foreman_openscap 8.0.1 → 9.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +0 -1
- data/app/lib/proxy_api/openscap.rb +11 -0
- data/app/models/concerns/foreman_openscap/data_stream_content.rb +1 -5
- data/app/services/foreman_openscap/client_config/ansible.rb +1 -10
- data/app/validators/foreman_openscap/data_stream_validator.rb +1 -1
- data/config/initializers/inflections.rb +0 -2
- data/config/routes.rb +0 -15
- data/db/migrate/20240313111822_drop_oval.rb +17 -0
- data/lib/foreman_openscap/data_migration.rb +7 -6
- data/lib/foreman_openscap/engine.rb +2 -56
- data/lib/foreman_openscap/version.rb +1 -1
- data/test/factories/compliance_host_factory.rb +0 -12
- data/test/test_plugin_helper.rb +0 -2
- data/test/unit/scap_content_test.rb +2 -3
- data/webpack/components/OpenscapRemediationWizard/ViewSelectedHostsLink.js +2 -2
- data/webpack/components/OpenscapRemediationWizard/steps/ReviewHosts.js +12 -2
- data/webpack/components/OpenscapRemediationWizard/steps/ReviewRemediation.js +7 -4
- data/webpack/global_index.js +0 -4
- metadata +7 -169
- data/app/controllers/api/v2/compliance/oval_contents_controller.rb +0 -72
- data/app/controllers/api/v2/compliance/oval_policies_controller.rb +0 -111
- data/app/controllers/api/v2/compliance/oval_reports_controller.rb +0 -47
- data/app/controllers/concerns/foreman/controller/parameters/oval_content.rb +0 -22
- data/app/controllers/concerns/foreman/controller/parameters/oval_policy.rb +0 -22
- data/app/graphql/mutations/oval_contents/delete.rb +0 -9
- data/app/graphql/mutations/oval_policies/create.rb +0 -33
- data/app/graphql/mutations/oval_policies/delete.rb +0 -9
- data/app/graphql/mutations/oval_policies/update.rb +0 -15
- data/app/graphql/types/cve.rb +0 -17
- data/app/graphql/types/oval_check.rb +0 -11
- data/app/graphql/types/oval_content.rb +0 -19
- data/app/graphql/types/oval_policy.rb +0 -24
- data/app/lib/proxy_api/available_proxy.rb +0 -44
- data/app/models/concerns/foreman_openscap/oval_facet_host_extensions.rb +0 -38
- data/app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb +0 -31
- data/app/models/foreman_openscap/cve.rb +0 -23
- data/app/models/foreman_openscap/host/oval_facet.rb +0 -14
- data/app/models/foreman_openscap/host_cve.rb +0 -7
- data/app/models/foreman_openscap/hostgroup/oval_facet.rb +0 -14
- data/app/models/foreman_openscap/hostgroup_oval_facet_oval_policy.rb +0 -6
- data/app/models/foreman_openscap/oval_content.rb +0 -28
- data/app/models/foreman_openscap/oval_facet_oval_policy.rb +0 -6
- data/app/models/foreman_openscap/oval_policy.rb +0 -54
- data/app/models/foreman_openscap/oval_status.rb +0 -45
- data/app/services/foreman_openscap/oval/check_collection.rb +0 -45
- data/app/services/foreman_openscap/oval/configure.rb +0 -83
- data/app/services/foreman_openscap/oval/cves.rb +0 -41
- data/app/services/foreman_openscap/oval/setup.rb +0 -93
- data/app/services/foreman_openscap/oval/setup_check.rb +0 -58
- data/app/services/foreman_openscap/oval/sync_oval_contents.rb +0 -42
- data/app/views/api/v2/compliance/oval_contents/base.json.rabl +0 -6
- data/app/views/api/v2/compliance/oval_contents/create.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/destroy.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/index.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/show.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/sync.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/sync_result.json.rabl +0 -11
- data/app/views/api/v2/compliance/oval_contents/update.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_policies/create.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_policies/index.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_policies/main.json.rabl +0 -15
- data/app/views/api/v2/compliance/oval_policies/show.json.rabl +0 -3
- data/app/views/job_templates/run_oval_scans.erb +0 -24
