foreman_openscap 4.1.1 → 4.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/stylesheets/foreman_openscap/policy.css +5 -0
- data/app/controllers/api/v2/compliance/oval_contents_controller.rb +72 -0
- data/app/controllers/api/v2/compliance/oval_policies_controller.rb +111 -0
- data/app/controllers/api/v2/compliance/oval_reports_controller.rb +47 -0
- data/app/controllers/api/v2/compliance/scap_contents_controller.rb +2 -0
- data/app/controllers/concerns/foreman/controller/parameters/oval_content.rb +22 -0
- data/app/controllers/concerns/foreman/controller/parameters/oval_policy.rb +22 -0
- data/app/controllers/concerns/foreman_openscap/hosts_controller_extensions.rb +1 -1
- data/app/graphql/types/cve.rb +17 -0
- data/app/graphql/types/oval_content.rb +17 -0
- data/app/graphql/types/oval_policy.rb +21 -0
- data/app/helpers/arf_reports_helper.rb +7 -24
- data/app/helpers/policies_helper.rb +4 -17
- data/app/mailers/foreman_openscap/policy_mailer.rb +2 -2
- data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb +1 -1
- data/app/models/concerns/foreman_openscap/data_stream_content.rb +0 -17
- data/app/models/concerns/foreman_openscap/host_extensions.rb +11 -11
- data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb +3 -5
- data/app/models/concerns/foreman_openscap/inherited_policies.rb +11 -0
- data/app/models/concerns/foreman_openscap/oval_facet_host_extensions.rb +38 -0
- data/app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb +15 -0
- data/app/models/concerns/foreman_openscap/policy_common.rb +75 -0
- data/app/models/concerns/foreman_openscap/scap_file_content.rb +24 -0
- data/app/models/foreman_openscap/arf_report.rb +2 -2
- data/app/models/foreman_openscap/cve.rb +23 -0
- data/app/models/foreman_openscap/host/oval_facet.rb +14 -0
- data/app/models/foreman_openscap/host_cve.rb +7 -0
- data/app/models/foreman_openscap/hostgroup/oval_facet.rb +14 -0
- data/app/models/foreman_openscap/hostgroup_oval_facet_oval_policy.rb +6 -0
- data/app/models/foreman_openscap/oval_content.rb +26 -0
- data/app/models/foreman_openscap/oval_facet_oval_policy.rb +6 -0
- data/app/models/foreman_openscap/oval_policy.rb +54 -0
- data/app/models/foreman_openscap/oval_status.rb +45 -0
- data/app/models/foreman_openscap/policy.rb +10 -73
- data/app/models/foreman_openscap/scap_content.rb +1 -0
- data/app/models/foreman_openscap/tailoring_file.rb +1 -0
- data/app/services/foreman_openscap/client_config/ansible.rb +39 -6
- data/app/services/foreman_openscap/client_config/base.rb +5 -1
- data/app/services/foreman_openscap/client_config/puppet.rb +2 -1
- data/app/services/foreman_openscap/config_name_service.rb +1 -1
- data/app/services/foreman_openscap/hostgroup_overrider.rb +2 -24
- data/app/services/foreman_openscap/hostgroup_overrider_common.rb +28 -0
- data/app/services/foreman_openscap/lookup_key_overrider.rb +30 -62
- data/app/services/foreman_openscap/lookup_key_overrides_common.rb +63 -0
- data/app/services/foreman_openscap/oval/check_collection.rb +45 -0
- data/app/services/foreman_openscap/oval/configure.rb +80 -0
- data/app/services/foreman_openscap/oval/cves.rb +41 -0
- data/app/services/foreman_openscap/oval/setup.rb +93 -0
- data/app/services/foreman_openscap/oval/setup_check.rb +55 -0
- data/app/services/foreman_openscap/oval/sync_oval_contents.rb +42 -0
- data/app/views/api/v2/compliance/oval_contents/base.json.rabl +6 -0
- data/app/views/api/v2/compliance/oval_contents/create.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/show.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/sync.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/sync_result.json.rabl +11 -0
- data/app/views/api/v2/compliance/oval_contents/update.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/create.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/main.json.rabl +15 -0
- data/app/views/api/v2/compliance/oval_policies/show.json.rabl +3 -0
- data/app/views/api/v2/compliance/policies/base.json.rabl +2 -2
- data/app/views/api/v2/compliance/policies_common/_attrs.json.rabl +2 -0
- data/app/views/arf_reports/_output.html.erb +9 -1
- data/app/views/arf_reports/show.html.erb +1 -1
- data/app/views/arf_reports/show_html.html.erb +1 -0
- data/app/views/compliance_hosts/show.html.erb +1 -8
- data/app/views/job_templates/run_oval_scans.erb +24 -0
- data/app/views/policies/edit.html.erb +3 -2
