inspec_tools 2.2.0 → 2.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/happy_mapper_tools/benchmark.rb +14 -0
- data/lib/happy_mapper_tools/stig_attributes.rb +10 -1
- data/lib/inspec_tools/xccdf.rb +12 -3
- data/lib/utilities/inspec_util.rb +5 -4
- data/lib/utilities/xccdf/from_inspec.rb +1 -0
- data/lib/utilities/xccdf/to_xccdf.rb +3 -4
- metadata +4 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 80ef2e3696f25c1381c8ca69f7c8c0c7183c5e7d2e8ab12d2d0764afd6071f8d
|
4
|
+
data.tar.gz: e34d31358000c88def3e19dcbc7b936752749cf02cc28d7c99a0cdc9875e022c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d9a2ce7f04c865c6ba18bf8121bc20701c005b7357b5ba41fa4e33f3320ff96a82087c2b41e478e006c1ee1ce2f416b11d744f62eefad00765432915ca993fd5
|
7
|
+
data.tar.gz: b1d43d8d8eb302d9121e4ffe3f51eebb4116a75d8762cd6feb14e90a89320245ac5a5758aaf8760ba2460c62550fc6f18aaa801ac5b2436320ef568b5c735267
|
@@ -65,6 +65,20 @@ module HappyMapperTools
|
|
65
65
|
tag 'ident'
|
66
66
|
attribute :system, String, tag: 'system'
|
67
67
|
content :ident, String
|
68
|
+
def initialize(ident_str)
|
69
|
+
@ident = ident_str
|
70
|
+
if ident_str =~ /^(CCI-[0-9]{6})$/
|
71
|
+
# Match CCI IDs; e.g. CCI-123456
|
72
|
+
@system = 'http://cyber.mil/cci'
|
73
|
+
elsif ident_str =~ /^(S?V-[0-9]{5})$/
|
74
|
+
# Match SV- IDs; e.g. SV-12345
|
75
|
+
# Match V- IDs; e.g. V-12345
|
76
|
+
@system = 'http://cyber.mil/legacy'
|
77
|
+
else
|
78
|
+
# for all other ident_str, use the old identifier
|
79
|
+
@system = 'https://public.cyber.mil/stigs/cci/'
|
80
|
+
end
|
81
|
+
end
|
68
82
|
end
|
69
83
|
|
70
84
|
# Class Fixtext maps from the 'fixtext' from Benchmark XML file using HappyMapper
|
@@ -77,6 +77,15 @@ module HappyMapperTools
|
|
77
77
|
element :dc_identifier, String, tag: 'identifier', namespace: 'dc'
|
78
78
|
end
|
79
79
|
|
80
|
+
class Ident
|
81
|
+
include HappyMapper
|
82
|
+
attr_accessor :legacy
|
83
|
+
attr_accessor :cci
|
84
|
+
tag 'ident'
|
85
|
+
attribute :system, String, tag: 'system'
|
86
|
+
content :ident, String
|
87
|
+
end
|
88
|
+
|
80
89
|
class Rule
|
81
90
|
include HappyMapper
|
82
91
|
tag 'Rule'
|
@@ -87,7 +96,7 @@ module HappyMapperTools
|
|
87
96
|
element :title, String, tag: 'title'
|
88
97
|
has_one :description, Description, tag: 'description'
|
89
98
|
element :reference, ReferenceInfo, tag: 'reference'
|
90
|
-
has_many :idents,
|
99
|
+
has_many :idents, Ident, tag: 'ident'
|
91
100
|
element :fixtext, String, tag: 'fixtext'
|
92
101
|
has_one :fix, Fix, tag: 'fix'
|
93
102
|
has_one :check, Check, tag: 'check'
|
data/lib/inspec_tools/xccdf.rb
CHANGED
@@ -17,7 +17,7 @@ module InspecTools
|
|
17
17
|
@xccdf = replace_tags_in_xccdf(replace_tags, @xccdf) unless replace_tags.nil?
