inspec_tools 2.0.2.pre9 → 2.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +83 -3
- data/README.md +51 -7
- data/lib/data/rubocop.yml +4 -0
- data/lib/inspec_tools/csv.rb +4 -1
- data/lib/inspec_tools/inspec.rb +1 -3
- data/lib/inspec_tools/pdf.rb +1 -0
- data/lib/inspec_tools/plugin_cli.rb +1 -4
- data/lib/inspec_tools/summary.rb +7 -7
- data/lib/inspec_tools/xccdf.rb +1 -0
- data/lib/utilities/inspec_util.rb +39 -19
- metadata +15 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 22680d948ef0c9745db5983c3ae8dea966cfa05f2aa2977e2f0409a0d4416a14
|
4
|
+
data.tar.gz: 60954f2699569649f559a4071c97e70a1b0d77eb0f695207106dd4b06887c8b9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5eab94b7c0f08fe13b37a2c0483e7991c8b625c2134f502e94f8c194d4ef4aee73001d9ccc52686a924ff6d1b4436511706e4ab5cb274476765ebc6e97d42a45
|
7
|
+
data.tar.gz: 07d82a9e11bfb00ee867893cbecbe1ce0d9d7bb0a156ec1e81a80f862ede193c1cb9b4abefcd45bb5d068a7719b9c18a1fbd9053b51e68d9854792b4b90674a5
|
data/CHANGELOG.md
CHANGED
@@ -2,7 +2,85 @@
|
|
2
2
|
|
3
3
|
## [Unreleased](https://github.com/mitre/inspec_tools/tree/HEAD)
|
4
4
|
|
5
|
-
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.
|
5
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.3...HEAD)
|
6
|
+
|
7
|
+
**Closed issues:**
|
8
|
+
|
9
|
+
- xccdf2inspec string quotes bug [\#191](https://github.com/mitre/inspec_tools/issues/191)
|
10
|
+
- xccdf2inspec fails on OpenSCAP xccdf results with undefined method [\#190](https://github.com/mitre/inspec_tools/issues/190)
|
11
|
+
|
12
|
+
**Merged pull requests:**
|
13
|
+
|
14
|
+
- 191 single quote replacement [\#192](https://github.com/mitre/inspec_tools/pull/192) ([Bialogs](https://github.com/Bialogs))
|
15
|
+
|
16
|
+
## [v2.0.3](https://github.com/mitre/inspec_tools/tree/v2.0.3) (2020-05-26)
|
17
|
+
|
18
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre13...v2.0.3)
|
19
|
+
|
20
|
+
**Implemented enhancements:**
|
21
|
+
|
22
|
+
- Round compliance score down [\#146](https://github.com/mitre/inspec_tools/issues/146)
|
23
|
+
- Every usage of Bucket and Tally uses it as a symbol, making it a symbol as part of its declaration [\#187](https://github.com/mitre/inspec_tools/pull/187) ([rbclark](https://github.com/rbclark))
|
24
|
+
- Summary output [\#186](https://github.com/mitre/inspec_tools/pull/186) ([jsa5593](https://github.com/jsa5593))
|
25
|
+
- Compliance score is rounded down and the README is updated [\#185](https://github.com/mitre/inspec_tools/pull/185) ([jsa5593](https://github.com/jsa5593))
|
26
|
+
|
27
|
+
**Fixed bugs:**
|
28
|
+
|
29
|
+
- inspec\_tools docker images is not actually showing results to cli [\#183](https://github.com/mitre/inspec_tools/issues/183)
|
30
|
+
|
31
|
+
**Closed issues:**
|
32
|
+
|
33
|
+
- inspec\_tools docker container doesn't let me go into a bash shell [\#184](https://github.com/mitre/inspec_tools/issues/184)
|
34
|
+
- Add a Dockerfile so folks can eaily add this into their ci/cd container workflows [\#162](https://github.com/mitre/inspec_tools/issues/162)
|
35
|
+
|
36
|
+
**Merged pull requests:**
|
37
|
+
|
38
|
+
- Add parameter to InspecUtils\#control\_status to specify when used for summary. [\#170](https://github.com/mitre/inspec_tools/pull/170) ([Bialogs](https://github.com/Bialogs))
|
39
|
+
|
40
|
+
## [v2.0.2.pre13](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre13) (2020-05-22)
|
