openscap 0.4.2 → 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/openscap/version.rb +2 -2
- data/lib/openscap/xccdf.rb +3 -0
- data/lib/openscap/xccdf/benchmark.rb +19 -0
- data/lib/openscap/xccdf/fix.rb +52 -0
- data/lib/openscap/xccdf/group.rb +21 -0
- data/lib/openscap/xccdf/item.rb +127 -0
- data/lib/openscap/xccdf/reference.rb +44 -0
- data/lib/openscap/xccdf/rule.rb +56 -0
- data/lib/openscap/xccdf/ruleresult.rb +2 -2
- data/lib/openscap/xccdf/value.rb +20 -0
- data/test/xccdf/benchmark_test.rb +77 -3
- metadata +39 -33
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e30737f4990bfe359c86b45841cf4a5e0281e035
|
4
|
+
data.tar.gz: 22408716531e01a79382d669af9f9f03c80a755b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0a9140dfcc70691f3a30c0635f7bc75e79d11fa0b252e70d83d199473c8b8b467c6ec994b3735789ee6380e354e8e5d69f909b11b92cc8aceeface2705caea51
|
7
|
+
data.tar.gz: 9ba5ca94e677dab959b5bb0913f44a36d622d0d4af63e8a880d4f6af4d9eb255a0b6683e5f9a6b0e96ab98d9f74eb6b9d5b0a50378055053db0f6eec6433e3a7
|
data/lib/openscap/version.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
#
|
2
|
-
# Copyright (c) 2014 Red Hat Inc.
|
2
|
+
# Copyright (c) 2014--2015 Red Hat Inc.
|
3
3
|
#
|
4
4
|
# This software is licensed to you under the GNU General Public License,
|
5
5
|
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
@@ -10,5 +10,5 @@
|
|
10
10
|
#
|
11
11
|
|
12
12
|
module OpenSCAP
|
13
|
-
VERSION = '0.4.
|
13
|
+
VERSION = '0.4.3'
|
14
14
|
end
|
data/lib/openscap/xccdf.rb
CHANGED
@@ -11,6 +11,7 @@
|
|
11
11
|
|
12
12
|
require 'openscap/source'
|
13
13
|
require 'openscap/xccdf/profile'
|
14
|
+
require 'openscap/xccdf/item'
|
14
15
|
|
15
16
|
module OpenSCAP
|
16
17
|
module Xccdf
|
@@ -32,6 +33,10 @@ module OpenSCAP
|
|
32
33
|
@profiles ||= profiles_init
|
33
34
|
end
|
34
35
|
|
36
|
+
def items
|
37
|
+
@items ||= items_init
|
38
|
+
end
|
39
|
+
|
35
40
|
def destroy
|
36
41
|
OpenSCAP.xccdf_benchmark_free @raw
|
37
42
|
@raw = nil
|
@@ -50,6 +55,20 @@ module OpenSCAP
|
|
50
55
|
OpenSCAP.xccdf_profile_iterator_free profit
|
51
56
|
profiles
|
52
57
|
end
|
58
|
+
|
59
|
+
def items_init
|
60
|
+
items = {}
|
61
|
+
items_it = OpenSCAP.xccdf_item_get_content raw
|
62
|
+
while OpenSCAP.xccdf_item_iterator_has_more items_it
|
63
|
+
item_p = OpenSCAP.xccdf_item_iterator_next items_it
|
64
|
+
item = OpenSCAP::Xccdf::Item.build item_p
|
65
|
+
items.merge! item.sub_items
|
66
|
+
items[item.id] = item
|
67
|
+
# TODO: iterate through childs
|
68
|
+
end
|
69
|
+
OpenSCAP.xccdf_item_iterator_free items_it
|
70
|
+
items
|
71
|
+
end
|
53
72
|
end
|
54
73
|
end
|
55
74
|
|
@@ -0,0 +1,52 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
module OpenSCAP
|
13
|
+
module Xccdf
|
14
|
+
class Fix
|
15
|
+
def initialize(raw)
|
16
|
+
fail OpenSCAP::OpenSCAPError, "Cannot initialize OpenSCAP::Xccdf::Reference with '#{raw}'" \
|
17
|
+
unless raw.is_a?(FFI::Pointer)
|
18
|
+
@raw = raw
|
19
|
+
end
|
20
|
+
|
21
|
+
def id
|
22
|
+
OpenSCAP.xccdf_fix_get_id(@raw)
|
23
|
+
end
|
24
|
+
|
25
|
+
def platform
|
26
|
+
OpenSCAP.xccdf_fix_get_platform(@raw)
|
27
|
+
end
|
28
|
+
|
29
|
+
# system is a reserved word in Rails, so didn't use it
|
30
|
+
def fix_system
|
31
|
+
OpenSCAP.xccdf_fix_get_system(@raw)
|
32
|
+
end
|
33
|
+
|
34
|
+
def content
|
35
|
+
OpenSCAP.xccdf_fix_get_content(@raw)
|
36
|
+
end
|
37
|
+
|
38
|
+
def to_hash
|
39
|
+
{
|
40
|
+
:id => id,
|
41
|
+
:platform => platform,
|
42
|
+
:system => fix_system,
|
43
|
+
:content => content
|
44
|
+
}
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
attach_function :xccdf_fix_get_id, [:pointer], :string
|
49
|
+
attach_function :xccdf_fix_get_platform, [:pointer], :string
|
50
|
+
attach_function :xccdf_fix_get_system, [:pointer], :string
|
51
|
+
attach_function :xccdf_fix_get_content, [:pointer], :string
|
52
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
require 'openscap/exceptions'
|
13
|
+
require 'openscap/xccdf'
|
14
|
+
require 'openscap/xccdf/item'
|
15
|
+
|
16
|
+
module OpenSCAP
|
17
|
+
module Xccdf
|
18
|
+
class Group < Item
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,127 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
require 'openscap/exceptions'
|
13
|
+
require 'openscap/text'
|
14
|
+
require 'openscap/xccdf/group'
|
15
|
+
require 'openscap/xccdf/rule'
|
16
|
+
require 'openscap/xccdf/reference'
|
17
|
+
|
18
|
+
module OpenSCAP
|
19
|
+
module Xccdf
|
20
|
+
class Item
|
21
|
+
def self.build(t)
|
22
|
+
fail OpenSCAP::OpenSCAPError, "Cannot initialize OpenSCAP::Xccdf::Item with #{t}" \
|
23
|
+
unless t.is_a?(FFI::Pointer)
|
24
|
+
# This is Abstract base class that enables you to build its child
|
25
|
+
case OpenSCAP.xccdf_item_get_type t
|
26
|
+
when :group
|
27
|
+
OpenSCAP::Xccdf::Group.new t
|
28
|
+
when :rule
|
29
|
+
OpenSCAP::Xccdf::Rule.new t
|
30
|
+
else
|
31
|
+
fail OpenSCAP::OpenSCAPError, "Unknown Xccdf::Item type: #{OpenSCAP.xccdf_item_get_type t}"
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def initialize(t)
|
36
|
+
if self.class == OpenSCAP::Xccdf::Item
|
37
|
+
fail OpenSCAP::OpenSCAPError, 'Cannot initialize Xccdf::Item abstract base class.'
|
38
|
+
end
|
39
|
+
@raw = t
|
40
|
+
end
|
41
|
+
|
42
|
+
def id
|
43
|
+
OpenSCAP.xccdf_item_get_id @raw
|
44
|
+
end
|
45
|
+
|
46
|
+
def title(prefered_lang = nil)
|
47
|
+
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_title(@raw))
|
48
|
+
title = textlist.plaintext(prefered_lang)
|
49
|
+
textlist.destroy
|
50
|
+
title
|
51
|
+
end
|
52
|
+
|
53
|
+
def description(prefered_lang = nil)
|
54
|
+
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_description(@raw))
|
55
|
+
description = textlist.plaintext(prefered_lang)
|
56
|
+
textlist.destroy
|
57
|
+
description
|
58
|
+
end
|
59
|
+
|
60
|
+
def rationale(prefered_lang = nil)
|
61
|
+
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_rationale(@raw))
|
62
|
+
rationale = textlist.plaintext(prefered_lang)
|
63
|
+
textlist.destroy
|
64
|
+
rationale
|
65
|
+
end
|
66
|
+
|
67
|
+
def references
|
68
|
+
refs = []
|
69
|
+
refs_it = OpenSCAP.xccdf_item_get_references(@raw)
|
70
|
+
while OpenSCAP.oscap_reference_iterator_has_more refs_it
|
71
|
+
ref = OpenSCAP::Xccdf::Reference.new(OpenSCAP.oscap_reference_iterator_next refs_it)
|
72
|
+
refs << ref
|
73
|
+
end
|
74
|
+
OpenSCAP.oscap_reference_iterator_free refs_it
|
75
|
+
refs
|
76
|
+
end
|
77
|
+
|
78
|
+
def sub_items
|
79
|
+
@sub_items ||= sub_items_init
|
80
|
+
end
|
81
|
+
|
82
|
+
def destroy
|
83
|
+
OpenSCAP.xccdf_item_free @raw
|
84
|
+
@raw = nil
|
85
|
+
end
|
86
|
+
|
87
|
+
private
|
88
|
+
|
89
|
+
def sub_items_init
|
90
|
+
collect = {}
|
91
|
+
items_it = OpenSCAP.xccdf_item_get_content @raw
|
92
|
+
while OpenSCAP.xccdf_item_iterator_has_more items_it
|
93
|
+
item_p = OpenSCAP.xccdf_item_iterator_next items_it
|
94
|
+
item = OpenSCAP::Xccdf::Item.build item_p
|
95
|
+
collect.merge! item.sub_items
|
96
|
+
collect[item.id] = item
|
97
|
+
end
|
98
|
+
OpenSCAP.xccdf_item_iterator_free items_it
|
99
|
+
collect
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
attach_function :xccdf_item_get_id, [:pointer], :string
|
105
|
+
attach_function :xccdf_item_get_content, [:pointer], :pointer
|
106
|
+
attach_function :xccdf_item_free, [:pointer], :void
|
107
|
+
attach_function :xccdf_item_get_title, [:pointer], :pointer
|
108
|
+
attach_function :xccdf_item_get_description, [:pointer], :pointer
|
109
|
+
attach_function :xccdf_item_get_rationale, [:pointer], :pointer
|
110
|
+
|
111
|
+
XccdfItemType = enum(:benchmark, 0x0100,
|
112
|
+
:profile, 0x0200,
|
113
|
+
:result, 0x0400,
|
114
|
+
:rule, 0x1000,
|
115
|
+
:group, 0x2000,
|
116
|
+
:value, 0x4000)
|
117
|
+
attach_function :xccdf_item_get_type, [:pointer], XccdfItemType
|
118
|
+
|
119
|
+
attach_function :xccdf_item_iterator_has_more, [:pointer], :bool
|
120
|
+
attach_function :xccdf_item_iterator_next, [:pointer], :pointer
|
121
|
+
attach_function :xccdf_item_iterator_free, [:pointer], :void
|
122
|
+
|
123
|
+
attach_function :xccdf_item_get_references, [:pointer], :pointer
|
124
|
+
attach_function :oscap_reference_iterator_has_more, [:pointer], :bool
|
125
|
+
attach_function :oscap_reference_iterator_next, [:pointer], :pointer
|
126
|
+
attach_function :oscap_reference_iterator_free, [:pointer], :void
|
127
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
module OpenSCAP
|
13
|
+
module Xccdf
|
14
|
+
class Reference
|
15
|
+
def initialize(raw)
|
16
|
+
fail OpenSCAP::OpenSCAPError, "Cannot initialize OpenSCAP::Xccdf::Reference with '#{raw}'" \
|
17
|
+
unless raw.is_a?(FFI::Pointer)
|
18
|
+
@raw = raw
|
19
|
+
end
|
20
|
+
|
21
|
+
def title
|
22
|
+
OpenSCAP.oscap_reference_get_title(@raw)
|
23
|
+
end
|
24
|
+
|
25
|
+
def href
|
26
|
+
OpenSCAP.oscap_reference_get_href(@raw)
|
27
|
+
end
|
28
|
+
|
29
|
+
def html_link
|
30
|
+
"<a href='#{href}'>#{title}</a>"
|
31
|
+
end
|
32
|
+
|
33
|
+
def to_hash
|
34
|
+
{
|
35
|
+
:title => title,
|
36
|
+
:href => href,
|
37
|
+
:html_link => html_link
|
38
|
+
}
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
attach_function :oscap_reference_get_href, [:pointer], :string
|
43
|
+
attach_function :oscap_reference_get_title, [:pointer], :string
|
44
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
require 'openscap/exceptions'
|
13
|
+
require 'openscap/xccdf/item'
|
14
|
+
require 'openscap/xccdf/fix'
|
15
|
+
|
16
|
+
module OpenSCAP
|
17
|
+
module Xccdf
|
18
|
+
class Rule < Item
|
19
|
+
def severity
|
20
|
+
severity = OpenSCAP.xccdf_rule_get_severity(@raw)
|
21
|
+
severity_mapping = {
|
22
|
+
:xccdf_level_not_defined => 'Not defined',
|
23
|
+
:xccdf_unknown => 'Unknown',
|
24
|
+
:xccdf_info => 'Info',
|
25
|
+
:xccdf_low => 'Low',
|
26
|
+
:xccdf_medium => 'Medium',
|
27
|
+
:xccdf_high => 'High'
|
28
|
+
}
|
29
|
+
severity_mapping[severity] ? severity_mapping[severity] : severity_mapping[:xccdf_unknown]
|
30
|
+
end
|
31
|
+
|
32
|
+
def fixes
|
33
|
+
fixes = []
|
34
|
+
items_it = OpenSCAP.xccdf_rule_get_fixes(@raw)
|
35
|
+
while OpenSCAP.xccdf_fix_iterator_has_more items_it
|
36
|
+
fixes << OpenSCAP::Xccdf::Fix.new(OpenSCAP.xccdf_fix_iterator_next(items_it))
|
37
|
+
end
|
38
|
+
OpenSCAP.xccdf_fix_iterator_free items_it
|
39
|
+
fixes
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
XccdfSeverity = enum(
|
44
|
+
:xccdf_level_not_defined, 0,
|
45
|
+
:xccdf_unknown, 1,
|
46
|
+
:xccdf_info,
|
47
|
+
:xccdf_low,
|
48
|
+
:xccdf_medium,
|
49
|
+
:xccdf_high
|
50
|
+
)
|
51
|
+
attach_function :xccdf_rule_get_severity, [:pointer], XccdfSeverity
|
52
|
+
attach_function :xccdf_rule_get_fixes, [:pointer], :pointer
|
53
|
+
attach_function :xccdf_fix_iterator_has_more, [:pointer], :bool
|
54
|
+
attach_function :xccdf_fix_iterator_next, [:pointer], :pointer
|
55
|
+
attach_function :xccdf_fix_iterator_free, [:pointer], :void
|
56
|
+
end
|
@@ -20,7 +20,7 @@ module OpenSCAP
|
|
20
20
|
when FFI::Pointer
|
21
21
|
@rr = t
|
22
22
|
else
|
23
|
-
fail OpenSCAP::OpenSCAPError, "Cannot initialize
|
23
|
+
fail OpenSCAP::OpenSCAPError, "Cannot initialize OpenSCAP::Xccdf::RuleResult with #{t}"
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
@@ -30,7 +30,7 @@ module OpenSCAP
|
|
30
30
|
|
31
31
|
def result
|
32
32
|
OpenSCAP.xccdf_test_result_type_get_text \
|
33
|
-
|
33
|
+
OpenSCAP.xccdf_rule_result_get_result(@rr)
|
34
34
|
end
|
35
35
|
|
36
36
|
def override!(param)
|
@@ -0,0 +1,20 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
require 'openscap/exceptions'
|
13
|
+
require 'openscap/xccdf/item'
|
14
|
+
|
15
|
+
module OpenSCAP
|
16
|
+
module Xccdf
|
17
|
+
class Value < Item
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -17,9 +17,7 @@ require 'openscap/xccdf/benchmark'
|
|
17
17
|
|
18
18
|
class TestBenchmark < OpenSCAP::TestCase
|
19
19
|
def test_new_from_file
|
20
|
-
|
21
|
-
b = OpenSCAP::Xccdf::Benchmark.new @s
|
22
|
-
assert !b.nil?
