RubyGems - octool - Versions diffs - 0.0.7 → 0.0.8 - Mend

octool 0.0.7 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6fecd506f9519e5dea7be955335b43359dc1cf4b9b1f996410c952ec72384471
-  data.tar.gz: f841b91bd3e05d74a1dd90c634a9274119870bdb8698ac2c19685dd727ee6f06
+  metadata.gz: ed9a9d64af06f7c36bf6559eab5919e7b5488ec5a265830d757967dc60784b28
+  data.tar.gz: 0b71a16cd55225d995f0f1ff31c24517900726fe6e9a70a9ae54fa6b93b770fb
 SHA512:
-  metadata.gz: 725f37921c2943422622aad442451cf7178edd98b3f23f02ebcc27030f498290689711345a40baa160bc3054929cac00e1e2f2ff8a39cf0db6de75014a9cd324
-  data.tar.gz: 68e8b51a7784db9cb243caae5122faf05dfdcbb05b822b69b9afed5fff58fd857a93606d8adf7c5b62457642b6d6df30b4a5db2dd3f2e480f08905d6ccd36fb7
+  metadata.gz: 338981986492cd44db6b36844f833865b5ed8966c332a74ed313d12650d00fe0f8d14dccd8db04bf0421adf305619a97bc3a5f17a0ff2ee400537c087f2d7895
+  data.tar.gz: 634d4943387eae05d72ab887c7e555fcb0c119ce5a0cec02ae855dc42cdba95f46a1a553c541b388e7c6e5f0edf141c3ade05870e6e510938426535f9e0ec2f5

data/lib/octool/ssp.rb CHANGED

@@ -53,6 +53,9 @@ module OCTool
                 toc_depth 3
                 number_sections
                 highlight_style 'pygments'
+                # https://en.wikibooks.org/wiki/LaTeX/Source_Code_Listings#Encoding_issue
+                # Uncomment the following line after the "listings" package is compatible with utf8
+                # listings
             end
             output = converter << File.read(md_path)
             File.new(out_path, 'wb').write(output)

data/lib/octool/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module OCTool
-    VERSION = '0.0.7'
+    VERSION = '0.0.8'
 end

data/octool.rdoc CHANGED

@@ -1,6 +1,6 @@
 == octool - Open Compliance Tool
-v0.0.7
+v0.0.8
 === Global Options
 === --help

data/templates/ssp.erb CHANGED

@@ -52,17 +52,61 @@ geometry:
     - left=2cm
     - right=2cm
     - bottom=2cm
+header-includes:
+    - |
+        ```{=latex}
+        % https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#left-aligning-tables-in-latex
+        \usepackage[margins=raggedright]{floatrow}
+        ```
+    - |
+        ```{=latex}
+        % https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#definition-list-terms-on-their-own-line-in-latex
+        % "Clone" the original \item command
+        \let\originalitem\item
+        % Redefine the \item command using the "clone"
+        \makeatletter
+        \renewcommand{\item}[1][\@nil]{%
+            \def\tmp{#1}%
+            \ifx\tmp\@nnil\originalitem\else\originalitem[#1]\hfill\par\fi}
+        \makeatother
+        ```
+    - |
+        ```{=latex}
+        % The are at least two ways to configure how LaTeX floats figures.
+        %
+        % 1. One approach is described in section 17.2 of
+        %    http://tug.ctan.org/tex-archive/info/epslatex/english/epslatex.pdf
+        %    However, the approach described there requires to teach people
+        %    how to write LaTeX cross-references in markdown.
+        %
+        % 2. Force figures, listings, etc., to float "[H]ere".
+        %    This is a LaTeX anti-pattern because it causes large gaps of whitespace on some pages.
+        %    This approach avoids having to teach people to create LaTeX cross-references.
+        %    https://tex.stackexchange.com/a/101726
+        %
+        % Use option 2.
+        \usepackage{float}
+        \floatplacement{figure}{H}
+        ```
 ---
-# <%= @system.config['name'] %>
+# Introduction
-## Overview
+## About this document
+A System Security Plan (SSP) is a document to describe security controls in use
+on an information system and their implementation. An SSP provides:
+- Narrative of security control implementation
+- Description of components and services
+- System data flows and authorization boundaries
-<%= @system.config['overview'] %>
 ## Standards
-This System Security Plan (SSP) addresses these standards:
+This SSP draws from these standards:
 <% @system.standards.each do |s| -%>
 - <%= s['name'] %>
@@ -71,6 +115,32 @@ This System Security Plan (SSP) addresses these standards:
 The full copy of each standard is included in the appendix.
+## Certifications
+A certification is a logical grouping of controls that are of interest to
+a given subject. A particular certification does not necessarily target all
+controls from a standard, nor does a particular certification need to draw
+from a single standard.
+This SSP addresses these certifications:
+<% @system.certifications.each do |c| -%>
+- <%=c['name']%>
+<% c['requires'].each do |r| -%>
+    - <%=r['standard_key']-%> control <%=r['control_key']%>
+<% end -%>
+<% end %>
+# <%= @system.config['name'] %>
+## Overview
+<%= @system.config['overview'] %>
 ## Components
 <% @system.components.each do |c| %>
@@ -84,18 +154,24 @@ _The organization has not yet documented attestations for this component_.
 The organization offers the following attestations for this component.
 <% end %>
-<% c['attestations'].each do |a| %>
+<% c['attestations'].compact.each do |a| %>
 ####  <%= a['summary'] %>
-Status: <%= a['status'] %>
-Date verified: <%= a['date_verified'] if a['date_verified'] %>
-Satisfies:
-<% a['satisfies'].each do |cid| -%>
-- <%= cid['standard_key'] %> control <%= cid['control_key'] %>
-<% end -%>
++----------+---------------+--------------------------------------------------------------+
+| Status   | Date verified | Satisfies                                                    |
++==========+===============+==============================================================+
+<%
+s = a['satisfies'][0]
+verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
+-%>
+| <%=sprintf('%-8s', a['status'])-%> | <%=sprintf('%-13s', a['date_verified'])-%> | - <%=verbiage-%> |
+<%
+a['satisfies'][1..].each do |s|
+    verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
+-%>
+|          |               | - <%=verbiage-%> |
+<%  end -%>
++----------+---------------+--------------------------------------------------------------+
 <%= a['narrative'] %>
@@ -111,11 +187,15 @@ Satisfies:
 <% if s['families'] and !s['families'].empty? %>
 ### Families
-<% s['families'].each do |family| %>
-<%= family['family_key'] %>
-  ~ <%= family['name'] %>
+<%=s['name']-%> categorizes controls into logical groups called families.
-<% end %>
+| Family abbreviation        | Family name          |
+| -------------------------- | -------------------- |
+<% s['families'].each do |family| -%>
+| <%=family['family_key']-%> | <%=family['name']-%> |
+<% end -%>
+  : Control families for <%=s['name']%>
 <% end %>

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: octool
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors:
 - Paul Morgan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-24 00:00:00.000000000 Z
+date: 2020-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake