openscap 0.4.9 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +7 -18
- data/Rakefile +2 -2
- data/lib/openscap/all.rb +1 -1
- data/lib/openscap/ds/arf.rb +3 -3
- data/lib/openscap/ds/sds.rb +8 -2
- data/lib/openscap/openscap.rb +9 -0
- data/lib/openscap/source.rb +10 -4
- data/lib/openscap/text.rb +34 -5
- data/lib/openscap/version.rb +1 -1
- data/lib/openscap/xccdf/benchmark.rb +64 -12
- data/lib/openscap/xccdf/fix.rb +4 -4
- data/lib/openscap/xccdf/group.rb +32 -0
- data/lib/openscap/xccdf/item.rb +33 -61
- data/lib/openscap/xccdf/item_common.rb +40 -0
- data/lib/openscap/xccdf/policy.rb +10 -0
- data/lib/openscap/xccdf/policy_model.rb +15 -6
- data/lib/openscap/xccdf/profile.rb +9 -9
- data/lib/openscap/xccdf/reference.rb +3 -3
- data/lib/openscap/xccdf/rule.rb +10 -14
- data/lib/openscap/xccdf/session.rb +18 -20
- data/lib/openscap/xccdf/status.rb +35 -0
- data/lib/openscap/xccdf/tailoring.rb +3 -6
- data/lib/openscap/xccdf/testresult.rb +10 -16
- data/lib/openscap/xccdf.rb +1 -1
- data/test/data/xccdf.xml +2 -1
- data/test/ds/arf_test.rb +9 -9
- data/test/ds/sds_test.rb +23 -5
- data/test/integration/arf_waiver_test.rb +5 -5
- data/test/source_test.rb +13 -13
- data/test/xccdf/arf_test.rb +1 -2
- data/test/xccdf/benchmark_test.rb +96 -10
- data/test/xccdf/item_test.rb +82 -0
- data/test/xccdf/policy_test.rb +35 -7
- data/test/xccdf/profile_test.rb +50 -8
- data/test/xccdf/session_ds_test.rb +13 -13
- data/test/xccdf/session_test.rb +2 -2
- data/test/xccdf/testresult_test.rb +9 -9
- data/test/xccdf/value_test.rb +67 -0
- metadata +16 -27
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 31f300d3cdcf9b72dcc0e552f4ce9c6113d54b1f9b5316441bff1133a09106ed
|
4
|
+
data.tar.gz: fdcb823bf21e22ed25cdd77f0bf534227db14af84f0f7383d7f74c65cf690932
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a21ae53d6e42bd055058423e54615780483bec7f8c0514a55dfa953ef6e37d88256c0404135a432e964339a9e26fb0a79ba9963e51ffd0317ba28428d7a70c5a
|
7
|
+
data.tar.gz: 790d230ca7fc2b54f9188f5362851d428152000d84d30f935222a323a8276838b491c640a81708f11b592d0c48dfa759f90718d7b80ae1201c9a4344b37513e4
|
data/README.md
CHANGED
@@ -1,13 +1,13 @@
|
|
1
|
-
|
1
|
+
ruby-OpenSCAP <img alt="icon" src="http://isimluk.fedorapeople.org/ruby-OpenSCAP-small.png" width="100">
|
2
2
|
=============
|
3
3
|
|
4
4
|
Description
|
5
5
|
-------------
|
6
|
-
|
6
|
+
An FFI wrapper around the OpenSCAP library.
|
7
7
|
|
8
8
|
Features/problems
|
9
9
|
-------------
|
10
|
-
Current version supports minimal set of functions needed to build own scanner. This
|
10
|
+
Current version supports minimal set of functions needed to build own scanner. This gem
|
11
11
|
is self documented by its test suite.
|
12
12
|
|
13
13
|
Sample Scanner Implementation
|
@@ -23,28 +23,17 @@ Sample Scanner Implementation
|
|
23
23
|
|
24
24
|
Development Requirements
|
25
25
|
-------------
|
26
|
-
On Fedora,
|
26
|
+
On Fedora, commands are
|
27
27
|
|
28
|
-
dnf install
|
29
|
-
|
30
|
-
On RHEL you can install requirements by issuing
|
31
|
-
|
32
|
-
yum install ruby-devel rubygem-rake rubygem-bundler openscap
|
33
|
-
gem install ffi # or install rubygem-ffi RPM package from EPEL
|
28
|
+
dnf install openscap
|
29
|
+
bundle install
|
34
30
|
|
35
31
|
|
36
32
|
Test Requirements
|
37
33
|
-------------
|
38
34
|
On Fedora, more packages are necessary, but rubocop can be of the latest version
|
39
35
|
|
40
|
-
dnf install
|
41
|
-
gem install rubocop
|
42
|
-
|
43
|
-
For tests on RHEL7, you need minitest package and specific older version of rubocop.
|
44
|
-
Newer versions of rubocop requires Ruby >= 2.1.0
|
45
|
-
|
46
|
-
yum install rubygem-minitest bzip2
|
47
|
-
gem install rubocop -v 0.50.0
|
36
|
+
dnf install bzip2
|
48
37
|
|
49
38
|
Tests are then performed using script
|
50
39
|
|
data/Rakefile
CHANGED
@@ -2,10 +2,10 @@
|
|
2
2
|
|
3
3
|
require 'bundler'
|
4
4
|
|
5
|
-
Bundler::GemHelper.install_tasks :
|
5
|
+
Bundler::GemHelper.install_tasks name: 'openscap'
|
6
6
|
|
7
7
|
task :test do
|
8
8
|
$LOAD_PATH.unshift('lib')
|
9
9
|
$LOAD_PATH.unshift('test')
|
10
|
-
Dir.glob('./test/**/*_test.rb') { |f| require f }
|
10
|
+
Dir.glob('./test/**/*_test.rb').each { |f| require f }
|
11
11
|
end
|
data/lib/openscap/all.rb
CHANGED
data/lib/openscap/ds/arf.rb
CHANGED
@@ -58,8 +58,8 @@ module OpenSCAP
|
|
58
58
|
|
59
59
|
attach_function :ds_rds_session_new_from_source, [:pointer], :pointer
|
60
60
|
attach_function :ds_rds_session_free, [:pointer], :void
|
61
|
-
attach_function :ds_rds_session_select_report, [
|
62
|
-
attach_function :ds_rds_session_replace_report_with_source, [
|
63
|
-
attach_function :ds_rds_session_select_report_request, [
|
61
|
+
attach_function :ds_rds_session_select_report, %i[pointer string], :pointer
|
62
|
+
attach_function :ds_rds_session_replace_report_with_source, %i[pointer pointer], :int
|
63
|
+
attach_function :ds_rds_session_select_report_request, %i[pointer string], :pointer
|
64
64
|
attach_function :ds_rds_session_get_html_report, [:pointer], :pointer
|
65
65
|
end
|
data/lib/openscap/ds/sds.rb
CHANGED
@@ -15,6 +15,12 @@ module OpenSCAP
|
|
15
15
|
OpenSCAP.ds_sds_session_new_from_source param[:source].raw
|
16
16
|
end
|
17
17
|
OpenSCAP.raise! if @raw.null?
|
18
|
+
|
19
|
+
begin
|
20
|
+
yield self
|
21
|
+
ensure
|
22
|
+
destroy
|
23
|
+
end if block_given?
|
18
24
|
end
|
19
25
|
|
20
26
|
def select_checklist(p = {})
|
@@ -43,6 +49,6 @@ module OpenSCAP
|
|
43
49
|
|
44
50
|
attach_function :ds_sds_session_new_from_source, [:pointer], :pointer
|
45
51
|
attach_function :ds_sds_session_free, [:pointer], :void
|
46
|
-
attach_function :ds_sds_session_select_checklist, [
|
47
|
-
attach_function :ds_sds_session_get_html_guide, [
|
52
|
+
attach_function :ds_sds_session_select_checklist, %i[pointer string string string], :pointer
|
53
|
+
attach_function :ds_sds_session_get_html_guide, %i[pointer string], :string
|
48
54
|
end
|
data/lib/openscap/openscap.rb
CHANGED
@@ -25,6 +25,15 @@ module OpenSCAP
|
|
25
25
|
raise OpenSCAPError, err
|
26
26
|
end
|
27
27
|
|
28
|
+
def self._iterate(over:, as:, &)
|
29
|
+
has_more_method = "#{as}_iterator_has_more"
|
30
|
+
next_method = "#{as}_iterator_next"
|
31
|
+
free_method = "#{as}_iterator_free"
|
32
|
+
|
33
|
+
yield send(next_method, over) while send(has_more_method, over)
|
34
|
+
send(free_method, over)
|
35
|
+
end
|
36
|
+
|
28
37
|
attach_function :oscap_init, [], :void
|
29
38
|
attach_function :oscap_cleanup, [], :void
|
30
39
|
attach_function :oscap_get_version, [], :string
|
data/lib/openscap/source.rb
CHANGED
@@ -20,6 +20,12 @@ module OpenSCAP
|
|
20
20
|
raise OpenSCAP::OpenSCAPError, "Cannot initialize #{self.class.name} with '#{param}'"
|
21
21
|
end
|
22
22
|
OpenSCAP.raise! if @raw.null?
