inspec_tools 2.0.2.pre9 → 2.0.2.pre10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -6
- data/lib/inspec_tools/csv.rb +4 -1
- data/lib/inspec_tools/inspec.rb +1 -3
- data/lib/inspec_tools/pdf.rb +1 -0
- data/lib/inspec_tools/xccdf.rb +1 -0
- data/lib/utilities/inspec_util.rb +33 -18
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3cf626f1d93b888c79af9021e808299cb08144fa9d89be83e8243223797df79b
|
|
4
|
+
data.tar.gz: 5b9b69478c7a11a02366b7fa0a8eeba4abb320e1a5e1338b73923b401bc38b33
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 351a6fd25c64e1564a82034f6998cd1a5f5b06b3b915128d0d4d01e65ac7e90b8fb3f92ab48518b86de2d229cde3910be2e4b5a97d0c5a66333a627b19a737cc
|
|
7
|
+
data.tar.gz: d3f5f6be0e6ac4a61c3cbb3298ea49e36221f3f6c7ed54c213790a3463c8580d0bebab228f81946de3d2f23749e57fadbc0ae7fa7f47d37b062a64082c84be27
|
data/CHANGELOG.md
CHANGED
|
@@ -2,7 +2,19 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased](https://github.com/mitre/inspec_tools/tree/HEAD)
|
|
4
4
|
|
|
5
|
-
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.
|
|
5
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre9...HEAD)
|
|
6
|
+
|
|
7
|
+
**Implemented enhancements:**
|
|
8
|
+
|
|
9
|
+
- Standardize Severity Tag on CVSS 3.0 Terms [\#107](https://github.com/mitre/inspec_tools/issues/107)
|
|
10
|
+
|
|
11
|
+
**Merged pull requests:**
|
|
12
|
+
|
|
13
|
+
- Standardize Output of Severity and Impact to CVSS v3.0 terms [\#174](https://github.com/mitre/inspec_tools/pull/174) ([Bialogs](https://github.com/Bialogs))
|
|
14
|
+
|
|
15
|
+
## [v2.0.2.pre9](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre9) (2020-05-04)
|
|
16
|
+
|
|
17
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre8...v2.0.2.pre9)
|
|
6
18
|
|
|
7
19
|
**Implemented enhancements:**
|
|
8
20
|
|
|
@@ -157,6 +169,7 @@
|
|
|
157
169
|
**Merged pull requests:**
|
|
158
170
|
|
|
159
171
|
- added two digit contol parsing fixes \#117 [\#120](https://github.com/mitre/inspec_tools/pull/120) ([yarick](https://github.com/yarick))
|
|
172
|
+
- Update build/test process to only use GitHub actions [\#115](https://github.com/mitre/inspec_tools/pull/115) ([Bialogs](https://github.com/Bialogs))
|
|
160
173
|
|
|
161
174
|
## [v1.8.9](https://github.com/mitre/inspec_tools/tree/v1.8.9) (2020-03-30)
|
|
162
175
|
|
|
@@ -190,10 +203,6 @@
|
|
|
190
203
|
|
|
191
204
|
- GitHub Actions Build Matrix [\#112](https://github.com/mitre/inspec_tools/issues/112)
|
|
192
205
|
|
|
193
|
-
**Merged pull requests:**
|
|
194
|
-
|
|
195
|
-
- Update build/test process to only use GitHub actions [\#115](https://github.com/mitre/inspec_tools/pull/115) ([Bialogs](https://github.com/Bialogs))
|
|
196
|
-
|
|
197
206
|
## [v1.8.5](https://github.com/mitre/inspec_tools/tree/v1.8.5) (2020-03-27)
|
|
198
207
|
|
|
199
208
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.8.4...v1.8.5)
|
|
@@ -297,7 +306,6 @@
|
|
|
297
306
|
**Merged pull requests:**
|
|
298
307
|
|
|
299
308
|
- Remove warnings \(\#minor\) [\#101](https://github.com/mitre/inspec_tools/pull/101) ([Bialogs](https://github.com/Bialogs))
|
|
300
|
-
- Update github workflows [\#99](https://github.com/mitre/inspec_tools/pull/99) ([Bialogs](https://github.com/Bialogs))
|
|
301
309
|
|
|
302
310
|
## [v1.6.21](https://github.com/mitre/inspec_tools/tree/v1.6.21) (2020-03-20)
|
|
303
311
|
|
|
@@ -323,6 +331,10 @@
|
|
|
323
331
|
|
|
324
332
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.6.18...v1.6.19)
|
|
325
333
|
|
|
334
|
+
**Merged pull requests:**
|
|
335
|
+
|
|
336
|
+
- Update github workflows [\#99](https://github.com/mitre/inspec_tools/pull/99) ([Bialogs](https://github.com/Bialogs))
|
|
337
|
+
|
|
326
338
|
## [v1.6.18](https://github.com/mitre/inspec_tools/tree/v1.6.18) (2020-03-16)
|
|
327
339
|
|
|
328
340
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.6.17...v1.6.18)
|
data/lib/inspec_tools/csv.rb
CHANGED
|
@@ -90,7 +90,10 @@ module InspecTools
|
|
|
90
90
|
@mapping['control.tags'].each do |tag|
|
|
91
91
|
control['tags'][tag.first.to_s] = row[tag.last] unless row[tag.last].nil?
