openscap_parser 0.1.0 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b79fdf725d0cb7a4bb9157c03871095ae0a53b1813c45c6a11cb8ceebb91ec24
-  data.tar.gz: cb31f6050f240a34d760a0c3c51eb80b38d420f2a574de61ed1d321c47a61833
+  metadata.gz: 65cd8f383c3d40c907ecab37235ac6c50eeddced32dc9173b7b4b8e7526c869a
+  data.tar.gz: a1150af6f99b020a31f174b83a1b405b1375dd0e37300ced57daa633988a8be1
 SHA512:
-  metadata.gz: cb2cfcec90e8207806b14a8d63b5f5dc294fcdde4676858019cc95d06fdcfb0e2c51690ec4a826641a3336ee58aa1cbce2dd1a4f248464c0369175687db3ebfa
-  data.tar.gz: 6c516e467e086ad79633392393234be4f3b9d0c4265222e91daf0d9f9bb6f41e3efd5adf68930b1dbb2694fc79577bc61d4cbb52bdc67085c87c68393ac25f4a
+  metadata.gz: 696960d718a5eefbd435af227822ce48144c07be20df1a85ec2a93c1328bba7d8f92e823b57feafe38f479a3c3b0a3f26d365595cf247cf13de3f2160b11ccda
+  data.tar.gz: a40766e4211f052ad1ab60c1e41dbb2bb70ab26ee221aeaa5eca664287a86b5cd1cf199f1fe47a3be23372b5723c11cf394c68db13203333abf3e0639dd1f841

data/.gitignore

@@ -6,3 +6,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+Gemfile.lock

data/Dockerfile

@@ -0,0 +1,15 @@
+# docker build . -t openscap_parser # build the container image
+# docker run -itv $PWD:/app:z openscap_parser rake # run tests
+# docker run -itv $PWD:/app:z openscap_parser pry --gem # console
+
+FROM ruby:2.5
+
+RUN gem update bundler
+
+WORKDIR /app
+
+COPY . ./
+
+RUN bundle -j4
+
+CMD bash

data/README.md

@@ -2,8 +2,6 @@
 
 Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/openscap_parser`. To experiment with that code, run `bin/console` for an interactive prompt.
 
-TODO: Delete this and the text above, and describe your gem
-
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -24,16 +22,30 @@ Or install it yourself as:
 
 ARF/XCCDF report goes IN - Ruby hash goes OUT
 
-{
-	profile
-	host
-	score
-	start_time
-	end_time
-	rule_result
+```rb
+parser = OpenscapParser::Base.new(File.read('rhel7-xccdf_org.ssgproject.content_profile_standard.xml'))
+parser.host # "rhel7-insights-client.virbr0.akofink-laptop"
+parser.start_time # <DateTime: 2019-08-08T17:25:50+00:00 ((2458704j,62750s,0n),+0s,2299161j)>
+parser.end_time # <DateTime: 2019-08-08T17:26:45+00:00 ((2458704j,62805s,0n),+0s,2299161j)>
+parser.score # 80.833328
+parser.profiles # {"xccdf_org.ssgproject.content_profile_standard"=>"Standard System Security Profile for Red Hat Enterprise Linux 7"}
+parser.rules # [#<OpenscapParser::Rule:0x00005576e752db7 ... >, ...]
+parser.rule_results # [#<OpenscapParser::RuleResult:0x00005576e8022f60 @id="xccdf_org.ssgproject.content_rule_package_rsh_removed", @result="notselected">, ...]
+
+# and more!
+```
+
+### Fetching SCAP Security Guide Content
 
-}
+This gem includes a rake task to sync content from the [ComplianceAsCode project](https://github.com/ComplianceAsCode/content). The following examples show how to download and exract datastream files from the released versions:
+
+```sh
+rake ssg:sync DATASTREAMS=latest:fedora # fetch and extract the latest fedora datastream
+rake ssg:sync DATASTREAMS=v0.1.45:fedora,v0.1.45:firefox # fetch and extract tag v0.1.45 for fedora and firefox datastreams
+rake ssg:sync_rhel # fetch and extract the latest released versions of the RHEL 6, 7, and 8 datastreams
+```
 
+An SSG version will be downloaded only once, even if it is specified multiple times for multiple datastreams.
 
 ## Development
 
@@ -41,6 +53,16 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
 
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
+### With Docker
+
+A Dockerfile is provided to allow a containerized development environment:
+
+```
+docker build . -t openscap_parser # build the container image
+docker run -itv $PWD:/app:z openscap_parser rake # run tests
+docker run -itv $PWD:/app:z openscap_parser pry --gem # console
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/elobato/openscap_parser. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/Rakefile

@@ -1,6 +1,8 @@
 require "bundler/gem_tasks"
 require "rake/testtask"
 
+import "./lib/tasks/ssg.rake"
+
 Rake::TestTask.new(:test) do |t|
   t.libs << "test"
   t.libs << "lib"

data/lib/openscap_parser.rb

@@ -1,44 +1,23 @@
 # frozen_string_literal: true
+
+require 'openscap_parser/version'
+require 'openscap_parser/util'
+require 'openscap_parser/benchmarks'
+require 'openscap_parser/test_results'
 require 'openscap_parser/profiles'
-require 'openscap_parser/rule'
-require 'openscap_parser/rule_result'
 require 'openscap_parser/rules'
-require 'openscap_parser/version'
-require 'openscap_parser/xml_report'
+require 'openscap_parser/rule_results'
+require 'openscap_parser/tailorings'
+
+require 'openscap_parser/xml_file'
+require 'openscap_parser/datastream_file'
+require 'openscap_parser/test_result_file'
+require 'openscap_parser/tailoring_file'
+require 'openscap_parser/oval_report'
 
 require 'date'
+require 'railtie' if defined?(Rails)
 
 module OpenscapParser
   class Error < StandardError; end
-
-  class Base
-    include OpenscapParser::XMLReport
-    include OpenscapParser::Profiles
-    include OpenscapParser::Rules
-
-    def initialize(report)
-      report_xml(report)
-    end
-
-    def score
-      test_result_node.search('score').text.to_f
-    end
-
-    def start_time
-      @start_time ||= DateTime.parse(test_result_node['start-time'])
-    end
-
-    def end_time
-      @end_time ||= DateTime.parse(test_result_node['end-time'])
-    end
-
-    def rule_results
-      @rule_results ||= test_result_node.search('rule-result').map do |rr|
-	rule_result_oscap = RuleResult.new
-	rule_result_oscap.id = rr.attributes['idref'].value
-	rule_result_oscap.result = rr.search('result').first.text
-	rule_result_oscap
-      end
-    end
-  end
 end

data/lib/openscap_parser/benchmark.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/util'
+require 'openscap_parser/xml_file'
+require 'openscap_parser/rules'
+require 'openscap_parser/profiles'
+require 'openscap_parser/rule_references'
+
+# Mimics openscap-ruby Benchmark interface
+module OpenscapParser
+  class Benchmark < XmlNode
+    include OpenscapParser::Util
+    include OpenscapParser::Rules
+    include OpenscapParser::RuleReferences
+    include OpenscapParser::Profiles
+
+    def id
+      @id ||= @parsed_xml['id']
+    end
+
+    def title
+      @title ||= @parsed_xml.xpath('title') &&
+        @parsed_xml.xpath('title').text
+    end
+
+    def description
+      @description ||= newline_to_whitespace(
+        @parsed_xml.xpath('description') &&
+          @parsed_xml.xpath('description').text || ''
+      )
+    end
+
+    def version
+      @version ||= @parsed_xml.xpath('version') &&
+        @parsed_xml.xpath('version').text
+    end
+  end
+end

data/lib/openscap_parser/benchmarks.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/benchmark'
+
+module OpenscapParser
+  # Methods related to saving profiles and finding which hosts
+  # they belong to
+  module Benchmarks
+    def self.included(base)
+      base.class_eval do
+        def benchmark
+          @benchmark ||= OpenscapParser::Benchmark.new(parsed_xml: benchmark_node)
+        end
+
+        def benchmark_node(xpath = ".//Benchmark")
+          xpath_node(xpath)
+        end
+      end
+    end
+  end
+end

data/lib/openscap_parser/datastream_file.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+require 'openscap_parser/xml_file'
+require 'openscap_parser/benchmarks'
+
+module OpenscapParser
+  # A class to represent a datastream (-ds.xml) XmlFile
+  class DatastreamFile < XmlFile
+    include OpenscapParser::Benchmarks
+
+    def valid?
+      return true if @parsed_xml.root.name == 'data-stream-collection' && namespaces.keys.include?('xmlns:ds')
+      false
+    end
+  end
+end

data/lib/openscap_parser/fix.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+require 'openscap_parser/xml_node'
+require 'openscap_parser/subs'
+
+module OpenscapParser
+  class Fix < XmlNode
+    include OpenscapParser::Subs
+
+    def id
+      @id ||= @parsed_xml['id']
+    end
+
+    def system
+      @system ||= @parsed_xml['system']
+    end
+
+    def complexity
+      @complexity ||= @parsed_xml['complexity']
+    end
+
+    def disruption
+      @disruption ||= @parsed_xml['disruption']
+    end
+
+    def strategy
+      @strategy ||= @parsed_xml['strategy']
+    end
+
+    def full_text(set_values)
+      full_text_lines(set_values).join('')
+    end
+
+    def full_text_lines(set_values)
+      map_child_nodes(set_values).map do |text_node|
+        text_node.respond_to?(:text) ? text_node.text : ''
+      end
+    end
+
+    def map_child_nodes(set_values = [])
+      map_sub_nodes @parsed_xml.children, set_values
+    end
+
+    def to_h
+      {
+        :id => id,
+        :system => system,
+        :complexity => complexity,
+        :disruption => disruption,
+        :strategy => strategy,
+        :text => text,
+        :subs => subs.map(&:to_h)
+      }
+    end
+  end
+end

data/lib/openscap_parser/fixes.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/fix'
+
+module OpenscapParser
+  module Fixes
+    def self.included(base)
+      base.class_eval do
+        def fixes
+          @fixes ||= fix_nodes.map do |fix_node|
+            OpenscapParser::Fix.new(parsed_xml: fix_node)
+          end
+        end
+
+        def fix_nodes(xpath = ".//fix")
+          xpath_nodes(xpath)
+        end
+      end
+    end
+  end
+end

data/lib/openscap_parser/oval_report.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+require 'openscap_parser/xml_file'
+require 'oval/definition_result'
+require 'oval/definition'
+
+module OpenscapParser
+  class OvalReport < XmlFile
+    def definition_results
+      @definition_results ||= definition_result_nodes.map { |node| ::Oval::DefinitionResult.new parsed_xml: node }
+    end
+
+    def definition_result_nodes(xpath = "./oval_results/results/system/definitions/definition")
+      xpath_nodes(xpath)
+    end
+
+    def definitions
+      @definitions ||= definition_nodes.map { |node| Oval::Definition.new parsed_xml: node }
+    end
+
+    def definition_nodes(xpath = "./oval_results/oval_definitions/definitions/definition")
+      xpath_nodes(xpath)
+    end
+  end
+end

data/lib/openscap_parser/profile.rb

@@ -0,0 +1,31 @@
+module OpenscapParser
+  class Profile < XmlNode
+    def id
+      @id ||= @parsed_xml['id']
+    end
+
+    def extends_profile_id
+      @extends ||= @parsed_xml['extends']
+    end
+
+    def title
+      @title ||= @parsed_xml.at_css('title') &&
+        @parsed_xml.at_css('title').text
+    end
+    alias :name :title
+
+    def description
+      @description ||= @parsed_xml.at_css('description') &&
+        @parsed_xml.at_css('description').text
+    end
+
+    def selected_rule_ids
+      @selected_rule_ids ||= @parsed_xml.xpath("select[@selected='true']/@idref") &&
+        @parsed_xml.xpath("select[@selected='true']/@idref").map(&:text)
+    end
+
+    def to_h
+      { :id => id, :title => title, :description => description }
+    end
+  end
+end

data/lib/openscap_parser/profiles.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'openscap_parser/profile'
+
 module OpenscapParser
   # Methods related to saving profiles and finding which hosts
   # they belong to
@@ -7,20 +9,13 @@ module OpenscapParser
     def self.included(base)
       base.class_eval do
         def profiles
-          @profiles ||= {
-            profile_node['id'] => profile_node.at_css('title').text
-          }
-        end
-
-        private
-
-        def profile_node
-          @report_xml.at_xpath(".//xmlns:Profile\
-                             [contains('#{test_result_node['id']}', @id)]")
+          @profiles ||= profile_nodes.map do |profile_node|
+            OpenscapParser::Profile.new(parsed_xml: profile_node)
+          end
         end
 
-        def test_result_node
-          @test_result_node ||= @report_xml.at_css('TestResult')
+        def profile_nodes(xpath = ".//Profile")
+          xpath_nodes(xpath)
         end
       end
     end

data/lib/openscap_parser/rule.rb

@@ -1,31 +1,72 @@
 # frozen_string_literal: true
 
+require 'openscap_parser/rule_identifier'
+require 'openscap_parser/rule_references'
+require 'openscap_parser/fixes'
+require 'openscap_parser/xml_file'
+
 # Mimics openscap-ruby Rule interface
 module OpenscapParser
-  class Rule
-    def initialize(rule_xml: nil)
-      @rule_xml = rule_xml
-    end
+  class Rule < XmlNode
+    include OpenscapParser::Util
+    include OpenscapParser::RuleReferences
+    include OpenscapParser::Fixes
 
     def id
-      @id ||= @rule_xml['id']
+      @id ||= parsed_xml['id']
+    end
+
+    def selected
+      @selected ||= parsed_xml['selected']
     end
 
     def severity
-      @severity ||= @rule_xml['severity']
+      @severity ||= parsed_xml['severity']
     end
 
     def title
-      @title ||= @rule_xml.at_css('title').children.first.text
+      @title ||= parsed_xml.at_css('title') &&
+        parsed_xml.at_css('title').text
     end
 
     def description
-      @description ||= @rule_xml.at_css('description').text.delete("\n")
+      @description ||= newline_to_whitespace(
+        parsed_xml.at_css('description') &&
+          parsed_xml.at_css('description').text || ''
+      )
     end
 
     def rationale
-      @rationale ||= @rule_xml.at_css('rationale').children.text.delete("\n")
+      @rationale ||= newline_to_whitespace(
+        parsed_xml.at_css('rationale') &&
+          parsed_xml.at_css('rationale').text || ''
+      )
+    end
+
+    alias :rule_reference_nodes_old :rule_reference_nodes
+    def rule_reference_nodes(xpath = "reference")
+      rule_reference_nodes_old(xpath)
+    end
+
+    def rule_identifier
+      @identifier ||= RuleIdentifier.new(parsed_xml: identifier_node)
+    end
+    alias :identifier :rule_identifier
+
+    def identifier_node
+      @identifier_node ||= parsed_xml.at_xpath('ident')
+    end
+
+    def to_h
+      {
+        :id => id,
+        :selected => selected,
+        :severity => severity,
+        :title => title,
+        :description => description,
+        :rationale => rationale,
+        :identifier => rule_identifier.to_h
+      }
     end
   end
 end
-