opencontrol-linter 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3b1773ccc2811449ec1301e04c94fe2a565c9566
-  data.tar.gz: 9886d0f7407336e7b778782f6caa54cfca8f8f63
+  metadata.gz: 175bd0dd088a192c67e4eedd12aa96df5e33a144
+  data.tar.gz: 869a4dc6ef1c6934a506585f84f681bb68820b64
 SHA512:
-  metadata.gz: e96a86d1ab99fefc892834c2308963df602b03629e269dc5a02b1d103bf5b7347ed0e4e482e62d863f7ef7d14526629ea6fb8dcc46743013972272dbb6126b0c
-  data.tar.gz: 433cc89a8ce6051507c4beae1f7aaa4769d3ae24c497a6118f0f035acdf43d9f4411eb759bbc651415c18ade1ff89ed2bda7e67a58c14018ef9fbf38218b915d
+  metadata.gz: 4ee06d87c4a273ac8731ab79a0073d094d094044f91db05c1c6fe5eee6e6f07eaa4a2a74a5d8f0a4401e76ef3be9e418fe865af5ae01e35242c845c2370d7cab
+  data.tar.gz: 2b32e890b5ecc89d4b52f3c0d7da04ce56a45e5f8fdd116b547ed9c7bb102bd75d675fb7f8a79496ba8173a813eb6da19f64e8225bb5882fbc10ad912a20392f

data/README.md

@@ -75,9 +75,11 @@ opencontrol-linter --components './components/AU_policy/component.yaml'
 
 ## Search Paths
 
-By default the linter will search in the following paths. 
+The search paths will be loaded from the opencontrol.yaml file if it is available.
 
-These paths can all be overridden on the command line.
+In the case that there is no opencontrol.yaml, by default the linter will search in the following paths. 
+
+These paths can all be overridden on the command line or in the opencontrol.yaml file.
 ```
 components:        '**/component.yaml'       (recursive search for files named component)
 standards:         './standards/*.yaml'
@@ -88,7 +90,6 @@ opencontrol files: './opencontrol.yaml'
 
 The following directory structure for compliance is typical. You can specify those that match your project.
 ```
-Project Root
 .
 └── compliance
     ├── opencontrol.yaml
@@ -130,7 +131,9 @@ Open Control Linter supports the following Open Control schemas:
 - Certification: (all v1.0 through v1.0)
 
 ## Related
+
 http://opencontrol.cfapps.io/
+
 https://github.com/opencontrol
 
 ## Team
@@ -139,4 +142,3 @@ Here's a list of Open Control Linter's core developers:
 
 * [Adrian Kierman](https://github.com/adriankierman)
 * James Connor
-

data/lib/opencontrol/cli.rb

@@ -10,75 +10,75 @@ module Opencontrol
   # This module holds the Opencontrol Linter Command Line Interface.
   module CLI
     USAGE_TEXT = <<USAGE_TEXT.freeze
-      usage: opencontrol-linter
-
-      optional arguments:
-        -h, --help            show this help message and exit
-        -c, --components
-                              Specify component files should be checked. Defaults to
-                              true. Searches ./**/component.yaml or the search you
-                              optionally specify.
-        -n, --certifications
-                              Specify certification (eg FISMA high)files should be
-                              checked. Defaults to true. Searches
-                              ./certifications/*.yaml or the search you optionally
-                              specify.
-        -s, --standards
-                              Specify standard files (eg NIST 800.53) should be
-                              checked. Defaults to true. Searches ./standards/*.yaml
-                              or the search you optionally specify.
-        -o, --opencontrols, --opencontrol
-                              Specify opencontrol file or files should be
-                              checked. Defaults to true. Searches ./opencontrol.yaml
-                              or the search you optionally specify.
-        -a, --all             Run all types of validations (this is the default).
-        -v, --version         Show the version of this utility.
-
-      Usage examples:
-
-          # lint all components, standards and certifications in the current directory
-           opencontrol-linter
-
-          # lint all components subdir components
-           opencontrol-linter --components './components/**/component.yaml'
-
-          # lint all standards files found
-           opencontrol-linter --standards
-
-          # lint one component
-           opencontrol-linter --components './components/AU_policy/component.yaml'
+    usage: opencontrol-linter
+
+    optional arguments:
+      -h, --help            show this help message and exit
+      -c, --components
+                            Specify component files should be checked. Defaults
+                            to true. Searches ./**/component.yaml or the search
+                            you optionally specify.
+      -n, --certifications
+                            Specify certification (eg FISMA high)files should be
+                            checked. Defaults to true. Searches
+                            ./certifications/*.yaml or the search you optionally
+                            specify.
+      -s, --standards
+                            Specify standard files (eg NIST 800.53) should be
+                            checked. Defaults to true. Searches
+                            ./standards/*.yaml or the search you optionally
+                            specify.
+      -o, --opencontrols, --opencontrol
+                            Specify opencontrol file or files should be
+                            checked. Defaults to true. Searches
+                            ./opencontrol.yaml or the search you optionally
+                            specify.
+      -a, --all             Run all types of validations (this is the default).
+      -v, --version         Show the version of this utility.
+
+    Usage examples:
+
+        # lint all components, standards and certifications in the current directory
+         opencontrol-linter
+
+        # lint all components subdir components
+         opencontrol-linter --components './components/**/component.yaml'
+
+        # lint all standards files found
+         opencontrol-linter --standards
+
+        # lint one component
+         opencontrol-linter --components './components/AU_policy/component.yaml'
 USAGE_TEXT
 
-    DEFAULT_SPECIFICATION = {
+    CONFIG_FILENAME = './opencontrol.yaml'.freeze
+
+    PRESET = {
       action: :run,
-      targets: [
-        {
-          type: :components,
-          pattern: './components/**/component.yaml'
-        },
-        {
-          type: :standards,
-          pattern: './standards/*.yaml'
-        },
-        {
-          type: :certifications,
-          pattern: './certifications/*.yaml'
-        },
-        {
-            type: :opencontrols,
-            pattern: './opencontrol.yaml'
-        }
-      ]
+      targets: {
+        components: [
+          './components/**/component.yaml'
+        ],
+        standards: [
+          './standards/*.yaml'
+        ],
+        certifications: [
+          './certifications/*.yaml'
+        ],
+        opencontrols: [
+          './opencontrol.yaml'
+        ]
+      }
     }.freeze
 
     ALIASES = {
-        components: %w[component c],
-        standards: %w[standard s],
-        certifications: %w[certification n],
-        opencontrols: %w[opencontrol o],
-        all: 'a',
-        help: 'h',
-        version: 'v'
+      components: %w[component c],
+      standards: %w[standard s],
+      certifications: %w[certification n],
+      opencontrols: %w[opencontrol o],
+      all: 'a',
+      help: 'h',
+      version: 'v'
     }.freeze
 
     def self.show_help
@@ -92,41 +92,86 @@ USAGE_TEXT
       0 # exit with no error
     end
 
-    def self.targets_for_type(type, specification)
-      specification[:targets].select { |t| t[:type] == type }
+    def self.add_target(type, opts, specification)
+      if use_default_pattern?(opts, type)
+        specification[:targets][type] = default_spec[:targets][type]
+      elsif opts[type].is_a?(String)
+        specification[:targets][type] = [opts[type]]
+      end
     end
 
-    def self.default_pattern_for_type(type)
-      targets_for_type(type, DEFAULT_SPECIFICATION).first[:pattern]
+    def self.use_default_pattern?(opts, type)
+      # this is set when the user uses a flag on the command line but doesnt
+      # add a specific file pattern - this way the user can restrict to just
+      # one type
+      opts[type] == true
     end
 
-    def self.add_target(type, opts, specification)
-      # pick a reasonable default
-      use_defaults = false
-      use_defaults = default_pattern_for_type(type) if opts[type] == true
-      specification[:targets].push(
-        type: type,
-        pattern: use_defaults || opts[type]
-      )
+    def self.opencontrol_yaml_present?
+      File.exist?(CONFIG_FILENAME)
+    end
+
+    def self.construct_defaults(config)
+      spec = {
+        action: :run,
+        targets: {}.merge(PRESET[:targets]).merge(config[:targets])
+      }
+
+      expand_components_filenames(spec)
+    end
+
+    def self.load_config_from_yaml
+      yaml_config = YAML.load_file(CONFIG_FILENAME)
+      yaml_config = Hash[yaml_config.map { |(k, v)| [k.to_sym, v] }]
+      {
+        action: :run,
+        targets: yaml_config.select do |k, _v|
+                   %i[components standards certifications].include?(k)
+                 end
+      }
+    end
+
+    def self.expand_components_filenames(spec)
+      # the config file usually omits the component files full filename
+      spec[:targets][:components] = spec[:targets][:components].collect do |f|
+        f += '/component.yaml' if File.directory?(f)
+        f
+      end
+      spec
+    end
+
+    def self.default_spec
+      if opencontrol_yaml_present?
+        construct_defaults(load_config_from_yaml)
+      else
+        PRESET
+      end
     end
 
     def self.should_lint?(opts)
       !(opts[:version] || opts[:help])
     end
 
-    def self.all_targets_selected?(opts, specification)
-      opts[:all] || specification[:targets].empty?
+    def self.all_targets_empty?(specification)
+      specification[:targets][:components].empty? &&
+        specification[:targets][:standards].empty? &&
+        specification[:targets][:certifications].empty? &&
+        specification[:targets][:opencontrols].empty?
+    end
+
+    def self.all_selected?(opts, specification)
+      opts[:all] || all_targets_empty?(specification)
     end
 
     def self.use_default?(opts, specification)
-      all_targets_selected?(opts, specification) && should_lint?(opts)
+      all_selected?(opts, specification) && should_lint?(opts)
     end
 
     def self.parse_args(arguments)
       opts = Rationalist.parse(arguments, alias: ALIASES)
       specification = {
         action: :run,
-        targets: []
+        targets: Opencontrol::Linter.empty_targets
       }
       specification[:action] = :version                     if opts[:version]
       specification[:action] = :help                        if opts[:help]
@@ -134,15 +179,22 @@ USAGE_TEXT
       add_target(:standards, opts, specification)      if opts[:standards]
       add_target(:certifications, opts, specification) if opts[:certifications]
       add_target(:opencontrols, opts, specification)   if opts[:opencontrols]
-      specification = DEFAULT_SPECIFICATION if use_default?(opts, specification)
+      specification = default_spec if use_default?(opts, specification)
       specification
     end
 
     def self.run_with_args(args)
       specification = parse_args(args)
-      exit(Opencontrol::Linter.run(specification)) if specification[:action] == :run
-      show_version                                 if specification[:action] == :version
-      show_help                                    if specification[:action] == :help
+      result = 0
+      case specification[:action]
+      when :run
+        result = Opencontrol::Linter.run(specification)
+      when :version
+        result = show_version
+      when :help
+        result = show_help
+      end
+      exit(result)
     end
   end
 end

data/lib/opencontrol/linter.rb

@@ -9,7 +9,6 @@ require 'pp'
 module Opencontrol
   # This module holds the Opencontrol Linter Command Line Interface.
   module Linter
-
     # @param [String] version
     def self.find_schema(type, version)
       dir = __dir__
@@ -46,18 +45,9 @@ module Opencontrol
       end
     end
 
-    def self.schema_for_document(type, document)
+    def self.schema_file_for_document(type, document)
       version = document['schema_version'] || '1.0.0'
-      schema_file = find_schema(type, version)
-      load_schema(schema_file)
-    end
-
-    def self.targets_for_type(type, specification)
-      specification[:targets].select { |t| t[:type] == type }
-    end
-
-    def self.default_pattern_for_type(type)
-      targets_for_type(type, DEFAULT_SPECIFICATION).first[:pattern]
+      find_schema(type, version)
     end
 
     def self.validate(type, filename)
@@ -65,7 +55,12 @@ module Opencontrol
       # document = Kwalify::Yaml.load_file(filename)
       ## or
       document = YAML.load_file(filename)
-      schema = schema_for_document(type, document)
+      schema_filename = schema_file_for_document(type, document)
+      unless File.exist?(schema_filename)
+        return [schema_not_found_issue(filename, schema_filename)]
+      end
+
+      schema = load_schema(schema_filename)
 
       validator = Kwalify::Validator.new(schema)
       validator.validate(document)
@@ -73,36 +68,61 @@ module Opencontrol
 
     def self.files_not_found_issue
       Kwalify::BaseError.new(
-          'No validation files found for the pattern supplied. \
-         Adding an issue to avoid failing silently.',
-          nil,
-          nil,
-          nil,
-          :linter_files_not_found_issue
+        'No validation files found for the pattern supplied. \
+       Adding an issue to avoid failing silently.',
+        nil,
+        nil,
+        nil,
+        :linter_files_not_found_issue
       )
     end
 
-    def self.validate_target(target)
+    def self.schema_not_found_issue(filename, schema_filename)
+      Kwalify::BaseError.new(
+        'No schema files found for the pattern supplied.',
+        filename,
+        schema_filename,
+        nil,
+        :schema_files_not_found_issue
+      )
+    end
+
+    def self.validate_pattern(target)
       filenames = Dir[target[:pattern]]
+      issues = []
       if filenames.empty?
         issues = [files_not_found_issue]
         show_issues(issues, target[:pattern])
         return issues
       end
-      filenames.collect do |filename|
-        issues = validate(target[:type], filename)
+      filenames.each do |filename|
+        issues += validate(target[:type], filename)
         show_issues(issues, filename)
-        issues
       end
+      issues
     end
 
     def self.validate_all(specification)
-      specification[:targets].collect do |target|
-        validate_target(target)
-      end.flatten
+      issues = []
+      specification[:targets].each do |type, patterns|
+        patterns.each do |pattern|
+          issues += validate_pattern(type: type, pattern: pattern)
+        end
+      end
+      issues
+    end
+
+    def self.empty_targets
+      {
+        components: [],
+        standards: [],
+        certifications: [],
+        opencontrols: []
+      }
     end
 
     def self.run(specification)
+      specification[:targets] = empty_targets.merge(specification[:targets])
       issues = validate_all(specification)
       if !issues.empty?
         puts "Complete. #{issues.length} issues found.".red

data/lib/opencontrol/messages.rb

@@ -20,10 +20,27 @@ module Opencontrol
         <<-MESSAGE
         At:           YAML path #{issue.path}.
         Expected:     A key allowed by the schema.
-        Actual:       A key was found that is not defined in the schema (#{issue.path}).
+        Actual:       A key was found that is not defined in the schema
+                      (#{issue.path}).
         To fix this:  Its possible the key found is a typo,
                       Remove #{issue.path} or correct the key.
         MESSAGE
+      when :schema_files_not_found_issue
+        <<-MESSAGE
+        At:           File path #{issue.path}.
+        Expected:     A valid schema version that is currently supported.
+        Actual:       No valid schema file found
+                      (#{issue.value}).
+        To fix this:  Either provide a valid schema file or adjust the schema
+                      version to a known schema. See
+                      https://github.com/adriankierman/opencontrol-linter
+                      or
+                      https://github.com/opencontrol/schemas/tree/master/kwalify
+                      for schemas.
+                      Typically you will want to correct the schema
+                      version number indicated in your file at
+                      #{issue.path}.
+        MESSAGE
       else
         <<-MESSAGE
         At:           YAML path #{issue.path}.

data/lib/opencontrol/version.rb

@@ -3,7 +3,7 @@
 module Opencontrol
   # This module holds the Opencontrol Linter version information.
   module Version
-    STRING = '0.1.1'.freeze
+    STRING = '0.1.2'.freeze
 
     MSG = '%<version>s (using Parser %<parser_version>s, running on ' \
           '%<ruby_engine>s %<ruby_version>s %<ruby_platform>s)'.freeze

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: opencontrol-linter
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Adrian Kierman
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-02-25 00:00:00.000000000 Z
+date: 2019-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -206,50 +206,50 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 3.8.0
 - !ruby/object:Gem::Dependency
-  name: rubocop-rspec
+  name: rspec_junit_formatter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.29.0
+        version: 0.4.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.29.0
+        version: 0.4.1
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.1
+        version: 1.29.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.1
+        version: 1.29.0
 - !ruby/object:Gem::Dependency
-  name: rspec_junit_formatter
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.1
+        version: 0.16.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.1
+        version: 0.16.1
 description: |2
       Automatic Open Control schema checking tool.
-      Aims to provide quick tests that ensure open control controls work together reliably.
+      Aims to provide quick tests that ensure controls work together reliably.
 email: 
 executables:
 - opencontrol-linter