RubyGems - inspec-reporter-json-hdf - Versions diffs - 1.0.1 - Mend

inspec-reporter-json-hdf 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +7 -0
data/inspec-reporter-json-hdf.gemspec +30 -0
data/lib/inspec-reporter-json-hdf.rb +1 -0
data/lib/inspec-reporter-json-hdf/plugin.rb +14 -0
data/lib/inspec-reporter-json-hdf/reporter.rb +163 -0
data/lib/inspec-reporter-json-hdf/version.rb +8 -0
metadata +194 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a6c20b0715afb937bf44526ca1d45e7644c594fd8fe2749baaca84da1efbbcee
+  data.tar.gz: a1cacadb0ec44285a0f506e876efe175dbe8e074608aaa66296485354a35be61
+SHA512:
+  metadata.gz: 615fbd5bda9c8018b2e01dc6fe7801289b05cc6eb7b0077234f518c9e8f23a52aa738d153dc3bf4d74ecf74a232fd1bf5a6cc692c7dc004513a5ce4ba0f28faa
+  data.tar.gz: 1bdf1a54c466a3d150522aa5546729e5d0616d68fef645b57e3a01b0ee4f73d5f5e4bf0b5c9d229f7bddb00f256a6dcfe4c8088eb9ebc61a820312701d84206f

data/inspec-reporter-json-hdf.gemspec ADDED

@@ -0,0 +1,30 @@
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'inspec-reporter-json-hdf/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'inspec-reporter-json-hdf'
+  spec.version       = InspecPlugins::HdfReporter::VERSION
+  spec.authors       = ['Rony Xavier']
+  spec.email         = ['rxavier@mitre.org']
+  spec.summary       = 'InSpec Reporter plugin for Heimdall'
+  spec.description   = 'InSpec Reporter plugin to report HDF formated JSON to be used with Heimdall.'
+  spec.homepage      = 'https://github.com/mitre/inspec-reporter-json-hdf'
+  spec.license       = 'Apache-2.0'
+  spec.require_paths = ['lib']
+  spec.files = Dir.glob('{{lib}/**/*,inspec-reporter-json-hdf.gemspec}').reject { |f| File.directory?(f) }
+  spec.required_ruby_version = '~> 2.5'
+  spec.add_runtime_dependency 'git-lite-version-bump', '~> 0.17', '>= 0.17.3'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'bundler-audit'
+  spec.add_development_dependency 'codeclimate-test-reporter'
+  spec.add_development_dependency 'minitest'
+  spec.add_development_dependency 'minitest-reporters'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'inspec'
+end

data/lib/inspec-reporter-json-hdf.rb ADDED

	@@ -0,0 +1 @@
1	+ require_relative 'inspec-reporter-json-hdf/plugin'

data/lib/inspec-reporter-json-hdf/plugin.rb ADDED

@@ -0,0 +1,14 @@
+require 'inspec/plugin/v2'
+module InspecPlugins
+  module HdfReporter
+    class Plugin < Inspec.plugin(2)
+      plugin_name :'inspec-reporter-json-hdf'
+      reporter :hdf do
+        require_relative 'reporter.rb'
+        InspecPlugins::HdfReporter::Reporter
+      end
+    end
+  end
+end

data/lib/inspec-reporter-json-hdf/reporter.rb ADDED

@@ -0,0 +1,163 @@
+require 'inspec/plugin/v2'
+require 'json'
+VALID_FREQUENCY = %w[annually semiannually quarterly monthly every2weeks weekly every3days daily].freeze
+VALID_STATUSES = %w[passed failed].freeze
+DATE_FORMAT = '%Y-%m-%d'.freeze
+module InspecPlugins::HdfReporter
+  # Reporter Plugin Class
+  class Reporter < Inspec.plugin(2, :reporter)
+    def render
+      output(report.to_json, false)
+    end
+    def self.run_data_schema_constraints
+      '~> 0.0' # Accept any non-breaking change
+    end
+    def report
+      report = Inspec::Reporters::Json.new(@config).report
+      attestations = collect_attestations
+      report[:profiles].each do |profile|
+        profile[:controls].each do |control|
+          attestation = attestations.detect { |x| x['control_id'].eql?(control[:id]) }
+          next if attestation.nil?
+          control[:attestation] = attestation
+          unless attestation_expired?(attestation['updated'], attestation['frequency'])
+            control[:results] = apply_attestation(control[:results], attestation)
+          end
+        end
+      end
+      report
+    end
+    private
+    def apply_attestation(results, attestation)
+      if results.empty?
+        results = [{
+          "code_desc": 'Manually verified Status provided through attestation',
+          "run_time": 0.0,
+          "start_time": DateTime.now.to_s,
+          "status": attestation['status'],
+          "message": attestation_message(attestation)
+        }]
+      else
+        results.each do |result|
+          result[:message] = 'Automated test returned as passed.' if result[:status].eql?('passed')
+          result[:message] = result[:skip_message] if result[:status].eql?('skipped')
+          result[:status] = attestation['status']
+          result[:message] = result[:message] + attestation_message(attestation)
+          if result[:backtrace]
+            result[:message] = result[:message] + "\nbacktrace: #{result[:backtrace]}"
+            result[:backtrace] = nil
+          end
+        end
+      end
+      results
+    end
+    def attestation_message(attestation)
+      "
+       Attestation:
+       Status: #{attestation['status']}
+       Explanation: #{attestation['explanation']}
+       Updated: #{attestation['updated']}
+       Updated By: #{attestation['updated_by']}
+       Frequency: #{attestation['frequency']}
+       "
+    end
+    def attestation_expired?(date, frequency)
+      advanced_date(date, frequency) < DateTime.now
+    end
+    def advanced_date(date, frequency)
+      parsed_date = DateTime.strptime(date, DATE_FORMAT)
+      case frequency.downcase
+      when 'annually'
+        parsed_date.next_year(1)
+      when 'semiannually'
+        parsed_date.next_year(0.5)
+      when 'quarterly'
+        parsed_date.next_year(0.25)
+      when 'monthly'
+        parsed_date.next_month(1)
+      when 'every2weeks'
+        parsed_date.next_day(14)
+      when 'weekly'
+        parsed_date.next_day(7)
+      when 'every3days'
+        parsed_date.next_day(3)
+      when 'daily'
+        parsed_date.next_day(1)
+      else
+        parsed_date
+      end
+    end
+    # Check if its a valid Date and Date not in future.
+    def valid_date?(date)
+      DateTime.strptime(date, DATE_FORMAT) < DateTime.now
+    rescue ArgumentError
+      false
+    end
+    def valid_frequency?(frequency)
+      frequency.is_a?(String) && VALID_FREQUENCY.include?(frequency.downcase)
+    end
+    def valid_status?(status)
+      status.is_a?(String) && VALID_STATUSES.include?(status.downcase)
+    end
+    def collect_attestations
+      plugin_config = Inspec::Config.cached.fetch_plugin_config('inspec-reporter-json-hdf')
+      attestations = plugin_config['attestations'] || []
+      if attestations.empty?
+        puts 'Warning: Attestations not provided; HDF will be generated without attestations.'
+      else
+        validate_attestation(attestations)
+      end
+      attestations
+    end
+    def validate_attestation(attestations)
+      attestations.each do |attestation|
+        unless attestation['control_id'].is_a?(String)
+          raise "Error: Invalid `control_id` field at attestation: #{attestation}."
+        end
+        unless valid_status?(attestation['status'])
+          raise "Error: Invalid `status` field at attestation: #{attestation}."
+        end
+        unless attestation['updated_by'].is_a?(String)
+          raise "Error: Invalid `updated_by` field at attestation: #{attestation}."
+        end
+        unless attestation['explanation'].is_a?(String)
+          raise "Error: Invalid `explanation` field at attestation: #{attestation}."
+        end
+        unless valid_frequency?(attestation['frequency'])
+          raise "Error: Invalid `frequency` field at attestation: #{attestation}."
+        end
+        unless valid_date?(attestation['updated'])
+          raise "Error: Invalid `updated` field at attestation: #{attestation}."
+        end
+        if attestation_expired?(attestation['updated'], attestation['frequency'])
+          puts "Warning: Attestation Expired : #{attestation}"
+        end
+      end
+    end
+  end
+end

data/lib/inspec-reporter-json-hdf/version.rb ADDED

@@ -0,0 +1,8 @@
+# provide the version for the plugin
+require 'git-version-bump'
+module InspecPlugins
+  module HdfReporter
+    VERSION = GVB.version(false, true)
+  end
+end

metadata ADDED

@@ -0,0 +1,194 @@
+--- !ruby/object:Gem::Specification
+name: inspec-reporter-json-hdf
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Rony Xavier
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-01-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: git-lite-version-bump
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.17'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.17.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.17'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.17.3
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-reporters
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: inspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: InSpec Reporter plugin to report HDF formated JSON to be used with Heimdall.
+email:
+- rxavier@mitre.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- inspec-reporter-json-hdf.gemspec
+- lib/inspec-reporter-json-hdf.rb
+- lib/inspec-reporter-json-hdf/plugin.rb
+- lib/inspec-reporter-json-hdf/reporter.rb
+- lib/inspec-reporter-json-hdf/version.rb
+homepage: https://github.com/mitre/inspec-reporter-json-hdf
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.5'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.3
+signing_key:
+specification_version: 4
+summary: InSpec Reporter plugin for Heimdall
+test_files: []