inspec_tools 2.0.2.pre8 → 2.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4c0c4c149888d3a7b8c1c4455e4110ca665cac3ed59544120a2cc0447a031544
-  data.tar.gz: dac8d2543995b1aaceb383b1a9239c1280cfd74b2effb99796f558a0e9ef2812
+  metadata.gz: d99887f62c18c23143d73ceb049277beaf493a765dc1df5beec9fee9b9bb7dca
+  data.tar.gz: c2613ab9b76c9dae510ba8c57a27664989161cc8dd0cfec099f1365a9743030f
 SHA512:
-  metadata.gz: 020fd1249cbe919996fbc7037cb6d5d55bad2a99ee6f8eed7044afc3452804cc264940c471c110b003b59e24c31039c194e6553b7114c9be2b353d41682a01f8
-  data.tar.gz: 44911ab26c33046670a35a2a5919afb0c4a1b8de38838dd04dfc65720df9020018f566cfb1e027fe014209b72d18cd2800aa3d6fc2cfd9af84758bae39bbc73f
+  metadata.gz: e8f1fd2c3b491e7c3ef65c76c250e16e6e00cbb03ae0d3ed8c6c23bc8598ba31f8315bd72e6bcfb76b22c4a054f881852de0f290789c6d5bab304afc616003f4
+  data.tar.gz: ad843429c15e5e10c655860a6178b20d088decbd4f6bc92817183635b45c7478be16b30baf6883d3e1565f47c0926226e117482351137811829c9e147de4be3e

