inspec_tools 2.3.2 → 2.3.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f1facda0eab24bdef7fafd9c8c92c5c94efedee3465bbf589b98fd4a61011be2
-  data.tar.gz: a38564b26ff610046007e427c8b45950b743087703224470b0513e94941d6cc7
+  metadata.gz: a9633cda4bf3fedc9702dd91ba4ed6b40b68ec8e054eb87ad6ca32d32dfc11e5
+  data.tar.gz: 22f5ab86d76ccbc7f7fc0a684371b791c26f9771e369be54c359121d8c28f4d3
 SHA512:
-  metadata.gz: 45b1990c5f4a2e5fa1fd21af344ac9cd9cdf5b60fce134ed80e7e4593a2c315ad09e994d5efc711fa0d6485f26899a5c35dec5e8ba0c37686cfaca9f483304da
-  data.tar.gz: 1022c5eae8dd7e6645e39fae3fbcb4babc195c2876d76d5f6496bb976a7515cb004d476176e19d70bba0507f8c8f1c355f48899c00fb39e79adcc2f26333fc08
+  metadata.gz: 0e50a5db32e542cd5a66b8bab09a8613c9b8b6ea62513d073a3eb71717397d5c54cf3ccea2c48dd3c0dbc21dbb5d0f9c550744bb8ed6f27f37335a88b0184ea8
+  data.tar.gz: af786d30584f7bf79108b44d9cb653e7673c2716ea7ce72f24fa1c494b4dfc7801f032aeca8829c23f5a1ed9ca8be542b5bf7f4d72fa315400a0b0d1349a3c64

data/README.md

@@ -218,6 +218,7 @@ FLAGS:
 	-s --separate-files [true | false] : output the resulting controls as one or mutiple files (default: true) [optional]
 	-m --metadata <metadata-json>      : path to json file with additional metadata for the inspec.yml file [optional]
 	-r --replace-tags <array>          : A case-sensitive, space separated list to replace tags with a $ if found in a group rules description tag [optional]
+	-c --control-id [vulnID | ruleID]  : use either legacy Vuln ID (ex. 'V-XXXXX') or Rule ID (ex. 'SV-XXXXX') as the overall Control ID (default: vulnID) [optional]
 
 example: inspec_tools xccdf2inspec -x xccdf_file.xml -a attributes.yml -o myprofile -f ruby -s false
 ```

data/exe/inspec_tools

@@ -1,11 +1,11 @@
 #!/usr/bin/env -S ruby -EUTF-8
 
 # Trap ^C
-Signal.trap('INT') {
+Signal.trap('INT') do
   puts "\nCtrl-C detected. Exiting..."
   sleep 1
   exit
-}
+end
 
 $LOAD_PATH.unshift(File.expand_path('../lib', __dir__))
 require 'inspec_tools'

data/lib/happy_mapper_tools/benchmark.rb

@@ -65,6 +65,21 @@ module HappyMapperTools
       tag 'ident'
       attribute :system, String, tag: 'system'
       content :ident, String
+      def initialize(ident_str)
+        @ident = ident_str
+        case ident_str
+        when /^(CCI-[0-9]{6})$/
+          # Match CCI IDs; e.g. CCI-123456
+          @system = 'http://cyber.mil/cci'
+        when /^(S?V-[0-9]{5})$/
+          # Match SV- IDs; e.g. SV-12345
+          # Match V- IDs; e.g. V-12345
+          @system = 'http://cyber.mil/legacy'
+        else
+          # for all other ident_str, use the old identifier
+          @system = 'https://public.cyber.mil/stigs/cci/'
+        end
+      end
     end
 
     # Class Fixtext maps from the 'fixtext' from Benchmark XML file using HappyMapper
@@ -114,7 +129,7 @@ module HappyMapperTools
       element :result, String, tag: 'result'
       # element override - Not implemented. Does not apply to Inspec execution
       has_many :ident, Ident, tag: 'ident'
-      # Note: element metadata not implemented at this time
+      # NOTE: element metadata not implemented at this time
       has_many :message, MessageType, tag: 'message'
       has_many :instance, String, tag: 'instance'
       element :fix, Fix, tag: 'fix'
@@ -161,7 +176,7 @@ module HappyMapperTools
 
     class TestResult
       include HappyMapper
-      # Note: element benchmark not implemented at this time since this is same file
+      # NOTE: element benchmark not implemented at this time since this is same file
       # Note: element title not implemented due to no mapping from Chef Inspec
       element :remark, String, tag: 'remark'
       has_many :organization, String, tag: 'organization'
@@ -170,14 +185,14 @@ module HappyMapperTools
       has_many :target_address, String, tag: 'target-address'
       element :target_facts, TargetFact, tag: 'target-facts'
       element :platform, CPE2idrefType, tag: 'platform'
-      # Note: element profile not implemented since Benchmark profile is also not implemented
+      # NOTE: element profile not implemented since Benchmark profile is also not implemented
       has_many :rule_result, RuleResultType, tag: 'rule-result'
       has_many :score, ScoreType, tag: 'score' # One minimum
       # Note: element signature not implemented due to no mapping from Chef Inspec
       attribute :id, String, tag: 'id'
       attribute :starttime, String, tag: 'start-time'
       attribute :endtime, String, tag: 'end-time'
-      # Note: attribute test-system not implemented at this time due to unknown CPE value for Chef Inspec
+      # NOTE: attribute test-system not implemented at this time due to unknown CPE value for Chef Inspec
       attribute :version, String, tag: 'version'
     end
 

data/lib/happy_mapper_tools/cci_attributes.rb

@@ -3,8 +3,6 @@
 require 'happymapper'
 require 'nokogiri'
 
-# rubocop:disable Naming/ClassAndModuleCamelCase
-
 module HappyMapperTools
   module CCIAttributes
     class Reference
@@ -62,5 +60,3 @@ module HappyMapperTools
     end
   end
 end
-
-# rubocop:enable Naming/ClassAndModuleCamelCase

data/lib/happy_mapper_tools/stig_attributes.rb

@@ -77,6 +77,15 @@ module HappyMapperTools
       element :dc_identifier, String, tag: 'identifier', namespace: 'dc'
     end
 
+    class Ident
+      include HappyMapper
+      attr_accessor :legacy, :cci
+
+      tag 'ident'
+      attribute :system, String, tag: 'system'
+      content :ident, String
+    end
+
     class Rule
       include HappyMapper
       tag 'Rule'
@@ -87,7 +96,7 @@ module HappyMapperTools
       element :title, String, tag: 'title'
       has_one :description, Description, tag: 'description'
       element :reference, ReferenceInfo, tag: 'reference'
-      has_many :idents, String, tag: 'ident'
+      has_many :idents, Ident, tag: 'ident'
       element :fixtext, String, tag: 'fixtext'
       has_one :fix, Fix, tag: 'fix'
       has_one :check, Check, tag: 'check'
@@ -195,7 +204,7 @@ module HappyMapperTools
                        '(case sensitive) option to replace the offending tags ' \
                        'during processing of the XCCDF ' \
                        'file to use the ' +
-                       "`$#{offending_tags[0]}` " .colorize(:light_green) +
+                       "`$#{offending_tags[0]}` ".colorize(:light_green) +
                        'syntax in your InSpec profile.'
           option_two = '(2) Update your XCCDF file to *not use* non-standard XCCDF ' \
                        'elements within ' +
@@ -204,7 +213,7 @@ module HappyMapperTools
                        '`>` '.colorize(:red) +
                        'as "placeholders", and use something that doesn\'t confuse ' \
                        'the XML parser, such as : ' +
-                       "`$#{offending_tags[0]}`" .colorize(:light_green)
+                       "`$#{offending_tags[0]}`".colorize(:light_green)
           puts option_one
           puts "\n"
           puts option_two

data/lib/happy_mapper_tools/stig_checklist.rb

@@ -27,6 +27,11 @@ module HappyMapperTools
     # Class Asset maps from the 'SI_DATA' from Checklist XML file using HappyMapper
     class SiData
       include HappyMapper
+
+      def initialize(name, data)
+        self.name = name
+        self.data = data
+      end
       tag 'SI_DATA'
       element :name, String, tag: 'SID_NAME'
       element :data, String, tag: 'SID_DATA'
@@ -35,6 +40,11 @@ module HappyMapperTools
     # Class Asset maps from the 'STIG_INFO' from Checklist XML file using HappyMapper
     class StigInfo
       include HappyMapper
+
+      def initialize(si_data)
+        self.si_data = si_data
+      end
+
       tag 'STIG_INFO'
       has_many :si_data, SiData, tag: 'SI_DATA'
     end
@@ -68,6 +78,11 @@ module HappyMapperTools
     # Class Asset maps from the 'iSTIG' from Checklist XML file using HappyMapper
     class IStig
       include HappyMapper
+
+      def initialize(stig_info, vulns)
+        self.stig_info = stig_info
+        self.vuln = vulns
+      end
       tag 'iSTIG'
       has_one :stig_info, StigInfo, tag: 'STIG_INFO'
       has_many :vuln, Vuln, tag: 'VULN'
@@ -76,6 +91,10 @@ module HappyMapperTools
     # Class Asset maps from the 'STIGS' from Checklist XML file using HappyMapper
     class Stigs
       include HappyMapper
+
+      def initialize(istig)
+        self.istig = istig
+      end
       tag 'STIGS'
       has_one :istig, IStig, tag: 'iSTIG'
     end

data/lib/inspec_tools/cli.rb

@@ -3,7 +3,7 @@ require 'json'
 
 require 'inspec-objects'
 require 'inspec'
-require_relative './plugin_cli.rb'
+require_relative './plugin_cli'
 
 # This tells the ruby cli app to use the same argument parsing as the plugin
 module InspecTools

data/lib/inspec_tools/csv.rb

@@ -6,10 +6,6 @@ require_relative '../utilities/inspec_util'
 require_relative '../utilities/cci_xml'
 require_relative '../utilities/mapping_validator'
 
-# rubocop:disable Metrics/AbcSize
-# rubocop:disable Metrics/PerceivedComplexity
-# rubocop:disable Metrics/CyclomaticComplexity
-
 module InspecTools
   # Methods for converting from CSV to various formats
   class CSVTool
@@ -46,8 +42,8 @@ module InspecTools
       @profile['supports'] = []
       @profile['attributes'] = []
       @profile['generator'] = {
-        'name': 'inspec_tools',
-        'version': VERSION
+        name: 'inspec_tools',
+        version: VERSION
       }
     end
 
@@ -98,7 +94,3 @@ module InspecTools
     end
   end
 end
-
-# rubocop:enable Metrics/AbcSize
-# rubocop:enable Metrics/PerceivedComplexity
-# rubocop:enable Metrics/CyclomaticComplexity

data/lib/inspec_tools/generate_map.rb

@@ -14,21 +14,21 @@ module InspecTools
 
     def default_text
       <<~YML
-      # Setting csv_header to true will skip the csv file header
-      skip_csv_header: true
-      width   : 80
+        # Setting csv_header to true will skip the csv file header
+        skip_csv_header: true
+        width   : 80
 
 
-      control.id: 0
-      control.title: 15
-      control.desc: 16
-      control.tags:
-        severity: 1
