RubyGems - inspec_tools - Versions diffs - 2.0.1.pre2 → 2.0.1.pre3 - Mend

inspec_tools 2.0.1.pre2 → 2.0.1.pre3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 68a7bc23a335f2851633c7164898006ae7bd2526371194bff12c3b9b4592856c
-  data.tar.gz: 85f62513a8af8009705cf8afd55a4c1ac55054e95c7a3f08cd1f587cf7d67c09
+  metadata.gz: 9821cf8b386c55599d08754287c0e15cf461c2cf1885e9c4e2006f89c560427b
+  data.tar.gz: b07b4ea7ab7f79da47fa1ef3fc2dc52c09d98a7f6a8b24e140d0ba47aae7d435
 SHA512:
-  metadata.gz: e75e865855f24ff7013ec487bf11dc2c89c41f2b26968efb92376907f0b2fd7830cab6a2b140391ec8e1a146fbe3eef7a7aaa14e73e0e4f4d11933189942705f
-  data.tar.gz: 388f8fc5b01af577ebc64b6ddcc760459a322bb1e6f49207ab3891c4f15f8c68cc00d5f0f19592473357d03c672085c8af1c1699a3ecfb4045e2135747071643
+  metadata.gz: b0375514656589efc9171cdc47d2106376a3da86b84e5eb6bf753c8778819784074204bfbc8763536cf4aa1c720236c9692527239d5c2250d0f881f3c882104b
+  data.tar.gz: ecaa2419766fa3fe9f1ad9722e029002b19eb2e080309e8aeb797ad501ffbcf86ad5da3cc8968bfb8be83268f381261c69ca911315981ca5e1e8f8e356aabf2a

data/CHANGELOG.md CHANGED Viewed

@@ -2,7 +2,15 @@
 ## [Unreleased](https://github.com/mitre/inspec_tools/tree/HEAD)
-[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.1.pre1...HEAD)
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.1.pre2...HEAD)
+**Merged pull requests:**
+- Cleanup xlsx2inspec Process of Adding NIST and CIS Controls to Inspec Controls [\#127](https://github.com/mitre/inspec_tools/pull/127) ([Bialogs](https://github.com/Bialogs))
+## [v2.0.1.pre2](https://github.com/mitre/inspec_tools/tree/v2.0.1.pre2) (2020-04-02)
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.1.pre1...v2.0.1.pre2)
 **Merged pull requests:**

data/lib/inspec_tools/xlsx.rb CHANGED Viewed

@@ -13,11 +13,15 @@ require_relative '../utilities/inspec_util'
 module InspecTools
   # Methods for converting from XLS to various formats
   class XLSXTool
+    CIS_2_NIST_XLSX = Roo::Spreadsheet.open(File.join(File.dirname(__FILE__), '../data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx'))
+    LATEST_NIST_REV = 'Rev_4'.freeze
     def initialize(xlsx, mapping, name, verbose = false)
       @name = name
       @xlsx = xlsx
       @mapping = mapping
       @verbose = verbose
+      @cis_to_nist = get_cis_to_nist_control_mapping(CIS_2_NIST_XLSX)
     end
     def to_ckl
@@ -41,6 +45,18 @@ module InspecTools
     private
+    def get_cis_to_nist_control_mapping(spreadsheet)
+      cis_to_nist = {}
+      spreadsheet.sheet(3).each do |row|
+        if row[3].is_a? Numeric
+          cis_to_nist[row[3].to_s] = row[0]
+        else
+          cis2Nist[row[2].to_s] = row[0] unless (row[2] == '') || row[2].to_i.nil?
+        end
+      end
+      cis_to_nist
+    end
     def insert_json_metadata
       @profile['name'] = @name
       @profile['title'] = 'InSpec Profile'
@@ -59,67 +75,73 @@ module InspecTools
     end
     def parse_cis_controls(control_prefix)
-      cis2NistXls = Roo::Spreadsheet.open(File.join(File.dirname(__FILE__), "../data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx"))
-      cis2Nist = {}
-      cis2NistXls.sheet(3).each do |row|
-        if row[3].is_a? Numeric
-          cis2Nist[row[3].to_s] = row[0]
-        else
-          cis2Nist[row[2].to_s] = row[0] unless (row[2] == "") || (row[2].to_i.nil?)
-        end
-      end
-      [ 1, 2 ].each do |level|
+      [1, 2].each do |level|
         @xlsx.sheet(level).each_row_streaming do |row|
           if row[@mapping['control.id']].nil? || !/^\d+(\.?\d)*$/.match(row[@mapping['control.id']].formatted_value)
             next
           end
           tag_pos = @mapping['control.tags']
           control = {}
           control['tags'] = {}
-          control['id'] = control_prefix + '-' + row[@mapping['control.id']].formatted_value unless @mapping['control.id'].nil? || row[@mapping['control.id']].nil?
-          control['title']  = row[@mapping['control.title']].formatted_value  unless @mapping['control.title'].nil? || row[@mapping['control.title']].nil?
-          control['desc'] = ""
-          control['desc'] = row[@mapping['control.desc']].formatted_value unless row[@mapping['control.desc']].nil?
-          control['tags']['rationale'] = row[tag_pos['rationale']].formatted_value unless row[tag_pos['rationale']].empty?
+          control['id'] = control_prefix + '-' + row[@mapping['control.id']].formatted_value unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
+          control['title']  = row[@mapping['control.title']].formatted_value unless cell_empty?(@mapping['control.title']) || cell_empty?(row[@mapping['control.title']])
+          control['desc'] = ''
+          control['desc'] = row[@mapping['control.desc']].formatted_value unless cell_empty?(row[@mapping['control.desc']])
+          control['tags']['rationale'] = row[tag_pos['rationale']].formatted_value unless cell_empty?(row[tag_pos['rationale']])
           control['tags']['severity'] = level == 1 ? 'medium' : 'high'
           control['impact'] = Utils::InspecUtil.get_impact(control['tags']['severity'])
-          control['tags']['ref'] = row[@mapping['control.ref']].formatted_value unless @mapping['control.ref'].nil? || row[@mapping['control.ref']].nil?
+          control['tags']['ref'] = row[@mapping['control.ref']].formatted_value unless cell_empty?(@mapping['control.ref']) || cell_empty?(row[@mapping['control.ref']])
           control['tags']['cis_level'] = level unless level.nil?
-          unless row[tag_pos['cis_controls']].empty?
+          unless cell_empty?(row[tag_pos['cis_controls']])
             # cis_control must be extracted from CIS control column via regex
-            control = handle_cis_tags(control, row[tag_pos['cis_controls']].formatted_value.scan(/CONTROL:v(\d) (\d+)\.?(\d*)/))
+            cis_tags_array = row[tag_pos['cis_controls']].formatted_value.scan(/CONTROL:v(\d) (\d+)\.?(\d*)/).flatten
+            cis_tags = %i(revision section sub_section).zip(cis_tags_array).to_h
+            control = apply_cis_and_nist_controls(control, cis_tags)
           end
-          control['tags']['cis_rid'] = row[@mapping['control.id']].formatted_value unless @mapping['control.id'].nil? || row[@mapping['control.id']].nil?
-          control['tags']['check'] = row[tag_pos['check']].formatted_value unless tag_pos['check'].nil? || row[tag_pos['check']].empty?
-          control['tags']['fix'] = row[tag_pos['fix']].formatted_value unless tag_pos['fix'].nil? || row[tag_pos['fix']].empty?
+          control['tags']['cis_rid'] = row[@mapping['control.id']].formatted_value unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
+          control['tags']['check'] = row[tag_pos['check']].formatted_value unless cell_empty?(tag_pos['check']) || cell_empty?(row[tag_pos['check']])
+          control['tags']['fix'] = row[tag_pos['fix']].formatted_value unless cell_empty?(tag_pos['fix']) || cell_empty?(row[tag_pos['fix']])
           @controls << control
         end
       end
     end
-    def handle_cis_tags(control, cis_tags)
-      control['tags']['cis_controls'] = []
-      control['tags']['nist'] = []
+    def cell_empty?(cell)
+      return cell.empty? if cell.respond_to?(:empty?)
-      cis_tags.each do |cis_tag|
-        if cis_tag[2].nil? || cis_tag[2] == ""
-          control['tags']['cis_controls'] << cis_tag[1].to_s
-          control['tags']['nist'] << cis2Nist[cis_tag[1]]
-        else
-          control['tags']['cis_controls'] << cis_tag[1].to_s + "." + cis_tag[2].to_s
-          control['tags']['nist'] << cis2Nist[cis_tag[1].to_s + "." + cis_tag[2].to_s]
-        end
-      end
+      cell.nil?
+    end
+    def apply_cis_and_nist_controls(control, cis_tags)
+      control['tags']['cis_controls'], control['tags']['nist'] = [], []
-      if not control['tags']['nist'].nil?
-        control['tags']['nist'] << "Rev_4"
+      if cis_tags[:sub_section].nil? || cis_tags[:sub_section].blank?
+        control['tags']['cis_controls'] << cis_tags[:section]
+        control['tags']['nist'] << get_nist_control_for_cis([cis_tags[:section]])
+      else
+        control['tags']['cis_controls'] << "#{cis_tags[:section]}.#{cis_tags[:sub_section]}"
+        control['tags']['nist'] << get_nist_control_for_cis([cis_tags[:section], cis_tags[:sub_section]])
       end
-      control['tags']['cis_controls'] << "Rev_" +  cis_tags.first[0] unless cis_tags[0].nil?
+      control['tags']['nist'] << LATEST_NIST_REV unless control['tags']['nist'].nil?
+      control['tags']['cis_controls'] << "Rev_#{cis_tags[:revision]}" unless cis_tags[:revision].nil?
       control
     end
+    def get_nist_control_for_cis(section, sub_section=nil)
+      return @cis_to_nist[section] if sub_section.nil?
+      @cis_to_nist["#{section}.#{sub_section}"]
+    end
   end
 end
+# rubocop:enable Metrics/AbcSize
+# rubocop:enable Metrics/PerceivedComplexity
+# rubocop:enable Metrics/CyclomaticComplexity

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: inspec_tools
 version: !ruby/object:Gem::Version
-  version: 2.0.1.pre2
+  version: 2.0.1.pre3
 platform: ruby
 authors:
 - Robert Thew
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-04-02 00:00:00.000000000 Z
+date: 2020-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize