octool 0.0.7 → 0.0.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/octool +8 -1
- data/lib/octool.rb +1 -0
- data/lib/octool/constants.rb +2 -1
- data/lib/octool/ssp.rb +35 -8
- data/lib/octool/system.rb +4 -0
- data/lib/octool/version.rb +1 -1
- data/octool.rdoc +8 -1
- data/schemas/v1.0.2/certification.yaml +27 -0
- data/schemas/v1.0.2/component.yaml +60 -0
- data/schemas/v1.0.2/config.yaml +111 -0
- data/schemas/v1.0.2/standard.yaml +50 -0
- data/templates/glossary.erb +173 -0
- data/templates/ssp.erb +237 -23
- metadata +21 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b2bc082300d2393b604bc09640def5bf7ad2cb0b05cf23b45f6e008a5d964547
|
4
|
+
data.tar.gz: 02b576ce174d710fd07e922f1f5aa818dec7114ee931ff39cbf3a2db8d64da1c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 62fce55d3097c779050eab057ae9b167c72ef8b9a4b257a47630bff1518b6cce1f27a21a547e262862de3fa8608cf894582a2654ea665cc89d3dd819870bf99e
|
7
|
+
data.tar.gz: 64e7035d4ec01fcbb2c87665f8c1b4177561f0af8d3f4a6c226453f9f8c50e5d91c843351aefeea59f498edff066830a940a789c9cbb59b2372631c1fb01d9d9
|
data/bin/octool
CHANGED
@@ -77,12 +77,19 @@ class App
|
|
77
77
|
s.arg_name 'path/to/output/dir'
|
78
78
|
s.flag [:d, :dir]
|
79
79
|
|
80
|
+
s.desc 'Set SSP version'
|
81
|
+
s.default_value OCTool::DEFAULT_SSP_VERSION
|
82
|
+
s.long_desc 'Underscores are replaced by spaces'
|
83
|
+
s.arg_name 'VERSION'
|
84
|
+
s.flag :version
|
85
|
+
|
80
86
|
s.action do |global_options, options, args|
|
81
87
|
export_dir = options[:dir]
|
82
88
|
config_file = find_config(args)
|
83
89
|
system = OCTool::Parser.new(config_file).load_system
|
84
90
|
Dir.chdir File.dirname(config_file) do
|
85
|
-
OCTool::SSP.new(system, export_dir).generate
|
91
|
+
OCTool::SSP.new(system, export_dir).generate(options[:version])
|
92
|
+
OCTool::SSP.new(system, export_dir).generate(options[:version], 'glossary')
|
86
93
|
end
|
87
94
|
end
|
88
95
|
end
|
data/lib/octool.rb
CHANGED
data/lib/octool/constants.rb
CHANGED
@@ -1,9 +1,10 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module OCTool
|
4
|
-
LATEST_SCHEMA_VERSION = 'v1.0.
|
4
|
+
LATEST_SCHEMA_VERSION = 'v1.0.2'
|
5
5
|
BASE_SCHEMA_DIR = File.join(File.dirname(__FILE__), '..', '..', 'schemas').freeze
|
6
6
|
ERB_DIR = File.join(File.dirname(__FILE__), '..', '..', 'templates').freeze
|
7
7
|
DEFAULT_CONFIG_FILENAME = 'config.yaml'
|
8
8
|
DEFAULT_OUTPUT_DIR = '/data'
|
9
|
+
DEFAULT_SSP_VERSION = 'unset'
|
9
10
|
end
|
data/lib/octool/ssp.rb
CHANGED
@@ -1,13 +1,25 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'date'
|
3
4
|
require 'erb'
|
4
5
|
|
5
6
|
module OCTool
|
6
7
|
# Build DB, CSV, and markdown.
|
7
8
|
class SSP
|
9
|
+
attr_reader :build_date
|
10
|
+
attr_reader :version
|
11
|
+
|
8
12
|
def initialize(system, output_dir)
|
9
13
|
@system = system
|
10
14
|
@output_dir = output_dir
|
15
|
+
@template_name = 'ssp'
|
16
|
+
@version = OCTool::DEFAULT_SSP_VERSION
|
17
|
+
@build_date = DateTime.now
|
18
|
+
end
|
19
|
+
|
20
|
+
def version=(version)
