inspec_tools 2.0.2.pre9 → 2.0.2.pre10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -6
- data/lib/inspec_tools/csv.rb +4 -1
- data/lib/inspec_tools/inspec.rb +1 -3
- data/lib/inspec_tools/pdf.rb +1 -0
- data/lib/inspec_tools/xccdf.rb +1 -0
- data/lib/utilities/inspec_util.rb +33 -18
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3cf626f1d93b888c79af9021e808299cb08144fa9d89be83e8243223797df79b
|
|
4
|
+
data.tar.gz: 5b9b69478c7a11a02366b7fa0a8eeba4abb320e1a5e1338b73923b401bc38b33
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 351a6fd25c64e1564a82034f6998cd1a5f5b06b3b915128d0d4d01e65ac7e90b8fb3f92ab48518b86de2d229cde3910be2e4b5a97d0c5a66333a627b19a737cc
|
|
7
|
+
data.tar.gz: d3f5f6be0e6ac4a61c3cbb3298ea49e36221f3f6c7ed54c213790a3463c8580d0bebab228f81946de3d2f23749e57fadbc0ae7fa7f47d37b062a64082c84be27
|
data/CHANGELOG.md
CHANGED
|
@@ -2,7 +2,19 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased](https://github.com/mitre/inspec_tools/tree/HEAD)
|
|
4
4
|
|
|
5
|
-
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.
|
|
5
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre9...HEAD)
|
|
6
|
+
|
|
7
|
+
**Implemented enhancements:**
|
|
8
|
+
|
|
9
|
+
- Standardize Severity Tag on CVSS 3.0 Terms [\#107](https://github.com/mitre/inspec_tools/issues/107)
|
|
10
|
+
|
|
11
|
+
**Merged pull requests:**
|
|
12
|
+
|
|
13
|
+
- Standardize Output of Severity and Impact to CVSS v3.0 terms [\#174](https://github.com/mitre/inspec_tools/pull/174) ([Bialogs](https://github.com/Bialogs))
|
|
14
|
+
|
|
15
|
+
## [v2.0.2.pre9](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre9) (2020-05-04)
|
|
16
|
+
|
|
17
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre8...v2.0.2.pre9)
|
|
6
18
|
|
|
7
19
|
**Implemented enhancements:**
|
|
8
20
|
|
|
@@ -157,6 +169,7 @@
|
|
|
157
169
|
**Merged pull requests:**
|
|
158
170
|
|
|
159
171
|
- added two digit contol parsing fixes \#117 [\#120](https://github.com/mitre/inspec_tools/pull/120) ([yarick](https://github.com/yarick))
|
|
172
|
+
- Update build/test process to only use GitHub actions [\#115](https://github.com/mitre/inspec_tools/pull/115) ([Bialogs](https://github.com/Bialogs))
|
|
160
173
|
|
|
161
174
|
## [v1.8.9](https://github.com/mitre/inspec_tools/tree/v1.8.9) (2020-03-30)
|
|
162
175
|
|
|
@@ -190,10 +203,6 @@
|
|
|
190
203
|
|
|
191
204
|
- GitHub Actions Build Matrix [\#112](https://github.com/mitre/inspec_tools/issues/112)
|
|
192
205
|
|
|
193
|
-
**Merged pull requests:**
|
|
194
|
-
|
|
195
|
-
- Update build/test process to only use GitHub actions [\#115](https://github.com/mitre/inspec_tools/pull/115) ([Bialogs](https://github.com/Bialogs))
|
|
196
|
-
|
|
197
206
|
## [v1.8.5](https://github.com/mitre/inspec_tools/tree/v1.8.5) (2020-03-27)
|
|
198
207
|
|
|
199
208
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.8.4...v1.8.5)
|
|
@@ -297,7 +306,6 @@
|
|
|
297
306
|
**Merged pull requests:**
|
|
298
307
|
|
|
299
308
|
- Remove warnings \(\#minor\) [\#101](https://github.com/mitre/inspec_tools/pull/101) ([Bialogs](https://github.com/Bialogs))
|
|
300
|
-
- Update github workflows [\#99](https://github.com/mitre/inspec_tools/pull/99) ([Bialogs](https://github.com/Bialogs))
|
|
301
309
|
|
|
302
310
|
## [v1.6.21](https://github.com/mitre/inspec_tools/tree/v1.6.21) (2020-03-20)
|
|
303
311
|
|
|
@@ -323,6 +331,10 @@
|
|
|
323
331
|
|
|
324
332
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.6.18...v1.6.19)
|
|
325
333
|
|
|
334
|
+
**Merged pull requests:**
|
|
335
|
+
|
|
336
|
+
- Update github workflows [\#99](https://github.com/mitre/inspec_tools/pull/99) ([Bialogs](https://github.com/Bialogs))
|
|
337
|
+
|
|
326
338
|
## [v1.6.18](https://github.com/mitre/inspec_tools/tree/v1.6.18) (2020-03-16)
|
|
327
339
|
|
|
328
340
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.6.17...v1.6.18)
|
data/lib/inspec_tools/csv.rb
CHANGED
|
@@ -90,7 +90,10 @@ module InspecTools
|
|
|
90
90
|
@mapping['control.tags'].each do |tag|
|
|
91
91
|
control['tags'][tag.first.to_s] = row[tag.last] unless row[tag.last].nil?
|
|
92
92
|
end
|
|
93
|
-
|
|
93
|
+
unless @mapping['control.tags']['severity'].nil? || row[@mapping['control.tags']['severity']].nil?
|
|
94
|
+
control['impact'] = Utils::InspecUtil.get_impact(row[@mapping['control.tags']['severity']])
|
|
95
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
|
96
|
+
end
|
|
94
97
|
@controls << control
|
|
95
98
|
end
|
|
96
99
|
end
|
data/lib/inspec_tools/inspec.rb
CHANGED
|
@@ -304,11 +304,9 @@ module InspecTools
|
|
|
304
304
|
def handle_severity(control)
|
|
305
305
|
return if control[:impact].nil?
|
|
306
306
|
|
|
307
|
-
value = Utils::InspecUtil.get_impact_string(control[:impact])
|
|
307
|
+
value = Utils::InspecUtil.get_impact_string(control[:impact], use_cvss_terms: false)
|
|
308
308
|
return if value == 'none'
|
|
309
309
|
|
|
310
|
-
value = 'high' if value == 'critical'
|
|
311
|
-
|
|
312
310
|
HappyMapperTools::StigChecklist::StigData.new('Severity', value)
|
|
313
311
|
end
|
|
314
312
|
|
data/lib/inspec_tools/pdf.rb
CHANGED
|
@@ -65,6 +65,7 @@ module InspecTools
|
|
|
65
65
|
control['desc'] = contr[:descr]
|
|
66
66
|
control['impact'] = Utils::InspecUtil.get_impact('medium')
|
|
67
67
|
control['tags'] = {}
|
|
68
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
|
68
69
|
control['tags']['ref'] = contr[:ref] unless contr[:ref].nil?
|
|
69
70
|
control['tags']['applicability'] = contr[:applicability] unless contr[:applicability].nil?
|
|
70
71
|
control['tags']['cis_id'] = contr[:title].split(' ')[0] unless contr[:title].nil?
|
data/lib/inspec_tools/xccdf.rb
CHANGED
|
@@ -126,6 +126,7 @@ module InspecTools
|
|
|
126
126
|
control['desc'] = group.rule.description.vuln_discussion.split('Satisfies: ')[0]
|
|
127
127
|
control['impact'] = Utils::InspecUtil.get_impact(group.rule.severity)
|
|
128
128
|
control['tags'] = {}
|
|
129
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
|
129
130
|
control['tags']['gtitle'] = group.title
|
|
130
131
|
control['tags']['satisfies'] = group.rule.description.vuln_discussion.split('Satisfies: ')[1].split(',').map(&:strip) if group.rule.description.vuln_discussion.split('Satisfies: ').length > 1
|
|
131
132
|
control['tags']['gid'] = group.id
|
|
@@ -16,7 +16,6 @@ require 'overrides/string'
|
|
|
16
16
|
# rubocop:disable Metrics/AbcSize
|
|
17
17
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
18
18
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
19
|
-
# rubocop:disable Metrics/BlockLength
|
|
20
19
|
# rubocop:disable Metrics/MethodLength
|
|
21
20
|
|
|
22
21
|
module Utils
|
|
@@ -46,7 +45,7 @@ module Utils
|
|
|
46
45
|
end
|
|
47
46
|
c_data = {}
|
|
48
47
|
|
|
49
|
-
controls.each do |control|
|
|
48
|
+
controls.each do |control|
|
|
50
49
|
c_id = control['id'].to_sym
|
|
51
50
|
c_data[c_id] = {}
|
|
52
51
|
c_data[c_id]['id'] = control['id'] || DATA_NOT_FOUND_MESSAGE
|
|
@@ -192,18 +191,20 @@ module Utils
|
|
|
192
191
|
# @todo Allow for the user to pass in a hash for the desired mapping of text
|
|
193
192
|
# values to numbers or to override our hard coded values.
|
|
194
193
|
#
|
|
195
|
-
def self.get_impact(severity)
|
|
196
|
-
return float_to_impact(severity) if severity.is_a?(Float)
|
|
194
|
+
def self.get_impact(severity, use_cvss_terms: true)
|
|
195
|
+
return float_to_impact(severity, use_cvss_terms) if severity.is_a?(Float)
|
|
197
196
|
|
|
198
|
-
return string_to_impact(severity) if severity.is_a?(String)
|
|
197
|
+
return string_to_impact(severity, use_cvss_terms) if severity.is_a?(String)
|
|
199
198
|
|
|
200
199
|
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
|
201
200
|
'1.0 or one of the approved keywords.'
|
|
202
201
|
end
|
|
203
202
|
|
|
204
|
-
private_class_method def self.float_to_impact(severity)
|
|
205
|
-
|
|
206
|
-
|
|
203
|
+
private_class_method def self.float_to_impact(severity, use_cvss_terms)
|
|
204
|
+
unless severity.between?(0, 1)
|
|
205
|
+
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
|
206
|
+
'1.0 or one of the approved keywords.'
|
|
207
|
+
end
|
|
207
208
|
|
|
208
209
|
if severity <= 0.01
|
|
209
210
|
0.0 # Informative
|
|
@@ -211,31 +212,33 @@ module Utils
|
|
|
211
212
|
0.3 # Low Impact
|
|
212
213
|
elsif severity < 0.7
|
|
213
214
|
0.5 # Medium Impact
|
|
214
|
-
elsif severity < 0.9
|
|
215
|
+
elsif severity < 0.9 || use_cvss_terms
|
|
215
216
|
0.7 # High Impact
|
|
216
217
|
else
|
|
217
218
|
1.0 # Critical Controls
|
|
218
219
|
end
|
|
219
220
|
end
|
|
220
221
|
|
|
221
|
-
private_class_method def self.string_to_impact(severity)
|
|
222
|
+
private_class_method def self.string_to_impact(severity, use_cvss_terms)
|
|
222
223
|
if /none|na|n\/a|not[_|(\s*)]?applicable/i.match?(severity)
|
|
223
|
-
0.0 # Informative
|
|
224
|
+
impact = 0.0 # Informative
|
|
224
225
|
elsif /low|cat(egory)?\s*(iii|3)/i.match?(severity)
|
|
225
|
-
0.3 # Low Impact
|
|
226
|
+
impact = 0.3 # Low Impact
|
|
226
227
|
elsif /med(ium)?|cat(egory)?\s*(ii|2)/i.match?(severity)
|
|
227
|
-
0.5 # Medium Impact
|
|
228
|
+
impact = 0.5 # Medium Impact
|
|
228
229
|
elsif /high|cat(egory)?\s*(i|1)/i.match?(severity)
|
|
229
|
-
0.7 # High Impact
|
|
230
|
+
impact = 0.7 # High Impact
|
|
230
231
|
elsif /crit(ical)?|severe/i.match?(severity)
|
|
231
|
-
1.0 # Critical Controls
|
|
232
|
+
impact = 1.0 # Critical Controls
|
|
232
233
|
else
|
|
233
234
|
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
|
234
235
|
'1.0 or one of the approved keywords.'
|
|
235
236
|
end
|
|
237
|
+
|
|
238
|
+
impact == 1.0 && use_cvss_terms ? 0.7 : impact
|
|
236
239
|
end
|
|
237
240
|
|
|
238
|
-
def self.get_impact_string(impact)
|
|
241
|
+
def self.get_impact_string(impact, use_cvss_terms: true)
|
|
239
242
|
return if impact.nil?
|
|
240
243
|
|
|
241
244
|
value = impact.to_f
|
|
@@ -243,8 +246,14 @@ module Utils
|
|
|
243
246
|
raise ImpactInputError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]."
|
|
244
247
|
end
|
|
245
248
|
|
|
246
|
-
IMPACT_SCORES.reverse_each do |name,
|
|
247
|
-
|
|
249
|
+
IMPACT_SCORES.reverse_each do |name, impact_score|
|
|
250
|
+
if name == 'critical' && value >= impact_score && use_cvss_terms
|
|
251
|
+
return 'high'
|
|
252
|
+
elsif value >= impact_score
|
|
253
|
+
return name
|
|
254
|
+
else
|
|
255
|
+
next
|
|
256
|
+
end
|
|
248
257
|
end
|
|
249
258
|
end
|
|
250
259
|
|
|
@@ -418,3 +427,9 @@ module Utils
|
|
|
418
427
|
end
|
|
419
428
|
end
|
|
420
429
|
end
|
|
430
|
+
|
|
431
|
+
# rubocop:enable Metrics/ClassLength
|
|
432
|
+
# rubocop:enable Metrics/AbcSize
|
|
433
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
434
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
435
|
+
# rubocop:enable Metrics/MethodLength
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec_tools
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.2.
|
|
4
|
+
version: 2.0.2.pre10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Robert Thew
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: exe
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2020-05-
|
|
14
|
+
date: 2020-05-06 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: colorize
|