- data/locale/cs_CZ/foreman_openscap.edit.po +0 -1863
- data/locale/cs_CZ/foreman_openscap.po.time_stamp +0 -0
- data/locale/de/foreman_openscap.edit.po +0 -1873
- data/locale/de/foreman_openscap.po.time_stamp +0 -0
- data/locale/en/foreman_openscap.edit.po +0 -1863
- data/locale/en/foreman_openscap.po.time_stamp +0 -0
- data/locale/en_GB/foreman_openscap.edit.po +0 -1863
- data/locale/en_GB/foreman_openscap.po.time_stamp +0 -0
- data/locale/es/foreman_openscap.edit.po +0 -1868
- data/locale/es/foreman_openscap.po.time_stamp +0 -0
- data/locale/fr/foreman_openscap.edit.po +0 -1874
- data/locale/fr/foreman_openscap.po.time_stamp +0 -0
- data/locale/gl/foreman_openscap.edit.po +0 -1863
- data/locale/gl/foreman_openscap.po.time_stamp +0 -0
- data/locale/it/foreman_openscap.edit.po +0 -1865
- data/locale/it/foreman_openscap.po.time_stamp +0 -0
- data/locale/ja/foreman_openscap.edit.po +0 -1869
- data/locale/ja/foreman_openscap.po.time_stamp +0 -0
- data/locale/ka/foreman_openscap.edit.po +0 -1863
- data/locale/ka/foreman_openscap.po.time_stamp +0 -0
- data/locale/ko/foreman_openscap.edit.po +0 -1863
- data/locale/ko/foreman_openscap.po.time_stamp +0 -0
- data/locale/pt_BR/foreman_openscap.edit.po +0 -1873
- data/locale/pt_BR/foreman_openscap.po.time_stamp +0 -0
- data/locale/ru/foreman_openscap.edit.po +0 -1867
- data/locale/ru/foreman_openscap.po.time_stamp +0 -0
- data/locale/sv_SE/foreman_openscap.edit.po +0 -1863
- data/locale/sv_SE/foreman_openscap.po.time_stamp +0 -0
- data/locale/zh_CN/foreman_openscap.edit.po +0 -1868
- data/locale/zh_CN/foreman_openscap.po.time_stamp +0 -0
- data/locale/zh_TW/foreman_openscap.edit.po +0 -1864
- data/locale/zh_TW/foreman_openscap.po.time_stamp +0 -0
- data/test/factories/oval_content_factory.rb +0 -7
- data/test/factories/oval_policy_factory.rb +0 -9
- data/test/fixtures/cve_fixtures.rb +0 -104
- data/test/functional/api/v2/compliance/oval_contents_controller_test.rb +0 -39
- data/test/functional/api/v2/compliance/oval_policies_controller_test.rb +0 -141
- data/test/functional/api/v2/compliance/oval_reports_controller_test.rb +0 -32
- data/test/graphql/mutations/oval_policies/delete_mutation_test.rb +0 -63
- data/test/graphql/queries/oval_content_query_test.rb +0 -29
- data/test/graphql/queries/oval_contents_query_test.rb +0 -35
- data/test/graphql/queries/oval_policies_query_test.rb +0 -35
- data/test/unit/oval_host_test.rb +0 -45
- data/test/unit/oval_policy_test.rb +0 -133
- data/test/unit/oval_status_test.rb +0 -47
- data/test/unit/services/oval/cves_test.rb +0 -81
- data/test/unit/services/oval/setup_check_test.rb +0 -37
- data/test/unit/services/oval/setup_test.rb +0 -87
- data/webpack/graphql/mutations/createOvalPolicy.gql +0 -22
- data/webpack/graphql/mutations/deleteOvalContent.gql +0 -9
- data/webpack/graphql/mutations/deleteOvalPolicy.gql +0 -9
- data/webpack/graphql/mutations/updateOvalPolicy.gql +0 -14
- data/webpack/graphql/queries/currentUserAttributes.gql +0 -11
- data/webpack/graphql/queries/cves.gql +0 -23
- data/webpack/graphql/queries/hostgroups.gql +0 -14
- data/webpack/graphql/queries/ovalContent.gql +0 -8
- data/webpack/graphql/queries/ovalContents.gql +0 -19
- data/webpack/graphql/queries/ovalPolicies.gql +0 -20
- data/webpack/graphql/queries/ovalPolicy.gql +0 -29
- data/webpack/helpers/pathsHelper.js +0 -29
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsIndex.js +0 -71
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsTable.js +0 -83
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsDestroy.fixtures.js +0 -105
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsDestroy.test.js +0 -124
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.fixtures.js +0 -127
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.test.js +0 -89
- data/webpack/routes/OvalContents/OvalContentsIndex/index.js +0 -13
