octool 0.0.4 → 0.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a99d4ae79b106f19c3a49be0fd5fa84de52aaf790494a0f78e55c16fd00bbc5
-  data.tar.gz: d50899b6e334df9a7f40071f053824af296c842e7d11c8add1ae8e0b17c8313b
+  metadata.gz: 03d4e6cdc68059584e26dd26983e2085aed2bb5593b1bb78d5307bc9938401d7
+  data.tar.gz: 15f8bf0c448fb1e1091f7e6ab78fbffba50925a2a7799dd66ff939674d135cea
 SHA512:
-  metadata.gz: d447539ed45f3c6d55eaabdc04763b21a15bcfb1c9a25bcc8db050c885dba0d030634693353614243e59cec9c9622f09289c35d71aec52fdc56a1fc2922e896e
-  data.tar.gz: 728c1d363e0f30c4c3f52149088d867cefdb0b63e3b3594fbe5aa1e70b04e66749fe2466ed90643fd84e94b416367f59f26e9d4f049741f8b0bb2d61b15f6306
+  metadata.gz: a944191a813ab2ed2d122862466d79e65df9230e64ade9e73b83aefb8fcb98069bfaba0fec0876c539f63b7f229a16311b0721bd81eeb17b49b7564da2995051
+  data.tar.gz: e3b99bc6618b4192ba99a570bf6dd6a364c52540b73b39d80817a43e7364fdaf730596578756149e60cda5c0e56d3e75f643abdb11838a983f1d8943df9f0712

data/bin/octool

@@ -51,7 +51,7 @@ class App
         v.default_command :data
     end
 
-    desc 'generate System Security Plan'
+    desc 'validate data and generate System Security Plan'
     arg_name 'path/to/system/config.yaml'
     command :ssp do |s|
         s.desc 'where to store outputs'

data/lib/octool.rb

@@ -8,6 +8,7 @@ require 'pp'
 # 3rd-party libs.
 require 'kwalify'
 require 'kwalify/util/hashlike'
+require 'recursive-open-struct'
 
 # OCTool libs.
 require 'octool/constants'
@@ -15,12 +16,6 @@ require 'octool/parser'
 require 'octool/ssp'
 require 'octool/system'
 
-# Generated libs.
-require 'octool/generated/certification'
-require 'octool/generated/component'
-require 'octool/generated/config'
-require 'octool/generated/standard'
-
 # Mixins.
 module OCTool
     include Kwalify::Util::HashLike # defines [], []=, and keys?

data/lib/octool/constants.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module OCTool
-    LATEST_SCHEMA_VERSION = 'v1.0.0'
+    LATEST_SCHEMA_VERSION = 'v1.0.1'
     BASE_SCHEMA_DIR = File.join(File.dirname(__FILE__), '..', '..', 'schemas').freeze
     ERB_DIR = File.join(File.dirname(__FILE__), '..', '..', 'templates').freeze
     DEFAULT_CONFIG_FILENAME = 'config.yaml'

data/lib/octool/parser.rb

@@ -42,10 +42,11 @@ module OCTool
         def validate_file(path, type)
             parser = kwalify_parser(type)
             data = parser.parse_file(path)
+            data['type'] = type
             errors = parser.errors
             raise ValidationError.new(path, errors) unless errors.empty?
 
-            data
+            RecursiveOpenStruct.new(data, recurse_over_arrays: true, preserve_original_keys: true)
         rescue SystemCallError, Kwalify::SyntaxError, ValidationError => e
             die e.message
         end
@@ -68,36 +69,19 @@ module OCTool
             exit(1)
         end
 
-        # Check that all data files are valid.
+        # Validate and load data in one pass.
         def validate_data
             base_dir = File.dirname(@config_file)
             config = validate_file(@config_file, 'config')
+            sys = System.new(config)
             config['includes'].each do |inc|
                 path = File.join(base_dir, inc['path'])
-                type = inc['type']
-                validate_file(path, type)
+                sys.data << validate_file(path, inc['type'])
             end
-            config
+            sys
         end
 
-        def load_system
-            base_dir = File.dirname(@config_file)
-            config = load_file(@config_file, 'config')
-            system = System.new(config)
-            config.includes.each do |inc|
-                path = File.join(base_dir, inc.path)
-                system.data << load_file(path, inc.type)
-            end
-            system
-        end
-
-        def load_file(path, type)
-            die "#{File.expand_path(path)} not readable" unless File.readable?(path)
-            klass = Object.const_get("OCTool::#{type.capitalize}")
-            ydoc = Kwalify::Yaml.load_file(path)
-            klass.new(ydoc)
-        rescue SystemCallError, Kwalify::SyntaxError => e
-            die e.message
-        end
+        alias load_system validate_data
+        alias load_file validate_file
     end
 end

data/lib/octool/ssp.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'erb'
 
 module OCTool
@@ -15,13 +17,13 @@ module OCTool
                 require 'paru/pandoc'
                 Paru::Pandoc.new
             end
-        rescue UncaughtThrowError => e
+        rescue UncaughtThrowError
             STDERR.puts '[FAIL] octool requires pandoc to generate the SSP. Is pandoc installed?'
             exit(1)
         end
 
         def generate
-            if not File.writable?(@output_dir)
+            unless File.writable?(@output_dir)
                 STDERR.puts "[FAIL] #{@output_dir} is not writable"
                 exit(1)
             end
@@ -39,6 +41,7 @@ module OCTool
             puts 'done'
         end
 
+        # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
         def write(type = 'pdf')
             out_path = File.join(@output_dir, "ssp.#{type}")
             print "Building #{out_path} ... "
@@ -55,6 +58,7 @@ module OCTool
             File.new(out_path, 'wb').write(output)
             puts 'done'
         end
+        # rubocop:enable Metrics/AbcSize,Metrics/MethodLength
 
         def md_path
             @md_path ||= File.join(@output_dir, 'ssp.md')

data/lib/octool/system.rb

@@ -12,15 +12,15 @@ module OCTool
         end
 
         def certifications
-            @certifications ||= @data.select { |e| e.is_a?(OCTool::Certification) }
+            @certifications ||= @data.select { |e| e.type == 'certification' }
         end
 
         def components
-            @components ||= @data.select { |e| e.is_a?(OCTool::Component) }
+            @components ||= @data.select { |e| e.type == 'component' }
         end
 
         def standards
-            @standards ||= @data.select { |e| e.is_a?(OCTool::Standard) }
+            @standards ||= @data.select { |e| e.type == 'standard' }
         end
 
         # List of all attestations claimed by components in the system.

data/lib/octool/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OCTool
-    VERSION = '0.0.4'
+    VERSION = '0.0.5'
 end

data/octool.rdoc

@@ -1,6 +1,6 @@
 == octool - Open Compliance Tool
 
-v0.0.4
+v0.0.5
 
 === Global Options
 === --help
@@ -25,7 +25,7 @@ List commands one per line, to assist with shell completion
 
 
 ==== Command: <tt>ssp  path/to/system/config.yaml</tt>
-generate System Security Plan
+validate data and generate System Security Plan
 
 
 ===== Options

data/schemas/v1.0.1/certification.yaml

@@ -0,0 +1,27 @@
+---
+type: map
+class: Certification
+mapping:
+    certification_key:
+        desc: A short, unique identifier for this certification.
+        required: true
+        type: str
+        unique: true
+    name:
+        desc: A human-friendly name for the certification.
+        required: true
+        type: str
+    requires:
+        desc: List of control IDs required by the certification.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: ControlID
+              mapping:
+                  standard_key:
+                      required: true
+                      type: str
+                  control_key:
+                      required: true
+                      type: str

data/schemas/v1.0.1/component.yaml

@@ -0,0 +1,60 @@
+---
+type: map
+class: Component
+mapping:
+    name:
+        desc: Human-friendly name to appear in the SSP.
+        type: str
+        required: true
+    component_key:
+        desc: Unique identifier for referential integrity.
+        type: str
+        required: true
+    description:
+        desc: A paragraph or two that describes the component.
+        type: str
+        required: true
+    attestations:
+        desc: List of attestations.
+        type: seq
+        sequence:
+            - type: map
+              class: Attestation
+              mapping:
+                  summary:
+                      desc: Arbitrary verbiage to appear in SSP as a TLDR.
+                      type: str
+                      required: true
+                  status:
+                      desc: To what extent is this attestation "done"?
+                      type: str
+                      required: true
+                      enum:
+                          - partial
+                          - complete
+                          - planned
+                          - none
+                  date_verified:
+                      desc: When was this last verified?
+                      type: date
+                      required: false
+                  satisfies:
+                      desc: List of control IDs covered by this attestation.
+                      type: seq
+                      required: false
+                      sequence:
+                          - type: map
+                            class: ControlID
+                            mapping:
+                                standard_key:
+                                    type: text
+                                    required: true
+                                control_key:
+                                    type: text
+                                    required: true
+                  narrative:
+                      desc: |
+                          Explain how attestation satisfies the indicated controls.
+                          The content should be in markdown format.
+                      type: str
+                      required: true

data/schemas/v1.0.1/config.yaml

@@ -0,0 +1,79 @@
+---
+type: map
+class: Config
+mapping:
+    schema_version:
+        desc: |
+            Must match one of the schema directories in the octool source.
+        required: true
+        type: str
+
+    logo:
+        desc: Image for title page.
+        required: false
+        type: map
+        class: Logo
+        mapping:
+            path:
+                desc: Path to image.
+                type: str
+                required: true
+            width:
+                desc: Width of image, such as "1in" or "254mm"
+                type: str
+                required: true
+
+    name:
+        desc: Human-friendly to appear in the SSP.
+        required: true
+        type: str
+
+    overview:
+        desc: Human-friendly description to appear in the SSP.
+        required: true
+        type: str
+
+    maintainers:
+        desc: Who should somebody contact for questions about this SSP?
+        required: true
+        type: seq
+        sequence:
+            - type: str
+
+    metadata:
+        desc: Optional metadata.
+        required: false
+        type: map
+        class: Metadata
+        mapping:
+            abstract:
+                desc: Abstract appears in document metadata.
+                required: false
+                type: str
+            description:
+                desc: Description appears in document metadata.
+                required: false
+                type: str
+            '=':
+                desc: Arbitrary key:value pair of strings.
+                type: str
+
+    includes:
+        desc: Additional files to include from the system repo.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: Include
+              mapping:
+                  type:
+                      required: true
+                      type: str
+                      enum:
+                          - certification
+                          - component
+                          - standard
+                  path:
+                      desc: Path must be relative within the repo.
+                      required: true
+                      type: str

data/schemas/v1.0.1/standard.yaml

@@ -0,0 +1,50 @@
+---
+type: map
+class: Standard
+mapping:
+    name:
+        desc: Human-friendly name to appear in SSP.
+        type: str
+        required: true
+
+    standard_key:
+        desc: Unique ID to use within YAML files.
+        type: str
+        required: true
+
+    families:
+        desc: Optional list of control families.
+        type: seq
+        required: false
+        sequence:
+            - type: map
+              class: ControlFamily
+              mapping:
+                  family_key:
+                      desc: Unique ID of the family
+                      type: str
+                      unique: true
+                  name:
+                      desc: Human-friendly name of the family
+                      type: str
+    controls:
+        desc: Mandatory list of controls defined by the standard.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: Control
+              mapping:
+                  control_key:
+                      type: str
+                      unique: true
+                      required: true
+                  family_key:
+                      type: str
+                      required: false
+                  name:
+                      type: str
+                      required: true
+                  description:
+                      type: str
+                      required: true

data/templates/ssp.erb

@@ -1,5 +1,13 @@
 ---
+<% if @system.config.logo -%>
+title: |
+    ![](<%= @system.config.logo.path -%>){width=<%= @system.config.logo.width %>}
+
+    <%= @system.config.name %>
+<% else %>
 title: "<%= @system.config.name -%>"
+<% end %>
+
 subtitle: "System Security Plan"
 
 author:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: octool
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Paul Morgan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-17 00:00:00.000000000 Z
+date: 2020-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -134,6 +134,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.4.0.1
+- !ruby/object:Gem::Dependency
+  name: recursive-open-struct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.1.1
 description: 
 email: jumanjiman@gmail.com
 executables:
@@ -147,10 +161,6 @@ files:
 - bin/octool
 - lib/octool.rb
 - lib/octool/constants.rb
-- lib/octool/generated/certification.rb
-- lib/octool/generated/component.rb
-- lib/octool/generated/config.rb
-- lib/octool/generated/standard.rb
 - lib/octool/parser.rb
 - lib/octool/ssp.rb
 - lib/octool/system.rb
@@ -160,6 +170,10 @@ files:
 - schemas/v1.0.0/component.yaml
 - schemas/v1.0.0/config.yaml
 - schemas/v1.0.0/standard.yaml
+- schemas/v1.0.1/certification.yaml
+- schemas/v1.0.1/component.yaml
+- schemas/v1.0.1/config.yaml
+- schemas/v1.0.1/standard.yaml
 - templates/ssp.erb
 homepage: https://github.com/jumanjiman/octool
 licenses:

data/lib/octool/generated/certification.rb

@@ -1,35 +0,0 @@
-require 'kwalify/util/hashlike'
-
-module OCTool
-
-
-  class Certification
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @certification_key = hash['certification_key']
-      @name             = hash['name']
-      @requires         = (v=hash['requires']) ? v.map!{|e| e.is_a?(ControlID) ? e : ControlID.new(e)} : v
-    end
-    attr_accessor :certification_key # str
-    attr_accessor :name             # str
-    attr_accessor :requires         # seq
-  end
-
-
-  class ControlID
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @standard_key     = hash['standard_key']
-      @control_key      = hash['control_key']
-    end
-    attr_accessor :standard_key     # str
-    attr_accessor :control_key      # str
-  end
-
-end

data/lib/octool/generated/component.rb

@@ -1,57 +0,0 @@
-require 'kwalify/util/hashlike'
-
-module OCTool
-
-
-  class Component
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @name             = hash['name']
-      @component_key    = hash['component_key']
-      @description      = hash['description']
-      @attestations     = (v=hash['attestations']) ? v.map!{|e| e.is_a?(Attestation) ? e : Attestation.new(e)} : v
-    end
-    attr_accessor :name             # str
-    attr_accessor :component_key    # str
-    attr_accessor :description      # str
-    attr_accessor :attestations     # seq
-  end
-
-
-  class Attestation
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @summary          = hash['summary']
-      @status           = hash['status']
-      @date_verified    = hash['date_verified']
-      @satisfies        = (v=hash['satisfies']) ? v.map!{|e| e.is_a?(ControlID) ? e : ControlID.new(e)} : v
-      @narrative        = hash['narrative']
-    end
-    attr_accessor :summary          # str
-    attr_accessor :status           # str
-    attr_accessor :date_verified    # date
-    attr_accessor :satisfies        # seq
-    attr_accessor :narrative        # str
-  end
-
-
-  class ControlID
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @standard_key     = hash['standard_key']
-      @control_key      = hash['control_key']
-    end
-    attr_accessor :standard_key     # text
-    attr_accessor :control_key      # text
-  end
-
-end

data/lib/octool/generated/config.rb

@@ -1,55 +0,0 @@
-require 'kwalify/util/hashlike'
-
-module OCTool
-
-
-  class Config
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @schema_version   = hash['schema_version']
-      @name             = hash['name']
-      @overview         = hash['overview']
-      @maintainers      = hash['maintainers']
-      @metadata         = (v=hash['metadata']) && v.is_a?(Hash) ? Metadata.new(v) : v
-      @includes         = (v=hash['includes']) ? v.map!{|e| e.is_a?(Include) ? e : Include.new(e)} : v
-    end
-    attr_accessor :schema_version   # str
-    attr_accessor :name             # str
-    attr_accessor :overview         # str
-    attr_accessor :maintainers      # seq
-    attr_accessor :metadata         # map
-    attr_accessor :includes         # seq
-  end
-
-  ## Optional metadata.
-  class Metadata
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @abstract         = hash['abstract']
-      @description      = hash['description']
-    end
-    attr_accessor :abstract         # str
-    attr_accessor :description      # str
-  end
-
-
-  class Include
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @type             = hash['type']
-      @path             = hash['path']
-    end
-    attr_accessor :type             # str
-    attr_accessor :path             # str
-  end
-
-end

data/lib/octool/generated/standard.rb

@@ -1,55 +0,0 @@
-require 'kwalify/util/hashlike'
-
-module OCTool
-
-
-  class Standard
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @name             = hash['name']
-      @standard_key     = hash['standard_key']
-      @families         = (v=hash['families']) ? v.map!{|e| e.is_a?(ControlFamily) ? e : ControlFamily.new(e)} : v
-      @controls         = (v=hash['controls']) ? v.map!{|e| e.is_a?(Control) ? e : Control.new(e)} : v
-    end
-    attr_accessor :name             # str
-    attr_accessor :standard_key     # str
-    attr_accessor :families         # seq
-    attr_accessor :controls         # seq
-  end
-
-
-  class ControlFamily
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @family_key       = hash['family_key']
-      @name             = hash['name']
-    end
-    attr_accessor :family_key       # str
-    attr_accessor :name             # str
-  end
-
-
-  class Control
-    include Kwalify::Util::HashLike
-    def initialize(hash=nil)
-      if hash.nil?
-        return
-      end
-      @control_key      = hash['control_key']
-      @family_key       = hash['family_key']
-      @name             = hash['name']
-      @description      = hash['description']
-    end
-    attr_accessor :control_key      # str
-    attr_accessor :family_key       # str
-    attr_accessor :name             # str
-    attr_accessor :description      # str
-  end
-
-end