opencontrol-linter 0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f5809df9b521e096796e994cacf885be8dd2d41b
+  data.tar.gz: 4b1b9250c44fbc75d3a2b941003de47a5f0def13
+SHA512:
+  metadata.gz: 27353289411c6cf7bd42794274c6a134a89c51b3cf7555c6bafc047ec2bbfce4b743760c4719a58451f2e9d3b9c8495437e609c6687c41bef4448b91928f57ba
+  data.tar.gz: 722a2e65f5f4c6aaa2a8d7806f34669513e195cde7fd654927d3dd514427c0d88286de961abbbd73ac7813f29ea380136ca19796687601ca701fd3ada2fb1d4d

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2019 Center for Medicare Services
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,94 @@
+[![CircleCI](https://circleci.com/gh/huge-robot/opencontrol-linter.svg?style=svg&circle-token=7873c3440387ef3e3b04964f5c51a15f7e3f26de)](https://circleci.com/gh/huge-robot/opencontrol-linter)
+
+
+**Open Control Linter** is a linter for the OpenControl standard of security controls. 
+Use it to check the correctness of opencontrols components, standards and certifications quickly.
+
+To find out more about opencontrol see:
+http://opencontrol.cfapps.io/
+
+## Installation
+
+```sh
+$ gem install opencontrol-linter
+```
+
+If you'd rather install Open Control Linter using `bundler`, don't require it in your `Gemfile`:
+
+```rb
+gem 'opencontrol-linter', require: false
+```
+
+## Quickstart
+
+Just type `opencontrol-linter` in a control project root directory.
+
+```
+$ cd awesome/opencontrols/
+$ opencontrol-linter
+```
+
+## Documentation
+
+Detailed command line arguments
+
+```
+ usage: opencontrol-linter
+
+  optional arguments:
+    -h, --help            show this help message and exit
+    -c, --components
+                          Specify component files should be checked. Defaults to
+                          true. Searches ./**/component.yaml or the search you
+                          optionally specify.
+    -n, --certifications
+                          Specify certification (eg FISMA high)files should be
+                          checked. Defaults to true. Searches
+                          ./certifications/*.yaml or the search you optionally
+                          specify.
+    -s, --standards
+                          Specify standard files (eg NIST 800.53) should be
+                          checked. Defaults to true. Searches ./standards/*.yaml
+                          or the search you optionally specify.
+    -a, --all             Run all types of validations (this is the default).
+    -v, --version         Show the version of this utility.
+
+      
+```
+
+Usage examples
+
+```
+# lint all components, standards and certifications in the current directory
+opencontrol-linter
+
+# lint all components subdir components
+opencontrol-linter --components './components/**/component.yaml'
+
+# lint all standards files found
+opencontrol-linter --standards
+
+# lint one component
+opencontrol-linter --components './components/AU_policy/component.yaml'
+
+```
+
+## Compatibility
+
+Open Control Linter supports the following Open Control schemas:
+
+- Component: (all v1.0 through v3.1)
+- Standard: (all v1.0 through v1.0)
+- Certification: (all v1.0 through v1.0)
+
+## Related
+http://opencontrol.cfapps.io/
+https://github.com/opencontrol
+
+## Team
+
+Here's a list of Open Control Linter's core developers:
+
+* [Adrian Kierman](https://github.com/adriankierman)
+* James Connor
+

data/exe/opencontrol-linter

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+$LOAD_PATH.unshift("#{__dir__}/../lib")
+
+require 'opencontrol'
+
+Opencontrol::CLI.run_with_args(ARGV)

data/lib/opencontrol.rb

@@ -0,0 +1,3 @@
+require_relative 'opencontrol/version'
+require_relative 'opencontrol/messages'
+require_relative 'opencontrol/cli'

data/lib/opencontrol/cli.rb

@@ -0,0 +1,231 @@
+require 'kwalify'
+require 'yaml'
+require 'opencontrol'
+require 'rationalist'
+require 'colorize'
+require 'pp'
+
+# frozen_string_literal: true
+
+module Opencontrol
+  # This module holds the Opencontrol Linter Command Line Interface.
+  module CLI
+    USAGE_TEXT = <<USAGE_TEXT.freeze
+      usage: opencontrol-linter
+
+      optional arguments:
+        -h, --help            show this help message and exit
+        -c, --components
+                              Specify component files should be checked. Defaults to
+                              true. Searches ./**/component.yaml or the search you
+                              optionally specify.
+        -n, --certifications
+                              Specify certification (eg FISMA high)files should be
+                              checked. Defaults to true. Searches
+                              ./certifications/*.yaml or the search you optionally
+                              specify.
+        -s, --standards
+                              Specify standard files (eg NIST 800.53) should be
+                              checked. Defaults to true. Searches ./standards/*.yaml
+                              or the search you optionally specify.
+        -a, --all             Run all types of validations (this is the default).
+        -v, --version         Show the version of this utility.
+
+      Usage examples:
+
+          # lint all components, standards and certifications in the current directory
+           opencontrol-linter
+
+          # lint all components subdir components
+           opencontrol-linter --components './components/**/component.yaml'
+
+          # lint all standards files found
+           opencontrol-linter --standards
+
+          # lint one component
+           opencontrol-linter --components './components/AU_policy/component.yaml'
+USAGE_TEXT
+
+    DEFAULT_SPECIFICATION = {
+      action: :run,
+      targets: [
+        {
+          type: :components,
+          pattern: '**/component.yaml'
+        },
+        {
+          type: :standards,
+          pattern: './standards/*.yaml'
+        },
+        {
+          type: :certifications,
+          pattern: './certifications/*.yaml'
+        }
+      ]
+    }.freeze
+
+    def self.show_help
+      puts USAGE_TEXT
+      0 # exit with no error
+    end
+
+    def self.show_version
+      puts 'Opencontrol linter version: v' + Opencontrol::Version.version
+      puts 'CMS 2019 Adrian Kierman '
+      0 # exit with no error
+    end
+
+    # @param [String] version
+    def self.find_schema(type, version)
+      dir = __dir__
+      case type
+      when :components
+        "#{dir}/../../vendor/schemas/kwalify/component/v#{version}.yaml"
+      when :standards
+        "#{dir}/../../vendor/schemas/kwalify/standard/v#{version}.yaml"
+      when :certifications
+        "#{dir}/../../vendor/schemas/kwalify/certification/v#{version}.yaml"
+      else
+        throw "Unknown type of schema specified #{type} " \
+    "tried to get schema version #{version}"
+      end
+    end
+
+    def self.load_schema(schema_file)
+      ## load schema data
+      # Kwalify::Yaml.load_file(schema_file)
+      ## or
+      YAML.load_file(schema_file)
+    end
+
+    def self.show_issues(issues, filename)
+      if issues && !issues.empty?
+        puts "✗ #{filename}".red
+        issues.each do |issue|
+          puts Opencontrol::Messages.detail(issue).yellow
+        end
+      else
+        puts "✓ #{filename}".green
+      end
+    end
+
+    def self.schema_for_document(type, document)
+      version = document['schema_version'] || '1.0.0'
+      schema_file = find_schema(type, version)
+      load_schema(schema_file)
+    end
+
+    def self.targets_for_type(type, specification)
+      specification[:targets].select { |t| t[:type] == type }
+    end
+
+    def self.default_pattern_for_type(type)
+      targets_for_type(type, DEFAULT_SPECIFICATION).first[:pattern]
+    end
+
+    def self.add_target(type, opts, specification)
+      # pick a reasonable default
+      use_defaults = false
+      use_defaults = default_pattern_for_type(type) if opts[type] == true
+      specification[:targets].push(
+        type: type,
+        pattern: use_defaults || opts[type]
+      )
+    end
+
+    def self.validate(type, filename)
+      ## load document
+      # document = Kwalify::Yaml.load_file(filename)
+      ## or
+      document = YAML.load_file(filename)
+      schema = schema_for_document(type, document)
+
+      validator = Kwalify::Validator.new(schema)
+      validator.validate(document)
+    end
+
+    def self.files_not_found_issue
+      Kwalify::BaseError.new(
+        'No validation files found for the pattern supplied. \
+         Adding an issue to avoid failing silently.',
+        nil,
+        nil,
+        nil,
+        :linter_files_not_found_issue
+      )
+    end
+
+    def self.validate_target(target)
+      filenames = Dir[target[:pattern]]
+      if filenames.empty?
+        issues = [files_not_found_issue]
+        show_issues(issues, target[:pattern])
+        return issues
+      end
+      filenames.collect do |filename|
+        issues = validate(target[:type], filename)
+        show_issues(issues, filename)
+        issues
+      end
+    end
+
+    def self.validate_all(specification)
+      specification[:targets].collect do |target|
+        validate_target(target)
+      end.flatten
+    end
+
+    def self.should_lint?(opts)
+      !(opts[:version] || opts[:help])
+    end
+
+    def self.all_targets_selected?(opts, specification)
+      opts[:all] || specification[:targets].empty?
+    end
+
+    def self.use_default?(opts, specification)
+      all_targets_selected?(opts, specification) && should_lint?(opts)
+    end
+
+    ALIASES = {
+      components: %w[component c],
+      standards: %w[standard s],
+      certifications: %w[certification n],
+      all: 'a',
+      help: 'h',
+      version: 'v'
+    }.freeze
+
+    def self.parse_args(arguments)
+      opts = Rationalist.parse(arguments, alias: ALIASES)
+      specification = {
+        action: :run,
+        targets: []
+      }
+      specification[:action] = :version                     if opts[:version]
+      specification[:action] = :help                        if opts[:help]
+      add_target(:components, opts, specification)     if opts[:components]
+      add_target(:standards, opts, specification)      if opts[:standards]
+      add_target(:certifications, opts, specification) if opts[:certifications]
+      specification = DEFAULT_SPECIFICATION if use_default?(opts, specification)
+      specification
+    end
+
+    def self.run(specification)
+      issues = validate_all(specification)
+      if !issues.empty?
+        puts "Complete. #{issues.length} issues found.".red
+      else
+        puts 'Complete. No problems found.'.green
+      end
+      issues.length
+    end
+
+    def self.run_with_args(args)
+      specification = parse_args(args)
+      exit(run(specification)) if specification[:action] == :run
+      show_version             if specification[:action] == :version
+      show_help                if specification[:action] == :help
+    end
+  end
+end

data/lib/opencontrol/messages.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'kwalify'
+
+module Opencontrol
+  # This module holds the Opencontrol Linter detailed issue messages.
+  module Messages
+    def self.detail(issue)
+      case issue.error_symbol
+      when :enum_notexist
+        <<-MESSAGE
+        At:           YAML path #{issue.path}.
+        Message:      #{issue.message}
+        Expected:     one of #{issue.rule.enum}.
+        Actual:       The value '#{issue.value}' was found.
+        To fix this:  Use one of #{issue.rule.enum}
+                      instead of the value '#{issue.value}'
+        MESSAGE
+      when :key_undefined
+        <<-MESSAGE
+        At:           YAML path #{issue.path}.
+        Expected:     A key allowed by the schema.
+        Actual:       A key was found that is not defined in the schema (#{issue.path}).
+        To fix this:  Its possible the key found is a typo,
+                      Remove #{issue.path} or correct the key.
+        MESSAGE
+      else
+        <<-MESSAGE
+        At:           YAML path #{issue.path}.
+        Message:      #{issue.message}
+        MESSAGE
+      end
+    end
+
+    def self.verbose(issue)
+      <<-MESSAGE
+        At:           YAML path #{issue.path}.
+        Message:      #{issue.message}
+        Rule:         #{issue.rule.to_yaml}
+        Value:        #{issue.value}
+        Symbol:       #{issue.error_symbol}
+      MESSAGE
+    end
+  end
+end

data/lib/opencontrol/version.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Opencontrol
+  # This module holds the Opencontrol Linter version information.
+  module Version
+    STRING = '0.1'.freeze
+
+    MSG = '%<version>s (using Parser %<parser_version>s, running on ' \
+          '%<ruby_engine>s %<ruby_version>s %<ruby_platform>s)'.freeze
+
+    def self.version(debug = false)
+      if debug
+        require 'kwalify'
+        format(MSG, version: STRING, parser_version: Kwalify::VERSION,
+                    ruby_engine: RUBY_ENGINE, ruby_version: RUBY_VERSION,
+                    ruby_platform: RUBY_PLATFORM)
+      else
+        STRING
+      end
+    end
+  end
+end

data/vendor/README.md

@@ -0,0 +1,9 @@
+- Schemas 
+
+    A project of 18F 
+    
+    General Services Administration of the United States 
+
+    https://github.com/opencontrol/schemas
+
+    Included here in vendorized form to allow easy distribution.