- data/app/views/policies/show.html.erb +3 -1
- data/app/views/policies/steps/_deployment_options_form.html.erb +2 -2
- data/app/views/scap_contents/edit.html.erb +2 -12
- data/app/views/tailoring_files/edit.html.erb +2 -10
- data/config/initializers/inflections.rb +12 -0
- data/config/routes.rb +19 -0
- data/db/migrate/20201019074925_create_oval_policy.rb +13 -0
- data/db/migrate/20201020113801_create_oval_facet.rb +14 -0
- data/db/migrate/20201021084109_create_hostgroup_oval_facet.rb +14 -0
- data/db/migrate/20201106080924_create_oval_content.rb +12 -0
- data/db/migrate/20201116110256_add_oval_content_to_oval_policy.rb +5 -0
- data/db/migrate/20201120080329_create_cves.rb +13 -0
- data/db/migrate/20201202110213_update_puppet_port_param_type.rb +2 -6
- data/db/migrate/20201217130800_add_has_errata_to_cve.rb +8 -0
- data/db/migrate/20201217161511_add_url_to_oval_content.rb +5 -0
- data/db/migrate/20210409095625_add_oval_policy_reference_to_cve.rb +7 -0
- data/db/seeds.d/75-job_templates.rb +3 -2
- data/lib/foreman_openscap/bulk_upload.rb +2 -2
- data/lib/foreman_openscap/engine.rb +67 -9
- data/lib/foreman_openscap/version.rb +1 -1
- data/lib/tasks/foreman_openscap_tasks.rake +14 -9
- data/locale/de/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/de/foreman_openscap.edit.po +0 -0
- data/locale/de/foreman_openscap.po +215 -17
- data/locale/en_GB/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/en_GB/foreman_openscap.edit.po +0 -0
- data/locale/en_GB/foreman_openscap.po +213 -15
- data/locale/es/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/es/foreman_openscap.edit.po +0 -0
- data/locale/es/foreman_openscap.po +239 -41
- data/locale/foreman_openscap.pot +395 -112
- data/locale/fr/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/fr/foreman_openscap.edit.po +0 -0
- data/locale/fr/foreman_openscap.po +243 -45
- data/locale/gl/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/gl/foreman_openscap.edit.po +0 -0
- data/locale/gl/foreman_openscap.po +213 -15
- data/locale/it/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/it/foreman_openscap.edit.po +0 -0
- data/locale/it/foreman_openscap.po +213 -15
- data/locale/ja/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ja/foreman_openscap.edit.po +0 -0
- data/locale/ja/foreman_openscap.po +262 -66
- data/locale/ko/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ko/foreman_openscap.edit.po +0 -0
- data/locale/ko/foreman_openscap.po +214 -16
- data/locale/pt_BR/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/pt_BR/foreman_openscap.edit.po +0 -0
- data/locale/pt_BR/foreman_openscap.po +252 -54
- data/locale/ru/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ru/foreman_openscap.edit.po +0 -0
- data/locale/ru/foreman_openscap.po +214 -16
- data/locale/sv_SE/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/sv_SE/foreman_openscap.edit.po +0 -0
- data/locale/sv_SE/foreman_openscap.po +213 -15
- data/locale/zh_CN/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/zh_CN/foreman_openscap.edit.po +0 -0
- data/locale/zh_CN/foreman_openscap.po +369 -169
- data/locale/zh_TW/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/zh_TW/foreman_openscap.edit.po +0 -0
- data/locale/zh_TW/foreman_openscap.po +214 -16
- data/package.json +48 -0
- data/test/factories/compliance_host_factory.rb +12 -0
- data/test/factories/oval_content_factory.rb +7 -0
- data/test/factories/oval_policy_factory.rb +9 -0
- data/test/files/oval_contents/ansible-2.9.oval.xml.bz2 +0 -0
- data/test/fixtures/cve_fixtures.rb +104 -0
- data/test/functional/api/v2/compliance/oval_contents_controller_test.rb +39 -0
- data/test/functional/api/v2/compliance/oval_policies_controller_test.rb +141 -0
- data/test/functional/api/v2/compliance/oval_reports_controller_test.rb +32 -0
- data/test/graphql/queries/oval_contents_query_test.rb +35 -0
- data/test/graphql/queries/oval_policies_query_test.rb +35 -0
- data/test/test_plugin_helper.rb +4 -0
- data/test/unit/oval_host_test.rb +45 -0
- data/test/unit/oval_policy_test.rb +133 -0
- data/test/unit/oval_status_test.rb +47 -0
- data/test/unit/services/oval/cves_test.rb +81 -0
- data/test/unit/services/oval/setup_test.rb +87 -0
- data/webpack/components/EmptyState.js +67 -0
- data/webpack/components/IndexLayout.js +35 -0
- data/webpack/components/IndexLayout.scss +3 -0
- data/webpack/components/IndexTable/IndexTableHelper.js +9 -0
- data/webpack/components/IndexTable/index.js +66 -0
- data/webpack/components/RuleSeverity/RuleSeverity.scss +3 -0
- data/webpack/components/RuleSeverity/RuleSeverity.test.js +13 -0
- data/webpack/components/RuleSeverity/__snapshots__/RuleSeverity.test.js.snap +41 -0
- data/webpack/components/RuleSeverity/i_severity-critical.svg +61 -0
- data/webpack/components/RuleSeverity/i_severity-high.svg +61 -0
- data/webpack/components/RuleSeverity/i_severity-low.svg +62 -0
- data/webpack/components/RuleSeverity/i_severity-med.svg +62 -0
- data/webpack/components/RuleSeverity/i_unknown.svg +33 -0
- data/webpack/components/RuleSeverity/index.js +33 -0
- data/webpack/components/withLoading.js +68 -0
- data/webpack/global_index.js +5 -0
- data/webpack/graphql/queries/cves.gql +18 -0
- data/webpack/graphql/queries/ovalContents.gql +11 -0
- data/webpack/graphql/queries/ovalPolicies.gql +12 -0
- data/webpack/graphql/queries/ovalPolicy.gql +21 -0
- data/webpack/helpers/commonHelper.js +1 -0
- data/webpack/helpers/globalIdHelper.js +13 -0
- data/webpack/helpers/pageParamsHelper.js +31 -0
- data/webpack/helpers/pathsHelper.js +22 -0
- data/webpack/helpers/tableHelper.js +9 -0
- data/webpack/index.js +8 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsIndex.js +45 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsTable.js +38 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.fixtures.js +106 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.test.js +75 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/index.js +7 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesIndex.js +46 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesTable.js +44 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.fixtures.js +61 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.test.js +78 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/index.js +7 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTab.js +48 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTable.js +63 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShow.js +79 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShowHelper.js +39 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.fixtures.js +78 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.test.js +112 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/index.js +35 -0
- data/webpack/routes/routes.js +28 -0
- data/webpack/testHelper.js +64 -0
- metadata +143 -3
@@ -0,0 +1,15 @@
|
|
1
|
+
object @oval_policy
|
2
|
+
|
3
|
+
extends "api/v2/compliance/common/org"
|
4
|
+
extends "api/v2/compliance/common/loc"
|
5
|
+
extends "api/v2/compliance/policies_common/attrs"
|
6
|
+
|
7
|
+
attributes :created_at, :updated_at, :oval_content_id
|
8
|
+
|
9
|
+
child :hosts => :hosts do |host|
|
10
|
+
attributes :id, :name
|
11
|
+
end
|
12
|
+
|
13
|
+
child :hostgroups => :hostgroups do |hg|
|
14
|
+
attributes :id, :name
|
15
|
+
end
|
@@ -2,6 +2,6 @@ object @policy
|
|
2
2
|
|
3
3
|
extends "api/v2/compliance/common/org"
|
4
4
|
extends "api/v2/compliance/common/loc"
|
5
|
+
extends "api/v2/compliance/policies_common/attrs"
|
5
6
|
|
6
|
-
attributes :
|
7
|
-
:tailoring_file_id, :tailoring_file_profile_id, :deploy_by
|
7
|
+
attributes :scap_content_id, :scap_content_profile_id, :tailoring_file_id, :tailoring_file_profile_id, :deploy_by
|
@@ -1,3 +1,11 @@
|
|
1
|
+
<% content_for(:javascripts) do %>
|
2
|
+
<%= webpacked_plugins_js_for :foreman_openscap %>
|
3
|
+
<% end %>
|
4
|
+
<% content_for(:stylesheets) do %>
|
5
|
+
<%= webpacked_plugins_css_for :foreman_openscap %>
|
6
|
+
<% end %>
|
7
|
+
|
8
|
+
|
1
9
|
<table id='report_log' class="<%= table_css_classes %>">
|
2
10
|
<thead>
|
3
11
|
<tr>
|
@@ -16,7 +24,7 @@
|
|
16
24
|
<%= render :partial => 'detailed_message', :locals => { :message => log.message } %>
|
17
25
|
</td>
|
18
26
|
<td><%= log.source %></td>
|
19
|
-
<td
|
27
|
+
<td><%= react_component 'RuleSeverity', { :severity => log.message.severity.downcase } %></td>
|
20
28
|
<td><%= host_search_by_rule_result_buttons(log.source) %></td>
|
21
29
|
</tr>
|
22
30
|
<% end %>
|
@@ -3,14 +3,7 @@
|
|
3
3
|
|
4
4
|
<%= breadcrumbs(:resource_url => api_hosts_path,
|
5
5
|
:resource_filter => "is_compliance_host = true",
|
6
|
-
:name_field => 'name'
|
7
|
-
:switchable => true,
