inspec_tools 1.7.3 → 1.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3d58d22693db0f7d255af885a6e48db127aabc0fe506b0d924af1f7da5a498ca
-  data.tar.gz: 64ba93bbf6a3cff90a69aa64a77500cd5606ba837b3a0670fe31f9c99e618a0e
+  metadata.gz: abeac8c102b3f03af3bf9c1a93317559ee19c03bf833e9db99db8a5d56a7e04d
+  data.tar.gz: 6ec554a1070d426cff9b20625d5772fa936f9a09b3c7064d84d97aa4424035a1
 SHA512:
-  metadata.gz: 906c0ede6edf1845ab8100fb3b2bc9dbac972f61d93e9e14d3faca5ecb2abeb07a035dfca96d17dc0ce410793a2af29a04a6a25f7d640e9da37859df148ecc24
-  data.tar.gz: 7a8239a52459963784cc922804c3db71575610f7e716bdd5a4b12599e90c2db290a18c21e5c67f1ad24268c5b4b33c2eef9f796a0e8eaaf64a56333887c12c19
+  metadata.gz: 5fdc98980df4e9b1b92fa78f1059d2ef463b657563bfb53f983c256d927cc9b46e678f0dbcab60a4dc3e0cf1e1b2d8b27a4af07ae14328b4a8641154801d5148
+  data.tar.gz: be653f8e95453aaf20dd46d246c77b26a6d87fdc67537948d751f616dc8fb751b6e46d7cb2abaf7ecf28982592056b957761fb58e151c8a72932e0170b7e7977

data/CHANGELOG.md

@@ -1,5 +1,37 @@
 # Changelog
 
+## [v1.8.2](https://github.com/mitre/inspec_tools/tree/v1.8.2) (2020-03-25)
+
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.8.1...v1.8.2)
+
+**Merged pull requests:**
+
+- Gemspec Dependency Updates  [\#109](https://github.com/mitre/inspec_tools/pull/109) ([Bialogs](https://github.com/Bialogs))
+
+## [v1.8.1](https://github.com/mitre/inspec_tools/tree/v1.8.1) (2020-03-24)
+
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.8.0...v1.8.1)
+
+**Closed issues:**
+
+- Please update the homepage in the gemspec to point to inspec-tools.mitre.org [\#105](https://github.com/mitre/inspec_tools/issues/105)
+
+**Merged pull requests:**
+
+- Update Gem homepage to https://inspec-tools.mitre.org/ [\#108](https://github.com/mitre/inspec_tools/pull/108) ([Bialogs](https://github.com/Bialogs))
+
+## [v1.8.0](https://github.com/mitre/inspec_tools/tree/v1.8.0) (2020-03-24)
+
+[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.7.3...v1.8.0)
+
+**Closed issues:**
+
+- csv2inspec impact doesn't correct format "CAT I II III" severities [\#88](https://github.com/mitre/inspec_tools/issues/88)
+
+**Merged pull requests:**
+
+- Support conversion from CAT/Category style severities when generating an impact number. [\#106](https://github.com/mitre/inspec_tools/pull/106) ([Bialogs](https://github.com/Bialogs))
+
 ## [v1.7.3](https://github.com/mitre/inspec_tools/tree/v1.7.3) (2020-03-23)
 
 [Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.7.2...v1.7.3)

data/README.md

@@ -186,7 +186,7 @@ example: inspec_tools inspec2xccdf -j example.json -a attributes.yml -o xccdf.xm
 
 ## csv2inspec
 
-Convert a csv export of STIG controls to an InSpec profile
+csv2inspec translates CSV to Inspec controls using a mapping file.
 
 ```
 USAGE: inspec_tools csv2inspec [OPTIONS] -c <stig-csv> -m <map-yml>
@@ -199,7 +199,7 @@ FLAGS:
 	-f --format [ruby | hash]          : the format you would like (default: ruby) [optional]
 	-s --separate-files [true | false] : separate the controls into different files (default: true) [optional]
 
-example: inspec_tools csv2inspec -c stig.csv -m map.yml -o mydir -f ruby -s true   # To map stig.csv to InSpec via map.yml
+example: inspec_tools csv2inspec -c examples/csv2inspec/stig.csv -m examples/csv2inspec/mapping.yml -o mydir -f ruby -s true   # To map stig.csv to InSpec via mapping.yml
 ```
 
 ## inspec2csv
@@ -256,16 +256,16 @@ Usage:
   inspec_tools xlsx2inspec -m, --mapping=MAPPING -p, --control-name-prefix=CONTROL_NAME_PREFIX -x, --xlsx=XLSX
 
 Options:
-  -x, --xlsx=XLSX                                
-  -m, --mapping=MAPPING                          
-  -p, --control-name-prefix=CONTROL_NAME_PREFIX  
-  -V, [--verbose], [--no-verbose]                
-  -o, [--output=OUTPUT]                          
+  -x, --xlsx=XLSX
+  -m, --mapping=MAPPING
+  -p, --control-name-prefix=CONTROL_NAME_PREFIX
+  -V, [--verbose], [--no-verbose]
+  -o, [--output=OUTPUT]
                                                  # Default: profile
-  -f, [--format=FORMAT]                          
+  -f, [--format=FORMAT]
                                                  # Default: ruby
                                                  # Possible values: ruby, hash
-  -s, [--separate-files], [--no-separate-files]  
+  -s, [--separate-files], [--no-separate-files]
                                                  # Default: true
       [--log-level=LOG_LEVEL]                    # Set the logging level: ["debug", "info", "warn", "error", "fatal"]
       [--log-location=LOG_LOCATION]              # Location to send diagnostic log messages to. (default: $stdout or Inspec::Log.error)
@@ -286,6 +286,14 @@ Prints out the gem version
 USAGE: inspec_tools version
 ```
 
+# Format of Input and Output Files
+
+InspecTools will make a best effort approach when converting various legacy terms and values in input files. If some terminology is not supported, please open an issue.
+
+InspecTools is opinionated about the output of its profiles. Profiles generated by InspecTools generally attempt to adhere to latest National Institute of Standards and Technology (NIST) terms and values, such as the Common Vulnerability Scoring System (CVSS).
+
+View our wiki pages on [expected](https://github.com/mitre/inspec_tools/wiki/Expected-Input) input and [expected output](https://github.com/mitre/inspec_tools/wiki/Expected-Output) for more information about what is currently supported input and expected output.
+
 # `inspec_tools` Development
 
 View our [wiki page](https://github.com/mitre/inspec_tools/wiki/Development) for more information on contributing.

data/lib/exceptions/impact_input_error.rb

@@ -0,0 +1,6 @@
+module Utils
+  class InspecUtil
+    class ImpactInputError < ::StandardError
+    end
+  end
+end

data/lib/exceptions/severity_input_error.rb

@@ -0,0 +1,6 @@
+module Utils
+  class InspecUtil
+    class SeverityInputError < ::StandardError
+    end
+  end
+end

data/lib/inspec_tools/version.rb

@@ -1,3 +1,3 @@
 module InspecTools
-  VERSION = '1.7.3'.freeze
+  VERSION = '1.8.2'.freeze
 end

data/lib/utilities/inspec_util.rb

@@ -4,6 +4,8 @@ require 'pp'
 require 'uri'
 require 'net/http'
 require 'fileutils'
+require 'exceptions/impact_input_error'
+require 'exceptions/severity_input_error'
 
 # Add rails style blank? method to all classes
 class NilClass
@@ -55,8 +57,6 @@ module Utils
       "critical" => 0.9,
     }.freeze
 
-    class ImpactError; end
-
     def self.parse_data_for_xccdf(json)
       data = {}
 
@@ -213,18 +213,55 @@ module Utils
     # values to numbers or to override our hard coded values.
     #
     def self.get_impact(severity)
-      case severity
-      when 'low' then 0.3
-      when 'medium' then 0.5
-      when 'high' then 0.7
-      else severity
+      return float_to_impact(severity) if severity.is_a?(Float)
+
+      return string_to_impact(severity) if severity.is_a?(String)
+
+      raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
+                                '1.0 or one of the approved keywords.'
+    end
+
+    private_class_method def self.float_to_impact(severity)
+      raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
+                                  '1.0 or one of the approved keywords.' unless severity.between?(0,1)
+
+      if severity <= 0.01
+        0.0 # Informative
+      elsif severity < 0.4
+        0.3 # Low Impact
+      elsif severity < 0.7
+        0.5 # Medium Impact
+      elsif severity < 0.9
+        0.7 # High Impact
+      else
+        1.0 # Critical Controls
+      end
+    end
+
+    private_class_method def self.string_to_impact(severity)
+      if /none|na|n\/a|not[_|(\s*)]?applicable/i.match?(severity)
+        0.0 # Informative
+      elsif /low|cat(egory)?\s*(iii|3)/i.match?(severity)
+        0.3 # Low Impact
+      elsif /med(ium)?|cat(egory)?\s*(ii|2)/i.match?(severity)
+        0.5 # Medium Impact
+      elsif /high|cat(egory)?\s*(i|1)/i.match?(severity)
+        0.7 # High Impact
+      elsif /crit(ical)?|severe/i.match?(severity)
+        1.0 # Critical Controls
+      else
+        raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
+                                  '1.0 or one of the approved keywords.'
       end
     end
 
     def self.get_impact_string(impact)
       return if impact.nil?
+
       value = impact.to_f
-      raise ImpactError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]." if value < 0 || value > 1
+      unless value.between?(0,1)
+        raise ImpactInputError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]."
+      end
 
       IMPACT_SCORES.reverse_each do |name, impact|
         return name if value >= impact

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: inspec_tools
 version: !ruby/object:Gem::Version
-  version: 1.7.3
+  version: 1.8.2
 platform: ruby
 authors:
 - Robert Thew
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-23 00:00:00.000000000 Z
+date: 2020-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -51,16 +51,16 @@ dependencies:
   name: inspec-objects
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -107,9 +107,6 @@ dependencies:
   name: pdf-reader
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.1.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
@@ -117,9 +114,6 @@ dependencies:
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.1.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
@@ -137,20 +131,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.8'
-- !ruby/object:Gem::Dependency
-  name: thor
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.19'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.19'
 - !ruby/object:Gem::Dependency
   name: word_wrap
   requirement: !ruby/object:Gem::Requirement
@@ -249,6 +229,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Converter utils for Inspec that can be included as a gem or used from
   the command line
 email:
@@ -273,6 +281,8 @@ files:
 - lib/data/mapping.yml
 - lib/data/stig.csv
 - lib/data/threshold.yaml
+- lib/exceptions/impact_input_error.rb
+- lib/exceptions/severity_input_error.rb
 - lib/happy_mapper_tools/benchmark.rb
 - lib/happy_mapper_tools/cci_attributes.rb
 - lib/happy_mapper_tools/stig_attributes.rb
@@ -305,7 +315,7 @@ files:
 - lib/utilities/inspec_util.rb
 - lib/utilities/parser.rb
 - lib/utilities/text_cleaner.rb
-homepage: https://github.com/mitre/inspec_tools
+homepage: https://inspec-tools.mitre.org/
 licenses:
 - Apache-2.0
 metadata: {}