octool 0.0.3 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2b4309625dcbe93d28161179e763a38c4d4c25bd46f75b8a717e314167984356
-  data.tar.gz: eb021712e5165c88df02c1ecb40b6017c4c1abbe9c05c7ef77e074255b04298a
+  metadata.gz: ed9a9d64af06f7c36bf6559eab5919e7b5488ec5a265830d757967dc60784b28
+  data.tar.gz: 0b71a16cd55225d995f0f1ff31c24517900726fe6e9a70a9ae54fa6b93b770fb
 SHA512:
-  metadata.gz: 4534786fd6fbb5a0e1be118872e9a0fba4cb50b87d05b59ba4262b6cf6fc884d3f81b9dd48690cb382c5f5cc347228e37497dc2a4c02ecc9bdb2c1290b4268b1
-  data.tar.gz: a715d521b431f1f20770bba0df3ac1eb2091f837a1902c017bc15d881f09a9301c3eef794f54c18d7eccc9b8836b8d347a0d71819a1a7b688590f5fb14f4a9be
+  metadata.gz: 338981986492cd44db6b36844f833865b5ed8966c332a74ed313d12650d00fe0f8d14dccd8db04bf0421adf305619a97bc3a5f17a0ff2ee400537c087f2d7895
+  data.tar.gz: 634d4943387eae05d72ab887c7e555fcb0c119ce5a0cec02ae855dc42cdba95f46a1a553c541b388e7c6e5f0edf141c3ade05870e6e510938426535f9e0ec2f5

data/bin/octool

@@ -8,6 +8,22 @@ require 'octool'
 class App
     extend GLI::App
 
+    def self.data_dir
+        [ENV['TMPDIR'], ENV['TMP'], ENV['TEMP'], '/tmp'].each do |dir|
+            next if dir.nil?
+
+            stat = File.stat(dir)
+            return dir if stat.directory? && stat.writable?
+        end
+        OCTool::DEFAULT_OUTPUT_DIR
+    end
+
+    def self.find_config(args)
+        path = args.first || OCTool::DEFAULT_CONFIG_FILENAME
+        path = File.join(path, OCTool::DEFAULT_CONFIG_FILENAME) if File.directory?(path)
+        File.expand_path(path)
+    end
+
     program_desc 'Open Compliance Tool'
     version OCTool::VERSION
 
@@ -35,11 +51,28 @@ class App
         v.default_command :data
     end
 
-    desc 'generate System Security Plan'
+    desc 'export data to CSV'
+    arg_name 'path/to/system/config.yaml'
+    command :csv do |csv|
+        csv.desc 'where to store outputs'
+        csv.default_value data_dir
+        csv.long_desc 'Default output directory respects env vars TMPDIR, TMP, TEMP'
+        csv.arg_name 'path/to/output/dir'
+        csv.flag [:d, :dir]
+
+        csv.action do |global_options, options, args|
+            export_dir = options[:dir]
+            config_file = find_config(args)
+            system = OCTool::Parser.new(config_file).load_system
+            system.dump export_dir
+        end
+    end
+
+    desc 'validate data and generate System Security Plan'
     arg_name 'path/to/system/config.yaml'
     command :ssp do |s|
         s.desc 'where to store outputs'
-        s.default_value OCTool::DEFAULT_OUTPUT_DIR
+        s.default_value data_dir
         s.long_desc 'Default output directory respects env vars TMPDIR, TMP, TEMP'
         s.arg_name 'path/to/output/dir'
         s.flag [:d, :dir]
@@ -76,20 +109,14 @@ class App
         # Error logic here
         # Return false to skip default error handling.
         if ENV['DEBUG']
-            STDERR.puts exception.message
-            STDERR.puts exception.backtrace
+            warn exception.message
+            warn exception.backtrace
             pp exception
             false
         end
-        STDERR.puts '[FAIL]'
+        warn '[FAIL]'
         true
     end
 end
 
-def find_config(args)
-    path = args.first || OCTool::DEFAULT_CONFIG_FILENAME
-    path = File.join(path, OCTool::DEFAULT_CONFIG_FILENAME) if File.directory?(path)
-    path
-end
-
 exit App.run(ARGV)

data/lib/octool.rb

@@ -3,8 +3,8 @@
 require 'octool/version.rb'
 
 # Built-ins.
+require 'csv'
 require 'pp'
-require 'tmpdir'
 
 # 3rd-party libs.
 require 'kwalify'
@@ -16,12 +16,6 @@ require 'octool/parser'
 require 'octool/ssp'
 require 'octool/system'
 
-# Generated libs.
-require 'octool/generated/certification'
-require 'octool/generated/component'
-require 'octool/generated/config'
-require 'octool/generated/standard'
-
 # Mixins.
 module OCTool
     include Kwalify::Util::HashLike # defines [], []=, and keys?

data/lib/octool/constants.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module OCTool
-    LATEST_SCHEMA_VERSION = 'v1.0.0'
+    LATEST_SCHEMA_VERSION = 'v1.0.1'
     BASE_SCHEMA_DIR = File.join(File.dirname(__FILE__), '..', '..', 'schemas').freeze
     ERB_DIR = File.join(File.dirname(__FILE__), '..', '..', 'templates').freeze
     DEFAULT_CONFIG_FILENAME = 'config.yaml'

data/lib/octool/parser.rb

@@ -4,6 +4,7 @@ module OCTool
     # Custom error to show validation errors.
     class ValidationError < StandardError
         attr_reader :errors
+
         def initialize(path, errors)
             @path = path
             @errors = errors
@@ -40,9 +41,9 @@ module OCTool
         end
 
         def validate_file(path, type)
-            parser = kwalify_parser(type)
-            data = parser.parse_file(path)
-            errors = parser.errors
+            kwalify = kwalifyer(type)
+            data = kwalify.parse_file(path)
+            errors = kwalify.errors
             raise ValidationError.new(path, errors) unless errors.empty?
 
             data
@@ -50,7 +51,7 @@ module OCTool
             die e.message
         end
 
-        def kwalify_parser(type)
+        def kwalifyer(type)
             schema_file = File.join(schema_dir, "#{type}.yaml")
             schema = Kwalify::Yaml.load_file(schema_file)
             validator = Kwalify::Validator.new(schema)
@@ -64,40 +65,57 @@ module OCTool
         def schema_version
             @schema_version ||= Kwalify::Yaml.load_file(@config_file)['schema_version']
         rescue StandarError
-            STDERR.puts '[FAIL] Unable to read schema_version'
+            warn '[FAIL] Unable to read schema_version'
             exit(1)
         end
 
-        # Check that all data files are valid.
+        # Validate and load data in one pass.
         def validate_data
             base_dir = File.dirname(@config_file)
             config = validate_file(@config_file, 'config')
+            sys = System.new(config)
             config['includes'].each do |inc|
                 path = File.join(base_dir, inc['path'])
-                type = inc['type']
-                validate_file(path, type)
+                sys.data << include_data(path, inc['type'])
             end
-            config
+            sys
         end
 
-        def load_system
-            base_dir = File.dirname(@config_file)
-            config = load_file(@config_file, 'config')
-            system = System.new(config)
-            config.includes.each do |inc|
-                path = File.join(base_dir, inc.path)
-                system.data << load_file(path, inc.type)
+        def include_data(path, type)
+            data = validate_file(path, type)
+            data['type'] = type
+            method("parsed_#{type}".to_sym).call(data)
+        end
+
+        def parsed_component(component)
+            component['attestations'].map! do |a|
+                # Add a "component_key" field to each attestation.
+                a['component_key'] = component['component_key']
+                a['satisfies'].map! do |s|
+                    # Add "attestation_key" to each control satisfied by this attestation.
+                    s['attestation_key'] = a['summary']
+                    # Add "component_key" to each control satisfied by this attestation.
+                    s['component_key'] = component['component_key']
+                    s
+                end
+                a
             end
-            system
+            component
         end
 
-        def load_file(path, type)
-            die "#{File.expand_path(path)} not readable" unless File.readable?(path)
-            klass = Object.const_get("OCTool::#{type.capitalize}")
-            ydoc = Kwalify::Yaml.load_file(path)
-            klass.new(ydoc)
-        rescue SystemCallError, Kwalify::SyntaxError => e
-            die e.message
+        def parsed_standard(standard)
+            # Add 'standard_key' to each control family and to each control.
+            standard['families'].map! { |f| f['standard_key'] = standard['standard_key']; f }
+            standard['controls'].map! { |c| c['standard_key'] = standard['standard_key']; c }
+            standard
+        end
+
+        def parsed_certification(cert)
+            cert['requires'].map! { |r| r['certification_key'] = cert['certification_key']; r }
+            cert
         end
+
+        alias load_system validate_data
+        alias load_file validate_file
     end
 end

data/lib/octool/ssp.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'erb'
 
 module OCTool
@@ -6,21 +8,28 @@ module OCTool
         def initialize(system, output_dir)
             @system = system
             @output_dir = output_dir
-            # Load paru/pandoc late enough that help functions work
-            # and early enough to be confident that we catch the correct error.
-            require 'paru/pandoc'
-        rescue UncaughtThrowError => e
-            STDERR.puts '[FAIL] octool requires pandoc to generate the SSP. Is pandoc installed?'
+        end
+
+        def pandoc
+            @pandoc ||= begin
+                # Load paru/pandoc late enough that help functions work
+                # and early enough to be confident that we catch the correct error.
+                require 'paru/pandoc'
+                Paru::Pandoc.new
+            end
+        rescue UncaughtThrowError
+            warn '[FAIL] octool requires pandoc to generate the SSP. Is pandoc installed?'
             exit(1)
         end
 
         def generate
-            if not File.writable?(@output_dir)
-                STDERR.puts "[FAIL] #{@output_dir} is not writable"
+            unless File.writable?(@output_dir)
+                warn "[FAIL] #{@output_dir} is not writable"
                 exit(1)
             end
             render_template
-            write
+            write 'pdf'
+            write 'docx'
         end
 
         def render_template
@@ -32,29 +41,30 @@ module OCTool
             puts 'done'
         end
 
-        def write
-            print "Building #{pdf_path} ... "
-            pandoc = Paru::Pandoc.new
+        # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
+        def write(type = 'pdf')
+            out_path = File.join(@output_dir, "ssp.#{type}")
+            print "Building #{out_path} ... "
             converter = pandoc.configure do
                 from 'markdown'
-                to 'pdf'
+                to type
                 pdf_engine 'lualatex'
                 toc
                 toc_depth 3
                 number_sections
                 highlight_style 'pygments'
+                # https://en.wikibooks.org/wiki/LaTeX/Source_Code_Listings#Encoding_issue
+                # Uncomment the following line after the "listings" package is compatible with utf8
+                # listings
             end
             output = converter << File.read(md_path)
-            File.new(pdf_path, 'wb').write(output)
+            File.new(out_path, 'wb').write(output)
             puts 'done'
         end
+        # rubocop:enable Metrics/AbcSize,Metrics/MethodLength
 
         def md_path
             @md_path ||= File.join(@output_dir, 'ssp.md')
         end
-
-        def pdf_path
-            @pdf_path ||= File.join(@output_dir, 'ssp.pdf')
-        end
     end
 end

data/lib/octool/system.rb

@@ -6,73 +6,75 @@ module OCTool
         attr_accessor :config
         attr_accessor :data
 
+        TABLE_NAMES = [
+            'components',
+            'satisfies',
+            'attestations',
+            'standards',
+            'controls',
+            'families',
+            'certifications',
+            'requires',
+        ].freeze
+
         def initialize(config)
             @config = config
             @data = []
         end
 
         def certifications
-            @certifications ||= @data.select { |e| e.is_a?(OCTool::Certification) }
+            @certifications ||= data.select { |e| e['type'] == 'certification' }
         end
 
         def components
-            @components ||= @data.select { |e| e.is_a?(OCTool::Component) }
+            @components ||= data.select { |e| e['type'] == 'component' }
         end
 
         def standards
-            @standards ||= @data.select { |e| e.is_a?(OCTool::Standard) }
+            @standards ||= data.select { |e| e['type'] == 'standard' }
         end
 
         # List of all attestations claimed by components in the system.
         def attestations
-            @attestations ||= begin
-                @attestations = []
-                components.each do |c|
-                    # Add a "component_key" field to each attestation.
-                    c.attestations.map! { |e| e['component_key'] = c.component_key; e }
-                    @attestations << c.attestations
-                end
-                @attestations.flatten!
-            end
+            @attestations ||= components.map { |c| c['attestations'] }.flatten
         end
 
         # List of all coverages.
         def satisfies
-            @satisfies ||= begin
-                @satisfies = []
-                attestations.each do |a|
-                    # Add an "attestation_key" field to each cover.
-                    a.satisfies.map! { |e| e['component_key'] = a.commponent_key; e }
-                    a.satisfies.map! { |e| e['attestation_key'] = a.attestation_summary; e }
-                    @satisfies << a.satisfies
-                end
-                @satisfies.flatten!
-            end
+            @satisfies ||= attestations.map { |a| a['satisfies'] }.flatten
         end
 
         # List of all controls defined by standards in the system.
         def controls
-            @controls || begin
-                @controls = []
-                standards.each do |s|
-                    # Add a "standard_key" field to each control.
-                    s.controls.map! { |e| e['standard_key'] = s.standard_key; e }
-                    @controls << s.controls
-                end
-                @controls.flatten!
-            end
+            @controls ||= standards.map { |s| s['controls'] }.flatten
         end
 
         # List of all families defined by standards in the system.
         def families
-            @families || begin
-                @families = []
-                standards.each do |s|
-                    # Add a "standard_key" field to each family.
-                    s.families.map! { |e| e['standard_key'] = s.standard_key; e }
-                    @families << s.families
-                end
-                @families.flatten!
+            @families ||= standards.map { |s| s['families'] }.flatten
+        end
+
+        # List of required controls for all certifications.
+        def requires
+            @requires ||= certifications.map { |c| c['requires'] }.flatten
+        end
+
+        def dump(writable_dir)
+            TABLE_NAMES.each do |table|
+                write_csv method(table.to_sym).call, File.join(writable_dir, "#{table}.csv")
+            end
+        end
+
+        # Convert array of hashes into a CSV.
+        def write_csv(ary, filename)
+            # Throw away nested hashes. The parser already created separate tables for them.
+            ary = ary.map { |e| e.reject { |_, val| val.is_a?(Enumerable) } }
+
+            warn "[INFO] write #{filename}"
+            CSV.open(filename, 'wb') do |csv|
+                column_names = ary.first.keys
+                csv << column_names
+                ary.each { |hash| csv << hash.values_at(*column_names) }
             end
         end
     end

data/lib/octool/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OCTool
-    VERSION = '0.0.3'
+    VERSION = '0.0.8'
 end

data/octool.rdoc

@@ -1,6 +1,6 @@
 == octool - Open Compliance Tool
 
-v0.0.3
+v0.0.8
 
 === Global Options
 === --help
@@ -14,6 +14,18 @@ Display the program version
 
 
 === Commands
+==== Command: <tt>csv  path/to/system/config.yaml</tt>
+export data to CSV
+
+
+===== Options
+===== -d|--dir path/to/output/dir
+
+where to store outputs
+
+[Default Value] /tmp
+Default output directory respects env vars TMPDIR, TMP, TEMP
+
 ==== Command: <tt>help  command</tt>
 Shows a list of commands or help for one command
 
@@ -25,7 +37,7 @@ List commands one per line, to assist with shell completion
 
 
 ==== Command: <tt>ssp  path/to/system/config.yaml</tt>
-generate System Security Plan
+validate data and generate System Security Plan
 
 
 ===== Options
@@ -33,7 +45,7 @@ generate System Security Plan
 
 where to store outputs
 
-[Default Value] /data
+[Default Value] /tmp
 Default output directory respects env vars TMPDIR, TMP, TEMP
 
