inspec_tools 2.3.4 → 2.3.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6188a2ff394f6f733d23d032d4919e1f9e5e08267bbce30a2a4725631d5a5a13
-  data.tar.gz: 4b3b5fc70d53d4784ef84f881493ca361d998a254c96323e4e1e65c48e7e5630
+  metadata.gz: b6f754f4816775d8bb360ed2ce768b1f4a443f647a440a1fe04a371388af6fe0
+  data.tar.gz: d31e79fb1477ab0b9fed85df8847f59f487d1ca5dc0bfc369e201dd2e0b87ba8
 SHA512:
-  metadata.gz: e537d4749c34eaac49e4c80355250949f02d0db6020596d4c73e1f2995e384742cefc5d72a12fb7c2a159ceca406dbc723aa5d8e36ea8272967e9bd37f49da08
-  data.tar.gz: 5a26c4b893a8646ae1e4ae62cd380b0603f0a45b1a88a7234af5a9a8d52a2cc71561d8d0ee784a8bedbbcda7abc26d88b58f999761649bcd29c0adfc464fec78
+  metadata.gz: 5f4fe6b5f733d4654d179e0bbe651276afa3ccfff6527e6088f50c13da23324b1be9c6b695cad464895f13e53b442dd674d546c826b31632def647b73d50d26e
+  data.tar.gz: bee2b9f2a53efa941413308ea6eaeb340493c8d581b07a4d348094ba1278c4177fd3de7ee6575226896d41d0156bf6eaf0934a5f0eb597956c1b4c5ff2c07c67

data/README.md

@@ -218,6 +218,7 @@ FLAGS:
 	-s --separate-files [true | false] : output the resulting controls as one or mutiple files (default: true) [optional]
 	-m --metadata <metadata-json>      : path to json file with additional metadata for the inspec.yml file [optional]
 	-r --replace-tags <array>          : A case-sensitive, space separated list to replace tags with a $ if found in a group rules description tag [optional]
+	-c --control-id [vulnID | ruleID]  : use either legacy Vuln ID (ex. 'V-XXXXX') or Rule ID (ex. 'SV-XXXXX') as the overall Control ID (default: vulnID) [optional]
 
 example: inspec_tools xccdf2inspec -x xccdf_file.xml -a attributes.yml -o myprofile -f ruby -s false
 ```

data/exe/inspec_tools

@@ -1,11 +1,11 @@
 #!/usr/bin/env -S ruby -EUTF-8
 
 # Trap ^C
-Signal.trap('INT') {
+Signal.trap('INT') do
   puts "\nCtrl-C detected. Exiting..."
   sleep 1
   exit
-}
+end
 
 $LOAD_PATH.unshift(File.expand_path('../lib', __dir__))
 require 'inspec_tools'

data/lib/happy_mapper_tools/benchmark.rb

@@ -67,11 +67,18 @@ module HappyMapperTools
       content :ident, String
       def initialize(ident_str)
         @ident = ident_str
-	if ident_str =~ /^(CCI-[0-9]{6})$/
+        case ident_str
+        when /^(CCI-[0-9]{6})$/
+          # Match CCI IDs; e.g. CCI-123456
           @system = 'http://cyber.mil/cci'
-	else
+        when /^(S?V-[0-9]{5})$/
+          # Match SV- IDs; e.g. SV-12345
+          # Match V- IDs; e.g. V-12345
           @system = 'http://cyber.mil/legacy'
-	end
+        else
+          # for all other ident_str, use the old identifier
+          @system = 'https://public.cyber.mil/stigs/cci/'
+        end
       end
     end
 
@@ -122,7 +129,7 @@ module HappyMapperTools
       element :result, String, tag: 'result'
       # element override - Not implemented. Does not apply to Inspec execution
       has_many :ident, Ident, tag: 'ident'
-      # Note: element metadata not implemented at this time
+      # NOTE: element metadata not implemented at this time
       has_many :message, MessageType, tag: 'message'
       has_many :instance, String, tag: 'instance'
       element :fix, Fix, tag: 'fix'
@@ -169,7 +176,7 @@ module HappyMapperTools
 
     class TestResult
       include HappyMapper
-      # Note: element benchmark not implemented at this time since this is same file
+      # NOTE: element benchmark not implemented at this time since this is same file
       # Note: element title not implemented due to no mapping from Chef Inspec
       element :remark, String, tag: 'remark'
       has_many :organization, String, tag: 'organization'
@@ -178,14 +185,14 @@ module HappyMapperTools
       has_many :target_address, String, tag: 'target-address'
       element :target_facts, TargetFact, tag: 'target-facts'
       element :platform, CPE2idrefType, tag: 'platform'
-      # Note: element profile not implemented since Benchmark profile is also not implemented
+      # NOTE: element profile not implemented since Benchmark profile is also not implemented
       has_many :rule_result, RuleResultType, tag: 'rule-result'
       has_many :score, ScoreType, tag: 'score' # One minimum
       # Note: element signature not implemented due to no mapping from Chef Inspec
       attribute :id, String, tag: 'id'
       attribute :starttime, String, tag: 'start-time'
       attribute :endtime, String, tag: 'end-time'
-      # Note: attribute test-system not implemented at this time due to unknown CPE value for Chef Inspec
+      # NOTE: attribute test-system not implemented at this time due to unknown CPE value for Chef Inspec
       attribute :version, String, tag: 'version'
     end
 

data/lib/happy_mapper_tools/cci_attributes.rb

@@ -3,8 +3,6 @@
 require 'happymapper'
 require 'nokogiri'
 
-# rubocop:disable Naming/ClassAndModuleCamelCase
-
 module HappyMapperTools
   module CCIAttributes
     class Reference
@@ -62,5 +60,3 @@ module HappyMapperTools
     end
   end
 end
-
-# rubocop:enable Naming/ClassAndModuleCamelCase

data/lib/happy_mapper_tools/stig_attributes.rb

@@ -79,8 +79,8 @@ module HappyMapperTools
 
     class Ident
       include HappyMapper
-      attr_accessor :legacy
-      attr_accessor :cci
+      attr_accessor :legacy, :cci
+
       tag 'ident'
       attribute :system, String, tag: 'system'
       content :ident, String
@@ -158,12 +158,13 @@ module HappyMapperTools
 
         def apply(value)
           value = value.gsub('&', 'and')
-          DescriptionDetails.parse "<Details>#{value}</Details>"
+          value = value.gsub('"<"', 'less than (converted less than)')
+          DescriptionDetails.parse("<Details>#{value}</Details>")
         rescue Nokogiri::XML::SyntaxError => e
-          if e.to_s.include?('StartTag')
-            report_invalid_start_tag(value, e)
+          if report_disallowed_tags(value) # if there was a bad tag
+            exit(1)
           else
-            report_disallowed_tags(value)
+            report_error(value, e)
           end
         end
 
@@ -173,7 +174,7 @@ module HappyMapperTools
 
         private
 
-        def report_invalid_start_tag(value, error)
+        def report_error(value, error)
           puts error.to_s.colorize(:red)
           column = error.column - '<Details>'.length - 2
           puts "Error around #{value[column-10..column+10].colorize(:light_yellow)}"
@@ -184,39 +185,38 @@ module HappyMapperTools
           allowed_tags = %w{VulnDiscussion FalsePositives FalseNegatives Documentable
                             Mitigations SeverityOverrideGuidance PotentialImpacts
                             PotentialImpacts ThirdPartyTools MitigationControl
-                            Responsibility IAControl SecurityOverrideGuidance}
+                            Responsibility IAControl IAControls SecurityOverrideGuidance}
 
           tags_found = value.scan(%r{(?<=<)([^\/]*?)((?= \/>)|(?=>))}).to_a
 
           tags_found = tags_found.uniq.flatten.reject!(&:empty?)
           offending_tags = tags_found - allowed_tags
 
-          if offending_tags.count > 1
-            puts "\n\nThe non-standard tags: #{offending_tags.to_s.colorize(:red)}" \
+          unless offending_tags.count.zero?
+            puts "\n\nThe non-standard tag(s): #{offending_tags.to_s.colorize(:red)}" \
                  ' were found in: ' + "\n\n#{value}"
-          else
-            puts "\n\nThe non-standard tag: #{offending_tags.to_s.colorize(:red)}" \
-                 ' was found in: ' + "\n\n#{value}"
+            puts "\n\nPlease:\n "
+            option_one = '(1) ' + '(best)'.colorize(:green) + ' Use the ' +
+                         '`-r --replace-tags array` '.colorize(:light_yellow) +
+                         '(case sensitive) option to replace the offending tags ' \
+                         'during processing of the XCCDF ' \
+                         'file to use the ' +
+                         "`$#{offending_tags[0]}` ".colorize(:light_green) +
+                         'syntax in your InSpec profile.'
+            option_two = '(2) Update your XCCDF file to *not use* non-standard XCCDF ' \
+                        'elements within ' +
+                         '`&lt;`,`&gt;`, `<` '.colorize(:red) +
+                         'or '.colorize(:default) +
+                         '`>` '.colorize(:red) +
+                         'as "placeholders", and use something that doesn\'t confuse ' \
+                         'the XML parser, such as : ' +
+                         "`$#{offending_tags[0]}`".colorize(:light_green)
+            puts option_one
+            puts "\n"
+            puts option_two
+            return true
           end
-          puts "\n\nPlease:\n "
-          option_one = '(1) ' + '(best)'.colorize(:green) + ' Use the ' +
-                       '`-r --replace-tags array` '.colorize(:light_yellow) +
-                       '(case sensitive) option to replace the offending tags ' \
-                       'during processing of the XCCDF ' \
-                       'file to use the ' +
-                       "`$#{offending_tags[0]}` " .colorize(:light_green) +
-                       'syntax in your InSpec profile.'
