inspec_tools 2.0.7 → 2.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +20 -12
- data/Rakefile +9 -1
- data/lib/happy_mapper_tools/benchmark.rb +83 -0
- data/lib/happy_mapper_tools/stig_attributes.rb +10 -1
- data/lib/inspec_tools/csv.rb +42 -39
- data/lib/inspec_tools/generate_map.rb +35 -0
- data/lib/inspec_tools/inspec.rb +19 -91
- data/lib/inspec_tools/plugin_cli.rb +22 -53
- data/lib/inspec_tools/summary.rb +108 -76
- data/lib/inspec_tools/xccdf.rb +12 -3
- data/lib/inspec_tools/xlsx_tool.rb +2 -1
- data/lib/utilities/cci_xml.rb +13 -0
- data/lib/utilities/inspec_util.rb +12 -76
- data/lib/utilities/mapping_validator.rb +10 -0
- data/lib/utilities/xccdf/from_inspec.rb +89 -0
- data/lib/utilities/xccdf/to_xccdf.rb +388 -0
- data/lib/utilities/xccdf/xccdf_score.rb +116 -0
- metadata +42 -36
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
module Utils
|
|
2
|
+
# Perform scoring calculations for the different types that is used in a TestResult score.
|
|
3
|
+
class XCCDFScore
|
|
4
|
+
# @param groups [Array[HappyMapperTools::Benchmark::Group]]
|
|
5
|
+
# @param rule_results [Array[RuleResultType]]
|
|
6
|
+
def initialize(groups, rule_results)
|
|
7
|
+
@groups = groups
|
|
8
|
+
@rule_results = rule_results
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
# Calculate and return the urn:xccdf:scoring:default score for the entire benchmark.
|
|
12
|
+
# @return ScoreType
|
|
13
|
+
def default_score
|
|
14
|
+
HappyMapperTools::Benchmark::ScoreType.new('urn:xccdf:scoring:default', 100, score_benchmark_default)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# urn:xccdf:scoring:flat
|
|
18
|
+
# @return ScoreType
|
|
19
|
+
def flat_score
|
|
20
|
+
results = score_benchmark_with_weights(true)
|
|
21
|
+
HappyMapperTools::Benchmark::ScoreType.new('urn:xccdf:scoring:flat', results[:max], results[:score])
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# urn:xccdf:scoring:flat-unweighted
|
|
25
|
+
# @return ScoreType
|
|
26
|
+
def flat_unweighted_score
|
|
27
|
+
results = score_benchmark_with_weights(false)
|
|
28
|
+
HappyMapperTools::Benchmark::ScoreType.new('urn:xccdf:scoring:flat-unweighted', results[:max], results[:score])
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# urn:xccdf:scoring:absolute
|
|
32
|
+
# @return ScoreType
|
|
33
|
+
def absolute_score
|
|
34
|
+
results = score_benchmark_with_weights(true)
|
|
35
|
+
HappyMapperTools::Benchmark::ScoreType.new('urn:xccdf:scoring:absolute', 1, (results[:max] == results[:score] && results[:max].positive? ? 1 : 0))
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
40
|
+
# Return the overall score for the default model
|
|
41
|
+
def score_benchmark_default
|
|
42
|
+
return 0.0 unless @groups
|
|
43
|
+
|
|
44
|
+
count = 0
|
|
45
|
+
cumulative_score = 0.0
|
|
46
|
+
|
|
47
|
+
@groups.each do |group|
|
|
48
|
+
# Default weighted scoring only provides value when more than one rule exists per group. This implementation
|
|
49
|
+
# is not currently supporting more than one rule per group so weight need not apply.
|
|
50
|
+
rule_score = score_default_rule(test_results(group.rule.id))
|
|
51
|
+
|
|
52
|
+
if rule_score[:rule_count].positive?
|
|
53
|
+
count += 1
|
|
54
|
+
cumulative_score += rule_score[:rule_score]
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
return 0.0 unless count.positive?
|
|
59
|
+
|
|
60
|
+
(cumulative_score / count).round(2)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
# @param weighted [Boolean] Indicate to apply with weights.
|
|
64
|
+
def score_benchmark_with_weights(weighted)
|
|
65
|
+
score = 0.0
|
|
66
|
+
max_score = 0.0
|
|
67
|
+
|
|
68
|
+
return { score: score, max: max_score } unless @groups
|
|
69
|
+
|
|
70
|
+
@groups.each do |group|
|
|
71
|
+
# Default weighted scoring only provides value when more than one rule exists per group. This implementation
|
|
72
|
+
# is not currently supporting more than one rule per group so weight need not apply.
|
|
73
|
+
rule_score = rule_counts_and_score(test_results(group.rule.id))
|
|
74
|
+
|
|
75
|
+
next unless rule_score[:rule_count].positive?
|
|
76
|
+
|
|
77
|
+
weight =
|
|
78
|
+
if weighted
|
|
79
|
+
group.rule.weight.nil? ? 1.0 : group.rule.weight.to_f
|
|
80
|
+
else
|
|
81
|
+
group.rule.weight.nil? || group.rule.weight.to_f != 0.0 ? 1.0 : 0.0
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
max_score += weight
|
|
85
|
+
score += (weight * rule_score[:rule_score]) / rule_score[:rule_count]
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
{ score: score.round(2), max: max_score }
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def score_default_rule(results)
|
|
92
|
+
sum = rule_counts_and_score(results)
|
|
93
|
+
return sum if sum[:rule_count].zero?
|
|
94
|
+
|
|
95
|
+
sum[:rule_score] = (100 * sum[:rule_score]) / sum[:rule_count]
|
|
96
|
+
sum
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
# Perform basic summation of rule results and passing tests
|
|
100
|
+
def rule_counts_and_score(results)
|
|
101
|
+
excluded_results = %w{notapplicable notchecked informational notselected}
|
|
102
|
+
rule_count = results.count { |r| !excluded_results.include?(r.result) }
|
|
103
|
+
rule_score = results.count { |r| r.result == 'pass' }
|
|
104
|
+
|
|
105
|
+
{ rule_count: rule_count, rule_score: rule_score }
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
# Get all test results with the matching rule id
|
|
109
|
+
# @return [Array]
|
|
110
|
+
def test_results(id)
|
|
111
|
+
return [] unless @rule_results
|
|
112
|
+
|
|
113
|
+
@rule_results.select { |r| r.idref == id }
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec_tools
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Robert Thew
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: exe
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date:
|
|
14
|
+
date: 2021-03-25 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: colorize
|
|
@@ -27,6 +27,20 @@ dependencies:
|
|
|
27
27
|
- - "~>"
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
29
|
version: '0'
|
|
30
|
+
- !ruby/object:Gem::Dependency
|
|
31
|
+
name: git-lite-version-bump
|
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
requirements:
|
|
34
|
+
- - ">="
|
|
35
|
+
- !ruby/object:Gem::Version
|
|
36
|
+
version: 0.17.3
|
|
37
|
+
type: :runtime
|
|
38
|
+
prerelease: false
|
|
39
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
40
|
+
requirements:
|
|
41
|
+
- - ">="
|
|
42
|
+
- !ruby/object:Gem::Version
|
|
43
|
+
version: 0.17.3
|
|
30
44
|
- !ruby/object:Gem::Dependency
|
|
31
45
|
name: inspec
|
|
32
46
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -132,47 +146,33 @@ dependencies:
|
|
|
132
146
|
- !ruby/object:Gem::Version
|
|
133
147
|
version: '2.8'
|
|
134
148
|
- !ruby/object:Gem::Dependency
|
|
135
|
-
name:
|
|
136
|
-
requirement: !ruby/object:Gem::Requirement
|
|
137
|
-
requirements:
|
|
138
|
-
- - "~>"
|
|
139
|
-
- !ruby/object:Gem::Version
|
|
140
|
-
version: '1.0'
|
|
141
|
-
type: :runtime
|
|
142
|
-
prerelease: false
|
|
143
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
144
|
-
requirements:
|
|
145
|
-
- - "~>"
|
|
146
|
-
- !ruby/object:Gem::Version
|
|
147
|
-
version: '1.0'
|
|
148
|
-
- !ruby/object:Gem::Dependency
|
|
149
|
-
name: git-lite-version-bump
|
|
149
|
+
name: rubocop
|
|
150
150
|
requirement: !ruby/object:Gem::Requirement
|
|
151
151
|
requirements:
|
|
152
152
|
- - ">="
|
|
153
153
|
- !ruby/object:Gem::Version
|
|
154
|
-
version: 0
|
|
154
|
+
version: '0'
|
|
155
155
|
type: :runtime
|
|
156
156
|
prerelease: false
|
|
157
157
|
version_requirements: !ruby/object:Gem::Requirement
|
|
158
158
|
requirements:
|
|
159
159
|
- - ">="
|
|
160
160
|
- !ruby/object:Gem::Version
|
|
161
|
-
version: 0
|
|
161
|
+
version: '0'
|
|
162
162
|
- !ruby/object:Gem::Dependency
|
|
163
|
-
name:
|
|
163
|
+
name: word_wrap
|
|
164
164
|
requirement: !ruby/object:Gem::Requirement
|
|
165
165
|
requirements:
|
|
166
|
-
- - "
|
|
166
|
+
- - "~>"
|
|
167
167
|
- !ruby/object:Gem::Version
|
|
168
|
-
version: '0'
|
|
168
|
+
version: '1.0'
|
|
169
169
|
type: :runtime
|
|
170
170
|
prerelease: false
|
|
171
171
|
version_requirements: !ruby/object:Gem::Requirement
|
|
172
172
|
requirements:
|
|
173
|
-
- - "
|
|
173
|
+
- - "~>"
|
|
174
174
|
- !ruby/object:Gem::Version
|
|
175
|
-
version: '0'
|
|
175
|
+
version: '1.0'
|
|
176
176
|
- !ruby/object:Gem::Dependency
|
|
177
177
|
name: bundler
|
|
178
178
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -188,7 +188,7 @@ dependencies:
|
|
|
188
188
|
- !ruby/object:Gem::Version
|
|
189
189
|
version: '0'
|
|
190
190
|
- !ruby/object:Gem::Dependency
|
|
191
|
-
name:
|
|
191
|
+
name: bundler-audit
|
|
192
192
|
requirement: !ruby/object:Gem::Requirement
|
|
193
193
|
requirements:
|
|
194
194
|
- - ">="
|
|
@@ -202,7 +202,7 @@ dependencies:
|
|
|
202
202
|
- !ruby/object:Gem::Version
|
|
203
203
|
version: '0'
|
|
204
204
|
- !ruby/object:Gem::Dependency
|
|
205
|
-
name:
|
|
205
|
+
name: minitest
|
|
206
206
|
requirement: !ruby/object:Gem::Requirement
|
|
207
207
|
requirements:
|
|
208
208
|
- - ">="
|
|
@@ -216,21 +216,21 @@ dependencies:
|
|
|
216
216
|
- !ruby/object:Gem::Version
|
|
217
217
|
version: '0'
|
|
218
218
|
- !ruby/object:Gem::Dependency
|
|
219
|
-
name:
|
|
219
|
+
name: minitest-reporters
|
|
220
220
|
requirement: !ruby/object:Gem::Requirement
|
|
221
221
|
requirements:
|
|
222
|
-
- - "
|
|
222
|
+
- - "~>"
|
|
223
223
|
- !ruby/object:Gem::Version
|
|
224
|
-
version: '
|
|
224
|
+
version: '1.4'
|
|
225
225
|
type: :development
|
|
226
226
|
prerelease: false
|
|
227
227
|
version_requirements: !ruby/object:Gem::Requirement
|
|
228
228
|
requirements:
|
|
229
|
-
- - "
|
|
229
|
+
- - "~>"
|
|
230
230
|
- !ruby/object:Gem::Version
|
|
231
|
-
version: '
|
|
231
|
+
version: '1.4'
|
|
232
232
|
- !ruby/object:Gem::Dependency
|
|
233
|
-
name:
|
|
233
|
+
name: pry
|
|
234
234
|
requirement: !ruby/object:Gem::Requirement
|
|
235
235
|
requirements:
|
|
236
236
|
- - ">="
|
|
@@ -244,7 +244,7 @@ dependencies:
|
|
|
244
244
|
- !ruby/object:Gem::Version
|
|
245
245
|
version: '0'
|
|
246
246
|
- !ruby/object:Gem::Dependency
|
|
247
|
-
name:
|
|
247
|
+
name: rake
|
|
248
248
|
requirement: !ruby/object:Gem::Requirement
|
|
249
249
|
requirements:
|
|
250
250
|
- - ">="
|
|
@@ -258,7 +258,7 @@ dependencies:
|
|
|
258
258
|
- !ruby/object:Gem::Version
|
|
259
259
|
version: '0'
|
|
260
260
|
- !ruby/object:Gem::Dependency
|
|
261
|
-
name:
|
|
261
|
+
name: simplecov
|
|
262
262
|
requirement: !ruby/object:Gem::Requirement
|
|
263
263
|
requirements:
|
|
264
264
|
- - ">="
|
|
@@ -304,6 +304,7 @@ files:
|
|
|
304
304
|
- lib/inspec_tools/ckl.rb
|
|
305
305
|
- lib/inspec_tools/cli.rb
|
|
306
306
|
- lib/inspec_tools/csv.rb
|
|
307
|
+
- lib/inspec_tools/generate_map.rb
|
|
307
308
|
- lib/inspec_tools/help.rb
|
|
308
309
|
- lib/inspec_tools/help/compliance.md
|
|
309
310
|
- lib/inspec_tools/help/csv2inspec.md
|
|
@@ -327,12 +328,17 @@ files:
|
|
|
327
328
|
- lib/overrides/object.rb
|
|
328
329
|
- lib/overrides/string.rb
|
|
329
330
|
- lib/overrides/true_class.rb
|
|
331
|
+
- lib/utilities/cci_xml.rb
|
|
330
332
|
- lib/utilities/cis_to_nist.rb
|
|
331
333
|
- lib/utilities/csv_util.rb
|
|
332
334
|
- lib/utilities/extract_pdf_text.rb
|
|
333
335
|
- lib/utilities/inspec_util.rb
|
|
336
|
+
- lib/utilities/mapping_validator.rb
|
|
334
337
|
- lib/utilities/parser.rb
|
|
335
338
|
- lib/utilities/text_cleaner.rb
|
|
339
|
+
- lib/utilities/xccdf/from_inspec.rb
|
|
340
|
+
- lib/utilities/xccdf/to_xccdf.rb
|
|
341
|
+
- lib/utilities/xccdf/xccdf_score.rb
|
|
336
342
|
homepage: https://inspec-tools.mitre.org/
|
|
337
343
|
licenses:
|
|
338
344
|
- Apache-2.0
|
|
@@ -343,7 +349,7 @@ require_paths:
|
|
|
343
349
|
- lib
|
|
344
350
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
345
351
|
requirements:
|
|
346
|
-
- - "
|
|
352
|
+
- - ">="
|
|
347
353
|
- !ruby/object:Gem::Version
|
|
348
354
|
version: '2.5'
|
|
349
355
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
@@ -352,7 +358,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
352
358
|
- !ruby/object:Gem::Version
|
|
353
359
|
version: '0'
|
|
354
360
|
requirements: []
|
|
355
|
-
rubygems_version: 3.
|
|
361
|
+
rubygems_version: 3.2.3
|
|
356
362
|
signing_key:
|
|
357
363
|
specification_version: 4
|
|
358
364
|
summary: Converter utils for Inspec
|