inspec_tools 2.0.7

data/lib/inspec_tools/version.rb

@@ -0,0 +1,8 @@
+require 'git-version-bump'
+
+module InspecTools
+  # Enable lite-tags (2nd parameter to git-version-bump version command)
+  # Lite tags are tags that are used by GitHub releases that do not contain
+  # annotations
+  VERSION = GVB.version(false, true)
+end

data/lib/inspec_tools/xccdf.rb

@@ -0,0 +1,156 @@
+require_relative '../happy_mapper_tools/stig_attributes'
+require_relative '../happy_mapper_tools/cci_attributes'
+require_relative '../utilities/inspec_util'
+
+require 'digest'
+require 'json'
+
+module InspecTools
+  # rubocop:disable Metrics/ClassLength
+  # rubocop:disable Metrics/AbcSize
+  # rubocop:disable Metrics/PerceivedComplexity
+  # rubocop:disable Metrics/CyclomaticComplexity
+  # rubocop:disable Metrics/BlockLength
+  class XCCDF
+    def initialize(xccdf, replace_tags = nil)
+      @xccdf = xccdf
+      @xccdf = replace_tags_in_xccdf(replace_tags, @xccdf) unless replace_tags.nil?
+      cci_list_path = File.join(File.dirname(__FILE__), '../data/U_CCI_List.xml')
+      @cci_items = HappyMapperTools::CCIAttributes::CCI_List.parse(File.read(cci_list_path))
+      # @cci_items = HappyMapperTools::CCIAttributes::CCI_List.parse(File.read('./data/U_CCI_List.xml'))
+      @benchmark = HappyMapperTools::StigAttributes::Benchmark.parse(@xccdf)
+    end
+
+    def to_ckl
+      # TODO: to_ckl
+    end
+
+    def to_csv
+      # TODO: to_csv
+    end
+
+    def to_inspec
+      @profile = {}
+      @controls = []
+      insert_json_metadata
+      insert_controls
+      @profile['sha256'] = Digest::SHA256.hexdigest @profile.to_s
+      @profile
+    end
+
+    ####
+    # extracts non-InSpec attributes
+    ###
+    # TODO there may be more attributes we want to extract, see data/attributes.yml for example
+    def to_attributes # rubocop:disable Metrics/AbcSize
+      @attribute = {}
+
+      @attribute['benchmark.title'] = @benchmark.title
+      @attribute['benchmark.id'] = @benchmark.id
+      @attribute['benchmark.description'] = @benchmark.description
+      @attribute['benchmark.version'] = @benchmark.version
+
+      @attribute['benchmark.status'] = @benchmark.status
+      @attribute['benchmark.status.date'] = @benchmark.release_date.release_date
+
+      @attribute['benchmark.notice.id'] = @benchmark.notice.id
+
+      @attribute['benchmark.plaintext'] = @benchmark.plaintext.plaintext
+      @attribute['benchmark.plaintext.id'] = @benchmark.plaintext.id
+
+      @attribute['reference.href'] = @benchmark.reference.href
+      @attribute['reference.dc.publisher'] = @benchmark.reference.dc_publisher
+      @attribute['reference.dc.source'] = @benchmark.reference.dc_source
+      @attribute['reference.dc.title'] = @benchmark.group[0].rule.reference.dc_title if !@benchmark.group[0].nil?
+      @attribute['reference.dc.subject'] = @benchmark.group[0].rule.reference.dc_subject if !@benchmark.group[0].nil?
+      @attribute['reference.dc.type'] = @benchmark.group[0].rule.reference.dc_type if !@benchmark.group[0].nil?
+      @attribute['reference.dc.identifier'] = @benchmark.group[0].rule.reference.dc_identifier if !@benchmark.group[0].nil?
+
+      @attribute['content_ref.name'] = @benchmark.group[0].rule.check.content_ref.name if !@benchmark.group[0].nil?
+      @attribute['content_ref.href'] = @benchmark.group[0].rule.check.content_ref.href if !@benchmark.group[0].nil?
+
+      @attribute
+    end
+
+    def publisher
+      @benchmark.reference.dc_publisher
+    end
+
+    def published
+      @benchmark.release_date.release_date
+    end
+
+    def inject_metadata(metadata = '{}')
+      json_metadata = JSON.parse(metadata)
+      json_metadata.each do |key, value|
+        @profile[key] = value
+      end
+    end
+
+    private
+
+    def replace_tags_in_xccdf(replace_tags, xccdf_xml)
+      replace_tags.each do |tag|
+        xccdf_xml = xccdf_xml.gsub(/(&lt;|<)#{tag}(&gt;|>)/, "$#{tag}")
