inspec_tools 2.0.1.pre2 → 2.0.1.pre3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -1
- data/lib/inspec_tools/xlsx.rb +58 -36
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9821cf8b386c55599d08754287c0e15cf461c2cf1885e9c4e2006f89c560427b
|
4
|
+
data.tar.gz: b07b4ea7ab7f79da47fa1ef3fc2dc52c09d98a7f6a8b24e140d0ba47aae7d435
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b0375514656589efc9171cdc47d2106376a3da86b84e5eb6bf753c8778819784074204bfbc8763536cf4aa1c720236c9692527239d5c2250d0f881f3c882104b
|
7
|
+
data.tar.gz: ecaa2419766fa3fe9f1ad9722e029002b19eb2e080309e8aeb797ad501ffbcf86ad5da3cc8968bfb8be83268f381261c69ca911315981ca5e1e8f8e356aabf2a
|
data/CHANGELOG.md
CHANGED
@@ -2,7 +2,15 @@
|
|
2
2
|
|
3
3
|
## [Unreleased](https://github.com/mitre/inspec_tools/tree/HEAD)
|
4
4
|
|
5
|
-
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.1.
|
5
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.1.pre2...HEAD)
|
6
|
+
|
7
|
+
**Merged pull requests:**
|
8
|
+
|
9
|
+
- Cleanup xlsx2inspec Process of Adding NIST and CIS Controls to Inspec Controls [\#127](https://github.com/mitre/inspec_tools/pull/127) ([Bialogs](https://github.com/Bialogs))
|
10
|
+
|
11
|
+
## [v2.0.1.pre2](https://github.com/mitre/inspec_tools/tree/v2.0.1.pre2) (2020-04-02)
|
12
|
+
|
13
|
+
[Full Changelog](https://github.com/mitre/inspec_tools/compare/v2.0.1.pre1...v2.0.1.pre2)
|
6
14
|
|
7
15
|
**Merged pull requests:**
|
8
16
|
|
data/lib/inspec_tools/xlsx.rb
CHANGED
@@ -13,11 +13,15 @@ require_relative '../utilities/inspec_util'
|
|
13
13
|
module InspecTools
|
14
14
|
# Methods for converting from XLS to various formats
|
15
15
|
class XLSXTool
|
16
|
+
CIS_2_NIST_XLSX = Roo::Spreadsheet.open(File.join(File.dirname(__FILE__), '../data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx'))
|
17
|
+
LATEST_NIST_REV = 'Rev_4'.freeze
|
18
|
+
|
16
19
|
def initialize(xlsx, mapping, name, verbose = false)
|
17
20
|
@name = name
|
18
21
|
@xlsx = xlsx
|
19
22
|
@mapping = mapping
|
20
23
|
@verbose = verbose
|
24
|
+
@cis_to_nist = get_cis_to_nist_control_mapping(CIS_2_NIST_XLSX)
|
21
25
|
end
|
22
26
|
|
23
27
|
def to_ckl
|
@@ -41,6 +45,18 @@ module InspecTools
|
|
41
45
|
|
42
46
|
private
|
43
47
|
|
48
|
+
def get_cis_to_nist_control_mapping(spreadsheet)
|
49
|
+
cis_to_nist = {}
|
50
|
+
spreadsheet.sheet(3).each do |row|
|
51
|
+
if row[3].is_a? Numeric
|
52
|
+
cis_to_nist[row[3].to_s] = row[0]
|
53
|
+
else
|
54
|
+
cis2Nist[row[2].to_s] = row[0] unless (row[2] == '') || row[2].to_i.nil?
|
55
|
+
end
|
56
|
+
end
|
57
|
+
cis_to_nist
|
58
|
+
end
|
59
|
+
|
44
60
|
def insert_json_metadata
|
45
61
|
@profile['name'] = @name
|
46
62
|
@profile['title'] = 'InSpec Profile'
|
@@ -59,67 +75,73 @@ module InspecTools
|
|
59
75
|
end
|
60
76
|
|
61
77
|
def parse_cis_controls(control_prefix)
|
62
|
-
|
63
|
-
cis2Nist = {}
|
64
|
-
cis2NistXls.sheet(3).each do |row|
|
65
|
-
if row[3].is_a? Numeric
|
66
|
-
cis2Nist[row[3].to_s] = row[0]
|
67
|
-
else
|
68
|
-
cis2Nist[row[2].to_s] = row[0] unless (row[2] == "") || (row[2].to_i.nil?)
|
69
|
-
end
|
70
|
-
end
|
71
|
-
[ 1, 2 ].each do |level|
|
78
|
+
[1, 2].each do |level|
|
72
79
|
@xlsx.sheet(level).each_row_streaming do |row|
|
73
80
|
if row[@mapping['control.id']].nil? || !/^\d+(\.?\d)*$/.match(row[@mapping['control.id']].formatted_value)
|
74
81
|
next
|
75
82
|
end
|
83
|
+
|
76
84
|
tag_pos = @mapping['control.tags']
|
77
85
|
control = {}
|
78
86
|
control['tags'] = {}
|
79
|
-
control['id'] = control_prefix + '-' + row[@mapping['control.id']].formatted_value unless @mapping['control.id']
|
80
|
-
control['title'] = row[@mapping['control.title']].formatted_value
|
81
|
-
control['desc'] =
|
82
|
-
control['desc'] = row[@mapping['control.desc']].formatted_value unless row[@mapping['control.desc']]
|
83
|
-
control['tags']['rationale'] = row[tag_pos['rationale']].formatted_value unless row[tag_pos['rationale']]
|
87
|
+
control['id'] = control_prefix + '-' + row[@mapping['control.id']].formatted_value unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
|
88
|
+
control['title'] = row[@mapping['control.title']].formatted_value unless cell_empty?(@mapping['control.title']) || cell_empty?(row[@mapping['control.title']])
|
89
|
+
control['desc'] = ''
|
90
|
+
control['desc'] = row[@mapping['control.desc']].formatted_value unless cell_empty?(row[@mapping['control.desc']])
|
91
|
+
control['tags']['rationale'] = row[tag_pos['rationale']].formatted_value unless cell_empty?(row[tag_pos['rationale']])
|
84
92
|
|
85
93
|
control['tags']['severity'] = level == 1 ? 'medium' : 'high'
|
86
94
|
control['impact'] = Utils::InspecUtil.get_impact(control['tags']['severity'])
|
87
|
-
control['tags']['ref'] = row[@mapping['control.ref']].formatted_value unless @mapping['control.ref']
|
95
|
+
control['tags']['ref'] = row[@mapping['control.ref']].formatted_value unless cell_empty?(@mapping['control.ref']) || cell_empty?(row[@mapping['control.ref']])
|
88
96
|
control['tags']['cis_level'] = level unless level.nil?
|
89
97
|
|
90
|
-
unless row[tag_pos['cis_controls']]
|
98
|
+
unless cell_empty?(row[tag_pos['cis_controls']])
|
91
99
|
# cis_control must be extracted from CIS control column via regex
|
92
|
-
|
100
|
+
cis_tags_array = row[tag_pos['cis_controls']].formatted_value.scan(/CONTROL:v(\d) (\d+)\.?(\d*)/).flatten
|
101
|
+
cis_tags = %i(revision section sub_section).zip(cis_tags_array).to_h
|
102
|
+
control = apply_cis_and_nist_controls(control, cis_tags)
|
93
103
|
end
|
94
104
|
|
95
|
-
control['tags']['cis_rid'] = row[@mapping['control.id']].formatted_value unless @mapping['control.id']
|
96
|
-
control['tags']['check'] = row[tag_pos['check']].formatted_value unless tag_pos['check']
|
97
|
-
control['tags']['fix'] = row[tag_pos['fix']].formatted_value unless tag_pos['fix']
|
105
|
+
control['tags']['cis_rid'] = row[@mapping['control.id']].formatted_value unless cell_empty?(@mapping['control.id']) || cell_empty?(row[@mapping['control.id']])
|
106
|
+
control['tags']['check'] = row[tag_pos['check']].formatted_value unless cell_empty?(tag_pos['check']) || cell_empty?(row[tag_pos['check']])
|
107
|
+
control['tags']['fix'] = row[tag_pos['fix']].formatted_value unless cell_empty?(tag_pos['fix']) || cell_empty?(row[tag_pos['fix']])
|
98
108
|
|
99
109
|
@controls << control
|
100
110
|
end
|
101
111
|
end
|
102
112
|
end
|
103
113
|
|
104
|
-
def
|
105
|
-
|
106
|
-
control['tags']['nist'] = []
|
114
|
+
def cell_empty?(cell)
|
115
|
+
return cell.empty? if cell.respond_to?(:empty?)
|
107
116
|
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
control['tags']['cis_controls'] << cis_tag[1].to_s + "." + cis_tag[2].to_s
|
114
|
-
control['tags']['nist'] << cis2Nist[cis_tag[1].to_s + "." + cis_tag[2].to_s]
|
115
|
-
end
|
116
|
-
end
|
117
|
+
cell.nil?
|
118
|
+
end
|
119
|
+
|
120
|
+
def apply_cis_and_nist_controls(control, cis_tags)
|
121
|
+
control['tags']['cis_controls'], control['tags']['nist'] = [], []
|
117
122
|
|
118
|
-
if
|
119
|
-
control['tags']['
|
123
|
+
if cis_tags[:sub_section].nil? || cis_tags[:sub_section].blank?
|
124
|
+
control['tags']['cis_controls'] << cis_tags[:section]
|
125
|
+
control['tags']['nist'] << get_nist_control_for_cis([cis_tags[:section]])
|
126
|
+
else
|
127
|
+
control['tags']['cis_controls'] << "#{cis_tags[:section]}.#{cis_tags[:sub_section]}"
|
128
|
+
control['tags']['nist'] << get_nist_control_for_cis([cis_tags[:section], cis_tags[:sub_section]])
|
120
129
|
end
|
121
|
-
|
130
|
+
|
131
|
+
control['tags']['nist'] << LATEST_NIST_REV unless control['tags']['nist'].nil?
|
132
|
+
control['tags']['cis_controls'] << "Rev_#{cis_tags[:revision]}" unless cis_tags[:revision].nil?
|
133
|
+
|
122
134
|
control
|
123
135
|
end
|
136
|
+
|
137
|
+
def get_nist_control_for_cis(section, sub_section=nil)
|
138
|
+
return @cis_to_nist[section] if sub_section.nil?
|
139
|
+
|
140
|
+
@cis_to_nist["#{section}.#{sub_section}"]
|
141
|
+
end
|
124
142
|
end
|
125
143
|
end
|
144
|
+
|
145
|
+
# rubocop:enable Metrics/AbcSize
|
146
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
147
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.1.
|
4
|
+
version: 2.0.1.pre3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Robert Thew
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: exe
|
13
13
|
cert_chain: []
|
14
|
-
date: 2020-04-
|
14
|
+
date: 2020-04-03 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: colorize
|