inspec_tools 1.7.3 → 1.8.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +32 -0
- data/README.md +17 -9
- data/lib/exceptions/impact_input_error.rb +6 -0
- data/lib/exceptions/severity_input_error.rb +6 -0
- data/lib/inspec_tools/version.rb +1 -1
- data/lib/utilities/inspec_util.rb +45 -8
- metadata +37 -27
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: abeac8c102b3f03af3bf9c1a93317559ee19c03bf833e9db99db8a5d56a7e04d
|
4
|
+
data.tar.gz: 6ec554a1070d426cff9b20625d5772fa936f9a09b3c7064d84d97aa4424035a1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5fdc98980df4e9b1b92fa78f1059d2ef463b657563bfb53f983c256d927cc9b46e678f0dbcab60a4dc3e0cf1e1b2d8b27a4af07ae14328b4a8641154801d5148
|
7
|
+
data.tar.gz: be653f8e95453aaf20dd46d246c77b26a6d87fdc67537948d751f616dc8fb751b6e46d7cb2abaf7ecf28982592056b957761fb58e151c8a72932e0170b7e7977
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,37 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## [v1.8.2](https://github.com/mitre/inspec_tools/tree/v1.8.2) (2020-03-25)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.8.1...v1.8.2)
|
6
|
+
|
7
|
+
**Merged pull requests:**
|
8
|
+
|
9
|
+
- Gemspec Dependency Updates [\#109](https://github.com/mitre/inspec_tools/pull/109) ([Bialogs](https://github.com/Bialogs))
|
10
|
+
|
11
|
+
## [v1.8.1](https://github.com/mitre/inspec_tools/tree/v1.8.1) (2020-03-24)
|
12
|
+
|
13
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.8.0...v1.8.1)
|
14
|
+
|
15
|
+
**Closed issues:**
|
16
|
+
|
17
|
+
- Please update the homepage in the gemspec to point to inspec-tools.mitre.org [\#105](https://github.com/mitre/inspec_tools/issues/105)
|
18
|
+
|
19
|
+
**Merged pull requests:**
|
20
|
+
|
21
|
+
- Update Gem homepage to https://inspec-tools.mitre.org/ [\#108](https://github.com/mitre/inspec_tools/pull/108) ([Bialogs](https://github.com/Bialogs))
|
22
|
+
|
23
|
+
## [v1.8.0](https://github.com/mitre/inspec_tools/tree/v1.8.0) (2020-03-24)
|
24
|
+
|
25
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.7.3...v1.8.0)
|
26
|
+
|
27
|
+
**Closed issues:**
|
28
|
+
|
29
|
+
- csv2inspec impact doesn't correct format "CAT I II III" severities [\#88](https://github.com/mitre/inspec_tools/issues/88)
|
30
|
+
|
31
|
+
**Merged pull requests:**
|
32
|
+
|
33
|
+
- Support conversion from CAT/Category style severities when generating an impact number. [\#106](https://github.com/mitre/inspec_tools/pull/106) ([Bialogs](https://github.com/Bialogs))
|
34
|
+
|
3
35
|
## [v1.7.3](https://github.com/mitre/inspec_tools/tree/v1.7.3) (2020-03-23)
|
4
36
|
|
5
37
|
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v1.7.2...v1.7.3)
|
data/README.md
CHANGED
@@ -186,7 +186,7 @@ example: inspec_tools inspec2xccdf -j example.json -a attributes.yml -o xccdf.xm
|
|
186
186
|
|
187
187
|
## csv2inspec
|
188
188
|
|
189
|
-
|
189
|
+
csv2inspec translates CSV to Inspec controls using a mapping file.
|
190
190
|
|
191
191
|
```
|
192
192
|
USAGE: inspec_tools csv2inspec [OPTIONS] -c <stig-csv> -m <map-yml>
|
@@ -199,7 +199,7 @@ FLAGS:
|
|
199
199
|
-f --format [ruby | hash] : the format you would like (default: ruby) [optional]
|
200
200
|
-s --separate-files [true | false] : separate the controls into different files (default: true) [optional]
|
201
201
|
|
202
|
-
example: inspec_tools csv2inspec -c stig.csv -m
|
202
|
+
example: inspec_tools csv2inspec -c examples/csv2inspec/stig.csv -m examples/csv2inspec/mapping.yml -o mydir -f ruby -s true # To map stig.csv to InSpec via mapping.yml
|
203
203
|
```
|
204
204
|
|
205
205
|
## inspec2csv
|
@@ -256,16 +256,16 @@ Usage:
|
|
256
256
|
inspec_tools xlsx2inspec -m, --mapping=MAPPING -p, --control-name-prefix=CONTROL_NAME_PREFIX -x, --xlsx=XLSX
|
257
257
|
|
258
258
|
Options:
|
259
|
-
-x, --xlsx=XLSX
|
260
|
-
-m, --mapping=MAPPING
|
261
|
-
-p, --control-name-prefix=CONTROL_NAME_PREFIX
|
262
|
-
-V, [--verbose], [--no-verbose]
|
263
|
-
-o, [--output=OUTPUT]
|
259
|
+
-x, --xlsx=XLSX
|
260
|
+
-m, --mapping=MAPPING
|
261
|
+
-p, --control-name-prefix=CONTROL_NAME_PREFIX
|
262
|
+
-V, [--verbose], [--no-verbose]
|
263
|
+
-o, [--output=OUTPUT]
|
264
264
|
# Default: profile
|
265
|
-
-f, [--format=FORMAT]
|
265
|
+
-f, [--format=FORMAT]
|
266
266
|
# Default: ruby
|
267
267
|
# Possible values: ruby, hash
|
268
|
-
-s, [--separate-files], [--no-separate-files]
|
268
|
+
-s, [--separate-files], [--no-separate-files]
|
269
269
|
# Default: true
|
270
270
|
[--log-level=LOG_LEVEL] # Set the logging level: ["debug", "info", "warn", "error", "fatal"]
|
271
271
|
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: $stdout or Inspec::Log.error)
|
@@ -286,6 +286,14 @@ Prints out the gem version
|
|
286
286
|
USAGE: inspec_tools version
|
287
287
|
```
|
288
288
|
|
289
|
+
# Format of Input and Output Files
|
290
|
+
|
291
|
+
InspecTools will make a best effort approach when converting various legacy terms and values in input files. If some terminology is not supported, please open an issue.
|
292
|
+
|
293
|
+
InspecTools is opinionated about the output of its profiles. Profiles generated by InspecTools generally attempt to adhere to latest National Institute of Standards and Technology (NIST) terms and values, such as the Common Vulnerability Scoring System (CVSS).
|
294
|
+
|
295
|
+
View our wiki pages on [expected](https://github.com/mitre/inspec_tools/wiki/Expected-Input) input and [expected output](https://github.com/mitre/inspec_tools/wiki/Expected-Output) for more information about what is currently supported input and expected output.
|
296
|
+
|
289
297
|
# `inspec_tools` Development
|
290
298
|
|
291
299
|
View our [wiki page](https://github.com/mitre/inspec_tools/wiki/Development) for more information on contributing.
|
data/lib/inspec_tools/version.rb
CHANGED
@@ -4,6 +4,8 @@ require 'pp'
|
|
4
4
|
require 'uri'
|
5
5
|
require 'net/http'
|
6
6
|
require 'fileutils'
|
7
|
+
require 'exceptions/impact_input_error'
|
8
|
+
require 'exceptions/severity_input_error'
|
7
9
|
|
8
10
|
# Add rails style blank? method to all classes
|
9
11
|
class NilClass
|
@@ -55,8 +57,6 @@ module Utils
|
|
55
57
|
"critical" => 0.9,
|
56
58
|
}.freeze
|
57
59
|
|
58
|
-
class ImpactError; end
|
59
|
-
|
60
60
|
def self.parse_data_for_xccdf(json)
|
61
61
|
data = {}
|
62
62
|
|
@@ -213,18 +213,55 @@ module Utils
|
|
213
213
|
# values to numbers or to override our hard coded values.
|
214
214
|
#
|
215
215
|
def self.get_impact(severity)
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
216
|
+
return float_to_impact(severity) if severity.is_a?(Float)
|
217
|
+
|
218
|
+
return string_to_impact(severity) if severity.is_a?(String)
|
219
|
+
|
220
|
+
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
221
|
+
'1.0 or one of the approved keywords.'
|
222
|
+
end
|
223
|
+
|
224
|
+
private_class_method def self.float_to_impact(severity)
|
225
|
+
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
226
|
+
'1.0 or one of the approved keywords.' unless severity.between?(0,1)
|
227
|
+
|
228
|
+
if severity <= 0.01
|
229
|
+
0.0 # Informative
|
230
|
+
elsif severity < 0.4
|
231
|
+
0.3 # Low Impact
|
232
|
+
elsif severity < 0.7
|
233
|
+
0.5 # Medium Impact
|
234
|
+
elsif severity < 0.9
|
235
|
+
0.7 # High Impact
|
236
|
+
else
|
237
|
+
1.0 # Critical Controls
|
238
|
+
end
|
239
|
+
end
|
240
|
+
|
241
|
+
private_class_method def self.string_to_impact(severity)
|
242
|
+
if /none|na|n\/a|not[_|(\s*)]?applicable/i.match?(severity)
|
243
|
+
0.0 # Informative
|
244
|
+
elsif /low|cat(egory)?\s*(iii|3)/i.match?(severity)
|
245
|
+
0.3 # Low Impact
|
246
|
+
elsif /med(ium)?|cat(egory)?\s*(ii|2)/i.match?(severity)
|
247
|
+
0.5 # Medium Impact
|
248
|
+
elsif /high|cat(egory)?\s*(i|1)/i.match?(severity)
|
249
|
+
0.7 # High Impact
|
250
|
+
elsif /crit(ical)?|severe/i.match?(severity)
|
251
|
+
1.0 # Critical Controls
|
252
|
+
else
|
253
|
+
raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
|
254
|
+
'1.0 or one of the approved keywords.'
|
221
255
|
end
|
222
256
|
end
|
223
257
|
|
224
258
|
def self.get_impact_string(impact)
|
225
259
|
return if impact.nil?
|
260
|
+
|
226
261
|
value = impact.to_f
|
227
|
-
|
262
|
+
unless value.between?(0,1)
|
263
|
+
raise ImpactInputError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]."
|
264
|
+
end
|
228
265
|
|
229
266
|
IMPACT_SCORES.reverse_each do |name, impact|
|
230
267
|
return name if value >= impact
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.8.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Robert Thew
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: exe
|
13
13
|
cert_chain: []
|
14
|
-
date: 2020-03-
|
14
|
+
date: 2020-03-25 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: colorize
|
@@ -51,16 +51,16 @@ dependencies:
|
|
51
51
|
name: inspec-objects
|
52
52
|
requirement: !ruby/object:Gem::Requirement
|
53
53
|
requirements:
|
54
|
-
- - "
|
54
|
+
- - "~>"
|
55
55
|
- !ruby/object:Gem::Version
|
56
|
-
version: '0'
|
56
|
+
version: '0.1'
|
57
57
|
type: :runtime
|
58
58
|
prerelease: false
|
59
59
|
version_requirements: !ruby/object:Gem::Requirement
|
60
60
|
requirements:
|
61
|
-
- - "
|
61
|
+
- - "~>"
|
62
62
|
- !ruby/object:Gem::Version
|
63
|
-
version: '0'
|
63
|
+
version: '0.1'
|
64
64
|
- !ruby/object:Gem::Dependency
|
65
65
|
name: nokogiri
|
66
66
|
requirement: !ruby/object:Gem::Requirement
|
@@ -107,9 +107,6 @@ dependencies:
|
|
107
107
|
name: pdf-reader
|
108
108
|
requirement: !ruby/object:Gem::Requirement
|
109
109
|
requirements:
|
110
|
-
- - ">="
|
111
|
-
- !ruby/object:Gem::Version
|
112
|
-
version: 2.1.0
|
113
110
|
- - "~>"
|
114
111
|
- !ruby/object:Gem::Version
|
115
112
|
version: '2.1'
|
@@ -117,9 +114,6 @@ dependencies:
|
|
117
114
|
prerelease: false
|
118
115
|
version_requirements: !ruby/object:Gem::Requirement
|
119
116
|
requirements:
|
120
|
-
- - ">="
|
121
|
-
- !ruby/object:Gem::Version
|
122
|
-
version: 2.1.0
|
123
117
|
- - "~>"
|
124
118
|
- !ruby/object:Gem::Version
|
125
119
|
version: '2.1'
|
@@ -137,20 +131,6 @@ dependencies:
|
|
137
131
|
- - "~>"
|
138
132
|
- !ruby/object:Gem::Version
|
139
133
|
version: '2.8'
|
140
|
-
- !ruby/object:Gem::Dependency
|
141
|
-
name: thor
|
142
|
-
requirement: !ruby/object:Gem::Requirement
|
143
|
-
requirements:
|
144
|
-
- - "~>"
|
145
|
-
- !ruby/object:Gem::Version
|
146
|
-
version: '0.19'
|
147
|
-
type: :runtime
|
148
|
-
prerelease: false
|
149
|
-
version_requirements: !ruby/object:Gem::Requirement
|
150
|
-
requirements:
|
151
|
-
- - "~>"
|
152
|
-
- !ruby/object:Gem::Version
|
153
|
-
version: '0.19'
|
154
134
|
- !ruby/object:Gem::Dependency
|
155
135
|
name: word_wrap
|
156
136
|
requirement: !ruby/object:Gem::Requirement
|
@@ -249,6 +229,34 @@ dependencies:
|
|
249
229
|
- - ">="
|
250
230
|
- !ruby/object:Gem::Version
|
251
231
|
version: '0'
|
232
|
+
- !ruby/object:Gem::Dependency
|
233
|
+
name: rubocop
|
234
|
+
requirement: !ruby/object:Gem::Requirement
|
235
|
+
requirements:
|
236
|
+
- - ">="
|
237
|
+
- !ruby/object:Gem::Version
|
238
|
+
version: '0'
|
239
|
+
type: :development
|
240
|
+
prerelease: false
|
241
|
+
version_requirements: !ruby/object:Gem::Requirement
|
242
|
+
requirements:
|
243
|
+
- - ">="
|
244
|
+
- !ruby/object:Gem::Version
|
245
|
+
version: '0'
|
246
|
+
- !ruby/object:Gem::Dependency
|
247
|
+
name: bundler-audit
|
248
|
+
requirement: !ruby/object:Gem::Requirement
|
249
|
+
requirements:
|
250
|
+
- - ">="
|
251
|
+
- !ruby/object:Gem::Version
|
252
|
+
version: '0'
|
253
|
+
type: :development
|
254
|
+
prerelease: false
|
255
|
+
version_requirements: !ruby/object:Gem::Requirement
|
256
|
+
requirements:
|
257
|
+
- - ">="
|
258
|
+
- !ruby/object:Gem::Version
|
259
|
+
version: '0'
|
252
260
|
description: Converter utils for Inspec that can be included as a gem or used from
|
253
261
|
the command line
|
254
262
|
email:
|
@@ -273,6 +281,8 @@ files:
|
|
273
281
|
- lib/data/mapping.yml
|
274
282
|
- lib/data/stig.csv
|
275
283
|
- lib/data/threshold.yaml
|
284
|
+
- lib/exceptions/impact_input_error.rb
|
285
|
+
- lib/exceptions/severity_input_error.rb
|
276
286
|
- lib/happy_mapper_tools/benchmark.rb
|
277
287
|
- lib/happy_mapper_tools/cci_attributes.rb
|
278
288
|
- lib/happy_mapper_tools/stig_attributes.rb
|
@@ -305,7 +315,7 @@ files:
|
|
305
315
|
- lib/utilities/inspec_util.rb
|
306
316
|
- lib/utilities/parser.rb
|
307
317
|
- lib/utilities/text_cleaner.rb
|
308
|
-
homepage: https://
|
318
|
+
homepage: https://inspec-tools.mitre.org/
|
309
319
|
licenses:
|
310
320
|
- Apache-2.0
|
311
321
|
metadata: {}
|