 ==== Command: <tt>validate </tt>

data/schemas/v1.0.1/certification.yaml

@@ -0,0 +1,27 @@
+---
+type: map
+class: Certification
+mapping:
+    certification_key:
+        desc: A short, unique identifier for this certification.
+        required: true
+        type: str
+        unique: true
+    name:
+        desc: A human-friendly name for the certification.
+        required: true
+        type: str
+    requires:
+        desc: List of control IDs required by the certification.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: ControlID
+              mapping:
+                  standard_key:
+                      required: true
+                      type: str
+                  control_key:
+                      required: true
+                      type: str

data/schemas/v1.0.1/component.yaml

@@ -0,0 +1,60 @@
+---
+type: map
+class: Component
+mapping:
+    name:
+        desc: Human-friendly name to appear in the SSP.
+        type: str
+        required: true
+    component_key:
+        desc: Unique identifier for referential integrity.
+        type: str
+        required: true
+    description:
+        desc: A paragraph or two that describes the component.
+        type: str
+        required: true
+    attestations:
+        desc: List of attestations.
+        type: seq
+        sequence:
+            - type: map
+              class: Attestation
+              mapping:
+                  summary:
+                      desc: Arbitrary verbiage to appear in SSP as a TLDR.
+                      type: str
+                      required: true
+                  status:
+                      desc: To what extent is this attestation "done"?
+                      type: str
+                      required: true
+                      enum:
+                          - partial
+                          - complete
+                          - planned
+                          - none
+                  date_verified:
+                      desc: When was this last verified?
+                      type: date
+                      required: false
+                  satisfies:
+                      desc: List of control IDs covered by this attestation.
+                      type: seq
+                      required: false
+                      sequence:
+                          - type: map
+                            class: ControlID
+                            mapping:
+                                standard_key:
+                                    type: text
+                                    required: true
+                                control_key:
+                                    type: text
+                                    required: true
+                  narrative:
+                      desc: |
+                          Explain how attestation satisfies the indicated controls.
+                          The content should be in markdown format.
+                      type: str
+                      required: true

data/schemas/v1.0.1/config.yaml

@@ -0,0 +1,79 @@
+---
+type: map
+class: Config
+mapping:
+    schema_version:
+        desc: |
+            Must match one of the schema directories in the octool source.
+        required: true
+        type: str
+
+    logo:
+        desc: Image for title page.
+        required: false
+        type: map
+        class: Logo
+        mapping:
+            path:
+                desc: Path to image.
+                type: str
+                required: true
+            width:
+                desc: Width of image, such as "1in" or "254mm"
+                type: str
+                required: true
+
+    name:
+        desc: Human-friendly to appear in the SSP.
+        required: true
+        type: str
+
+    overview:
+        desc: Human-friendly description to appear in the SSP.
+        required: true
+        type: str
+
+    maintainers:
+        desc: Who should somebody contact for questions about this SSP?
+        required: true
+        type: seq
+        sequence:
+            - type: str
+
+    metadata:
+        desc: Optional metadata.
+        required: false
+        type: map
+        class: Metadata
+        mapping:
+            abstract:
+                desc: Abstract appears in document metadata.
+                required: false
+                type: str
+            description:
+                desc: Description appears in document metadata.
+                required: false
+                type: str
+            '=':
+                desc: Arbitrary key:value pair of strings.
+                type: str
+
+    includes:
+        desc: Additional files to include from the system repo.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: Include
+              mapping:
+                  type:
+                      required: true
+                      type: str
+                      enum:
+                          - certification
+                          - component
+                          - standard
+                  path:
+                      desc: Path must be relative within the repo.
+                      required: true
+                      type: str

data/schemas/v1.0.1/standard.yaml

@@ -0,0 +1,50 @@
+---
+type: map
+class: Standard
+mapping:
+    name:
+        desc: Human-friendly name to appear in SSP.
+        type: str
+        required: true
+
+    standard_key:
+        desc: Unique ID to use within YAML files.
+        type: str
+        required: true
+
+    families:
+        desc: Optional list of control families.
+        type: seq
+        required: false
+        sequence:
+            - type: map
+              class: ControlFamily
+              mapping:
+                  family_key:
+                      desc: Unique ID of the family
+                      type: str
+                      unique: true
+                  name:
+                      desc: Human-friendly name of the family
+                      type: str
+    controls:
+        desc: Mandatory list of controls defined by the standard.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: Control
+              mapping:
+                  control_key:
+                      type: str
+                      unique: true
+                      required: true
+                  family_key:
+                      type: str
+                      required: false
+                  name:
+                      type: str
+                      required: true
+                  description:
+                      type: str
+                      required: true