|
21
|
+
# LaTeX fancyheader aborts on underscore in footer.
|
22
|
+
@version = version.to_s.gsub(/_+/, ' ')
|
11
23
|
end
|
12
24
|
|
13
25
|
def pandoc
|
@@ -22,37 +34,48 @@ module OCTool
|
|
22
34
|
exit(1)
|
23
35
|
end
|
24
36
|
|
25
|
-
def generate
|
37
|
+
def generate(version = nil, template_name = 'ssp')
|
38
|
+
self.version = version if version
|
39
|
+
@template_name = template_name if template_name
|
26
40
|
unless File.writable?(@output_dir)
|
27
41
|
warn "[FAIL] #{@output_dir} is not writable"
|
28
42
|
exit(1)
|
29
43
|
end
|
30
44
|
render_template
|
45
|
+
write_acronyms
|
31
46
|
write 'pdf'
|
32
47
|
write 'docx'
|
33
48
|
end
|
34
49
|
|
35
50
|
def render_template
|
36
51
|
print "Building markdown #{md_path} ... "
|
37
|
-
template_path = File.join(ERB_DIR, 'ssp.erb')
|
38
52
|
template = File.read(template_path)
|
39
53
|
output = ERB.new(template, nil, '-').result(binding)
|
40
54
|
File.open(md_path, 'w') { |f| f.puts output }
|
41
55
|
puts 'done'
|
42
56
|
end
|
43
57
|
|
58
|
+
def write_acronyms
|
59
|
+
return unless @system.acronyms
|
60
|
+
|
61
|
+
out_path = File.join(@output_dir, 'acronyms.json')
|
62
|
+
File.open(out_path, 'w') { |f| f.write JSON.pretty_generate(@system.acronyms) }
|
63
|
+
ENV['PANDOC_ACRONYMS_ACRONYMS'] = out_path
|
64
|
+
end
|
65
|
+
|
44
66
|
# rubocop:disable Metrics/AbcSize,Metrics/MethodLength
|
45
67
|
def write(type = 'pdf')
|
46
|
-
out_path = File.join(@output_dir, "
|
68
|
+
out_path = File.join(@output_dir, "#{@template_name}.#{type}")
|
47
69
|
print "Building #{out_path} ... "
|
48
70
|
converter = pandoc.configure do
|
49
|
-
from 'markdown'
|
71
|
+
from 'markdown+autolink_bare_uris'
|
50
72
|
to type
|
51
73
|
pdf_engine 'lualatex'
|
52
|
-
toc
|
53
|
-
toc_depth 3
|
54
|
-
number_sections
|
55
74
|
highlight_style 'pygments'
|
75
|
+
filter 'pandoc-acronyms' if ENV['PANDOC_ACRONYMS_ACRONYMS']
|
76
|
+
# https://en.wikibooks.org/wiki/LaTeX/Source_Code_Listings#Encoding_issue
|
77
|
+
# Uncomment the following line after the "listings" package is compatible with utf8
|
78
|
+
# listings
|
56
79
|
end
|
57
80
|
output = converter << File.read(md_path)
|
58
81
|
File.new(out_path, 'wb').write(output)
|
@@ -61,7 +84,11 @@ module OCTool
|
|
61
84
|
# rubocop:enable Metrics/AbcSize,Metrics/MethodLength
|
62
85
|
|
63
86
|
def md_path
|
64
|
-
|
87
|
+
File.join(@output_dir, "#{@template_name}.md")
|
88
|
+
end
|
89
|
+
|
90
|
+
def template_path
|
91
|
+
File.join(ERB_DIR, "#{@template_name}.erb")
|
65
92
|
end
|
66
93
|
end
|
67
94
|
end
|
data/lib/octool/system.rb
CHANGED
data/lib/octool/version.rb
CHANGED
data/octool.rdoc
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
== octool - Open Compliance Tool
|
2
2
|
|
3
|
-
v0.0.
|
3
|
+
v0.0.12
|
4
4
|
|
5
5
|
=== Global Options
|
6
6
|
=== --help
|
@@ -48,6 +48,13 @@ where to store outputs
|
|
48
48
|
[Default Value] /tmp
|
49
49
|
Default output directory respects env vars TMPDIR, TMP, TEMP
|
50
50
|
|
51
|
+
===== --version VERSION
|
52
|
+
|
53
|
+
Set SSP version
|
54
|
+
|
55
|
+
[Default Value] unset
|
56
|
+
Underscores are replaced by spaces
|
57
|
+
|
51
58
|
==== Command: <tt>validate </tt>
|
52
59
|
Check sanity of configuration
|
53
60
|
|
@@ -0,0 +1,27 @@
|
|
1
|
+
---
|
2
|
+
type: map
|
3
|
+
class: Certification
|
4
|
+
mapping:
|
5
|
+
certification_key:
|
6
|
+
desc: A short, unique identifier for this certification.
|
7
|
+
required: true
|
8
|
+
type: str
|
9
|
+
unique: true
|
10
|
+
name:
|
11
|
+
desc: A human-friendly name for the certification.
|
12
|
+
required: true
|
13
|
+
type: str
|
14
|
+
requires:
|
15
|
+
desc: List of control IDs required by the certification.
|
16
|
+
required: true
|
17
|
+
type: seq
|
18
|
+
sequence:
|
19
|
+
- type: map
|
20
|
+
class: ControlID
|
21
|
+
mapping:
|
22
|
+
standard_key:
|
23
|
+
required: true
|
24
|
+
type: str
|
25
|
+
control_key:
|
26
|
+
required: true
|
27
|
+
type: str
|
@@ -0,0 +1,60 @@
|
|
1
|
+
---
|
2
|
+
type: map
|
3
|
+
class: Component
|
4
|
+
mapping:
|
5
|
+
name:
|
6
|
+
desc: Human-friendly name to appear in the SSP.
|
7
|
+
type: str
|
8
|
+
required: true
|
9
|
+
component_key:
|
10
|
+
desc: Unique identifier for referential integrity.
|
11
|
+
type: str
|
12
|
+
required: true
|
13
|
+
description:
|
14
|
+
desc: A paragraph or two that describes the component.
|
15
|
+
type: str
|
16
|
+
required: true
|
17
|
+
attestations:
|
18
|
+
desc: List of attestations.
|
19
|
+
type: seq
|
20
|
+
sequence:
|
21
|
+
- type: map
|
22
|
+
class: Attestation
|
23
|
+
mapping:
|
24
|
+
summary:
|
25
|
+
desc: Arbitrary verbiage to appear in SSP as a TLDR.
|
26
|
+
type: str
|
27
|
+
required: true
|
28
|
+
status:
|
29
|
+
desc: To what extent is this attestation "done"?
|
30
|
+
type: str
|
31
|
+
required: true
|
32
|
+
enum:
|
33
|
+
- partial
|
34
|
+
- complete
|
35
|
+
- planned
|
36
|
+
- none
|
37
|
+
date_verified:
|
38
|
+
desc: When was this last verified?
|
39
|
+
type: date
|
40
|
+
required: false
|
41
|
+
satisfies:
|
42
|
+
desc: List of control IDs covered by this attestation.
|
43
|
+
type: seq
|
44
|
+
required: false
|
45
|
+
sequence:
|
46
|
+
- type: map
|
47
|
+
class: ControlID
|
48
|
+
mapping:
|
49
|
+
standard_key:
|
50
|
+
type: text
|
51
|
+
required: true
|
52
|
+
control_key:
|
53
|
+
type: text
|
54
|
+
required: true
|
55
|
+
narrative:
|
56
|
+
desc: |
|
57
|
+
Explain how attestation satisfies the indicated controls.
|
58
|
+
The content should be in markdown format.
|
59
|
+
type: str
|
60
|
+
required: true
|
@@ -0,0 +1,111 @@
|
|
1
|
+
---
|
2
|
+
type: map
|
3
|
+
class: Config
|
4
|
+
mapping:
|
5
|
+
schema_version:
|
6
|
+
desc: |
|
7
|
+
Must match one of the schema directories in the octool source.
|
8
|
+
required: true
|
9
|
+
type: str
|
10
|
+
|
11
|
+
logo:
|
12
|
+
desc: Image for title page.
|
13
|
+
required: false
|
14
|
+
type: map
|
15
|
+
class: Logo
|
16
|
+
mapping:
|
17
|
+
path:
|
18
|
+
desc: Path to image.
|
19
|
+
type: str
|
20
|
+
required: true
|
21
|
+
width:
|
22
|
+
desc: Width of image, such as "1in" or "254mm"
|
23
|
+
type: str
|
24
|
+
required: true
|
25
|
+
|
26
|
+
name:
|
27
|
+
desc: Human-friendly to appear in the SSP.
|
28
|
+
required: true
|
29
|
+
type: str
|
30
|
+
|
31
|
+
overview:
|
32
|
+
desc: Human-friendly description to appear in the SSP.
|
33
|
+
required: true
|
34
|
+
type: str
|
35
|
+
|
36
|
+
maintainers:
|
37
|
+
desc: Who should somebody contact for questions about this SSP?
|
38
|
+
required: true
|
39
|
+
type: seq
|
40
|
+
sequence:
|
41
|
+
- type: str
|
42
|
+
|
43
|
+
metadata:
|
44
|
+
desc: Optional metadata.
|
45
|
+
required: false
|
46
|
+
type: map
|
47
|
+
class: Metadata
|
48
|
+
mapping:
|
49
|
+
abstract:
|
50
|
+
desc: Abstract appears in document metadata.
|
51
|
+
required: false
|
52
|
+
type: str
|
53
|
+
description:
|
54
|
+
desc: Description appears in document metadata.
|
55
|
+
required: false
|
56
|
+
type: str
|
57
|
+
'=':
|
58
|
+
desc: Arbitrary key:value pair of strings.
|
59
|
+
type: str
|
60
|
+
|
61
|
+
includes:
|
62
|
+
desc: Additional files to include from the system repo.
|
63
|
+
required: true
|
64
|
+
type: seq
|
65
|
+
sequence:
|
66
|
+
- type: map
|
67
|
+
class: Include
|
68
|
+
mapping:
|
69
|
+
type:
|
70
|
+
required: true
|
71
|
+
type: str
|
72
|
+
enum:
|
73
|
+
- certification
|
74
|
+
- component
|
75
|
+
- standard
|
76
|
+
path:
|
77
|
+
desc: Path must be relative within the repo.
|
78
|
+
required: true
|
79
|
+
type: str
|
80
|
+
|
81
|
+
acronyms:
|
82
|
+
desc: |
|
83
|
+
List of acronyms to be referenced in the doc.
|
84
|
+
|
85
|
+
The acronyms follow the forms and usage described by the pandoc filter
|
86
|
+
https://gitlab.com/mirkoboehm/pandoc-acronyms
|
87
|
+
|
88
|
+
If your config.yaml includes acronyms, the filter is automatically invoked.
|
89
|
+
required: false
|
90
|
+
type: map
|
91
|
+
mapping:
|
92
|
+
'=':
|
93
|
+
desc: |
|
94
|
+
Acronym as used in the doc source, such as "bba".
|
95
|
+
The source usually refers to the acronym with syntax "[!bba]",
|
96
|
+
but other syntax forms are possible (see upstream doc).
|
97
|
+
type: map
|
98
|
+
class: Acronym
|
99
|
+
mapping:
|
100
|
+
shortform:
|
101
|
+
desc: The short form of the expanded acronym, such as "BBA".
|
102
|
+
required: true
|
103
|
+
type: str
|
104
|
+
longform:
|
105
|
+
desc: |
|
106
|
+
The expanded form of the abbreviation, such as "Beer Brewing Attitude".
|
107
|
+
The first instance of "[!bba]" in the doc is automatically expanded to
|
108
|
+
"<longform> (<shortform>)".
|
109
|
+
Example: "[!bba]" expands to "Beer Brewing Attitude (BBA)".
|
110
|
+
required: true
|
111
|
+
type: str
|
@@ -0,0 +1,50 @@
|
|
1
|
+
---
|
2
|
+
type: map
|
3
|
+
class: Standard
|
4
|
+
mapping:
|
5
|
+
name:
|
6
|
+
desc: Human-friendly name to appear in SSP.
|
7
|
+
type: str
|
8
|
+
required: true
|
9
|
+
|
10
|
+
standard_key:
|
11
|
+
desc: Unique ID to use within YAML files.
|
12
|
+
type: str
|
13
|
+
required: true
|
14
|
+
|
15
|
+
families:
|
16
|
+
desc: Optional list of control families.
|
17
|
+
type: seq
|
18
|
+
required: false
|
19
|
+
sequence:
|
20
|
+
- type: map
|
21
|
+
class: ControlFamily
|
22
|
+
mapping:
|
23
|
+
family_key:
|
24
|
+
desc: Unique ID of the family
|
25
|
+
type: str
|
26
|
+
unique: true
|
27
|
+
name:
|
28
|
+
desc: Human-friendly name of the family
|
29
|
+
type: str
|
30
|
+
controls:
|
31
|
+
desc: Mandatory list of controls defined by the standard.
|
32
|
+
required: true
|
33
|
+
type: seq
|
34
|
+
sequence:
|
35
|
+
- type: map
|
36
|
+
class: Control
|
37
|
+
mapping:
|
38
|
+
control_key:
|
39
|
+
type: str
|
40
|
+
unique: true
|
41
|
+
required: true
|
42
|
+
family_key:
|
43
|
+
type: str
|
44
|
+
required: false
|
45
|
+
name:
|
46
|
+
type: str
|
47
|
+
required: true
|
48
|
+
description:
|
49
|
+
type: str
|
50
|
+
required: true
|
@@ -0,0 +1,173 @@
|
|
1
|
+
---
|
2
|
+
<% if @system.config['logo'] -%>
|
3
|
+
title: |
|
4
|
+
![](<%= @system.config['logo']['path'] -%>){width=<%= @system.config['logo']['width'] %>}
|
5
|
+
|
6
|
+
Glossary
|
7
|
+
<% else %>
|
8
|
+
title: "Glossary"
|
9
|
+
<% end %>
|
10
|
+
|
11
|
+
subtitle: |
|
12
|
+
<%=build_date.strftime('%Y-%b-%d')%>
|
13
|
+
|
14
|
+
<% unless version == OCTool::DEFAULT_SSP_VERSION -%>
|
15
|
+
Version <%=version%>
|
16
|
+
<% end -%>
|
17
|
+
|
18
|
+
fontsize: 11pt
|
19
|
+
mainfont: NotoSans
|
20
|
+
monofont: NotoSansMono-ExtraCondensed
|
21
|
+
mainfontoptions:
|
22
|
+
- Numbers=Lowercase
|
23
|
+
- Numbers=Proportional
|
24
|
+
- UprightFont=*
|
25
|
+
- ItalicFont=*-Italic
|
26
|
+
- BoldFont=*-Bold
|
27
|
+
- BoldItalicFont=*-BoldItalic
|
28
|
+
|
29
|
+
colorlinks: true
|
30
|
+
linkcolor: black # internal links (e.g., lof and lot)
|
31
|
+
urlcolor: blue
|
32
|
+
|
33
|
+
documentclass: article
|
34
|
+
classoption:
|
35
|
+
- onecolumn
|
36
|
+
- oneside
|
37
|
+
- portrait
|
38
|
+
|
39
|
+
pagestyle: headings
|
40
|
+
papersize: letter
|
41
|
+
geometry:
|
42
|
+
- top=2cm
|
43
|
+
- left=3cm
|
44
|
+
- right=2cm
|
45
|
+
- bottom=2cm
|
46
|
+
|
47
|
+
header-includes:
|
48
|
+
- |
|
49
|
+
```{=latex}
|
50
|
+
% https://ctan.org/pkg/metalogo?lang=en
|
51
|
+
\usepackage{metalogo}
|
52
|
+
```
|
53
|
+
- |
|
54
|
+
```{=latex}
|
55
|
+
% https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#left-aligning-tables-in-latex
|
56
|
+
\usepackage[margins=raggedright]{floatrow}
|
57
|
+
```
|
58
|
+
- |
|
59
|
+
```{=latex}
|
60
|
+
% https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#definition-list-terms-on-their-own-line-in-latex
|
61
|
+
% "Clone" the original \item command
|
62
|
+
\let\originalitem\item
|
63
|
+
|
64
|
+
% Create variable with default value false to use later
|
65
|
+
% http://handyfloss.net/2007.08/latex-programming-how-to-implement-conditionals/
|
66
|
+
\newif \ifonelinedef
|
67
|
+
\onelinedeffalse
|
68
|
+
|
69
|
+
% Redefine the \item command using the "clone"
|
70
|
+
\makeatletter
|
71
|
+
\renewcommand{\item}[1][\@nil] {%
|
72
|
+
\def \tmp {#1}%
|
73
|
+
\ifx \tmp \@nnil
|
74
|
+
\originalitem
|
75
|
+
\else
|
76
|
+
\ifonelinedef
|
77
|
+
\originalitem[#1]\vspace{4mm}\par
|
78
|
+
\else
|
79
|
+
\originalitem[#1]\hfill\par
|
80
|
+
\fi
|
81
|
+
\fi
|
82
|
+
}
|
83
|
+
\makeatother
|
84
|
+
```
|
85
|
+
- |
|
86
|
+
```{=latex}
|
87
|
+
% The are at least two ways to configure how LaTeX floats figures.
|
88
|
+
%
|
89
|
+
% 1. One approach is described in section 17.2 of
|
90
|
+
% http://tug.ctan.org/tex-archive/info/epslatex/english/epslatex.pdf
|
91
|
+
% However, the approach described there requires to teach people
|
92
|
+
% how to write LaTeX cross-references in markdown.
|
93
|
+
%
|
94
|
+
% 2. Force figures, listings, etc., to float "[H]ere".
|
95
|
+
% This is a LaTeX anti-pattern because it causes large gaps of whitespace on some pages.
|
96
|
+
% This approach avoids having to teach people to create LaTeX cross-references.
|
97
|
+
% https://tex.stackexchange.com/a/101726
|
98
|
+
%
|
99
|
+
% Use option 2.
|
100
|
+
\usepackage{float}
|
101
|
+
\floatplacement{figure}{H}
|
102
|
+
```
|
103
|
+
- |
|
104
|
+
```{=latex}
|
105
|
+
% https://tex.stackexchange.com/a/32537
|
106
|
+
\usepackage{lastpage}
|
107
|
+
|
108
|
+
% https://ctan.org/pkg/fancyhdr?lang=en
|
109
|
+
\usepackage{fancyhdr}
|
110
|
+
|
111
|
+
\pagestyle{fancy}
|
112
|
+
<% unless version == OCTool::DEFAULT_SSP_VERSION %>
|
113
|
+
\fancyfoot[L]{Version: <%=version-%>}
|
114
|
+
<% end %>
|
115
|
+
\fancyfoot[C]{<%=build_date.strftime('%Y-%b-%d')-%>}
|
116
|
+
\fancyfoot[R]{\thepage\ of\ \pageref{LastPage}}
|
117
|
+
\renewcommand{\footrulewidth}{0.4pt} % thickness
|
118
|
+
\renewcommand{\headrulewidth}{0.4pt} % thickness
|
119
|
+
\fancypagestyle{plain}{\fancyhead{}\renewcommand{\headrule}{}}
|
120
|
+
```
|
121
|
+
- |
|
122
|
+
```{=latex}
|
123
|
+
% Which bullet glyphs are avaiable?
|
124
|
+
% http://texdoc.net/texmf-dist/doc/latex/comprehensive/symbols-a4.pdf TABLE 50
|
125
|
+
%
|
126
|
+
% https://learnbyexample.github.io/tutorial/ebook-generation/customizing-pandoc/
|
127
|
+
% https://tex.stackexchange.com/questions/174244/change-the-shape-of-the-bullet-list
|
128
|
+
% https://texblog.org/2008/10/16/lists-enumerate-itemize-description-and-how-to-change-them/
|
129
|
+
% https://tex.stackexchange.com/a/64899
|
130
|
+
% https://ctan.org/pkg/enumitem?lang=en
|
131
|
+
% https://www.latex4technics.com/?note=2vy0
|
132
|
+
%
|
133
|
+
%\usepackage{amsfonts}
|
134
|
+
%
|
135
|
+
% Make bullets small
|
136
|
+
%\renewcommand{\labelitemi}{\tiny $\textbullet$}
|
137
|
+
%\renewcommand{\labelitemii}{\tiny $\textopenbullet$}
|
138
|
+
%\renewcommand{\labelitemiii}{\tiny $\triangleright$}
|
139
|
+
%
|
140
|
+
% Align bullets to left margin and make small
|
141
|
+
% https://tex.stackexchange.com/a/86408
|
142
|
+
%\usepackage{enumitem}
|
143
|
+
%\usepackage{graphicx}
|
144
|
+
%\setlist[itemize,1]{leftmargin=*,label=\scalebox{.8}{$\textbullet$}}
|
145
|
+
%\setlist[itemize,2]{leftmargin=*,label=\scalebox{.8}{$\textopenbullet$}}
|
146
|
+
%\setlist[itemize,3]{leftmargin=*,label=\scalebox{.8}{\triangleright}}
|
147
|
+
%
|
148
|
+
% Align bullets to left margin and use normal font
|
149
|
+
\usepackage{enumitem}
|
150
|
+
\setlist[itemize,1]{leftmargin=*,label=$\textbullet$}
|
151
|
+
\setlist[itemize,2]{leftmargin=*,label=$\textopenbullet$}
|
152
|
+
\setlist[itemize,3]{leftmargin=*,label=\triangleright}
|
153
|
+
%
|
154
|
+
% Align bullets to left margin and use slightly smaller font
|
155
|
+
%\usepackage{MnSymbol}
|
156
|
+
%\setlist[itemize,1]{leftmargin=*,label=$\bullet$}
|
157
|
+
%\setlist[itemize,2]{leftmargin=*,label=$\circ$}
|
158
|
+
%\setlist[itemize,3]{leftmargin=*,label=\blacktriangleright}
|
159
|
+
```
|
160
|
+
---
|
161
|
+
|
162
|
+
<% if @system.config['acronyms'] %>
|
163
|
+
|
164
|
+
<!-- Force glossary to be typeset as oneline definitions. -->
|
165
|
+
\onelinedeftrue
|
166
|
+
|
167
|
+
<% @system.config['acronyms'].values.sort_by { |a| a['shortform'] }. each do |a| %>
|
168
|
+
<%=a['shortform']%>
|
169
|
+
~ <%=a['longform']%>
|
170
|
+
|
171
|
+
<% end %>
|
172
|
+
\onelinedeffalse
|
173
|
+
<% end %>
|
data/templates/ssp.erb
CHANGED
@@ -8,10 +8,17 @@ title: |
|
|
8
8
|
title: "<%= @system.config['name'] -%>"
|
9
9
|
<% end %>
|
10
10
|
|
11
|
-
subtitle:
|
11
|
+
subtitle: |
|
12
|
+
System Security Plan
|
13
|
+
|
14
|
+
<%=build_date.strftime('%Y-%b-%d')%>
|
15
|
+
|
16
|
+
<% unless version == OCTool::DEFAULT_SSP_VERSION -%>
|
17
|
+
Version <%=version%>
|
18
|
+
<% end -%>
|
12
19
|
|
13
20
|
author:
|
14
|
-
<% @system.config['maintainers'].each do |maintainer|
|
21
|
+
<% @system.config['maintainers'].each do |maintainer| -%>
|
15
22
|
- <%= maintainer -%>
|
16
23
|
<% end %>
|
17
24
|
|
@@ -23,7 +30,6 @@ description: |
|
|
23
30
|
|
24
31
|
fontsize: 11pt
|
25
32
|
mainfont: NotoSans
|
26
|
-
#monofont: NotoSansMono-ExtraCondensedLight
|
27
33
|
monofont: NotoSansMono-ExtraCondensed
|
28
34
|
mainfontoptions:
|
29
35
|
- Numbers=Lowercase
|
@@ -39,6 +45,10 @@ colorlinks: true
|
|
39
45
|
linkcolor: black # internal links (e.g., lof and lot)
|
40
46
|
urlcolor: blue
|
41
47
|
|
48
|
+
toc: true
|
49
|
+
toc_depth: 3
|
50
|
+
numbersections: true
|
51
|
+
|
42
52
|
documentclass: report
|
43
53
|
classoption:
|
44
54
|
- onecolumn
|
@@ -49,28 +59,176 @@ pagestyle: headings
|
|
49
59
|
papersize: letter
|
50
60
|
geometry:
|
51
61
|
- top=2cm
|
52
|
-
- left=
|
62
|
+
- left=3cm
|
53
63
|
- right=2cm
|
54
64
|
- bottom=2cm
|
65
|
+
|
66
|
+
header-includes:
|
67
|
+
- |
|
68
|
+
```{=latex}
|
69
|
+
% https://ctan.org/pkg/metalogo?lang=en
|
70
|
+
\usepackage{metalogo}
|
71
|
+
```
|
72
|
+
- |
|
73
|
+
```{=latex}
|
74
|
+
% https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#left-aligning-tables-in-latex
|
75
|
+
\usepackage[margins=raggedright]{floatrow}
|
76
|
+
```
|
77
|
+
- |
|
78
|
+
```{=latex}
|
79
|
+
% https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#definition-list-terms-on-their-own-line-in-latex
|
80
|
+
% "Clone" the original \item command
|
81
|
+
\let\originalitem\item
|
82
|
+
|
83
|
+
% Create variable with default value false to use later
|
84
|
+
% http://handyfloss.net/2007.08/latex-programming-how-to-implement-conditionals/
|
85
|
+
\newif \ifonelinedef
|
86
|
+
\onelinedeffalse
|
87
|
+
|
88
|
+
% Redefine the \item command using the "clone"
|
89
|
+
\makeatletter
|
90
|
+
\renewcommand{\item}[1][\@nil] {%
|
91
|
+
\def \tmp {#1}%
|
92
|
+
\ifx \tmp \@nnil
|
93
|
+
\originalitem
|
94
|
+
\else
|
95
|
+
\ifonelinedef
|
96
|
+
\originalitem[#1]\vspace{4mm}\par
|
97
|
+
\else
|
98
|
+
\originalitem[#1]\hfill\par
|
99
|
+
\fi
|
100
|
+
\fi
|
101
|
+
}
|
102
|
+
\makeatother
|
103
|
+
```
|
104
|
+
- |
|
105
|
+
```{=latex}
|
106
|
+
% The are at least two ways to configure how LaTeX floats figures.
|
107
|
+
%
|
108
|
+
% 1. One approach is described in section 17.2 of
|
109
|
+
% http://tug.ctan.org/tex-archive/info/epslatex/english/epslatex.pdf
|
110
|
+
% However, the approach described there requires to teach people
|
111
|
+
% how to write LaTeX cross-references in markdown.
|
112
|
+
%
|
113
|
+
% 2. Force figures, listings, etc., to float "[H]ere".
|
114
|
+
% This is a LaTeX anti-pattern because it causes large gaps of whitespace on some pages.
|
115
|
+
% This approach avoids having to teach people to create LaTeX cross-references.
|
116
|
+
% https://tex.stackexchange.com/a/101726
|
117
|
+
%
|
118
|
+
% Use option 2.
|
119
|
+
\usepackage{float}
|
120
|
+
\floatplacement{figure}{H}
|
121
|
+
```
|
122
|
+
- |
|
123
|
+
```{=latex}
|
124
|
+
% https://tex.stackexchange.com/a/32537
|
125
|
+
\usepackage{lastpage}
|
126
|
+
|
127
|
+
% https://ctan.org/pkg/fancyhdr?lang=en
|
128
|
+
\usepackage{fancyhdr}
|
129
|
+
|
130
|
+
\pagestyle{fancy}
|
131
|
+
<% unless version == OCTool::DEFAULT_SSP_VERSION %>
|
132
|
+
\fancyfoot[L]{Version: <%=version-%>}
|
133
|
+
<% end %>
|
134
|
+
\fancyfoot[C]{<%=build_date.strftime('%Y-%b-%d')-%>}
|
135
|
+
\fancyfoot[R]{\thepage\ of\ \pageref{LastPage}}
|
136
|
+
\renewcommand{\footrulewidth}{0.4pt} % thickness
|
137
|
+
\renewcommand{\headrulewidth}{0.4pt} % thickness
|
138
|
+
\fancypagestyle{plain}{\fancyhead{}\renewcommand{\headrule}{}}
|
139
|
+
```
|
140
|
+
- |
|
141
|
+
```{=latex}
|
142
|
+
% Which bullet glyphs are avaiable?
|
143
|
+
% http://texdoc.net/texmf-dist/doc/latex/comprehensive/symbols-a4.pdf TABLE 50
|
144
|
+
%
|
145
|
+
% https://learnbyexample.github.io/tutorial/ebook-generation/customizing-pandoc/
|
146
|
+
% https://tex.stackexchange.com/questions/174244/change-the-shape-of-the-bullet-list
|
147
|
+
% https://texblog.org/2008/10/16/lists-enumerate-itemize-description-and-how-to-change-them/
|
148
|
+
% https://tex.stackexchange.com/a/64899
|
149
|
+
% https://ctan.org/pkg/enumitem?lang=en
|
150
|
+
% https://www.latex4technics.com/?note=2vy0
|
151
|
+
%
|
152
|
+
%\usepackage{amsfonts}
|
153
|
+
%
|
154
|
+
% Make bullets small
|
155
|
+
%\renewcommand{\labelitemi}{\tiny $\textbullet$}
|
156
|
+
%\renewcommand{\labelitemii}{\tiny $\textopenbullet$}
|
157
|
+
%\renewcommand{\labelitemiii}{\tiny $\triangleright$}
|
158
|
+
%
|
159
|
+
% Align bullets to left margin and make small
|
160
|
+
% https://tex.stackexchange.com/a/86408
|
161
|
+
%\usepackage{enumitem}
|
162
|
+
%\usepackage{graphicx}
|
163
|
+
%\setlist[itemize,1]{leftmargin=*,label=\scalebox{.8}{$\textbullet$}}
|
164
|
+
%\setlist[itemize,2]{leftmargin=*,label=\scalebox{.8}{$\textopenbullet$}}
|
165
|
+
%\setlist[itemize,3]{leftmargin=*,label=\scalebox{.8}{\triangleright}}
|
166
|
+
%
|
167
|
+
% Align bullets to left margin and use normal font
|
168
|
+
\usepackage{enumitem}
|
169
|
+
\setlist[itemize,1]{leftmargin=*,label=$\textbullet$}
|
170
|
+
\setlist[itemize,2]{leftmargin=*,label=$\textopenbullet$}
|
171
|
+
\setlist[itemize,3]{leftmargin=*,label=\triangleright}
|
172
|
+
%
|
173
|
+
% Align bullets to left margin and use slightly smaller font
|
174
|
+
%\usepackage{MnSymbol}
|
175
|
+
%\setlist[itemize,1]{leftmargin=*,label=$\bullet$}
|
176
|
+
%\setlist[itemize,2]{leftmargin=*,label=$\circ$}
|
177
|
+
%\setlist[itemize,3]{leftmargin=*,label=\blacktriangleright}
|
178
|
+
```
|
55
179
|
---
|
56
180
|
|
57
|
-
#
|
181
|
+
# Introduction
|
58
182
|
|
59
|
-
##
|
183
|
+
## About this document
|
60
184
|
|
61
|
-
|
185
|
+
A System Security Plan (SSP) is a document to describe security controls in use
|
186
|
+
on an information system and their implementation. An SSP provides:
|
187
|
+
|
188
|
+
- Narrative of security control implementation
|
189
|
+
- Description of components and services
|
190
|
+
- System data flows and authorization boundaries
|
191
|
+
|
192
|
+
The SSP is also a tool to guide the assessment of the effectiveness
|
193
|
+
of controls within the system.
|
62
194
|
|
63
195
|
## Standards
|
64
196
|
|
65
|
-
This
|
197
|
+
This SSP draws from these standards:
|
66
198
|
|
67
199
|
<% @system.standards.each do |s| -%>
|
68
|
-
- <%=
|
200
|
+
- <%=s['name']-%> (<%=s['standard_key']-%>)
|
69
201
|
<% end %>
|
70
202
|
|
71
203
|
The full copy of each standard is included in the appendix.
|
72
204
|
|
73
205
|
|
206
|
+
## Certifications
|
207
|
+
|
208
|
+
A certification is a logical grouping of controls that are of interest to
|
209
|
+
a given subject. A particular certification does not necessarily target all
|
210
|
+
controls from a standard, nor does a particular certification need to draw
|
211
|
+
from a single standard.
|
212
|
+
|
213
|
+
This SSP addresses these certifications:
|
214
|
+
|
215
|
+
<% @system.certifications.each do |c| -%>
|
216
|
+
- <%=c['name']%>
|
217
|
+
|
218
|
+
<% c['requires'].each do |r| -%>
|
219
|
+
- <%=r['standard_key']-%> control <%=r['control_key']%>
|
220
|
+
<% end -%>
|
221
|
+
|
222
|
+
<% end %>
|
223
|
+
|
224
|
+
|
225
|
+
# <%= @system.config['name'] %>
|
226
|
+
|
227
|
+
## Overview
|
228
|
+
|
229
|
+
<%= @system.config['overview'] %>
|
230
|
+
|
231
|
+
|
74
232
|
## Components
|
75
233
|
|
76
234
|
<% @system.components.each do |c| %>
|
@@ -84,18 +242,24 @@ _The organization has not yet documented attestations for this component_.
|
|
84
242
|
The organization offers the following attestations for this component.
|
85
243
|
<% end %>
|
86
244
|
|
87
|
-
<% c['attestations'].each do |a| %>
|
245
|
+
<% c['attestations'].compact.each do |a| %>
|
88
246
|
#### <%= a['summary'] %>
|
89
247
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
<%
|
248
|
+
+----------+---------------+--------------------------------------------------------------+
|
249
|
+
| Status | Date verified | Satisfies |
|
250
|
+
+==========+===============+==============================================================+
|
251
|
+
<%
|
252
|
+
s = a['satisfies'][0]
|
253
|
+
verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
|
254
|
+
-%>
|
255
|
+
| <%=sprintf('%-8s', a['status'])-%> | <%=sprintf('%-13s', a['date_verified'])-%> | - <%=verbiage-%> |
|
256
|
+
<%
|
257
|
+
a['satisfies'][1..].each do |s|
|
258
|
+
verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
|
259
|
+
-%>
|
260
|
+
| | | - <%=verbiage-%> |
|
261
|
+
<% end -%>
|
262
|
+
+----------+---------------+--------------------------------------------------------------+
|
99
263
|
|
100
264
|
<%= a['narrative'] %>
|
101
265
|
|
@@ -111,11 +275,15 @@ Satisfies:
|
|
111
275
|
<% if s['families'] and !s['families'].empty? %>
|
112
276
|
### Families
|
113
277
|
|
114
|
-
|
115
|
-
<%= family['family_key'] %>
|
116
|
-
~ <%= family['name'] %>
|
278
|
+
<%=s['name']-%> categorizes controls into logical groups called families.
|
117
279
|
|
118
|
-
|
280
|
+
| Family abbreviation | Family name |
|
281
|
+
| -------------------------- | -------------------- |
|
282
|
+
<% s['families'].each do |family| -%>
|
283
|
+
| <%=family['family_key']-%> | <%=family['name']-%> |
|
284
|
+
<% end -%>
|
285
|
+
|
286
|
+
: Control families for <%=s['name']%>
|
119
287
|
|
120
288
|
<% end %>
|
121
289
|
|
@@ -128,3 +296,49 @@ Satisfies:
|
|
128
296
|
|
129
297
|
<% end %>
|
130
298
|
<% end %>
|
299
|
+
|
300
|
+
|
301
|
+
<% if @system.config['acronyms'] %>
|
302
|
+
# Glossary
|
303
|
+
|
304
|
+
<!-- Force glossary to be typeset as oneline definitions. -->
|
305
|
+
\onelinedeftrue
|
306
|
+
|
307
|
+
<% @system.config['acronyms'].values.sort_by { |a| a['shortform'] }. each do |a| %>
|
308
|
+
<%=a['shortform']%>
|
309
|
+
~ <%=a['longform']%>
|
310
|
+
|
311
|
+
<% end %>
|
312
|
+
\onelinedeffalse
|
313
|
+
<% end %>
|
314
|
+
|
315
|
+
|
316
|
+
# Colophon
|
317
|
+
|
318
|
+
This document was typeset in NotoSans with \LuaTeX\.
|
319
|
+
The main body font is 11-point, and
|
320
|
+
code snippets use NotoSansMono-ExtraCondensed.
|
321
|
+
|
322
|
+
The Noto family of fonts is freely available and developed by Google,
|
323
|
+
which describes Noto as:
|
324
|
+
|
325
|
+
> When text is rendered by a computer, sometimes characters are displayed as
|
326
|
+
> "tofu". They are little boxes to indicate your device doesn't have a
|
327
|
+
> font to display the text.
|
328
|
+
>
|
329
|
+
> Google has been developing a font family called Noto, which aims to support
|
330
|
+
> all languages with a harmonious look and feel. Noto is Google's answer to
|
331
|
+
> tofu. The name noto is to convey the idea that Google's goal is to see
|
332
|
+
> "no more tofu". Noto has multiple styles and weights, and is freely
|
333
|
+
> available to all.
|
334
|
+
|
335
|
+
Core tools used to produce this document:
|
336
|
+
|
337
|
+
- [Docker](https://www.docker.com/) provides a repeatable environment in
|
338
|
+
which to run the tools.
|
339
|
+
- [OCTool](https://github.com/jumanjihouse/octool)
|
340
|
+
provides a schema and wrapper to express compliance data as configuration.
|
341
|
+
- [Pandoc](https://pandoc.org/) converts extended markdown to PDF output.
|
342
|
+
- [Python](https://www.python.org/) is a core language for automation.
|
343
|
+
- [Ruby](https://www.ruby-lang.org/en/) is a core language for automation.
|
344
|
+
- [TeXLive](https://www.tug.org/texlive/) provides the \TeX\ family of tools.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: octool
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paul Morgan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -92,6 +92,20 @@ dependencies:
|
|
92
92
|
- - '='
|
93
93
|
- !ruby/object:Gem::Version
|
94
94
|
version: 2.19.0
|
95
|
+
- !ruby/object:Gem::Dependency
|
96
|
+
name: json_pure
|
97
|
+
requirement: !ruby/object:Gem::Requirement
|
98
|
+
requirements:
|
99
|
+
- - '='
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: 2.3.0
|
102
|
+
type: :runtime
|
103
|
+
prerelease: false
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
requirements:
|
106
|
+
- - '='
|
107
|
+
- !ruby/object:Gem::Version
|
108
|
+
version: 2.3.0
|
95
109
|
- !ruby/object:Gem::Dependency
|
96
110
|
name: kwalify
|
97
111
|
requirement: !ruby/object:Gem::Requirement
|
@@ -160,6 +174,11 @@ files:
|
|
160
174
|
- schemas/v1.0.1/component.yaml
|
161
175
|
- schemas/v1.0.1/config.yaml
|
162
176
|
- schemas/v1.0.1/standard.yaml
|
177
|
+
- schemas/v1.0.2/certification.yaml
|
178
|
+
- schemas/v1.0.2/component.yaml
|
179
|
+
- schemas/v1.0.2/config.yaml
|
180
|
+
- schemas/v1.0.2/standard.yaml
|
181
|
+
- templates/glossary.erb
|
163
182
|
- templates/ssp.erb
|
164
183
|
homepage: https://github.com/jumanjiman/octool
|
165
184
|
licenses:
|