- data/webpack/routes/OvalContents/OvalContentsNew/OvalContentsNew.js +0 -138
- data/webpack/routes/OvalContents/OvalContentsNew/OvalContentsNew.scss +0 -3
- data/webpack/routes/OvalContents/OvalContentsNew/OvalContentsNewHelper.js +0 -73
- data/webpack/routes/OvalContents/OvalContentsNew/__tests__/OvalContentsNew.test.js +0 -104
- data/webpack/routes/OvalContents/OvalContentsNew/index.js +0 -13
- data/webpack/routes/OvalContents/OvalContentsShow/OvalContentsShow.js +0 -62
- data/webpack/routes/OvalContents/OvalContentsShow/OvalContentsShow.test.js +0 -45
- data/webpack/routes/OvalContents/OvalContentsShow/OvalContentsShowHelper.js +0 -0
- data/webpack/routes/OvalContents/OvalContentsShow/index.js +0 -35
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesIndex.js +0 -62
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesTable.js +0 -74
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesDestroy.fixtures.js +0 -101
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesDestroy.test.js +0 -117
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.fixtures.js +0 -111
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.test.js +0 -81
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/index.js +0 -13
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/HostgroupSelect.js +0 -135
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/NewOvalPolicyForm.js +0 -119
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/NewOvalPolicyFormHelpers.js +0 -107
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/OvalPoliciesNew.js +0 -32
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/__tests__/OvalPoliciesNew.fixtures.js +0 -147
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/__tests__/OvalPoliciesNew.test.js +0 -172
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/index.js +0 -11
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTab.js +0 -49
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTable.js +0 -63
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/DetailsTab.js +0 -87
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/HostgroupsTab.js +0 -49
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/HostgroupsTable.js +0 -38
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShow.js +0 -82
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShowHelper.js +0 -117
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesEdit.fixtures.js +0 -48
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesEdit.test.js +0 -202
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.fixtures.js +0 -124
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.test.js +0 -172
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/index.js +0 -39
- data/webpack/routes/routes.js +0 -49
@@ -1,33 +0,0 @@
|
|
1
|
-
module Mutations
|
2
|
-
module OvalPolicies
|
3
|
-
class Create < ::Mutations::BaseMutation
|
4
|
-
description 'Creates a new OVAL Policy'
|
5
|
-
graphql_name 'CreateOvalPolicyMutation'
|
6
|
-
|
7
|
-
resource_class ::ForemanOpenscap::OvalPolicy
|
8
|
-
|
9
|
-
argument :name, String
|
10
|
-
argument :description, String, required: false
|
11
|
-
argument :period, String
|
12
|
-
argument :weekday, String, required: false
|
13
|
-
argument :day_of_month, Integer, required: false
|
14
|
-
argument :cron_line, String, required: false
|
15
|
-
argument :oval_content_id, Integer, required: true
|
16
|
-
argument :hostgroup_ids, [Integer], required: false
|
17
|
-
|
18
|
-
field :oval_policy, Types::OvalPolicy, 'The new OVAL Policy.', null: true
|
19
|
-
field :check_collection, [Types::OvalCheck], 'A collection of checks to detect OVAL policy configuration error', null: false
|
20
|
-
|
21
|
-
def resolve(hostgroup_ids:, **params)
|
22
|
-
policy = ::ForemanOpenscap::OvalPolicy.new params
|
23
|
-
validate_object(policy)
|
24
|
-
authorize!(policy, :create)
|
25
|
-
check_collection = ::ForemanOpenscap::Oval::Configure.new.assign(policy, hostgroup_ids, ::Hostgroup)
|
26
|
-
{
|
27
|
-
:oval_policy => policy,
|
28
|
-
:check_collection => check_collection.checks
|
29
|
-
}
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
@@ -1,15 +0,0 @@
|
|
1
|
-
module Mutations
|
2
|
-
module OvalPolicies
|
3
|
-
class Update < UpdateMutation
|
4
|
-
graphql_name 'UpdateOvalPolicyMutation'
|
5
|
-
description 'Updates an OVAL Policy'
|
6
|
-
resource_class ::ForemanOpenscap::OvalPolicy
|
7
|
-
|
8
|
-
argument :name, String, required: false
|
9
|
-
argument :description, String, required: false
|
10
|
-
argument :cron_line, String, required: false
|
11
|
-
|
12
|
-
field :oval_policy, ::Types::OvalPolicy, 'The OVAL policy.', null: true
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
data/app/graphql/types/cve.rb
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
module Types
|
2
|
-
class Cve < BaseObject
|
3
|
-
description 'A CVE'
|
4
|
-
model_class ::ForemanOpenscap::Cve
|
5
|
-
|
6
|
-
global_id_field :id
|
7
|
-
field :ref_id, String
|
8
|
-
field :ref_url, String
|
9
|
-
field :has_errata, Boolean
|
10
|
-
field :definition_id, String
|
11
|
-
has_many :hosts, Types::Host
|
12
|
-
|
13
|
-
def self.graphql_definition
|
14
|
-
super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::Cve') }
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,11 +0,0 @@
|
|
1
|
-
module Types
|
2
|
-
class OvalCheck < GraphQL::Schema::Object
|
3
|
-
description 'A check that contains information about whether a particual prerequisite for OVAL policy deployment is configured correctly'
|
4
|
-
|
5
|
-
field :id, String, null: false
|
6
|
-
field :title, String, null: false
|
7
|
-
field :fail_msg, String, null: true
|
8
|
-
field :errors, ::Types::RawJson, null: true
|
9
|
-
field :result, String, null: false
|
10
|
-
end
|
11
|
-
end
|
@@ -1,19 +0,0 @@
|
|
1
|
-
module Types
|
2
|
-
class OvalContent < BaseObject
|
3
|
-
description 'An OVAL Content'
|
4
|
-
model_class ::ForemanOpenscap::OvalContent
|
5
|
-
|
6
|
-
include ::Types::Concerns::MetaField
|
7
|
-
|
8
|
-
global_id_field :id
|
9
|
-
timestamps
|
10
|
-
field :name, String
|
11
|
-
field :digest, String
|
12
|
-
field :original_filename, String
|
13
|
-
field :url, String
|
14
|
-
|
15
|
-
def self.graphql_definition
|
16
|
-
super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalContent') }
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
module Types
|
2
|
-
class OvalPolicy < BaseObject
|
3
|
-
description 'An OVAL Policy'
|
4
|
-
model_class ::ForemanOpenscap::OvalPolicy
|
5
|
-
|
6
|
-
include ::Types::Concerns::MetaField
|
7
|
-
|
8
|
-
global_id_field :id
|
9
|
-
timestamps
|
10
|
-
field :name, String
|
11
|
-
field :description, String
|
12
|
-
field :period, String
|
13
|
-
field :weekday, String
|
14
|
-
field :day_of_month, String
|
15
|
-
field :cron_line, String
|
16
|
-
belongs_to :oval_content, ::Types::OvalContent
|
17
|
-
|
18
|
-
has_many :hostgroups, ::Types::Hostgroup
|
19
|
-
|
20
|
-
def self.graphql_definition
|
21
|
-
super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalPolicy') }
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,44 +0,0 @@
|
|
1
|
-
module ::ProxyAPI
|
2
|
-
class AvailableProxy
|
3
|
-
HTTP_ERRORS = [
|
4
|
-
EOFError,
|
5
|
-
Errno::ECONNRESET,
|
6
|
-
Errno::EINVAL,
|
7
|
-
Net::HTTPBadResponse,
|
8
|
-
Net::HTTPHeaderSyntaxError,
|
9
|
-
Net::ProtocolError,
|
10
|
-
Timeout::Error,
|
11
|
-
ProxyAPI::ProxyException
|
12
|
-
].freeze
|
13
|
-
|
14
|
-
def initialize(args)
|
15
|
-
@args = args
|
16
|
-
end
|
17
|
-
|
18
|
-
def available?
|
19
|
-
begin
|
20
|
-
return true if has_scap_feature? && minimum_version
|
21
|
-
rescue *HTTP_ERRORS
|
22
|
-
return false
|
23
|
-
end
|
24
|
-
false
|
25
|
-
end
|
26
|
-
|
27
|
-
private
|
28
|
-
|
29
|
-
def has_scap_feature?
|
30
|
-
@features ||= ::ProxyAPI::Features.new(@args).features
|
31
|
-
@features.include?('openscap')
|
32
|
-
end
|
33
|
-
|
34
|
-
def openscap_proxy_version
|
35
|
-
@versions ||= ::ProxyAPI::Version.new(@args).proxy_versions['modules']
|
36
|
-
@versions['openscap'] if @versions && @versions['openscap']
|
37
|
-
end
|
38
|
-
|
39
|
-
def minimum_version
|
40
|
-
return false unless openscap_proxy_version
|
41
|
-
openscap_proxy_version.to_f >= 0.5
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
@@ -1,38 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module OvalFacetHostExtensions
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
|
5
|
-
::Host::Managed::Jail.allow :oval_policies_enc, :oval_policies_enc_raw, :cves, :cves_without_errata
|
6
|
-
|
7
|
-
included do
|
8
|
-
has_many :oval_policies, :through => :oval_facet, :class_name => 'ForemanOpenscap::OvalPolicy'
|
9
|
-
|
10
|
-
has_many :host_cves, :class_name => 'ForemanOpenscap::HostCve', :foreign_key => :host_id
|
11
|
-
has_many :cves, :through => :host_cves, :class_name => 'ForemanOpenscap::Cve', :source => :cve
|
12
|
-
|
13
|
-
scoped_search :relation => :host_cves, :on => :cve_id, :rename => :cve_id, :complete_value => false
|
14
|
-
end
|
15
|
-
|
16
|
-
def cves_without_errata
|
17
|
-
cves.where(:has_errata => false)
|
18
|
-
end
|
19
|
-
|
20
|
-
def cves_with_errata
|
21
|
-
cves.where(:has_errata => true)
|
22
|
-
end
|
23
|
-
|
24
|
-
def combined_oval_policies
|
25
|
-
combined = oval_policies
|
26
|
-
combined += hostgroup.oval_policies + hostgroup.inherited_oval_policies if hostgroup
|
27
|
-
combined.uniq
|
28
|
-
end
|
29
|
-
|
30
|
-
def oval_policies_enc_raw
|
31
|
-
combined_oval_policies.map(&:to_enc)
|
32
|
-
end
|
33
|
-
|
34
|
-
def oval_policies_enc
|
35
|
-
oval_policies_enc_raw.to_json
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
@@ -1,31 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module OvalFacetHostgroupExtensions
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
|
5
|
-
include InheritedPolicies
|
6
|
-
|
7
|
-
included do
|
8
|
-
has_many :oval_policies, :through => :oval_facet, :class_name => 'ForemanOpenscap::OvalPolicy'
|
9
|
-
|
10
|
-
scoped_search :relation => :oval_policies,
|
11
|
-
:on => :id,
|
12
|
-
:rename => :oval_policy_id,
|
13
|
-
:complete_value => false,
|
14
|
-
:only_explicit => true,
|
15
|
-
:ext_method => :find_by_oval_policy_id,
|
16
|
-
:operators => ['= ']
|
17
|
-
end
|
18
|
-
|
19
|
-
def inherited_oval_policies
|
20
|
-
find_inherited_policies :oval_policies
|
21
|
-
end
|
22
|
-
|
23
|
-
module ClassMethods
|
24
|
-
def find_by_oval_policy_id(_key, operator, value)
|
25
|
-
conditions = sanitize_sql_for_conditions(["#{::ForemanOpenscap::HostgroupOvalFacetOvalPolicy.table_name}.oval_policy_id #{operator} ?", value])
|
26
|
-
hg_ids = ::ForemanOpenscap::Hostgroup::OvalFacet.joins(:hostgroup_oval_facet_oval_policies).where(conditions).pluck(:hostgroup_id)
|
27
|
-
{ :conditions => ::Hostgroup.arel_table[:id].in(hg_ids).to_sql }
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
class Cve < ApplicationRecord
|
3
|
-
has_many :host_cves
|
4
|
-
has_many :hosts, :through => :host_cves
|
5
|
-
has_many :oval_policies, :through => :host_cves
|
6
|
-
|
7
|
-
scoped_search :relation => :host_cves, :on => :oval_policy_id, :rename => :oval_policy_id, :complete_value => false
|
8
|
-
|
9
|
-
scope :of_oval_policy, ->(policy_id) {
|
10
|
-
joins(:host_cves).where(:foreman_openscap_host_cves => { :oval_policy_id => policy_id })
|
11
|
-
}
|
12
|
-
|
13
|
-
scope :of_host, ->(host_id) {
|
14
|
-
joins(:host_cves).where(:foreman_openscap_host_cves => { :host_id => host_id })
|
15
|
-
}
|
16
|
-
|
17
|
-
validates :ref_id, :ref_url, :definition_id, :presence => true
|
18
|
-
|
19
|
-
class Jail < ::Safemode::Jail
|
20
|
-
allow :ref_id, :ref_url
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,14 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module Host
|
3
|
-
class OvalFacet < ApplicationRecord
|
4
|
-
self.table_name = 'foreman_openscap_oval_facets'
|
5
|
-
|
6
|
-
include Facets::Base
|
7
|
-
|
8
|
-
validates :host, :presence => true, :allow_blank => false
|
9
|
-
|
10
|
-
has_many :oval_facet_oval_policies, :dependent => :destroy, :class_name => 'ForemanOpenscap::OvalFacetOvalPolicy'
|
11
|
-
has_many :oval_policies, :through => :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalPolicy'
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
@@ -1,14 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module Hostgroup
|
3
|
-
class OvalFacet < ApplicationRecord
|
4
|
-
self.table_name = 'foreman_openscap_hostgroup_oval_facets'
|
5
|
-
|
6
|
-
include Facets::HostgroupFacet
|
7
|
-
|
8
|
-