|
8
|
-
:items => [
|
9
|
-
{ :caption => _('Compliance Hosts'),
|
10
|
-
:url => url_for(hosts_path(:search => "is_compliance_host = true")) },
|
11
|
-
{ :caption => ((N_("%s compliance reports by policy") % @host.to_label)),
|
12
|
-
:url => (host_path(@host) if authorized_for(hash_for_host_path(@host))) }
|
13
|
-
])
|
6
|
+
:name_field => 'name')
|
14
7
|
%>
|
15
8
|
<% title n_("%s compliance report by policy", "%s compliance reports by policy" , @host.combined_policies.length) % @host.to_label %>
|
16
9
|
<% @host.combined_policies.each do |policy| %>
|
@@ -0,0 +1,24 @@
|
|
1
|
+
<%#
|
2
|
+
name: Run OVAL scans
|
3
|
+
job_category: OpenSCAP
|
4
|
+
description_format: Run scan for specified OVAL Policies
|
5
|
+
feature: foreman_openscap_run_oval_scans
|
6
|
+
provider_type: SSH
|
7
|
+
snippet: false
|
8
|
+
provider_type: SSH
|
9
|
+
kind: job_template
|
10
|
+
template_inputs:
|
11
|
+
- name: oval_policies
|
12
|
+
description: Comma separated OVAL Policy Ids to run
|
13
|
+
input_type: user
|
14
|
+
advanced: true
|
15
|
+
-%>
|
16
|
+
<% unless input('oval_policies').blank? -%>
|
17
|
+
<% input('oval_policies').split(',').map do |id| -%>
|
18
|
+
/usr/bin/foreman_scap_client oval <%= id %>
|
19
|
+
<% end -%>
|
20
|
+
<% else -%>
|
21
|
+
<% @host.oval_policies_enc_raw.map do |policy| -%>
|
22
|
+
/usr/bin/foreman_scap_client oval <%= policy['id'] %>
|
23
|
+
<% end -%>
|
24
|
+
<% end -%>
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
<% title _("Details for Compliance Policy %s") % @policy.name %>
|
2
|
+
<%= breadcrumbs(:resource_url => api_compliance_policies_path,
|
3
|
+
:name_field => 'name') %>
|
2
4
|
|
3
5
|
<div class="row">
|
4
6
|
<iframe style="min-height: 800px" height="100%" width="100%" frameborder="0" src="<%= parse_policy_path(@policy) %>"></iframe>
|
@@ -3,8 +3,8 @@
|
|
3
3
|
|
4
4
|
<div class="alert alert-info" id="scap-deployment-options-info-banner">
|
5
5
|
<span class="pficon pficon-info"></span>
|
6
|
-
<strong
|
7
|
-
Please make sure you understand them by reading our <%=
|
6
|
+
<strong><%= _('There are significant differences in deployment options.') %></strong>
|
7
|
+
<%= _('Please make sure you understand them by reading our') %> <%=scap_doc_link('#2.3Policydeploymentoptions') %>.
|
8
8
|
</div>
|
9
9
|
|
10
10
|
<%= deploy_by_radios f, @policy %>
|
@@ -1,15 +1,5 @@
|
|
1
|
-
<% title _("Edit
|
1
|
+
<% title _("Edit %s") % @scap_content.title %>
|
2
2
|
<%= breadcrumbs(:resource_url => api_compliance_scap_contents_path,
|
3
|
-
:name_field => 'title'
|
4
|
-
:items => [
|
5
|
-
{ :caption => _('Scap Contents'),
|
6
|
-
:url => url_for(scap_contents_path)
|
7
|
-
},
|
8
|
-
{ :caption => @scap_content.title,
|
9
|
-
:url => (edit_scap_content_path(@scap_content) if authorized_for(hash_for_edit_scap_content_path(@scap_content)))
|
10
|
-
}
|
11
|
-
]
|
12
|
-
) if @scap_content %>
|
13
|
-
|
3
|
+
:name_field => 'title') %>
|
14
4
|
|
15
5
|
<%= render :partial => 'form' %>
|
@@ -1,13 +1,5 @@
|
|
1
|
-
<% title _("Edit
|
1
|
+
<% title _("Edit %s") % @tailoring_file.name %>
|
2
2
|
<%= breadcrumbs(:resource_url => api_compliance_tailoring_files_path,
|
3
|
-
:
|
4
|
-
{ :caption => _('Tailoring Files'),
|
5
|
-
:url => url_for(tailoring_files_path)
|
6
|
-
},
|
7
|
-
{ :caption => @tailoring_file.name,
|
8
|
-
:url => (edit_tailoring_file_path(@tailoring_file) if authorized_for(hash_for_edit_tailoring_file_path(@tailoring_file)))
|
9
|
-
}
|
10
|
-
]
|
11
|
-
) if @tailoring_file %>
|
3
|
+
:name_field => 'name') %>
|
12
4
|
|
13
5
|
<%= render :partial => 'form' %>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Add new inflection rules using the following format
|
4
|
+
# (all these examples are active by default):
|
5
|
+
ActiveSupport::Inflector.inflections do |inflect|
|
6
|
+
# inflect.plural /^(ox)$/i, '\1en'
|
7
|
+
# inflect.singular /^(ox)en/i, '\1'
|
8
|
+
# inflect.irregular 'person', 'people'
|
9
|
+
# inflect.uncountable %w(fish sheep)
|
10
|
+
|
11
|
+
inflect.singular 'cves', 'cve'
|
12
|
+
end
|
data/config/routes.rb
CHANGED
@@ -1,4 +1,7 @@
|
|
1
1
|
Rails.application.routes.draw do
|
2
|
+
match '/experimental/compliance' => 'react#index', :via => [:get]
|
3
|
+
match '/experimental/compliance/*page' => 'react#index', :via => [:get]
|
4
|
+
|
2
5
|
scope '/compliance' do
|
3
6
|
resources :arf_reports, :only => %i[index show destroy] do
|
4
7
|
member do
|
@@ -87,8 +90,24 @@ Rails.application.routes.draw do
|
|
87
90
|
get 'download_html'
|
88
91
|
end
|
89
92
|
end
|
93
|
+
|
90
94
|
post 'arf_reports/:cname/:policy_id/:date', \
|
91
95
|
:constraints => { :cname => /[^\/]+/ }, :to => 'arf_reports#create'
|
96
|
+
|
97
|
+
resources :oval_contents, :except => %i[new edit] do
|
98
|
+
collection do
|
99
|
+
post 'sync'
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
resources :oval_policies, :except => %i[new edit] do
|
104
|
+
member do
|
105
|
+
post 'assign_hostgroups'
|
106
|
+
post 'assign_hosts'
|
107
|
+
get 'oval_content'
|
108
|
+
end
|
109
|
+
end
|
110
|
+
post 'oval_reports/:cname/:oval_policy_id/:date', :constraints => { :cname => /[^\/]+/ }, :to => 'oval_reports#create'
|
92
111
|
end
|
93
112
|
end
|
94
113
|
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
class CreateOvalPolicy < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
create_table :foreman_openscap_oval_policies do |t|
|
4
|
+
t.string :name, unique: true
|
5
|
+
t.string :description
|
6
|
+
t.string :period
|
7
|
+
t.string :weekday
|
8
|
+
t.integer :day_of_month
|
9
|
+
t.string :cron_line
|
10
|
+
t.timestamps
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
class CreateOvalFacet < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
create_table :foreman_openscap_oval_facets do |t|
|
4
|
+
t.references 'host', :null => false
|
5
|
+
end
|
6
|
+
|
7
|
+
add_index :foreman_openscap_oval_facets, [:host_id], :unique => true, :name => :foreman_openscap_oval_facets_host_id
|
8
|
+
|
9
|
+
create_table :foreman_openscap_oval_facet_oval_policies do |t|
|
10
|
+
t.references 'oval_policy', :null => false, :index => { :name => 'index_oval_facet_oval_policies_on_oval_policy_id'}
|
11
|
+
t.references 'oval_facet', :null => false, :index => { :name => 'index_oval_facet_oval_policies_on_oval_facet_id'}
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
class CreateHostgroupOvalFacet < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
create_table :foreman_openscap_hostgroup_oval_facets do |t|
|
4
|
+
t.references 'hostgroup', :null => false
|
5
|
+
end
|
6
|
+
|
7
|
+
add_index :foreman_openscap_hostgroup_oval_facets, [:hostgroup_id], :unique => true, :name => :foreman_openscap_hostgroup_oval_facets_hostgroup_id
|
8
|
+
|
9
|
+
create_table :foreman_openscap_hostgroup_oval_facet_oval_policies do |t|
|
10
|
+
t.references 'oval_policy', :null => false, :index => { :name => 'index_hg_oval_facet_oval_policies_on_oval_policy_id'}
|
11
|
+
t.references 'oval_facet', :null => false, :index => { :name => 'index_hg_oval_facet_oval_policies_on_hg_oval_facet_id'}
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class CreateOvalContent < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
create_table :foreman_openscap_oval_contents do |t|
|
4
|
+
t.string :name, null: false
|
5
|
+
t.string :digest
|
6
|
+
t.string :original_filename
|
7
|
+
t.binary :scap_file
|
8
|
+
end
|
9
|
+
|
10
|
+
add_index :foreman_openscap_oval_contents, :name, :unique => true
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
class CreateCves < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
create_table :foreman_openscap_cves do |t|
|
4
|
+
t.string :ref_id, :null => false, :unique => true
|
5
|
+
t.string :ref_url, :null => false, :unique => true
|
6
|
+
end
|
7
|
+
|
8
|
+
create_table :foreman_openscap_host_cves do |t|
|
9
|
+
t.references :host, :null => false
|
10
|
+
t.references :cve, :null => false
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
@@ -14,15 +14,11 @@ class UpdatePuppetPortParamType < ActiveRecord::Migration[6.0]
|
|
14
14
|
return unless puppet_class
|
15
15
|
port_key = puppet_class.class_params.find_by :key => 'port'
|
16
16
|
return unless port_key
|
17
|
-
def_value = port_key.default_value
|
18
17
|
|
19
18
|
if method == :to_i
|
20
|
-
port_key.key_type
|
21
|
-
port_key.default_value = def_value.to_i
|
19
|
+
port_key.update_columns(:key_type => "integer", :default_value => port_key.default_value.to_i)
|
22
20
|
else
|
23
|
-
port_key.key_type
|
24
|
-
port_key.default_value = port_key.default_value.to_s
|
21
|
+
port_key.update_columns(:key_type => "string", :default_value => port_key.default_value.to_s)
|
25
22
|
end
|
26
|
-
port_key.save!