|
20
|
+
b = benchmark_from_file
|
23
21
|
b.destroy
|
24
22
|
end
|
25
23
|
|
@@ -45,4 +43,80 @@ class TestBenchmark < OpenSCAP::TestCase
|
|
45
43
|
end
|
46
44
|
assert msg.start_with?('Failed to import XCCDF content from'), msg
|
47
45
|
end
|
46
|
+
|
47
|
+
def test_items_in_benchmark
|
48
|
+
b = benchmark_from_file
|
49
|
+
assert b.items.size == 138
|
50
|
+
rules_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Rule) }
|
51
|
+
groups_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Group) }
|
52
|
+
assert rules_count == 76, "Got #{rules_count} rules"
|
53
|
+
assert groups_count == 62, "Got #{groups_count} groups"
|
54
|
+
b.destroy
|
55
|
+
end
|
56
|
+
|
57
|
+
def test_items_title
|
58
|
+
b = benchmark_from_file
|
59
|
+
prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
|
60
|
+
assert prelink_rule.title == 'Prelinking Disabled', prelink_rule.title
|
61
|
+
b.destroy
|
62
|
+
end
|
63
|
+
|
64
|
+
def test_items_description
|
65
|
+
b = benchmark_from_file
|
66
|
+
install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
|
67
|
+
expected_result = "\nThe Red Hat platform includes a sophisticated auditing system\nand SELinux, which provide host-based intrusion detection capabilities.\n"
|
68
|
+
assert install_hids_rule.description == expected_result, install_hids_rule.description
|
69
|
+
b.destroy
|
70
|
+
end
|
71
|
+
|
72
|
+
def test_items_rationale
|
73
|
+
b = benchmark_from_file
|
74
|
+
aide_rule = b.items['xccdf_org.ssgproject.content_rule_package_aide_installed']
|
75
|
+
expected_rationale = "\nThe AIDE package must be installed if it is to be available for integrity checking.\n"
|
76
|
+
assert aide_rule.rationale == expected_rationale, aide_rule.rationale
|
77
|
+
b.destroy
|
78
|
+
end
|
79
|
+
|
80
|
+
def test_items_severity
|
81
|
+
b = benchmark_from_file
|
82
|
+
prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
|
83
|
+
assert prelink_rule.severity == 'Low', prelink_rule.severity
|
84
|
+
b.destroy
|
85
|
+
end
|
86
|
+
|
87
|
+
def test_items_references
|
88
|
+
b = benchmark_from_file
|
89
|
+
install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
|
90
|
+
expected_references = [{ :title => 'SC-7',
|
91
|
+
:href => 'http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf',
|
92
|
+
:html_link => "<a href='http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf'>SC-7</a>" },
|
93
|
+
{ :title => '1263',
|
94
|
+
:href => 'http://iase.disa.mil/cci/index.html',
|
95
|
+
:html_link => "<a href='http://iase.disa.mil/cci/index.html'>1263</a>" }]
|
96
|
+
assert_equal(expected_references, install_hids_rule.references.map(&:to_hash), 'Install hids references should be equal')
|
97
|
+
end
|
98
|
+
|
99
|
+
def test_items_fixes
|
100
|
+
b = benchmark_from_file
|
101
|
+
login_defs_rule = b.items['xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs']
|
102
|
+
expected_content = ["var_accounts_minimum_age_login_defs=\"<sub xmlns=\"http://checklists.nist.gov/xccdf/1.2\" idref=\"xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs\" use=\"legacy\"/>\"\ngrep -q ^PASS_MIN_DAYS /etc/login.defs && \\\nsed -i \"s/PASS_MIN_DAYS.*/PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs/g\" /etc/login.defs\nif ! [ $? -eq 0 ]\nthen\n echo -e \"PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs\" >> /etc/login.defs\nfi\n"]
|
103
|
+
expected_hashes = [{
|
104
|
+
:id => nil,
|
105
|
+
:platform => nil,
|
106
|
+
:content => expected_content.first,
|
107
|
+
:system => 'urn:xccdf:fix:script:sh'
|
108
|
+
}]
|
109
|
+
assert_equal(expected_content, login_defs_rule.fixes.map(&:content), 'Fix content should match')
|
110
|
+
assert_equal(expected_hashes, login_defs_rule.fixes.map(&:to_hash), 'Fix hash should match')
|
111
|
+
end
|
112
|
+
|
113
|
+
private
|
114
|
+
|
115
|
+
def benchmark_from_file
|
116
|
+
source = OpenSCAP::Source.new '../data/xccdf.xml'
|
117
|
+
b = OpenSCAP::Xccdf::Benchmark.new source
|
118
|
+
source.destroy
|
119
|
+
assert !b.nil?
|
120
|
+
b
|
121
|
+
end
|
48
122
|
end
|
metadata
CHANGED
@@ -1,41 +1,41 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Simon Lukasik
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-09-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: 1.0.0
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- -
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 1.0.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: ffi
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: 1.0.9
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: 1.0.9
|
41
41
|
description: |-
|
@@ -46,40 +46,46 @@ executables: []
|
|
46
46
|
extensions: []
|
47
47
|
extra_rdoc_files: []
|
48
48
|
files:
|
49
|
+
- COPYING
|
50
|
+
- README.md
|
51
|
+
- Rakefile
|
49
52
|
- lib/openscap.rb
|
50
|
-
- lib/openscap/xccdf.rb
|
51
53
|
- lib/openscap/ds/arf.rb
|
52
54
|
- lib/openscap/ds/sds.rb
|
55
|
+
- lib/openscap/exceptions.rb
|
53
56
|
- lib/openscap/libc.rb
|
54
|
-
- lib/openscap/xccdf/testresult.rb
|
55
|
-
- lib/openscap/xccdf/benchmark.rb
|
56
|
-
- lib/openscap/xccdf/session.rb
|
57
|
-
- lib/openscap/xccdf/ruleresult.rb
|
58
|
-
- lib/openscap/xccdf/profile.rb
|
59
|
-
- lib/openscap/source.rb
|
60
57
|
- lib/openscap/openscap.rb
|
61
|
-
- lib/openscap/
|
58
|
+
- lib/openscap/source.rb
|
62
59
|
- lib/openscap/text.rb
|
63
|
-
- lib/openscap/
|
64
|
-
-
|
65
|
-
-
|
66
|
-
-
|
67
|
-
-
|
68
|
-
-
|
69
|
-
-
|
60
|
+
- lib/openscap/version.rb
|
61
|
+
- lib/openscap/xccdf.rb
|
62
|
+
- lib/openscap/xccdf/benchmark.rb
|
63
|
+
- lib/openscap/xccdf/fix.rb
|
64
|
+
- lib/openscap/xccdf/group.rb
|
65
|
+
- lib/openscap/xccdf/item.rb
|
66
|
+
- lib/openscap/xccdf/profile.rb
|
67
|
+
- lib/openscap/xccdf/reference.rb
|
68
|
+
- lib/openscap/xccdf/rule.rb
|
69
|
+
- lib/openscap/xccdf/ruleresult.rb
|
70
|
+
- lib/openscap/xccdf/session.rb
|
71
|
+
- lib/openscap/xccdf/testresult.rb
|
72
|
+
- lib/openscap/xccdf/value.rb
|
73
|
+
- test/common/testcase.rb
|
70
74
|
- test/data/invalid.xml
|
75
|
+
- test/data/sds-complex.xml
|
71
76
|
- test/data/testresult.xml
|
72
|
-
- test/xccdf
|
73
|
-
- test/
|
77
|
+
- test/data/xccdf.xml
|
78
|
+
- test/ds/arf_test.rb
|
79
|
+
- test/ds/sds_test.rb
|
80
|
+
- test/integration/arf_waiver_test.rb
|
81
|
+
- test/openscap_test.rb
|
82
|
+
- test/source_test.rb
|
83
|
+
- test/text_test.rb
|
84
|
+
- test/xccdf/benchmark_test.rb
|
74
85
|
- test/xccdf/profile_test.rb
|
86
|
+
- test/xccdf/session_ds_test.rb
|
87
|
+
- test/xccdf/session_test.rb
|
75
88
|
- test/xccdf/testresult_test.rb
|
76
|
-
- test/xccdf/benchmark_test.rb
|
77
|
-
- test/common/testcase.rb
|
78
|
-
- test/source_test.rb
|
79
|
-
- test/integration/arf_waiver_test.rb
|
80
|
-
- COPYING
|
81
|
-
- README.md
|
82
|
-
- Rakefile
|
83
89
|
homepage: https://github.com/OpenSCAP/ruby-openscap
|
84
90
|
licenses:
|
85
91
|
- GPL-2.0
|
@@ -90,17 +96,17 @@ require_paths:
|
|
90
96
|
- lib
|
91
97
|
required_ruby_version: !ruby/object:Gem::Requirement
|
92
98
|
requirements:
|
93
|
-
- -
|
99
|
+
- - ">="
|
94
100
|
- !ruby/object:Gem::Version
|
95
101
|
version: '0'
|
96
102
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
97
103
|
requirements:
|
98
|
-
- -
|
104
|
+
- - ">="
|
99
105
|
- !ruby/object:Gem::Version
|
100
106
|
version: '0'
|
101
107
|
requirements: []
|
102
108
|
rubyforge_project:
|
103
|
-
rubygems_version: 2.
|
109
|
+
rubygems_version: 2.4.8
|
104
110
|
signing_key:
|
105
111
|
specification_version: 4
|
106
112
|
summary: A FFI wrapper around the OpenSCAP library
|