
-            obj_entry[:meta] = value
-            clean_obj.merge!(obj_entry)
-          elsif key.to_s.include?('data')
-            if value.is_a?(Array)
-              hash_array = []
-              value.each do |elements|
-                hash_array << elements.compact
+        begin
+          obj.each do |key, value|
+            if key.to_s.include?('meta')
+              obj_entry = {}
+              obj_entry[:meta] = value
+              clean_obj.merge!(obj_entry)
+            elsif key.to_s.include?('data')
+              if value.is_a?(Array)
+                hash_array = []
+                value.map do |elements|
+                  hash_array << elements.compact
+                end
+                data_obj['data'] = hash_array
+              else
+                data_obj['data'] = value.nil? ? value : value.compact
               end
-              data_obj['data'] = hash_array
-            else
-              data_obj['data'] = value.nil? ? value : value.compact
+            elsif key.to_s.include?('pagination')
+              pg_obj = {}
+              pg_obj[:pagination] = value
+              data_obj.merge!(pg_obj)
             end
-          elsif key.to_s.include?('pagination')
-            pg_obj = {}
-            pg_obj[:pagination] = value
-            data_obj.merge!(pg_obj)
+            clean_obj.merge!(data_obj)
           end
-          clean_obj.merge!(data_obj)
+          obj = clean_obj
+        rescue
+          obj
         end
-        obj = clean_obj
       end
 
       if diplay_datetime
         clean_obj = {}
         data_obj = {}
-        obj.each do |key, value|
-          if key.to_s.include?('meta')
-            obj_entry = {}
-            obj_entry[:meta] = value
-            clean_obj.merge!(obj_entry)
-          elsif key.to_s.include?('data')
-            if value.is_a?(Array)
-              hash_array = []
-              value.each do |element|
-                datetime_obj = change_to_datetime(element)
-                hash_array << datetime_obj
+        begin
+          obj.each do |key, value|
+            if key.to_s.include?('meta')
+              obj_entry = {}
+              obj_entry[:meta] = value
+              clean_obj.merge!(obj_entry)
+            elsif key.to_s.include?('data')
+              if value.is_a?(Array)
+                hash_array = []
+                value.each do |element|
+                  datetime_obj = change_to_datetime(element)
+                  hash_array << datetime_obj
+                end
+                data_obj['data'] = hash_array
+              else
+                data_obj['data'] = change_to_datetime(value)
               end
-              data_obj['data'] = hash_array
-            else
-              data_obj['data'] = change_to_datetime(value)
+            elsif key.to_s.include?('pagination')
+              pg_obj = {}
+              pg_obj[:pagination] = value
+              data_obj.merge!(pg_obj)
             end
-          elsif key.to_s.include?('pagination')
-            pg_obj = {}
-            pg_obj[:pagination] = value
-            data_obj.merge!(pg_obj)
+            clean_obj.merge!(data_obj)
           end
-          clean_obj.merge!(data_obj)
+          obj = clean_obj
+        rescue
+          obj
         end
-        obj = clean_obj
       end
       JSON.pretty_generate(obj)
     end
   end
   # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Style/TernaryParentheses
-  # rubocop:enable Style/IfWithBooleanLiteralBranches, Style/RescueStandardError, Metrics/BlockNesting
+  # rubocop:enable Style/IfWithBooleanLiteralBranches, Style/RescueStandardError, Metrics/BlockNesting, Style/RedundantCondition
 
+  # rubocop:disable Style/RedundantReturn
   # rubocop:disable Style/IdenticalConditionalBranches
+  # rubocop:disable Metrics/BlockNesting, Style/RescueStandardError
   # rubocop:disable Performance/RedundantMatch, Performance/RegexpMatch
   # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
   def change_to_datetime(obj)
@@ -92,24 +102,32 @@ module OutputConverters
       obj_entry = {}
       if value.is_a?(Array)
         hash_array = []
-        value.each do |element|
+        value.map do |element|
           hash_array << change_to_datetime(element)
         end
         obj_entry[key] = hash_array
         data_obj.merge!(obj_entry)
       else
+        date_value = value
         if /(DATE|TIMESTAMP|LASTSEEN|TIME|ATD)/.match(key.to_s.upcase)
-          value = value.nil? ? value : Time.at(value.to_i)
+          begin
+            date_value = Integer(value)
+            if date_value > 100000000
+              date_value = value.nil? ? value : Time.at(date_value)
+            end
+          rescue
+            date_value
+          end
         end
-        obj_entry[key] = value
+        obj_entry[key] = date_value
         data_obj.merge!(obj_entry)
       end
     end
-    # rubocop:disable Style/RedundantReturn
     return data_obj
-    # rubocop:enable Style/RedundantReturn
   end
+  # rubocop:enable Style/RedundantReturn
   # rubocop:enable Style/IdenticalConditionalBranches
+  # rubocop:enable Metrics/BlockNesting, Style/RescueStandardError
   # rubocop:enable Performance/RedundantMatch, Performance/RegexpMatch
   # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
 end