+      end
+      xccdf_xml
+    end
+
+    def insert_json_metadata
+      @profile['name'] = @benchmark.id
+      @profile['title'] = @benchmark.title
+      @profile['maintainer'] = 'The Authors' if @profile['maintainer'].nil?
+      @profile['copyright'] = 'The Authors' if @profile['copyright'].nil?
+      @profile['copyright_email'] = 'you@example.com' if @profile['copyright_email'].nil?
+      @profile['license'] = 'Apache-2.0' if @profile['license'].nil?
+      @profile['summary'] = "\"#{@benchmark.description.gsub('\\', '\\\\\\').gsub('"', '\"')}\""
+      @profile['version'] = '0.1.0' if @profile['version'].nil?
+      @profile['supports'] = []
+      @profile['attributes'] = []
+      @profile['generator'] = {
+        'name': 'inspec_tools',
+        'version': VERSION
+      }
+      @profile['plaintext'] = @benchmark.plaintext.plaintext
+      @profile['status'] = "#{@benchmark.status} on #{@benchmark.release_date.release_date}"
+      @profile['reference_href'] = @benchmark.reference.href
+      @profile['reference_publisher'] = @benchmark.reference.dc_publisher
+      @profile['reference_source'] = @benchmark.reference.dc_source
+    end
+
+    def insert_controls
+      @benchmark.group.each do |group|
+        control = {}
+        control['id'] = group.id
+        control['title'] = group.rule.title
+        control['desc'] = group.rule.description.vuln_discussion.split('Satisfies: ')[0]
+        control['impact'] = Utils::InspecUtil.get_impact(group.rule.severity)
+        control['tags'] = {}
+        control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
+        control['tags']['gtitle'] = group.title
+        control['tags']['satisfies'] = group.rule.description.vuln_discussion.split('Satisfies: ')[1].split(',').map(&:strip) if group.rule.description.vuln_discussion.split('Satisfies: ').length > 1
+        control['tags']['gid'] = group.id
+        control['tags']['rid'] = group.rule.id
+        control['tags']['stig_id'] = group.rule.version
+        control['tags']['fix_id'] = group.rule.fix.id
+        control['tags']['cci'] = group.rule.idents
+        control['tags']['nist'] = @cci_items.fetch_nists(group.rule.idents)
+        control['tags']['false_negatives'] = group.rule.description.false_negatives if group.rule.description.false_negatives != ''
+        control['tags']['false_positives'] = group.rule.description.false_positives if group.rule.description.false_positives != ''
+        control['tags']['documentable'] = group.rule.description.documentable if group.rule.description.documentable != ''
+        control['tags']['mitigations'] = group.rule.description.false_negatives if group.rule.description.mitigations != ''
+        control['tags']['severity_override_guidance'] = group.rule.description.severity_override_guidance if group.rule.description.severity_override_guidance != ''
+        control['tags']['security_override_guidance'] = group.rule.description.security_override_guidance if group.rule.description.security_override_guidance != ''
+        control['tags']['potential_impacts'] = group.rule.description.potential_impacts if group.rule.description.potential_impacts != ''
+        control['tags']['third_party_tools'] = group.rule.description.third_party_tools if group.rule.description.third_party_tools != ''
+        control['tags']['mitigation_controls'] = group.rule.description.mitigation_controls if group.rule.description.mitigation_controls != ''
+        control['tags']['responsibility'] = group.rule.description.responsibility if group.rule.description.responsibility != ''
+        control['tags']['ia_controls'] = group.rule.description.ia_controls if group.rule.description.ia_controls != ''
+        control['tags']['check'] = group.rule.check.content
+        control['tags']['fix'] = group.rule.fixtext
+        @controls << control
+      end
+      @profile['controls'] = @controls
+    end
+  end
+end

