RubyGems - octool - Versions diffs - 0.0.7 → 0.0.8 - Mend

octool 0.0.7 → 0.0.8

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6fecd506f9519e5dea7be955335b43359dc1cf4b9b1f996410c952ec72384471
-  data.tar.gz: f841b91bd3e05d74a1dd90c634a9274119870bdb8698ac2c19685dd727ee6f06
+  metadata.gz: ed9a9d64af06f7c36bf6559eab5919e7b5488ec5a265830d757967dc60784b28
+  data.tar.gz: 0b71a16cd55225d995f0f1ff31c24517900726fe6e9a70a9ae54fa6b93b770fb
 SHA512:
-  metadata.gz: 725f37921c2943422622aad442451cf7178edd98b3f23f02ebcc27030f498290689711345a40baa160bc3054929cac00e1e2f2ff8a39cf0db6de75014a9cd324
-  data.tar.gz: 68e8b51a7784db9cb243caae5122faf05dfdcbb05b822b69b9afed5fff58fd857a93606d8adf7c5b62457642b6d6df30b4a5db2dd3f2e480f08905d6ccd36fb7
+  metadata.gz: 338981986492cd44db6b36844f833865b5ed8966c332a74ed313d12650d00fe0f8d14dccd8db04bf0421adf305619a97bc3a5f17a0ff2ee400537c087f2d7895
+  data.tar.gz: 634d4943387eae05d72ab887c7e555fcb0c119ce5a0cec02ae855dc42cdba95f46a1a553c541b388e7c6e5f0edf141c3ade05870e6e510938426535f9e0ec2f5

data/lib/octool/ssp.rb CHANGED

@@ -53,6 +53,9 @@ module OCTool
                 toc_depth 3
                 number_sections
                 highlight_style 'pygments'
+                # https://en.wikibooks.org/wiki/LaTeX/Source_Code_Listings#Encoding_issue
+                # Uncomment the following line after the "listings" package is compatible with utf8
+                # listings
             end
             output = converter << File.read(md_path)
             File.new(out_path, 'wb').write(output)

data/lib/octool/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module OCTool
-    VERSION = '0.0.7'
+    VERSION = '0.0.8'
 end

data/octool.rdoc CHANGED

@@ -1,6 +1,6 @@
 == octool - Open Compliance Tool
-v0.0.7
+v0.0.8
 === Global Options
 === --help

data/templates/ssp.erb CHANGED

@@ -52,17 +52,61 @@ geometry:
     - left=2cm
     - right=2cm
     - bottom=2cm
+header-includes:
+    - |
+        ```{=latex}
+        % https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#left-aligning-tables-in-latex
+        \usepackage[margins=raggedright]{floatrow}
+        ```
+    - |
+        ```{=latex}
+        % https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#definition-list-terms-on-their-own-line-in-latex
+        % "Clone" the original \item command
+        \let\originalitem\item
+        % Redefine the \item command using the "clone"
+        \makeatletter
+        \renewcommand{\item}[1][\@nil]{%
+            \def\tmp{#1}%
+            \ifx\tmp\@nnil\originalitem\else\originalitem[#1]\hfill\par\fi}
+        \makeatother
+        ```
+    - |
+        ```{=latex}
+        % The are at least two ways to configure how LaTeX floats figures.
+        %
+        % 1. One approach is described in section 17.2 of
+        %    http://tug.ctan.org/tex-archive/info/epslatex/english/epslatex.pdf
+        %    However, the approach described there requires to teach people
+        %    how to write LaTeX cross-references in markdown.
+        %
+        % 2. Force figures, listings, etc., to float "[H]ere".
+        %    This is a LaTeX anti-pattern because it causes large gaps of whitespace on some pages.
+        %    This approach avoids having to teach people to create LaTeX cross-references.
+        %    https://tex.stackexchange.com/a/101726
+        %
+        % Use option 2.
+        \usepackage{float}
+        \floatplacement{figure}{H}
+        ```
 ---
-# <%= @system.config['name'] %>
+# Introduction
-## Overview
+## About this document
+A System Security Plan (SSP) is a document to describe security controls in use
+on an information system and their implementation. An SSP provides:
+- Narrative of security control implementation
+- Description of components and services
+- System data flows and authorization boundaries
-<%= @system.config['overview'] %>
 ## Standards
-This System Security Plan (SSP) addresses these standards:
+This SSP draws from these standards:
 <% @system.standards.each do |s| -%>
 - <%= s['name'] %>
@@ -71,6 +115,32 @@ This System Security Plan (SSP) addresses these standards:
 The full copy of each standard is included in the appendix.
+## Certifications
+A certification is a logical grouping of controls that are of interest to
+a given subject. A particular certification does not necessarily target all
+controls from a standard, nor does a particular certification need to draw
+from a single standard.
+This SSP addresses these certifications:
+<% @system.certifications.each do |c| -%>
+- <%=c['name']%>
+<% c['requires'].each do |r| -%>
+    - <%=r['standard_key']-%> control <%=r['control_key']%>
+<% end -%>
+<% end %>
+# <%= @system.config['name'] %>
+## Overview
+<%= @system.config['overview'] %>
 ## Components
 <% @system.components.each do |c| %>
@@ -84,18 +154,24 @@ _The organization has not yet documented attestations for this component_.
 The organization offers the following attestations for this component.
 <% end %>
-<% c['attestations'].each do |a| %>
+<% c['attestations'].compact.each do |a| %>
 ####  <%= a['summary'] %>
-Status: <%= a['status'] %>
-Date verified: <%= a['date_verified'] if a['date_verified'] %>
-Satisfies:
-<% a['satisfies'].each do |cid| -%>
-- <%= cid['standard_key'] %> control <%= cid['control_key'] %>
-<% end -%>
++----------+---------------+--------------------------------------------------------------+
+| Status   | Date verified | Satisfies                                                    |
++==========+===============+==============================================================+
+<%
+s = a['satisfies'][0]
+verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
+-%>
+| <%=sprintf('%-8s', a['status'])-%> | <%=sprintf('%-13s', a['date_verified'])-%> | - <%=verbiage-%> |
+<%
+a['satisfies'][1..].each do |s|
+    verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
+-%>
+|          |               | - <%=verbiage-%> |
+<%  end -%>
++----------+---------------+--------------------------------------------------------------+
 <%= a['narrative'] %>
@@ -111,11 +187,15 @@ Satisfies:
 <% if s['families'] and !s['families'].empty? %>
 ### Families
-<% s['families'].each do |family| %>
-<%= family['family_key'] %>
-  ~ <%= family['name'] %>
+<%=s['name']-%> categorizes controls into logical groups called families.
-<% end %>
+| Family abbreviation        | Family name          |
+| -------------------------- | -------------------- |
+<% s['families'].each do |family| -%>
+| <%=family['family_key']-%> | <%=family['name']-%> |
+<% end -%>
+  : Control families for <%=s['name']%>
 <% end %>

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: octool
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors:
 - Paul Morgan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-24 00:00:00.000000000 Z
+date: 2020-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake