inspec_tools 1.4.2 → 1.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +244 -36
- data/README.md +34 -41
- data/Rakefile +6 -0
- data/exe/inspec_tools +1 -1
- data/lib/data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx +0 -0
- data/lib/data/README.TXT +1 -1
- data/lib/data/attributes.yml +8 -7
- data/lib/happy_mapper_tools/stig_checklist.rb +0 -1
- data/lib/inspec_tools.rb +1 -0
- data/lib/inspec_tools/cli.rb +26 -199
- data/lib/inspec_tools/csv.rb +2 -4
- data/lib/inspec_tools/inspec.rb +2 -2
- data/lib/inspec_tools/pdf.rb +2 -3
- data/lib/inspec_tools/plugin.rb +15 -0
- data/lib/inspec_tools/plugin_cli.rb +275 -0
- data/lib/inspec_tools/summary.rb +1 -1
- data/lib/inspec_tools/version.rb +1 -1
- data/lib/inspec_tools/xccdf.rb +2 -3
- data/lib/inspec_tools/xlsx.rb +117 -0
- data/lib/inspec_tools_plugin.rb +7 -0
- data/lib/utilities/inspec_util.rb +93 -34
- metadata +56 -53
- data/lib/data/debug_text +0 -5941
- data/lib/inspec_tools/command.rb +0 -50
- data/test/unit/inspec_tools/csv_test.rb +0 -30
- data/test/unit/inspec_tools/inspec_test.rb +0 -54
- data/test/unit/inspec_tools/pdf_test.rb +0 -24
- data/test/unit/inspec_tools/summary_test.rb +0 -42
- data/test/unit/inspec_tools/xccdf_test.rb +0 -50
- data/test/unit/inspec_tools_test.rb +0 -7
- data/test/unit/test_helper.rb +0 -5
- data/test/unit/utils/inspec_util_test.rb +0 -44
data/lib/inspec_tools/command.rb
DELETED
@@ -1,50 +0,0 @@
|
|
1
|
-
require 'thor'
|
2
|
-
|
3
|
-
# Override thor's long_desc identation behavior
|
4
|
-
# https://github.com/erikhuda/thor/issues/398
|
5
|
-
|
6
|
-
# rubocop:disable Naming/UncommunicativeMethodParamName
|
7
|
-
|
8
|
-
class Thor
|
9
|
-
module Shell
|
10
|
-
class Basic
|
11
|
-
def print_wrapped(message, _options = {})
|
12
|
-
message = "\n#{message}" unless message[0] == "\n"
|
13
|
-
stdout.puts message
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
module InspecTools
|
20
|
-
class Command < Thor
|
21
|
-
class << self
|
22
|
-
def dispatch(m, args, options, config)
|
23
|
-
# Allow calling for help via:
|
24
|
-
# inspec_tools command help
|
25
|
-
# inspec_tools command -h
|
26
|
-
# inspec_tools command --help
|
27
|
-
# inspec_tools command -D
|
28
|
-
#
|
29
|
-
# as well thor's normal way:
|
30
|
-
#
|
31
|
-
# inspec_tools help command
|
32
|
-
help_flags = Thor::HELP_MAPPINGS + ['help']
|
33
|
-
if args.length > 1 && !(args & help_flags).empty?
|
34
|
-
args -= help_flags
|
35
|
-
args.insert(-2, 'help')
|
36
|
-
end
|
37
|
-
|
38
|
-
# inspec_tools version
|
39
|
-
# inspec_tools --version
|
40
|
-
# inspec_tools -v
|
41
|
-
version_flags = ['--version', '-v']
|
42
|
-
if args.length == 1 && !(args & version_flags).empty?
|
43
|
-
args = ['version']
|
44
|
-
end
|
45
|
-
|
46
|
-
super
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
@@ -1,30 +0,0 @@
|
|
1
|
-
require 'csv'
|
2
|
-
require 'yaml'
|
3
|
-
require_relative '../test_helper'
|
4
|
-
require_relative '../../../lib/inspec_tools/csv'
|
5
|
-
|
6
|
-
class CSVTest < Minitest::Test
|
7
|
-
def test_that_csv_exists
|
8
|
-
refute_nil ::InspecTools::CSVTool
|
9
|
-
end
|
10
|
-
|
11
|
-
def test_csv_init_with_valid_params
|
12
|
-
csv = CSV.read('examples/csv2inspec/stig.csv', encoding: 'ISO8859-1')
|
13
|
-
mapping = YAML.load_file('examples/csv2inspec/mapping.yml')
|
14
|
-
assert(InspecTools::CSVTool.new(csv, mapping, 'test', false))
|
15
|
-
end
|
16
|
-
|
17
|
-
def test_csv_init_with_invalid_params
|
18
|
-
csv = nil
|
19
|
-
mapping = nil
|
20
|
-
assert_raises(StandardError) { InspecTools::CSVTool.new(csv, mapping, 'test', false) }
|
21
|
-
end
|
22
|
-
|
23
|
-
def test_csv_to_inspec
|
24
|
-
csv = CSV.read('examples/csv2inspec/stig.csv', encoding: 'ISO8859-1')
|
25
|
-
mapping = YAML.load_file('examples/csv2inspec/mapping.yml')
|
26
|
-
csv_tool = InspecTools::CSVTool.new(csv, mapping, 'test', false)
|
27
|
-
inspec_json = csv_tool.to_inspec
|
28
|
-
assert(inspec_json)
|
29
|
-
end
|
30
|
-
end
|
@@ -1,54 +0,0 @@
|
|
1
|
-
require_relative '../test_helper'
|
2
|
-
|
3
|
-
class InspecTest < Minitest::Test
|
4
|
-
def test_that_xccdf_exists
|
5
|
-
refute_nil ::InspecTools::Inspec
|
6
|
-
end
|
7
|
-
|
8
|
-
def test_inspec_init_with_valid_params
|
9
|
-
inspec_json = File.read('examples/sample_json/single_control_results.json')
|
10
|
-
assert(InspecTools::Inspec.new(inspec_json))
|
11
|
-
end
|
12
|
-
|
13
|
-
def test_inspec_init_with_invalid_params
|
14
|
-
json = nil
|
15
|
-
assert_raises(StandardError) { InspecTools::Inspec.new(json) }
|
16
|
-
end
|
17
|
-
|
18
|
-
def test_inspec_to_ckl
|
19
|
-
inspec_json = File.read('examples/sample_json/single_control_results.json')
|
20
|
-
inspec_tools = InspecTools::Inspec.new(inspec_json)
|
21
|
-
ckl = inspec_tools.to_ckl
|
22
|
-
assert(ckl)
|
23
|
-
end
|
24
|
-
|
25
|
-
def test_inspec_to_xccdf_results_json
|
26
|
-
inspec_json = File.read('examples/sample_json/single_control_results.json')
|
27
|
-
attributes = 'examples/attribute.json'
|
28
|
-
inspec_tools = InspecTools::Inspec.new(inspec_json)
|
29
|
-
xccdf = inspec_tools.to_xccdf(attributes)
|
30
|
-
assert(xccdf)
|
31
|
-
end
|
32
|
-
|
33
|
-
def test_inspec_to_xccdf_profile_json
|
34
|
-
inspec_json = File.read('examples/sample_json/single_control_profile.json')
|
35
|
-
attributes = 'examples/attribute.json'
|
36
|
-
inspec_tools = InspecTools::Inspec.new(inspec_json)
|
37
|
-
xccdf = inspec_tools.to_xccdf(attributes)
|
38
|
-
assert(xccdf)
|
39
|
-
end
|
40
|
-
|
41
|
-
def test_inspec_to_csv_results_json
|
42
|
-
inspec_json = File.read('examples/sample_json/single_control_results.json')
|
43
|
-
inspec_tools = InspecTools::Inspec.new(inspec_json)
|
44
|
-
csv = inspec_tools.to_csv
|
45
|
-
assert(csv)
|
46
|
-
end
|
47
|
-
|
48
|
-
def test_inspec_to_csv_profile_json
|
49
|
-
inspec_json = File.read('examples/sample_json/single_control_profile.json')
|
50
|
-
inspec_tools = InspecTools::Inspec.new(inspec_json)
|
51
|
-
csv = inspec_tools.to_csv
|
52
|
-
assert(csv)
|
53
|
-
end
|
54
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
require_relative '../test_helper'
|
2
|
-
|
3
|
-
class PDFTest < Minitest::Test
|
4
|
-
def test_that_csv_exists
|
5
|
-
refute_nil ::InspecTools::PDF