|
18
18
|
cci_list_path = File.join(File.dirname(__FILE__), '../data/U_CCI_List.xml')
|
19
19
|
@cci_items = HappyMapperTools::CCIAttributes::CCI_List.parse(File.read(cci_list_path))
|
20
|
-
|
20
|
+
register_after_parse_callbacks
|
21
21
|
@benchmark = HappyMapperTools::StigAttributes::Benchmark.parse(@xccdf)
|
22
22
|
end
|
23
23
|
|
@@ -89,6 +89,14 @@ module InspecTools
|
|
89
89
|
|
90
90
|
private
|
91
91
|
|
92
|
+
def register_after_parse_callbacks
|
93
|
+
# Determine if the parsed Ident is refrencing a legacy ID number.
|
94
|
+
HappyMapperTools::StigAttributes::Ident.after_parse do |object|
|
95
|
+
object.cci = object.system.eql?('http://cyber.mil/cci')
|
96
|
+
object.legacy = !object.cci
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
92
100
|
def replace_tags_in_xccdf(replace_tags, xccdf_xml)
|
93
101
|
replace_tags.each do |tag|
|
94
102
|
xccdf_xml = xccdf_xml.gsub(/(<|<)#{tag}(>|>)/, "$#{tag}")
|
@@ -133,8 +141,9 @@ module InspecTools
|
|
133
141
|
control['tags']['rid'] = group.rule.id
|
134
142
|
control['tags']['stig_id'] = group.rule.version
|
135
143
|
control['tags']['fix_id'] = group.rule.fix.id
|
136
|
-
control['tags']['cci'] = group.rule.idents
|
137
|
-
control['tags']['
|
144
|
+
control['tags']['cci'] = group.rule.idents.select { |i| i.cci }.map { |i| i.ident }
|
145
|
+
control['tags']['legacy'] = group.rule.idents.select { |i| i.legacy}.map { |i| i.ident }
|
146
|
+
control['tags']['nist'] = @cci_items.fetch_nists(control['tags']['cci'])
|
138
147
|
control['tags']['false_negatives'] = group.rule.description.false_negatives if group.rule.description.false_negatives != ''
|
139
148
|
control['tags']['false_positives'] = group.rule.description.false_positives if group.rule.description.false_positives != ''
|
140
149
|
control['tags']['documentable'] = group.rule.description.documentable if group.rule.description.documentable != ''
|
@@ -48,8 +48,8 @@ module Utils
|
|
48
48
|
end
|
49
49
|
|
50
50
|
if control['descriptions'].respond_to?(:find)
|
51
|
-
data[c_id][:check_content] = control['descriptions'].find { |c| c['label'] == '
|
52
|
-
data[c_id][:fix_text] = control['descriptions'].find { |c| c['label'] == '
|
51
|
+
data[c_id][:check_content] = control['descriptions'].find { |c| c['label'] == 'check' }&.dig('data')
|
52
|
+
data[c_id][:fix_text] = control['descriptions'].find { |c| c['label'] == 'fix' }&.dig('data')
|
53
53
|
end
|
54
54
|
|
55
55
|
data[c_id][:impact] = control['impact'].to_s unless control['impact'].nil?
|
@@ -99,12 +99,12 @@ module Utils
|
|
99
99
|
status_list = control[:status].uniq
|
100
100
|
if control[:impact].to_f.zero?
|
101
101
|
'Not_Applicable'
|
102
|
+
elsif (status_list.include?('error') || status_list.empty?) && for_summary
|
103
|
+
'Profile_Error'
|
102
104
|
elsif status_list.include?('failed')
|
103
105
|
'Open'
|
104
106
|
elsif status_list.include?('passed')
|
105
107
|
'NotAFinding'
|
106
|
-
elsif status_list.include?('error') && for_summary
|
107
|
-
'Profile_Error'
|
108
108
|
else
|
109
109
|
# profile skipped or profile error
|
110
110
|
'Not_Reviewed'
|
@@ -246,6 +246,7 @@ module Utils
|
|
246
246
|
control.add_tag(::Inspec::Object::Tag.new('stig_id', json_control['tags']['stig_id']))
|
247
247
|
control.add_tag(::Inspec::Object::Tag.new('fix_id', json_control['tags']['fix_id']))
|
248
248
|
control.add_tag(::Inspec::Object::Tag.new('cci', json_control['tags']['cci']))
|
249
|
+
control.add_tag(::Inspec::Object::Tag.new('legacy', json_control['tags']['legacy']))
|
249
250
|
control.add_tag(::Inspec::Object::Tag.new('nist', json_control['tags']['nist']))
|
250
251
|
control.add_tag(::Inspec::Object::Tag.new('cis_level', json_control['tags']['cis_level'])) unless json_control['tags']['cis_level'].blank?
|
251
252
|
control.add_tag(::Inspec::Object::Tag.new('cis_controls', json_control['tags']['cis_controls'])) unless json_control['tags']['cis_controls'].blank?
|
@@ -34,6 +34,7 @@ module Utils
|
|
34
34
|
c_data[c_id]['rweight'] = control['tags']['rweight'] if control['tags']['rweight'] # Optional attribute where N/A is not schema compliant
|
35
35
|
c_data[c_id]['stig_id'] = control['tags']['stig_id'] || DATA_NOT_FOUND_MESSAGE
|
36
36
|
c_data[c_id]['cci'] = control['tags']['cci'] if control['tags']['cci'] # Optional attribute
|
37
|
+
c_data[c_id]['legacy'] = control['tags']['legacy'] if control['tags']['legacy'] # Optional attribute
|
37
38
|
c_data[c_id]['nist'] = control['tags']['nist'] || ['unmapped']
|
38
39
|
c_data[c_id]['check'] = control['tags']['check'] || DATA_NOT_FOUND_MESSAGE
|
39
40
|
c_data[c_id]['checkref'] = control['tags']['checkref'] || DATA_NOT_FOUND_MESSAGE
|
@@ -74,6 +74,7 @@ module Utils
|
|
74
74
|
end
|
75
75
|
|
76
76
|
group.rule.ident = build_rule_idents(control['cci']) if control['cci']
|
77
|
+
group.rule.ident += build_rule_idents(control['legacy']) if control['legacy']
|
77
78
|
|
78
79
|
group.rule.fixtext = HappyMapperTools::Benchmark::Fixtext.new
|
79
80
|
group.rule.fixtext.fixref = control['fix_id']
|
@@ -126,10 +127,7 @@ module Utils
|
|
126
127
|
|
127
128
|
# Each rule identifier is a different element
|
128
129
|
idents.map do |identifier|
|
129
|
-
ident = HappyMapperTools::Benchmark::Ident.new
|
130
|
-
ident.system = 'https://public.cyber.mil/stigs/cci/'
|
131
|
-
ident.ident = identifier
|
132
|
-
ident
|
130
|
+
ident = HappyMapperTools::Benchmark::Ident.new identifier
|
133
131
|
end
|
134
132
|
end
|
135
133
|
|
@@ -227,6 +225,7 @@ module Utils
|
|
227
225
|
rule_result.instance = result['code_desc']
|
228
226
|
|
229
227
|
rule_result.ident = build_rule_idents(control['cci']) if control['cci']
|
228
|
+
rule_result.ident += build_rule_idents(control['legacy']) if control['legacy']
|
230
229
|
|
231
230
|
# Fix information is only necessary when there are failed tests
|
232
231
|
rule_result.fix = build_rule_fix(control['fix_id']) if control['fix_id'] && result_status == 'fail'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.3.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Robert Thew
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: exe
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2021-05-03 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: colorize
|
@@ -201,20 +201,6 @@ dependencies:
|
|
201
201
|
- - ">="
|
202
202
|
- !ruby/object:Gem::Version
|
203
203
|
version: '0'
|
204
|
-
- !ruby/object:Gem::Dependency
|
205
|
-
name: codeclimate-test-reporter
|
206
|
-
requirement: !ruby/object:Gem::Requirement
|
207
|
-
requirements:
|
208
|
-
- - ">="
|
209
|
-
- !ruby/object:Gem::Version
|
210
|
-
version: '0'
|
211
|
-
type: :development
|
212
|
-
prerelease: false
|
213
|
-
version_requirements: !ruby/object:Gem::Requirement
|
214
|
-
requirements:
|
215
|
-
- - ">="
|
216
|
-
- !ruby/object:Gem::Version
|
217
|
-
version: '0'
|
218
204
|
- !ruby/object:Gem::Dependency
|
219
205
|
name: minitest
|
220
206
|
requirement: !ruby/object:Gem::Requirement
|
@@ -363,7 +349,7 @@ require_paths:
|
|
363
349
|
- lib
|
364
350
|
required_ruby_version: !ruby/object:Gem::Requirement
|
365
351
|
requirements:
|
366
|
-
- - "
|
352
|
+
- - ">="
|
367
353
|
- !ruby/object:Gem::Version
|
368
354
|
version: '2.5'
|
369
355
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
@@ -372,7 +358,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
372
358
|
- !ruby/object:Gem::Version
|
373
359
|
version: '0'
|
374
360
|
requirements: []
|
375
|
-
rubygems_version: 3.
|
361
|
+
rubygems_version: 3.2.15
|
376
362
|
signing_key:
|
377
363
|
specification_version: 4
|
378
364
|
summary: Converter utils for Inspec
|