data/CHANGELOG.md

@@ -2,7 +2,96 @@
 
 ## [Unreleased](https://github.com/mitre/inspec_tools/tree/HEAD)
 
-[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre7...HEAD)
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre13...HEAD)
+
+**Implemented enhancements:**
+
+- Round compliance score down [\#146](https://github.com/mitre/inspec_tools/issues/146)
+
+**Fixed bugs:**
+
+- inspec\_tools docker images is not actually showing results to cli [\#183](https://github.com/mitre/inspec_tools/issues/183)
+
+**Closed issues:**
+
+- inspec\_tools docker container doesn't let me go into a bash shell [\#184](https://github.com/mitre/inspec_tools/issues/184)
+- Add a Dockerfile so folks can eaily add this into their ci/cd container workflows [\#162](https://github.com/mitre/inspec_tools/issues/162)
+
+**Merged pull requests:**
+
+- Every usage of Bucket and Tally uses it as a symbol, making it a symbol as part of its declaration [\#187](https://github.com/mitre/inspec_tools/pull/187) ([rbclark](https://github.com/rbclark))
+- Summary output [\#186](https://github.com/mitre/inspec_tools/pull/186) ([jsa5593](https://github.com/jsa5593))
+- Compliance score is rounded down and the README is updated [\#185](https://github.com/mitre/inspec_tools/pull/185) ([jsa5593](https://github.com/jsa5593))
+
+## [v2.0.2.pre13](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre13) (2020-05-22)
+
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre12...v2.0.2.pre13)
+
+**Implemented enhancements:**
+
+- Ruby to docker [\#181](https://github.com/mitre/inspec_tools/pull/181) ([jsa5593](https://github.com/jsa5593))
+
+**Fixed bugs:**
+
+- All Impacts Parsed from PDF are Medium [\#173](https://github.com/mitre/inspec_tools/issues/173)
+
+**Merged pull requests:**
+
+- Git version bump version 0.17.2 is broken due to a faulty regex. [\#182](https://github.com/mitre/inspec_tools/pull/182) ([rbclark](https://github.com/rbclark))
+
+## [v2.0.2.pre12](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre12) (2020-05-07)
+
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre11...v2.0.2.pre12)
+
+**Merged pull requests:**
+
+- Require a newer version of git-lite-version-bump for Windows support [\#178](https://github.com/mitre/inspec_tools/pull/178) ([rbclark](https://github.com/rbclark))
+
+## [v2.0.2.pre11](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre11) (2020-05-07)
+
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre10...v2.0.2.pre11)
+
+**Merged pull requests:**
+
+- git-lite-version-bump 0.17.0 is not compatible with Windows [\#176](https://github.com/mitre/inspec_tools/pull/176) ([rbclark](https://github.com/rbclark))
+
+## [v2.0.2.pre10](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre10) (2020-05-06)
+
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre9...v2.0.2.pre10)
+
+**Implemented enhancements:**
+
+- Standardize Severity Tag on CVSS 3.0 Terms [\#107](https://github.com/mitre/inspec_tools/issues/107)
+
+**Merged pull requests:**
+
+- Standardize Output of Severity and Impact to CVSS v3.0 terms [\#174](https://github.com/mitre/inspec_tools/pull/174) ([Bialogs](https://github.com/Bialogs))
+
+## [v2.0.2.pre9](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre9) (2020-05-04)
+
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre8...v2.0.2.pre9)
+
+**Implemented enhancements:**
+
+- Ensure the output of our converters formats with a standard of 2-space  [\#140](https://github.com/mitre/inspec_tools/issues/140)
+- Ensure we do not create code that uses " where ' are the correct style [\#138](https://github.com/mitre/inspec_tools/issues/138)
+
+**Fixed bugs:**
+
+- Summary always returns 0 for profile errors [\#164](https://github.com/mitre/inspec_tools/issues/164)
+- Multiple fields missing from CKL generated with inspec2ckl [\#150](https://github.com/mitre/inspec_tools/issues/150)
+- update inspec2ckl to support both tag and sub-descriptions in output [\#148](https://github.com/mitre/inspec_tools/issues/148)
+
+**Merged pull requests:**
+
+- Apply fixes from CodeFactor [\#172](https://github.com/mitre/inspec_tools/pull/172) ([aaronlippold](https://github.com/aaronlippold))
+- Add parameter to InspecUtils\#control\_status to specify when used for summary. [\#170](https://github.com/mitre/inspec_tools/pull/170) ([Bialogs](https://github.com/Bialogs))
+- Generate Ruby with Single Quoted Strings [\#169](https://github.com/mitre/inspec_tools/pull/169) ([Bialogs](https://github.com/Bialogs))
+- Update CKL parse method to dig into sub descriptions [\#168](https://github.com/mitre/inspec_tools/pull/168) ([Bialogs](https://github.com/Bialogs))
+
+## [v2.0.2.pre8](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre8) (2020-04-30)
+
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre7...v2.0.2.pre8)
 
 **Fixed bugs:**
 
@@ -456,6 +545,7 @@
 
 - Update Profile logic include control exceptions [\#75](https://github.com/mitre/inspec_tools/pull/75) ([rx294](https://github.com/rx294))
 - Null Byte in json report causes inspec2ckl to bomb-out [\#73](https://github.com/mitre/inspec_tools/pull/73) ([kevin-j-smith](https://github.com/kevin-j-smith))
+- Add in 'inspec' and 'fileutils' require statements [\#65](https://github.com/mitre/inspec_tools/pull/65) ([samcornwell](https://github.com/samcornwell))
 
 ## [v1.6.0](https://github.com/mitre/inspec_tools/tree/v1.6.0) (2019-10-04)
 
@@ -501,7 +591,6 @@
 
 **Merged pull requests:**
 
-- Add in 'inspec' and 'fileutils' require statements [\#65](https://github.com/mitre/inspec_tools/pull/65) ([samcornwell](https://github.com/samcornwell))
 - Apply fixes from CodeFactor [\#61](https://github.com/mitre/inspec_tools/pull/61) ([aaronlippold](https://github.com/aaronlippold))
 
 ## [v1.3.6](https://github.com/mitre/inspec_tools/tree/v1.3.6) (2019-05-02)

data/README.md

@@ -61,6 +61,13 @@ xccdf_results = tool.to_xccdf(attribs_json)
 On the Command Line, `inspec_tools help` will print a listing of all the command with a short description.
 For detailed help on any command, run `inspec_tools help [COMMAND]`. Help can also be called with the `-h, --help` flags after any command, like `inspec_tools xccdf2inspec -h`.
 
+For Docker usage, replace the `inspec_tools` command with the correct Docker command below for your operating system:
+
+ - **On Linux and Mac**: `docker run -it -v$(pwd):/share mitre/inspec_tools`
+ - **On Windows CMD**: `docker run -it -v%cd%:/share mitre/inspec_tools`
+ 
+Note that all of the above Docker commands will mount your current directory on the Docker container. Ensure that you have navigated to the directory you intend to convert files in before executing the command.
+
 ### generate_map
 
 This command will generate a `mapping.xml` file that can be passed in to the `csv2inspec` command with the `--m` option.
@@ -91,6 +98,8 @@ USAGE: inspec_tools generate_inspec_metadata
 
 If the specified threshold is not met, an error code (1) is returned along with non-compliant elements.
 
+The compliance score are rounded down to the nearest whole number. For example a score of 77.3 would be displayed as 77.
+
 ```
 USAGE:  inspec_tools compliance [OPTIONS] -j <inspec-json> -i <threshold-inline>
 	inspec_tools compliance [OPTIONS] -j <inspec-json> -f <threshold-file>
@@ -135,22 +144,57 @@ failed.high.max: 1
 
 ## summary
 
-`summary` parses an inspec results json to create a summary json
+`summary` parses an inspec results json and displays the information from all of the tests that were run. Running the command with flags but `-j` it will display information like:
+
+```
+Overall compliance: 77%
+
+failed
+	total : 41
+	critical : 0
+	high : 3
+	medium : 33
+	low : 5
+passed
+	total : 174
+	critical : 0
+	high : 21
+	medium : 147
+	low : 6
+no_impact
+	total : 21
+	critical : 0
+	high : 0
+	medium : 0
+	low : 0
+skipped
+	total : 10
+	critical : 0
+	high : 2
+	medium : 5
+	low : 3
+error
+	total : 0
+	critical : 0
+	high : 0
+	medium : 0
+	low : 0
+```
+
+Using additional flags will override the normal output and only display the output that flag specifies. 
+
+USAGE: inspec_tools summary [OPTIONS] -j <inspec-json> 
 
 ```
-USAGE: inspec_tools summary [OPTIONS] -j <inspec-json> -o <summary-csv>
-
 FLAGS:
-	-j --inspec-json <inspec-json>   : path to InSpec results JSON
-	-o --output <output-json> 		   : path to summary JSON
-  -c --cli, --no-cli               : print summary to STDOUT
+  -j --inspec-json <inspec-json>   : path to InSpec results JSON
   -V --verbose, --no-verbose       : print verbose an debug output
   -f --json-full, --no-json-full   : print the summary STDOUT as JSON
   -k --json-counts, --no-json_cou  : print the reslut status to STDOUT as JSON
 
 Examples:
 
-  inspec_tools summary -j examples/sample_json/rhel-simp.json -f -o summary.json -c
+  inspec_tools summary -j examples/sample_json/rhel-simp.json -f
 ```
 
 ## xccdf2inspec

data/lib/data/attributes.yml

@@ -1,24 +1,23 @@
 ---
 benchmark.title: PostgreSQL 9.x Security Technical Implementation Guide
 benchmark.id: PostgreSQL_9-x_STIG
-benchmark.description:
-  "This Security Technical Implementation Guide is published
+benchmark.description: 'This Security Technical Implementation Guide is published
   as a tool to improve the security of Department of Defense (DoD) information systems.
   The requirements are derived from the National Institute of Standards and Technology
   (NIST) 800-53 and related documents. Comments or proposed revisions to this document
-  should be sent via email to the following address: disa.stig_spt@mail.mil."
-benchmark.version: "1"
+  should be sent via email to the following address: disa.stig_spt@mail.mil.'
+benchmark.version: '1'
 benchmark.status: accepted
-benchmark.status.date: "2017-01-20"
+benchmark.status.date: '2017-01-20'
 benchmark.notice.id: terms-of-use
-benchmark.plaintext: "Release: 1 Benchmark Date: 20 Jan 2017"
+benchmark.plaintext: 'Release: 1 Benchmark Date: 20 Jan 2017'
 benchmark.plaintext.id: release-info
-reference.href: https://public.cyber.mil/
+reference.href: http://iase.disa.mil
 reference.dc.publisher: DISA
 reference.dc.source: STIG.DOD.MIL
 reference.dc.title: DPMS Target PostgreSQL 9.x
 reference.dc.subject: PostgreSQL 9.x
 reference.dc.type: DPMS Target
-reference.dc.identifier: "3087"
+reference.dc.identifier: '3087'
 content_ref.name: M
 content_ref.href: DPMS_XCCDF_Benchmark_PostgreSQL_9-x_STIG.xml

data/lib/inspec_tools/csv.rb

@@ -90,7 +90,10 @@ module InspecTools
         @mapping['control.tags'].each do |tag|
           control['tags'][tag.first.to_s] = row[tag.last] unless row[tag.last].nil?
         end
-        control['impact'] = Utils::InspecUtil.get_impact(row[@mapping['control.tags']['severity']]) unless @mapping['control.tags']['severity'].nil? || row[@mapping['control.tags']['severity']].nil?
+        unless @mapping['control.tags']['severity'].nil? || row[@mapping['control.tags']['severity']].nil?
+          control['impact'] = Utils::InspecUtil.get_impact(row[@mapping['control.tags']['severity']])
+          control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
+        end
         @controls << control
       end
     end

data/lib/inspec_tools/inspec.rb

@@ -151,7 +151,7 @@ module InspecTools
       stig_data_list += handle_cci_ref(control)
       stig_data_list << handle_stigref
 
-      vuln.stig_data = stig_data_list.reject!(&:nil?)
+      vuln.stig_data = stig_data_list.reject(&:nil?)
       vuln.status = Utils::InspecUtil.control_status(control)
       vuln.comments = "\nAutomated compliance tests brought to you by the MITRE corporation and the InSpec project.\n\nInspec Profile: #{control[:profile_name]}\nProfile shasum: #{control[:profile_shasum]}"
       vuln.finding_details = Utils::InspecUtil.control_finding_details(control, vuln.status)
@@ -304,11 +304,9 @@ module InspecTools
     def handle_severity(control)
       return if control[:impact].nil?
 
-      value = Utils::InspecUtil.get_impact_string(control[:impact])
+      value = Utils::InspecUtil.get_impact_string(control[:impact], use_cvss_terms: false)
       return if value == 'none'
 
-      value = 'high' if value == 'critical'
-
       HappyMapperTools::StigChecklist::StigData.new('Severity', value)
     end
 

data/lib/inspec_tools/pdf.rb

@@ -65,6 +65,7 @@ module InspecTools
         control['desc'] = contr[:descr]
         control['impact'] = Utils::InspecUtil.get_impact('medium')
         control['tags'] = {}
+        control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
         control['tags']['ref'] = contr[:ref] unless contr[:ref].nil?
         control['tags']['applicability'] = contr[:applicability] unless contr[:applicability].nil?
         control['tags']['cis_id'] = contr[:title].split(' ')[0] unless contr[:title].nil?

data/lib/inspec_tools/plugin_cli.rb

@@ -200,8 +200,6 @@ module InspecPlugins
       desc 'summary', 'summary parses an inspec results json to create a summary json'
       long_desc InspecTools::Help.text(:summary)
       option :inspec_json, required: true, aliases: '-j'
-      option :output, required: false, aliases: '-o'
-      option :cli, type: :boolean, required: false, aliases: '-c'
       option :verbose, type: :boolean, aliases: '-V'
       option :json_full, type: :boolean, required: false, aliases: '-f'
       option :json_counts, type: :boolean, required: false, aliases: '-k'
@@ -209,7 +207,7 @@ module InspecPlugins
       def summary
         summary = InspecTools::Summary.new(File.read(options[:inspec_json])).to_summary
 
-        if options[:cli]
+        unless options.include?('json_full') || options.include?('json_counts')
           puts "\nOverall compliance: #{summary[:compliance]}%\n\n"
           summary[:status].keys.each do |category|
             puts category
@@ -220,7 +218,6 @@ module InspecPlugins
         end
 
         json_summary = summary.to_json
-        File.write(options[:output], json_summary) if options[:output]
         puts json_summary if options[:json_full]
         puts summary[:status].to_json if options[:json_counts]
       end

data/lib/inspec_tools/summary.rb

@@ -10,8 +10,8 @@ HIGH = 0.7
 MEDIUM = 0.5
 LOW = 0.3
 
-BUCKETS = %w{failed passed no_impact skipped error}.freeze
-TALLYS = %w{total critical high medium low}.freeze
+BUCKETS = %i(failed passed no_impact skipped error).freeze
+TALLYS = %i(total critical high medium low).freeze
 
 THRESHOLD_TEMPLATE = File.expand_path('../data/threshold.yaml', File.dirname(__FILE__))
 
@@ -26,7 +26,7 @@ module InspecTools
       @summary = {}
       @data.keys.each do |control_id|
         current_control = @data[control_id]
-        current_control[:compliance_status] = Utils::InspecUtil.control_status(current_control)
+        current_control[:compliance_status] = Utils::InspecUtil.control_status(current_control, true)
         current_control[:finding_details] = Utils::InspecUtil.control_finding_details(current_control, current_control[:compliance_status])
       end
       compute_summary
@@ -83,7 +83,7 @@ module InspecTools
         (@summary[:status][:passed][:total]+
          @summary[:status][:failed][:total]+
          @summary[:status][:skipped][:total]+
-         @summary[:status][:error][:total])).round(1)
+         @summary[:status][:error][:total])).floor
     end
 
     def threshold_compliance
@@ -104,13 +104,13 @@ module InspecTools
         TALLYS.each do |tally|
           max = @threshold["#{bucket}.#{tally}.max"]
           min = @threshold["#{bucket}.#{tally}.min"]
-          if max != -1 and status[bucket.to_sym][tally.to_sym] > max
+          if max != -1 and status[bucket][tally] > max
             compliance = false
-            failure << "Expected #{bucket}.#{tally}.max:#{max} got:#{status[bucket.to_sym][tally.to_sym]}"
+            failure << "Expected #{bucket}.#{tally}.max:#{max} got:#{status[bucket][tally]}"
           end
-          if min != -1 and status[bucket.to_sym][tally.to_sym] < min
+          if min != -1 and status[bucket][tally] < min
             compliance = false
-            failure << "Expected #{bucket}.#{tally}.min:#{min} got:#{status[bucket.to_sym][tally.to_sym]}"
+            failure << "Expected #{bucket}.#{tally}.min:#{min} got:#{status[bucket][tally]}"
           end
         end
       end

data/lib/inspec_tools/xccdf.rb

@@ -126,6 +126,7 @@ module InspecTools
         control['desc'] = group.rule.description.vuln_discussion.split('Satisfies: ')[0]
         control['impact'] = Utils::InspecUtil.get_impact(group.rule.severity)
         control['tags'] = {}
+        control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
         control['tags']['gtitle'] = group.title
         control['tags']['satisfies'] = group.rule.description.vuln_discussion.split('Satisfies: ')[1].split(',').map(&:strip) if group.rule.description.vuln_discussion.split('Satisfies: ').length > 1
         control['tags']['gid'] = group.id

data/lib/utilities/inspec_util.rb

@@ -16,7 +16,6 @@ require 'overrides/string'
 # rubocop:disable Metrics/AbcSize
 # rubocop:disable Metrics/PerceivedComplexity
 # rubocop:disable Metrics/CyclomaticComplexity
-# rubocop:disable Metrics/BlockLength
 # rubocop:disable Metrics/MethodLength
 
 module Utils
@@ -46,7 +45,7 @@ module Utils
       end
       c_data = {}
 
-      controls.each do |control| # rubocop:disable Metrics/BlockLength
+      controls.each do |control|
         c_id = control['id'].to_sym
         c_data[c_id] = {}
         c_data[c_id]['id']             = control['id']    || DATA_NOT_FOUND_MESSAGE
@@ -88,9 +87,11 @@ module Utils
         profile['controls'].each do |control|
           c_id = control['id'].to_sym
           data[c_id] = {}
+
           data[c_id][:vuln_num]       = control['id'] unless control['id'].nil?
           data[c_id][:rule_title]     = control['title'] unless control['title'].nil?
           data[c_id][:vuln_discuss]   = control['desc'] unless control['desc'].nil?
+
           unless control['tags'].nil?
             data[c_id][:severity]       = control['tags']['severity'] unless control['tags']['severity'].nil?
             data[c_id][:gid]            = control['tags']['gid'] unless control['tags']['gid'].nil?
@@ -99,15 +100,20 @@ module Utils
             data[c_id][:rule_ver]       = control['tags']['stig_id'] unless control['tags']['stig_id'].nil?
             data[c_id][:cci_ref]        = control['tags']['cci'] unless control['tags']['cci'].nil?
             data[c_id][:nist]           = control['tags']['nist'].join(' ') unless control['tags']['nist'].nil?
-            data[c_id][:check_content]  = control['tags']['check'] unless control['tags']['check'].nil?
-            data[c_id][:fix_text]       = control['tags']['fix'] unless control['tags']['fix'].nil?
           end
+
+          if control['descriptions'].respond_to?(:find)
+            data[c_id][:check_content]  = control['descriptions'].find { |c| c['label'] == 'fix' }&.dig('data')
+            data[c_id][:fix_text]       = control['descriptions'].find { |c| c['label'] == 'check' }&.dig('data')
+          end
+
           data[c_id][:impact]         = control['impact'].to_s unless control['impact'].nil?
           data[c_id][:profile_name]   = profile['name'].to_s unless profile['name'].nil?
           data[c_id][:profile_shasum] = profile['sha256'].to_s unless profile['sha256'].nil?
 
           data[c_id][:status] = []
           data[c_id][:message] = []
+
           if control.key?('results')
             control['results'].each do |result|
               if !result['backtrace'].nil?
@@ -120,6 +126,7 @@ module Utils
               data[c_id][:message].push("PROFILE_ERROR -- Test: #{result['code_desc']}\nMessage: #{result['backtrace']}\n") if result['status'] == 'error'
             end
           end
+
           if data[c_id][:impact].to_f.zero?
             data[c_id][:message].unshift("NOT_APPLICABLE -- Description: #{control['desc']}\n\n")
           end
@@ -143,7 +150,7 @@ module Utils
       end
     end
 
-    def self.control_status(control)
+    def self.control_status(control, for_summary = false)
       status_list = control[:status].uniq
       if control[:impact].to_f.zero?
         'Not_Applicable'
@@ -151,6 +158,8 @@ module Utils
         'Open'
       elsif status_list.include?('passed')
         'NotAFinding'
+      elsif status_list.include?('error') && for_summary
+        'Profile_Error'
       else
         # profile skipped or profile error
         'Not_Reviewed'
@@ -182,18 +191,20 @@ module Utils
     # @todo Allow for the user to pass in a hash for the desired mapping of text
     # values to numbers or to override our hard coded values.
     #
-    def self.get_impact(severity)
-      return float_to_impact(severity) if severity.is_a?(Float)
+    def self.get_impact(severity, use_cvss_terms: true)
+      return float_to_impact(severity, use_cvss_terms) if severity.is_a?(Float)
 
-      return string_to_impact(severity) if severity.is_a?(String)
+      return string_to_impact(severity, use_cvss_terms) if severity.is_a?(String)
 
       raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
                                 '1.0 or one of the approved keywords.'
     end
 
-    private_class_method def self.float_to_impact(severity)
-      raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
-                                  '1.0 or one of the approved keywords.' unless severity.between?(0, 1)
+    private_class_method def self.float_to_impact(severity, use_cvss_terms)
+      unless severity.between?(0, 1)
+        raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
+                                  '1.0 or one of the approved keywords.'
+      end
 
       if severity <= 0.01
         0.0 # Informative
@@ -201,31 +212,33 @@ module Utils
         0.3 # Low Impact
       elsif severity < 0.7
         0.5 # Medium Impact
-      elsif severity < 0.9
+      elsif severity < 0.9 || use_cvss_terms
         0.7 # High Impact
       else
         1.0 # Critical Controls
       end
     end
 
-    private_class_method def self.string_to_impact(severity)
+    private_class_method def self.string_to_impact(severity, use_cvss_terms)
       if /none|na|n\/a|not[_|(\s*)]?applicable/i.match?(severity)
-        0.0 # Informative
+        impact = 0.0 # Informative
       elsif /low|cat(egory)?\s*(iii|3)/i.match?(severity)
-        0.3 # Low Impact
+        impact = 0.3 # Low Impact
       elsif /med(ium)?|cat(egory)?\s*(ii|2)/i.match?(severity)
-        0.5 # Medium Impact
+        impact = 0.5 # Medium Impact
       elsif /high|cat(egory)?\s*(i|1)/i.match?(severity)
-        0.7 # High Impact
+        impact = 0.7 # High Impact
       elsif /crit(ical)?|severe/i.match?(severity)
-        1.0 # Critical Controls
+        impact = 1.0 # Critical Controls
       else
         raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
                                   '1.0 or one of the approved keywords.'
       end
+
+      impact == 1.0 && use_cvss_terms ? 0.7 : impact
     end
 
-    def self.get_impact_string(impact)
+    def self.get_impact_string(impact, use_cvss_terms: true)
       return if impact.nil?
 
       value = impact.to_f
@@ -233,8 +246,14 @@ module Utils
         raise ImpactInputError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]."
       end
 
-      IMPACT_SCORES.reverse_each do |name, impact|
-        return name if value >= impact
+      IMPACT_SCORES.reverse_each do |name, impact_score|
+        if name == 'critical' && value >= impact_score && use_cvss_terms
+          return 'high'
+        elsif value >= impact_score
+          return name
+        else
+          next
+        end
       end
     end
 
@@ -374,7 +393,7 @@ module Utils
             file_name = control.id.to_s
             myfile = File.new("#{directory}/controls/#{file_name}.rb", 'w')
             myfile.puts "# encoding: UTF-8\n\n"
-            myfile.puts wrap(control.to_ruby, WIDTH) + "\n"
+            myfile.puts wrap(control.to_ruby.gsub('"', "\'"), WIDTH) + "\n"
             myfile.close
           end
         else
@@ -390,7 +409,7 @@ module Utils
         if output_format == 'ruby'
           controls.each do |control|
             myfile.puts "# encoding: UTF-8\n\n"
-            myfile.puts wrap(control.to_ruby, WIDTH) + "\n"
+            myfile.puts wrap(control.to_ruby.gsub('"', "\'"), WIDTH) + "\n"
           end
         else
           controls.each do |control|
@@ -408,3 +427,9 @@ module Utils
     end
   end
 end
+
+# rubocop:enable Metrics/ClassLength
+# rubocop:enable Metrics/AbcSize
+# rubocop:enable Metrics/PerceivedComplexity
+# rubocop:enable Metrics/CyclomaticComplexity
+# rubocop:enable Metrics/MethodLength

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: inspec_tools
 version: !ruby/object:Gem::Version
-  version: 2.0.2.pre8
+  version: 2.0.3
 platform: ruby
 authors:
 - Robert Thew
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-01 00:00:00.000000000 Z
+date: 2020-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -151,14 +151,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: 0.17.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: 0.17.3
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -348,9 +348,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.1.2
 signing_key: