inspec_tools 2.0.2.pre8 → 2.0.2.pre9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +25 -6
- data/README.md +1 -1
- data/lib/data/attributes.yml +7 -8
- data/lib/inspec_tools/inspec.rb +1 -1
- data/lib/inspec_tools/summary.rb +1 -1
- data/lib/utilities/inspec_util.rb +15 -5
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b75aa0b436aae36965200a1ca02ca855c07783b51b554110643eca1b8570a7ee
|
4
|
+
data.tar.gz: bba056d0df721fc0d1c3346193b62eb80c41e61d35e8a11dc1410bf017cf0433
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 00cdbaa21811eea1ba654c59f893e59d2d342cad3a0d2ed9007c1029f39e48d649c24b5a45a22eb88218604692ef37a1c3022a0a58c3bd8efe7a8f2f21d1e53f
|
7
|
+
data.tar.gz: 9d4586896d1f87031abe6a3d6c855d88357a2d16cb2af8dda7be6098d20935cd68f9c2f160b909e39d80f1143af9aa507c548c5cfed204cc6ede27477ffc0cc2
|
data/CHANGELOG.md
CHANGED
@@ -2,7 +2,29 @@
|
|
2
2
|
|
3
3
|
## [Unreleased](https://github.com/mitre/inspec_tools/tree/HEAD)
|
4
4
|
|
5
|
-
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.
|
5
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre8...HEAD)
|
6
|
+
|
7
|
+
**Implemented enhancements:**
|
8
|
+
|
9
|
+
- Ensure the output of our converters formats with a standard of 2-space [\#140](https://github.com/mitre/inspec_tools/issues/140)
|
10
|
+
- Ensure we do not create code that uses " where ' are the correct style [\#138](https://github.com/mitre/inspec_tools/issues/138)
|
11
|
+
|
12
|
+
**Fixed bugs:**
|
13
|
+
|
14
|
+
- Summary always returns 0 for profile errors [\#164](https://github.com/mitre/inspec_tools/issues/164)
|
15
|
+
- Multiple fields missing from CKL generated with inspec2ckl [\#150](https://github.com/mitre/inspec_tools/issues/150)
|
16
|
+
- update inspec2ckl to support both tag and sub-descriptions in output [\#148](https://github.com/mitre/inspec_tools/issues/148)
|
17
|
+
|
18
|
+
**Merged pull requests:**
|
19
|
+
|
20
|
+
- Apply fixes from CodeFactor [\#172](https://github.com/mitre/inspec_tools/pull/172) ([aaronlippold](https://github.com/aaronlippold))
|
21
|
+
- Add parameter to InspecUtils\#control\_status to specify when used for summary. [\#170](https://github.com/mitre/inspec_tools/pull/170) ([Bialogs](https://github.com/Bialogs))
|
22
|
+
- Generate Ruby with Single Quoted Strings [\#169](https://github.com/mitre/inspec_tools/pull/169) ([Bialogs](https://github.com/Bialogs))
|
23
|
+
- Update CKL parse method to dig into sub descriptions [\#168](https://github.com/mitre/inspec_tools/pull/168) ([Bialogs](https://github.com/Bialogs))
|
24
|
+
|
25
|
+
## [v2.0.2.pre8](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre8) (2020-04-30)
|
26
|
+
|
27
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre7...v2.0.2.pre8)
|
6
28
|
|
7
29
|
**Fixed bugs:**
|
8
30
|
|
@@ -275,6 +297,7 @@
|
|
275
297
|
**Merged pull requests:**
|
276
298
|
|
277
299
|
- Remove warnings \(\#minor\) [\#101](https://github.com/mitre/inspec_tools/pull/101) ([Bialogs](https://github.com/Bialogs))
|
300
|
+
- Update github workflows [\#99](https://github.com/mitre/inspec_tools/pull/99) ([Bialogs](https://github.com/Bialogs))
|
278
301
|
|
279
302
|
## [v1.6.21](https://github.com/mitre/inspec_tools/tree/v1.6.21) (2020-03-20)
|
280
303
|
|
@@ -300,10 +323,6 @@
|
|
300
323
|
|
301
324
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.6.18...v1.6.19)
|
302
325
|
|
303
|
-
**Merged pull requests:**
|
304
|
-
|
305
|
-
- Update github workflows [\#99](https://github.com/mitre/inspec_tools/pull/99) ([Bialogs](https://github.com/Bialogs))
|
306
|
-
|
307
326
|
## [v1.6.18](https://github.com/mitre/inspec_tools/tree/v1.6.18) (2020-03-16)
|
308
327
|
|
309
328
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.6.17...v1.6.18)
|
@@ -490,6 +509,7 @@
|
|
490
509
|
**Merged pull requests:**
|
491
510
|
|
492
511
|
- Updated rake version [\#69](https://github.com/mitre/inspec_tools/pull/69) ([robthew](https://github.com/robthew))
|
512
|
+
- Add in 'inspec' and 'fileutils' require statements [\#65](https://github.com/mitre/inspec_tools/pull/65) ([samcornwell](https://github.com/samcornwell))
|
493
513
|
|
494
514
|
## [v1.4.1](https://github.com/mitre/inspec_tools/tree/v1.4.1) (2019-06-20)
|
495
515
|
|
@@ -501,7 +521,6 @@
|
|
501
521
|
|
502
522
|
**Merged pull requests:**
|
503
523
|
|
504
|
-
- Add in 'inspec' and 'fileutils' require statements [\#65](https://github.com/mitre/inspec_tools/pull/65) ([samcornwell](https://github.com/samcornwell))
|
505
524
|
- Apply fixes from CodeFactor [\#61](https://github.com/mitre/inspec_tools/pull/61) ([aaronlippold](https://github.com/aaronlippold))
|
506
525
|
|
507
526
|
## [v1.3.6](https://github.com/mitre/inspec_tools/tree/v1.3.6) (2019-05-02)
|
data/README.md
CHANGED
@@ -143,7 +143,7 @@ USAGE: inspec_tools summary [OPTIONS] -j <inspec-json> -o <summary-csv>
|
|
143
143
|
FLAGS:
|
144
144
|
-j --inspec-json <inspec-json> : path to InSpec results JSON
|
145
145
|
-o --output <output-json> : path to summary JSON
|
146
|
-
-c --cli, --no-cli : print summary to STDOUT
|
146
|
+
-c --cli, --no-cli : print formatted summary to STDOUT
|
147
147
|
-V --verbose, --no-verbose : print verbose an debug output
|
148
148
|
-f --json-full, --no-json-full : print the summary STDOUT as JSON
|
149
149
|
-k --json-counts, --no-json_cou : print the reslut status to STDOUT as JSON
|
data/lib/data/attributes.yml
CHANGED
@@ -1,24 +1,23 @@
|
|
1
1
|
---
|
2
2
|
benchmark.title: PostgreSQL 9.x Security Technical Implementation Guide
|
3
3
|
benchmark.id: PostgreSQL_9-x_STIG
|
4
|
-
benchmark.description:
|
5
|
-
"This Security Technical Implementation Guide is published
|
4
|
+
benchmark.description: 'This Security Technical Implementation Guide is published
|
6
5
|
as a tool to improve the security of Department of Defense (DoD) information systems.
|
7
6
|
The requirements are derived from the National Institute of Standards and Technology
|
8
7
|
(NIST) 800-53 and related documents. Comments or proposed revisions to this document
|
9
|
-
should be sent via email to the following address: disa.stig_spt@mail.mil.
|
10
|
-
benchmark.version:
|
8
|
+
should be sent via email to the following address: disa.stig_spt@mail.mil.'
|
9
|
+
benchmark.version: '1'
|
11
10
|
benchmark.status: accepted
|
12
|
-
benchmark.status.date:
|
11
|
+
benchmark.status.date: '2017-01-20'
|
13
12
|
benchmark.notice.id: terms-of-use
|
14
|
-
benchmark.plaintext:
|
13
|
+
benchmark.plaintext: 'Release: 1 Benchmark Date: 20 Jan 2017'
|
15
14
|
benchmark.plaintext.id: release-info
|
16
|
-
reference.href:
|
15
|
+
reference.href: http://iase.disa.mil
|
17
16
|
reference.dc.publisher: DISA
|
18
17
|
reference.dc.source: STIG.DOD.MIL
|
19
18
|
reference.dc.title: DPMS Target PostgreSQL 9.x
|
20
19
|
reference.dc.subject: PostgreSQL 9.x
|
21
20
|
reference.dc.type: DPMS Target
|
22
|
-
reference.dc.identifier:
|
21
|
+
reference.dc.identifier: '3087'
|
23
22
|
content_ref.name: M
|
24
23
|
content_ref.href: DPMS_XCCDF_Benchmark_PostgreSQL_9-x_STIG.xml
|
data/lib/inspec_tools/inspec.rb
CHANGED
@@ -151,7 +151,7 @@ module InspecTools
|
|
151
151
|
stig_data_list += handle_cci_ref(control)
|
152
152
|
stig_data_list << handle_stigref
|
153
153
|
|
154
|
-
vuln.stig_data = stig_data_list.reject
|
154
|
+
vuln.stig_data = stig_data_list.reject(&:nil?)
|
155
155
|
vuln.status = Utils::InspecUtil.control_status(control)
|
156
156
|
vuln.comments = "\nAutomated compliance tests brought to you by the MITRE corporation and the InSpec project.\n\nInspec Profile: #{control[:profile_name]}\nProfile shasum: #{control[:profile_shasum]}"
|
157
157
|
vuln.finding_details = Utils::InspecUtil.control_finding_details(control, vuln.status)
|
data/lib/inspec_tools/summary.rb
CHANGED
@@ -26,7 +26,7 @@ module InspecTools
|
|
26
26
|
@summary = {}
|
27
27
|
@data.keys.each do |control_id|
|
28
28
|
current_control = @data[control_id]
|
29
|
-
current_control[:compliance_status] = Utils::InspecUtil.control_status(current_control)
|
29
|
+
current_control[:compliance_status] = Utils::InspecUtil.control_status(current_control, true)
|
30
30
|
current_control[:finding_details] = Utils::InspecUtil.control_finding_details(current_control, current_control[:compliance_status])
|
31
31
|
end
|
32
32
|
compute_summary
|
@@ -88,9 +88,11 @@ module Utils
|
|
88
88
|
profile['controls'].each do |control|
|
89
89
|
c_id = control['id'].to_sym
|
90
90
|
data[c_id] = {}
|
91
|
+
|
91
92
|
data[c_id][:vuln_num] = control['id'] unless control['id'].nil?
|
92
93
|
data[c_id][:rule_title] = control['title'] unless control['title'].nil?
|
93
94
|
data[c_id][:vuln_discuss] = control['desc'] unless control['desc'].nil?
|
95
|
+
|
94
96
|
unless control['tags'].nil?
|
95
97
|
data[c_id][:severity] = control['tags']['severity'] unless control['tags']['severity'].nil?
|
96
98
|
data[c_id][:gid] = control['tags']['gid'] unless control['tags']['gid'].nil?
|
@@ -99,15 +101,20 @@ module Utils
|
|
99
101
|
data[c_id][:rule_ver] = control['tags']['stig_id'] unless control['tags']['stig_id'].nil?
|
100
102
|
data[c_id][:cci_ref] = control['tags']['cci'] unless control['tags']['cci'].nil?
|
101
103
|
data[c_id][:nist] = control['tags']['nist'].join(' ') unless control['tags']['nist'].nil?
|
102
|
-
data[c_id][:check_content] = control['tags']['check'] unless control['tags']['check'].nil?