validates :hostgroup, :presence => true, :allow_blank => false
|
9
|
-
|
10
|
-
has_many :hostgroup_oval_facet_oval_policies, :dependent => :destroy, :class_name => 'ForemanOpenscap::HostgroupOvalFacetOvalPolicy'
|
11
|
-
has_many :oval_policies, :through => :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalPolicy'
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
class OvalContent < ApplicationRecord
|
3
|
-
audited :except => [:scap_file]
|
4
|
-
include Authorizable
|
5
|
-
include Taxonomix
|
6
|
-
include ScapFileContent
|
7
|
-
|
8
|
-
before_destroy EnsureNotUsedBy.new(:oval_policies)
|
9
|
-
|
10
|
-
scoped_search :on => :name, :complete_value => true
|
11
|
-
|
12
|
-
has_many :oval_policies
|
13
|
-
validates :name, :presence => true, :length => { :maximum => 255 }, uniqueness: true
|
14
|
-
validates :url, :format => { :with => %r{\Ahttps?://} }, :allow_blank => true
|
15
|
-
|
16
|
-
before_validation :fetch_remote_content, :if => lambda { |oval_content| oval_content.url.present? }
|
17
|
-
|
18
|
-
def to_h
|
19
|
-
{ :id => id, :name => name, :original_filename => original_filename, :changed_at => changed_at }
|
20
|
-
end
|
21
|
-
|
22
|
-
private
|
23
|
-
|
24
|
-
def fetch_remote_content
|
25
|
-
ForemanOpenscap::Oval::SyncOvalContents.new.sync self
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
@@ -1,54 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
class OvalPolicy < ApplicationRecord
|
3
|
-
graphql_type '::Types::OvalPolicy'
|
4
|
-
|
5
|
-
audited
|
6
|
-
include Authorizable
|
7
|
-
include Taxonomix
|
8
|
-
|
9
|
-
include PolicyCommon
|
10
|
-
|
11
|
-
belongs_to :oval_content
|
12
|
-
|
13
|
-
validates :name, :presence => true, :uniqueness => true, :length => { :maximum => 255 }
|
14
|
-
validates :period, :inclusion => { :in => %w[weekly monthly custom], :message => _('is not a valid value') }
|
15
|
-
validate :valid_cron_line, :valid_weekday, :valid_day_of_month
|
16
|
-
validates :oval_content, :presence => true
|
17
|
-
|
18
|
-
has_many :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalFacetOvalPolicy'
|
19
|
-
has_many :oval_facets, :through => :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::Host::OvalFacet'
|
20
|
-
has_many :hosts, :through => :oval_facets
|
21
|
-
|
22
|
-
has_many :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::HostgroupOvalFacetOvalPolicy'
|
23
|
-
has_many :hostgroup_oval_facets, :through => :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::Hostgroup::OvalFacet', :source => :oval_facet
|
24
|
-
has_many :hostgroups, :through => :hostgroup_oval_facets
|
25
|
-
|
26
|
-
has_many :host_cves
|
27
|
-
has_many :cves, :through => :host_cves
|
28
|
-
|
29
|
-
def host_ids=(host_ids)
|
30
|
-
self.oval_facets = facets_to_assign(host_ids, :host_id, ForemanOpenscap::Host::OvalFacet)
|
31
|
-
end
|
32
|
-
|
33
|
-
def hostgroup_ids=(hostgroup_ids)
|
34
|
-
self.hostgroup_oval_facets = facets_to_assign(hostgroup_ids, :hostgroup_id, ForemanOpenscap::Hostgroup::OvalFacet)
|
35
|
-
end
|
36
|
-
|
37
|
-
def to_enc
|
38
|
-
{
|
39
|
-
:id => id,
|
40
|
-
:oval_content_path => "/var/lib/openscap/oval_content/#{oval_content.digest}.oval.xml.bz2",
|
41
|
-
:download_path => "/compliance/oval_policies/#{id}/oval_content/#{oval_content.digest}"
|
42
|
-
}.merge(period_enc).with_indifferent_access
|
43
|
-
end
|
44
|
-
|
45
|
-
private
|
46
|
-
|
47
|
-
def facets_to_assign(ids, key, facet_class)
|
48
|
-
filtered_ids = ids.uniq.reject { |id| respond_to?(:empty) && id.empty? }
|
49
|
-
existing_facets = facet_class.where(key => filtered_ids)
|
50
|
-
new_facets = (filtered_ids - existing_facets.pluck(key)).map { |id| facet_class.new(key => id) }
|
51
|
-
existing_facets + new_facets
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
class OvalStatus < ::HostStatus::Status
|
3
|
-
PATCHED = 0
|
4
|
-
VULNERABLE = 1
|
5
|
-
PATCH_AVAILABLE = 2
|
6
|
-
|
7
|
-
def self.status_name
|
8
|
-
N_('OVAL scan')
|
9
|
-
end
|
10
|
-
|
11
|
-
def to_label(options = {})
|
12
|
-
case to_status
|
13
|
-
when PATCHED
|
14
|
-
N_('No Vulnerabilities found')
|
15
|
-
when VULNERABLE
|
16
|
-
N_("%s vulnerabilities found") % host.cves_without_errata.count
|
17
|
-
when PATCH_AVAILABLE
|
18
|
-
N_("%s vulnerabilities with available patch found") % host.cves_with_errata.count
|
19
|
-
else
|
20
|
-
N_('Unknown OVAL status')
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
def to_global(options = {})
|
25
|
-
case to_status
|
26
|
-
when PATCHED
|
27
|
-
::HostStatus::Global::OK
|
28
|
-
when VULNERABLE
|
29
|
-
::HostStatus::Global::WARN
|
30
|
-
when PATCH_AVAILABLE
|
31
|
-
::HostStatus::Global::ERROR
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
def relevant?(options = {})
|
36
|
-
host.combined_oval_policies.any?