-        rid: 8
-        stig_id: 3
-        cci: 2
-        check: 12
-        fix: 10
+        control.id: 0
+        control.title: 15
+        control.desc: 16
+        control.tags:
+          severity: 1
+          rid: 8
+          stig_id: 3
+          cci: 2
+          check: 12
+          fix: 10
       YML
     end
   end

data/lib/inspec_tools/help.rb

@@ -1,9 +1,11 @@
-module InspecTools::Help
-  class << self
-    def text(namespaced_command)
-      path = namespaced_command.to_s.tr(':', '/')
-      path = File.expand_path("../help/#{path}.md", __FILE__)
-      IO.read(path) if File.exist?(path)
+module InspecTools
+  module Help
+    class << self
+      def text(namespaced_command)
+        path = namespaced_command.to_s.tr(':', '/')
+        path = File.expand_path("../help/#{path}.md", __FILE__)
+        IO.read(path) if File.exist?(path)
+      end
     end
   end
 end

data/lib/inspec_tools/inspec.rb

@@ -13,7 +13,7 @@ require_relative '../utilities/xccdf/from_inspec'
 require_relative '../utilities/xccdf/to_xccdf'
 
 module InspecTools
-  class Inspec # rubocop:disable Metrics/ClassLength
+  class Inspec
     def initialize(inspec_json, metadata = {})
       @json = JSON.parse(inspec_json.gsub(/\\+u0000/, ''))
       @metadata = metadata
@@ -61,12 +61,31 @@ module InspecTools
 
     private
 
+    def topmost_profile_name
+      find_topmost_profile_name(0)
+    end
+
+    def find_topmost_profile_name(index, parent_name = nil)
+      # Return nil when the index is out of bounds.
+      # nil returned here will set the profile name to '' in the calling functions.
+      return nil if index > @json['profiles'].length - 1
+
+      # No parent profile means this is the parent
+      if !@json['profiles'][index].key?('parent_profile') && (@json['profiles'][index]['name'] == parent_name || index.zero?)
+        # For the initial case, parent_name will be nil, and if we are already at the parent index is also zero
+        return @json['profiles'][index]['name']
+      end
+
+      parent_name = @json['profiles'][index]['parent_profile']
+      find_topmost_profile_name(index + 1, parent_name)
+    end
+
     ###
     #  This method converts an inspec json to an array of arrays
     #
     # @param inspec_json : an inspec profile formatted as a json object
     ###
-    def inspec_json_to_array(inspec_json) # rubocop:disable Metrics/CyclomaticComplexity
+    def inspec_json_to_array(inspec_json)
       data = []
       headers = {}
       inspec_json['controls'].each do |control|
@@ -111,28 +130,19 @@ module InspecTools
     end
 
     def generate_ckl
-      stigs = HappyMapperTools::StigChecklist::Stigs.new
-      istig = HappyMapperTools::StigChecklist::IStig.new
-
       vuln_list = []
       @data.keys.each do |control_id|
         vuln_list.push(generate_vuln_data(@data[control_id]))
       end
 
-      si_data = HappyMapperTools::StigChecklist::SiData.new
-      si_data.name = 'stigid'
-      si_data.data = ''
-      if !@metadata['stigid'].nil?
-        si_data.data = @metadata['stigid']
-      end
+      si_data_data = @metadata['stigid'] || topmost_profile_name || ''
+      si_data_stigid = HappyMapperTools::StigChecklist::SiData.new('stigid', si_data_data)
+      si_data_title = HappyMapperTools::StigChecklist::SiData.new('title', si_data_data)
 
-      stig_info = HappyMapperTools::StigChecklist::StigInfo.new
-      stig_info.si_data = si_data
-      istig.stig_info = stig_info
+      stig_info = HappyMapperTools::StigChecklist::StigInfo.new([si_data_stigid, si_data_title])
 
-      istig.vuln = vuln_list
-      stigs.istig = istig
-      @checklist.stig = stigs
+      istig = HappyMapperTools::StigChecklist::IStig.new(stig_info, vuln_list)
+      @checklist.stig = HappyMapperTools::StigChecklist::Stigs.new(istig)
 
       @checklist.asset = generate_asset
     end
@@ -158,19 +168,19 @@ module InspecTools
       vuln
     end
 
-    def generate_asset # rubocop:disable Metrics/AbcSize
+    def generate_asset
       asset = HappyMapperTools::StigChecklist::Asset.new
-      asset.role = !@metadata['role'].nil? ? @metadata['role'] : 'Workstation'
-      asset.type = !@metadata['type'].nil? ? @metadata['type'] : 'Computing'
+      asset.role = @metadata['role'].nil? ? 'Workstation' : @metadata['role']
+      asset.type = @metadata['type'].nil? ? 'Computing' : @metadata['type']
       asset.host_name = generate_hostname
       asset.host_ip = generate_ip
       asset.host_mac = generate_mac
       asset.host_fqdn = generate_fqdn
-      asset.tech_area = !@metadata['tech_area'].nil? ? @metadata['tech_area'] : ''
-      asset.target_key = !@metadata['target_key'].nil? ? @metadata['target_key'] : ''
-      asset.web_or_database = !@metadata['web_or_database'].nil? ? @metadata['web_or_database'] : '0'
-      asset.web_db_site = !@metadata['web_db_site'].nil? ? @metadata['web_db_site'] : ''
-      asset.web_db_instance = !@metadata['web_db_instance'].nil? ? @metadata['web_db_instance'] : ''
+      asset.tech_area = @metadata['tech_area'].nil? ? '' : @metadata['tech_area']
