octool 0.0.4 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a99d4ae79b106f19c3a49be0fd5fa84de52aaf790494a0f78e55c16fd00bbc5
-  data.tar.gz: d50899b6e334df9a7f40071f053824af296c842e7d11c8add1ae8e0b17c8313b
+  metadata.gz: 5f2733d9e7a9f5a736a283139540cdae45cf887c2bd54e0de2461a30bc4602da
+  data.tar.gz: 87854e857038bafc19bdcbb34e23fe8a58f9c0d9e7836d3297d50b3cbe032367
 SHA512:
-  metadata.gz: d447539ed45f3c6d55eaabdc04763b21a15bcfb1c9a25bcc8db050c885dba0d030634693353614243e59cec9c9622f09289c35d71aec52fdc56a1fc2922e896e
-  data.tar.gz: 728c1d363e0f30c4c3f52149088d867cefdb0b63e3b3594fbe5aa1e70b04e66749fe2466ed90643fd84e94b416367f59f26e9d4f049741f8b0bb2d61b15f6306
+  metadata.gz: adce4065a12f2de271ce3c5c3faf2ffb28b6bf5c652b95e6c62826fa327b8a08ef2b8b7ee85bf7674a116ff2ea85cc604e124f83107adff5bac53374992c18fa
+  data.tar.gz: ed4f5e6de7c5463ae7a287bd3cf3189a393e6d458bd13813dfce82eab3c120031bbab94608b185bf2f5731664f9c32aeca767da8e0bcf01048b1f5beb75904a3

data/bin/octool

@@ -21,7 +21,7 @@ class App
     def self.find_config(args)
         path = args.first || OCTool::DEFAULT_CONFIG_FILENAME
         path = File.join(path, OCTool::DEFAULT_CONFIG_FILENAME) if File.directory?(path)
-        path
+        File.expand_path(path)
     end
 
     program_desc 'Open Compliance Tool'
@@ -51,7 +51,24 @@ class App
         v.default_command :data
     end
 
-    desc 'generate System Security Plan'
+    desc 'export data to CSV'
+    arg_name 'path/to/system/config.yaml'
+    command :csv do |csv|
+        csv.desc 'where to store outputs'
+        csv.default_value data_dir
+        csv.long_desc 'Default output directory respects env vars TMPDIR, TMP, TEMP'
+        csv.arg_name 'path/to/output/dir'
+        csv.flag [:d, :dir]
+
+        csv.action do |global_options, options, args|
+            export_dir = options[:dir]
+            config_file = find_config(args)
+            system = OCTool::Parser.new(config_file).load_system
+            system.dump export_dir
+        end
+    end
+
+    desc 'validate data and generate System Security Plan'
     arg_name 'path/to/system/config.yaml'
     command :ssp do |s|
         s.desc 'where to store outputs'
@@ -92,12 +109,12 @@ class App
         # Error logic here
         # Return false to skip default error handling.
         if ENV['DEBUG']
-            STDERR.puts exception.message
-            STDERR.puts exception.backtrace
+            warn exception.message
+            warn exception.backtrace
             pp exception
             false
         end
-        STDERR.puts '[FAIL]'
+        warn '[FAIL]'
         true
     end
 end

data/lib/octool.rb

@@ -3,6 +3,8 @@
 require 'octool/version.rb'
 
 # Built-ins.
+require 'csv'
+require 'json'
 require 'pp'
 
 # 3rd-party libs.
@@ -15,12 +17,6 @@ require 'octool/parser'
 require 'octool/ssp'
 require 'octool/system'
 
-# Generated libs.
-require 'octool/generated/certification'
-require 'octool/generated/component'
-require 'octool/generated/config'
-require 'octool/generated/standard'
-
 # Mixins.
 module OCTool
     include Kwalify::Util::HashLike # defines [], []=, and keys?

data/lib/octool/constants.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module OCTool
-    LATEST_SCHEMA_VERSION = 'v1.0.0'
+    LATEST_SCHEMA_VERSION = 'v1.0.2'
     BASE_SCHEMA_DIR = File.join(File.dirname(__FILE__), '..', '..', 'schemas').freeze
     ERB_DIR = File.join(File.dirname(__FILE__), '..', '..', 'templates').freeze
     DEFAULT_CONFIG_FILENAME = 'config.yaml'

data/lib/octool/parser.rb

@@ -4,6 +4,7 @@ module OCTool
     # Custom error to show validation errors.
     class ValidationError < StandardError
         attr_reader :errors
+
         def initialize(path, errors)
             @path = path
             @errors = errors
@@ -40,9 +41,9 @@ module OCTool
         end
 
         def validate_file(path, type)
-            parser = kwalify_parser(type)
-            data = parser.parse_file(path)
-            errors = parser.errors
+            kwalify = kwalifyer(type)
+            data = kwalify.parse_file(path)
+            errors = kwalify.errors
             raise ValidationError.new(path, errors) unless errors.empty?
 
             data
@@ -50,7 +51,7 @@ module OCTool
             die e.message
         end
 
-        def kwalify_parser(type)
+        def kwalifyer(type)
             schema_file = File.join(schema_dir, "#{type}.yaml")
             schema = Kwalify::Yaml.load_file(schema_file)
             validator = Kwalify::Validator.new(schema)
@@ -64,40 +65,57 @@ module OCTool
         def schema_version
             @schema_version ||= Kwalify::Yaml.load_file(@config_file)['schema_version']
         rescue StandarError
-            STDERR.puts '[FAIL] Unable to read schema_version'
+            warn '[FAIL] Unable to read schema_version'
             exit(1)
         end
 
-        # Check that all data files are valid.
+        # Validate and load data in one pass.
         def validate_data
             base_dir = File.dirname(@config_file)
             config = validate_file(@config_file, 'config')
+            sys = System.new(config)
             config['includes'].each do |inc|
                 path = File.join(base_dir, inc['path'])
-                type = inc['type']
-                validate_file(path, type)
+                sys.data << include_data(path, inc['type'])
             end
-            config
+            sys
         end
 
-        def load_system
-            base_dir = File.dirname(@config_file)
-            config = load_file(@config_file, 'config')
-            system = System.new(config)
-            config.includes.each do |inc|
-                path = File.join(base_dir, inc.path)
-                system.data << load_file(path, inc.type)
+        def include_data(path, type)
+            data = validate_file(path, type)
+            data['type'] = type
+            method("parsed_#{type}".to_sym).call(data)
+        end
+
+        def parsed_component(component)
+            component['attestations'].map! do |a|
+                # Add a "component_key" field to each attestation.
+                a['component_key'] = component['component_key']
+                a['satisfies'].map! do |s|
+                    # Add "attestation_key" to each control satisfied by this attestation.
+                    s['attestation_key'] = a['summary']
+                    # Add "component_key" to each control satisfied by this attestation.
+                    s['component_key'] = component['component_key']
+                    s
+                end
+                a
             end
-            system
+            component
         end
 
-        def load_file(path, type)
-            die "#{File.expand_path(path)} not readable" unless File.readable?(path)
-            klass = Object.const_get("OCTool::#{type.capitalize}")
-            ydoc = Kwalify::Yaml.load_file(path)
-            klass.new(ydoc)
-        rescue SystemCallError, Kwalify::SyntaxError => e
-            die e.message
+        def parsed_standard(standard)
+            # Add 'standard_key' to each control family and to each control.
+            standard['families'].map! { |f| f['standard_key'] = standard['standard_key']; f }
+            standard['controls'].map! { |c| c['standard_key'] = standard['standard_key']; c }
+            standard
+        end
+
+        def parsed_certification(cert)
+            cert['requires'].map! { |r| r['certification_key'] = cert['certification_key']; r }
+            cert
         end
+
+        alias load_system validate_data
+        alias load_file validate_file
     end
 end

data/lib/octool/ssp.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'erb'
 
 module OCTool
@@ -15,17 +17,18 @@ module OCTool
                 require 'paru/pandoc'
                 Paru::Pandoc.new
             end
-        rescue UncaughtThrowError => e
-            STDERR.puts '[FAIL] octool requires pandoc to generate the SSP. Is pandoc installed?'
+        rescue UncaughtThrowError
+            warn '[FAIL] octool requires pandoc to generate the SSP. Is pandoc installed?'
             exit(1)
         end
 
         def generate
-            if not File.writable?(@output_dir)
-                STDERR.puts "[FAIL] #{@output_dir} is not writable"
+            unless File.writable?(@output_dir)
+                warn "[FAIL] #{@output_dir} is not writable"
                 exit(1)
             end
             render_template
+            write_acronyms
             write 'pdf'
             write 'docx'
         end
@@ -39,6 +42,15 @@ module OCTool
             puts 'done'
         end
 
+        def write_acronyms
+            return unless @system.acronyms
+
+            out_path = File.join(@output_dir, 'acronyms.json')
+            File.open(out_path, 'w') { |f| f.write JSON.pretty_generate(@system.acronyms) }
+            ENV['PANDOC_ACRONYMS_ACRONYMS'] = out_path
+        end
+
+        # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
         def write(type = 'pdf')
             out_path = File.join(@output_dir, "ssp.#{type}")
             print "Building #{out_path} ... "
@@ -50,11 +62,16 @@ module OCTool
                 toc_depth 3
                 number_sections
                 highlight_style 'pygments'
+                filter 'pandoc-acronyms' if ENV['PANDOC_ACRONYMS_ACRONYMS']
+                # https://en.wikibooks.org/wiki/LaTeX/Source_Code_Listings#Encoding_issue
+                # Uncomment the following line after the "listings" package is compatible with utf8
+                # listings
             end
             output = converter << File.read(md_path)
             File.new(out_path, 'wb').write(output)
             puts 'done'
         end
+        # rubocop:enable Metrics/AbcSize,Metrics/MethodLength
 
         def md_path
             @md_path ||= File.join(@output_dir, 'ssp.md')

data/lib/octool/system.rb

@@ -6,73 +6,79 @@ module OCTool
         attr_accessor :config
         attr_accessor :data
 
+        TABLE_NAMES = [
+            'components',
+            'satisfies',
+            'attestations',
+            'standards',
+            'controls',
+            'families',
+            'certifications',
+            'requires',
+        ].freeze
+
         def initialize(config)
             @config = config
             @data = []
         end
 
+        def acronyms
+            @acronyms ||= config['acronyms']
+        end
+
         def certifications
-            @certifications ||= @data.select { |e| e.is_a?(OCTool::Certification) }
+            @certifications ||= data.select { |e| e['type'] == 'certification' }
         end
 
         def components
-            @components ||= @data.select { |e| e.is_a?(OCTool::Component) }
+            @components ||= data.select { |e| e['type'] == 'component' }
         end
 
         def standards
-            @standards ||= @data.select { |e| e.is_a?(OCTool::Standard) }
+            @standards ||= data.select { |e| e['type'] == 'standard' }
         end
 
         # List of all attestations claimed by components in the system.
         def attestations
-            @attestations ||= begin
-                @attestations = []
-                components.each do |c|
-                    # Add a "component_key" field to each attestation.
-                    c.attestations.map! { |e| e['component_key'] = c.component_key; e }
-                    @attestations << c.attestations
-                end
-                @attestations.flatten!
-            end
+            @attestations ||= components.map { |c| c['attestations'] }.flatten
         end
 
         # List of all coverages.
         def satisfies
-            @satisfies ||= begin
-                @satisfies = []
-                attestations.each do |a|
-                    # Add an "attestation_key" field to each cover.
-                    a.satisfies.map! { |e| e['component_key'] = a.commponent_key; e }
-                    a.satisfies.map! { |e| e['attestation_key'] = a.attestation_summary; e }
-                    @satisfies << a.satisfies
-                end
-                @satisfies.flatten!
-            end
+            @satisfies ||= attestations.map { |a| a['satisfies'] }.flatten
         end
 
         # List of all controls defined by standards in the system.
         def controls
-            @controls || begin
-                @controls = []
-                standards.each do |s|
-                    # Add a "standard_key" field to each control.
-                    s.controls.map! { |e| e['standard_key'] = s.standard_key; e }
-                    @controls << s.controls
-                end
-                @controls.flatten!
-            end
+            @controls ||= standards.map { |s| s['controls'] }.flatten
         end
 
         # List of all families defined by standards in the system.
         def families
-            @families || begin
-                @families = []
-                standards.each do |s|
-                    # Add a "standard_key" field to each family.
-                    s.families.map! { |e| e['standard_key'] = s.standard_key; e }
-                    @families << s.families
-                end
-                @families.flatten!
+            @families ||= standards.map { |s| s['families'] }.flatten
+        end
+
+        # List of required controls for all certifications.
+        def requires
+            @requires ||= certifications.map { |c| c['requires'] }.flatten
+        end
+
+        def dump(writable_dir)
+            TABLE_NAMES.each do |table|
+                write_csv method(table.to_sym).call, File.join(writable_dir, "#{table}.csv")
+            end
+        end
+
+        # Convert array of hashes into a CSV.
+        def write_csv(ary, filename)
+            # Throw away nested hashes. The parser already created separate tables for them.
+            ary = ary.map { |e| e.reject { |_, val| val.is_a?(Enumerable) } }
+
+            warn "[INFO] write #{filename}"
+            CSV.open(filename, 'wb') do |csv|
+                column_names = ary.first.keys
+                csv << column_names
+                ary.each { |hash| csv << hash.values_at(*column_names) }
             end
         end
     end

data/lib/octool/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OCTool
-    VERSION = '0.0.4'
+    VERSION = '0.0.9'
 end

data/octool.rdoc

@@ -1,6 +1,6 @@
 == octool - Open Compliance Tool
 
-v0.0.4
+v0.0.9
 
 === Global Options
 === --help
@@ -14,6 +14,18 @@ Display the program version
 
 
 === Commands
+==== Command: <tt>csv  path/to/system/config.yaml</tt>
+export data to CSV
+
+
+===== Options
+===== -d|--dir path/to/output/dir
+
+where to store outputs
+
+[Default Value] /tmp
+Default output directory respects env vars TMPDIR, TMP, TEMP
+
 ==== Command: <tt>help  command</tt>
 Shows a list of commands or help for one command
 
@@ -25,7 +37,7 @@ List commands one per line, to assist with shell completion
 
 
 ==== Command: <tt>ssp  path/to/system/config.yaml</tt>
-generate System Security Plan
+validate data and generate System Security Plan
 
 
 ===== Options

data/schemas/v1.0.1/certification.yaml

@@ -0,0 +1,27 @@
+---
+type: map
+class: Certification
+mapping:
+    certification_key:
+        desc: A short, unique identifier for this certification.
+        required: true
+        type: str
+        unique: true
+    name:
+        desc: A human-friendly name for the certification.
+        required: true
+        type: str
+    requires:
+        desc: List of control IDs required by the certification.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: ControlID
+              mapping:
+                  standard_key:
+                      required: true
+                      type: str
+                  control_key:
+                      required: true
+                      type: str