inspec_tools 2.0.7

data/lib/happy_mapper_tools/cci_attributes.rb

@@ -0,0 +1,66 @@
+# encoding: utf-8
+
+require 'happymapper'
+require 'nokogiri'
+
+# rubocop:disable Naming/ClassAndModuleCamelCase
+
+module HappyMapperTools
+  module CCIAttributes
+    class Reference
+      include HappyMapper
+      tag 'reference'
+
+      attribute :creator, String, tag: 'creator'
+      attribute :title, String, tag: 'title'
+      attribute :version, String, tag: 'version'
+      attribute :location, String, tag: 'location'
+      attribute :index, String, tag: 'index'
+    end
+
+    class CCI_Item
+      include HappyMapper
+      tag 'cci_item'
+
+      attribute :id, String, tag: 'id'
+      element :status, String, tag: 'status'
+      element :publishdate, String, tag: 'publishdate'
+      element :contributor, String, tag: 'contributor'
+      element :definition, String, tag: 'definition'
+      element :type, String, tag: 'type'
+      has_many :references, Reference, xpath: 'xmlns:references'
+    end
+
+    class Metadata
+      include HappyMapper
+      tag 'metadata'
+
+      element :version, String, tag: 'version'
+      element :publishdate, String, tag: 'publishdate'
+    end
+
+    class CCI_List
+      include HappyMapper
+      tag 'cci_list'
+
+      attribute :xsi, String, tag: 'xsi', namespace: 'xmlns'
+      attribute :schemaLocation, String, tag: 'schemaLocation', namespace: 'xmlns'
+      has_one :metadata, Metadata, tag: 'metadata'
+      has_many :cci_items, CCI_Item, xpath: 'xmlns:cci_items'
+
+      def fetch_nists(ccis)
+        ccis = [ccis] unless ccis.is_a?(Array)
+
+        # some of the XCCDF files were having CCE- tags show up which
+        # we don't support, not sure if this is a typo on their part or
+        # we need to see about supporting CCE tags but ... for now
+        filtered_ccis = ccis.select { |f| /CCI-/.match(f) }
+        filtered_ccis.map do |cci|
+          cci_items.find { |item| item.id == cci }.references.max_by(&:version).index
+        end
+      end
+    end
+  end
+end
+
+# rubocop:enable Naming/ClassAndModuleCamelCase

data/lib/happy_mapper_tools/stig_attributes.rb

@@ -0,0 +1,216 @@
+# encoding: utf-8
+
+module HappyMapperTools
+  module StigAttributes
+    require 'happymapper'
+    require 'nokogiri'
+    require 'colorize'
+
+    class ContentRef
+      include HappyMapper
+      tag 'check-content-ref'
+      attribute :name, String, tag: 'name'
+      attribute :href, String, tag: 'href'
+    end
+
+    class Check
+      include HappyMapper
+      tag 'check'
+
+      element :content_ref, ContentRef, tag: 'check-content-ref'
+      element :content, String, tag: 'check-content'
+    end
+
+    class Fix
+      include HappyMapper
+      tag 'fix'
+
+      attribute :id, String, tag: 'id'
+    end
+
+    class DescriptionDetails
+      include HappyMapper
+      tag 'Details'
+
+      element :vuln_discussion, String, tag: 'VulnDiscussion'
+      element :false_positives, String, tag: 'FalsePositives'
+      element :false_negatives, String, tag: 'FalseNegatives'
+      element :documentable, Boolean, tag: 'Documentable'
+      element :mitigations, String, tag: 'Mitigations'
+      element :severity_override_guidance, String, tag: 'SeverityOverrideGuidance'
+      element :security_override_guidance, String, tag: 'SecurityOverrideGuidance'
+      element :potential_impacts, String, tag: 'PotentialImpacts'
+      element :third_party_tools, String, tag: 'ThirdPartyTools'
+      element :mitigation_controls, String, tag: 'MitigationControl'
+      element :responsibility, String, tag: 'Responsibility'
+      element :ia_controls, String, tag: 'IAControls'
+    end
+
+    class Description
+      include HappyMapper
+      tag 'description'
+
+      content :details, DescriptionDetails
+
+      detail_tags = %i(vuln_discussion false_positives false_negatives documentable
+                       mitigations severity_override_guidance potential_impacts
+                       third_party_tools mitigation_controls responsibility ia_controls
+                       security_override_guidance)
+
+      detail_tags.each do |name|
+        define_method name do
+          details.send(name)
+        end
+      end
+    end
+
+    class ReferenceInfo
+      include HappyMapper
+      tag 'reference'
+
+      attribute :href, String, tag: 'href'
+      element :dc_publisher, String, tag: 'publisher', namespace: 'dc'
+      element :dc_source, String, tag: 'source', namespace: 'dc'
+      element :dc_title, String, tag: 'title', namespace: 'dc'
+      element :dc_type, String, tag: 'type', namespace: 'dc'
+      element :dc_subject, String, tag: 'subject', namespace: 'dc'
+      element :dc_identifier, String, tag: 'identifier', namespace: 'dc'
+    end
+
+    class Rule
+      include HappyMapper
+      tag 'Rule'
+
+      attribute :id, String, tag: 'id'
+      attribute :severity, String, tag: 'severity'
+      element :version, String, tag: 'version'
+      element :title, String, tag: 'title'
+      has_one :description, Description, tag: 'description'
+      element :reference, ReferenceInfo, tag: 'reference'
+      has_many :idents, String, tag: 'ident'
+      element :fixtext, String, tag: 'fixtext'
+      has_one :fix, Fix, tag: 'fix'
+      has_one :check, Check, tag: 'check'
+    end
+
+    class Group
+      include HappyMapper
+      tag 'Group'
+
+      attribute :id, String, tag: 'id'
+      element :title, String, tag: 'title'
+      element :description, String, tag: 'description'
+      has_one :rule, Rule, tag: 'Rule'
+    end
+
+    class ReleaseDate
+      include HappyMapper
+      tag 'status'
+
+      attribute :release_date, String, tag: 'date'
+    end
+
+    class Notice
+      include HappyMapper
+      tag 'notice'
+      attribute :id, String, tag: 'id'
+      attribute :xml_lang, String, namespace: 'xml', tag: 'lang'
+      content :notice, String, tag: 'notice'
+    end
+
+    class Plaintext
+      include HappyMapper
+      tag 'plain-text'
+      attribute :id, String, tag: 'id'
+      content :plaintext, String
+    end
+
+    class Benchmark
+      include HappyMapper
+      tag 'Benchmark'
+
+      has_one :release_date, ReleaseDate, tag: 'status'
+      attribute :id, String, tag: 'id'
+      element :status, String, tag: 'status'
+      element :title, String, tag: 'title'
+      element :description, String, tag: 'description'
+      element :version, String, tag: 'version'
+      element :notice, Notice, tag: 'notice'
+      has_one :reference, ReferenceInfo, tag: 'reference'
+      element :plaintext, Plaintext, tag: 'plain-text'
+      has_many :group, Group, tag: 'Group'
+    end
+
+    class DescriptionDetailsType
+      class << self
+        def type
+          DescriptionDetails
+        end
+
+        def apply(value)
+          value = value.gsub('&', 'and')
+          DescriptionDetails.parse "<Details>#{value}</Details>"
+        rescue Nokogiri::XML::SyntaxError => e
+          if e.to_s.include?('StartTag')
+            report_invalid_start_tag(value, e)
+          else
+            report_disallowed_tags(value)
+          end
+        end
+
+        def apply?(value, _convert_to_type)
+          value.is_a?(String)
+        end
+
+        private
+
+        def report_invalid_start_tag(value, error)
+          puts error.to_s.colorize(:red)
+          column = error.column - '<Details>'.length - 2
+          puts "Error around #{value[column-10..column+10].colorize(:light_yellow)}"
+          exit(1)
+        end
+
+        def report_disallowed_tags(value)
+          allowed_tags = %w{VulnDiscussion FalsePositives FalseNegatives Documentable
+                            Mitigations SeverityOverrideGuidance PotentialImpacts
+                            PotentialImpacts ThirdPartyTools MitigationControl
+                            Responsibility IAControl SecurityOverrideGuidance}
+
+          tags_found = value.scan(%r{(?<=<)([^\/]*?)((?= \/>)|(?=>))}).to_a
+
+          tags_found = tags_found.uniq.flatten.reject!(&:empty?)
+          offending_tags = tags_found - allowed_tags
+
+          if offending_tags.count > 1
+            puts "\n\nThe non-standard tags: #{offending_tags.to_s.colorize(:red)}" \
+                 ' were found in: ' + "\n\n#{value}"
+          else
+            puts "\n\nThe non-standard tag: #{offending_tags.to_s.colorize(:red)}" \
+                 ' was found in: ' + "\n\n#{value}"
+          end
+          puts "\n\nPlease:\n "
+          option_one = '(1) ' + '(best)'.colorize(:green) + ' Use the ' +
+                       '`-r --replace-tags array` '.colorize(:light_yellow) +
+                       '(case sensitive) option to replace the offending tags ' \
+                       'during processing of the XCCDF ' \
+                       'file to use the ' +
+                       "`$#{offending_tags[0]}` " .colorize(:light_green) +
+                       'syntax in your InSpec profile.'
+          option_two = '(2) Update your XCCDF file to *not use* non-standard XCCDF ' \
+                       'elements within ' +
+                       '`&lt;`,`&gt;`, `<` '.colorize(:red) +
+                       'or '.colorize(:default) +
+                       '`>` '.colorize(:red) +
+                       'as "placeholders", and use something that doesn\'t confuse ' \
+                       'the XML parser, such as : ' +
+                       "`$#{offending_tags[0]}`" .colorize(:light_green)
+          puts option_one
+          puts "\n"
+          puts option_two
+        end
+      end
+      HappyMapper::SupportedTypes.register DescriptionDetailsType
+    end
+  end
+end