+      asset.target_key = @metadata['target_key'].nil? ? '' : @metadata['target_key']
+      asset.web_or_database = @metadata['web_or_database'].nil? ? '0' : @metadata['web_or_database']
+      asset.web_db_site = @metadata['web_db_site'].nil? ? '' : @metadata['web_db_site']
+      asset.web_db_instance = @metadata['web_db_instance'].nil? ? '' : @metadata['web_db_instance']
       asset
     end
 

data/lib/inspec_tools/pdf.rb

@@ -6,10 +6,6 @@ require_relative '../utilities/parser'
 require_relative '../utilities/text_cleaner'
 require_relative '../utilities/cis_to_nist'
 
-# rubocop:disable Metrics/AbcSize
-# rubocop:disable Metrics/PerceivedComplexity
-# rubocop:disable Metrics/CyclomaticComplexity
-
 module InspecTools
   class PDF
     def initialize(pdf, profile_name, debug = false)
@@ -59,7 +55,7 @@ module InspecTools
       @transformed_data.each do |contr|
         nist = find_nist(contr[:cis]) unless contr[:cis] == 'No CIS Control'
         control = {}
-        control['id'] = 'M-' + contr[:title].split(' ')[0]
+        control['id'] = "M-#{contr[:title].split[0]}"
         control['title'] = contr[:title]
         control['desc'] = contr[:descr]
         control['impact'] = Utils::InspecUtil.get_impact('medium')
@@ -67,7 +63,7 @@ module InspecTools
         control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
         control['tags']['ref'] = contr[:ref] unless contr[:ref].nil?
         control['tags']['applicability'] = contr[:applicability] unless contr[:applicability].nil?
-        control['tags']['cis_id'] = contr[:title].split(' ')[0] unless contr[:title].nil?
+        control['tags']['cis_id'] = contr[:title].split[0] unless contr[:title].nil?
         control['tags']['cis_control'] = [contr[:cis], @nist_mapping[0][:cis_ver]] unless contr[:cis].nil? # tag cis_control: [5, 6.1] ##6.1 is the version
         control['tags']['cis_level'] = contr[:level] unless contr[:level].nil?
         control['tags']['nist'] = nist unless nist.nil? # tag nist: [AC-3, 4]  ##4 is the version
@@ -91,8 +87,8 @@ module InspecTools
       @profile['supports'] = []
       @profile['attributes'] = []
       @profile['generator'] = {
-        'name': 'inspec_tools',
-        'version': VERSION
+        name: 'inspec_tools',
+        version: VERSION
       }
     end
 

data/lib/inspec_tools/plugin_cli.rb

@@ -16,10 +16,9 @@ module InspecTools
   autoload :GenerateMap, 'inspec_tools/generate_map'
 end
 
-# rubocop:disable Style/GuardClause
 module InspecPlugins
   module InspecToolsPlugin
-    class CliCommand < Inspec.plugin(2, :cli_command) # rubocop:disable Metrics/ClassLength
+    class CliCommand < Inspec.plugin(2, :cli_command)
       POSSIBLE_LOG_LEVELS = %w{debug info warn error fatal}.freeze
 
       class_option :log_directory, type: :string, aliases: :l, desc: 'Provide log location'
@@ -36,8 +35,9 @@ module InspecPlugins
       option :separate_files, required: false, type: :boolean, default: true, aliases: '-s'
       option :replace_tags, type: :array, required: false, aliases: '-r'
       option :metadata, required: false, aliases: '-m'
+      option :control_id, required: false, enum: %w{ruleID vulnID}, aliases: '-c', default: 'vulnID'
       def xccdf2inspec
-        xccdf = InspecTools::XCCDF.new(File.read(options[:xccdf]), options[:replace_tags])
+        xccdf = InspecTools::XCCDF.new(File.read(options[:xccdf]), options[:control_id] == 'vulnID', options[:replace_tags])
         profile = xccdf.to_inspec
 
         if !options[:metadata].nil?
@@ -240,5 +240,3 @@ if help_commands.any? { |cmd| ARGV.include? cmd }
     end
   end
 end
-
-# rubocop:enable Style/GuardClause

data/lib/inspec_tools/summary.rb

@@ -14,15 +14,8 @@ TALLYS = %i(total critical high medium low).freeze
 THRESHOLD_TEMPLATE = File.expand_path('../data/threshold.yaml', File.dirname(__FILE__))
 
 module InspecTools
-  # rubocop:disable Metrics/ClassLength
   class Summary
-    attr_reader :json
-    attr_reader :json_full
-    attr_reader :json_counts
-    attr_reader :threshold_file
-    attr_reader :threshold_inline
-    attr_reader :summary
-    attr_reader :threshold
+    attr_reader :json, :json_full, :json_counts, :threshold_file, :threshold_inline, :summary, :threshold
 
     def initialize(**options)
       options = options[:options]
@@ -154,5 +147,4 @@ module InspecTools
          summary[:status][:error][:total])).floor
     end
   end
-  # rubocop:enable Metrics/ClassLength
 end

data/lib/inspec_tools/xccdf.rb

@@ -6,19 +6,15 @@ require 'digest'
 require 'json'
 
 module InspecTools
-  # rubocop:disable Metrics/ClassLength
-  # rubocop:disable Metrics/AbcSize
-  # rubocop:disable Metrics/PerceivedComplexity
-  # rubocop:disable Metrics/CyclomaticComplexity
-  # rubocop:disable Metrics/BlockLength
   class XCCDF
-    def initialize(xccdf, replace_tags = nil)
+    def initialize(xccdf, use_vuln_id, replace_tags = nil)
       @xccdf = xccdf
       @xccdf = replace_tags_in_xccdf(replace_tags, @xccdf) unless replace_tags.nil?
