inspec_delta 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e32fef4ea8661cbb7510dfa92da7367237712a4d1e6c4ee709855d94359b8ce6
+  data.tar.gz: f9dc68c827755e37e74a0da42e90e2235475d4edaabcaf37df2760624dba7a55
+SHA512:
+  metadata.gz: 574ada892f56ddbfd1dec143c8bd1438ae45330355c9e84e050f648eb599c3598fe715ca3888ac679bd8c05b21c77bbc80b37059e090ecae605dd47397c2df87
+  data.tar.gz: d9b76544b91050d1ae6f4486f7fd79bac205e411f5ff8b39b071edc87b6760613595562c1fc76fa7f028d7d911d4ad52907b69d78f7920b450df0908e6a6b3aa

data/README.md

@@ -0,0 +1,29 @@
+[![Gem Version](https://badge.fury.io/rb/inspec_delta.png)](http://badge.fury.io/rb/inspec_delta)
+[![CD Status](https://github.com/jrperron88/inspec_delta/workflows/CI/badge.svg?branch=ETSOE-2220-TravisCI)](https://github.com/jrperron88/inspec_delta/actions?query=workflow%3ACI+branch%3AETSOE-2220-TravisCI)
+
+# Inspec Delta
+
+This Gem aims to make the maintenance of Inspec profiles representing security benchmarks less of a burden by providing helpful command line tools.
+
+For information on STIGs visit the [DoD Cyber Exchange](https://public.cyber.mil/stigs/).
+
+For stig definition files visit the [DoD Cyber Exchange Document Library](https://public.cyber.mil/stigs/downloads/).
+
+## Commands
+
+### inspec_delta help
+  - This will list all the commands along with their descriptions.
+
+### inspec_delta profile update
+  This command updates an existing Inspec profile for a STIG with the metadata from a new revision to that STIG. 
+  It reads through the XCCDF XML file from the new revision and updates the existing profile's controls as needed.
+
+  #### Usage
+  > inspec_delta profile update -p /path/to/profile -s /path/to/stig.xml
+
+  #### Options
+  ```ruby
+
+      -p, --pr, [--profile_path=PROFILE_PATH]    # Specified path to the root directory of the existing Inspec profile.
+      -s, --st, [--stig_file_path=STIG_PATH]     # Specified path to the XCCDF XML file from the new STIG revision we are updating to.
+  ```

data/bin/inspec_delta

@@ -0,0 +1,4 @@
+require_relative '../lib/inspec_delta'
+
+# Runs when gem is run from command line with arguments and options.
+InspecDelta::Command.start(ARGV)

data/lib/inspec_delta.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'thor'
+require 'rubocop'
+require 'fileutils'
+
+require_relative 'inspec_delta'
+require_relative 'inspec_delta/command'
+require_relative 'inspec_delta/objects'
+require_relative 'inspec_delta/parsers'

data/lib/inspec_delta/command.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require_relative 'commands/profile'
+
+module InspecDelta
+  # Public: Various commands issued for the user to interact with. These will
+  # be shown when they run inspec_delta.
+  class Command < Thor
+    # This will cause the return value of inspec_delta to be non-zero when an execution failure occurs.
+    # It is necessary to define this to suprress warning messages from Thor. They plan on making
+    # the 2.0 release of Thor remove the need to define this.
+    # GitHub Issue: https://github.com/erikhuda/thor/issues/244
+    def self.exit_on_failure?
+      true
+    end
+
+    # Contains subcommands for working with Inspec Profiles
+    desc 'profile', 'Subcommands: update'
+    subcommand 'profile', InspecDelta::Commands::Profile
+  end
+end

data/lib/inspec_delta/commands/profile.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module InspecDelta
+  module Commands
+    # This class will take care of operations related to profile manipulation
+    class Profile < Thor
+      desc 'update', 'Update profile from STIG file'
+      method_option :profile_path,
+                    aliases: %w[-p --pr],
+                    desc: 'The path to the directory that contains the profile to modify.',
+                    required: true
+      method_option :stig_file_path,
+                    aliases: %w[-s --st],
+                    desc: 'The path to the stig file to apply to the profile.',
+                    required: true
+      def update
+        prof = InspecDelta::Object::Profile.new(options[:profile_path])
+        prof.update(options[:stig_file_path])
+        prof.format
+      end
+    end
+  end
+end

data/lib/inspec_delta/objects.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require_relative 'objects/control'
+require_relative 'objects/profile'

data/lib/inspec_delta/objects/control.rb

@@ -0,0 +1,382 @@
+# frozen_string_literal: true
+
+require 'facets/string'
+require 'inspec-objects'
+require 'ruby_parser'
+require 'ruby2ruby'
+
+module InspecDelta
+  ##
+  # This module represents the objects used in the InspecDelta module
+  module Object
+    ##
+    # This class represents a modified representation of an Inspec Control
+    class Control < Inspec::Object::Control
+      MAX_LINE_LENGTH = 120
+      WORD_WRAP_INDENT = 4
+
+      attr_accessor :global_code, :control_code
+      attr_reader :control_string
+
+      ##
+      # Creates a new Control based on the Inspec Object Control definition
+      def initialize
+        super
+
+        @global_code = []
+        @control_code = []
+        @control_string = ''
+      end
+
+      # Updates a string representation of a Control with string substitutions
+      #
+      # @param [Control] other - The Control to be merged in
+      #
+      # @return [control_string] String updated string with the changes from other
+      def apply_updates(other)
+        apply_updates_title(other.title)
+        apply_updates_desc(other.descriptions[:default])
+        apply_updates_impact(other.impact)
+        apply_updates_tags(other)
+        @control_string
+      end
+
+      # Updates a string representation of a Control's title with string substitutions
+      #
+      # @param [String] title - The title to be applied to the Control
+      def apply_updates_title(title)
+        return if title.to_s.empty?
+
+        wrap_length = MAX_LINE_LENGTH - WORD_WRAP_INDENT
+
+        @control_string.sub!(
+          /title\s+(((").*?(?<!\\)")|((').*?(?<!\\)')|((%q{).*?(?<!\\)[}])|(nil))\n/m,
+          "title %q{#{title}}".word_wrap(wrap_length).indent(WORD_WRAP_INDENT)
+        )
+      end
+
+      # Updates a string representation of a Control's description with string substitutions
+      #
+      # @param [Control] desc - The description to be applied to the Control
+      def apply_updates_desc(desc)
+        return if desc.to_s.empty?
+
+        wrap_length = MAX_LINE_LENGTH - WORD_WRAP_INDENT
+
+        @control_string.sub!(
+          /desc\s+(((").*?(?<!\\)")|((').*?(?<!\\)')|((%q{).*?(?<!\\)[}])|(nil))\n/m,
+          "desc %q{#{desc}}".word_wrap(wrap_length).indent(WORD_WRAP_INDENT)
+        )
+      end
+
+      # Updates a string representation of a Control's impact with string substitutions
+      #
+      # @param [Decimal] impact - The impact to be applied to the Control
+      def apply_updates_impact(impact)
+        return if impact.nil?
+
+        @control_string.sub!(/impact\s+\d\.\d/, "impact #{impact}")
+      end
+
+      # Updates a string representation of a Control's tags with string substitutions
+      #
+      # @param [Control] other - The Control to be merged in
+      def apply_updates_tags(other)
+        other.tags.each do |ot|
+          tag = @tags.detect { |t| t.key == ot.key }
+          next unless tag
+
+          if ot.value.instance_of?(String)
+            apply_updates_tags_string(ot)
+          elsif ot.value.instance_of?(Array)
+            apply_updates_tags_array(ot)
+          elsif ot.value.instance_of?(FalseClass) || ot.value.instance_of?(TrueClass)
+            apply_updates_tags_bool(ot)
+          end
+        end
+      end
+
+      # Updates a string representation of a Control's tags with string substitutions
+      #
+      # @param [Tag] ot - The Tag to be merged in
+      def apply_updates_tags_string(tag)
+        if tag.value.empty?
+          @control_string.sub!(
+            /tag\s+['"]?#{tag.key}['"]?:\s+(((").*?(?<!\\)")|((').*?(?<!\\)')|((%q{).*?(?<!\\)[}])|(nil))\n/m,
+            "tag '#{tag.key}': nil\n"
+          )
+        else
+          wrap_length = MAX_LINE_LENGTH - WORD_WRAP_INDENT
+
+          @control_string.sub!(
+            /tag\s+['"]?#{tag.key}['"]?:\s+(((").*?(?<!\\)")|((').*?(?<!\\)')|((%q{).*?(?<!\\)[}])|(nil))\n/m,
+            "tag '#{tag.key}': %q{#{tag.value}}".word_wrap(wrap_length).indent(WORD_WRAP_INDENT)
+          )
+        end
+      end
+
+      # Updates a string representation of a Control's tags with string substitutions
+      #
+      # @param [Tag] ot - The Tag to be merged in
+      def apply_updates_tags_array(tag)
+        wrap_length = MAX_LINE_LENGTH - WORD_WRAP_INDENT
+
+        @control_string.sub!(
+          /tag\s+['"]?#{tag.key}['"]?:\s+(((%w\().*?(?<!\\)(\)))|((\[).*?(?<!\\)(\]))|(nil))\n/m,
+          "tag '#{tag.key}': #{tag.value}".word_wrap(wrap_length).indent(WORD_WRAP_INDENT)
+        )
+      end
+
+      # Updates a string representation of a Control's tags with string substitutions
+      #
+      # @param [Tag] ot - The Tag to be merged in
+      def apply_updates_tags_bool(tag)
+        @control_string.sub!(
+          /tag\s+['"]?#{tag.key}['"]?:\s+(true|false|'')\n/,
+          "tag '#{tag.key}': #{tag.value}\n"
+        )
+      end
+
+      # Hash of tags we want to read from the benchmark
+      #
+      # @return [hash] benchmark_tags
+      def self.benchmark_tags
+        {
+          'severity' => :severity,
+          'gtitle' => :gtitle,
+          'satisfies' => :satisfies,
+          'gid' => :gid,
+          'rid' => :rid,
+          'stig_id' => :stig_id,
+          'fix_id' => :fix_id,
+          'cci' => :cci,
+          'false_negatives' => :false_negatives,
+          'false_positives' => :false_positives,
+          'documentable' => :documentable,
+          'mitigations' => :mitigations,
+          'severity_override_guidance' => :severity_override_guidance,
+          'potential_impacts' => :potential_impacts,
+          'third_party_tools' => :third_party_tools,
+          'mitigation_controls' => :mitigation_controls,
+          'responsibility' => :responsibility,
+          'ia_controls' => :ia_controls,
+          'check' => :check,
+          'fix' => :fix
+        }
+      end
+
+      # Creates a new Control from a benchmark hash definition
+      #
+      # @param [Hash] benchmark - Hash representation of a benchmark
+      #
+      # @return [Control] Control representation of the benchmark
+      def self.from_benchmark(benchmark)
+        control = new
+        control.descriptions[:default] = benchmark[:desc]
+        control.id     = benchmark[:id]
+        control.title  = benchmark[:title]
+        control.impact = impact(benchmark[:severity])
+        benchmark_tags.each do |tag, benchmark_key|
+          control.add_tag(Inspec::Object::Tag.new(tag, benchmark[benchmark_key]))
+        end
+        control
+      end
+
+      # Creates a new Control from a ruby definition
+      #
+      # @param [String] ruby_control_path - path to the ruby file that contains the control
+      #
+      # @return [Control] Control parsed from file
+      def self.from_ruby(ruby_control_path)
+        control = new
+        control_file_string = File.read(File.expand_path(ruby_control_path))
+        send(:parse_ruby, control, RubyParser.new.parse(control_file_string))
+        control.instance_variable_set(:@control_string, control_file_string)
+        control
+      end
+
+      # Converts the string severity into a decimal representation
+      #
+      # @param [String] severity - string representation of the severity
+      #
+      # @return [decimal] numerical representation of the severity if match is found
+      # @return [string] severity if no match is found
+      def self.impact(severity)
+        {
+          'low' => 0.3,
+          'medium' => 0.5,
+          'high' => 0.7
+        }.fetch(severity) { severity }
+      end
+
+      # Merges another controll into self
+      #
+      # Currently we are only mergings objects from the base Inspec::Objects::Control
+      # as that is what will be used for updated STIG merges
+      # id is not updated as that should be the unique identifier
+      #
+      # @param [Control] other - another control to take values from.
+      #
+      # @return [Control] self - updated with values from other control
+      def merge_from(other)
+        @title = other.title unless other.title.to_s.empty?
+        @descriptions[:default] = other.descriptions[:default] unless other.descriptions[:default].to_s.empty?
+        @impact = other.impact unless other.impact.nil?
+        other.tags.each do |ot|
+          tag = @tags.detect { |t| t.key == ot.key }
+          tag ? tag.value = ot.value : @tags.push(ot)
+        end
+        self
+      end
+
+      # Takes an Sexp that is an S-exp representation of a ruby control, and parse it into a control
+      #
+      # @param [Control] control - A Control that we want to load the ruby Sexp into
+      # @param [Sexp] ruby_object - An Sexp representation of a ruby object
+      # <syntax>:
+      # s(:iter,
+      #   s(:call, nil, :control, s(:str, <controlId>)),
+      #   s(:block,
+      #     s(:call, nil, :title, s(:str, <title>)),
+      #     s(:call, nil, :desc, s(:str, <desc>)),
+      #     s(:call, nil, :impact, s(:lit, <impact>)),
+      #     [<tag>,<RubyCode>](see <Tag> definition)
+      #     ))
+      #
+      # <Tag>:
+      # s(:call, nil, :tag,
+      #   s(:hash,
+      #     s(:lit, :gtitle),
+      #       <string> || <array_of_strings> || <comment_hash>))
+      # <string>:
+      #   s(:str, 'str1')
+      # <array_of_strings>:
+      #   s(:array,
+      #     s(:str, 'str1'),
+      #     s(:str, 'str2')
+      # <comment_hash>
+      #   s(:hash,
+      #     s(:lit, :"Regular Expression Usage"),
+      #     s(:str, "RegEx Definition"))
+      #
+      # @return [Control] control - A Control that has been filled from the ruby_object
+      private_class_method def self.parse_base_control(control, ruby_object)
+        case ruby_object[0]
+        when :call
+          send(:parse_base_control_call, control, ruby_object)
+        when :block
+          ruby_object.each { |x| send(:parse_base_control, control, x) }
+        when :iter
+          if ruby_object[1][2] == :control
+            control.id = ruby_object[1][3][1]
+            send(:parse_base_control, control, ruby_object[3])
+          else
+            control.control_code.push(Ruby2Ruby.new.process(ruby_object.deep_clone))
+          end
+        else
+          control.control_code.push(Ruby2Ruby.new.process(ruby_object.deep_clone)) if ruby_object.instance_of?(Sexp)
+        end
+        control
+      end
+
+      # Takes an Sexp that is an S-exp representation of a ruby control with a type of call, and parse it into a control
+      #
+      # @param [Control] control - A Control that we want to load the ruby Sexp into
+      # @param [Sexp] ruby_object - An Sexp representation of a ruby object with a call type
+      # <syntax> (multiple examples):
+      # s(:call, nil, :control, s(:str, <title>))
+      # s(:call, nil, :title, s(:str, <title>))
+      # s(:call, nil, :desc, s(:str, <desc>))
+      # s(:call, nil, :impact, s(:lit, <impact>))
+      # <tag> (see <Tag> parameter)
+      # <RubyCode>
+      #
+      # <Tag>:
+      # s(:call, nil, :tag,
+      #   s(:hash,
+      #     s(:lit, :gtitle),
+      #       <string> || <array_of_strings> || <comment_hash>))
+      # <string>:
+      #   s(:str, 'str1')
+      # <array_of_strings>:
+      #   s(:array,
+      #     s(:str, 'str1'),
+      #     s(:str, 'str2')
+      # <comment_hash>
+      #   s(:hash,
+      #     s(:lit, :"Regular Expression Usage"),
+      #     s(:str, "RegEx Definition"))
+      #
+      # @return [Control] control - A Control that has been filled from the ruby_object
+      private_class_method def self.parse_base_control_call(control, ruby_object)
+        case ruby_object[2]
+        when :control
+          control.id = ruby_object[3][1]
+        when :title
+          control.title = ruby_object[3][1]
+        when :desc
+          control.descriptions[:default] = ruby_object[3][1]
+        when :impact
+          control.impact = ruby_object[3][1]
+        when :tag
+          control.add_tag(
+            Inspec::Object::Tag.new(ruby_object[3][1][1].to_s, Ruby2Ruby.new.process(ruby_object[3][2].deep_clone))
+          )
+        else
+          control.control_code.push(Ruby2Ruby.new.process(ruby_object.deep_clone))
+        end
+        control
+      end
+
+      # Takes an Sexp that is an S-exp representation of a customized ruby control, and parse it into a control
+      #
+      # @param [Control] control - A Control that we want to load the ruby Sexp into
+      # @param [Sexp] ruby_object - An Sexp representation of a ruby object
+      # <syntax>:
+      # s(:block,
+      #   s([<RubyCode>[0-9],<Control>,<RubyCode>[0-9]]))
+      #
+      # @return [Control] control - A Control that has been filled from the ruby_object
+      private_class_method def self.parse_ruby(control, ruby_object)
+        case ruby_object[0]
+        when :call
+          control.global_code.push(Ruby2Ruby.new.process(ruby_object.deep_clone))
+        when :block
+          ruby_object.each { |x| send(:parse_ruby, control, x) }
+        when :iter
+          case ruby_object[1][2]
+          when :control
+            send(:parse_base_control, control, ruby_object)
+          else
+            control.global_code.push(Ruby2Ruby.new.process(ruby_object.deep_clone))
+          end
+        else
+          # Anything that doesn't fall into the other scenarios is pure ruby code that falls outside of the control
+          # we want to add this code to the global code to be preserved as code.
+          control.global_code.push(Ruby2Ruby.new.process(ruby_object.deep_clone)) if ruby_object.instance_of?(Sexp)
+        end
+        control
+      end
+
+      # Converts the Control object into a string representation of a Ruby Object
+      #
+      # unable to use the super function as it is already converted to a string
+      #
+      # @return [string] the control as a ruby string
+      def to_ruby
+        res = []
+        res.push global_code unless global_code.empty?
+        res.push "control #{id.inspect} do"
+        res.push "  title #{title.inspect}" unless title.to_s.empty?
+        res.push "  desc  #{descriptions[:default].inspect}" unless descriptions[:default].to_s.empty?
+        res.push "  impact #{impact}" unless impact.nil?
+        tags.each do |t|
+          res.push("  #{t.to_ruby}")
+        end
+        res.push control_code unless control_code.empty?
+        res.push 'end'
+        res.join("\n")
+      end
+    end
+  end
+end

data/lib/inspec_delta/objects/profile.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module InspecDelta
+  ##
+  # This module represents the objects used in the InspecDelta module
+  module Object
+    # This class will take care of operations related to profile manipulation
+    class Profile
+      # Internal: Initializes the Profile object upon instantiation
+      #
+      # profile_path: String, path to the inspec profile's root directory.
+      # _options: Unused, contains extraneous parameters that may be passed to the initializer
+      #
+      # Returns: Nothing
+      def initialize(profile_path)
+        @profile_path = profile_path
+        raise StandardError, "Profile directory at #{@profile_path} not found" unless Dir.exist?(@profile_path)
+      end
+
+      # Formats a the ruby controls using rubocop with the rubo config file in the profile
+      #
+      def format
+        control_dir = File.join(File.expand_path(@profile_path), 'controls')
+        rubo_file = File.join(File.expand_path(@profile_path), '.rubocop.yml')
+        raise StandardError, "Rubocop configuration file at #{rubo_file} not found" unless File.exist?(rubo_file)
+
+        `rubocop -a #{control_dir} -c #{rubo_file}`
+      end
+
+      # Updates a profile metadata with definitions from a STIG xml file
+      #
+      # @param [profile_path] String - path to the inspec profile's root directory.
+      # @param [stig_file_path] String - The STIG file to be applied to profile.
+      def update(stig_file_path)
+        raise StandardError, "STIG file at #{stig_file_path} not found" unless File.exist?(stig_file_path)
+
+        control_dir = "#{@profile_path}/controls"
+        benchmark = InspecDelta::Parser::Benchmark.get_benchmark(stig_file_path)
+        benchmark.each do |control_id, control|
+          benchmark_control = InspecDelta::Object::Control.from_benchmark(control)
+          profile_control_path = File.join(File.expand_path(control_dir), "#{control_id}.rb")
+          if File.file?(profile_control_path)
+            update_existing_control_file(profile_control_path, benchmark_control)
+          else
+            create_new_control_file(profile_control_path, benchmark_control)
+          end
+        end
+      end
+
+      # Updates a control file with the updates from the stig
+      #
+      # @param [profile_control_path] String - The location of the Inspec profile on disk
+      # @param [benchmark_control] Control - Control built from the Inspec Benchmark
+      def update_existing_control_file(profile_control_path, benchmark_control)
+        profile_control = InspecDelta::Object::Control.from_ruby(profile_control_path)
+        updated_control = profile_control.apply_updates(benchmark_control)
+        File.open(profile_control_path, 'w') { |f| f.puts updated_control }
+      end
+
+      # Creates a control file with the string representation of the benchmark control
+      #
+      # @param [profile_control_path] String - The location of the Inspec profile on disk
+      # @param [benchmark_control] Control - Control built from the Inspec Benchmark
+      def create_new_control_file(profile_control_path, benchmark_control)
+        File.open(profile_control_path, 'w') { |f| f.puts benchmark_control.to_ruby }
+      end
+    end
+  end
+end

data/lib/inspec_delta/parsers.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative 'parsers/benchmark'

data/lib/inspec_delta/parsers/benchmark.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'happy_mapper_tools/stig_attributes'
+
+module InspecDelta
+  ##
+  # This module represents the objects used in the InspecDelta module
+  module Parser
+    ##
+    # This class represents a modified representation of an STIG benchmark
+    # which is a collection of Inspec Controls
+    class Benchmark
+      # Creates a new Benchmark from a STIG file
+      #
+      # @param [File] file - the STIG xml file
+      #
+      # @return [Hash] Hash representation of the benchmark - collection of Controls
+      def self.get_benchmark(file)
+        benchmark = HappyMapperTools::StigAttributes::Benchmark.parse(File.read(file))
+        benchmark_title = "#{benchmark.title} :: Version #{benchmark.version}, #{benchmark.plaintext&.plaintext}"
+
+        mapped_benchmark_group = benchmark.group.map do |b| # rubocop:disable Metrics/BlockLength
+          g = {}
+
+          g[:stig_title] = benchmark_title
+
+          g[:id] = b.id
+          g[:gtitle] = b.title
+          g[:description] = b.description
+          g[:gid] = b.id
+
+          rule = b.rule
+          g[:rid] = rule.id
+          g[:severity] = rule.severity
+          g[:stig_id] = rule.version
+          g[:title] = rule.title
+
+          description = rule.description.details
+          discussion = description.vuln_discussion
+          g[:vuln_discussion] = discussion
+          g[:false_negatives] = description.false_negatives
+          g[:false_positives] = description.false_positives
+          g[:documentable] = description.documentable
+          g[:mitigations] = description.mitigations
+          g[:severity_override_guidance] = description.severity_override_guidance
+          g[:potential_impacts] = description.potential_impacts
+          g[:third_party_tools] = description.third_party_tools
+          g[:mitigation_controls] = description.mitigation_controls
+          g[:responsibility] = description.responsibility
+          g[:ia_controls] = description.ia_controls
+          g[:desc] = discussion.split('Satisfies: ')[0].strip
+          if discussion.split('Satisfies: ').length > 1
+            g[:satisfies] = discussion.split('Satisfies: ')[1].split(',').map(&:strip)
+          end
+
+          reference_group = rule.reference
+          g[:dc_identifier] = reference_group.dc_identifier
+          g[:dc_publisher] = reference_group.dc_publisher
+          g[:dc_source] = reference_group.dc_source
+          g[:dc_subject] = reference_group.dc_subject
+          g[:dc_title] = reference_group.dc_title
+          g[:dc_type] = reference_group.dc_type
+
+          g[:cci] = rule.idents.select { |t| t.start_with?('CCI-') } # XCCDFReader
+
+          g[:fix] = rule.fixtext
+          g[:fix_id] = rule.fix.id
+
+          g[:check] = rule.check.content
+          g[:check_ref_name] = rule.check.content_ref.name
+          g[:check_ref] = rule.check.content_ref.href
+          [b.id, g]
+        end
+        mapped_benchmark_group.to_h
+      end
+    end
+  end
+end

data/lib/inspec_delta/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+##
+# This module is the overall representation of our InspecDelta implementation
+module InspecDelta
+  ##
+  # This is the version constant for the inspec_delta gem
+  VERSION = '0.1.1'
+end

metadata

@@ -0,0 +1,198 @@
+--- !ruby/object:Gem::Specification
+name: inspec_delta
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- JP024221
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-09-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: facets
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: inspec-objects
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: inspec_tools
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: ruby2ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.4
+- !ruby/object:Gem::Dependency
+  name: ruby_parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.14.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.14.2
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+description: Quality of Life tools for managing inspec profiles.
+email:
+- jeremy.perron2@cerner.com
+executables:
+- inspec_delta
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- bin/inspec_delta
+- lib/inspec_delta.rb
+- lib/inspec_delta/command.rb
+- lib/inspec_delta/commands/profile.rb
+- lib/inspec_delta/objects.rb
+- lib/inspec_delta/objects/control.rb
+- lib/inspec_delta/objects/profile.rb
+- lib/inspec_delta/parsers.rb
+- lib/inspec_delta/parsers/benchmark.rb
+- lib/inspec_delta/version.rb
+homepage: https://github.com/cerner/inspec_delta
+licenses:
+- APACHE
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.7'
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.1
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Quality of Life tools for managing inspec profiles.
+test_files: []