|
23
|
+
|
24
|
+
begin
|
25
|
+
yield self
|
26
|
+
ensure
|
27
|
+
destroy
|
28
|
+
end if block_given?
|
23
29
|
end
|
24
30
|
|
25
31
|
def type
|
@@ -51,13 +57,13 @@ module OpenSCAP
|
|
51
57
|
end
|
52
58
|
|
53
59
|
attach_function :oscap_source_new_from_file, [:string], :pointer
|
54
|
-
attach_function :oscap_source_new_from_memory, [
|
60
|
+
attach_function :oscap_source_new_from_memory, %i[pointer int string], :pointer
|
55
61
|
attach_function :oscap_source_get_scap_type, [:pointer], :int
|
56
62
|
attach_function :oscap_source_free, [:pointer], :void
|
57
|
-
attach_function :oscap_source_save_as, [
|
63
|
+
attach_function :oscap_source_save_as, %i[pointer string], :int
|
58
64
|
|
59
|
-
callback :xml_reporter, [
|
60
|
-
attach_function :oscap_source_validate, [
|
65
|
+
callback :xml_reporter, %i[string int string pointer], :int
|
66
|
+
attach_function :oscap_source_validate, %i[pointer xml_reporter pointer], :int
|
61
67
|
XmlReporterCallback = proc do |filename, line_number, error_message, e|
|
62
68
|
offset = e.get_string(0).length
|
63
69
|
msg = "#{filename}:#{line_number}: #{error_message}"
|
data/lib/openscap/text.rb
CHANGED
@@ -4,8 +4,13 @@ module OpenSCAP
|
|
4
4
|
class Text
|
5
5
|
attr_reader :raw
|
6
6
|
|
7
|
-
def initialize
|
8
|
-
@raw =
|
7
|
+
def initialize(t = nil)
|
8
|
+
@raw = case t
|
9
|
+
when FFI::Pointer
|
10
|
+
t
|
11
|
+
when nil
|
12
|
+
OpenSCAP.oscap_text_new
|
13
|
+
end
|
9
14
|
end
|
10
15
|
|
11
16
|
def text=(str)
|
@@ -13,7 +18,7 @@ module OpenSCAP
|
|
13
18
|
end
|
14
19
|
|
15
20
|
def text
|
16
|
-
OpenSCAP.oscap_text_get_text(raw)
|
21
|
+
OpenSCAP.oscap_text_get_text(@raw).force_encoding Encoding::UTF_8
|
17
22
|
end
|
18
23
|
|
19
24
|
def destroy
|
@@ -25,22 +30,46 @@ module OpenSCAP
|
|
25
30
|
class TextList
|
26
31
|
def initialize(oscap_text_iterator)
|
27
32
|
@raw = oscap_text_iterator
|
33
|
+
|
34
|
+
begin
|
35
|
+
yield self
|
36
|
+
ensure
|
37
|
+
destroy
|
38
|
+
end if block_given?
|
28
39
|
end
|
29
40
|
|
30
41
|
def plaintext(lang = nil)
|
31
42
|
OpenSCAP.oscap_textlist_get_preferred_plaintext @raw, lang
|
32
43
|
end
|
33
44
|
|
45
|
+
def markup(lang:)
|
46
|
+
text_pointer = OpenSCAP.oscap_textlist_get_preferred_text @raw, lang
|
47
|
+
return nil if text_pointer.null?
|
48
|
+
|
49
|
+
Text.new(text_pointer).text
|
50
|
+
end
|
51
|
+
|
34
52
|
def destroy
|
35
53
|
OpenSCAP.oscap_text_iterator_free @raw
|
36
54
|
end
|
55
|
+
|
56
|
+
def self.extract(pointer, lang:, markup:)
|
57
|
+
new(pointer) do |list|
|
58
|
+
if markup
|
59
|
+
return list.markup(lang:)
|
60
|
+
else
|
61
|
+
return list.plaintext(lang)
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
37
65
|
end
|
38
66
|
|
39
67
|
attach_function :oscap_text_new, [], :pointer
|
40
|
-
attach_function :oscap_text_set_text, [
|
68
|
+
attach_function :oscap_text_set_text, %i[pointer string], :bool
|
41
69
|
attach_function :oscap_text_get_text, [:pointer], :string
|
42
70
|
attach_function :oscap_text_free, [:pointer], :void
|
43
71
|
|
44
|
-
attach_function :oscap_textlist_get_preferred_plaintext, [
|
72
|
+
attach_function :oscap_textlist_get_preferred_plaintext, %i[pointer string], :string
|
73
|
+
attach_function :oscap_textlist_get_preferred_text, %i[pointer string], :pointer
|
45
74
|
attach_function :oscap_text_iterator_free, [:pointer], :void
|
46
75
|
end
|
data/lib/openscap/version.rb
CHANGED
@@ -3,10 +3,14 @@
|
|
3
3
|
require 'openscap/source'
|
4
4
|
require 'openscap/xccdf/profile'
|
5
5
|
require 'openscap/xccdf/item'
|
6
|
+
require 'openscap/xccdf/item_common'
|
7
|
+
require 'openscap/xccdf/value'
|
8
|
+
require 'openscap/xccdf/status'
|
6
9
|
|
7
10
|
module OpenSCAP
|
8
11
|
module Xccdf
|
9
12
|
class Benchmark
|
13
|
+
include ItemCommon
|
10
14
|
attr_reader :raw
|
11
15
|
|
12
16
|
def initialize(p)
|
@@ -18,6 +22,20 @@ module OpenSCAP
|
|
18
22
|
"Cannot initialize OpenSCAP::Xccdf::Benchmark with '#{p}'"
|
19
23
|
end
|
20
24
|
OpenSCAP.raise! if @raw.null?
|
25
|
+
|
26
|
+
begin
|
27
|
+
yield self
|
28
|
+
ensure
|
29
|
+
destroy
|
30
|
+
end if block_given?
|
31
|
+
end
|
32
|
+
|
33
|
+
def resolved?
|
34
|
+
OpenSCAP.xccdf_benchmark_get_resolved @raw
|
35
|
+
end
|
36
|
+
|
37
|
+
def status_current
|
38
|
+
Status.new OpenSCAP.xccdf_benchmark_get_status_current(raw)
|
21
39
|
end
|
22
40
|
|
23
41
|
def profiles
|
@@ -28,8 +46,40 @@ module OpenSCAP
|
|
28
46
|
@items ||= items_init
|
29
47
|
end
|
30
48
|
|
49
|
+
def each_item(&)
|
50
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_item_get_content(@raw), as: 'xccdf_item' do |pointer|
|
51
|
+
yield OpenSCAP::Xccdf::Item.build(pointer)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def each_profile(&)
|
56
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_benchmark_get_profiles(@raw), as: 'xccdf_profile' do |pointer|
|
57
|
+
yield OpenSCAP::Xccdf::Profile.new pointer
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
def each_value(&)
|
62
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_benchmark_get_values(@raw), as: 'xccdf_value' do |pointer|
|
63
|
+
yield OpenSCAP::Xccdf::Value.new pointer
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
def policy_model
|
68
|
+
@policy_model ||= PolicyModel.new(self)
|
69
|
+
end
|
70
|
+
|
71
|
+
def schema_version
|
72
|
+
pointer = OpenSCAP.xccdf_benchmark_get_schema_version(@raw)
|
73
|
+
OpenSCAP.xccdf_version_info_get_version(pointer)
|
74
|
+
end
|
75
|
+
|
31
76
|
def destroy
|
32
|
-
|
77
|
+
# Policy Model takes ownership of Xccdf::Benchmark. It is one of these lovely quirks of libopenscap
|
78
|
+
if @policy_model
|
79
|
+
@policy_model.destroy
|
80
|
+
else
|
81
|
+
OpenSCAP.xccdf_benchmark_free @raw
|
82
|
+
end
|
33
83
|
@raw = nil
|
34
84
|
end
|
35
85
|
|
@@ -37,27 +87,18 @@ module OpenSCAP
|
|
37
87
|
|
38
88
|
def profiles_init
|
39
89
|
profiles = {}
|
40
|
-
|
41
|
-
while OpenSCAP.xccdf_profile_iterator_has_more profit
|
42
|
-
profile_p = OpenSCAP.xccdf_profile_iterator_next profit
|
43
|
-
profile = OpenSCAP::Xccdf::Profile.new profile_p
|
90
|
+
each_profile do |profile|
|
44
91
|
profiles[profile.id] = profile
|
45
92
|
end
|
46
|
-
OpenSCAP.xccdf_profile_iterator_free profit
|
47
93
|
profiles
|
48
94
|
end
|
49
95
|
|
50
96
|
def items_init
|
51
97
|
items = {}
|
52
|
-
|
53
|
-
while OpenSCAP.xccdf_item_iterator_has_more items_it
|
54
|
-
item_p = OpenSCAP.xccdf_item_iterator_next items_it
|
55
|
-
item = OpenSCAP::Xccdf::Item.build item_p
|
98
|
+
each_item do |item|
|
56
99
|
items.merge! item.sub_items
|
57
100
|
items[item.id] = item
|
58
|
-
# TODO: iterate through childs
|
59
101
|
end
|
60
|
-
OpenSCAP.xccdf_item_iterator_free items_it
|
61
102
|
items
|
62
103
|
end
|
63
104
|
end
|
@@ -66,8 +107,19 @@ module OpenSCAP
|
|
66
107
|
attach_function :xccdf_benchmark_import_source, [:pointer], :pointer
|
67
108
|
attach_function :xccdf_benchmark_free, [:pointer], :void
|
68
109
|
|
110
|
+
attach_function :xccdf_benchmark_get_status_current, [:pointer], :pointer
|
111
|
+
attach_function :xccdf_benchmark_get_resolved, [:pointer], :pointer
|
69
112
|
attach_function :xccdf_benchmark_get_profiles, [:pointer], :pointer
|
70
113
|
attach_function :xccdf_profile_iterator_has_more, [:pointer], :bool
|
71
114
|
attach_function :xccdf_profile_iterator_next, [:pointer], :pointer
|
72
115
|
attach_function :xccdf_profile_iterator_free, [:pointer], :void
|
116
|
+
attach_function :xccdf_benchmark_get_values, [:pointer], :pointer
|
117
|
+
attach_function :xccdf_value_iterator_has_more, [:pointer], :bool
|
118
|
+
attach_function :xccdf_value_iterator_next, [:pointer], :pointer
|
119
|
+
attach_function :xccdf_value_iterator_free, [:pointer], :void
|
120
|
+
|
121
|
+
attach_function :xccdf_benchmark_get_schema_version, [:pointer], :pointer
|
122
|
+
attach_function :xccdf_version_info_get_version, [:pointer], :string
|
73
123
|
end
|
124
|
+
|
125
|
+
require_relative 'policy_model'
|
data/lib/openscap/xccdf/fix.rb
CHANGED
data/lib/openscap/xccdf/group.rb
CHANGED
@@ -7,6 +7,38 @@ require 'openscap/xccdf/item'
|
|
7
7
|
module OpenSCAP
|
8
8
|
module Xccdf
|
9
9
|
class Group < Item
|
10
|
+
def each_child(&)
|
11
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_item_get_content(@raw), as: 'xccdf_item' do |pointer|
|
12
|
+
yield OpenSCAP::Xccdf::Item.build pointer
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def each_value(&)
|
17
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_group_get_values(@raw), as: 'xccdf_value' do |pointer|
|
18
|
+
yield OpenSCAP::Xccdf::Value.new pointer
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def sub_items
|
23
|
+
@sub_items ||= sub_items_init
|
24
|
+
end
|
25
|
+
|
26
|
+
private
|
27
|
+
|
28
|
+
def sub_items_init
|
29
|
+
collect = {}
|
30
|
+
each_child do |item|
|
31
|
+
collect.merge! item.sub_items
|
32
|
+
collect[item.id] = item
|
33
|
+
end
|
34
|
+
collect
|
35
|
+
end
|
10
36
|
end
|
11
37
|
end
|
38
|
+
|
39
|
+
attach_function :xccdf_item_get_content, [:pointer], :pointer
|
40
|
+
attach_function :xccdf_item_iterator_has_more, [:pointer], :bool
|
41
|
+
attach_function :xccdf_item_iterator_next, [:pointer], :pointer
|
42
|
+
attach_function :xccdf_item_iterator_free, [:pointer], :void
|
43
|
+
attach_function :xccdf_group_get_values, [:pointer], :pointer
|
12
44
|
end
|
data/lib/openscap/xccdf/item.rb
CHANGED
@@ -2,13 +2,15 @@
|
|
2
2
|
|
3
3
|
require 'openscap/exceptions'
|
4
4
|
require 'openscap/text'
|
5
|
+
require 'openscap/xccdf/item_common'
|
5
6
|
require 'openscap/xccdf/group'
|
6
7
|
require 'openscap/xccdf/rule'
|
7
|
-
require 'openscap/xccdf/reference'
|
8
8
|
|
9
9
|
module OpenSCAP
|
10
10
|
module Xccdf
|
11
11
|
class Item
|
12
|
+
include ItemCommon # reflects OpenSCAP's struct xccdf_item (thus operates with Benchmark, Profile, Group, Rule, and Value)
|
13
|
+
|
12
14
|
def self.build(t)
|
13
15
|
raise OpenSCAP::OpenSCAPError, "Cannot initialize #{self.class.name} with #{t}" \
|
14
16
|
unless t.is_a?(FFI::Pointer)
|
@@ -25,80 +27,36 @@ module OpenSCAP
|
|
25
27
|
end
|
26
28
|
|
27
29
|
def initialize(t)
|
28
|
-
|
29
|
-
raise OpenSCAP::OpenSCAPError, "Cannot initialize #{self.class.name} abstract base class."
|
30
|
-
end
|
30
|
+
raise OpenSCAP::OpenSCAPError, "Cannot initialize #{self.class.name} abstract base class." if instance_of?(OpenSCAP::Xccdf::Item)
|
31
31
|
|
32
32
|
@raw = t
|
33
33
|
end
|
34
34
|
|
35
|
-
def
|
36
|
-
OpenSCAP.
|
37
|
-
end
|
38
|
-
|
39
|
-
def title(prefered_lang = nil)
|
40
|
-
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_title(@raw))
|
41
|
-
title = textlist.plaintext(prefered_lang)
|
42
|
-
textlist.destroy
|
43
|
-
title
|
35
|
+
def rationale(prefered_lang = nil, markup: false)
|
36
|
+
TextList.extract(OpenSCAP.xccdf_item_get_rationale(@raw), lang: prefered_lang, markup:)
|
44
37
|
end
|
45
38
|
|
46
|
-
def
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_rationale(@raw))
|
55
|
-
rationale = textlist.plaintext(prefered_lang)
|
56
|
-
textlist.destroy
|
57
|
-
rationale
|
58
|
-
end
|
59
|
-
|
60
|
-
def references
|
61
|
-
refs = []
|
62
|
-
refs_it = OpenSCAP.xccdf_item_get_references(@raw)
|
63
|
-
while OpenSCAP.oscap_reference_iterator_has_more refs_it
|
64
|
-
ref = OpenSCAP::Xccdf::Reference.new(OpenSCAP.oscap_reference_iterator_next(refs_it))
|
65
|
-
refs << ref
|
39
|
+
def warnings
|
40
|
+
@warnings ||= [].tap do |warns|
|
41
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_item_get_warnings(@raw), as: 'xccdf_warning' do |pointer|
|
42
|
+
warns << {
|
43
|
+
category: OpenSCAP.xccdf_warning_get_category(pointer),
|
44
|
+
text: Text.new(OpenSCAP.xccdf_warning_get_text(pointer))
|
45
|
+
}
|
46
|
+
end
|
66
47
|
end
|
67
|
-
OpenSCAP.oscap_reference_iterator_free refs_it
|
68
|
-
refs
|
69
48
|
end
|
70
49
|
|
71
|
-
def sub_items
|
72
|
-
@sub_items ||= sub_items_init
|
73
|
-
end
|
50
|
+
def sub_items = {}
|
74
51
|
|
75
52
|
def destroy
|
76
53
|
OpenSCAP.xccdf_item_free @raw
|
77
54
|
@raw = nil
|
78
55
|
end
|
79
|
-
|
80
|
-
private
|
81
|
-
|
82
|
-
def sub_items_init
|
83
|
-
collect = {}
|
84
|
-
items_it = OpenSCAP.xccdf_item_get_content @raw
|
85
|
-
while OpenSCAP.xccdf_item_iterator_has_more items_it
|
86
|
-
item_p = OpenSCAP.xccdf_item_iterator_next items_it
|
87
|
-
item = OpenSCAP::Xccdf::Item.build item_p
|
88
|
-
collect.merge! item.sub_items
|
89
|
-
collect[item.id] = item
|
90
|
-
end
|
91
|
-
OpenSCAP.xccdf_item_iterator_free items_it
|
92
|
-
collect
|
93
|
-
end
|
94
56
|
end
|
95
57
|
end
|
96
58
|
|
97
|
-
attach_function :xccdf_item_get_id, [:pointer], :string
|
98
|
-
attach_function :xccdf_item_get_content, [:pointer], :pointer
|
99
59
|
attach_function :xccdf_item_free, [:pointer], :void
|
100
|
-
attach_function :xccdf_item_get_title, [:pointer], :pointer
|
101
|
-
attach_function :xccdf_item_get_description, [:pointer], :pointer
|
102
60
|
attach_function :xccdf_item_get_rationale, [:pointer], :pointer
|
103
61
|
|
104
62
|
XccdfItemType = enum(:benchmark, 0x0100,
|
@@ -109,11 +67,25 @@ module OpenSCAP
|
|
109
67
|
:value, 0x4000)
|
110
68
|
attach_function :xccdf_item_get_type, [:pointer], XccdfItemType
|
111
69
|
|
112
|
-
|
113
|
-
|
114
|
-
|
70
|
+
enum :xccdf_warning_category_t, [
|
71
|
+
:not_specified, # empty value
|
72
|
+
:general, # General-purpose warning
|
73
|
+
:functionality, # Warning about possible impacts to functionality
|
74
|
+
:performance, # Warning about changes to target system performance
|
75
|
+
:hardware, # Warning about hardware restrictions or possible impacts to hardware
|
76
|
+
:legal, # Warning about legal implications
|
77
|
+
:regulatory, # Warning about regulatory obligations
|
78
|
+
:management, # Warning about impacts to the mgmt or administration of the target system
|
79
|
+
:audit, # Warning about impacts to audit or logging
|
80
|
+
:dependency # Warning about dependencies between this Rule and other parts of the target system
|
81
|
+
]
|
82
|
+
attach_function :xccdf_item_get_warnings, [:pointer], :pointer
|
83
|
+
attach_function :xccdf_warning_iterator_has_more, [:pointer], :bool
|
84
|
+
attach_function :xccdf_warning_iterator_next, [:pointer], :pointer
|
85
|
+
attach_function :xccdf_warning_iterator_free, [:pointer], :void
|
86
|
+
attach_function :xccdf_warning_get_category, [:pointer], :xccdf_warning_category_t
|
87
|
+
attach_function :xccdf_warning_get_text, [:pointer], :pointer
|
115
88
|
|
116
|
-
attach_function :xccdf_item_get_references, [:pointer], :pointer
|
117
89
|
attach_function :oscap_reference_iterator_has_more, [:pointer], :bool
|
118
90
|
attach_function :oscap_reference_iterator_next, [:pointer], :pointer
|
119
91
|
attach_function :oscap_reference_iterator_free, [:pointer], :void
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'openscap/text'
|
4
|
+
require 'openscap/xccdf/reference'
|
5
|
+
|
6
|
+
module OpenSCAP
|
7
|
+
module Xccdf
|
8
|
+
module ItemCommon
|
9
|
+
def id
|
10
|
+
OpenSCAP.xccdf_item_get_id @raw
|
11
|
+
end
|
12
|
+
|
13
|
+
def version
|
14
|
+
OpenSCAP.xccdf_item_get_version @raw
|
15
|
+
end
|
16
|
+
|
17
|
+
def title lang: nil
|
18
|
+
TextList.extract OpenSCAP.xccdf_item_get_title(@raw), lang:, markup: false
|
19
|
+
end
|
20
|
+
|
21
|
+
def description prefered_lang: nil, markup: true
|
22
|
+
TextList.extract(OpenSCAP.xccdf_item_get_description(@raw), lang: prefered_lang, markup:)
|
23
|
+
end
|
24
|
+
|
25
|
+
def references
|
26
|
+
refs = []
|
27
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_item_get_references(@raw), as: 'oscap_reference' do |pointer|
|
28
|
+
refs << OpenSCAP::Xccdf::Reference.new(pointer)
|
29
|
+
end
|
30
|
+
refs
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
attach_function :xccdf_item_get_id, [:pointer], :string
|
36
|
+
attach_function :xccdf_item_get_title, [:pointer], :pointer
|
37
|
+
attach_function :xccdf_item_get_description, [:pointer], :pointer
|
38
|
+
attach_function :xccdf_item_get_references, [:pointer], :pointer
|
39
|
+
attach_function :xccdf_item_get_version, [:pointer], :string
|
40
|
+
end
|
@@ -21,8 +21,18 @@ module OpenSCAP
|
|
21
21
|
def id
|
22
22
|
OpenSCAP.xccdf_policy_get_id raw
|
23
23
|
end
|
24
|
+
|
25
|
+
def profile
|
26
|
+
Profile.new OpenSCAP.xccdf_policy_get_profile @raw
|
27
|
+
end
|
28
|
+
|
29
|
+
def selects_item?(item_idref)
|
30
|
+
OpenSCAP.xccdf_policy_is_item_selected @raw, item_idref
|
31
|
+
end
|
24
32
|
end
|
25
33
|
end
|
26
34
|
|
27
35
|
attach_function :xccdf_policy_get_id, [:pointer], :string
|
36
|
+
attach_function :xccdf_policy_get_profile, [:pointer], :pointer
|
37
|
+
attach_function :xccdf_policy_is_item_selected, %i[pointer string], :bool
|
28
38
|
end
|
@@ -18,6 +18,12 @@ module OpenSCAP
|
|
18
18
|
"Cannot initialize OpenSCAP::Xccdf::PolicyModel with '#{b}'"
|
19
19
|
end
|
20
20
|
OpenSCAP.raise! if @raw.null?
|
21
|
+
|
22
|
+
begin
|
23
|
+
yield self
|
24
|
+
ensure
|
25
|
+
destroy
|
26
|
+
end if block_given?
|
21
27
|
end
|
22
28
|
|
23
29
|
def policies
|
@@ -29,18 +35,21 @@ module OpenSCAP
|
|
29
35
|
@raw = nil
|
30
36
|
end
|
31
37
|
|
38
|
+
def each_policy(&)
|
39
|
+
OpenSCAP.raise! unless OpenSCAP.xccdf_policy_model_build_all_useful_policies(raw).zero?
|
40
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_policy_model_get_policies(@raw),
|
41
|
+
as: 'xccdf_policy' do |pointer|
|
42
|
+
yield OpenSCAP::Xccdf::Policy.new pointer
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
32
46
|
private
|
33
47
|
|
34
48
|
def policies_init
|
35
49
|
policies = {}
|
36
|
-
|
37
|
-
polit = OpenSCAP.xccdf_policy_model_get_policies raw
|
38
|
-
while OpenSCAP.xccdf_policy_iterator_has_more polit
|
39
|
-
policy_p = OpenSCAP.xccdf_policy_iterator_next polit
|
40
|
-
policy = OpenSCAP::Xccdf::Policy.new policy_p
|
50
|
+
each_policy do |policy|
|
41
51
|
policies[policy.id] = policy
|
42
52
|
end
|
43
|
-
OpenSCAP.xccdf_policy_iterator_free polit
|
44
53
|
policies
|
45
54
|
end
|
46
55
|
end
|