       cci_list_path = File.join(File.dirname(__FILE__), '../data/U_CCI_List.xml')
       @cci_items = HappyMapperTools::CCIAttributes::CCI_List.parse(File.read(cci_list_path))
-      # @cci_items = HappyMapperTools::CCIAttributes::CCI_List.parse(File.read('./data/U_CCI_List.xml'))
+      register_after_parse_callbacks
       @benchmark = HappyMapperTools::StigAttributes::Benchmark.parse(@xccdf)
+      @use_vuln_id = use_vuln_id
     end
 
     def to_ckl
@@ -42,7 +38,7 @@ module InspecTools
     # extracts non-InSpec attributes
     ###
     # TODO there may be more attributes we want to extract, see data/attributes.yml for example
-    def to_attributes # rubocop:disable Metrics/AbcSize
+    def to_attributes
       @attribute = {}
 
       @attribute['benchmark.title'] = @benchmark.title
@@ -89,6 +85,14 @@ module InspecTools
 
     private
 
+    def register_after_parse_callbacks
+      # Determine if the parsed Ident is refrencing a legacy ID number.
+      HappyMapperTools::StigAttributes::Ident.after_parse do |object|
+        object.cci = object.system.eql?('http://cyber.mil/cci')
+        object.legacy = !object.cci
+      end
+    end
+
     def replace_tags_in_xccdf(replace_tags, xccdf_xml)
       replace_tags.each do |tag|
         xccdf_xml = xccdf_xml.gsub(/(&lt;|<)#{tag}(&gt;|>)/, "$#{tag}")
@@ -108,8 +112,8 @@ module InspecTools
       @profile['supports'] = []
       @profile['attributes'] = []
       @profile['generator'] = {
-        'name': 'inspec_tools',
-        'version': VERSION
+        name: 'inspec_tools',
+        version: VERSION
       }
       @profile['plaintext'] = @benchmark.plaintext.plaintext
       @profile['status'] = "#{@benchmark.status} on #{@benchmark.release_date.release_date}"
@@ -121,7 +125,7 @@ module InspecTools
     def insert_controls
       @benchmark.group.each do |group|
         control = {}
-        control['id'] = group.id
+        control['id'] = @use_vuln_id ? group.id : group.rule.id.split('r').first
         control['title'] = group.rule.title
         control['desc'] = group.rule.description.vuln_discussion.split('Satisfies: ')[0]
         control['impact'] = Utils::InspecUtil.get_impact(group.rule.severity)
@@ -133,8 +137,10 @@ module InspecTools
         control['tags']['rid'] = group.rule.id
         control['tags']['stig_id'] = group.rule.version
         control['tags']['fix_id'] = group.rule.fix.id
-        control['tags']['cci'] = group.rule.idents
-        control['tags']['nist'] = @cci_items.fetch_nists(group.rule.idents)
+        control['tags']['cci'] = group.rule.idents.select(&:cci).map(&:ident)
+        legacy_tags = group.rule.idents.select(&:legacy)
+        control['tags']['legacy'] = legacy_tags.map(&:ident) unless legacy_tags.empty?
+        control['tags']['nist'] = @cci_items.fetch_nists(control['tags']['cci'])
         control['tags']['false_negatives'] = group.rule.description.false_negatives if group.rule.description.false_negatives != ''
         control['tags']['false_positives'] = group.rule.description.false_positives if group.rule.description.false_positives != ''
         control['tags']['documentable'] = group.rule.description.documentable if group.rule.description.documentable != ''

data/lib/inspec_tools/xlsx_tool.rb

@@ -8,10 +8,6 @@ require_relative '../utilities/inspec_util'
 require_relative '../utilities/cis_to_nist'
 require_relative '../utilities/mapping_validator'
 
-# rubocop:disable Metrics/AbcSize
-# rubocop:disable Metrics/PerceivedComplexity
-# rubocop:disable Metrics/CyclomaticComplexity
-
 module InspecTools
   # Methods for converting from XLS to various formats
   class XLSXTool
@@ -58,8 +54,8 @@ module InspecTools
       @profile['supports'] = []
       @profile['attributes'] = []
       @profile['generator'] = {
-        'name': 'inspec_tools',
-        'version': ::InspecTools::VERSION
+        name: 'inspec_tools',
+        version: ::InspecTools::VERSION
       }
     end
 
@@ -73,7 +69,7 @@ module InspecTools
           tag_pos = @mapping['control.tags']
           control = {}
           control['tags'] = {}
-          control['id'] = control_prefix + '-' + row[@mapping['control.id']].formatted_value unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
+          control['id'] = "#{control_prefix}-#{row[@mapping['control.id']].formatted_value}" unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
           control['title']  = row[@mapping['control.title']].formatted_value unless cell_empty?(@mapping['control.title']) || cell_empty?(row[@mapping['control.title']])
           control['desc'] = ''
           control['desc'] = row[@mapping['control.desc']].formatted_value unless cell_empty?(row[@mapping['control.desc']])
@@ -107,7 +103,8 @@ module InspecTools
     end
 
     def apply_cis_and_nist_controls(control, cis_tags)
-      control['tags']['cis_controls'], control['tags']['nist'] = [], []
+      control['tags']['cis_controls'] = []
+      control['tags']['nist'] = []
 
       if cis_tags[:sub_section].nil? || cis_tags[:sub_section].blank?
         control['tags']['cis_controls'] << cis_tags[:section]
@@ -130,7 +127,3 @@ module InspecTools
     end
   end
 end
-
-# rubocop:enable Metrics/AbcSize
-# rubocop:enable Metrics/PerceivedComplexity
-# rubocop:enable Metrics/CyclomaticComplexity

data/lib/overrides/string.rb

@@ -1,5 +1,5 @@
 class String
   def blank?
