inspec_tools 2.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE.md +15 -0
- data/README.md +373 -0
- data/Rakefile +96 -0
- data/exe/inspec_tools +14 -0
- data/lib/data/README.TXT +25 -0
- data/lib/data/U_CCI_List.xml +38403 -0
- data/lib/data/attributes.yml +23 -0
- data/lib/data/cci2html.xsl +136 -0
- data/lib/data/cis_to_nist_critical_controls +0 -0
- data/lib/data/cis_to_nist_mapping +0 -0
- data/lib/data/mapping.yml +17 -0
- data/lib/data/rubocop.yml +4 -0
- data/lib/data/stig.csv +1 -0
- data/lib/data/threshold.yaml +83 -0
- data/lib/exceptions/impact_input_error.rb +6 -0
- data/lib/exceptions/severity_input_error.rb +6 -0
- data/lib/happy_mapper_tools/benchmark.rb +161 -0
- data/lib/happy_mapper_tools/cci_attributes.rb +66 -0
- data/lib/happy_mapper_tools/stig_attributes.rb +216 -0
- data/lib/happy_mapper_tools/stig_checklist.rb +99 -0
- data/lib/inspec_tools.rb +17 -0
- data/lib/inspec_tools/ckl.rb +20 -0
- data/lib/inspec_tools/cli.rb +31 -0
- data/lib/inspec_tools/csv.rb +101 -0
- data/lib/inspec_tools/help.rb +9 -0
- data/lib/inspec_tools/help/compliance.md +7 -0
- data/lib/inspec_tools/help/csv2inspec.md +5 -0
- data/lib/inspec_tools/help/inspec2ckl.md +5 -0
- data/lib/inspec_tools/help/inspec2csv.md +5 -0
- data/lib/inspec_tools/help/inspec2xccdf.md +5 -0
- data/lib/inspec_tools/help/pdf2inspec.md +6 -0
- data/lib/inspec_tools/help/summary.md +5 -0
- data/lib/inspec_tools/help/xccdf2inspec.md +5 -0
- data/lib/inspec_tools/inspec.rb +331 -0
- data/lib/inspec_tools/pdf.rb +125 -0
- data/lib/inspec_tools/plugin.rb +15 -0
- data/lib/inspec_tools/plugin_cli.rb +275 -0
- data/lib/inspec_tools/summary.rb +126 -0
- data/lib/inspec_tools/version.rb +8 -0
- data/lib/inspec_tools/xccdf.rb +156 -0
- data/lib/inspec_tools/xlsx_tool.rb +135 -0
- data/lib/inspec_tools_plugin.rb +7 -0
- data/lib/overrides/false_class.rb +5 -0
- data/lib/overrides/nil_class.rb +5 -0
- data/lib/overrides/object.rb +5 -0
- data/lib/overrides/string.rb +5 -0
- data/lib/overrides/true_class.rb +5 -0
- data/lib/utilities/cis_to_nist.rb +11 -0
- data/lib/utilities/csv_util.rb +14 -0
- data/lib/utilities/extract_pdf_text.rb +20 -0
- data/lib/utilities/inspec_util.rb +441 -0
- data/lib/utilities/parser.rb +373 -0
- data/lib/utilities/text_cleaner.rb +69 -0
- metadata +359 -0
@@ -0,0 +1,101 @@
|
|
1
|
+
require 'csv'
|
2
|
+
require 'nokogiri'
|
3
|
+
require 'word_wrap'
|
4
|
+
require 'yaml'
|
5
|
+
require 'digest'
|
6
|
+
|
7
|
+
require_relative '../utilities/inspec_util'
|
8
|
+
|
9
|
+
# rubocop:disable Metrics/AbcSize
|
10
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
11
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
12
|
+
|
13
|
+
module InspecTools
|
14
|
+
# Methods for converting from CSV to various formats
|
15
|
+
class CSVTool
|
16
|
+
def initialize(csv, mapping, name, verbose = false)
|
17
|
+
@name = name
|
18
|
+
@csv = csv
|
19
|
+
@mapping = mapping
|
20
|
+
@verbose = verbose
|
21
|
+
@csv.shift if @mapping['skip_csv_header']
|
22
|
+
end
|
23
|
+
|
24
|
+
def to_ckl
|
25
|
+
# TODO
|
26
|
+
end
|
27
|
+
|
28
|
+
def to_xccdf
|
29
|
+
# TODO
|
30
|
+
end
|
31
|
+
|
32
|
+
def to_inspec
|
33
|
+
@controls = []
|
34
|
+
@cci_xml = nil
|
35
|
+
@profile = {}
|
36
|
+
read_cci_xml
|
37
|
+
insert_json_metadata
|
38
|
+
parse_controls
|
39
|
+
@profile['controls'] = @controls
|
40
|
+
@profile['sha256'] = Digest::SHA256.hexdigest @profile.to_s
|
41
|
+
@profile
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
def insert_json_metadata
|
47
|
+
@profile['name'] = @name
|
48
|
+
@profile['title'] = 'InSpec Profile'
|
49
|
+
@profile['maintainer'] = 'The Authors'
|
50
|
+
@profile['copyright'] = 'The Authors'
|
51
|
+
@profile['copyright_email'] = 'you@example.com'
|
52
|
+
@profile['license'] = 'Apache-2.0'
|
53
|
+
@profile['summary'] = 'An InSpec Compliance Profile'
|
54
|
+
@profile['version'] = '0.1.0'
|
55
|
+
@profile['supports'] = []
|
56
|
+
@profile['attributes'] = []
|
57
|
+
@profile['generator'] = {
|
58
|
+
'name': 'inspec_tools',
|
59
|
+
'version': VERSION
|
60
|
+
}
|
61
|
+
end
|
62
|
+
|
63
|
+
def read_cci_xml
|
64
|
+
cci_list_path = File.join(File.dirname(__FILE__), '../data/U_CCI_List.xml')
|
65
|
+
@cci_xml = Nokogiri::XML(File.open(cci_list_path))
|
66
|
+
@cci_xml.remove_namespaces!
|
67
|
+
rescue StandardError => e
|
68
|
+
puts "Exception: #{e.message}"
|
69
|
+
end
|
70
|
+
|
71
|
+
def get_nist_reference(cci_number)
|
72
|
+
item_node = @cci_xml.xpath("//cci_list/cci_items/cci_item[@id='#{cci_number}']")[0] unless @cci_xml.nil?
|
73
|
+
unless item_node.nil?
|
74
|
+
nist_ref = item_node.xpath('./references/reference[not(@version <= preceding-sibling::reference/@version) and not(@version <=following-sibling::reference/@version)]/@index').text
|
75
|
+
nist_ver = item_node.xpath('./references/reference[not(@version <= preceding-sibling::reference/@version) and not(@version <=following-sibling::reference/@version)]/@version').text
|
76
|
+
end
|
77
|
+
[nist_ref, nist_ver]
|
78
|
+
end
|
79
|
+
|
80
|
+
def parse_controls
|
81
|
+
@csv.each do |row|
|
82
|
+
print '.'
|
83
|
+
control = {}
|
84
|
+
control['id'] = row[@mapping['control.id']] unless @mapping['control.id'].nil? || row[@mapping['control.id']].nil?
|
85
|
+
control['title'] = row[@mapping['control.title']] unless @mapping['control.title'].nil? || row[@mapping['control.title']].nil?
|
86
|
+
control['desc'] = row[@mapping['control.desc']] unless @mapping['control.desc'].nil? || row[@mapping['control.desc']].nil?
|
87
|
+
control['tags'] = {}
|
88
|
+
nist, nist_rev = get_nist_reference(row[@mapping['control.tags']['cci']]) unless @mapping['control.tags']['cci'].nil? || row[@mapping['control.tags']['cci']].nil?