|
6
|
-
end
|
7
|
-
|
8
|
-
def test_pdf_init_with_valid_params
|
9
|
-
pdf = File.open('examples/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0.pdf')
|
10
|
-
assert(InspecTools::PDF.new(pdf, 'test', false))
|
11
|
-
end
|
12
|
-
|
13
|
-
def test_pdf_init_with_invalid_params
|
14
|
-
pdf = nil
|
15
|
-
assert_raises(StandardError) { InspecTools::PDF.new(pdf, 'test', false) }
|
16
|
-
end
|
17
|
-
|
18
|
-
def test_pdf_to_inspec
|
19
|
-
pdf = File.open('examples/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0.pdf')
|
20
|
-
pdf_tool = InspecTools::PDF.new(pdf, 'test', true)
|
21
|
-
inspec_json = pdf_tool.to_inspec
|
22
|
-
assert(inspec_json)
|
23
|
-
end
|
24
|
-
end
|
@@ -1,42 +0,0 @@
|
|
1
|
-
require 'csv'
|
2
|
-
require 'yaml'
|
3
|
-
require_relative '../test_helper'
|
4
|
-
require_relative '../../../lib/inspec_tools/csv'
|
5
|
-
|
6
|
-
class SummaryTest < Minitest::Test
|
7
|
-
def test_that_summary_exists
|
8
|
-
refute_nil ::InspecTools::Summary
|
9
|
-
end
|
10
|
-
|
11
|
-
def test_summary_init_with_valid_params
|
12
|
-
inspec_json = File.read('examples/sample_json/rhel-simp.json')
|
13
|
-
assert(InspecTools::Summary.new(inspec_json))
|
14
|
-
end
|
15
|
-
|
16
|
-
def test_summary_init_with_invalid_params
|
17
|
-
json = nil
|
18
|
-
assert_raises(StandardError) { InspecTools::Summary.new(json) }
|
19
|
-
end
|
20
|
-
|
21
|
-
def test_inspec_to_summary
|
22
|
-
inspec_json = File.read('examples/sample_json/rhel-simp.json')
|
23
|
-
inspec_tools = InspecTools::Summary.new(inspec_json)
|
24
|
-
summary = inspec_tools.to_summary
|
25
|
-
assert_equal(77.3, summary[:compliance])
|
26
|
-
assert_equal(33, summary[:status][:failed][:medium])
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_inspec_results_compliance_pass
|
30
|
-
inspec_json = File.read('examples/sample_json/rhel-simp.json')
|
31
|
-
threshold = YAML.safe_load('{compliance.min: 77, failed.critical.max: 0, failed.high.max: 3}')
|
32
|
-
inspec_tools = InspecTools::Summary.new(inspec_json)
|
33
|
-
assert_output(/Compliance threshold met/) { inspec_tools.threshold(threshold) }
|
34
|
-
end
|
35
|
-
|
36
|
-
def test_inspec_results_compliance_fail
|
37
|
-
inspec_json = File.read('examples/sample_json/rhel-simp.json')
|
38
|
-
threshold = YAML.safe_load('{compliance.min: 80, failed.critical.max: 0, failed.high.max: 0}')
|
39
|
-
inspec_tools = InspecTools::Summary.new(inspec_json)
|
40
|
-
assert_output(%r{Expected compliance.min:80 got:77.3(\r\n|\r|\n)Expected failed.high.max:0 got:3}) { inspec_tools.threshold(threshold) }
|
41
|
-
end
|
42
|
-
end
|
@@ -1,50 +0,0 @@
|
|
1
|
-
require_relative '../test_helper'
|
2
|
-
|
3
|
-
class XCCDFTest < Minitest::Test
|
4
|
-
def test_that_xccdf_exists
|
5
|
-
refute_nil ::InspecTools::XCCDF
|
6
|
-
end
|
7
|
-
|
8
|
-
def test_xccdf_init_with_valid_params
|
9
|
-
xccdf = File.read('examples/xccdf2inspec/data/U_Red_Hat_Enterprise_Linux_7_STIG_V1R4_Manual-xccdf.xml')
|
10
|
-
assert(InspecTools::XCCDF.new(xccdf))
|
11
|
-
end
|
12
|
-
|
13
|
-
def test_xccdf_init_with_invalid_params
|
14
|
-
xccdf = nil
|
15
|
-
assert_raises(StandardError) { InspecTools::XCCDF.new(xccdf) }
|
16
|
-
end
|
17
|
-
|
18
|
-
def test_xccdf_attributes
|
19
|
-
xccdf = InspecTools::XCCDF.new(File.read('examples/xccdf2inspec/data/U_Red_Hat_Enterprise_Linux_7_STIG_V1R4_Manual-xccdf.xml'))
|
20
|
-
assert_equal(xccdf.publisher, "DISA")
|
21
|
-
assert_equal(xccdf.published, "2017-12-14")
|
22
|
-
end
|
23
|
-
|
24
|
-
def test_to_inspec
|
25
|
-
xccdf = InspecTools::XCCDF.new(File.read('examples/xccdf2inspec/data/U_Red_Hat_Enterprise_Linux_7_STIG_V1R4_Manual-xccdf.xml'))
|
26
|
-
assert(xccdf.to_inspec)
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_to_inspec_metadata
|
30
|
-
xccdf = InspecTools::XCCDF.new(File.read('examples/xccdf2inspec/data/U_Red_Hat_Enterprise_Linux_7_STIG_V1R4_Manual-xccdf.xml'))
|
31
|
-
inspec_json = xccdf.to_inspec
|
32
|
-
assert_equal(inspec_json['name'], "RHEL_7_STIG")
|
33
|
-
assert_equal(inspec_json['title'], "Red Hat Enterprise Linux 7 Security Technical Implementation Guide")
|
34
|
-
assert_equal(inspec_json['maintainer'], "The Authors")
|
35
|
-
assert_equal(inspec_json['copyright'], "The Authors")
|
36
|
-
assert_equal(inspec_json['copyright_email'], "you@example.com")
|
37
|
-
assert_equal(inspec_json['license'], "Apache-2.0")
|
38
|
-
assert_equal(inspec_json['summary'], "\"This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.\"")
|
39
|
-
assert_equal(inspec_json['version'], "0.1.0")
|
40
|
-
assert_equal(inspec_json['supports'], [])
|
41
|
-
assert_equal(inspec_json['attributes'], [])
|
42
|
-
assert_equal(inspec_json['generator'], {"name": "inspec", "version": Gem.loaded_specs["inspec"].version})
|
43
|
-
end
|
44
|
-
|
45
|
-
def test_controls_count
|
46
|
-
xccdf = InspecTools::XCCDF.new(File.read('examples/xccdf2inspec/data/U_Red_Hat_Enterprise_Linux_7_STIG_V1R4_Manual-xccdf.xml'))
|
47
|
-
inspec_json = xccdf.to_inspec
|
48
|
-
assert_equal(240, inspec_json['controls'].count)
|
49
|
-
end
|
50
|
-
end
|
data/test/unit/test_helper.rb
DELETED
@@ -1,44 +0,0 @@
|
|
1
|
-
require 'json'
|
2
|
-
require 'fileutils'
|
3
|
-
require_relative '../test_helper'
|
4
|
-
require_relative '../../../lib/utilities/inspec_util'
|
5
|
-
|
6
|
-
class InspecUtilTest < Minitest::Test
|
7
|
-
def test_inspec_util_exists
|
8
|
-
refute_nil Utils::InspecUtil
|
9
|
-
end
|
10
|
-
|
11
|
-
def test_get_impact
|
12
|
-
assert_equal(0.3, Utils::InspecUtil.get_impact('low'))
|
13
|
-
assert_equal(0.5, Utils::InspecUtil.get_impact('medium'))
|
14
|
-
assert_equal(0.7, Utils::InspecUtil.get_impact('high'))
|
15
|
-
end
|
16
|
-
|
17
|
-
def test_unpack_inspec_json
|
18
|
-
json = JSON.parse(File.read('./examples/sample_json/single_control_profile.json'))
|
19
|
-
dir = Dir.mktmpdir
|
20
|
-
begin
|
21
|
-
Utils::InspecUtil.unpack_inspec_json(dir, json, false, 'ruby')
|
22
|
-
assert(File.exist?(dir + '/inspec.yml'))
|
23
|
-
assert(File.exist?(dir + '/README.md'))
|
24
|
-
assert(Dir.exist?(dir + '/libraries'))
|
25
|
-
assert(Dir.exist?(dir + '/controls'))
|
26
|
-
ensure
|
27
|
-
FileUtils.rm_rf dir
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
def test_parse_data_for_xccdf
|
32
|
-
json = JSON.parse(File.read('./examples/sample_json/single_control_profile.json'))
|
33
|
-
xccdf_json = Utils::InspecUtil.parse_data_for_xccdf(json)
|
34
|
-
assert_equal("Users must re-authenticate for privilege escalation.", xccdf_json['controls'][0]['title'])
|
35
|
-
assert_equal("F-78301r2_fix", xccdf_json['controls'][0]['fix_id'])
|
36
|
-
end
|
37
|
-
|
38
|
-
def test_parse_data_for_ckl
|
39
|
-
json = JSON.parse(File.read('./examples/sample_json/single_control_results.json'))
|
40
|
-
ckl_json = Utils::InspecUtil.parse_data_for_ckl(json)
|
41
|
-
assert_equal("Use human readable security markings", ckl_json[:"V-26680"][:rule_title])
|
42
|
-
assert_equal("AC-16 (5) Rev_4", ckl_json[:"V-26680"][:nist])
|
43
|
-
end
|
44
|
-
end
|