-    self.strip.empty?
+    strip.empty?
   end
 end

data/lib/utilities/inspec_util.rb

@@ -14,7 +14,7 @@ require 'overrides/string'
 require 'rubocop'
 
 module Utils
-  class InspecUtil # rubocop:disable Metrics/ClassLength
+  class InspecUtil
     WIDTH = 80
     IMPACT_SCORES = {
       'none' => 0.0,
@@ -24,7 +24,7 @@ module Utils
       'critical' => 0.9
     }.freeze
 
-    def self.parse_data_for_ckl(json) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+    def self.parse_data_for_ckl(json)
       data = {}
 
       # Parse for inspec profile results json
@@ -88,7 +88,7 @@ module Utils
       hash.each_with_object({}) do |(k, v), ret|
         key = recursive_key + k.to_s
         if v.is_a? Hash
-          ret.merge! to_dotted_hash(v, key + '.')
+          ret.merge! to_dotted_hash(v, "#{key}.")
         else
           ret[key] = v
         end
@@ -99,12 +99,12 @@ module Utils
       status_list = control[:status].uniq
       if control[:impact].to_f.zero?
         'Not_Applicable'
+      elsif (status_list.include?('error') || status_list.empty?) && for_summary
+        'Profile_Error'
       elsif status_list.include?('failed')
         'Open'
       elsif status_list.include?('passed')
         'NotAFinding'
-      elsif status_list.include?('error') && for_summary
-        'Profile_Error'
       else
         # profile skipped or profile error
         'Not_Reviewed'
@@ -165,15 +165,16 @@ module Utils
     end
 
     private_class_method def self.string_to_impact(severity, use_cvss_terms)
-      if %r{none|na|n/a|not[_|(\s*)]?applicable}i.match?(severity)
+      case severity
+      when %r{none|na|n/a|not[_|(\s*)]?applicable}i
         impact = 0.0 # Informative
-      elsif /low|cat(egory)?\s*(iii|3)/i.match?(severity)
+      when /low|cat(egory)?\s*(iii|3)/i
         impact = 0.3 # Low Impact
-      elsif /med(ium)?|cat(egory)?\s*(ii|2)/i.match?(severity)
+      when /med(ium)?|cat(egory)?\s*(ii|2)/i
         impact = 0.5 # Medium Impact
-      elsif /high|cat(egory)?\s*(i|1)/i.match?(severity)
+      when /high|cat(egory)?\s*(i|1)/i
         impact = 0.7 # High Impact
-      elsif /crit(ical)?|severe/i.match?(severity)
+      when /crit(ical)?|severe/i
         impact = 1.0 # Critical Controls
       else
         raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
@@ -218,7 +219,7 @@ module Utils
       WordWrap.ww(str.to_s, width)
     end
 
-    private_class_method def self.generate_controls(inspec_json) # rubocop:disable Metrics/AbcSize,  Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+    private_class_method def self.generate_controls(inspec_json)
       controls = []
       inspec_json['controls'].each do |json_control|
         control = ::Inspec::Object::Control.new
@@ -246,6 +247,7 @@ module Utils
         control.add_tag(::Inspec::Object::Tag.new('stig_id',  json_control['tags']['stig_id']))
         control.add_tag(::Inspec::Object::Tag.new('fix_id', json_control['tags']['fix_id']))
         control.add_tag(::Inspec::Object::Tag.new('cci', json_control['tags']['cci']))
+        control.add_tag(::Inspec::Object::Tag.new('legacy', json_control['tags']['legacy'])) unless json_control['tags']['legacy'].blank?
         control.add_tag(::Inspec::Object::Tag.new('nist', json_control['tags']['nist']))
         control.add_tag(::Inspec::Object::Tag.new('cis_level', json_control['tags']['cis_level'])) unless json_control['tags']['cis_level'].blank?
         control.add_tag(::Inspec::Object::Tag.new('cis_controls', json_control['tags']['cis_controls'])) unless json_control['tags']['cis_controls'].blank?
@@ -325,7 +327,7 @@ module Utils
       myfile.puts readme_contents
     end
 
-    private_class_method def self.unpack_profile(directory, controls, separated, output_format) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+    private_class_method def self.unpack_profile(directory, controls, separated, output_format)
       FileUtils.rm_rf(directory) if Dir.exist?(directory)
       Dir.mkdir directory unless Dir.exist?(directory)
       Dir.mkdir "#{directory}/controls" unless Dir.exist?("#{directory}/controls")
@@ -336,7 +338,7 @@ module Utils
             file_name = control.id.to_s
             myfile = File.new("#{directory}/controls/#{file_name}.rb", 'w')
             myfile.puts "# encoding: UTF-8\n\n"
-            myfile.puts wrap(control.to_ruby, WIDTH) + "\n"
+            myfile.puts "#{wrap(control.to_ruby, WIDTH)}\n"
             myfile.close
           end
         else
@@ -352,7 +354,7 @@ module Utils
         if output_format == 'ruby'
           controls.each do |control|
             myfile.puts "# encoding: UTF-8\n\n"
-            myfile.puts wrap(control.to_ruby.gsub('"', "\'"), WIDTH) + "\n"
+            myfile.puts "#{wrap(control.to_ruby.gsub('"', "\'"), WIDTH)}\n"
           end
         else
           controls.each do |control|

data/lib/utilities/parser.rb

@@ -4,7 +4,6 @@ require 'parslet'
 require 'parslet/convenience'
 require 'pp'
 
-# rubocop:disable Metrics/ClassLength
 module Util
   class ControlParser < Parslet::Parser
     root :controls
@@ -345,8 +344,8 @@ module Util
 
     def parse(clean_text)
       @parser.parse(clean_text)
-    rescue Parslet::ParseFailed => error
-      puts error.parse_failure_cause.ascii_tree
+    rescue Parslet::ParseFailed => e
+      puts e.parse_failure_cause.ascii_tree
     end
 
     def convert_str(value)
@@ -359,13 +358,13 @@ module Util
           references = ctrl[:ref].split("\n")
           references.each do |ref|
             match = ref.scan(/(?<=#)\d+\.\d+/).map(&:inspect).join(',').delete('"').tr(',', ' ')
-            ctrl[:cis] = match.split(' ') unless match.empty?
+            ctrl[:cis] = match.split unless match.empty?
           end
           ctrl[:cis] = 'No CIS Control' unless ctrl[:cis]
         elsif !ctrl[:cis] && !ctrl[:ref]
           ctrl[:cis] = 'No CIS Control'
         elsif ctrl[:cis] && ctrl[:ref]
-          ctrl[:cis] = ctrl[:cis].scan(/^\d+[\.\d+]*/)
+          ctrl[:cis] = ctrl[:cis].scan(/^\d+[.\d+]*/)
         end
       end
     end

data/lib/utilities/text_cleaner.rb

@@ -15,36 +15,31 @@ module Util
       clean_special = remove_special(clean_whitespace)
       clean_no_space = remove_extra_space(clean_special)
       clean_pagenum = remove_pagenum(clean_no_space)
-      clean_data = separate_controls(clean_pagenum)
-      clean_data
+      separate_controls(clean_pagenum)
     end
 
     # Removes everything before and after the controls
     def isolate_controls_data(extracted_data)
       extracted_data = extracted_data.gsub(/\| P a g e+/, "| P a g e\n")
-      extracted_data = extracted_data.split("\n").map{ |line| line.strip}.reject { |e| e.to_s.empty? }.join("\n")
+      extracted_data = extracted_data.split("\n").map(&:strip).reject { |e| e.to_s.empty? }.join("\n")
       extracted_data = extracted_data.gsub('???', '')
-      controls_data = /^1\.1\s*[^\)]*?(?=\)$)(.*\n)*?(?=\s*Appendix:)/.match(extracted_data).to_s
-      controls_data
+      /^1\.1\s*[^)]*?(?=\)$)(.*\n)*?(?=\s*Appendix:)/.match(extracted_data).to_s
     end
 
     # Removes all pagenumbers between the controls
     def remove_pagenum(extracted_data)
       clean_pagenum = extracted_data.gsub(/(\d{1,3}\|Page|\d{1,3} \| P a g e)/, '').to_s
-      clean_pagenum = clean_pagenum.gsub(/(\d{1,3} \| Page)/, '').to_s
-      clean_pagenum
+      clean_pagenum.gsub(/(\d{1,3} \| Page)/, '').to_s
     end
 
     # Removes section headers for each control
     def remove_section_header(extracted_data)
-      clean_section_header = extracted_data.gsub(/(?<!•)\s\n\d{1}\s.*(?:.*\n)*?(?=\d\.\d)/, "\n\n").to_s
-      clean_section_header
+      extracted_data.gsub(/(?<!•)\s\n\d{1}\s.*(?:.*\n)*?(?=\d\.\d)/, "\n\n").to_s
     end
 
     # removes newlines between a control
     def remove_newline_in_controls(extracted_data)
-      clean_whitespace = extracted_data.gsub(/\s\n.*?(?!d\.)/, "\n").to_s
-      clean_whitespace
+      extracted_data.gsub(/\s\n.*?(?!d\.)/, "\n").to_s
     end
 
     # adds whitespace between different controls
@@ -53,8 +48,8 @@ module Util
     end
 
     def remove_special(extracted_data)
-      extracted_data = extracted_data.gsub(/[]/, '')
-      extracted_data.gsub(/[•]/, '')
+      extracted_data = extracted_data.gsub(//, '')
+      extracted_data.gsub(/•/, '')
     end
 
     def remove_extra_space(extracted_data)

data/lib/utilities/xccdf/from_inspec.rb

@@ -4,7 +4,7 @@ module Utils
     DATA_NOT_FOUND_MESSAGE = 'N/A'.freeze
 
     # Convert raw Inspec result json into format acceptable for XCCDF transformation.
-    def parse_data_for_xccdf(json) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+    def parse_data_for_xccdf(json)
       data = {}
 
       controls = []
@@ -29,11 +29,12 @@ module Utils
         c_data[c_id]['gid']            = control['tags']['gid'] || control['id']
         c_data[c_id]['gtitle']         = control['tags']['gtitle'] if control['tags']['gtitle'] # Optional attribute
         c_data[c_id]['gdescription']   = control['tags']['gdescription'] if control['tags']['gdescription'] # Optional attribute
-        c_data[c_id]['rid']            = control['tags']['rid'] || 'r_' + c_data[c_id]['gid']
+        c_data[c_id]['rid']            = control['tags']['rid'] || "r_#{c_data[c_id]['gid']}"
         c_data[c_id]['rversion']       = control['tags']['rversion'] if control['tags']['rversion'] # Optional attribute
         c_data[c_id]['rweight']        = control['tags']['rweight'] if control['tags']['rweight'] # Optional attribute where N/A is not schema compliant
         c_data[c_id]['stig_id']        = control['tags']['stig_id'] || DATA_NOT_FOUND_MESSAGE
         c_data[c_id]['cci']            = control['tags']['cci'] if control['tags']['cci'] # Optional attribute
+        c_data[c_id]['legacy']         = control['tags']['legacy'] if control['tags']['legacy'] # Optional attribute
         c_data[c_id]['nist']           = control['tags']['nist'] || ['unmapped']
         c_data[c_id]['check']          = control['tags']['check'] || DATA_NOT_FOUND_MESSAGE
         c_data[c_id]['checkref']       = control['tags']['checkref'] || DATA_NOT_FOUND_MESSAGE

data/lib/utilities/xccdf/to_xccdf.rb

@@ -2,7 +2,7 @@ require_relative 'xccdf_score'
 
 module Utils
   # Data conversions for Inspec output into XCCDF format.
-  class ToXCCDF # rubocop:disable Metrics/ClassLength
+  class ToXCCDF
     # @param attribute [Hash] XCCDF supplemental attributes
     # @param data [Hash] Converted Inspec output data
     def initialize(attribute, data)
@@ -53,7 +53,7 @@ module Utils
     end
 
     # Translate join of Inspec results and input attributes to XCCDF Groups
-    def build_groups # rubocop:disable Metrics/AbcSize
+    def build_groups
       group_array = []
       @data['controls'].each do |control|
         group = HappyMapperTools::Benchmark::Group.new
@@ -67,13 +67,14 @@ module Utils
         group.rule.weight = control['rweight']
         group.rule.version = control['rversion']
         group.rule.title = control['title'].tr("\n", ' ') if control['title']
-        group.rule.description = "<VulnDiscussion>#{control['desc'].tr("\n", ' ')}</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>"
+        group.rule.description = "<VulnDiscussion>#{control['desc']}</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>"
 
         if ['reference.dc.publisher', 'reference.dc.title', 'reference.dc.subject', 'reference.dc.type', 'reference.dc.identifier'].any? { |a| @attribute.key?(a) }
           group.rule.reference = build_rule_reference
         end
 
         group.rule.ident = build_rule_idents(control['cci']) if control['cci']
+        group.rule.ident += build_rule_idents(control['legacy']) if control['legacy']
 
         group.rule.fixtext = HappyMapperTools::Benchmark::Fixtext.new
         group.rule.fixtext.fixref = control['fix_id']
@@ -126,10 +127,7 @@ module Utils
 
       # Each rule identifier is a different element
       idents.map do |identifier|
-        ident = HappyMapperTools::Benchmark::Ident.new
-        ident.system = 'https://public.cyber.mil/stigs/cci/'
-        ident.ident = identifier
-        ident
+        HappyMapperTools::Benchmark::Ident.new identifier
       end
     end
 
@@ -184,7 +182,7 @@ module Utils
 
     # Build out the TestResult given all the control and result data.
     def populate_results(test_result)
-      # Note: id is not an XCCDF 1.2 compliant identifier and will need to be updated when that support is added.
+      # NOTE: id is not an XCCDF 1.2 compliant identifier and will need to be updated when that support is added.
       test_result.id = 'result_1'
       test_result.starttime = run_start_time
       test_result.endtime = run_end_time
@@ -227,6 +225,7 @@ module Utils
       rule_result.instance = result['code_desc']
 
       rule_result.ident = build_rule_idents(control['cci']) if control['cci']
+      rule_result.ident += build_rule_idents(control['legacy']) if control['legacy']
 
       # Fix information is only necessary when there are failed tests
       rule_result.fix = build_rule_fix(control['fix_id']) if control['fix_id'] && result_status == 'fail'
@@ -238,7 +237,7 @@ module Utils
     end
 
     # Combines rule results with the same result into a single rule result.
-    def combine_results(rule_results) # rubocop:disable Metrics/AbcSize
+    def combine_results(rule_results)
       return rule_results.first if rule_results.size == 1
 
       # Can combine, result, idents (duplicate, take first instance), instance - combine into an array removing duplicates
@@ -329,7 +328,7 @@ module Utils
     # @param one [String] A rule-result status
     # @param two [String] A rule-result status
     # @return The result of the AND operation.
-    def xccdf_and_result(one, two) # rubocop:disable Metrics/CyclomaticComplexity
+    def xccdf_and_result(one, two)
       # From XCCDF specification truth table
       # P = pass
       # F = fail
@@ -362,7 +361,7 @@ module Utils
 
       message = HappyMapperTools::Benchmark::MessageType.new
       # Including the code of the check and the resulting message if there is one.
-      message.message = "#{result['code_desc'] ? result['code_desc'] + "\n\n" : ''}#{result['message'] || result['skip_message']}"
+      message.message = "#{result['code_desc'] ? "#{result['code_desc']}\n\n" : ''}#{result['message'] || result['skip_message']}"
       message.severity = result_message_severity(xccdf_status)
       message
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: inspec_tools
 version: !ruby/object:Gem::Version
-  version: 2.3.2
+  version: 2.3.7
 platform: ruby
 authors:
 - Robert Thew
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-01-22 00:00:00.000000000 Z
+date: 2021-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -149,16 +149,16 @@ dependencies:
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: word_wrap
   requirement: !ruby/object:Gem::Requirement
@@ -257,6 +257,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -358,7 +372,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.15
 signing_key: 
 specification_version: 4
 summary: Converter utils for Inspec