-          option_two = '(2) Update your XCCDF file to *not use* non-standard XCCDF ' \
-                       'elements within ' +
-                       '`&lt;`,`&gt;`, `<` '.colorize(:red) +
-                       'or '.colorize(:default) +
-                       '`>` '.colorize(:red) +
-                       'as "placeholders", and use something that doesn\'t confuse ' \
-                       'the XML parser, such as : ' +
-                       "`$#{offending_tags[0]}`" .colorize(:light_green)
-          puts option_one
-          puts "\n"
-          puts option_two
+          false
         end
       end
       HappyMapper::SupportedTypes.register DescriptionDetailsType

data/lib/happy_mapper_tools/stig_checklist.rb

@@ -27,6 +27,11 @@ module HappyMapperTools
     # Class Asset maps from the 'SI_DATA' from Checklist XML file using HappyMapper
     class SiData
       include HappyMapper
+
+      def initialize(name, data)
+        self.name = name
+        self.data = data
+      end
       tag 'SI_DATA'
       element :name, String, tag: 'SID_NAME'
       element :data, String, tag: 'SID_DATA'
@@ -35,6 +40,11 @@ module HappyMapperTools
     # Class Asset maps from the 'STIG_INFO' from Checklist XML file using HappyMapper
     class StigInfo
       include HappyMapper
+
+      def initialize(si_data)
+        self.si_data = si_data
+      end
+
       tag 'STIG_INFO'
       has_many :si_data, SiData, tag: 'SI_DATA'
     end
@@ -68,6 +78,11 @@ module HappyMapperTools
     # Class Asset maps from the 'iSTIG' from Checklist XML file using HappyMapper
     class IStig
       include HappyMapper
+
+      def initialize(stig_info, vulns)
+        self.stig_info = stig_info
+        self.vuln = vulns
+      end
       tag 'iSTIG'
       has_one :stig_info, StigInfo, tag: 'STIG_INFO'
       has_many :vuln, Vuln, tag: 'VULN'
@@ -76,6 +91,10 @@ module HappyMapperTools
     # Class Asset maps from the 'STIGS' from Checklist XML file using HappyMapper
     class Stigs
       include HappyMapper
+
+      def initialize(istig)
+        self.istig = istig
+      end
       tag 'STIGS'
       has_one :istig, IStig, tag: 'iSTIG'
     end

data/lib/inspec_tools/cli.rb

@@ -3,7 +3,7 @@ require 'json'
 
 require 'inspec-objects'
 require 'inspec'
-require_relative './plugin_cli.rb'
+require_relative './plugin_cli'
 
 # This tells the ruby cli app to use the same argument parsing as the plugin
 module InspecTools

data/lib/inspec_tools/csv.rb

@@ -6,10 +6,6 @@ require_relative '../utilities/inspec_util'
 require_relative '../utilities/cci_xml'
 require_relative '../utilities/mapping_validator'
 
-# rubocop:disable Metrics/AbcSize
-# rubocop:disable Metrics/PerceivedComplexity
-# rubocop:disable Metrics/CyclomaticComplexity
-
 module InspecTools
   # Methods for converting from CSV to various formats
   class CSVTool
@@ -46,8 +42,8 @@ module InspecTools
       @profile['supports'] = []
       @profile['attributes'] = []
       @profile['generator'] = {
-        'name': 'inspec_tools',
-        'version': VERSION
+        name: 'inspec_tools',
+        version: VERSION
       }
     end
 
@@ -98,7 +94,3 @@ module InspecTools
     end
   end
 end
-
-# rubocop:enable Metrics/AbcSize
-# rubocop:enable Metrics/PerceivedComplexity
-# rubocop:enable Metrics/CyclomaticComplexity

data/lib/inspec_tools/generate_map.rb

@@ -14,21 +14,21 @@ module InspecTools
 
     def default_text
       <<~YML
-      # Setting csv_header to true will skip the csv file header
-      skip_csv_header: true
-      width   : 80
+        # Setting csv_header to true will skip the csv file header
+        skip_csv_header: true
+        width   : 80
 
 
-      control.id: 0
-      control.title: 15
-      control.desc: 16
-      control.tags:
-        severity: 1
-        rid: 8
-        stig_id: 3
-        cci: 2
-        check: 12
-        fix: 10
+        control.id: 0
+        control.title: 15
+        control.desc: 16
+        control.tags:
+          severity: 1
+          rid: 8
+          stig_id: 3
+          cci: 2
+          check: 12
+          fix: 10
       YML
     end
   end

data/lib/inspec_tools/help.rb

@@ -1,9 +1,11 @@
-module InspecTools::Help
-  class << self
-    def text(namespaced_command)
-      path = namespaced_command.to_s.tr(':', '/')
-      path = File.expand_path("../help/#{path}.md", __FILE__)
-      IO.read(path) if File.exist?(path)
+module InspecTools
+  module Help
+    class << self
+      def text(namespaced_command)
+        path = namespaced_command.to_s.tr(':', '/')
+        path = File.expand_path("../help/#{path}.md", __FILE__)
+        IO.read(path) if File.exist?(path)
+      end
     end
   end
 end

data/lib/inspec_tools/inspec.rb

@@ -13,7 +13,7 @@ require_relative '../utilities/xccdf/from_inspec'
 require_relative '../utilities/xccdf/to_xccdf'
 
 module InspecTools
-  class Inspec # rubocop:disable Metrics/ClassLength
+  class Inspec
     def initialize(inspec_json, metadata = {})
       @json = JSON.parse(inspec_json.gsub(/\\+u0000/, ''))
       @metadata = metadata
@@ -61,12 +61,31 @@ module InspecTools
 
     private
 
+    def topmost_profile_name
+      find_topmost_profile_name(0)
+    end
+
+    def find_topmost_profile_name(index, parent_name = nil)
+      # Return nil when the index is out of bounds.
+      # nil returned here will set the profile name to '' in the calling functions.
+      return nil if index > @json['profiles'].length - 1
+
+      # No parent profile means this is the parent
+      if !@json['profiles'][index].key?('parent_profile') && (@json['profiles'][index]['name'] == parent_name || index.zero?)
+        # For the initial case, parent_name will be nil, and if we are already at the parent index is also zero
+        return @json['profiles'][index]['name']
+      end
+
+      parent_name = @json['profiles'][index]['parent_profile']
+      find_topmost_profile_name(index + 1, parent_name)
+    end
+
     ###
     #  This method converts an inspec json to an array of arrays
     #
     # @param inspec_json : an inspec profile formatted as a json object
     ###
-    def inspec_json_to_array(inspec_json) # rubocop:disable Metrics/CyclomaticComplexity
+    def inspec_json_to_array(inspec_json)
       data = []
       headers = {}
       inspec_json['controls'].each do |control|
@@ -111,28 +130,19 @@ module InspecTools
     end
 
     def generate_ckl
-      stigs = HappyMapperTools::StigChecklist::Stigs.new
-      istig = HappyMapperTools::StigChecklist::IStig.new
-
       vuln_list = []
       @data.keys.each do |control_id|
         vuln_list.push(generate_vuln_data(@data[control_id]))
       end
 
-      si_data = HappyMapperTools::StigChecklist::SiData.new
-      si_data.name = 'stigid'
-      si_data.data = ''
-      if !@metadata['stigid'].nil?