data/lib/inspec_tools/xlsx_tool.rb

@@ -0,0 +1,135 @@
+require 'nokogiri'
+require 'inspec-objects'
+require 'word_wrap'
+require 'yaml'
+require 'digest'
+
+require_relative '../utilities/inspec_util'
+require_relative '../utilities/cis_to_nist'
+
+# rubocop:disable Metrics/AbcSize
+# rubocop:disable Metrics/PerceivedComplexity
+# rubocop:disable Metrics/CyclomaticComplexity
+
+module InspecTools
+  # Methods for converting from XLS to various formats
+  class XLSXTool
+    LATEST_NIST_REV = 'Rev_4'.freeze
+
+    def initialize(xlsx, mapping, name, verbose = false)
+      @name = name
+      @xlsx = xlsx
+      @mapping = mapping
+      @verbose = verbose
+      @cis_to_nist = Utils::CisToNist.get_mapping('cis_to_nist_mapping')
+    end
+
+    def to_ckl
+      # TODO
+    end
+
+    def to_xccdf
+      # TODO
+    end
+
+    def to_inspec(control_prefix)
+      @controls = []
+      @cci_xml = nil
+      @profile = {}
+      insert_json_metadata
+      parse_cis_controls(control_prefix)
+      @profile['controls'] = @controls
+      @profile['sha256'] = Digest::SHA256.hexdigest @profile.to_s
+      @profile
+    end
+
+    private
+
+    def insert_json_metadata
+      @profile['name'] = @name
+      @profile['title'] = 'InSpec Profile'
+      @profile['maintainer'] = 'The Authors'
+      @profile['copyright'] = 'The Authors'
+      @profile['copyright_email'] = 'you@example.com'
+      @profile['license'] = 'Apache-2.0'
+      @profile['summary'] = 'An InSpec Compliance Profile'
+      @profile['version'] = '0.1.0'
+      @profile['supports'] = []
+      @profile['attributes'] = []
+      @profile['generator'] = {
+        'name': 'inspec_tools',
+        'version': ::InspecTools::VERSION
+      }
+    end
+
+    def parse_cis_controls(control_prefix)
+      [1, 2].each do |level|
+        @xlsx.sheet(level).each_row_streaming do |row|
+          if row[@mapping['control.id']].nil? || !/^\d+(\.?\d)*$/.match(row[@mapping['control.id']].formatted_value)
+            next
+          end
+
+          tag_pos = @mapping['control.tags']
+          control = {}
+          control['tags'] = {}
+          control['id'] = control_prefix + '-' + row[@mapping['control.id']].formatted_value unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
+          control['title']  = row[@mapping['control.title']].formatted_value unless cell_empty?(@mapping['control.title']) || cell_empty?(row[@mapping['control.title']])
+          control['desc'] = ''
+          control['desc'] = row[@mapping['control.desc']].formatted_value unless cell_empty?(row[@mapping['control.desc']])
+          control['tags']['rationale'] = row[tag_pos['rationale']].formatted_value unless cell_empty?(row[tag_pos['rationale']])
+
+          control['tags']['severity'] = level == 1 ? 'medium' : 'high'
+          control['impact'] = Utils::InspecUtil.get_impact(control['tags']['severity'])
+          control['tags']['ref'] = row[@mapping['control.ref']].formatted_value unless cell_empty?(@mapping['control.ref']) || cell_empty?(row[@mapping['control.ref']])
+          control['tags']['cis_level'] = level unless level.nil?
+
+          unless cell_empty?(row[tag_pos['cis_controls']])
+            # cis_control must be extracted from CIS control column via regex
+            cis_tags_array = row[tag_pos['cis_controls']].formatted_value.scan(/CONTROL:v(\d) (\d+)\.?(\d*)/).flatten
+            cis_tags = %i(revision section sub_section).zip(cis_tags_array).to_h
+            control = apply_cis_and_nist_controls(control, cis_tags)
+          end
+
+          control['tags']['cis_rid'] = row[@mapping['control.id']].formatted_value unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
+          control['tags']['check'] = row[tag_pos['check']].formatted_value unless cell_empty?(tag_pos['check']) || cell_empty?(row[tag_pos['check']])
+          control['tags']['fix'] = row[tag_pos['fix']].formatted_value unless cell_empty?(tag_pos['fix']) || cell_empty?(row[tag_pos['fix']])
+
+          @controls << control
+        end
+      end
+    end
+
+    def cell_empty?(cell)
+      return cell.empty? if cell.respond_to?(:empty?)
+
+      cell.nil?
+    end
+
+    def apply_cis_and_nist_controls(control, cis_tags)
+      control['tags']['cis_controls'], control['tags']['nist'] = [], []
+
+      if cis_tags[:sub_section].nil? || cis_tags[:sub_section].blank?
+        control['tags']['cis_controls'] << cis_tags[:section]
+        control['tags']['nist'] << get_nist_control_for_cis(cis_tags[:section])
+      else
+        control['tags']['cis_controls'] << "#{cis_tags[:section]}.#{cis_tags[:sub_section]}"
+        control['tags']['nist'] << get_nist_control_for_cis(cis_tags[:section], cis_tags[:sub_section])
+      end
+
+      control['tags']['nist'] << LATEST_NIST_REV unless control['tags']['nist'].nil?
+      control['tags']['cis_controls'] << "Rev_#{cis_tags[:revision]}" unless cis_tags[:revision].nil?
+
+      control
+    end
+
+    def get_nist_control_for_cis(section, sub_section = nil)
+      return @cis_to_nist[section] if sub_section.nil?
+
+      @cis_to_nist["#{section}.#{sub_section}"]
+    end
+  end
+end
+
+# rubocop:enable Metrics/AbcSize
+# rubocop:enable Metrics/PerceivedComplexity
+# rubocop:enable Metrics/CyclomaticComplexity

data/lib/inspec_tools_plugin.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+require 'inspec_tools/version'
+require 'inspec_tools/plugin'

data/lib/overrides/false_class.rb

@@ -0,0 +1,5 @@
+class FalseClass
+  def blank?
+    true
+  end
+end

data/lib/overrides/nil_class.rb

@@ -0,0 +1,5 @@
+class NilClass
+  def blank?
+    true
+  end
+end

data/lib/overrides/object.rb

@@ -0,0 +1,5 @@
+class Object
+  def blank?
+    respond_to?(:empty?) ? empty? : !self
+  end
+end

data/lib/overrides/string.rb

@@ -0,0 +1,5 @@
+class String
+  def blank?
+    self.strip.empty?
+  end
+end

data/lib/overrides/true_class.rb

@@ -0,0 +1,5 @@
+class TrueClass
+  def blank?
+    false
+  end
+end

data/lib/utilities/cis_to_nist.rb

@@ -0,0 +1,11 @@
+module Utils
+  class CisToNist
+    def self.get_mapping(mapping_file)
+      path = File.expand_path(File.join(File.expand_path(__dir__), '..', 'data', mapping_file))
+      raise "CIS to NIST control mapping does not exist at #{path}. Has it been generated?" unless File.exist?(path)
+
+      mapping = File.open(path)
+      Marshal.load(mapping)
+    end
+  end
+end

data/lib/utilities/csv_util.rb

@@ -0,0 +1,14 @@
+require 'csv'
+
+module Utils
+  class CSVUtil
+    def self.unpack_csv(csv_string, file)
+      csv = CSV.parse(csv_string)
+      CSV.open(file, 'wb') do |csv_file|
+        csv.each do |line|
+          csv_file << line
+        end
+      end
+    end
+  end
+end

data/lib/utilities/extract_pdf_text.rb

@@ -0,0 +1,20 @@
+require 'pdf-reader'
+
+module Util
+  class ExtractPdfText
+    def initialize(pdf)
+      @pdf = pdf
+      @extracted_text = ''
+      read_text
+    end
+
+    attr_reader :extracted_text
+
+    def read_text
+      reader = PDF::Reader.new(@pdf.path)
+      reader.pages.each do |page|
+        @extracted_text += page.text
+      end
+    end
+  end
+end

data/lib/utilities/inspec_util.rb

@@ -0,0 +1,441 @@
+require 'inspec-objects'
+require 'word_wrap'
+require 'pp'
+require 'uri'
+require 'net/http'
+require 'fileutils'
+require 'exceptions/impact_input_error'
+require 'exceptions/severity_input_error'
+require 'overrides/false_class'
+require 'overrides/true_class'
+require 'overrides/nil_class'
+require 'overrides/object'
+require 'overrides/string'
+require 'rubocop'
+
+# rubocop:disable Metrics/ClassLength
+# rubocop:disable Metrics/AbcSize
+# rubocop:disable Metrics/PerceivedComplexity
+# rubocop:disable Metrics/CyclomaticComplexity
+# rubocop:disable Metrics/MethodLength
+
+module Utils
+  class InspecUtil
+    DATA_NOT_FOUND_MESSAGE = 'N/A'.freeze
+    WIDTH = 80
+    IMPACT_SCORES = {
+      'none' => 0.0,
+      'low' => 0.1,
+      'medium' => 0.4,
+      'high' => 0.7,
+      'critical' => 0.9
+    }.freeze
+
+    def self.parse_data_for_xccdf(json)
+      data = {}
+
+      controls = []
+      if json['profiles'].nil?
+        controls = json['controls']
+      elsif json['profiles'].length == 1
+        controls = json['profiles'].last['controls']
+      else
+        json['profiles'].each do |profile|
+          controls.concat(profile['controls'])
+        end
+      end
+      c_data = {}
+
+      controls.each do |control|
+        c_id = control['id'].to_sym
+        c_data[c_id] = {}
+        c_data[c_id]['id']             = control['id']    || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['title']          = control['title'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['desc']           = control['desc'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['severity']       = control['tags']['severity'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['gid']            = control['tags']['gid'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['gtitle']         = control['tags']['gtitle'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['gdescription']   = control['tags']['gdescription'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['rid']            = control['tags']['rid'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['rversion']       = control['tags']['rversion'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['rweight']        = control['tags']['rweight'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['stig_id']        = control['tags']['stig_id'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['cci']            = control['tags']['cci'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['nist']           = control['tags']['nist'] || ['unmapped']
+        c_data[c_id]['check']          = control['tags']['check'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['checkref']       = control['tags']['checkref'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['fix']            = control['tags']['fix'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['fixref']         = control['tags']['fixref'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['fix_id']         = control['tags']['fix_id'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['rationale']      = control['tags']['rationale'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['cis_family']     = control['tags']['cis_family'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['cis_rid']        = control['tags']['cis_rid'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['cis_level']      = control['tags']['cis_level'] || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['impact']         = control['impact'].to_s || DATA_NOT_FOUND_MESSAGE
+        c_data[c_id]['code']           = control['code'].to_s || DATA_NOT_FOUND_MESSAGE
+      end
+
+      data['controls'] = c_data.values
+      data['status'] = 'success'
+      data
+    end
+
+    def self.parse_data_for_ckl(json)
+      data = {}
+
+      # Parse for inspec profile results json
+      json['profiles'].each do |profile|
+        profile['controls'].each do |control|
+          c_id = control['id'].to_sym
+          data[c_id] = {}
+
+          data[c_id][:vuln_num]       = control['id'] unless control['id'].nil?
+          data[c_id][:rule_title]     = control['title'] unless control['title'].nil?
+          data[c_id][:vuln_discuss]   = control['desc'] unless control['desc'].nil?
+
+          unless control['tags'].nil?
+            data[c_id][:severity]       = control['tags']['severity'] unless control['tags']['severity'].nil?
+            data[c_id][:gid]            = control['tags']['gid'] unless control['tags']['gid'].nil?
+            data[c_id][:group_title]    = control['tags']['gtitle'] unless control['tags']['gtitle'].nil?
+            data[c_id][:rule_id]        = control['tags']['rid'] unless control['tags']['rid'].nil?
+            data[c_id][:rule_ver]       = control['tags']['stig_id'] unless control['tags']['stig_id'].nil?
+            data[c_id][:cci_ref]        = control['tags']['cci'] unless control['tags']['cci'].nil?
+            data[c_id][:nist]           = control['tags']['nist'].join(' ') unless control['tags']['nist'].nil?
+          end
+
+          if control['descriptions'].respond_to?(:find)
