openscap 0.4.9 → 0.5.0

data/test/xccdf/item_test.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'openscap'
+require 'openscap/xccdf/benchmark'
+require 'common/testcase'
+
+class ItemTest < OpenSCAP::TestCase
+  def test_description_html
+    expected_markup = "\n" \
+                      "Most of the actions listed in this document are written with the\n" \
+                      "assumption that they will be executed by the root user running the\n" \
+                      "<xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">/bin/bash</xhtml:code> shell. Commands preceded with a hash mark (#)\n" \
+                      "assume that the administrator will execute the commands as root, i.e.\n" \
+                      "apply the command via <xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">sudo</xhtml:code> whenever possible, or use\n" \
+                      "<xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">su</xhtml:code> to gain root privileges if <xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">sudo</xhtml:code> cannot be\n" \
+                      "used. Commands which can be executed as a non-root user are are preceded\n" \
+                      "by a dollar sign ($) prompt.\n"
+    with_item 'xccdf_org.ssgproject.content_group_intro-root-shell-assumed' do |item|
+      assert_equal item.description(markup: true), expected_markup
+    end
+  end
+
+  def test_rationale_html
+    expected_markup = "\n" \
+                      "For AIDE to be effective, an initial database of <i xmlns=\"http://www.w3.org/1999/xhtml\">\"known-good\"</i> information about files\n" \
+                      "must be captured and it should be able to be verified against the installed files.\n"
+    with_item 'xccdf_org.ssgproject.content_rule_aide_build_database' do |item|
+      assert_equal item.rationale(markup: true), expected_markup
+    end
+  end
+
+  def test_missing_rationale
+    with_item 'xccdf_org.ssgproject.content_group_intro' do |item_sans_rationale|
+      assert_equal item_sans_rationale.rationale(markup: true), nil
+    end
+  end
+
+  def test_version
+    with_item 'xccdf_org.ssgproject.content_group_intro' do |item_sans_version|
+      assert_nil item_sans_version.version
+    end
+  end
+
+  def test_references
+    with_item 'xccdf_org.ssgproject.content_rule_disable_prelink' do |item|
+      item.references.tap do |refs|
+        assert_equal refs.length, 4
+        assert_equal refs.collect(&:title), ['CM-6(d)', 'CM-6(3)', 'SC-28', 'SI-7']
+        assert_equal refs.collect(&:href).uniq, ['http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf']
+      end
+    end
+  end
+
+  def test_warnings
+    expected_text = 'If verbose logging to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">vsftpd.log</xhtml:code> is done, sparse logging of downloads to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">/var/log/xferlog</xhtml:code> will not also occur. However, the information about what files were downloaded is included in the information logged to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">vsftpd.log</xhtml:code>'
+    with_item 'xccdf_org.ssgproject.content_rule_ftp_log_transactions' do |item|
+      warns = item.warnings
+      assert_equal warns.length, 1
+      warning = warns[0]
+      assert warning.instance_of?(Hash)
+      assert warning.keys.length == 2
+      assert warning[:category] == :general
+      assert warning[:text].text == expected_text
+    end
+  end
+
+  private
+
+  def with_item(id, &)
+    with_benchmark do |b|
+      item = b.items[id]
+      refute_nil item
+      yield item
+    end
+  end
+
+  def with_benchmark(&)
+    OpenSCAP::Source.new '../data/xccdf.xml' do |source|
+      OpenSCAP::Xccdf::Benchmark.new(source, &)
+    end
+  end
+end

data/test/xccdf/policy_test.rb

@@ -9,12 +9,40 @@ require 'openscap/xccdf/policy_model'
 
 class TestPolicy < OpenSCAP::TestCase
   def test_new_policy_model
-    @s = OpenSCAP::Source.new '../data/xccdf.xml'
-    b = OpenSCAP::Xccdf::Benchmark.new @s
-    pm = OpenSCAP::Xccdf::PolicyModel.new b
-    assert !b.nil?
-    assert pm.policies.size == 1, pm.policies.to_s
-    assert pm.policies['xccdf_org.ssgproject.content_profile_common']
-    pm.destroy
+    with_policy_model do |pm|
+      assert pm.policies.size == 1, pm.policies.to_s
+      assert pm.policies['xccdf_org.ssgproject.content_profile_common']
+    end
+  end
+
+  def test_profile_getter
+    with_policy do |policy|
+      profile = policy.profile
+      assert_equal profile.id, 'xccdf_org.ssgproject.content_profile_common'
+    end
+  end
+
+  def test_selects_item
+    with_policy do |policy|
+      assert policy.selects_item?('xccdf_org.ssgproject.content_rule_disable_prelink')
+      refute policy.selects_item?('xccdf_org.ssgproject.content_rule_disable_vsftpd')
+    end
+  end
+
+  private
+
+  def with_policy(&)
+    with_policy_model do |pm|
+      yield pm.policies['xccdf_org.ssgproject.content_profile_common']
+    end
+  end
+
+  def with_policy_model(&)
+    OpenSCAP::Source.new '../data/xccdf.xml' do |source|
+      OpenSCAP::Xccdf::Benchmark.new source do |bench|
+        assert !bench.nil?
+        yield bench.policy_model
+      end
+    end
   end
 end

data/test/xccdf/profile_test.rb

@@ -8,13 +8,55 @@ require 'openscap/xccdf/profile'
 
 class TestProfile < OpenSCAP::TestCase
   def test_new_from_file
-    @s = OpenSCAP::Source.new '../data/xccdf.xml'
-    b = OpenSCAP::Xccdf::Benchmark.new @s
-    assert !b.nil?
-    assert b.profiles.size == 1, b.profiles.to_s
-    profile1 = b.profiles['xccdf_org.ssgproject.content_profile_common']
-    assert profile1
-    assert profile1.title == 'Common Profile for General-Purpose Fedora Systems'
-    b.destroy
+    with_profile do |p|
+      assert p.title == 'Common Profile for General-Purpose Fedora Systems'
+    end
+  end
+
+  def test_description_html
+    with_profile do |p|
+      assert_equal p.description, 'This profile contains items common to general-purpose Fedora installations.'
+    end
+  end
+
+  def test_status
+    with_profile do |p|
+      assert_nil p.status_current&.status
+    end
+  end
+
+  def test_version
+    with_profile do |p|
+      assert_equal p.version, '3.2.1'
+    end
+  end
+
+  def test_references
+    with_profile do |p|
+      assert_equal p.references, []
+    end
+  end
+
+  def test_abstract
+    with_profile do |p|
+      assert_false p.abstract?
+    end
+  end
+
+  private
+
+  def with_profile(&)
+    benchmark do |b|
+      assert b.profiles.size == 1, b.profiles.to_s
+      profile = b.profiles['xccdf_org.ssgproject.content_profile_common']
+      assert profile
+      yield profile
+    end
+  end
+
+  def benchmark(&)
+    OpenSCAP::Source.new '../data/xccdf.xml' do |source|
+      OpenSCAP::Xccdf::Benchmark.new(source, &)
+    end
   end
 end

data/test/xccdf/session_ds_test.rb

@@ -17,7 +17,7 @@ class TestSessionDS < OpenSCAP::TestCase
 
   def test_session_load_ds_comp
     @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(:datastream_id => 'scap_org.open-scap_datastream_tst2', :component_id => 'scap_org.open-scap_cref_second-xccdf.xml2')
+    @s.load(datastream_id: 'scap_org.open-scap_datastream_tst2', component_id: 'scap_org.open-scap_cref_second-xccdf.xml2')
     @s.evaluate
   end
 
@@ -25,7 +25,7 @@ class TestSessionDS < OpenSCAP::TestCase
     @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
     msg = nil
     begin
-      @s.load(:datastream_id => 'nonexistent')
+      @s.load(datastream_id: 'nonexistent')
       assert false
     rescue OpenSCAP::OpenSCAPError => e
       msg = e.to_s
@@ -37,7 +37,7 @@ class TestSessionDS < OpenSCAP::TestCase
     @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
     msg = nil
     begin
-      @s.load(:component_id => 'nonexistent')
+      @s.load(component_id: 'nonexistent')
       assert false
     rescue OpenSCAP::OpenSCAPError => e
       msg = e.to_s
@@ -47,7 +47,7 @@ class TestSessionDS < OpenSCAP::TestCase
 
   def test_session_set_profile
     @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
+    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
     @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
     @s.evaluate
   end
@@ -69,40 +69,40 @@ class TestSessionDS < OpenSCAP::TestCase
     @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
     @s.load
     @s.evaluate
-    @s.export_results(:rds_file => 'report.rds.xml')
+    @s.export_results(rds_file: 'report.rds.xml')
     assert_exported ['report.rds.xml']
   end
 
   def test_session_export_xccdf_results
     @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
+    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
     @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
     @s.evaluate
-    @s.export_results(:xccdf_file => 'result.xccdf.xml')
+    @s.export_results(xccdf_file: 'result.xccdf.xml')
     assert_exported ['result.xccdf.xml']
   end
 
   def test_session_export_html_report
     @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
+    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
     @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
     @s.evaluate
-    @s.export_results(:report_file => 'report.html', :xccdf_file => 'result.xccdf.xml')
+    @s.export_results(report_file: 'report.html', xccdf_file: 'result.xccdf.xml')
     assert_exported ['report.html', 'result.xccdf.xml']
   end
 
   def test_session_export_oval_variables
     @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
+    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
     @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
     @s.evaluate
-    @s.export_results(:oval_variables => true)
+    @s.export_results(oval_variables: true)
     assert_exported []
   end
 
   def test_remediate
     @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
+    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
     @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
     @s.evaluate
     @s.remediate
@@ -111,6 +111,6 @@ class TestSessionDS < OpenSCAP::TestCase
   def assert_exported(files)
     # libopenscap compiled with --enable-debug creates debug files
     FileUtils.rm_rf(Dir.glob('oscap_debug.log.*'))
-    assert files.sort == Dir.glob('*').sort
+    assert files.sort == Dir.glob('*')
   end
 end

data/test/xccdf/session_test.rb

@@ -12,7 +12,7 @@ class TestSession < OpenSCAP::TestCase
     rescue OpenSCAP::OpenSCAPError => e
       msg = e.to_s
     end
-    assert msg.start_with?("Unable to open file: ''"), 'Message was: ' + msg
+    assert msg.start_with?("Unable to open file: ''"), "Message was: #{msg}"
   end
 
   def test_session_new_nil
@@ -23,7 +23,7 @@ class TestSession < OpenSCAP::TestCase
     rescue OpenSCAP::OpenSCAPError => e
       msg = e.to_s
     end
-    assert msg.start_with?('No filename specified!'), 'Message was: ' + msg
+    assert msg.start_with?('No filename specified!'), "Message was: #{msg}"
   end
 
   def test_sds_false

data/test/xccdf/testresult_test.rb

@@ -18,7 +18,7 @@ class TestTestResult < OpenSCAP::TestCase
       msg = e.to_s
     end
     assert msg.start_with?("Expected 'TestResult' element while found 'Benchmark'."),
-           'Message was: ' + msg
+           "Message was: #{msg}"
   end
 
   def test_result_create_and_query_properties
@@ -44,10 +44,10 @@ class TestTestResult < OpenSCAP::TestCase
     tr = new_tr
     rr = tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink']
     assert rr.result == 'fail'
-    rr.override!(:new_result => :pass,
-                 :time => 'yesterday',
-                 :authority => 'John Hacker',
-                 :raw_text => 'We are testing prelink on this machine')
+    rr.override!(new_result: :pass,
+                 time: 'yesterday',
+                 authority: 'John Hacker',
+                 raw_text: 'We are testing prelink on this machine')
     assert rr.result == 'pass'
     tr.destroy
   end
@@ -67,10 +67,10 @@ class TestTestResult < OpenSCAP::TestCase
 
     rr = tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink']
     assert rr.result == 'fail'
-    rr.override!(:new_result => :pass,
-                 :time => 'yesterday',
-                 :authority => 'John Hacker',
-                 :raw_text => 'We are testing prelink on this machine')
+    rr.override!(new_result: :pass,
+                 time: 'yesterday',
+                 authority: 'John Hacker',
+                 raw_text: 'We are testing prelink on this machine')
     assert rr.result == 'pass'
 
     assert_default_score tr.score, 34, 35

data/test/xccdf/value_test.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require 'common/testcase'
+require 'openscap'
+require 'openscap/source'
+require 'openscap/xccdf/benchmark'
+
+class TestBenchmark < OpenSCAP::TestCase
+  def test_benchmark_values
+    with_benchmark do |b|
+      val_ids = []
+      b.each_value do |val|
+        val_ids << val.id
+      end
+      assert_equal val_ids, ['xccdf_org.ssgproject.content_value_conditional_clause']
+    end
+  end
+
+  def test_value_props
+    with_value do |val|
+      assert_equal val.id, 'xccdf_org.ssgproject.content_value_conditional_clause'
+      assert_equal val.title, 'A conditional clause for check statements.'
+      assert_equal val.description, 'A conditional clause for check statements.'
+    end
+  end
+
+  def test_collect_all_values
+    with_all_values do |vals|
+      assert_equal vals.length, 7
+      assert_equal vals.to_set(&:id).length, 7
+    end
+  end
+
+  private
+
+  def with_value(&)
+    with_benchmark { |b| b.each_value(&) }
+  end
+
+  def with_all_values(&)
+    vals = []
+    with_benchmark do |b|
+      vals += collect_values(b)
+      yield vals
+    end
+  end
+
+  def with_benchmark(&)
+    OpenSCAP::Source.new '../data/xccdf.xml' do |source|
+      OpenSCAP::Xccdf::Benchmark.new(source, &)
+    end
+  end
+
+  def collect_values(item)
+    vals = []
+    if item.is_a?(OpenSCAP::Xccdf::Benchmark) || item.is_a?(OpenSCAP::Xccdf::Group)
+      item.each_value { |v| vals << v }
+
+      if item.is_a? OpenSCAP::Xccdf::Benchmark
+        item.each_item { |item| vals += collect_values(item) }
+      else
+        item.each_child { |item| vals += collect_values(item) }
+      end
+    end
+    vals
+  end
+end

metadata

@@ -1,43 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: openscap
 version: !ruby/object:Gem::Version
-  version: 0.4.9
+  version: 0.5.0
 platform: ruby
 authors:
 - Simon Lukasik
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-02 00:00:00.000000000 Z
+date: 2023-10-07 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.0.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: ffi
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.9
+        version: 1.15.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.9
+        version: 1.15.5
 description: |-
   A FFI wrapper around the OpenSCAP library.
     Currently it provides only subset of libopenscap functionality.
@@ -65,6 +51,7 @@ files:
 - lib/openscap/xccdf/group.rb
 - lib/openscap/xccdf/ident.rb
 - lib/openscap/xccdf/item.rb
+- lib/openscap/xccdf/item_common.rb
 - lib/openscap/xccdf/policy.rb
 - lib/openscap/xccdf/policy_model.rb
 - lib/openscap/xccdf/profile.rb
@@ -72,6 +59,7 @@ files:
 - lib/openscap/xccdf/rule.rb
 - lib/openscap/xccdf/ruleresult.rb
 - lib/openscap/xccdf/session.rb
+- lib/openscap/xccdf/status.rb
 - lib/openscap/xccdf/tailoring.rb
 - lib/openscap/xccdf/testresult.rb
 - lib/openscap/xccdf/value.rb
@@ -90,17 +78,19 @@ files:
 - test/text_test.rb
 - test/xccdf/arf_test.rb
 - test/xccdf/benchmark_test.rb
+- test/xccdf/item_test.rb
 - test/xccdf/policy_test.rb
 - test/xccdf/profile_test.rb
 - test/xccdf/session_ds_test.rb
 - test/xccdf/session_test.rb
 - test/xccdf/tailoring_test.rb
 - test/xccdf/testresult_test.rb
-homepage: https://github.com/OpenSCAP/ruby-openscap
+- test/xccdf/value_test.rb
+homepage: https://github.com/isimluk/ruby-openscap
 licenses:
 - GPL-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -108,16 +98,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 3.2.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6.2
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: A FFI wrapper around the OpenSCAP library
 test_files: []