-        si_data.data = @metadata['stigid']
-      end
+      si_data_data = @metadata['stigid'] || topmost_profile_name || ''
+      si_data_stigid = HappyMapperTools::StigChecklist::SiData.new('stigid', si_data_data)
+      si_data_title = HappyMapperTools::StigChecklist::SiData.new('title', si_data_data)
 
-      stig_info = HappyMapperTools::StigChecklist::StigInfo.new
-      stig_info.si_data = si_data
-      istig.stig_info = stig_info
+      stig_info = HappyMapperTools::StigChecklist::StigInfo.new([si_data_stigid, si_data_title])
 
-      istig.vuln = vuln_list
-      stigs.istig = istig
-      @checklist.stig = stigs
+      istig = HappyMapperTools::StigChecklist::IStig.new(stig_info, vuln_list)
+      @checklist.stig = HappyMapperTools::StigChecklist::Stigs.new(istig)
 
       @checklist.asset = generate_asset
     end
@@ -158,19 +168,19 @@ module InspecTools
       vuln
     end
 
-    def generate_asset # rubocop:disable Metrics/AbcSize
+    def generate_asset
       asset = HappyMapperTools::StigChecklist::Asset.new
-      asset.role = !@metadata['role'].nil? ? @metadata['role'] : 'Workstation'
-      asset.type = !@metadata['type'].nil? ? @metadata['type'] : 'Computing'
+      asset.role = @metadata['role'].nil? ? 'Workstation' : @metadata['role']
+      asset.type = @metadata['type'].nil? ? 'Computing' : @metadata['type']
       asset.host_name = generate_hostname
       asset.host_ip = generate_ip
       asset.host_mac = generate_mac
       asset.host_fqdn = generate_fqdn
-      asset.tech_area = !@metadata['tech_area'].nil? ? @metadata['tech_area'] : ''
-      asset.target_key = !@metadata['target_key'].nil? ? @metadata['target_key'] : ''
-      asset.web_or_database = !@metadata['web_or_database'].nil? ? @metadata['web_or_database'] : '0'
-      asset.web_db_site = !@metadata['web_db_site'].nil? ? @metadata['web_db_site'] : ''
-      asset.web_db_instance = !@metadata['web_db_instance'].nil? ? @metadata['web_db_instance'] : ''
+      asset.tech_area = @metadata['tech_area'].nil? ? '' : @metadata['tech_area']
+      asset.target_key = @metadata['target_key'].nil? ? '' : @metadata['target_key']
+      asset.web_or_database = @metadata['web_or_database'].nil? ? '0' : @metadata['web_or_database']
+      asset.web_db_site = @metadata['web_db_site'].nil? ? '' : @metadata['web_db_site']
+      asset.web_db_instance = @metadata['web_db_instance'].nil? ? '' : @metadata['web_db_instance']
       asset
     end
 

data/lib/inspec_tools/pdf.rb

@@ -6,10 +6,6 @@ require_relative '../utilities/parser'
 require_relative '../utilities/text_cleaner'
 require_relative '../utilities/cis_to_nist'
 
-# rubocop:disable Metrics/AbcSize
-# rubocop:disable Metrics/PerceivedComplexity
-# rubocop:disable Metrics/CyclomaticComplexity
-
 module InspecTools
   class PDF
     def initialize(pdf, profile_name, debug = false)
@@ -59,7 +55,7 @@ module InspecTools
       @transformed_data.each do |contr|
         nist = find_nist(contr[:cis]) unless contr[:cis] == 'No CIS Control'
         control = {}
-        control['id'] = 'M-' + contr[:title].split(' ')[0]
+        control['id'] = "M-#{contr[:title].split[0]}"
         control['title'] = contr[:title]
         control['desc'] = contr[:descr]
         control['impact'] = Utils::InspecUtil.get_impact('medium')
@@ -67,7 +63,7 @@ module InspecTools
         control['tags']['severity'] = Utils::InspecUtil.get_impact_string(control['impact'])
         control['tags']['ref'] = contr[:ref] unless contr[:ref].nil?
         control['tags']['applicability'] = contr[:applicability] unless contr[:applicability].nil?
-        control['tags']['cis_id'] = contr[:title].split(' ')[0] unless contr[:title].nil?
+        control['tags']['cis_id'] = contr[:title].split[0] unless contr[:title].nil?
         control['tags']['cis_control'] = [contr[:cis], @nist_mapping[0][:cis_ver]] unless contr[:cis].nil? # tag cis_control: [5, 6.1] ##6.1 is the version
         control['tags']['cis_level'] = contr[:level] unless contr[:level].nil?