+            data[c_id][:check_content]  = control['descriptions'].find { |c| c['label'] == 'fix' }&.dig('data')
+            data[c_id][:fix_text]       = control['descriptions'].find { |c| c['label'] == 'check' }&.dig('data')
+          end
+
+          data[c_id][:impact]         = control['impact'].to_s unless control['impact'].nil?
+          data[c_id][:profile_name]   = profile['name'].to_s unless profile['name'].nil?
+          data[c_id][:profile_shasum] = profile['sha256'].to_s unless profile['sha256'].nil?
+
+          data[c_id][:status] = []
+          data[c_id][:message] = []
+
+          if control.key?('results')
+            control['results'].each do |result|
+              if !result['backtrace'].nil?
+                result['status'] = 'error'
+              end
+              data[c_id][:status].push(result['status'])
+              data[c_id][:message].push("SKIPPED -- Test: #{result['code_desc']}\nMessage: #{result['skip_message']}\n") if result['status'] == 'skipped'
+              data[c_id][:message].push("FAILED -- Test: #{result['code_desc']}\nMessage: #{result['message']}\n") if result['status'] == 'failed'
+              data[c_id][:message].push("PASS -- #{result['code_desc']}\n") if result['status'] == 'passed'
+              data[c_id][:message].push("PROFILE_ERROR -- Test: #{result['code_desc']}\nMessage: #{result['backtrace']}\n") if result['status'] == 'error'
+            end
+          end
+
+          if data[c_id][:impact].to_f.zero?
+            data[c_id][:message].unshift("NOT_APPLICABLE -- Description: #{control['desc']}\n\n")
+          end
+        end
+      end
+      data
+    end
+
+    def self.get_platform(json)
+      json['profiles'].find { |profile| !profile[:platform].nil? }
+    end
+
+    def self.to_dotted_hash(hash, recursive_key = '')
+      hash.each_with_object({}) do |(k, v), ret|
+        key = recursive_key + k.to_s
+        if v.is_a? Hash
+          ret.merge! to_dotted_hash(v, key + '.')
+        else
+          ret[key] = v
+        end
+      end
+    end
+
+    def self.control_status(control, for_summary = false)
+      status_list = control[:status].uniq
+      if control[:impact].to_f.zero?
+        'Not_Applicable'
+      elsif status_list.include?('failed')
+        'Open'
+      elsif status_list.include?('passed')
+        'NotAFinding'
+      elsif status_list.include?('error') && for_summary
+        'Profile_Error'
+      else
+        # profile skipped or profile error
+        'Not_Reviewed'
+      end
+    end
+
+    def self.control_finding_details(control, control_clk_status)
+      result = "One or more of the automated tests failed or was inconclusive for the control \n\n #{control[:message].sort.join}" if control_clk_status == 'Open'
+      result = "All Automated tests passed for the control \n\n #{control[:message].join}" if control_clk_status == 'NotAFinding'
+      result = "Automated test skipped due to known accepted condition in the control : \n\n#{control[:message].join}" if control_clk_status == 'Not_Reviewed'
+      result = "Justification: \n #{control[:message].join}" if control_clk_status == 'Not_Applicable'
+      result = 'No test available or some test errors occurred for this control' if control_clk_status == 'Profile_Error'
+      result
+    end
+
+    # @!method get_impact(severity)
+    #   Takes in the STIG severity tag and converts it to the InSpec #{impact}
+    #   control tag.
+    #   At the moment the mapping is static, so that:
+    #     high => 0.7
+    #     medium => 0.5
+    #     low => 0.3
+    # @param severity [String] the string value you want to map to an InSpec
+    # 'impact' level.
+    #
+    # @return impact [Float] the impact level level mapped to the XCCDF severity
+    # mapped to a float between 0.0 - 1.0.
+    #
+    # @todo Allow for the user to pass in a hash for the desired mapping of text
+    # values to numbers or to override our hard coded values.
+    #
+    def self.get_impact(severity, use_cvss_terms: true)
+      return float_to_impact(severity, use_cvss_terms) if severity.is_a?(Float)
+
+      return string_to_impact(severity, use_cvss_terms) if severity.is_a?(String)
+
+      raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
+                                '1.0 or one of the approved keywords.'
+    end
+
+    private_class_method def self.float_to_impact(severity, use_cvss_terms)
+      unless severity.between?(0, 1)
+        raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
+                                  '1.0 or one of the approved keywords.'
+      end
+
+      if severity <= 0.01
+        0.0 # Informative
+      elsif severity < 0.4
+        0.3 # Low Impact
+      elsif severity < 0.7
+        0.5 # Medium Impact
+      elsif severity < 0.9 || use_cvss_terms
+        0.7 # High Impact
+      else
+        1.0 # Critical Controls
+      end
+    end
+
+    private_class_method def self.string_to_impact(severity, use_cvss_terms)
+      if /none|na|n\/a|not[_|(\s*)]?applicable/i.match?(severity)
+        impact = 0.0 # Informative
+      elsif /low|cat(egory)?\s*(iii|3)/i.match?(severity)
+        impact = 0.3 # Low Impact
+      elsif /med(ium)?|cat(egory)?\s*(ii|2)/i.match?(severity)
+        impact = 0.5 # Medium Impact
+      elsif /high|cat(egory)?\s*(i|1)/i.match?(severity)
+        impact = 0.7 # High Impact
+      elsif /crit(ical)?|severe/i.match?(severity)
+        impact = 1.0 # Critical Controls
+      else
+        raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
+                                  '1.0 or one of the approved keywords.'
+      end
+
+      impact == 1.0 && use_cvss_terms ? 0.7 : impact
+    end
+
+    def self.get_impact_string(impact, use_cvss_terms: true)
+      return if impact.nil?
+
+      value = impact.to_f
+      unless value.between?(0, 1)
+        raise ImpactInputError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]."
+      end
+
+      IMPACT_SCORES.reverse_each do |name, impact_score|
+        if name == 'critical' && value >= impact_score && use_cvss_terms
+          return 'high'
+        elsif value >= impact_score
+          return name
+        else
+          next
+        end
+      end
+    end
+
+    def self.unpack_inspec_json(directory, inspec_json, separated, output_format)
+      if directory == 'id'
+        directory = inspec_json['name']
+      end
+      controls = generate_controls(inspec_json)
+      unpack_profile(directory || 'profile', controls, separated, output_format || 'json')
+      create_inspec_yml(directory || 'profile', inspec_json)
+      create_license(directory || 'profile', inspec_json)
+      create_readme_md(directory || 'profile', inspec_json)
+    end
+
+    private_class_method def self.wrap(str, width = WIDTH)
+      str.gsub!("desc  \"\n    ", 'desc  "')
+      str.gsub!(/\\r/, "\n")
+      str.gsub!(/\\n/, "\n")
+
+      WordWrap.ww(str.to_s, width)
+    end
+
+    private_class_method def self.generate_controls(inspec_json)
+      controls = []
+      inspec_json['controls'].each do |json_control|
+        control = ::Inspec::Object::Control.new
+        if (defined? control.desc).nil?
+          control.descriptions[:default] = json_control['desc']
+          control.descriptions[:rationale] = json_control['tags']['rationale']
+          control.descriptions[:check] = json_control['tags']['check']
+          control.descriptions[:fix] = json_control['tags']['fix']
+        else
+          control.desc = json_control['desc']
+        end
+        control.id     = json_control['id']
+        control.title  = json_control['title']
+        control.impact = get_impact(json_control['impact'])
+
+        # json_control['tags'].each do |tag|
+        #  control.add_tag(Inspec::Object::Tag.new(tag.key, tag.value)
+        # end
+
+        control.add_tag(::Inspec::Object::Tag.new('severity', json_control['tags']['severity']))
+        control.add_tag(::Inspec::Object::Tag.new('gtitle', json_control['tags']['gtitle']))
+        control.add_tag(::Inspec::Object::Tag.new('satisfies', json_control['tags']['satisfies'])) if json_control['tags']['satisfies']
+        control.add_tag(::Inspec::Object::Tag.new('gid',      json_control['tags']['gid']))
+        control.add_tag(::Inspec::Object::Tag.new('rid',      json_control['tags']['rid']))
+        control.add_tag(::Inspec::Object::Tag.new('stig_id',  json_control['tags']['stig_id']))
+        control.add_tag(::Inspec::Object::Tag.new('fix_id', json_control['tags']['fix_id']))
+        control.add_tag(::Inspec::Object::Tag.new('cci', json_control['tags']['cci']))
+        control.add_tag(::Inspec::Object::Tag.new('nist', json_control['tags']['nist']))
+        control.add_tag(::Inspec::Object::Tag.new('cis_level', json_control['tags']['cis_level'])) unless json_control['tags']['cis_level'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('cis_controls', json_control['tags']['cis_controls'])) unless json_control['tags']['cis_controls'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('cis_rid', json_control['tags']['cis_rid'])) unless json_control['tags']['cis_rid'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('ref', json_control['tags']['ref'])) unless json_control['tags']['ref'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('false_negatives', json_control['tags']['false_negatives'])) unless json_control['tags']['false_positives'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('false_positives', json_control['tags']['false_positives'])) unless json_control['tags']['false_positives'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('documentable', json_control['tags']['documentable'])) unless json_control['tags']['documentable'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('mitigations', json_control['tags']['mitigations'])) unless json_control['tags']['mitigations'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('severity_override_guidance', json_control['tags']['severity_override_guidance'])) unless json_control['tags']['severity_override_guidance'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('security_override_guidance', json_control['tags']['security_override_guidance'])) unless json_control['tags']['security_override_guidance'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('potential_impacts', json_control['tags']['potential_impacts'])) unless json_control['tags']['potential_impacts'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('third_party_tools', json_control['tags']['third_party_tools'])) unless json_control['tags']['third_party_tools'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('mitigation_controls', json_control['tags']['mitigation_controls'])) unless json_control['tags']['mitigation_controls'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('responsibility', json_control['tags']['responsibility'])) unless json_control['tags']['responsibility'].blank?
+        control.add_tag(::Inspec::Object::Tag.new('ia_controls', json_control['tags']['ia_controls'])) unless json_control['tags']['ia_controls'].blank?
+
+        controls << control
+      end
+      controls
+    end
+
+    # @!method print_benchmark_info(info)
+    # writes benchmark info to profile inspec.yml file
+    #
+    private_class_method def self.create_inspec_yml(directory, inspec_json)
+      benchmark_info =
+        "name: #{inspec_json['name']}\n" \
+        "title: #{inspec_json['title']}\n" \
+        "maintainer: #{inspec_json['maintainer']}\n" \
+        "copyright: #{inspec_json['copyright']}\n" \
+        "copyright_email: #{inspec_json['copyright_email']}\n" \
+        "license: #{inspec_json['license']}\n" \
+        "summary: #{inspec_json['summary']}\n" \
+        "version: #{inspec_json['version']}\n"
+
+      myfile = File.new("#{directory}/inspec.yml", 'w')
+      myfile.puts benchmark_info
+    end
+
+    private_class_method def self.create_license(directory, inspec_json)
+      license_content = ''
+      if !inspec_json['license'].nil?
+        begin
+          response = Net::HTTP.get_response(URI(inspec_json['license']))
+          if response.code == '200'
+            license_content = response.body
+          else
+            license_content = inspec_json['license']
+          end
+        rescue StandardError => _e
+          license_content = inspec_json['license']
+        end
+      end
+
+      myfile = File.new("#{directory}/LICENSE", 'w')
+      myfile.puts license_content
+    end
+
+    private_class_method def self.create_readme_md(directory, inspec_json)
+      readme_contents =
+        "\# #{inspec_json['title']}\n" \
+        "#{inspec_json['summary']}\n" \
+        "---\n" \
+        "Name: #{inspec_json['name']}\n" \
+        "Author: #{inspec_json['maintainer']}\n" \
+        "Status: #{inspec_json['status']}\n" \
+        "Copyright: #{inspec_json['copyright']}\n" \
+        "Copyright Email: #{inspec_json['copyright_email']}\n" \
+        "Version: #{inspec_json['version']}\n" \
+        "#{inspec_json['plaintext']}\n" \
+        "Reference: #{inspec_json['reference_href']}\n" \
+        "Reference by: #{inspec_json['reference_publisher']}\n" \
+        "Reference source: #{inspec_json['reference_source']}\n"
+
+      myfile = File.new("#{directory}/README.md", 'w')
+      myfile.puts readme_contents
+    end
+
+    private_class_method def self.unpack_profile(directory, controls, separated, output_format)
+      FileUtils.rm_rf(directory) if Dir.exist?(directory)
+      Dir.mkdir directory unless Dir.exist?(directory)
+      Dir.mkdir "#{directory}/controls" unless Dir.exist?("#{directory}/controls")
+      Dir.mkdir "#{directory}/libraries" unless Dir.exist?("#{directory}/libraries")
+      if separated
+        if output_format == 'ruby'
+          controls.each do |control|
+            file_name = control.id.to_s
+            myfile = File.new("#{directory}/controls/#{file_name}.rb", 'w')
+            myfile.puts "# encoding: UTF-8\n\n"
+            myfile.puts wrap(control.to_ruby, WIDTH) + "\n"
+            myfile.close
+          end
+        else
+          controls.each do |control|
+            file_name = control.id.to_s
+            myfile = File.new("#{directory}/controls/#{file_name}.rb", 'w')
+            PP.pp(control.to_hash, myfile)
+            myfile.close
+          end
+        end
+      else
+        myfile = File.new("#{directory}/controls/controls.rb", 'w')
+        if output_format == 'ruby'
+          controls.each do |control|
+            myfile.puts "# encoding: UTF-8\n\n"
+            myfile.puts wrap(control.to_ruby.gsub('"', "\'"), WIDTH) + "\n"
+          end
+        else
+          controls.each do |control|
+            if (defined? control.desc).nil?
+              control.descriptions[:default].strip!
+            else
+              control.desc.strip!
+            end
+
+            PP.pp(control.to_hash, myfile)
+          end
+        end
+        myfile.close
+      end
+      config_store = ::RuboCop::ConfigStore.new
+      config_store.options_config = File.join(File.dirname(__FILE__), '../data/rubocop.yml')
+      rubocop = ::RuboCop::Runner.new({ auto_correct: true }, config_store)
+      rubocop.run([directory])
+    end
+  end
+end
+
+# rubocop:enable Metrics/ClassLength
+# rubocop:enable Metrics/AbcSize
+# rubocop:enable Metrics/PerceivedComplexity
+# rubocop:enable Metrics/CyclomaticComplexity
+# rubocop:enable Metrics/MethodLength