data/templates/ssp.erb

@@ -1,17 +1,25 @@
 ---
-title: "<%= @system.config.name -%>"
+<% if @system.config['logo'] -%>
+title: |
+    ![](<%= @system.config['logo']['path'] -%>){width=<%= @system.config['logo']['width'] %>}
+
+    <%= @system.config['name'] %>
+<% else %>
+title: "<%= @system.config['name'] -%>"
+<% end %>
+
 subtitle: "System Security Plan"
 
 author:
-<% @system.config.maintainers.each do |maintainer| %>
+<% @system.config['maintainers'].each do |maintainer| %>
     - <%= maintainer -%>
 <% end %>
 
 absract: |
-    <%= @system.config.metadata.abstract rescue 'None' %>
+    <%= @system.config['metadata']['abstract'] rescue 'None' %>
 
 description: |
-    <%= @system.config.metadata.description rescue 'None' %>
+    <%= @system.config['metadata']['description'] rescue 'None' %>
 
 fontsize: 11pt
 mainfont: NotoSans
@@ -25,10 +33,10 @@ mainfontoptions:
     - BoldFont=*-Bold
     - BoldItalicFont=*-BoldItalic
 
-lof: false
-lot: false
+lof: true
+lot: true
 colorlinks: true
-linkcolor: blue
+linkcolor: black  # internal links (e.g., lof and lot)
 urlcolor: blue
 
 documentclass: report
@@ -44,52 +52,128 @@ geometry:
     - left=2cm
     - right=2cm
     - bottom=2cm
+
+header-includes:
+    - |
+        ```{=latex}
+        % https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#left-aligning-tables-in-latex
+        \usepackage[margins=raggedright]{floatrow}
+        ```
+    - |
+        ```{=latex}
+        % https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#definition-list-terms-on-their-own-line-in-latex
+        % "Clone" the original \item command
+        \let\originalitem\item
+
+        % Redefine the \item command using the "clone"
+        \makeatletter
+        \renewcommand{\item}[1][\@nil]{%
+            \def\tmp{#1}%
+            \ifx\tmp\@nnil\originalitem\else\originalitem[#1]\hfill\par\fi}
+        \makeatother
+        ```
+    - |
+        ```{=latex}
+        % The are at least two ways to configure how LaTeX floats figures.
+        %
+        % 1. One approach is described in section 17.2 of
+        %    http://tug.ctan.org/tex-archive/info/epslatex/english/epslatex.pdf
+        %    However, the approach described there requires to teach people
+        %    how to write LaTeX cross-references in markdown.
+        %
+        % 2. Force figures, listings, etc., to float "[H]ere".
+        %    This is a LaTeX anti-pattern because it causes large gaps of whitespace on some pages.
+        %    This approach avoids having to teach people to create LaTeX cross-references.
+        %    https://tex.stackexchange.com/a/101726
+        %
+        % Use option 2.
+        \usepackage{float}
+        \floatplacement{figure}{H}
+        ```
 ---
 
-# <%= @system.config.name %>
+# Introduction
 
-## Overview
+## About this document
+
+A System Security Plan (SSP) is a document to describe security controls in use
+on an information system and their implementation. An SSP provides:
+
+- Narrative of security control implementation
+- Description of components and services
+- System data flows and authorization boundaries
 
-<%= @system.config.overview %>
 
 ## Standards
 
-This System Security Plan (SSP) addresses these standards:
+This SSP draws from these standards:
 
 <% @system.standards.each do |s| -%>
-- <%= s.name %>
+- <%= s['name'] %>
 <% end %>
 
 The full copy of each standard is included in the appendix.
 
 
-## Components
+## Certifications
 
-<% @system.components.each do |c| %>
-### <%= c.name %>
+A certification is a logical grouping of controls that are of interest to
+a given subject. A particular certification does not necessarily target all
+controls from a standard, nor does a particular certification need to draw
+from a single standard.
 
-<%= c.description %>
+This SSP addresses these certifications:
+
+<% @system.certifications.each do |c| -%>
+- <%=c['name']%>
+
+<% c['requires'].each do |r| -%>
+    - <%=r['standard_key']-%> control <%=r['control_key']%>
+<% end -%>
 
-<% if c.attestations.empty? %>
-_The organization has not yet documented attestations for this component_.
-<% else %>
-The organization offers the following attestations for this component.
 <% end %>
 
-<% c.attestations.each do |a| %>
-####  <%= a.summary %>
 
-Status: <%= a.status %>
+# <%= @system.config['name'] %>
 
-Date verified: <%= a.date_verified if a.date_verified %>
+## Overview
 
-Satisfies:
+<%= @system.config['overview'] %>
 
-<% a.satisfies.each do |cid| -%>
-- <%= cid.standard_key %> control <%= cid.control_key %>
-<% end -%>
 
-<%= a.narrative %>
+## Components
+
+<% @system.components.each do |c| %>
+### <%= c['name'] %>
+
+<%= c['description'] %>
+
+<% if c['attestations'].empty? %>
+_The organization has not yet documented attestations for this component_.
+<% else %>
+The organization offers the following attestations for this component.
+<% end %>
+
+<% c['attestations'].compact.each do |a| %>
+####  <%= a['summary'] %>
+
++----------+---------------+--------------------------------------------------------------+
+| Status   | Date verified | Satisfies                                                    |
++==========+===============+==============================================================+
+<%
+s = a['satisfies'][0]
+verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
+-%>
+| <%=sprintf('%-8s', a['status'])-%> | <%=sprintf('%-13s', a['date_verified'])-%> | - <%=verbiage-%> |
+<%
+a['satisfies'][1..].each do |s|
+    verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
+-%>
+|          |               | - <%=verbiage-%> |
+<%  end -%>
++----------+---------------+--------------------------------------------------------------+
+
+<%= a['narrative'] %>
 
 <% end %>
 <% end %>
@@ -98,23 +182,29 @@ Satisfies:
 # Appendix: Standards
 
 <% @system.standards.each do |s| %>
-## <%=s.name %>
+## <%=s['name'] %>
 
-<% if s.families and !s.families.empty? %>
+<% if s['families'] and !s['families'].empty? %>
 ### Families
 
-<% s.families.each do |family| %>
-- <%= family.family_key -%>: <%= family.name %>
-<% end %>
+<%=s['name']-%> categorizes controls into logical groups called families.
+
+| Family abbreviation        | Family name          |
+| -------------------------- | -------------------- |
+<% s['families'].each do |family| -%>
+| <%=family['family_key']-%> | <%=family['name']-%> |
+<% end -%>
+
+  : Control families for <%=s['name']%>
 
 <% end %>
 
 ### Controls
 
-<% s.controls.each do |c| %>
-#### Control <%= c.control_key -%>: <%= c.name %>
+<% s['controls'].each do |c| %>
+#### Control <%= c['control_key'] -%>: <%= c['name'] %>
 
-<%= c.description %>
+<%= c['description'] %>
 
 <% end %>
 <% end %>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: octool
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.8
 platform: ruby
 authors:
 - Paul Morgan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-15 00:00:00.000000000 Z
+date: 2020-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -147,10 +147,6 @@ files:
 - bin/octool
 - lib/octool.rb
 - lib/octool/constants.rb
-- lib/octool/generated/certification.rb
-- lib/octool/generated/component.rb
-- lib/octool/generated/config.rb
-- lib/octool/generated/standard.rb
 - lib/octool/parser.rb
 - lib/octool/ssp.rb
 - lib/octool/system.rb
@@ -160,6 +156,10 @@ files:
 - schemas/v1.0.0/component.yaml
 - schemas/v1.0.0/config.yaml
 - schemas/v1.0.0/standard.yaml
+- schemas/v1.0.1/certification.yaml
+- schemas/v1.0.1/component.yaml
+- schemas/v1.0.1/config.yaml
+- schemas/v1.0.1/standard.yaml
 - templates/ssp.erb
 homepage: https://github.com/jumanjiman/octool
 licenses:

data/lib/octool/generated/certification.rb

@@ -1,35 +0,0 @@
-require 'kwalify/util/hashlike'
-
-module OCTool
-
-
-  class Certification
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @certification_key = hash['certification_key']
-      @name             = hash['name']
-      @requires         = (v=hash['requires']) ? v.map!{|e| e.is_a?(ControlID) ? e : ControlID.new(e)} : v
-    end
-    attr_accessor :certification_key # str
-    attr_accessor :name             # str
-    attr_accessor :requires         # seq
-  end
-
-
-  class ControlID
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @standard_key     = hash['standard_key']
-      @control_key      = hash['control_key']
-    end
-    attr_accessor :standard_key     # str
-    attr_accessor :control_key      # str
-  end
-
-end

