foreman_openscap 4.2.0 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69eab4d9434f1b502ba511db38d8a7faff9721c5416703f6010ccc87fdc52b86
-  data.tar.gz: 94ba4cbecc85106f968d9b5f137e0808dbd12711db01fd14e0f0c4e9761e27a1
+  metadata.gz: 0bc31c3bac07804311899dc01dd5dbe0c0500cc8981eefa1ec867316d0465fb8
+  data.tar.gz: 4b00712959d937f44fa2da29de505704e153277043bf319c84fa0d4a44f8d5ac
 SHA512:
-  metadata.gz: 4e3253f876e3ab4efd5c853fdb05f0b81cbbe7184c5b00ea552690b0cce9664a76210c32f92fe86c631bc9eaa2ed81ba1a8762b8b47e0678149a946cf593554e
-  data.tar.gz: a6c3706f6fcc836af18f7aeda76c1cf735981836a0661cdcc66e4ead2272b6249519f305ff3b6766266ebb05eda1ebfe778811993286be3e162e269412aa6fd8
+  metadata.gz: 90f233717d65a7bf4d1793251a27d6f7268e81a93e4dd06b86258e8f6f5b108d0a886fe8ebe455766eccfe10a55076d9b61bd211165620f5d899cd94147d203c
+  data.tar.gz: b77f05c002ef0fb3fdcc4050974bc5b4390d2af5322aac601ef912172391e0bfb3f391e4166ad94b7e701156e9b84f640dcda03d434323d5e2921e50974f6109

data/app/controllers/api/v2/compliance/oval_contents_controller.rb

@@ -0,0 +1,72 @@
+module Api::V2
+  module Compliance
+    class OvalContentsController < ::Api::V2::BaseController
+      include Foreman::Controller::Parameters::OvalContent
+      include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
+
+      before_action :find_resource, :except => %w[index create sync]
+      skip_before_action :check_media_type, :only => %w[create update]
+
+      api :GET, '/compliance/oval_contents', N_('List OVAL contents')
+      param_group :search_and_pagination, ::Api::V2::BaseController
+      add_scoped_search_description_for(::ForemanOpenscap::OvalContent)
+
+      def index
+        @oval_contents = resource_scope_for_index(:permission => :view_oval_contents)
+      end
+
+      api :GET, '/compliance/oval_contents/:id', N_('Show an OVAL content')
+      param :id, :identifier, :required => true
+
+      def show
+      end
+
+      def_param_group :oval_content do
+        param :oval_content, Hash, :required => true, :action_aware => true do
+          param :name, String, :required => true, :desc => N_('OVAL content name')
+          param :scap_file, File, :desc => N_('XML containing OVAL content')
+          param :original_filename, String, :desc => N_('Original file name of the OVAL content file')
+          param :url, String, :desc => N_('URL of the OVAL content file')
+          param_group :taxonomies, ::Api::V2::BaseController
+        end
+      end
+
+      api :POST, '/compliance/oval_contents', N_('Create OVAL content')
+      param_group :oval_content, :as => :create
+
+      def create
+        @oval_content = ForemanOpenscap::OvalContent.new(oval_content_params)
+        process_response @oval_content.save
+      end
+
+      api :PUT, '/compliance/oval_contents/:id', N_('Update an OVAL content')
+      param :id, :identifier, :required => true
+      param_group :oval_content
+
+      def update
+        process_response @oval_content.update(oval_content_params)
+      end
+
+      api :DELETE, '/compliance/oval_contents/:id', N_('Deletes an OVAL content')
+      param :id, :identifier, :required => true
+
+      def destroy
+        process_response @oval_content.destroy
+      end
+
+      api :POST, '/compliance/oval_contents/sync', N_('Sync contents that have remote source URL')
+      def sync
+        @oval_contents = ForemanOpenscap::Oval::SyncOvalContents.new.sync_all
+      end
+
+      def action_permission
+        case params[:action]
+        when 'sync'
+          :update
+        else
+          super
+        end
+      end
+    end
+  end
+end

data/app/controllers/api/v2/compliance/oval_policies_controller.rb

@@ -0,0 +1,111 @@
+module Api::V2
+  module Compliance
+    class OvalPoliciesController < ::Api::V2::BaseController
+      include Foreman::Controller::SmartProxyAuth
+      include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
+      include Foreman::Controller::Parameters::OvalPolicy
+
+      add_smart_proxy_filters %i[oval_content], :features => 'Openscap'
+
+      before_action :find_resource, :except => %w[index create]
+      skip_after_action :log_response_body, :only => %i[oval_content]
+
+      api :GET, '/compliance/oval_policies', N_('List OVAL Policies')
+      param_group :search_and_pagination, ::Api::V2::BaseController
+
+      def index
+        @oval_policies = resource_scope_for_index(:permission => :view_oval_policies)
+      end
+
+      api :GET, '/compliance/oval_policies/:id', N_('Show an OVAL Policy')
+      param :id, :identifier, :required => true
+
+      def show
+      end
+
+      def_param_group :oval_policy do
+        param :oval_policy, Hash, :required => true, :action_aware => true do
+          param :name, String, :required => true, :desc => N_('OVAL Policy name')
+          param :oval_content_id, Integer, :required => true, :desc => N_('Policy OVAL content ID')
+          param :description, String, :desc => N_('OVAL Policy description')
+          param :period, String, :desc => N_('OVAL Policy schedule period (weekly, monthly, custom)')
+          param :weekday, String, :desc => N_('OVAL Policy schedule weekday (only if period == "weekly")')
+          param :day_of_month, Integer, :desc => N_('OVAL Policy schedule day of month (only if period == "monthly")')
+          param :cron_line, String, :desc => N_('OVAL Policy schedule cron line (only if period == "custom")')
+          param_group :taxonomies, ::Api::V2::BaseController
+        end
+      end
+
+      api :POST, '/compliance/oval_policies', N_('Create an OVAL Policy')
+      param_group :oval_policy, :as => :create
+
+      def create
+        @oval_policy = ForemanOpenscap::OvalPolicy.new(oval_policy_params)
+        process_response(@oval_policy.save)
+      end
+
+      api :PUT, '/compliance/oval_policies/:id', N_('Update an OVAL Policy')
+      param :id, :identifier, :required => true
+      param_group :oval_policy
+
+      def update
+        process_response(@oval_policy.update(oval_policy_params))
+      end
+
+      api :DELETE, '/compliance/oval_policies/:id', N_('Delete an OVAL Policy')
+      param :id, :identifier, :required => true
+
+      def destroy
+        process_response @oval_policy.destroy
+      end
+
+      api :POST, '/compliance/oval_policies/:id/assign_hostgroups', N_('Assign hostgroups to an OVAL Policy')
+      param :id, :identifier, :required => true
+      param :hostgroup_ids, Array, :desc => N_('Array of hostgroup IDs')
+
+      def assign_hostgroups
+        assign _('hostgroups'), params["hostgroup_ids"], ::Hostgroup
+      end
+
+      api :POST, '/compliance/oval_policies/:id/assign_hosts', N_('Assign hosts to an OVAL Policy')
+      param :id, :identifier, :required => true
+      param :host_ids, Array, :desc => N_('Array of host IDs')
+
+      def assign_hosts
+        assign _('hosts'), params["host_ids"], ::Host::Managed
+      end
+
+      api :GET, '/compliance/oval_policies/:id/oval_content', N_("Show a policy's SCAP content")
+      param :id, :identifier, :required => true
+
+      def oval_content
+        @oval_content = @oval_policy.oval_content
+        send_data @oval_content.scap_file,
+                  :type => 'application/x-bzip2',
+                  :filename => @oval_content.original_filename
+      end
+
+      def action_permission
+        case params[:action]
+        when 'assign_hostgroups', 'assign_hosts'
+          :edit
+        when 'oval_content'
+          :show
+        else
+          super
+        end
+      end
+
+      private
+
+      def assign(resource_plural, ids, model_class)
+        check_collection = ::ForemanOpenscap::Oval::Configure.new.assign(@oval_policy, ids, model_class)
+        if check_collection.all_passed?
+          render :json => { :message => (_("OVAL policy successfully configured with %s.") % resource_plural) }
+        else
+          render :json => { :results => check_collection.find_failed.map(&:to_h) }
+        end
+      end
+    end
+  end
+end

data/app/controllers/api/v2/compliance/oval_reports_controller.rb

@@ -0,0 +1,47 @@
+module Api
+  module V2
+    module Compliance
+      class OvalReportsController < ::Api::V2::BaseController
+        include Foreman::Controller::SmartProxyAuth
+        add_smart_proxy_filters :create, :features => 'Openscap'
+
+        skip_before_action :setup_has_many_params
+        before_action :find_resources_before_create, :only => [:create]
+
+        api :POST, "/compliance/oval_reports/:cname/:oval_policy_id/:date", N_("Upload an OVAL report - a list of CVEs for given host")
+        param :cname, :identifier, :required => true
+        param :oval_policy_id, :identifier, :required => true
+        param :date, :identifier, :required => true
+
+        def create
+          ForemanOpenscap::Oval::Cves.new.create(@host, params.to_unsafe_h)
+          if @host.errors.any?
+            upload_fail @host.errors.full_messages
+          else
+            @host.refresh_statuses([ForemanOpenscap::OvalStatus])
+            render :json => { :result => :ok }
+          end
+        end
+
+        private
+
+        def find_resources_before_create
+          @host = ForemanOpenscap::Helper.find_host_by_name_or_uuid params[:cname]
+
+          unless @host
+            upload_fail(_('Could not find host identified by: %s') % params[:cname])
+            return
+          end
+        end
+
+        def upload_fail(msg)
+          logger.error msg
+          render :json => { :result => :fail, :errors => msg }, :status => :unprocessable_entity
+        end
+
+        def find_resource
+        end
+      end
+    end
+  end
+end

data/app/controllers/concerns/foreman/controller/parameters/oval_content.rb

@@ -0,0 +1,22 @@
+module Foreman::Controller::Parameters::OvalContent
+  extend ActiveSupport::Concern
+
+  class_methods do
+    def oval_content_params_filter
+      Foreman::ParameterFilter.new(::ForemanOpenscap::OvalContent).tap do |filter|
+        filter.permit :original_filename, :scap_file, :name, :url, :location_ids => [], :organization_ids => []
+      end
+    end
+  end
+
+  def oval_content_params
+    read_file_content self.class.oval_content_params_filter.filter_params(params, parameter_filter_context)
+  end
+
+  def read_file_content(params)
+    return params unless file = params[:scap_file]
+    content = file.read
+    filename = file.original_filename
+    params.merge(:scap_file => content, :original_filename => params[:original_filename] || filename)
+  end
+end

data/app/controllers/concerns/foreman/controller/parameters/oval_policy.rb

@@ -0,0 +1,22 @@
+module Foreman::Controller::Parameters::OvalPolicy
+  extend ActiveSupport::Concern
+
+  class_methods do
+    def filter_params_list
+      [:description, :name, :period,
+       :weekday, :day_of_month, :cron_line,
+       :oval_content_id,
+       :location_ids => [], :organization_ids => []]
+    end
+
+    def oval_policy_params_filter
+      Foreman::ParameterFilter.new(::ForemanOpenscap::OvalPolicy).tap do |filter|
+        filter.permit filter_params_list
+      end
+    end
+  end
+
+  def oval_policy_params
+    self.class.oval_policy_params_filter.filter_params(params, parameter_filter_context)
+  end
+end

data/app/controllers/concerns/foreman_openscap/hosts_controller_extensions.rb

@@ -5,7 +5,7 @@ module ForemanOpenscap
     end
 
     def process_hostgroup
-      @hostgroup = Hostgroup.find(params[:host][:hostgroup_id]) if params[:host][:hostgroup_id].to_i > 0
+      @hostgroup = ::Hostgroup.find(params[:host][:hostgroup_id]) if params[:host][:hostgroup_id].to_i > 0
       return head(:not_found) unless @hostgroup
       @openscap_proxy = @hostgroup.openscap_proxy
       super

data/app/graphql/types/cve.rb

@@ -0,0 +1,17 @@
+module Types
+  class Cve < BaseObject
+    description 'A CVE'
+    model_class ::ForemanOpenscap::Cve
+
+    global_id_field :id
+    field :ref_id, String
+    field :ref_url, String
+    field :has_errata, Boolean
+    field :definition_id, String
+    has_many :hosts, Types::Host
+
+    def self.graphql_definition
+      super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::Cve') }
+    end
+  end
+end

data/app/graphql/types/oval_content.rb

@@ -0,0 +1,17 @@
+module Types
+  class OvalContent < BaseObject
+    description 'An OVAL Content'
+    model_class ::ForemanOpenscap::OvalContent
+
+    global_id_field :id
+    timestamps
+    field :name, String
+    field :digest, String
+    field :original_filename, String
+    field :url, String
+
+    def self.graphql_definition
+      super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalContent') }
+    end
+  end
+end

data/app/graphql/types/oval_policy.rb

@@ -0,0 +1,21 @@
+module Types
+  class OvalPolicy < BaseObject
+    description 'An OVAL Policy'
+    model_class ::ForemanOpenscap::OvalPolicy
+
+    global_id_field :id
+    timestamps
+    field :name, String
+    field :description, String
+    field :period, String
+    field :weekday, String
+    field :day_of_month, String
+    field :cron_line, String
+    belongs_to :oval_content, ::Types::OvalContent
+    has_many :hostgroups, ::Types::Hostgroup
+
+    def self.graphql_definition
+      super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalPolicy') }
+    end
+  end
+end

data/app/helpers/arf_reports_helper.rb

@@ -35,20 +35,6 @@ module ArfReportsHelper
     "class='label label-#{tag} result-filter-tag'".html_safe
   end
 
-  def severity_tag(level)
-    tag = case level.downcase.to_sym
-          when :low
-            "info"
-          when :medium
-            "warning"
-          when :high
-            "danger"
-          else
-            "default"
-          end
-    "class='label label-#{tag}'".html_safe
-  end
-
   def multiple_actions_arf_report
     actions = [
       [_('Delete reports'), delete_multiple_arf_reports_path]

data/app/mailers/foreman_openscap/policy_mailer.rb

@@ -6,8 +6,8 @@ module ForemanOpenscap
       @time = options[:time] || 1.day.ago
 
       @policies = ::ForemanOpenscap::Policy.all.reject { |policy| policy.assets.map(&:host).compact.empty? }
-      @compliant_hosts = @policies.map { |policy| Host.comply_with policy }.flatten
-      @incompliant_hosts = @policies.map { |policy| Host.not_comply_with policy }.flatten
+      @compliant_hosts = @policies.map { |policy| ::Host.comply_with policy }.flatten
+      @incompliant_hosts = @policies.map { |policy| ::Host.not_comply_with policy }.flatten
       changed_hosts_of_policies(@policies)
 
       if user.nil? || user.mail.nil?

data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb

@@ -74,7 +74,7 @@ module ForemanOpenscap
       end
 
       def search_by_host_collection_name(key, operator, value)
-        scope = apply_condition(Host.joins(:host_collections),
+        scope = apply_condition(::Host.joins(:host_collections),
                                 operator == '<>',
                                 :katello_host_collections => { :name => value })
         query_conditions_from_scope ForemanOpenscap::ArfReport.where(:host_id => scope)

data/app/models/concerns/foreman_openscap/data_stream_content.rb

@@ -1,18 +1,11 @@
 module ForemanOpenscap
   module DataStreamContent
-    require 'digest/sha2'
-
     extend ActiveSupport::Concern
 
     included do
-      validates :digest, :presence => true
-      validates :scap_file, :presence => true
-
       validates_with ForemanOpenscap::DataStreamValidator
 
       after_save :create_profiles, :if => lambda { |ds_content| ds_content.scap_file_previously_changed? }
-
-      before_validation :redigest, :if => lambda { |ds_content| ds_content.persisted? && ds_content.scap_file_changed? }
       before_destroy ActiveRecord::Base::EnsureNotUsedBy.new(:policies)
     end
 
@@ -24,10 +17,6 @@ module ForemanOpenscap
       @proxy_url
     end
 
-    def digest
-      self[:digest] ||= Digest::SHA256.hexdigest(scap_file.to_s)
-    end
-
     def create_profiles
       fetch_profiles.each do |key, title|
         create_or_update_profile key, title
@@ -40,11 +29,5 @@ module ForemanOpenscap
       profile.update(:title => title) unless profile.title == title
       profile
     end
-
-    private
-
-    def redigest
-      self[:digest] = Digest::SHA256.hexdigest(scap_file.to_s)
-    end
   end
 end