41
|
+
|
42
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre12...v2.0.2.pre13)
|
43
|
+
|
44
|
+
**Implemented enhancements:**
|
45
|
+
|
46
|
+
- Ruby to docker [\#181](https://github.com/mitre/inspec_tools/pull/181) ([jsa5593](https://github.com/jsa5593))
|
47
|
+
|
48
|
+
**Fixed bugs:**
|
49
|
+
|
50
|
+
- All Impacts Parsed from PDF are Medium [\#173](https://github.com/mitre/inspec_tools/issues/173)
|
51
|
+
- Git version bump version 0.17.2 is broken due to a faulty regex. [\#182](https://github.com/mitre/inspec_tools/pull/182) ([rbclark](https://github.com/rbclark))
|
52
|
+
|
53
|
+
## [v2.0.2.pre12](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre12) (2020-05-07)
|
54
|
+
|
55
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre11...v2.0.2.pre12)
|
56
|
+
|
57
|
+
**Merged pull requests:**
|
58
|
+
|
59
|
+
- Require a newer version of git-lite-version-bump for Windows support [\#178](https://github.com/mitre/inspec_tools/pull/178) ([rbclark](https://github.com/rbclark))
|
60
|
+
|
61
|
+
## [v2.0.2.pre11](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre11) (2020-05-07)
|
62
|
+
|
63
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre10...v2.0.2.pre11)
|
64
|
+
|
65
|
+
**Merged pull requests:**
|
66
|
+
|
67
|
+
- git-lite-version-bump 0.17.0 is not compatible with Windows [\#176](https://github.com/mitre/inspec_tools/pull/176) ([rbclark](https://github.com/rbclark))
|
68
|
+
|
69
|
+
## [v2.0.2.pre10](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre10) (2020-05-06)
|
70
|
+
|
71
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre9...v2.0.2.pre10)
|
72
|
+
|
73
|
+
**Implemented enhancements:**
|
74
|
+
|
75
|
+
- Standardize Severity Tag on CVSS 3.0 Terms [\#107](https://github.com/mitre/inspec_tools/issues/107)
|
76
|
+
|
77
|
+
**Merged pull requests:**
|
78
|
+
|
79
|
+
- Standardize Output of Severity and Impact to CVSS v3.0 terms [\#174](https://github.com/mitre/inspec_tools/pull/174) ([Bialogs](https://github.com/Bialogs))
|
80
|
+
|
81
|
+
## [v2.0.2.pre9](https://github.com/mitre/inspec_tools/tree/v2.0.2.pre9) (2020-05-04)
|
82
|
+
|
83
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.2.pre8...v2.0.2.pre9)
|
6
84
|
|
7
85
|
**Implemented enhancements:**
|
8
86
|
|
@@ -18,7 +96,6 @@
|
|
18
96
|
**Merged pull requests:**
|
19
97
|
|
20
98
|
- Apply fixes from CodeFactor [\#172](https://github.com/mitre/inspec_tools/pull/172) ([aaronlippold](https://github.com/aaronlippold))
|
21
|
-
- Add parameter to InspecUtils\#control\_status to specify when used for summary. [\#170](https://github.com/mitre/inspec_tools/pull/170) ([Bialogs](https://github.com/Bialogs))
|
22
99
|
- Generate Ruby with Single Quoted Strings [\#169](https://github.com/mitre/inspec_tools/pull/169) ([Bialogs](https://github.com/Bialogs))
|
23
100
|
- Update CKL parse method to dig into sub descriptions [\#168](https://github.com/mitre/inspec_tools/pull/168) ([Bialogs](https://github.com/Bialogs))
|
24
101
|
|
@@ -297,7 +374,6 @@
|
|
297
374
|
**Merged pull requests:**
|
298
375
|
|
299
376
|
- Remove warnings \(\#minor\) [\#101](https://github.com/mitre/inspec_tools/pull/101) ([Bialogs](https://github.com/Bialogs))
|
300
|
-
- Update github workflows [\#99](https://github.com/mitre/inspec_tools/pull/99) ([Bialogs](https://github.com/Bialogs))
|
301
377
|
|
302
378
|
## [v1.6.21](https://github.com/mitre/inspec_tools/tree/v1.6.21) (2020-03-20)
|
303
379
|
|
@@ -323,6 +399,10 @@
|
|
323
399
|
|
324
400
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.6.18...v1.6.19)
|
325
401
|
|
402
|
+
**Merged pull requests:**
|
403
|
+
|
404
|
+
- Update github workflows [\#99](https://github.com/mitre/inspec_tools/pull/99) ([Bialogs](https://github.com/Bialogs))
|
405
|
+
|
326
406
|
## [v1.6.18](https://github.com/mitre/inspec_tools/tree/v1.6.18) (2020-03-16)
|
327
407
|
|
328
408
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.6.17...v1.6.18)
|
data/README.md
CHANGED
@@ -61,6 +61,13 @@ xccdf_results = tool.to_xccdf(attribs_json)
|
|
61
61
|
On the Command Line, `inspec_tools help` will print a listing of all the command with a short description.
|
62
62
|
For detailed help on any command, run `inspec_tools help [COMMAND]`. Help can also be called with the `-h, --help` flags after any command, like `inspec_tools xccdf2inspec -h`.
|
63
63
|
|
64
|
+
For Docker usage, replace the `inspec_tools` command with the correct Docker command below for your operating system:
|
65
|
+
|
66
|
+
- **On Linux and Mac**: `docker run -it -v$(pwd):/share mitre/inspec_tools`
|
67
|
+
- **On Windows CMD**: `docker run -it -v%cd%:/share mitre/inspec_tools`
|
68
|
+
|
69
|
+
Note that all of the above Docker commands will mount your current directory on the Docker container. Ensure that you have navigated to the directory you intend to convert files in before executing the command.
|
70
|
+
|
64
71
|
### generate_map
|
65
72
|
|
66
73
|
This command will generate a `mapping.xml` file that can be passed in to the `csv2inspec` command with the `--m` option.
|
@@ -91,6 +98,8 @@ USAGE: inspec_tools generate_inspec_metadata
|
|
91
98
|
|
92
99
|
If the specified threshold is not met, an error code (1) is returned along with non-compliant elements.
|
93
100
|
|
101
|
+
The compliance score are rounded down to the nearest whole number. For example a score of 77.3 would be displayed as 77.
|
102
|
+
|
94
103
|
```
|
95
104
|
USAGE: inspec_tools compliance [OPTIONS] -j <inspec-json> -i <threshold-inline>
|
96
105
|
inspec_tools compliance [OPTIONS] -j <inspec-json> -f <threshold-file>
|
@@ -135,22 +144,57 @@ failed.high.max: 1
|
|
135
144
|
|
136
145
|
## summary
|
137
146
|
|
138
|
-
`summary` parses an inspec results json
|
147
|
+
`summary` parses an inspec results json and displays the information from all of the tests that were run. Running the command with flags but `-j` it will display information like:
|
148
|
+
|
149
|
+
```
|
150
|
+
Overall compliance: 77%
|
151
|
+
|
152
|
+
failed
|
153
|
+
total : 41
|
154
|
+
critical : 0
|
155
|
+
high : 3
|
156
|
+
medium : 33
|
157
|
+
low : 5
|
158
|
+
passed
|
159
|
+
total : 174
|
160
|
+
critical : 0
|
161
|
+
high : 21
|
162
|
+
medium : 147
|
163
|
+
low : 6
|
164
|
+
no_impact
|
165
|
+
total : 21
|
166
|
+
critical : 0
|
167
|
+
high : 0
|
168
|
+
medium : 0
|
169
|
+
low : 0
|
170
|
+
skipped
|
171
|
+
total : 10
|
172
|
+
critical : 0
|
173
|
+
high : 2
|
174
|
+
medium : 5
|
175
|
+
low : 3
|
176
|
+
error
|
177
|
+
total : 0
|
178
|
+
critical : 0
|
179
|
+
high : 0
|
180
|
+
medium : 0
|
181
|
+
low : 0
|
182
|
+
```
|
183
|
+
|
184
|
+
Using additional flags will override the normal output and only display the output that flag specifies.
|
185
|
+
|
186
|
+
USAGE: inspec_tools summary [OPTIONS] -j <inspec-json>
|
139
187
|
|
140
188
|
```
|
141
|
-
USAGE: inspec_tools summary [OPTIONS] -j <inspec-json> -o <summary-csv>
|
142
|
-
|
143
189
|
FLAGS:
|
144
|
-
|
145
|
-
-o --output <output-json> : path to summary JSON
|
146
|
-
-c --cli, --no-cli : print formatted summary to STDOUT
|
190
|
+
-j --inspec-json <inspec-json> : path to InSpec results JSON
|
147
191
|
-V --verbose, --no-verbose : print verbose an debug output
|
148
192
|
-f --json-full, --no-json-full : print the summary STDOUT as JSON
|
149
193
|
-k --json-counts, --no-json_cou : print the reslut status to STDOUT as JSON
|
150
194
|
|
151
195
|
Examples:
|
152
196
|
|
153
|
-
inspec_tools summary -j examples/sample_json/rhel-simp.json -f
|
197
|
+
inspec_tools summary -j examples/sample_json/rhel-simp.json -f
|
154
198
|
```
|
155
199
|
|
156
200
|
## xccdf2inspec
|
data/lib/inspec_tools/csv.rb
CHANGED
@@ -90,7 +90,10 @@ module InspecTools
|
|
90
90
|
@mapping['control.tags'].each do |tag|
|
91
91
|
control['tags'][tag.first.to_s] = row[tag.last] unless row[tag.last].nil?
|
92
92
|
end
|
93
|
-
|
93
|
+
unless @mapping['control.tags']['severity'].nil? || row[@mapping['control.tags']['severity']].nil?
|
94
|
+
control['impact'] = Utils::InspecUtil.get_impact(row[@mapping['control.tags']['severity']])
|
95
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
96
|
+
end
|
94
97
|
@controls << control
|
95
98
|
end
|
96
99
|
end
|
data/lib/inspec_tools/inspec.rb
CHANGED
@@ -304,11 +304,9 @@ module InspecTools
|
|
304
304
|
def handle_severity(control)
|
305
305
|
return if control[:impact].nil?
|
306
306
|
|
307
|
-
value = Utils::InspecUtil.get_impact_string(control[:impact])
|
307
|
+
value = Utils::InspecUtil.get_impact_string(control[:impact], use_cvss_terms: false)
|
308
308
|
return if value == 'none'
|
309
309
|
|
310
|
-
value = 'high' if value == 'critical'
|
311
|
-
|
312
310
|
HappyMapperTools::StigChecklist::StigData.new('Severity', value)
|
313
311
|
end
|
314
312
|
|
data/lib/inspec_tools/pdf.rb
CHANGED
@@ -65,6 +65,7 @@ module InspecTools
|
|
65
65
|
control['desc'] = contr[:descr]
|
66
66
|
control['impact'] = Utils::InspecUtil.get_impact('medium')
|
67
67
|
control['tags'] = {}
|
68
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
68
69
|
control['tags']['ref'] = contr[:ref] unless contr[:ref].nil?
|
69
70
|
control['tags']['applicability'] = contr[:applicability] unless contr[:applicability].nil?
|
70
71
|
control['tags']['cis_id'] = contr[:title].split(' ')[0] unless contr[:title].nil?
|
@@ -200,8 +200,6 @@ module InspecPlugins
|
|
200
200
|
desc 'summary', 'summary parses an inspec results json to create a summary json'
|
201
201
|
long_desc InspecTools::Help.text(:summary)
|
202
202
|
option :inspec_json, required: true, aliases: '-j'
|
203
|
-
option :output, required: false, aliases: '-o'
|
204
|
-
option :cli, type: :boolean, required: false, aliases: '-c'
|
205
203
|
option :verbose, type: :boolean, aliases: '-V'
|
206
204
|
option :json_full, type: :boolean, required: false, aliases: '-f'
|
207
205
|
option :json_counts, type: :boolean, required: false, aliases: '-k'
|
@@ -209,7 +207,7 @@ module InspecPlugins
|
|
209
207
|
def summary
|
210
208
|
summary = InspecTools::Summary.new(File.read(options[:inspec_json])).to_summary
|
211
209
|
|
212
|
-
|
210
|
+
unless options.include?('json_full') || options.include?('json_counts')
|
213
211
|
puts "\nOverall compliance: #{summary[:compliance]}%\n\n"
|
214
212
|
summary[:status].keys.each do |category|
|
215
213
|
puts category
|
@@ -220,7 +218,6 @@ module InspecPlugins
|
|
220
218
|
end
|
221
219
|
|
222
220
|
json_summary = summary.to_json
|
223
|
-
File.write(options[:output], json_summary) if options[:output]
|
224
221
|
puts json_summary if options[:json_full]
|
225
222
|
puts summary[:status].to_json if options[:json_counts]
|
226
223
|
end
|
data/lib/inspec_tools/summary.rb
CHANGED
@@ -10,8 +10,8 @@ HIGH = 0.7
|
|
10
10
|
MEDIUM = 0.5
|
11
11
|
LOW = 0.3
|
12
12
|
|
13
|
-
BUCKETS = %
|
14
|
-
TALLYS = %
|
13
|
+
BUCKETS = %i(failed passed no_impact skipped error).freeze
|
14
|
+
TALLYS = %i(total critical high medium low).freeze
|
15
15
|
|
16
16
|
THRESHOLD_TEMPLATE = File.expand_path('../data/threshold.yaml', File.dirname(__FILE__))
|
17
17
|
|
@@ -83,7 +83,7 @@ module InspecTools
|
|
83
83
|
(@summary[:status][:passed][:total]+
|
84
84
|
@summary[:status][:failed][:total]+
|
85
85
|
@summary[:status][:skipped][:total]+
|
86
|
-
@summary[:status][:error][:total])).
|
86
|
+
@summary[:status][:error][:total])).floor
|
87
87
|
end
|
88
88
|
|
89
89
|
def threshold_compliance
|
@@ -104,13 +104,13 @@ module InspecTools
|
|
104
104
|
TALLYS.each do |tally|
|
105
105
|
max = @threshold["#{bucket}.#{tally}.max"]
|
106
106
|
min = @threshold["#{bucket}.#{tally}.min"]
|
107
|
-
if max != -1 and status[bucket
|
107
|
+
if max != -1 and status[bucket][tally] > max
|
108
108
|
compliance = false
|
109
|
-
failure << "Expected #{bucket}.#{tally}.max:#{max} got:#{status[bucket
|
109
|
+
failure << "Expected #{bucket}.#{tally}.max:#{max} got:#{status[bucket][tally]}"
|
110
110
|
end
|
111
|
-
if min != -1 and status[bucket
|
111
|
+
if min != -1 and status[bucket][tally] < min
|
112
112
|
compliance = false
|
113
|
-
failure << "Expected #{bucket}.#{tally}.min:#{min} got:#{status[bucket
|
113
|
+
failure << "Expected #{bucket}.#{tally}.min:#{min} got:#{status[bucket][tally]}"
|
114
114
|
end
|
115
115
|
end
|
116
116
|
end
|
data/lib/inspec_tools/xccdf.rb
CHANGED
@@ -126,6 +126,7 @@ module InspecTools
|
|
126
126
|
control['desc'] = group.rule.description.vuln_discussion.split('Satisfies: ')[0]
|
127
127
|
control['impact'] = Utils::InspecUtil.get_impact(group.rule.severity)
|
128
128
|
control['tags'] = {}
|
129
|
+
control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
|
129
130
|
control['tags']['gtitle'] = group.title
|
130
131
|
control['tags']['satisfies'] = group.rule.description.vuln_discussion.split('Satisfies: ')[1].split(',').map(&:strip) if group.rule.description.vuln_discussion.split('Satisfies: ').length > 1
|
131
132
|
control['tags']['gid'] = group.id
|
@@ -11,12 +11,12 @@ require 'overrides/true_class'
|
|
11
11
|
require 'overrides/nil_class'
|
12
12
|
require 'overrides/object'
|
13
13
|
require 'overrides/string'
|
14
|
+
require 'rubocop'
|
14
15
|
|
15
16
|
# rubocop:disable Metrics/ClassLength
|
16
17
|
# rubocop:disable Metrics/AbcSize
|
17
18
|
# rubocop:disable Metrics/PerceivedComplexity
|
18
19
|
# rubocop:disable Metrics/CyclomaticComplexity
|
19
|
-
# rubocop:disable Metrics/BlockLength
|
20
20
|
# rubocop:disable Metrics/MethodLength
|
21
21
|
|
22
22
|
module Utils
|
@@ -46,7 +46,7 @@ module Utils
|
|
46
46
|
end
|
47
47
|
c_data = {}
|
48
48
|
|
49
|
-
controls.each do |control|
|
49
|
+
controls.each do |control|
|
50
50
|
c_id = control['id'].to_sym
|
51
51
|
c_data[c_id] = {}
|
52
52
|
c_data[c_id]['id'] = control['id'] || DATA_NOT_FOUND_MESSAGE
|
@@ -192,18 +192,20 @@ module Utils
|
|
192
192
|
# @todo Allow for the user to pass in a hash for the desired mapping of text
|
193
193
|
# values to numbers or to override our hard coded values.
|
194
194
|
#
|
195
|
-
def self.get_impact(severity)
|
196
|
-
return float_to_impact(severity) if severity.is_a?(Float)
|
195
|
+
def self.get_impact(severity, use_cvss_terms: true)
|
196
|
+
return float_to_impact(severity, use_cvss_terms) if severity.is_a?(Float)
|
197
197
|
|
198
|
-
return string_to_impact(severity) if severity.is_a?(String)
|
198
|
+
return string_to_impact(severity, use_cvss_terms) if severity.is_a?(String)
|
199
199
|
|
200
200
|
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
201
201
|
'1.0 or one of the approved keywords.'
|
202
202
|
end
|
203
203
|
|
204
|
-
private_class_method def self.float_to_impact(severity)
|
205
|
-
|
206
|
-
|
204
|
+
private_class_method def self.float_to_impact(severity, use_cvss_terms)
|
205
|
+
unless severity.between?(0, 1)
|
206
|
+
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
207
|
+
'1.0 or one of the approved keywords.'
|
208
|
+
end
|
207
209
|
|
208
210
|
if severity <= 0.01
|
209
211
|
0.0 # Informative
|
@@ -211,31 +213,33 @@ module Utils
|
|
211
213
|
0.3 # Low Impact
|
212
214
|
elsif severity < 0.7
|
213
215
|
0.5 # Medium Impact
|
214
|
-
elsif severity < 0.9
|
216
|
+
elsif severity < 0.9 || use_cvss_terms
|
215
217
|
0.7 # High Impact
|
216
218
|
else
|
217
219
|
1.0 # Critical Controls
|
218
220
|
end
|
219
221
|
end
|
220
222
|
|
221
|
-
private_class_method def self.string_to_impact(severity)
|
223
|
+
private_class_method def self.string_to_impact(severity, use_cvss_terms)
|
222
224
|
if /none|na|n\/a|not[_|(\s*)]?applicable/i.match?(severity)
|
223
|
-
0.0 # Informative
|
225
|
+
impact = 0.0 # Informative
|
224
226
|
elsif /low|cat(egory)?\s*(iii|3)/i.match?(severity)
|
225
|
-
0.3 # Low Impact
|
227
|
+
impact = 0.3 # Low Impact
|
226
228
|
elsif /med(ium)?|cat(egory)?\s*(ii|2)/i.match?(severity)
|
227
|
-
0.5 # Medium Impact
|
229
|
+
impact = 0.5 # Medium Impact
|
228
230
|
elsif /high|cat(egory)?\s*(i|1)/i.match?(severity)
|
229
|
-
0.7 # High Impact
|
231
|
+
impact = 0.7 # High Impact
|
230
232
|
elsif /crit(ical)?|severe/i.match?(severity)
|
231
|
-
1.0 # Critical Controls
|
233
|
+
impact = 1.0 # Critical Controls
|
232
234
|
else
|
233
235
|
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
234
236
|
'1.0 or one of the approved keywords.'
|
235
237
|
end
|
238
|
+
|
239
|
+
impact == 1.0 && use_cvss_terms ? 0.7 : impact
|
236
240
|
end
|
237
241
|
|
238
|
-
def self.get_impact_string(impact)
|
242
|
+
def self.get_impact_string(impact, use_cvss_terms: true)
|
239
243
|
return if impact.nil?
|
240
244
|
|
241
245
|
value = impact.to_f
|
@@ -243,8 +247,14 @@ module Utils
|
|
243
247
|
raise ImpactInputError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]."
|
244
248
|
end
|
245
249
|
|
246
|
-
IMPACT_SCORES.reverse_each do |name,
|
247
|
-
|
250
|
+
IMPACT_SCORES.reverse_each do |name, impact_score|
|
251
|
+
if name == 'critical' && value >= impact_score && use_cvss_terms
|
252
|
+
return 'high'
|
253
|
+
elsif value >= impact_score
|
254
|
+
return name
|
255
|
+
else
|
256
|
+
next
|
257
|
+
end
|
248
258
|
end
|
249
259
|
end
|
250
260
|
|
@@ -384,7 +394,7 @@ module Utils
|
|
384
394
|
file_name = control.id.to_s
|
385
395
|
myfile = File.new("#{directory}/controls/#{file_name}.rb", 'w')
|
386
396
|
myfile.puts "# encoding: UTF-8\n\n"
|
387
|
-
myfile.puts wrap(control.to_ruby
|
397
|
+
myfile.puts wrap(control.to_ruby, WIDTH) + "\n"
|
388
398
|
myfile.close
|
389
399
|
end
|
390
400
|
else
|
@@ -415,6 +425,16 @@ module Utils
|
|
415
425
|
end
|
416
426
|
myfile.close
|
417
427
|
end
|
428
|
+
config_store = ::RuboCop::ConfigStore.new
|
429
|
+
config_store.options_config = File.join(File.dirname(__FILE__), '../data/rubocop.yml')
|
430
|
+
rubocop = ::RuboCop::Runner.new({ auto_correct: true }, config_store)
|
431
|
+
rubocop.run([directory])
|
418
432
|
end
|
419
433
|
end
|
420
434
|
end
|
435
|
+
|
436
|
+
# rubocop:enable Metrics/ClassLength
|
437
|
+
# rubocop:enable Metrics/AbcSize
|
438
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
439
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
440
|
+
# rubocop:enable Metrics/MethodLength
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Robert Thew
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: exe
|
13
13
|
cert_chain: []
|
14
|
-
date: 2020-
|
14
|
+
date: 2020-06-18 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: colorize
|
@@ -151,22 +151,22 @@ dependencies:
|
|
151
151
|
requirements:
|
152
152
|
- - ">="
|
153
153
|
- !ruby/object:Gem::Version
|
154
|
-
version:
|
154
|
+
version: 0.17.3
|
155
155
|
type: :runtime
|
156
156
|
prerelease: false
|
157
157
|
version_requirements: !ruby/object:Gem::Requirement
|
158
158
|
requirements:
|
159
159
|
- - ">="
|
160
160
|
- !ruby/object:Gem::Version
|
161
|
-
version:
|
161
|
+
version: 0.17.3
|
162
162
|
- !ruby/object:Gem::Dependency
|
163
|
-
name:
|
163
|
+
name: rubocop
|
164
164
|
requirement: !ruby/object:Gem::Requirement
|
165
165
|
requirements:
|
166
166
|
- - ">="
|
167
167
|
- !ruby/object:Gem::Version
|
168
168
|
version: '0'
|
169
|
-
type: :
|
169
|
+
type: :runtime
|
170
170
|
prerelease: false
|
171
171
|
version_requirements: !ruby/object:Gem::Requirement
|
172
172
|
requirements:
|
@@ -174,7 +174,7 @@ dependencies:
|
|
174
174
|
- !ruby/object:Gem::Version
|
175
175
|
version: '0'
|
176
176
|
- !ruby/object:Gem::Dependency
|
177
|
-
name:
|
177
|
+
name: bundler
|
178
178
|
requirement: !ruby/object:Gem::Requirement
|
179
179
|
requirements:
|
180
180
|
- - ">="
|
@@ -188,7 +188,7 @@ dependencies:
|
|
188
188
|
- !ruby/object:Gem::Version
|
189
189
|
version: '0'
|
190
190
|
- !ruby/object:Gem::Dependency
|
191
|
-
name:
|
191
|
+
name: minitest
|
192
192
|
requirement: !ruby/object:Gem::Requirement
|
193
193
|
requirements:
|
194
194
|
- - ">="
|
@@ -202,7 +202,7 @@ dependencies:
|
|
202
202
|
- !ruby/object:Gem::Version
|
203
203
|
version: '0'
|
204
204
|
- !ruby/object:Gem::Dependency
|
205
|
-
name:
|
205
|
+
name: pry
|
206
206
|
requirement: !ruby/object:Gem::Requirement
|
207
207
|
requirements:
|
208
208
|
- - ">="
|
@@ -216,7 +216,7 @@ dependencies:
|
|
216
216
|
- !ruby/object:Gem::Version
|
217
217
|
version: '0'
|
218
218
|
- !ruby/object:Gem::Dependency
|
219
|
-
name:
|
219
|
+
name: rake
|
220
220
|
requirement: !ruby/object:Gem::Requirement
|
221
221
|
requirements:
|
222
222
|
- - ">="
|
@@ -230,7 +230,7 @@ dependencies:
|
|
230
230
|
- !ruby/object:Gem::Version
|
231
231
|
version: '0'
|
232
232
|
- !ruby/object:Gem::Dependency
|
233
|
-
name:
|
233
|
+
name: codeclimate-test-reporter
|
234
234
|
requirement: !ruby/object:Gem::Requirement
|
235
235
|
requirements:
|
236
236
|
- - ">="
|
@@ -244,7 +244,7 @@ dependencies:
|
|
244
244
|
- !ruby/object:Gem::Version
|
245
245
|
version: '0'
|
246
246
|
- !ruby/object:Gem::Dependency
|
247
|
-
name:
|
247
|
+
name: simplecov
|
248
248
|
requirement: !ruby/object:Gem::Requirement
|
249
249
|
requirements:
|
250
250
|
- - ">="
|
@@ -292,6 +292,7 @@ files:
|
|
292
292
|
- lib/data/attributes.yml
|
293
293
|
- lib/data/cci2html.xsl
|
294
294
|
- lib/data/mapping.yml
|
295
|
+
- lib/data/rubocop.yml
|
295
296
|
- lib/data/stig.csv
|
296
297
|
- lib/data/threshold.yaml
|
297
298
|
- lib/exceptions/impact_input_error.rb
|
@@ -348,9 +349,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
348
349
|
version: '2.5'
|
349
350
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
350
351
|
requirements:
|
351
|
-
- - "
|
352
|
+
- - ">="
|
352
353
|
- !ruby/object:Gem::Version
|
353
|
-
version:
|
354
|
+
version: '0'
|
354
355
|
requirements: []
|
355
356
|
rubygems_version: 3.1.2
|
356
357
|
signing_key:
|