         control['tags']['nist'] = nist unless nist.nil? # tag nist: [AC-3, 4]  ##4 is the version
@@ -91,8 +87,8 @@ module InspecTools
       @profile['supports'] = []
       @profile['attributes'] = []
       @profile['generator'] = {
-        'name': 'inspec_tools',
-        'version': VERSION
+        name: 'inspec_tools',
+        version: VERSION
       }
     end
 

data/lib/inspec_tools/plugin_cli.rb

@@ -16,10 +16,9 @@ module InspecTools
   autoload :GenerateMap, 'inspec_tools/generate_map'
 end
 
-# rubocop:disable Style/GuardClause
 module InspecPlugins
   module InspecToolsPlugin
-    class CliCommand < Inspec.plugin(2, :cli_command) # rubocop:disable Metrics/ClassLength
+    class CliCommand < Inspec.plugin(2, :cli_command)
       POSSIBLE_LOG_LEVELS = %w{debug info warn error fatal}.freeze
 
       class_option :log_directory, type: :string, aliases: :l, desc: 'Provide log location'
@@ -36,8 +35,9 @@ module InspecPlugins
       option :separate_files, required: false, type: :boolean, default: true, aliases: '-s'
       option :replace_tags, type: :array, required: false, aliases: '-r'
       option :metadata, required: false, aliases: '-m'
+      option :control_id, required: false, enum: %w{ruleID vulnID}, aliases: '-c', default: 'vulnID'
       def xccdf2inspec
-        xccdf = InspecTools::XCCDF.new(File.read(options[:xccdf]), options[:replace_tags])
+        xccdf = InspecTools::XCCDF.new(File.read(options[:xccdf]), options[:control_id] == 'vulnID', options[:replace_tags])
         profile = xccdf.to_inspec
 
         if !options[:metadata].nil?
@@ -240,5 +240,3 @@ if help_commands.any? { |cmd| ARGV.include? cmd }
     end
   end
 end
-
-# rubocop:enable Style/GuardClause

data/lib/inspec_tools/summary.rb

@@ -14,15 +14,8 @@ TALLYS = %i(total critical high medium low).freeze
 THRESHOLD_TEMPLATE = File.expand_path('../data/threshold.yaml', File.dirname(__FILE__))
 
 module InspecTools
-  # rubocop:disable Metrics/ClassLength
   class Summary
-    attr_reader :json
-    attr_reader :json_full
-    attr_reader :json_counts
-    attr_reader :threshold_file
-    attr_reader :threshold_inline
-    attr_reader :summary
-    attr_reader :threshold
+    attr_reader :json, :json_full, :json_counts, :threshold_file, :threshold_inline, :summary, :threshold
 
     def initialize(**options)
       options = options[:options]
@@ -154,5 +147,4 @@ module InspecTools
          summary[:status][:error][:total])).floor
     end
   end
-  # rubocop:enable Metrics/ClassLength
 end

data/lib/inspec_tools/xccdf.rb

@@ -6,19 +6,15 @@ require 'digest'
 require 'json'
 
 module InspecTools
-  # rubocop:disable Metrics/ClassLength
-  # rubocop:disable Metrics/AbcSize
-  # rubocop:disable Metrics/PerceivedComplexity
-  # rubocop:disable Metrics/CyclomaticComplexity
-  # rubocop:disable Metrics/BlockLength
   class XCCDF
-    def initialize(xccdf, replace_tags = nil)
+    def initialize(xccdf, use_vuln_id, replace_tags = nil)
       @xccdf = xccdf
       @xccdf = replace_tags_in_xccdf(replace_tags, @xccdf) unless replace_tags.nil?
       cci_list_path = File.join(File.dirname(__FILE__), '../data/U_CCI_List.xml')
       @cci_items = HappyMapperTools::CCIAttributes::CCI_List.parse(File.read(cci_list_path))
       register_after_parse_callbacks
       @benchmark = HappyMapperTools::StigAttributes::Benchmark.parse(@xccdf)
+      @use_vuln_id = use_vuln_id
     end
 
     def to_ckl
@@ -42,7 +38,7 @@ module InspecTools
     # extracts non-InSpec attributes
     ###
     # TODO there may be more attributes we want to extract, see data/attributes.yml for example
-    def to_attributes # rubocop:disable Metrics/AbcSize
+    def to_attributes
       @attribute = {}
 
       @attribute['benchmark.title'] = @benchmark.title
@@ -116,8 +112,8 @@ module InspecTools
       @profile['supports'] = []
       @profile['attributes'] = []
       @profile['generator'] = {
-        'name': 'inspec_tools',
-        'version': VERSION
+        name: 'inspec_tools',
+        version: VERSION
       }
       @profile['plaintext'] = @benchmark.plaintext.plaintext
       @profile['status'] = "#{@benchmark.status} on #{@benchmark.release_date.release_date}"
@@ -129,7 +125,7 @@ module InspecTools
     def insert_controls
       @benchmark.group.each do |group|
         control = {}
-        control['id'] = group.id
+        control['id'] = @use_vuln_id ? group.id : group.rule.id.split('r').first
         control['title'] = group.rule.title
         control['desc'] = group.rule.description.vuln_discussion.split('Satisfies: ')[0]
         control['impact'] = Utils::InspecUtil.get_impact(group.rule.severity)
@@ -141,8 +137,9 @@ module InspecTools
         control['tags']['rid'] = group.rule.id
         control['tags']['stig_id'] = group.rule.version
         control['tags']['fix_id'] = group.rule.fix.id
-        control['tags']['cci'] = group.rule.idents.select { |i| i.cci }.map { |i| i.ident }
-        control['tags']['legacy'] = group.rule.idents.select { |i| i.legacy}.map { |i| i.ident }
+        control['tags']['cci'] = group.rule.idents.select(&:cci).map(&:ident)
+        legacy_tags = group.rule.idents.select(&:legacy)
+        control['tags']['legacy'] = legacy_tags.map(&:ident) unless legacy_tags.empty?
         control['tags']['nist'] = @cci_items.fetch_nists(control['tags']['cci'])
         control['tags']['false_negatives'] = group.rule.description.false_negatives if group.rule.description.false_negatives != ''
         control['tags']['false_positives'] = group.rule.description.false_positives if group.rule.description.false_positives != ''

data/lib/inspec_tools/xlsx_tool.rb

@@ -8,10 +8,6 @@ require_relative '../utilities/inspec_util'
 require_relative '../utilities/cis_to_nist'
 require_relative '../utilities/mapping_validator'
 
-# rubocop:disable Metrics/AbcSize
-# rubocop:disable Metrics/PerceivedComplexity
-# rubocop:disable Metrics/CyclomaticComplexity
-
 module InspecTools
   # Methods for converting from XLS to various formats
   class XLSXTool
@@ -58,8 +54,8 @@ module InspecTools
       @profile['supports'] = []
       @profile['attributes'] = []
       @profile['generator'] = {
-        'name': 'inspec_tools',
-        'version': ::InspecTools::VERSION
+        name: 'inspec_tools',
+        version: ::InspecTools::VERSION
       }
     end
 
@@ -73,7 +69,7 @@ module InspecTools
           tag_pos = @mapping['control.tags']
           control = {}
           control['tags'] = {}
-          control['id'] = control_prefix + '-' + row[@mapping['control.id']].formatted_value unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
+          control['id'] = "#{control_prefix}-#{row[@mapping['control.id']].formatted_value}" unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
           control['title']  = row[@mapping['control.title']].formatted_value unless cell_empty?(@mapping['control.title']) || cell_empty?(row[@mapping['control.title']])
           control['desc'] = ''
           control['desc'] = row[@mapping['control.desc']].formatted_value unless cell_empty?(row[@mapping['control.desc']])
@@ -107,7 +103,8 @@ module InspecTools
     end
 
     def apply_cis_and_nist_controls(control, cis_tags)
-      control['tags']['cis_controls'], control['tags']['nist'] = [], []
+      control['tags']['cis_controls'] = []
+      control['tags']['nist'] = []
 
       if cis_tags[:sub_section].nil? || cis_tags[:sub_section].blank?
         control['tags']['cis_controls'] << cis_tags[:section]
@@ -130,7 +127,3 @@ module InspecTools
     end
   end
 end
-
-# rubocop:enable Metrics/AbcSize
-# rubocop:enable Metrics/PerceivedComplexity
-# rubocop:enable Metrics/CyclomaticComplexity

data/lib/overrides/string.rb

@@ -1,5 +1,5 @@
 class String
   def blank?
-    self.strip.empty?
+    strip.empty?
   end
 end

data/lib/utilities/inspec_util.rb

@@ -14,7 +14,7 @@ require 'overrides/string'
 require 'rubocop'
 
 module Utils
-  class InspecUtil # rubocop:disable Metrics/ClassLength
+  class InspecUtil
     WIDTH = 80
     IMPACT_SCORES = {
       'none' => 0.0,
@@ -24,7 +24,7 @@ module Utils
       'critical' => 0.9
     }.freeze
 
-    def self.parse_data_for_ckl(json) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+    def self.parse_data_for_ckl(json)
       data = {}
 
       # Parse for inspec profile results json
@@ -88,7 +88,7 @@ module Utils
       hash.each_with_object({}) do |(k, v), ret|
         key = recursive_key + k.to_s
         if v.is_a? Hash
-          ret.merge! to_dotted_hash(v, key + '.')
+          ret.merge! to_dotted_hash(v, "#{key}.")
         else
           ret[key] = v
         end
@@ -165,15 +165,16 @@ module Utils
     end
 
     private_class_method def self.string_to_impact(severity, use_cvss_terms)
-      if %r{none|na|n/a|not[_|(\s*)]?applicable}i.match?(severity)
+      case severity
+      when %r{none|na|n/a|not[_|(\s*)]?applicable}i
         impact = 0.0 # Informative
-      elsif /low|cat(egory)?\s*(iii|3)/i.match?(severity)
+      when /low|cat(egory)?\s*(iii|3)/i
         impact = 0.3 # Low Impact
-      elsif /med(ium)?|cat(egory)?\s*(ii|2)/i.match?(severity)
+      when /med(ium)?|cat(egory)?\s*(ii|2)/i
         impact = 0.5 # Medium Impact
-      elsif /high|cat(egory)?\s*(i|1)/i.match?(severity)
+      when /high|cat(egory)?\s*(i|1)/i
         impact = 0.7 # High Impact
-      elsif /crit(ical)?|severe/i.match?(severity)
+      when /crit(ical)?|severe/i
         impact = 1.0 # Critical Controls
       else
         raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
@@ -218,7 +219,7 @@ module Utils
       WordWrap.ww(str.to_s, width)
     end
 
-    private_class_method def self.generate_controls(inspec_json) # rubocop:disable Metrics/AbcSize,  Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+    private_class_method def self.generate_controls(inspec_json)
       controls = []
       inspec_json['controls'].each do |json_control|
         control = ::Inspec::Object::Control.new
@@ -246,7 +247,7 @@ module Utils
         control.add_tag(::Inspec::Object::Tag.new('stig_id',  json_control['tags']['stig_id']))
         control.add_tag(::Inspec::Object::Tag.new('fix_id', json_control['tags']['fix_id']))
         control.add_tag(::Inspec::Object::Tag.new('cci', json_control['tags']['cci']))
-        control.add_tag(::Inspec::Object::Tag.new('legacy', json_control['tags']['legacy']))
+        control.add_tag(::Inspec::Object::Tag.new('legacy', json_control['tags']['legacy'])) unless json_control['tags']['legacy'].blank?
         control.add_tag(::Inspec::Object::Tag.new('nist', json_control['tags']['nist']))
         control.add_tag(::Inspec::Object::Tag.new('cis_level', json_control['tags']['cis_level'])) unless json_control['tags']['cis_level'].blank?
         control.add_tag(::Inspec::Object::Tag.new('cis_controls', json_control['tags']['cis_controls'])) unless json_control['tags']['cis_controls'].blank?
@@ -326,7 +327,7 @@ module Utils
       myfile.puts readme_contents
     end
 
-    private_class_method def self.unpack_profile(directory, controls, separated, output_format) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+    private_class_method def self.unpack_profile(directory, controls, separated, output_format)
       FileUtils.rm_rf(directory) if Dir.exist?(directory)
       Dir.mkdir directory unless Dir.exist?(directory)
       Dir.mkdir "#{directory}/controls" unless Dir.exist?("#{directory}/controls")
@@ -337,7 +338,7 @@ module Utils
             file_name = control.id.to_s
             myfile = File.new("#{directory}/controls/#{file_name}.rb", 'w')
             myfile.puts "# encoding: UTF-8\n\n"
-            myfile.puts wrap(control.to_ruby, WIDTH) + "\n"
+            myfile.puts "#{wrap(control.to_ruby, WIDTH)}\n"
             myfile.close
           end
         else
@@ -353,7 +354,7 @@ module Utils
         if output_format == 'ruby'
           controls.each do |control|
             myfile.puts "# encoding: UTF-8\n\n"
-            myfile.puts wrap(control.to_ruby.gsub('"', "\'"), WIDTH) + "\n"
+            myfile.puts "#{wrap(control.to_ruby.gsub('"', "\'"), WIDTH)}\n"
           end
         else
           controls.each do |control|

data/lib/utilities/parser.rb

@@ -4,7 +4,6 @@ require 'parslet'
 require 'parslet/convenience'
 require 'pp'
 
-# rubocop:disable Metrics/ClassLength
 module Util
   class ControlParser < Parslet::Parser
     root :controls
@@ -345,8 +344,8 @@ module Util
 
     def parse(clean_text)
       @parser.parse(clean_text)
-    rescue Parslet::ParseFailed => error
-      puts error.parse_failure_cause.ascii_tree
+    rescue Parslet::ParseFailed => e
+      puts e.parse_failure_cause.ascii_tree
     end
 
     def convert_str(value)
@@ -359,13 +358,13 @@ module Util
           references = ctrl[:ref].split("\n")
           references.each do |ref|
             match = ref.scan(/(?<=#)\d+\.\d+/).map(&:inspect).join(',').delete('"').tr(',', ' ')
-            ctrl[:cis] = match.split(' ') unless match.empty?
+            ctrl[:cis] = match.split unless match.empty?
           end
           ctrl[:cis] = 'No CIS Control' unless ctrl[:cis]
         elsif !ctrl[:cis] && !ctrl[:ref]
           ctrl[:cis] = 'No CIS Control'
         elsif ctrl[:cis] && ctrl[:ref]
-          ctrl[:cis] = ctrl[:cis].scan(/^\d+[\.\d+]*/)
+          ctrl[:cis] = ctrl[:cis].scan(/^\d+[.\d+]*/)
         end
       end
     end

data/lib/utilities/text_cleaner.rb

@@ -15,36 +15,31 @@ module Util
       clean_special = remove_special(clean_whitespace)
       clean_no_space = remove_extra_space(clean_special)
       clean_pagenum = remove_pagenum(clean_no_space)
-      clean_data = separate_controls(clean_pagenum)
-      clean_data
+      separate_controls(clean_pagenum)
     end
 
     # Removes everything before and after the controls
     def isolate_controls_data(extracted_data)
       extracted_data = extracted_data.gsub(/\| P a g e+/, "| P a g e\n")
-      extracted_data = extracted_data.split("\n").map{ |line| line.strip}.reject { |e| e.to_s.empty? }.join("\n")
+      extracted_data = extracted_data.split("\n").map(&:strip).reject { |e| e.to_s.empty? }.join("\n")
       extracted_data = extracted_data.gsub('???', '')
-      controls_data = /^1\.1\s*[^\)]*?(?=\)$)(.*\n)*?(?=\s*Appendix:)/.match(extracted_data).to_s
-      controls_data
+      /^1\.1\s*[^)]*?(?=\)$)(.*\n)*?(?=\s*Appendix:)/.match(extracted_data).to_s
     end
 
     # Removes all pagenumbers between the controls
     def remove_pagenum(extracted_data)
       clean_pagenum = extracted_data.gsub(/(\d{1,3}\|Page|\d{1,3} \| P a g e)/, '').to_s
-      clean_pagenum = clean_pagenum.gsub(/(\d{1,3} \| Page)/, '').to_s
-      clean_pagenum
+      clean_pagenum.gsub(/(\d{1,3} \| Page)/, '').to_s
     end
 
     # Removes section headers for each control
     def remove_section_header(extracted_data)
-      clean_section_header = extracted_data.gsub(/(?<!•)\s\n\d{1}\s.*(?:.*\n)*?(?=\d\.\d)/, "\n\n").to_s
-      clean_section_header
+      extracted_data.gsub(/(?<!•)\s\n\d{1}\s.*(?:.*\n)*?(?=\d\.\d)/, "\n\n").to_s
     end
 
     # removes newlines between a control
     def remove_newline_in_controls(extracted_data)
-      clean_whitespace = extracted_data.gsub(/\s\n.*?(?!d\.)/, "\n").to_s
-      clean_whitespace
+      extracted_data.gsub(/\s\n.*?(?!d\.)/, "\n").to_s
     end
 
     # adds whitespace between different controls
@@ -53,8 +48,8 @@ module Util
     end
 
     def remove_special(extracted_data)
-      extracted_data = extracted_data.gsub(/[]/, '')
-      extracted_data.gsub(/[•]/, '')
+      extracted_data = extracted_data.gsub(//, '')
+      extracted_data.gsub(/•/, '')
     end
 
     def remove_extra_space(extracted_data)

data/lib/utilities/xccdf/from_inspec.rb

@@ -4,7 +4,7 @@ module Utils
     DATA_NOT_FOUND_MESSAGE = 'N/A'.freeze
 
     # Convert raw Inspec result json into format acceptable for XCCDF transformation.
-    def parse_data_for_xccdf(json) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+    def parse_data_for_xccdf(json)
       data = {}
 
       controls = []
@@ -29,7 +29,7 @@ module Utils
         c_data[c_id]['gid']            = control['tags']['gid'] || control['id']
         c_data[c_id]['gtitle']         = control['tags']['gtitle'] if control['tags']['gtitle'] # Optional attribute
         c_data[c_id]['gdescription']   = control['tags']['gdescription'] if control['tags']['gdescription'] # Optional attribute
-        c_data[c_id]['rid']            = control['tags']['rid'] || 'r_' + c_data[c_id]['gid']
+        c_data[c_id]['rid']            = control['tags']['rid'] || "r_#{c_data[c_id]['gid']}"
         c_data[c_id]['rversion']       = control['tags']['rversion'] if control['tags']['rversion'] # Optional attribute
         c_data[c_id]['rweight']        = control['tags']['rweight'] if control['tags']['rweight'] # Optional attribute where N/A is not schema compliant
         c_data[c_id]['stig_id']        = control['tags']['stig_id'] || DATA_NOT_FOUND_MESSAGE

data/lib/utilities/xccdf/to_xccdf.rb

@@ -2,7 +2,7 @@ require_relative 'xccdf_score'
 
 module Utils
   # Data conversions for Inspec output into XCCDF format.
-  class ToXCCDF # rubocop:disable Metrics/ClassLength
+  class ToXCCDF
     # @param attribute [Hash] XCCDF supplemental attributes
     # @param data [Hash] Converted Inspec output data
     def initialize(attribute, data)
@@ -53,7 +53,7 @@ module Utils
     end
 
     # Translate join of Inspec results and input attributes to XCCDF Groups
-    def build_groups # rubocop:disable Metrics/AbcSize
+    def build_groups
       group_array = []
       @data['controls'].each do |control|
         group = HappyMapperTools::Benchmark::Group.new
@@ -67,7 +67,7 @@ module Utils
         group.rule.weight = control['rweight']
         group.rule.version = control['rversion']
         group.rule.title = control['title'].tr("\n", ' ') if control['title']
-        group.rule.description = "<VulnDiscussion>#{control['desc'].tr("\n", ' ')}</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>"
+        group.rule.description = "<VulnDiscussion>#{control['desc']}</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>"
 
         if ['reference.dc.publisher', 'reference.dc.title', 'reference.dc.subject', 'reference.dc.type', 'reference.dc.identifier'].any? { |a| @attribute.key?(a) }
           group.rule.reference = build_rule_reference
@@ -127,7 +127,7 @@ module Utils
 
       # Each rule identifier is a different element
       idents.map do |identifier|
-        ident = HappyMapperTools::Benchmark::Ident.new identifier
+        HappyMapperTools::Benchmark::Ident.new identifier
       end
     end
 
@@ -182,7 +182,7 @@ module Utils
 
     # Build out the TestResult given all the control and result data.
     def populate_results(test_result)
-      # Note: id is not an XCCDF 1.2 compliant identifier and will need to be updated when that support is added.
+      # NOTE: id is not an XCCDF 1.2 compliant identifier and will need to be updated when that support is added.
       test_result.id = 'result_1'
       test_result.starttime = run_start_time
       test_result.endtime = run_end_time
@@ -237,7 +237,7 @@ module Utils
     end
 
     # Combines rule results with the same result into a single rule result.
-    def combine_results(rule_results) # rubocop:disable Metrics/AbcSize
+    def combine_results(rule_results)
       return rule_results.first if rule_results.size == 1
 
       # Can combine, result, idents (duplicate, take first instance), instance - combine into an array removing duplicates
@@ -328,7 +328,7 @@ module Utils
     # @param one [String] A rule-result status
     # @param two [String] A rule-result status
     # @return The result of the AND operation.
-    def xccdf_and_result(one, two) # rubocop:disable Metrics/CyclomaticComplexity
+    def xccdf_and_result(one, two)
       # From XCCDF specification truth table
       # P = pass
       # F = fail
@@ -361,7 +361,7 @@ module Utils
 
       message = HappyMapperTools::Benchmark::MessageType.new
       # Including the code of the check and the resulting message if there is one.
-      message.message = "#{result['code_desc'] ? result['code_desc'] + "\n\n" : ''}#{result['message'] || result['skip_message']}"
+      message.message = "#{result['code_desc'] ? "#{result['code_desc']}\n\n" : ''}#{result['message'] || result['skip_message']}"
       message.severity = result_message_severity(xccdf_status)
       message
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: inspec_tools
 version: !ruby/object:Gem::Version
-  version: 2.3.4
+  version: 2.3.8
 platform: ruby
 authors:
 - Robert Thew
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-04-16 00:00:00.000000000 Z
+date: 2021-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -149,16 +149,16 @@ dependencies:
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: word_wrap
   requirement: !ruby/object:Gem::Requirement
@@ -257,6 +257,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement