inspec_tools 2.0.2.pre7 → 2.0.2.pre8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -3
- data/lib/happy_mapper_tools/stig_checklist.rb +6 -0
- data/lib/inspec_tools/inspec.rb +59 -51
- data/lib/inspec_tools/plugin_cli.rb +1 -1
- data/lib/utilities/inspec_util.rb +6 -10
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4c0c4c149888d3a7b8c1c4455e4110ca665cac3ed59544120a2cc0447a031544
|
4
|
+
data.tar.gz: dac8d2543995b1aaceb383b1a9239c1280cfd74b2effb99796f558a0e9ef2812
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 020fd1249cbe919996fbc7037cb6d5d55bad2a99ee6f8eed7044afc3452804cc264940c471c110b003b59e24c31039c194e6553b7114c9be2b353d41682a01f8
|
7
|
+
data.tar.gz: 44911ab26c33046670a35a2a5919afb0c4a1b8de38838dd04dfc65720df9020018f566cfb1e027fe014209b72d18cd2800aa3d6fc2cfd9af84758bae39bbc73f
|
data/CHANGELOG.md
CHANGED
@@ -2,7 +2,26 @@
|
|
2
2
|
|
3
3
|
## [Unreleased](https://github.com/mitre/inspec_tools/tree/HEAD)
|
4
4
|
|
5
|
-
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.
|
5
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre7...HEAD)
|
6
|
+
|
7
|
+
**Fixed bugs:**
|
8
|
+
|
9
|
+
- CCI Information is blank in CKL output [\#147](https://github.com/mitre/inspec_tools/issues/147)
|
10
|
+
- STIG Viewer fails to validate CKL Schema [\#131](https://github.com/mitre/inspec_tools/issues/131)
|
11
|
+
|
12
|
+
**Closed issues:**
|
13
|
+
|
14
|
+
- Add integration tests to validate output Checklist against schema [\#62](https://github.com/mitre/inspec_tools/issues/62)
|
15
|
+
|
16
|
+
**Merged pull requests:**
|
17
|
+
|
18
|
+
- Break CCI Vuln Information into separate StigData [\#167](https://github.com/mitre/inspec_tools/pull/167) ([Bialogs](https://github.com/Bialogs))
|
19
|
+
- Missing array type for replace\_tags [\#166](https://github.com/mitre/inspec_tools/pull/166) ([Didar-Bhullar](https://github.com/Didar-Bhullar))
|
20
|
+
- 131 ckl schema [\#163](https://github.com/mitre/inspec_tools/pull/163) ([Bialogs](https://github.com/Bialogs))
|
21
|
+
|
22
|
+
## [v2.0.2.pre7](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre7) (2020-04-28)
|
23
|
+
|
24
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre6...v2.0.2.pre7)
|
6
25
|
|
7
26
|
**Implemented enhancements:**
|
8
27
|
|
@@ -19,7 +38,6 @@
|
|
19
38
|
- Updated README to standardize wording [\#160](https://github.com/mitre/inspec_tools/pull/160) ([Bialogs](https://github.com/Bialogs))
|
20
39
|
- Remove guardfile [\#159](https://github.com/mitre/inspec_tools/pull/159) ([Bialogs](https://github.com/Bialogs))
|
21
40
|
- Remove unnecessary debug output from xccdf2inspec [\#158](https://github.com/mitre/inspec_tools/pull/158) ([rbclark](https://github.com/rbclark))
|
22
|
-
- Add unit tests for XLSXTool and add system tests in CI [\#130](https://github.com/mitre/inspec_tools/pull/130) ([Bialogs](https://github.com/Bialogs))
|
23
41
|
|
24
42
|
## [v2.0.2.pre6](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre6) (2020-04-28)
|
25
43
|
|
@@ -68,6 +86,7 @@
|
|
68
86
|
|
69
87
|
**Merged pull requests:**
|
70
88
|
|
89
|
+
- Add unit tests for XLSXTool and add system tests in CI [\#130](https://github.com/mitre/inspec_tools/pull/130) ([Bialogs](https://github.com/Bialogs))
|
71
90
|
- Apply fixes from CodeFactor [\#129](https://github.com/mitre/inspec_tools/pull/129) ([aaronlippold](https://github.com/aaronlippold))
|
72
91
|
|
73
92
|
## [v2.0.1.pre3](https://github.com/mitre/inspec_tools/tree/v2.0.1.pre3) (2020-04-03)
|
@@ -471,7 +490,6 @@
|
|
471
490
|
**Merged pull requests:**
|
472
491
|
|
473
492
|
- Updated rake version [\#69](https://github.com/mitre/inspec_tools/pull/69) ([robthew](https://github.com/robthew))
|
474
|
-
- Add in 'inspec' and 'fileutils' require statements [\#65](https://github.com/mitre/inspec_tools/pull/65) ([samcornwell](https://github.com/samcornwell))
|
475
493
|
|
476
494
|
## [v1.4.1](https://github.com/mitre/inspec_tools/tree/v1.4.1) (2019-06-20)
|
477
495
|
|
@@ -483,6 +501,7 @@
|
|
483
501
|
|
484
502
|
**Merged pull requests:**
|
485
503
|
|
504
|
+
- Add in 'inspec' and 'fileutils' require statements [\#65](https://github.com/mitre/inspec_tools/pull/65) ([samcornwell](https://github.com/samcornwell))
|
486
505
|
- Apply fixes from CodeFactor [\#61](https://github.com/mitre/inspec_tools/pull/61) ([aaronlippold](https://github.com/aaronlippold))
|
487
506
|
|
488
507
|
## [v1.3.6](https://github.com/mitre/inspec_tools/tree/v1.3.6) (2019-05-02)
|
@@ -42,6 +42,12 @@ module HappyMapperTools
|
|
42
42
|
# Class Asset maps from the 'STIG_DATA' from Checklist XML file using HappyMapper
|
43
43
|
class StigData
|
44
44
|
include HappyMapper
|
45
|
+
|
46
|
+
def initialize(attrib = nil, data = nil)
|
47
|
+
self.attrib = attrib
|
48
|
+
self.data = data
|
49
|
+
end
|
50
|
+
|
45
51
|
tag 'STIG_DATA'
|
46
52
|
has_one :attrib, String, tag: 'VULN_ATTRIBUTE'
|
47
53
|
has_one :data, String, tag: 'ATTRIBUTE_DATA'
|
data/lib/inspec_tools/inspec.rb
CHANGED
@@ -113,57 +113,6 @@ module InspecTools
|
|
113
113
|
end
|
114
114
|
end
|
115
115
|
|
116
|
-
def generate_vuln_data(control)
|
117
|
-
vuln = HappyMapperTools::StigChecklist::Vuln.new
|
118
|
-
stig_data_list = []
|
119
|
-
|
120
|
-
%w{
|
121
|
-
Vuln_Num Severity Group_Title Rule_ID Rule_Ver Rule_Title Vuln_Discuss
|
122
|
-
Check_Content Fix_Text CCI_REF
|
123
|
-
}.each do |attrib|
|
124
|
-
if attrib == 'Severity'
|
125
|
-
key = :impact
|
126
|
-
else
|
127
|
-
key = attrib.downcase.to_sym
|
128
|
-
end
|
129
|
-
|
130
|
-
next if control[key].nil?
|
131
|
-
|
132
|
-
if attrib == 'Severity'
|
133
|
-
value = Utils::InspecUtil.get_impact_string(control[key])
|
134
|
-
next if value == 'none'
|
135
|
-
|
136
|
-
value = 'high' if value == 'critical'
|
137
|
-
else
|
138
|
-
value = control[key]
|
139
|
-
end
|
140
|
-
|
141
|
-
stigdata = HappyMapperTools::StigChecklist::StigData.new
|
142
|
-
stigdata.attrib = attrib
|
143
|
-
stigdata.data = value
|
144
|
-
stig_data_list.push(stigdata)
|
145
|
-
end
|
146
|
-
|
147
|
-
stigdata = HappyMapperTools::StigChecklist::StigData.new
|
148
|
-
stigdata.attrib = 'STIGRef'
|
149
|
-
stigdata.data = @title
|
150
|
-
stig_data_list.push(stigdata)
|
151
|
-
|
152
|
-
vuln.stig_data = stig_data_list
|
153
|
-
vuln.status = Utils::InspecUtil.control_status(control)
|
154
|
-
vuln.comments = "\nAutomated compliance tests brought to you by the MITRE corporation and the InSpec project.\n\nInspec Profile: #{control[:profile_name]}\nProfile shasum: #{control[:profile_shasum]}"
|
155
|
-
vuln.finding_details = Utils::InspecUtil.control_finding_details(control, vuln.status)
|
156
|
-
vuln.severity_override = ''
|
157
|
-
vuln.severity_justification = ''
|
158
|
-
|
159
|
-
vuln
|
160
|
-
end
|
161
|
-
|
162
|
-
def generate_title(title, json, date)
|
163
|
-
title ||= "Untitled - Checklist Created from Automated InSpec Results JSON; Profiles: #{json['profiles'].map { |x| x['name'] }.join(' | ')}"
|
164
|
-
title + " Checklist Date: #{date || Date.today.to_s}"
|
165
|
-
end
|
166
|
-
|
167
116
|
def generate_ckl
|
168
117
|
stigs = HappyMapperTools::StigChecklist::Stigs.new
|
169
118
|
istig = HappyMapperTools::StigChecklist::IStig.new
|
@@ -191,6 +140,27 @@ module InspecTools
|
|
191
140
|
@checklist.asset = generate_asset
|
192
141
|
end
|
193
142
|
|
143
|
+
def generate_vuln_data(control)
|
144
|
+
vuln = HappyMapperTools::StigChecklist::Vuln.new
|
145
|
+
stig_data_list = []
|
146
|
+
|
147
|
+
%w{Vuln_Num Group_Title Rule_ID Rule_Ver Rule_Title Vuln_Discuss Check_Content Fix_Text}.each do |attribute|
|
148
|
+
stig_data_list << create_stig_data_element(attribute, control)
|
149
|
+
end
|
150
|
+
stig_data_list << handle_severity(control)
|
151
|
+
stig_data_list += handle_cci_ref(control)
|
152
|
+
stig_data_list << handle_stigref
|
153
|
+
|
154
|
+
vuln.stig_data = stig_data_list.reject!(&:nil?)
|
155
|
+
vuln.status = Utils::InspecUtil.control_status(control)
|
156
|
+
vuln.comments = "\nAutomated compliance tests brought to you by the MITRE corporation and the InSpec project.\n\nInspec Profile: #{control[:profile_name]}\nProfile shasum: #{control[:profile_shasum]}"
|
157
|
+
vuln.finding_details = Utils::InspecUtil.control_finding_details(control, vuln.status)
|
158
|
+
vuln.severity_override = ''
|
159
|
+
vuln.severity_justification = ''
|
160
|
+
|
161
|
+
vuln
|
162
|
+
end
|
163
|
+
|
194
164
|
def generate_asset
|
195
165
|
asset = HappyMapperTools::StigChecklist::Asset.new
|
196
166
|
asset.role = !@metadata['role'].nil? ? @metadata['role'] : 'Workstation'
|
@@ -321,5 +291,43 @@ module InspecTools
|
|
321
291
|
end
|
322
292
|
@benchmark.group = group_array
|
323
293
|
end
|
294
|
+
|
295
|
+
def generate_title(title, json, date)
|
296
|
+
title ||= "Untitled - Checklist Created from Automated InSpec Results JSON; Profiles: #{json['profiles'].map { |x| x['name'] }.join(' | ')}"
|
297
|
+
title + " Checklist Date: #{date || Date.today.to_s}"
|
298
|
+
end
|
299
|
+
|
300
|
+
def create_stig_data_element(attribute, control)
|
301
|
+
return HappyMapperTools::StigChecklist::StigData.new(attribute, control[attribute.downcase.to_sym]) unless control[attribute.downcase.to_sym].nil?
|
302
|
+
end
|
303
|
+
|
304
|
+
def handle_severity(control)
|
305
|
+
return if control[:impact].nil?
|
306
|
+
|
307
|
+
value = Utils::InspecUtil.get_impact_string(control[:impact])
|
308
|
+
return if value == 'none'
|
309
|
+
|
310
|
+
value = 'high' if value == 'critical'
|
311
|
+
|
312
|
+
HappyMapperTools::StigChecklist::StigData.new('Severity', value)
|
313
|
+
end
|
314
|
+
|
315
|
+
def handle_cci_ref(control)
|
316
|
+
return [] if control[:cci_ref].nil?
|
317
|
+
|
318
|
+
cci_data = []
|
319
|
+
if control[:cci_ref].respond_to?(:each)
|
320
|
+
control[:cci_ref].each do |cci_number|
|
321
|
+
cci_data << HappyMapperTools::StigChecklist::StigData.new('CCI_REF', cci_number)
|
322
|
+
end
|
323
|
+
cci_data
|
324
|
+
else
|
325
|
+
cci_data << HappyMapperTools::StigChecklist::StigData.new('CCI_REF', control[:cci_ref])
|
326
|
+
end
|
327
|
+
end
|
328
|
+
|
329
|
+
def handle_stigref
|
330
|
+
HappyMapperTools::StigChecklist::StigData.new('STIGRef', @title)
|
331
|
+
end
|
324
332
|
end
|
325
333
|
end
|
@@ -35,7 +35,7 @@ module InspecPlugins
|
|
35
35
|
option :output, required: false, aliases: '-o', default: 'profile'
|
36
36
|
option :format, required: false, aliases: '-f', enum: %w{ruby hash}, default: 'ruby'
|
37
37
|
option :separate_files, required: false, type: :boolean, default: true, aliases: '-s'
|
38
|
-
option :replace_tags, required: false, aliases: '-r'
|
38
|
+
option :replace_tags, type: :array, required: false, aliases: '-r'
|
39
39
|
option :metadata, required: false, aliases: '-m'
|
40
40
|
def xccdf2inspec
|
41
41
|
xccdf = InspecTools::XCCDF.new(File.read(options[:xccdf]), options[:replace_tags])
|
@@ -145,20 +145,16 @@ module Utils
|
|
145
145
|
|
146
146
|
def self.control_status(control)
|
147
147
|
status_list = control[:status].uniq
|
148
|
-
if
|
149
|
-
|
150
|
-
elsif control[:impact].to_f.zero?
|
151
|
-
result = 'Not_Applicable'
|
148
|
+
if control[:impact].to_f.zero?
|
149
|
+
'Not_Applicable'
|
152
150
|
elsif status_list.include?('failed')
|
153
|
-
|
151
|
+
'Open'
|
154
152
|
elsif status_list.include?('passed')
|
155
|
-
|
156
|
-
elsif status_list.include?('skipped')
|
157
|
-
result = 'Not_Reviewed'
|
153
|
+
'NotAFinding'
|
158
154
|
else
|
159
|
-
|
155
|
+
# profile skipped or profile error
|
156
|
+
'Not_Reviewed'
|
160
157
|
end
|
161
|
-
result
|
162
158
|
end
|
163
159
|
|
164
160
|
def self.control_finding_details(control, control_clk_status)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.2.
|
4
|
+
version: 2.0.2.pre8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Robert Thew
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: exe
|
13
13
|
cert_chain: []
|
14
|
-
date: 2020-
|
14
|
+
date: 2020-05-01 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: colorize
|