|
|
92
92
|
end
|
|
93
|
-
|
|
93
|
+
unless @mapping['control.tags']['severity'].nil? || row[@mapping['control.tags']['severity']].nil?
|
|
94
|
+
control['impact'] = Utils::InspecUtil.get_impact(row[@mapping['control.tags']['severity']])
|
|
95
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
|
96
|
+
end
|
|
94
97
|
@controls << control
|
|
95
98
|
end
|
|
96
99
|
end
|
data/lib/inspec_tools/inspec.rb
CHANGED
|
@@ -304,11 +304,9 @@ module InspecTools
|
|
|
304
304
|
def handle_severity(control)
|
|
305
305
|
return if control[:impact].nil?
|
|
306
306
|
|
|
307
|
-
value = Utils::InspecUtil.get_impact_string(control[:impact])
|
|
307
|
+
value = Utils::InspecUtil.get_impact_string(control[:impact], use_cvss_terms: false)
|
|
308
308
|
return if value == 'none'
|
|
309
309
|
|
|
310
|
-
value = 'high' if value == 'critical'
|
|
311
|
-
|
|
312
310
|
HappyMapperTools::StigChecklist::StigData.new('Severity', value)
|
|
313
311
|
end
|
|
314
312
|
|
data/lib/inspec_tools/pdf.rb
CHANGED
|
@@ -65,6 +65,7 @@ module InspecTools
|
|
|
65
65
|
control['desc'] = contr[:descr]
|
|
66
66
|
control['impact'] = Utils::InspecUtil.get_impact('medium')
|
|
67
67
|
control['tags'] = {}
|
|
68
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
|
68
69
|
control['tags']['ref'] = contr[:ref] unless contr[:ref].nil?
|
|
69
70
|
control['tags']['applicability'] = contr[:applicability] unless contr[:applicability].nil?
|
|
70
71
|
control['tags']['cis_id'] = contr[:title].split(' ')[0] unless contr[:title].nil?
|
data/lib/inspec_tools/xccdf.rb
CHANGED
|
@@ -126,6 +126,7 @@ module InspecTools
|
|
|
126
126
|
control['desc'] = group.rule.description.vuln_discussion.split('Satisfies: ')[0]
|
|
127
127
|
control['impact'] = Utils::InspecUtil.get_impact(group.rule.severity)
|
|
128
128
|
control['tags'] = {}
|
|
129
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
|
129
130
|
control['tags']['gtitle'] = group.title
|
|
130
131
|
control['tags']['satisfies'] = group.rule.description.vuln_discussion.split('Satisfies: ')[1].split(',').map(&:strip) if group.rule.description.vuln_discussion.split('Satisfies: ').length > 1
|
|
131
132
|
control['tags']['gid'] = group.id
|
|
@@ -16,7 +16,6 @@ require 'overrides/string'
|
|
|
16
16
|
# rubocop:disable Metrics/AbcSize
|
|
17
17
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
18
18
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
19
|
-
# rubocop:disable Metrics/BlockLength
|
|
20
19
|
# rubocop:disable Metrics/MethodLength
|
|
21
20
|
|
|
22
21
|
module Utils
|
|
@@ -46,7 +45,7 @@ module Utils
|
|
|
46
45
|
end
|
|
47
46
|
c_data = {}
|
|
48
47
|
|
|
49
|
-
controls.each do |control|
|
|
48
|
+
controls.each do |control|
|
|
50
49
|
c_id = control['id'].to_sym
|
|
51
50
|
c_data[c_id] = {}
|
|
52
51
|
c_data[c_id]['id'] = control['id'] || DATA_NOT_FOUND_MESSAGE
|
|
@@ -192,18 +191,20 @@ module Utils
|
|
|
192
191
|
# @todo Allow for the user to pass in a hash for the desired mapping of text
|
|
193
192
|
# values to numbers or to override our hard coded values.
|
|
194
193
|
#
|
|
195
|
-
def self.get_impact(severity)
|
|
196
|
-
return float_to_impact(severity) if severity.is_a?(Float)
|
|
194
|
+
def self.get_impact(severity, use_cvss_terms: true)
|
|
195
|
+
return float_to_impact(severity, use_cvss_terms) if severity.is_a?(Float)
|
|
197
196
|
|
|
198
|
-
return string_to_impact(severity) if severity.is_a?(String)
|
|
197
|
+
return string_to_impact(severity, use_cvss_terms) if severity.is_a?(String)
|
|
199
198
|
|
|
200
199
|
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
|
201
200
|
'1.0 or one of the approved keywords.'
|
|
202
201
|
end
|
|
203
202
|
|
|
204
|
-
private_class_method def self.float_to_impact(severity)
|
|
205
|
-
|
|
206
|
-
|
|
203
|
+
private_class_method def self.float_to_impact(severity, use_cvss_terms)
|
|
204
|
+
unless severity.between?(0, 1)
|
|
205
|
+
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
|
206
|
+
'1.0 or one of the approved keywords.'
|
|
207
|
+
end
|
|
207
208
|
|
|
208
209
|
if severity <= 0.01
|
|
209
210
|
0.0 # Informative
|
|
@@ -211,31 +212,33 @@ module Utils
|
|
|
211
212
|
0.3 # Low Impact
|
|
212
213
|
elsif severity < 0.7
|
|
213
214
|
0.5 # Medium Impact
|
|
214
|
-
elsif severity < 0.9
|
|
215
|
+
elsif severity < 0.9 || use_cvss_terms
|
|
215
216
|
0.7 # High Impact
|
|
216
217
|
else
|
|
217
218
|
1.0 # Critical Controls
|
|
218
219
|
end
|
|
219
220
|
end
|
|
220
221
|
|
|
221
|
-
private_class_method def self.string_to_impact(severity)
|
|
222
|
+
private_class_method def self.string_to_impact(severity, use_cvss_terms)
|
|
222
223
|
if /none|na|n\/a|not[_|(\s*)]?applicable/i.match?(severity)
|
|
223
|
-
0.0 # Informative
|
|
224
|
+
impact = 0.0 # Informative
|
|
224
225
|
elsif /low|cat(egory)?\s*(iii|3)/i.match?(severity)
|
|
225
|
-
0.3 # Low Impact
|
|
226
|
+
impact = 0.3 # Low Impact
|
|
226
227
|
elsif /med(ium)?|cat(egory)?\s*(ii|2)/i.match?(severity)
|
|
227
|
-
0.5 # Medium Impact
|
|
228
|
+
impact = 0.5 # Medium Impact
|
|
228
229
|
elsif /high|cat(egory)?\s*(i|1)/i.match?(severity)
|
|
229
|
-
0.7 # High Impact
|
|
230
|
+
impact = 0.7 # High Impact
|
|
230
231
|
elsif /crit(ical)?|severe/i.match?(severity)
|
|
231
|
-
1.0 # Critical Controls
|
|
232
|
+
impact = 1.0 # Critical Controls
|
|
232
233
|
else
|
|
233
234
|
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
|
234
235
|
'1.0 or one of the approved keywords.'
|
|
235
236
|
end
|
|
237
|
+
|
|
238
|
+
impact == 1.0 && use_cvss_terms ? 0.7 : impact
|
|
236
239
|
end
|
|
237
240
|
|
|
238
|
-
def self.get_impact_string(impact)
|
|
241
|
+
def self.get_impact_string(impact, use_cvss_terms: true)
|
|
239
242
|
return if impact.nil?
|
|
240
243
|
|
|
241
244
|
value = impact.to_f
|
|
@@ -243,8 +246,14 @@ module Utils
|
|
|
243
246
|
raise ImpactInputError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]."
|
|
244
247
|
end
|
|
245
248
|
|
|
246
|
-
IMPACT_SCORES.reverse_each do |name,
|
|
247
|
-
|
|
249
|
+
IMPACT_SCORES.reverse_each do |name, impact_score|
|
|
250
|
+
if name == 'critical' && value >= impact_score && use_cvss_terms
|
|
251
|
+
return 'high'
|
|
252
|
+
elsif value >= impact_score
|
|
253
|
+
return name
|
|
254
|
+
else
|
|
255
|
+
next
|
|
256
|
+
end
|
|
248
257
|
end
|
|
249
258
|
end
|
|
250
259
|
|
|
@@ -418,3 +427,9 @@ module Utils
|
|
|
418
427
|
end
|
|
419
428
|
end
|
|
420
429
|
end
|
|
430
|
+
|
|
431
|
+
# rubocop:enable Metrics/ClassLength
|
|
432
|
+
# rubocop:enable Metrics/AbcSize
|
|
433
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
434
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
435
|
+
# rubocop:enable Metrics/MethodLength
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec_tools
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.2.
|
|
4
|
+
version: 2.0.2.pre10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Robert Thew
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: exe
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2020-05-
|
|
14
|
+
date: 2020-05-06 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: colorize
|