|
89
|
+
control['tags']['nist'] = [nist, 'Rev_' + nist_rev] unless nist.nil? || nist_rev.nil?
|
90
|
+
@mapping['control.tags'].each do |tag|
|
91
|
+
control['tags'][tag.first.to_s] = row[tag.last] unless row[tag.last].nil?
|
92
|
+
end
|
93
|
+
unless @mapping['control.tags']['severity'].nil? || row[@mapping['control.tags']['severity']].nil?
|
94
|
+
control['impact'] = Utils::InspecUtil.get_impact(row[@mapping['control.tags']['severity']])
|
95
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
96
|
+
end
|
97
|
+
@controls << control
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
@@ -0,0 +1,7 @@
|
|
1
|
+
compliance parses an inspec results json to check if the compliance level meets a specified threshold
|
2
|
+
|
3
|
+
Examples:
|
4
|
+
|
5
|
+
inspec_tools compliance -j examples/sample_json/rhel-simp.json -i '{compliance.min: 80, failed.critical.max: 0, failed.high.max: 0}'
|
6
|
+
|
7
|
+
inspec_tools compliance -j examples/sample_json/rhel-simp.json -f examples/sample_yaml/threshold.yaml
|
@@ -0,0 +1,6 @@
|
|
1
|
+
pdf2inspec translates a PDF Security Control Speficication to Inspec Security Profile
|
2
|
+
|
3
|
+
Examples:
|
4
|
+
|
5
|
+
inspec_tools pdf2inspec -p examples/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0.pdf
|
6
|
+
inspec_tools pdf2inspec -p examples/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0.pdf -o CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0
|
@@ -0,0 +1,331 @@
|
|
1
|
+
require 'date'
|
2
|
+
require 'json'
|
3
|
+
require 'cgi'
|
4
|
+
require 'csv'
|
5
|
+
require 'yaml'
|
6
|
+
require 'pp'
|
7
|
+
require_relative '../happy_mapper_tools/stig_attributes'
|
8
|
+
require_relative '../happy_mapper_tools/stig_checklist'
|
9
|
+
require_relative '../happy_mapper_tools/benchmark'
|
10
|
+
require_relative '../utilities/inspec_util'
|
11
|
+
require_relative 'csv'
|
12
|
+
|
13
|
+
# rubocop:disable Metrics/ClassLength
|
14
|
+
# rubocop:disable Metrics/AbcSize
|
15
|
+
# rubocop:disable Metrics/BlockLength
|
16
|
+
# rubocop:disable Style/GuardClause
|
17
|
+
|
18
|
+
module InspecTools
|
19
|
+
class Inspec
|
20
|
+
def initialize(inspec_json, metadata = '{}')
|
21
|
+
@json = JSON.parse(inspec_json.gsub(/\\+u0000/, ''))
|
22
|
+
@metadata = JSON.parse(metadata)
|
23
|
+
end
|
24
|
+
|
25
|
+
def to_ckl(title = nil, date = nil, cklist = nil)
|
26
|
+
@data = Utils::InspecUtil.parse_data_for_ckl(@json)
|
27
|
+
@platform = Utils::InspecUtil.get_platform(@json)
|
28
|
+
@title = generate_title title, @json, date
|
29
|
+
@cklist = cklist
|
30
|
+
@checklist = HappyMapperTools::StigChecklist::Checklist.new
|
31
|
+
if @cklist.nil?