data/lib/happy_mapper_tools/stig_checklist.rb

@@ -0,0 +1,99 @@
+# encoding: utf-8
+
+require 'happymapper'
+require 'nokogiri'
+
+module HappyMapperTools
+  module StigChecklist
+    # see: https://github.com/dam5s/happymapper
+    # Class Asset maps from the 'Asset' from Checklist XML file using HappyMapper
+    class Asset
+      include HappyMapper
+      tag 'ASSET'
+      element :role, String, tag: 'ROLE'
+      element :type, String, tag: 'ASSET_TYPE'
+      element :host_name, String, tag: 'HOST_NAME'
+      element :host_ip, String, tag: 'HOST_IP'
+      element :host_mac, String, tag: 'HOST_MAC'
+      element :host_guid, String, tag: 'HOST_GUID'
+      element :host_fqdn, String, tag: 'HOST_FQDN'
+      element :tech_area, String, tag: 'TECH_AREA'
+      element :target_key, String, tag: 'TARGET_KEY'
+      element :web_or_database, String, tag: 'WEB_OR_DATABASE'
+      element :web_db_site, String, tag: 'WEB_DB_SITE'
+      element :web_db_instance, String, tag: 'WEB_DB_INSTANCE'
+    end
+
+    # Class Asset maps from the 'SI_DATA' from Checklist XML file using HappyMapper
+    class SiData
+      include HappyMapper
+      tag 'SI_DATA'
+      element :name, String, tag: 'SID_NAME'
+      element :data, String, tag: 'SID_DATA'
+    end
+
+    # Class Asset maps from the 'STIG_INFO' from Checklist XML file using HappyMapper
+    class StigInfo
+      include HappyMapper
+      tag 'STIG_INFO'
+      has_many :si_data, SiData, tag: 'SI_DATA'
+    end
+
+    # Class Asset maps from the 'STIG_DATA' from Checklist XML file using HappyMapper
+    class StigData
+      include HappyMapper
+
+      def initialize(attrib = nil, data = nil)
+        self.attrib = attrib
+        self.data = data
+      end
+
+      tag 'STIG_DATA'
+      has_one :attrib, String, tag: 'VULN_ATTRIBUTE'
+      has_one :data, String, tag: 'ATTRIBUTE_DATA'
+    end
+
+    # Class Asset maps from the 'VULN' from Checklist XML file using HappyMapper
+    class Vuln
+      include HappyMapper
+      tag 'VULN'
+      has_many :stig_data, StigData, tag: 'STIG_DATA'
+      has_one :status, String, tag: 'STATUS'
+      has_one :finding_details, String, tag: 'FINDING_DETAILS'
+      has_one :comments, String, tag: 'COMMENTS'
+      has_one :severity_override, String, tag: 'SEVERITY_OVERRIDE'
+      has_one :severity_justification, String, tag: 'SEVERITY_JUSTIFICATION'
+    end
+
+    # Class Asset maps from the 'iSTIG' from Checklist XML file using HappyMapper
+    class IStig
+      include HappyMapper
+      tag 'iSTIG'
+      has_one :stig_info, StigInfo, tag: 'STIG_INFO'
+      has_many :vuln, Vuln, tag: 'VULN'
+    end
+
+    # Class Asset maps from the 'STIGS' from Checklist XML file using HappyMapper
+    class Stigs
+      include HappyMapper
+      tag 'STIGS'
+      has_one :istig, IStig, tag: 'iSTIG'
+    end
+
+    class Checklist
+      include HappyMapper
+      tag 'CHECKLIST'
+      has_one :asset, Asset, tag: 'ASSET'
+      has_one :stig, Stigs, tag: 'STIGS'
+
+      def where(attrib, data)
+        stig.istig.vuln.each do |vuln|
+          if vuln.stig_data.any? { |element| element.attrib == attrib && element.data == data }
+            # TODO: Handle multiple objects that match the condition
+            return vuln
+          end
+        end
+      end
+    end
+  end
+end

data/lib/inspec_tools.rb

@@ -0,0 +1,17 @@
+$LOAD_PATH.unshift(File.expand_path(__dir__))
+require 'inspec_tools/version'
+require 'rubygems'
+
+module InspecTools
+  autoload :Help, 'inspec_tools/help'
+  autoload :Command, 'inspec_tools/command'
+  autoload :CLI, 'inspec_tools/cli'
+  autoload :XCCDF, 'inspec_tools/xccdf'
+  autoload :PDF, 'inspec_tools/pdf'
+  autoload :CSV, 'inspec_tools/csv'
+  autoload :CKL, 'inspec_tools/ckl'
+  autoload :Inspec, 'inspec_tools/inspec'
+  autoload :Summary, 'inspec_tools/summary'
+  autoload :Threshold, 'inspec_tools/threshold'
+  autoload :XLSXTool, 'inspec_tools/xlsx_tool'
+end

data/lib/inspec_tools/ckl.rb

@@ -0,0 +1,20 @@
+module InspecTools
+  # Methods for converting from CKL to various formats
+  class CKL
+    def initialize(ckl)
+      @ckl = ckl
+    end
+
+    def to_csv
+      # TODO: to_csv
+    end
+
+    def to_xccdf
+      # TODO: to_xccdf
+    end
+
+    def to_inspec
+      # TODO: to_inspec
+    end
+  end
+end

data/lib/inspec_tools/cli.rb

@@ -0,0 +1,31 @@
+require 'yaml'
+require 'json'
+
+require 'inspec-objects'
+require 'inspec'
+require_relative './plugin_cli.rb'
+
+# This tells the ruby cli app to use the same argument parsing as the plugin
+module InspecTools
+  CLI = InspecPlugins::InspecToolsPlugin::CliCommand
+end
+
+#=====================================================================#
+#                        Pre-Flight Code
+#=====================================================================#
+help_commands = ['-h', '--help', 'help']
+log_commands = ['-l', '--log-directory']
+version_commands = ['-v', '--version', 'version']
+
+#---------------------------------------------------------------------#
+# Adjustments for non-required version commands
+#---------------------------------------------------------------------#
+unless (version_commands & ARGV).empty?
+  puts InspecTools::VERSION
+  exit 0
+end
+
+#---------------------------------------------------------------------#
+# Adjustments for non-required log-directory
+#---------------------------------------------------------------------#
+ARGV.push("--log-directory=#{Dir.pwd}/logs") if (log_commands & ARGV).empty? && (help_commands & ARGV).empty?