|
103
|
-
data[c_id][:fix_text] = control['tags']['fix'] unless control['tags']['fix'].nil?
|
104
104
|
end
|
105
|
+
|
106
|
+
if control['descriptions'].respond_to?(:find)
|
107
|
+
data[c_id][:check_content] = control['descriptions'].find { |c| c['label'] == 'fix' }&.dig('data')
|
108
|
+
data[c_id][:fix_text] = control['descriptions'].find { |c| c['label'] == 'check' }&.dig('data')
|
109
|
+
end
|
110
|
+
|
105
111
|
data[c_id][:impact] = control['impact'].to_s unless control['impact'].nil?
|
106
112
|
data[c_id][:profile_name] = profile['name'].to_s unless profile['name'].nil?
|
107
113
|
data[c_id][:profile_shasum] = profile['sha256'].to_s unless profile['sha256'].nil?
|
108
114
|
|
109
115
|
data[c_id][:status] = []
|
110
116
|
data[c_id][:message] = []
|
117
|
+
|
111
118
|
if control.key?('results')
|
112
119
|
control['results'].each do |result|
|
113
120
|
if !result['backtrace'].nil?
|
@@ -120,6 +127,7 @@ module Utils
|
|
120
127
|
data[c_id][:message].push("PROFILE_ERROR -- Test: #{result['code_desc']}\nMessage: #{result['backtrace']}\n") if result['status'] == 'error'
|
121
128
|
end
|
122
129
|
end
|
130
|
+
|
123
131
|
if data[c_id][:impact].to_f.zero?
|
124
132
|
data[c_id][:message].unshift("NOT_APPLICABLE -- Description: #{control['desc']}\n\n")
|
125
133
|
end
|
@@ -143,7 +151,7 @@ module Utils
|
|
143
151
|
end
|
144
152
|
end
|
145
153
|
|
146
|
-
def self.control_status(control)
|
154
|
+
def self.control_status(control, for_summary = false)
|
147
155
|
status_list = control[:status].uniq
|
148
156
|
if control[:impact].to_f.zero?
|
149
157
|
'Not_Applicable'
|
@@ -151,6 +159,8 @@ module Utils
|
|
151
159
|
'Open'
|
152
160
|
elsif status_list.include?('passed')
|
153
161
|
'NotAFinding'
|
162
|
+
elsif status_list.include?('error') && for_summary
|
163
|
+
'Profile_Error'
|
154
164
|
else
|
155
165
|
# profile skipped or profile error
|
156
166
|
'Not_Reviewed'
|
@@ -374,7 +384,7 @@ module Utils
|
|
374
384
|
file_name = control.id.to_s
|
375
385
|
myfile = File.new("#{directory}/controls/#{file_name}.rb", 'w')
|
376
386
|
myfile.puts "# encoding: UTF-8\n\n"
|
377
|
-
myfile.puts wrap(control.to_ruby, WIDTH) + "\n"
|
387
|
+
myfile.puts wrap(control.to_ruby.gsub('"', "\'"), WIDTH) + "\n"
|
378
388
|
myfile.close
|
379
389
|
end
|
380
390
|
else
|
@@ -390,7 +400,7 @@ module Utils
|
|
390
400
|
if output_format == 'ruby'
|
391
401
|
controls.each do |control|
|
392
402
|
myfile.puts "# encoding: UTF-8\n\n"
|
393
|
-
myfile.puts wrap(control.to_ruby, WIDTH) + "\n"
|
403
|
+
myfile.puts wrap(control.to_ruby.gsub('"', "\'"), WIDTH) + "\n"
|
394
404
|
end
|
395
405
|
else
|
396
406
|
controls.each do |control|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.2.
|
4
|
+
version: 2.0.2.pre9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Robert Thew
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: exe
|
13
13
|
cert_chain: []
|
14
|
-
date: 2020-05-
|
14
|
+
date: 2020-05-04 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: colorize
|