data/lib/octool/generated/component.rb

@@ -1,57 +0,0 @@
-require 'kwalify/util/hashlike'
-
-module OCTool
-
-
-  class Component
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @name             = hash['name']
-      @component_key    = hash['component_key']
-      @description      = hash['description']
-      @attestations     = (v=hash['attestations']) ? v.map!{|e| e.is_a?(Attestation) ? e : Attestation.new(e)} : v
-    end
-    attr_accessor :name             # str
-    attr_accessor :component_key    # str
-    attr_accessor :description      # str
-    attr_accessor :attestations     # seq
-  end
-
-
-  class Attestation
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @summary          = hash['summary']
-      @status           = hash['status']
-      @date_verified    = hash['date_verified']
-      @satisfies        = (v=hash['satisfies']) ? v.map!{|e| e.is_a?(ControlID) ? e : ControlID.new(e)} : v
-      @narrative        = hash['narrative']
-    end
-    attr_accessor :summary          # str
-    attr_accessor :status           # str
-    attr_accessor :date_verified    # date
-    attr_accessor :satisfies        # seq
-    attr_accessor :narrative        # str
-  end
-
-
-  class ControlID
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @standard_key     = hash['standard_key']
-      @control_key      = hash['control_key']
-    end
-    attr_accessor :standard_key     # text
-    attr_accessor :control_key      # text
-  end
-
-end

data/lib/octool/generated/config.rb

@@ -1,55 +0,0 @@
-require 'kwalify/util/hashlike'
-
-module OCTool
-
-
-  class Config
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @schema_version   = hash['schema_version']
-      @name             = hash['name']
-      @overview         = hash['overview']
-      @maintainers      = hash['maintainers']
-      @metadata         = (v=hash['metadata']) && v.is_a?(Hash) ? Metadata.new(v) : v
-      @includes         = (v=hash['includes']) ? v.map!{|e| e.is_a?(Include) ? e : Include.new(e)} : v
-    end
-    attr_accessor :schema_version   # str
-    attr_accessor :name             # str
-    attr_accessor :overview         # str
-    attr_accessor :maintainers      # seq
-    attr_accessor :metadata         # map
-    attr_accessor :includes         # seq
-  end
-
-  ## Optional metadata.
-  class Metadata
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @abstract         = hash['abstract']
-      @description      = hash['description']
-    end
-    attr_accessor :abstract         # str
-    attr_accessor :description      # str
-  end
-
-
-  class Include
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @type             = hash['type']
-      @path             = hash['path']
-    end
-    attr_accessor :type             # str
-    attr_accessor :path             # str
-  end
-
-end

data/lib/octool/generated/standard.rb

@@ -1,55 +0,0 @@
-require 'kwalify/util/hashlike'
-
-module OCTool
-
-
-  class Standard
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @name             = hash['name']
-      @standard_key     = hash['standard_key']
-      @families         = (v=hash['families']) ? v.map!{|e| e.is_a?(ControlFamily) ? e : ControlFamily.new(e)} : v
-      @controls         = (v=hash['controls']) ? v.map!{|e| e.is_a?(Control) ? e : Control.new(e)} : v
-    end
-    attr_accessor :name             # str
-    attr_accessor :standard_key     # str
-    attr_accessor :families         # seq
-    attr_accessor :controls         # seq
-  end
-
-
-  class ControlFamily
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @family_key       = hash['family_key']
-      @name             = hash['name']
-    end
-    attr_accessor :family_key       # str
-    attr_accessor :name             # str
-  end
-
-
-  class Control
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @control_key      = hash['control_key']
-      @family_key       = hash['family_key']
-      @name             = hash['name']
-      @description      = hash['description']
-    end
-    attr_accessor :control_key      # str
-    attr_accessor :family_key       # str
-    attr_accessor :name             # str
-    attr_accessor :description      # str
-  end
-
-end