|
32
|
+
generate_ckl
|
33
|
+
else
|
34
|
+
update_ckl
|
35
|
+
end
|
36
|
+
@checklist.to_xml.encode('UTF-8').gsub('<?xml version="1.0"?>', '<?xml version="1.0" encoding="UTF-8"?>').chomp
|
37
|
+
end
|
38
|
+
|
39
|
+
def to_xccdf(attributes, verbose = false)
|
40
|
+
@data = Utils::InspecUtil.parse_data_for_xccdf(@json)
|
41
|
+
@attribute = attributes
|
42
|
+
@attribute = {} if @attribute.eql? false
|
43
|
+
@verbose = verbose
|
44
|
+
@benchmark = HappyMapperTools::Benchmark::Benchmark.new
|
45
|
+
populate_header
|
46
|
+
# populate_profiles @todo populate profiles; not implemented now because its use is deprecated
|
47
|
+
populate_groups
|
48
|
+
@benchmark.to_xml
|
49
|
+
end
|
50
|
+
|
51
|
+
####
|
52
|
+
# converts an InSpec JSON to a CSV file
|
53
|
+
###
|
54
|
+
def to_csv
|
55
|
+
@data = {}
|
56
|
+
@data['controls'] = []
|
57
|
+
get_all_controls_from_json(@json)
|
58
|
+
data = inspec_json_to_array(@data)
|
59
|
+
CSV.generate do |csv|
|
60
|
+
data.each do |row|
|
61
|
+
csv << row
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
private
|
67
|
+
|
68
|
+
###
|
69
|
+
# This method converts an inspec json to an array of arrays
|
70
|
+
#
|
71
|
+
# @param inspec_json : an inspec profile formatted as a json object
|
72
|
+
###
|
73
|
+
def inspec_json_to_array(inspec_json)
|
74
|
+
data = []
|
75
|
+
headers = {}
|
76
|
+
inspec_json['controls'].each do |control|
|
77
|
+
control.each do |key, _|
|
78
|
+
control['tags'].each { |tag, _| headers[tag] = 0 } if key == 'tags'
|
79
|
+
control['results'].each { |result| result.each { |result_key, _| headers[result_key] = 0 } } if key == 'results'
|
80
|
+
headers[key] = 0 unless %w{tags results}.include?(key)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
data.push(headers.keys)
|
84
|
+
inspec_json['controls'].each do |json_control|
|
85
|
+
control = []
|
86
|
+
headers.each do |key, _|
|
87
|
+
control.push(json_control[key] || json_control['tags'][key] || json_control['results']&.collect { |result| result[key] }&.join(",\n") || nil)
|
88
|
+
end
|
89
|
+
data.push(control)
|
90
|
+
end
|
91
|
+
data
|
92
|
+
end
|
93
|
+
|
94
|
+
def get_all_controls_from_json(json)
|
95
|
+
json['profiles']&.each do |profile|
|
96
|
+
profile['controls'].each do |control|
|
97
|
+
@data['controls'] << control
|
98
|
+
end
|
99
|
+
end
|
100
|
+
if json['profiles'].nil?
|
101
|
+
json['controls'].each do |control|
|
102
|
+
@data['controls'] << control
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
def update_ckl
|
108
|
+
@checklist = HappyMapperTools::StigChecklist::Checklist.parse(@cklist.to_s)
|
109
|
+
@data.keys.each do |control_id|
|
110
|
+
vuln = @checklist.where('Vuln_Num', control_id.to_s)
|
111
|
+
vuln.status = Utils::InspecUtil.control_status(@data[control_id])
|
112
|
+
vuln.finding_details << Utils::InspecUtil.control_finding_details(@data[control_id], vuln.status)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
def generate_ckl
|
117
|
+
stigs = HappyMapperTools::StigChecklist::Stigs.new
|
118
|
+
istig = HappyMapperTools::StigChecklist::IStig.new
|
119
|
+
|
120
|
+
vuln_list = []
|
121
|
+
@data.keys.each do |control_id|
|
122
|
+
vuln_list.push(generate_vuln_data(@data[control_id]))
|
123
|
+
end
|
124
|
+
|
125
|
+
si_data = HappyMapperTools::StigChecklist::SiData.new
|
126
|
+
si_data.name = 'stigid'
|
127
|
+
si_data.data = ''
|
128
|
+
if !@metadata['stigid'].nil?
|
129
|
+
si_data.data = @metadata['stigid']
|
130
|
+
end
|
131
|
+
|
132
|
+
stig_info = HappyMapperTools::StigChecklist::StigInfo.new
|
133
|
+
stig_info.si_data = si_data
|
134
|
+
istig.stig_info = stig_info
|
135
|
+
|
136
|
+
istig.vuln = vuln_list
|
137
|
+
stigs.istig = istig
|
138
|
+
@checklist.stig = stigs
|
139
|
+
|
140
|
+
@checklist.asset = generate_asset
|
141
|
+
end
|
142
|
+
|
143
|
+
def generate_vuln_data(control)
|
144
|
+
vuln = HappyMapperTools::StigChecklist::Vuln.new
|
145
|
+
stig_data_list = []
|
146
|
+
|
147
|
+
%w{Vuln_Num Group_Title Rule_ID Rule_Ver Rule_Title Vuln_Discuss Check_Content Fix_Text}.each do |attribute|
|
148
|
+
stig_data_list << create_stig_data_element(attribute, control)
|
149
|
+
end
|
150
|
+
stig_data_list << handle_severity(control)
|
151
|
+
stig_data_list += handle_cci_ref(control)
|
152
|
+
stig_data_list << handle_stigref
|
153
|
+
|
154
|
+
vuln.stig_data = stig_data_list.reject(&:nil?)
|
155
|
+
vuln.status = Utils::InspecUtil.control_status(control)
|
156
|
+
vuln.comments = "\nAutomated compliance tests brought to you by the MITRE corporation and the InSpec project.\n\nInspec Profile: #{control[:profile_name]}\nProfile shasum: #{control[:profile_shasum]}"
|
157
|
+
vuln.finding_details = Utils::InspecUtil.control_finding_details(control, vuln.status)
|
158
|
+
vuln.severity_override = ''
|
159
|
+
vuln.severity_justification = ''
|
160
|
+
|
161
|
+
vuln
|
162
|
+
end
|
163
|
+
|
164
|
+
def generate_asset
|
165
|
+
asset = HappyMapperTools::StigChecklist::Asset.new
|
166
|
+
asset.role = !@metadata['role'].nil? ? @metadata['role'] : 'Workstation'
|
167
|
+
asset.type = !@metadata['type'].nil? ? @metadata['type'] : 'Computing'
|
168
|
+
asset.host_name = generate_hostname
|
169
|
+
asset.host_ip = generate_ip
|
170
|
+
asset.host_mac = generate_mac
|
171
|
+
asset.host_fqdn = generate_fqdn
|
172
|
+
asset.tech_area = !@metadata['tech_area'].nil? ? @metadata['tech_area'] : ''
|
173
|
+
asset.target_key = !@metadata['target_key'].nil? ? @metadata['target_key'] : ''
|
174
|
+
asset.web_or_database = !@metadata['web_or_database'].nil? ? @metadata['web_or_database'] : '0'
|
175
|
+
asset.web_db_site = !@metadata['web_db_site'].nil? ? @metadata['web_db_site'] : ''
|
176
|
+
asset.web_db_instance = !@metadata['web_db_instance'].nil? ? @metadata['web_db_instance'] : ''
|
177
|
+
asset
|
178
|
+
end
|
179
|
+
|
180
|
+
def generate_hostname
|
181
|
+
hostname = @metadata['hostname']
|
182
|
+
if hostname.nil? && @platform.nil?
|
183
|
+
hostname = ''
|
184
|
+
elsif hostname.nil?
|
185
|
+
hostname = @platform[:hostname]
|
186
|
+
end
|
187
|
+
hostname
|
188
|
+
end
|
189
|
+
|
190
|
+
def generate_mac
|
191
|
+
mac = @metadata['mac']
|
192
|
+
if mac.nil?
|
193
|
+
nics = @platform.nil? ? [] : @platform[:network]
|
194
|
+
nics_macs = []
|
195
|
+
nics.each do |nic|
|
196
|
+
nics_macs.push(nic[:mac])
|
197
|
+
end
|
198
|
+
mac = nics_macs.join(',')
|
199
|
+
end
|
200
|
+
mac
|
201
|
+
end
|
202
|
+
|
203
|
+
def generate_fqdn
|
204
|
+
fqdn = @metadata['fqdn']
|
205
|
+
if fqdn.nil? && @platform.nil?
|
206
|
+
fqdn = ''
|
207
|
+
elsif fqdn.nil?
|
208
|
+
fqdn = @platform[:fqdn]
|
209
|
+
end
|
210
|
+
fqdn
|
211
|
+
end
|
212
|
+
|
213
|
+
def generate_ip
|
214
|
+
ip = @metadata['ip']
|
215
|
+
if ip.nil?
|
216
|
+
nics = @platform.nil? ? [] : @platform[:network]
|
217
|
+
nics_ips = []
|
218
|
+
nics.each do |nic|
|
219
|
+
nics_ips.push(*nic[:ip])
|
220
|
+
end
|
221
|
+
ip = nics_ips.join(',')
|
222
|
+
end
|
223
|
+
ip
|
224
|
+
end
|
225
|
+
|
226
|
+
def populate_header
|
227
|
+
@benchmark.title = @attribute['benchmark.title']
|
228
|
+
@benchmark.id = @attribute['benchmark.id']
|
229
|
+
@benchmark.description = @attribute['benchmark.description']
|
230
|
+
@benchmark.version = @attribute['benchmark.version']
|
231
|
+
|
232
|
+
@benchmark.status = HappyMapperTools::Benchmark::Status.new
|
233
|
+
@benchmark.status.status = @attribute['benchmark.status']
|
234
|
+
@benchmark.status.date = @attribute['benchmark.status.date']
|
235
|
+
|
236
|
+
@benchmark.notice = HappyMapperTools::Benchmark::Notice.new
|
237
|
+
@benchmark.notice.id = @attribute['benchmark.notice.id']
|
238
|
+
|
239
|
+
@benchmark.plaintext = HappyMapperTools::Benchmark::Plaintext.new
|
240
|
+
@benchmark.plaintext.plaintext = @attribute['benchmark.plaintext']
|
241
|
+
@benchmark.plaintext.id = @attribute['benchmark.plaintext.id']
|
242
|
+
|
243
|
+
@benchmark.reference = HappyMapperTools::Benchmark::ReferenceBenchmark.new
|
244
|
+
@benchmark.reference.href = @attribute['reference.href']
|
245
|
+
@benchmark.reference.dc_publisher = @attribute['reference.dc.publisher']
|
246
|
+
@benchmark.reference.dc_source = @attribute['reference.dc.source']
|
247
|
+
end
|
248
|
+
|
249
|
+
def populate_groups
|
250
|
+
group_array = []
|
251
|
+
@data['controls'].each do |control|
|
252
|
+
group = HappyMapperTools::Benchmark::Group.new
|
253
|
+
group.id = control['id']
|
254
|
+
group.title = control['gtitle']
|
255
|
+
group.description = "<GroupDescription>#{control['gdescription']}</GroupDescription>"
|
256
|
+
|
257
|
+
group.rule = HappyMapperTools::Benchmark::Rule.new
|
258
|
+
group.rule.id = control['rid']
|
259
|
+
group.rule.severity = control['severity']
|
260
|
+
group.rule.weight = control['rweight']
|
261
|
+
group.rule.version = control['rversion']
|
262
|
+
group.rule.title = control['title'].tr("\n", ' ')
|
263
|
+
group.rule.description = "<VulnDiscussion>#{control['desc'].tr("\n", ' ')}</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>"
|
264
|
+
|
265
|
+
group.rule.reference = HappyMapperTools::Benchmark::ReferenceGroup.new
|
266
|
+
group.rule.reference.dc_publisher = @attribute['reference.dc.publisher']
|
267
|
+
group.rule.reference.dc_title = @attribute['reference.dc.title']
|
268
|
+
group.rule.reference.dc_subject = @attribute['reference.dc.subject']
|
269
|
+
group.rule.reference.dc_type = @attribute['reference.dc.type']
|
270
|
+
group.rule.reference.dc_identifier = @attribute['reference.dc.identifier']
|
271
|
+
|
272
|
+
group.rule.ident = HappyMapperTools::Benchmark::Ident.new
|
273
|
+
group.rule.ident.system = 'https://public.cyber.mil/stigs/cci/'
|
274
|
+
group.rule.ident.ident = control['cci']
|
275
|
+
|
276
|
+
group.rule.fixtext = HappyMapperTools::Benchmark::Fixtext.new
|
277
|
+
group.rule.fixtext.fixref = control['fixref']
|
278
|
+
group.rule.fixtext.fixtext = control['fix']
|
279
|
+
|
280
|
+
group.rule.fix = HappyMapperTools::Benchmark::Fix.new
|
281
|
+
group.rule.fix.id = control['fixref']
|
282
|
+
|
283
|
+
group.rule.check = HappyMapperTools::Benchmark::Check.new
|
284
|
+
group.rule.check.system = control['checkref']
|
285
|
+
group.rule.check.content_ref = HappyMapperTools::Benchmark::ContentRef.new
|
286
|
+
group.rule.check.content_ref.name = @attribute['content_ref.name']
|
287
|
+
group.rule.check.content_ref.href = @attribute['content_ref.href']
|
288
|
+
group.rule.check.content = control['check']
|
289
|
+
|
290
|
+
group_array << group
|
291
|
+
end
|
292
|
+
@benchmark.group = group_array
|
293
|
+
end
|
294
|
+
|
295
|
+
def generate_title(title, json, date)
|
296
|
+
title ||= "Untitled - Checklist Created from Automated InSpec Results JSON; Profiles: #{json['profiles'].map { |x| x['name'] }.join(' | ')}"
|
297
|
+
title + " Checklist Date: #{date || Date.today.to_s}"
|
298
|
+
end
|
299
|
+
|
300
|
+
def create_stig_data_element(attribute, control)
|
301
|
+
return HappyMapperTools::StigChecklist::StigData.new(attribute, control[attribute.downcase.to_sym]) unless control[attribute.downcase.to_sym].nil?
|
302
|
+
end
|
303
|
+
|
304
|
+
def handle_severity(control)
|
305
|
+
return if control[:impact].nil?
|
306
|
+
|
307
|
+
value = Utils::InspecUtil.get_impact_string(control[:impact], use_cvss_terms: false)
|
308
|
+
return if value == 'none'
|
309
|
+
|
310
|
+
HappyMapperTools::StigChecklist::StigData.new('Severity', value)
|
311
|
+
end
|
312
|
+
|
313
|
+
def handle_cci_ref(control)
|
314
|
+
return [] if control[:cci_ref].nil?
|
315
|
+
|
316
|
+
cci_data = []
|
317
|
+
if control[:cci_ref].respond_to?(:each)
|
318
|
+
control[:cci_ref].each do |cci_number|
|
319
|
+
cci_data << HappyMapperTools::StigChecklist::StigData.new('CCI_REF', cci_number)
|
320
|
+
end
|
321
|
+
cci_data
|
322
|
+
else
|
323
|
+
cci_data << HappyMapperTools::StigChecklist::StigData.new('CCI_REF', control[:cci_ref])
|
324
|
+
end
|
325
|
+
end
|
326
|
+
|
327
|
+
def handle_stigref
|
328
|
+
HappyMapperTools::StigChecklist::StigData.new('STIGRef', @title)
|
329
|
+
end
|
330
|
+
end
|
331
|
+
end
|