|
37
|
-
end
|
38
|
-
|
39
|
-
def to_status(options = {})
|
40
|
-
return PATCH_AVAILABLE if host.cves_with_errata.any?
|
41
|
-
return VULNERABLE if host.cves_without_errata.any?
|
42
|
-
PATCHED
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module Oval
|
3
|
-
class CheckCollection
|
4
|
-
attr_reader :checks
|
5
|
-
|
6
|
-
def initialize(initial_check_attrs = [])
|
7
|
-
@checks = initial_check_attrs.map { |hash| SetupCheck.new hash }
|
8
|
-
end
|
9
|
-
|
10
|
-
def all_passed?
|
11
|
-
@checks.all?(&:passed?)
|
12
|
-
end
|
13
|
-
|
14
|
-
def find_check(check_id)
|
15
|
-
@checks.find { |item| item.id == check_id }
|
16
|
-
end
|
17
|
-
|
18
|
-
def find_failed
|
19
|
-
@checks.select(&:failed?)
|
20
|
-
end
|
21
|
-
|
22
|
-
def fail_check(check_id, error_data = nil)
|
23
|
-
find_check(check_id).fail_with! error_data
|
24
|
-
end
|
25
|
-
|
26
|
-
def pass_check(check_id)
|
27
|
-
find_check(check_id).pass!
|
28
|
-
end
|
29
|
-
|
30
|
-
def add_check(check)
|
31
|
-
@checks << check
|
32
|
-
self
|
33
|
-
end
|
34
|
-
|
35
|
-
def merge(other)
|
36
|
-
@checks = @checks.concat other.checks
|
37
|
-
self
|
38
|
-
end
|
39
|
-
|
40
|
-
def to_h
|
41
|
-
@checks.map(&:to_h)
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
@@ -1,83 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module Oval
|
3
|
-
class Configure
|
4
|
-
include ::ForemanOpenscap::HostgroupOverriderCommon
|
5
|
-
|
6
|
-
def initialize
|
7
|
-
@config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
|
8
|
-
end
|
9
|
-
|
10
|
-
def assign(oval_policy, ids, model_class)
|
11
|
-
check_collection = ::ForemanOpenscap::Oval::Setup.new.run
|
12
|
-
return check_collection unless check_collection.all_passed?
|
13
|
-
|
14
|
-
ansible_role = @config.find_config_item
|
15
|
-
|
16
|
-
if model_class == ::Hostgroup
|
17
|
-
roles_method = :inherited_and_own_ansible_roles
|
18
|
-
ids_setter = :hostgroup_ids=
|
19
|
-
check_id = :hostgroups_without_proxy
|
20
|
-
elsif model_class == ::Host::Managed
|
21
|
-
roles_method = :all_ansible_roles
|
22
|
-
ids_setter = :host_ids=
|
23
|
-
check_id = :hosts_without_proxy
|
24
|
-
else
|
25
|
-
raise "Unexpected model_class, expected ::Hostgroup or ::Host::Managed, got: #{model_class}"
|
26
|
-
end
|
27
|
-
|
28
|
-
items_with_proxy, items_without_proxy = openscap_proxy_associated(ids, model_class)
|
29
|
-
|
30
|
-
|
31
|
-
if items_without_proxy.any?
|
32
|
-
return without_proxy_to_check items_without_proxy, check_id
|
33
|
-
end
|
34
|
-
|
35
|
-
oval_policy.send(ids_setter, items_with_proxy.pluck(:id))
|
36
|
-
|
37
|
-
unless oval_policy.save
|
38
|
-
return check_collection.add_check model_to_check(oval_policy, :oval_policy_errors)
|
39
|
-
end
|
40
|
-
|
41
|
-
check_collection.merge modify_items(items_with_proxy, oval_policy, ansible_role, roles_method)
|
42
|
-
end
|
43
|
-
|
44
|
-
private
|
45
|
-
|
46
|
-
def openscap_proxy_associated(ids, model_class)
|
47
|
-
model_class.where(:id => ids).partition(&:openscap_proxy)
|
48
|
-
end
|
49
|
-
|
50
|
-
def modify_items(items, oval_policy, ansible_role, roles_method)
|
51
|
-
items.reduce(CheckCollection.new) do |memo, item|
|
52
|
-
role_ids = item.ansible_role_ids + [ansible_role.id]
|
53
|
-
item.ansible_role_ids = role_ids unless item.send(roles_method).include? ansible_role
|
54
|
-
item.save if item.changed?
|
55
|
-
memo.add_check model_to_check(item, item.is_a?(::Hostgroup) ? 'hostgroup' : 'host')
|
56
|
-
add_overrides ansible_role.ansible_variables, item, @config
|
57
|
-
memo
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
def without_proxy_to_check(items, check_id)
|
62
|
-
items.reduce(CheckCollection.new) do |memo, item|
|
63
|
-
memo.add_check(
|
64
|
-
SetupCheck.new(
|
65
|
-
:title => (_("Was %s configured successfully?") % item.class.name),
|
66
|
-
:fail_msg => (_("Assign openscap_proxy to %s before proceeding.") % item.name),
|
67
|
-
:id => check_id
|
68
|
-
).fail!
|
69
|
-
)
|
70
|
-
end
|
71
|
-
end
|
72
|
-
|
73
|
-
def model_to_check(model, check_id)
|
74
|
-
check = SetupCheck.new(
|
75
|
-
:title => (_("Was %{model_name} %{name} configured successfully?") % { :model_name => model.class.name, :name => model.name }),
|
76
|
-
:errors => model.errors.to_h,
|
77
|
-
:id => check_id
|
78
|
-
)
|
79
|
-
model.errors.any? ? check.fail! : check.pass!
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
@@ -1,41 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module Oval
|
3
|
-
class Cves
|
4
|
-
def create(host, cve_data)
|
5
|
-
policy_id = cve_data['oval_policy_id']
|
6
|
-
|
7
|
-
incoming_cves = cve_data['oval_results'].reduce([]) do |memo, data|
|
8
|
-
next memo unless data['result'] == 'true'
|
9
|
-
cves, errata = data['references'].partition { |ref| ref['ref_id'].start_with?('CVE') }
|
10
|
-
|
11
|
-
cves.map do |cve|
|
12
|
-
memo << ::ForemanOpenscap::Cve.find_or_create_by(
|
13
|
-
:ref_id => cve['ref_id'],
|
14
|
-
:ref_url => cve['ref_url'],
|
15
|
-
:has_errata => !errata.empty?,
|
16
|
-
:definition_id => data['definition_id']
|
17
|
-
)
|
18
|
-
end
|
19
|
-
memo
|
20
|
-
end
|
21
|
-
|
22
|
-
current = ForemanOpenscap::Cve.of_oval_policy(policy_id).of_host(host.id)
|
23
|
-
to_delete = current - incoming_cves
|
24
|
-
to_create = incoming_cves - current
|
25
|
-
|
26
|
-
::ForemanOpenscap::HostCve.where(:host_id => host.id, :oval_policy_id => policy_id, :cve_id => to_delete.pluck(:id)).destroy_all
|
27
|
-
host.host_cves.build(to_create.map { |cve| { :host_id => host.id, :oval_policy_id => policy_id, :cve_id => cve.id } })
|
28
|
-
|
29
|
-
delete_orphaned_cves to_delete.pluck(:id) if host.save
|
30
|
-
host
|
31
|
-
end
|
32
|
-
|
33
|
-
private
|
34
|
-
|
35
|
-
def delete_orphaned_cves(ids)
|
36
|
-
associated_ids = ::ForemanOpenscap::HostCve.where(:cve_id => ids).select(:cve_id).distinct.pluck(:cve_id)
|
37
|
-
::ForemanOpenscap::Cve.where(:id => ids - associated_ids).destroy_all
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|