inspec_tools 2.0.7 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +7 -5
- data/Rakefile +9 -1
- data/lib/happy_mapper_tools/benchmark.rb +83 -0
- data/lib/inspec_tools/csv.rb +26 -33
- data/lib/inspec_tools/generate_map.rb +35 -0
- data/lib/inspec_tools/inspec.rb +19 -91
- data/lib/inspec_tools/plugin_cli.rb +14 -25
- data/lib/inspec_tools/xlsx_tool.rb +2 -1
- data/lib/utilities/cci_xml.rb +13 -0
- data/lib/utilities/inspec_util.rb +9 -74
- data/lib/utilities/mapping_validator.rb +10 -0
- data/lib/utilities/xccdf/from_inspec.rb +89 -0
- data/lib/utilities/xccdf/to_xccdf.rb +388 -0
- data/lib/utilities/xccdf/xccdf_score.rb +116 -0
- metadata +45 -25
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
module Utils
|
|
2
|
+
# Perform scoring calculations for the different types that is used in a TestResult score.
|
|
3
|
+
class XCCDFScore
|
|
4
|
+
# @param groups [Array[HappyMapperTools::Benchmark::Group]]
|
|
5
|
+
# @param rule_results [Array[RuleResultType]]
|
|
6
|
+
def initialize(groups, rule_results)
|
|
7
|
+
@groups = groups
|
|
8
|
+
@rule_results = rule_results
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
# Calculate and return the urn:xccdf:scoring:default score for the entire benchmark.
|
|
12
|
+
# @return ScoreType
|
|
13
|
+
def default_score
|
|
14
|
+
HappyMapperTools::Benchmark::ScoreType.new('urn:xccdf:scoring:default', 100, score_benchmark_default)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# urn:xccdf:scoring:flat
|
|
18
|
+
# @return ScoreType
|
|
19
|
+
def flat_score
|
|
20
|
+
results = score_benchmark_with_weights(true)
|
|
21
|
+
HappyMapperTools::Benchmark::ScoreType.new('urn:xccdf:scoring:flat', results[:max], results[:score])
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# urn:xccdf:scoring:flat-unweighted
|
|
25
|
+
# @return ScoreType
|
|
26
|
+
def flat_unweighted_score
|
|
27
|
+
results = score_benchmark_with_weights(false)
|
|
28
|
+
HappyMapperTools::Benchmark::ScoreType.new('urn:xccdf:scoring:flat-unweighted', results[:max], results[:score])
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# urn:xccdf:scoring:absolute
|
|
32
|
+
# @return ScoreType
|
|
33
|
+
def absolute_score
|
|
34
|
+
results = score_benchmark_with_weights(true)
|
|
35
|
+
HappyMapperTools::Benchmark::ScoreType.new('urn:xccdf:scoring:absolute', 1, (results[:max] == results[:score] && results[:max].positive? ? 1 : 0))
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
40
|
+
# Return the overall score for the default model
|
|
41
|
+
def score_benchmark_default
|
|
42
|
+
return 0.0 unless @groups
|
|
43
|
+
|
|
44
|
+
count = 0
|
|
45
|
+
cumulative_score = 0.0
|
|
46
|
+
|
|
47
|
+
@groups.each do |group|
|
|
48
|
+
# Default weighted scoring only provides value when more than one rule exists per group. This implementation
|
|
49
|
+
# is not currently supporting more than one rule per group so weight need not apply.
|
|
50
|
+
rule_score = score_default_rule(test_results(group.rule.id))
|
|
51
|
+
|
|
52
|
+
if rule_score[:rule_count].positive?
|
|
53
|
+
count += 1
|
|
54
|
+
cumulative_score += rule_score[:rule_score]
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
return 0.0 unless count.positive?
|
|
59
|
+
|
|
60
|
+
(cumulative_score / count).round(2)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
# @param weighted [Boolean] Indicate to apply with weights.
|
|
64
|
+
def score_benchmark_with_weights(weighted)
|
|
65
|
+
score = 0.0
|
|
66
|
+
max_score = 0.0
|
|
67
|
+
|
|
68
|
+
return { score: score, max: max_score } unless @groups
|
|
69
|
+
|
|
70
|
+
@groups.each do |group|
|
|
71
|
+
# Default weighted scoring only provides value when more than one rule exists per group. This implementation
|
|
72
|
+
# is not currently supporting more than one rule per group so weight need not apply.
|
|
73
|
+
rule_score = rule_counts_and_score(test_results(group.rule.id))
|
|
74
|
+
|
|
75
|
+
next unless rule_score[:rule_count].positive?
|
|
76
|
+
|
|
77
|
+
weight =
|
|
78
|
+
if weighted
|
|
79
|
+
group.rule.weight.nil? ? 1.0 : group.rule.weight.to_f
|
|
80
|
+
else
|
|
81
|
+
group.rule.weight.nil? || group.rule.weight.to_f != 0.0 ? 1.0 : 0.0
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
max_score += weight
|
|
85
|
+
score += (weight * rule_score[:rule_score]) / rule_score[:rule_count]
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
{ score: score.round(2), max: max_score }
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def score_default_rule(results)
|
|
92
|
+
sum = rule_counts_and_score(results)
|
|
93
|
+
return sum if sum[:rule_count].zero?
|
|
94
|
+
|
|
95
|
+
sum[:rule_score] = (100 * sum[:rule_score]) / sum[:rule_count]
|
|
96
|
+
sum
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
# Perform basic summation of rule results and passing tests
|
|
100
|
+
def rule_counts_and_score(results)
|
|
101
|
+
excluded_results = %w{notapplicable notchecked informational notselected}
|
|
102
|
+
rule_count = results.count { |r| !excluded_results.include?(r.result) }
|
|
103
|
+
rule_score = results.count { |r| r.result == 'pass' }
|
|
104
|
+
|
|
105
|
+
{ rule_count: rule_count, rule_score: rule_score }
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
# Get all test results with the matching rule id
|
|
109
|
+
# @return [Array]
|
|
110
|
+
def test_results(id)
|
|
111
|
+
return [] unless @rule_results
|
|
112
|
+
|
|
113
|
+
@rule_results.select { |r| r.idref == id }
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec_tools
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Robert Thew
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: exe
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2020-
|
|
14
|
+
date: 2020-08-11 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: colorize
|
|
@@ -27,6 +27,20 @@ dependencies:
|
|
|
27
27
|
- - "~>"
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
29
|
version: '0'
|
|
30
|
+
- !ruby/object:Gem::Dependency
|
|
31
|
+
name: git-lite-version-bump
|
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
requirements:
|
|
34
|
+
- - ">="
|
|
35
|
+
- !ruby/object:Gem::Version
|
|
36
|
+
version: 0.17.3
|
|
37
|
+
type: :runtime
|
|
38
|
+
prerelease: false
|
|
39
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
40
|
+
requirements:
|
|
41
|
+
- - ">="
|
|
42
|
+
- !ruby/object:Gem::Version
|
|
43
|
+
version: 0.17.3
|
|
30
44
|
- !ruby/object:Gem::Dependency
|
|
31
45
|
name: inspec
|
|
32
46
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -132,41 +146,41 @@ dependencies:
|
|
|
132
146
|
- !ruby/object:Gem::Version
|
|
133
147
|
version: '2.8'
|
|
134
148
|
- !ruby/object:Gem::Dependency
|
|
135
|
-
name:
|
|
149
|
+
name: rubocop
|
|
136
150
|
requirement: !ruby/object:Gem::Requirement
|
|
137
151
|
requirements:
|
|
138
|
-
- - "
|
|
152
|
+
- - ">="
|
|
139
153
|
- !ruby/object:Gem::Version
|
|
140
|
-
version: '
|
|
154
|
+
version: '0'
|
|
141
155
|
type: :runtime
|
|
142
156
|
prerelease: false
|
|
143
157
|
version_requirements: !ruby/object:Gem::Requirement
|
|
144
158
|
requirements:
|
|
145
|
-
- - "
|
|
159
|
+
- - ">="
|
|
146
160
|
- !ruby/object:Gem::Version
|
|
147
|
-
version: '
|
|
161
|
+
version: '0'
|
|
148
162
|
- !ruby/object:Gem::Dependency
|
|
149
|
-
name:
|
|
163
|
+
name: word_wrap
|
|
150
164
|
requirement: !ruby/object:Gem::Requirement
|
|
151
165
|
requirements:
|
|
152
|
-
- - "
|
|
166
|
+
- - "~>"
|
|
153
167
|
- !ruby/object:Gem::Version
|
|
154
|
-
version: 0
|
|
168
|
+
version: '1.0'
|
|
155
169
|
type: :runtime
|
|
156
170
|
prerelease: false
|
|
157
171
|
version_requirements: !ruby/object:Gem::Requirement
|
|
158
172
|
requirements:
|
|
159
|
-
- - "
|
|
173
|
+
- - "~>"
|
|
160
174
|
- !ruby/object:Gem::Version
|
|
161
|
-
version: 0
|
|
175
|
+
version: '1.0'
|
|
162
176
|
- !ruby/object:Gem::Dependency
|
|
163
|
-
name:
|
|
177
|
+
name: bundler
|
|
164
178
|
requirement: !ruby/object:Gem::Requirement
|
|
165
179
|
requirements:
|
|
166
180
|
- - ">="
|
|
167
181
|
- !ruby/object:Gem::Version
|
|
168
182
|
version: '0'
|
|
169
|
-
type: :
|
|
183
|
+
type: :development
|
|
170
184
|
prerelease: false
|
|
171
185
|
version_requirements: !ruby/object:Gem::Requirement
|
|
172
186
|
requirements:
|
|
@@ -174,7 +188,7 @@ dependencies:
|
|
|
174
188
|
- !ruby/object:Gem::Version
|
|
175
189
|
version: '0'
|
|
176
190
|
- !ruby/object:Gem::Dependency
|
|
177
|
-
name: bundler
|
|
191
|
+
name: bundler-audit
|
|
178
192
|
requirement: !ruby/object:Gem::Requirement
|
|
179
193
|
requirements:
|
|
180
194
|
- - ">="
|
|
@@ -188,7 +202,7 @@ dependencies:
|
|
|
188
202
|
- !ruby/object:Gem::Version
|
|
189
203
|
version: '0'
|
|
190
204
|
- !ruby/object:Gem::Dependency
|
|
191
|
-
name:
|
|
205
|
+
name: codeclimate-test-reporter
|
|
192
206
|
requirement: !ruby/object:Gem::Requirement
|
|
193
207
|
requirements:
|
|
194
208
|
- - ">="
|
|
@@ -202,7 +216,7 @@ dependencies:
|
|
|
202
216
|
- !ruby/object:Gem::Version
|
|
203
217
|
version: '0'
|
|
204
218
|
- !ruby/object:Gem::Dependency
|
|
205
|
-
name:
|
|
219
|
+
name: minitest
|
|
206
220
|
requirement: !ruby/object:Gem::Requirement
|
|
207
221
|
requirements:
|
|
208
222
|
- - ">="
|
|
@@ -216,21 +230,21 @@ dependencies:
|
|
|
216
230
|
- !ruby/object:Gem::Version
|
|
217
231
|
version: '0'
|
|
218
232
|
- !ruby/object:Gem::Dependency
|
|
219
|
-
name:
|
|
233
|
+
name: minitest-reporters
|
|
220
234
|
requirement: !ruby/object:Gem::Requirement
|
|
221
235
|
requirements:
|
|
222
|
-
- - "
|
|
236
|
+
- - "~>"
|
|
223
237
|
- !ruby/object:Gem::Version
|
|
224
|
-
version: '
|
|
238
|
+
version: '1.4'
|
|
225
239
|
type: :development
|
|
226
240
|
prerelease: false
|
|
227
241
|
version_requirements: !ruby/object:Gem::Requirement
|
|
228
242
|
requirements:
|
|
229
|
-
- - "
|
|
243
|
+
- - "~>"
|
|
230
244
|
- !ruby/object:Gem::Version
|
|
231
|
-
version: '
|
|
245
|
+
version: '1.4'
|
|
232
246
|
- !ruby/object:Gem::Dependency
|
|
233
|
-
name:
|
|
247
|
+
name: pry
|
|
234
248
|
requirement: !ruby/object:Gem::Requirement
|
|
235
249
|
requirements:
|
|
236
250
|
- - ">="
|
|
@@ -244,7 +258,7 @@ dependencies:
|
|
|
244
258
|
- !ruby/object:Gem::Version
|
|
245
259
|
version: '0'
|
|
246
260
|
- !ruby/object:Gem::Dependency
|
|
247
|
-
name:
|
|
261
|
+
name: rake
|
|
248
262
|
requirement: !ruby/object:Gem::Requirement
|
|
249
263
|
requirements:
|
|
250
264
|
- - ">="
|
|
@@ -258,7 +272,7 @@ dependencies:
|
|
|
258
272
|
- !ruby/object:Gem::Version
|
|
259
273
|
version: '0'
|
|
260
274
|
- !ruby/object:Gem::Dependency
|
|
261
|
-
name:
|
|
275
|
+
name: simplecov
|
|
262
276
|
requirement: !ruby/object:Gem::Requirement
|
|
263
277
|
requirements:
|
|
264
278
|
- - ">="
|
|
@@ -304,6 +318,7 @@ files:
|
|
|
304
318
|
- lib/inspec_tools/ckl.rb
|
|
305
319
|
- lib/inspec_tools/cli.rb
|
|
306
320
|
- lib/inspec_tools/csv.rb
|
|
321
|
+
- lib/inspec_tools/generate_map.rb
|
|
307
322
|
- lib/inspec_tools/help.rb
|
|
308
323
|
- lib/inspec_tools/help/compliance.md
|
|
309
324
|
- lib/inspec_tools/help/csv2inspec.md
|
|
@@ -327,12 +342,17 @@ files:
|
|
|
327
342
|
- lib/overrides/object.rb
|
|
328
343
|
- lib/overrides/string.rb
|
|
329
344
|
- lib/overrides/true_class.rb
|
|
345
|
+
- lib/utilities/cci_xml.rb
|
|
330
346
|
- lib/utilities/cis_to_nist.rb
|
|
331
347
|
- lib/utilities/csv_util.rb
|
|
332
348
|
- lib/utilities/extract_pdf_text.rb
|
|
333
349
|
- lib/utilities/inspec_util.rb
|
|
350
|
+
- lib/utilities/mapping_validator.rb
|
|
334
351
|
- lib/utilities/parser.rb
|
|
335
352
|
- lib/utilities/text_cleaner.rb
|
|
353
|
+
- lib/utilities/xccdf/from_inspec.rb
|
|
354
|
+
- lib/utilities/xccdf/to_xccdf.rb
|
|
355
|
+
- lib/utilities/xccdf/xccdf_score.rb
|
|
336
356
|
homepage: https://inspec-tools.mitre.org/
|
|
337
357
|
licenses:
|
|
338
358
|
- Apache-2.0
|