|
27
23
|
end
|
28
24
|
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
class AddHasErrataToCve < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
add_column :foreman_openscap_cves, :has_errata, :boolean
|
4
|
+
add_column :foreman_openscap_cves, :definition_id, :string, :null => false
|
5
|
+
change_column :foreman_openscap_cves, :ref_id, :string, :null => false
|
6
|
+
change_column :foreman_openscap_cves, :ref_url, :string, :null => false
|
7
|
+
end
|
8
|
+
end
|
@@ -0,0 +1,7 @@
|
|
1
|
+
class AddOvalPolicyReferenceToCve < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
add_column :foreman_openscap_host_cves, :oval_policy_id, :integer, :references => :oval_policy
|
4
|
+
|
5
|
+
add_index :foreman_openscap_host_cves, [:host_id, :oval_policy_id, :cve_id], :unique => true, :name => :index_oval_policy_host_cve_id_on_host_cve
|
6
|
+
end
|
7
|
+
end
|
@@ -11,8 +11,9 @@ if ForemanOpenscap.with_remote_execution?
|
|
11
11
|
else
|
12
12
|
template = JobTemplate.import!(File.read(template), :default => true, :lock => true, :update => sync)
|
13
13
|
end
|
14
|
-
|
15
|
-
template.
|
14
|
+
next unless template.present?
|
15
|
+
template.organizations = organizations
|
16
|
+
template.locations = locations
|
16
17
|
end
|
17
18
|
end
|
18
19
|
end
|
@@ -49,8 +49,8 @@ module ForemanOpenscap
|
|
49
49
|
next if scap_content.persisted?
|
50
50
|
scap_content.scap_file = file
|
51
51
|
scap_content.original_filename = filename
|
52
|
-
scap_content.location_ids = Location.all.
|
53
|
-
scap_content.organization_ids = Organization.all.
|
52
|
+
scap_content.location_ids = Location.all.pluck(:id)
|
53
|
+
scap_content.organization_ids = Organization.all.pluck(:id)
|
54
54
|
|
55
55
|
if scap_content.save
|
56
56
|
@result.results.push(scap_content)
|
@@ -9,6 +9,7 @@ module ForemanOpenscap
|
|
9
9
|
config.autoload_paths += Dir["#{config.root}/app/helpers/concerns"]
|
10
10
|
config.autoload_paths += Dir["#{config.root}/app/models/concerns"]
|
11
11
|
config.autoload_paths += Dir["#{config.root}/app/models"]
|
12
|
+
config.autoload_paths += Dir["#{config.root}/app/graphql"]
|
12
13
|
config.autoload_paths += Dir["#{config.root}/app/lib"]
|
13
14
|
config.autoload_paths += Dir["#{config.root}/app/services"]
|
14
15
|
config.autoload_paths += Dir["#{config.root}/lib"]
|
@@ -41,8 +42,8 @@ module ForemanOpenscap
|
|
41
42
|
Apipie.configuration.checksum_path += ['/compliance/']
|
42
43
|
end
|
43
44
|
|
44
|
-
initializer 'foreman_openscap.
|
45
|
-
app.config.filter_parameters
|
45
|
+
initializer 'foreman_openscap.filter_large_params' do |app|
|
46
|
+
app.config.filter_parameters += %i[logs scap_file oval_results] if app.config.filter_parameters
|
46
47
|
end
|
47
48
|
|
48
49
|
initializer 'foreman_openscap.register_plugin', :before => :finisher_hook do |app|
|
@@ -52,6 +53,7 @@ module ForemanOpenscap
|
|
52
53
|
apipie_documented_controllers ["#{ForemanOpenscap::Engine.root}/app/controllers/api/v2/compliance/*.rb"]
|
53
54
|
|
54
55
|
register_custom_status ForemanOpenscap::ComplianceStatus
|
56
|
+
register_custom_status ForemanOpenscap::OvalStatus
|
55
57
|
|
56
58
|
# Add permissions
|
57
59
|
security_block :foreman_openscap do
|
@@ -120,6 +122,24 @@ module ForemanOpenscap
|
|
120
122
|
:resource_type => 'ForemanOpenscap::TailoringFile'
|
121
123
|
permission :view_openscap_proxies, { :openscap_proxies => [:openscap_spool] },
|
122
124
|
:resource_type => 'SmartProxy'
|
125
|
+
permission :view_oval_contents, { 'api/v2/compliance/oval_contents' => %i[index show] },
|
126
|
+
:resource_type => 'ForemanOpenscap::OvalContent'
|
127
|
+
permission :edit_oval_contents, { 'api/v2/compliance/oval_contents' => %i[update sync] },
|
128
|
+
:resource_type => 'ForemanOpenscap::OvalContent'
|
129
|
+
permission :create_oval_contents, { 'api/v2/compliance/oval_contents' => %i[create] },
|
130
|
+
:resource_type => 'ForemanOpenscap::OvalContent'
|
131
|
+
permission :destroy_oval_contents, { 'api/v2/compliance/oval_contents' => %i[destroy] },
|
132
|
+
:resource_type => 'ForemanOpenscap::OvalContent'
|
133
|
+
permission :view_oval_policies, { 'api/v2/compliance/oval_policies' => %i[index show oval_content] },
|
134
|
+
:resource_type => 'ForemanOpenscap::OvalPolicy'
|
135
|
+
permission :edit_oval_policies, { 'api/v2/compliance/oval_policies' => %i[update assign_hosts assign_hostgroups] },
|
136
|
+
:resource_type => 'ForemanOpenscap::OvalPolicy'
|
137
|
+
permission :create_oval_policies, { 'api/v2/compliance/oval_policies' => %i[create] },
|
138
|
+
:resource_type => 'ForemanOpenscap::OvalPolicy'
|
139
|
+
permission :destroy_oval_policies, { 'api/v2/compliance/oval_policies' => %i[destroy] },
|
140
|
+
:resource_type => 'ForemanOpenscap::OvalPolicy'
|
141
|
+
permission :create_oval_policies, { 'api/v2/compliance/oval_reports' => %i[create] },
|
142
|
+
:resource_type => 'ForemanOpenscap::Cve'
|
123
143
|
end
|
124
144
|
|
125
145
|
role "Compliance viewer", %i[view_arf_reports view_policies view_scap_contents view_tailoring_files view_openscap_proxies],
|
@@ -148,7 +168,15 @@ module ForemanOpenscap
|
|
148
168
|
menu :top_menu, :compliance_files, :caption => N_('Tailoring Files'),
|
149
169
|
:url_hash => { :controller => :tailoring_files, :action => :index },
|
150
170
|
:parent => :hosts_menu
|
171
|
+
menu :labs_menu, :oval_contents, :caption => N_('OVAL Contents'),
|
172
|
+
:url_hash => { :controller => 'react', :action => 'index' },
|
173
|
+
:url => '/experimental/compliance/oval_contents',
|
174
|
+
:parent => :lab_features_menu
|
151
175
|
|
176
|
+
menu :labs_menu, :oval_policies, :caption => N_('OVAL Policies'),
|
177
|
+
:url_hash => { :controller => 'react', :action => 'index' },
|
178
|
+
:url => '/experimental/compliance/oval_policies',
|
179
|
+
:parent => :lab_features_menu
|
152
180
|
# add dashboard widget
|
153
181
|
widget 'compliance_host_reports_widget',
|
154
182
|
:name => N_('Latest Compliance Reports'), :sizex => 6, :sizey => 1
|
@@ -169,7 +197,7 @@ module ForemanOpenscap
|
|
169
197
|
|
170
198
|
proxy_description = N_('OpenSCAP Proxy to use for fetching SCAP content and uploading ARF reports. Leave blank and override appropriate parameters when using proxy load balancer.')
|
171
199
|
|
172
|
-
smart_proxy_for Hostgroup, :openscap_proxy,
|
200
|
+
smart_proxy_for ::Hostgroup, :openscap_proxy,
|
173
201
|
:feature => 'Openscap',
|
174
202
|
:label => N_('OpenSCAP Proxy'),
|
175
203
|
:description => proxy_description,
|
@@ -188,6 +216,30 @@ module ForemanOpenscap
|
|
188
216
|
base_scope.preload(:policies)
|
189
217
|
end
|
190
218
|
|
219
|
+
register_global_js_file 'global'
|
220
|
+
|
221
|
+
register_graphql_query_field :oval_contents, '::Types::OvalContent', :collection_field
|
222
|
+
register_graphql_query_field :oval_policies, '::Types::OvalPolicy', :collection_field
|
223
|
+
register_graphql_query_field :oval_policy, '::Types::OvalPolicy', :record_field
|
224
|
+
register_graphql_query_field :cves, '::Types::Cve', :collection_field
|
225
|
+
|
226
|
+
# move to core
|
227
|
+
extend_graphql_type type: ::Types::Hostgroup do
|
228
|
+
field :descendants, Types::Hostgroup.connection_type, null: true, resolve: (proc do |object|
|
229
|
+
RecordLoader.for(model_class).load_many(object.descendant_ids)
|
230
|
+
end)
|
231
|
+
end
|
232
|
+
|
233
|
+
register_facet ForemanOpenscap::Host::OvalFacet, :oval_facet do
|
234
|
+
configure_host do
|
235
|
+
extend_model ForemanOpenscap::OvalFacetHostExtensions
|
236
|
+
end
|
237
|
+
|
238
|
+
configure_hostgroup(ForemanOpenscap::Hostgroup::OvalFacet) do
|
239
|
+
extend_model ForemanOpenscap::OvalFacetHostgroupExtensions
|
240
|
+
end
|
241
|
+
end
|
242
|
+
|
191
243
|
describe_host do
|
192
244
|
multiple_actions_provider :compliance_host_multiple_actions
|
193
245
|
overview_buttons_provider :compliance_host_overview_button
|
@@ -204,13 +256,13 @@ module ForemanOpenscap
|
|
204
256
|
# Include concerns in this config.to_prepare block
|
205
257
|
config.to_prepare do
|
206
258
|
::Api::V2::HostsController.send(:include, ForemanOpenscap::Api::V2::HostsControllerExtensions)
|
207
|
-
Host::Managed.send(:include, ForemanOpenscap::OpenscapProxyExtensions)
|
208
|
-
Host::Managed.send(:include, ForemanOpenscap::OpenscapProxyCoreExtensions)
|
209
|
-
Host::Managed.send(:prepend, ForemanOpenscap::HostExtensions)
|
259
|
+
::Host::Managed.send(:include, ForemanOpenscap::OpenscapProxyExtensions)
|
260
|
+
::Host::Managed.send(:include, ForemanOpenscap::OpenscapProxyCoreExtensions)
|
261
|
+
::Host::Managed.send(:prepend, ForemanOpenscap::HostExtensions)
|
210
262
|
HostsHelper.send(:prepend, ForemanOpenscap::HostsHelperExtensions)
|
211
|
-
Hostgroup.send(:include, ForemanOpenscap::OpenscapProxyExtensions)
|
212
|
-
Hostgroup.send(:include, ForemanOpenscap::OpenscapProxyCoreExtensions)
|
213
|
-
Hostgroup.send(:include, ForemanOpenscap::HostgroupExtensions)
|
263
|
+
::Hostgroup.send(:include, ForemanOpenscap::OpenscapProxyExtensions)
|
264
|
+
::Hostgroup.send(:include, ForemanOpenscap::OpenscapProxyCoreExtensions)
|
265
|
+
::Hostgroup.send(:include, ForemanOpenscap::HostgroupExtensions)
|
214
266
|
SmartProxy.send(:include, ForemanOpenscap::SmartProxyExtensions)
|
215
267
|
HostsController.send(:prepend, ForemanOpenscap::HostsControllerExtensions)
|
216
268
|
HostsController.send(:include, ForemanOpenscap::HostsAndHostgroupsControllerExtensions)
|
@@ -225,11 +277,17 @@ module ForemanOpenscap
|
|
225
277
|
:provided_inputs => "policies"
|
226
278
|
}
|
227
279
|
|
280
|
+
oval_options = {
|
281
|
+
:description => N_("Run OVAL scan")
|
282
|
+
}
|
283
|
+
|
228
284
|
if Gem::Version.new(ForemanRemoteExecution::VERSION) >= Gem::Version.new('1.2.3')
|
229
285
|
options[:host_action_button] = true
|
286
|
+
oval_options[:host_action_button] = Setting[:lab_features]
|
230
287
|
end
|
231
288
|
|
232
289
|
RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"), options)
|
290
|
+
RemoteExecutionFeature.register(:foreman_openscap_run_oval_scans, N_("Run OVAL scan"), oval_options)
|
233
291
|
end
|
234
292
|
end
|
235
293
|
|