openscap_parser 0.1.0 → 1.0.2

data/lib/openscap_parser/version.rb

@@ -1,3 +1,3 @@
 module OpenscapParser
-  VERSION = "0.1.0"
+  VERSION = "1.0.2"
 end

data/lib/openscap_parser/xml_file.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'nokogiri'
+require 'openscap_parser/xml_node'
+
+module OpenscapParser
+  class XmlFile < XmlNode
+
+    def initialize(raw_xml)
+      parsed_xml(raw_xml)
+    end
+  end
+end

data/lib/openscap_parser/xml_node.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'nokogiri'
+
+module OpenscapParser
+  # Represents a generic Xml node with parsed_xml
+  class XmlNode
+    attr_reader :namespaces
+
+    def initialize(parsed_xml: nil)
+      @parsed_xml = parsed_xml
+    end
+
+    def parsed_xml(report_contents = '')
+      return @parsed_xml if @parsed_xml
+      @parsed_xml = ::Nokogiri::XML.parse(
+        report_contents, nil, nil, Nokogiri::XML::ParseOptions.new.norecover)
+      @namespaces = @parsed_xml.namespaces.clone
+      @parsed_xml.remove_namespaces!
+    end
+
+    def text
+      @parsed_xml.text
+    end
+
+    def xpath_node(xpath)
+      parsed_xml && parsed_xml.at_xpath(xpath)
+    end
+    alias :at_xpath :xpath_node
+
+    def xpath_nodes(xpath)
+      parsed_xml && parsed_xml.xpath(xpath) || []
+    end
+    alias :xpath :xpath_nodes
+  end
+end

data/lib/oval/definition.rb

@@ -0,0 +1,47 @@
+require "openscap_parser/xml_node"
+require "oval/reference"
+
+module Oval
+  class Definition < ::OpenscapParser::XmlNode
+    def id
+      @id ||= @parsed_xml['id']
+    end
+
+    def version
+      @version ||= @parsed_xml['version']
+    end
+
+    def klass
+      @klass ||= @parsed_xml['class']
+    end
+
+    def title
+      xml = @parsed_xml.at_xpath("./metadata/title")
+      @title ||= xml && xml.text
+    end
+
+    def description
+      xml = @parsed_xml.at_xpath("./metadata/description")
+      @description ||= xml && xml.text
+    end
+
+    def reference_nodes
+      @reference_nodes ||= @parsed_xml.xpath("./metadata/reference")
+    end
+
+    def references
+      @references ||= reference_nodes.map { |node| Reference.new parsed_xml: node }
+    end
+
+    def to_h
+      {
+        :id => id,
+        :version => version,
+        :klass => klass,
+        :title => title,
+        :description => description,
+        :references => references.map(&:to_h)
+      }
+    end
+  end
+end

data/lib/oval/definition_result.rb

@@ -0,0 +1,17 @@
+require 'openscap_parser/xml_node'
+
+module Oval
+  class DefinitionResult < ::OpenscapParser::XmlNode
+    def definition_id
+      @definition_id ||= @parsed_xml['definition_id']
+    end
+
+    def result
+      @result ||= @parsed_xml['result']
+    end
+
+    def to_h
+      { :id => definition_id, :result => result }
+    end
+  end
+end

data/lib/oval/reference.rb

@@ -0,0 +1,21 @@
+require "openscap_parser/xml_node"
+
+module Oval
+  class Reference < ::OpenscapParser::XmlNode
+    def source
+      @source ||= @parsed_xml['source']
+    end
+
+    def ref_id
+      @ref_id ||= @parsed_xml['ref_id']
+    end
+
+    def ref_url
+      @ref_url ||= @parsed_xml['ref_url']
+    end
+
+    def to_h
+      { :source => source, :ref_id => ref_id, :ref_url => ref_url }
+    end
+  end
+end

data/lib/railtie.rb

@@ -0,0 +1,15 @@
+# lib/railtie.rb
+require 'openscap_parser'
+
+if defined?(Rails)
+  module OpenscapParser
+    class Railtie < Rails::Railtie
+      railtie_name :openscap_parser
+
+      rake_tasks do
+        path = File.expand_path(__dir__)
+        Dir.glob("#{path}/tasks/**/*.rake").each { |f| load f }
+      end
+    end
+  end
+end

data/lib/ssg.rb

@@ -0,0 +1,5 @@
+require 'ssg/downloader'
+require 'ssg/unarchiver'
+
+module Ssg
+end

data/lib/ssg/downloader.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'net/http'
+
+module Ssg
+  # Downloads SCAP datastreams from the SCAP Security Guide
+  # https://github.com/ComplianceAsCode/content
+  class Downloader
+    RELEASES_API = 'https://api.github.com/repos'\
+                             '/ComplianceAsCode/content/releases/'
+    SSG_DS_REGEX = /scap-security-guide-(\d+\.)+zip$/
+
+    def initialize(version = 'latest')
+      @release_uri = URI(
+        "#{RELEASES_API}#{'tags/' unless version[/^latest$/]}#{version}"
+      )
+    end
+
+    def self.download!(versions = [])
+      versions.uniq.map do |version|
+        [version, new(version).fetch_datastream_file]
+      end.to_h
+    end
+
+    def fetch_datastream_file
+      puts "Fetching #{datastream_filename}"
+      get_chunked(datastream_uri)
+
+      datastream_filename
+    end
+
+    private
+
+    def datastream_uri
+      @datastream_uri ||= URI(
+        download_urls.find { |url| url[SSG_DS_REGEX] }
+      )
+    end
+
+    def download_urls
+      get_json(@release_uri).dig('assets').map do |asset|
+        asset.dig('browser_download_url')
+      end
+    end
+
+    def fetch(request, &block)
+      Net::HTTP.start(
+        request.uri.host, request.uri.port,
+        use_ssl: request.uri.scheme['https']
+      ) do |http|
+        check_response(http.request(request, &block), &block)
+      end
+    end
+
+    def get(uri, &block)
+      fetch(Net::HTTP::Get.new(uri), &block)
+    end
+
+    def head(uri, &block)
+      fetch(Net::HTTP::Head.new(uri), &block)
+    end
+
+    def check_response(response, &block)
+      case response
+      when Net::HTTPSuccess
+        response
+      when Net::HTTPRedirection
+        get(URI(response['location']), &block)
+      else
+        response.value
+      end
+    end
+
+    def get_chunked(uri, filename: datastream_filename)
+      head(uri) do |response|
+        next unless Net::HTTPSuccess === response
+        open(filename, 'wb') do |file|
+          response.read_body do |chunk|
+            file.write(chunk)
+          end
+        end
+      end
+    end
+
+    def datastream_filename
+      datastream_uri.path.split('/').last[SSG_DS_REGEX]
+    end
+
+    def get_json(uri)
+      JSON.parse(get(uri).body)
+    end
+  end
+end

data/lib/ssg/unarchiver.rb

@@ -0,0 +1,34 @@
+module Ssg
+  class Unarchiver
+    UNZIP_CMD = ['unzip', '-o']
+
+    def initialize(ds_zip_filename, datastreams)
+      @ds_zip_filename = ds_zip_filename
+      @datastreams = datastreams
+    end
+
+    def self.unarchive!(ds_zip_filenames, datastreams)
+      ds_zip_filenames.map do |version, ds_zip_filename|
+        new(ds_zip_filename, [datastreams[version]].flatten).datastream_files
+      end
+    end
+
+    def datastream_files
+      datastream_filenames if system(
+        *UNZIP_CMD, @ds_zip_filename, *datastream_filenames
+      )
+    end
+
+    private
+
+    def datastream_filenames
+      @datastreams.map do |datastream|
+        "#{datastream_dir}/ssg-#{datastream}-ds.xml"
+      end
+    end
+
+    def datastream_dir
+      @ds_zip_filename.split('.')[0...-1].join('.')
+    end
+  end
+end

data/lib/tasks/ssg.rake

@@ -0,0 +1,33 @@
+desc 'Import or update SCAP datastreams from the SCAP Security Guide'
+namespace :ssg do
+  desc 'Import or update SCAP datastreams for RHEL 6, 7, and 8'
+  task :sync_rhel do |task|
+    RHEL_SSG_VERSIONS = (
+      'v0.1.28:rhel6,'\
+      'v0.1.43:rhel7,'\
+      'v0.1.42:rhel8'
+    )
+
+    ENV['DATASTREAMS'] = RHEL_SSG_VERSIONS
+    Rake::Task['ssg:sync'].invoke
+  end
+
+  desc 'Import or update SCAP datastreams, '\
+    'provided as a comma separated list: '\
+    '`rake ssg:sync DATASTREAMS=v0.1.43:rhel7,latest:fedora`'
+  task :sync do |task|
+    DATASTREAMS = ENV.fetch('DATASTREAMS', '').split(',')
+      .inject({}) do |datastreams, arg|
+      version, datastream = arg.split(':')
+      datastreams[version] = (datastreams[version] || []).push(datastream)
+
+      datastreams
+    end
+
+    require 'ssg'
+
+    ds_zip_filenames = Ssg::Downloader.download!(DATASTREAMS.keys)
+    DATASTREAM_FILENAMES = Ssg::Unarchiver.
+      unarchive!(ds_zip_filenames, DATASTREAMS)
+  end
+end

data/openscap_parser.gemspec

@@ -4,15 +4,15 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "openscap_parser/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = "openscap_parser"
+  spec.name          = 'openscap_parser'
   spec.version       = OpenscapParser::VERSION
-  spec.authors       = ["Daniel Lobato Garcia"]
-  spec.email         = ["me@daniellobato.me"]
+  spec.authors       = ['Daniel Lobato Garcia', 'Andrew Kofink']
+  spec.email         = ['me@daniellobato.me', 'ajkofink@gmail.com']
 
-  spec.summary       = %q{Parse OpenSCAP reports}
- # spec.description   = %q{TODO: Write a longer description or delete this line.}
-  # spec.homepage      = "TODO: Put your gem's website or public repo URL here."
-  spec.license       = "MIT"
+  spec.summary       = %q{Parse OpenSCAP content}
+  spec.description   = %q{This gem is a Ruby interface into SCAP content. It can parse SCAP datastream files (i.e. ssg-rhel7-ds.xml), scan result files output by oscap eval, and tailoring files.}
+  spec.homepage      = 'https://github.com/OpenSCAP/openscap_parser'
+  spec.license       = 'MIT'
 
   # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
   # to allow pushing to a single host or delete this section to allow pushing to any host.
@@ -32,13 +32,16 @@ Gem::Specification.new do |spec|
   spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency 'nokogiri'
+  spec.add_dependency "nokogiri", "~> 1.6"
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "minitest", "~> 5.0"
+  spec.add_development_dependency "mocha", "~> 1.0"
   spec.add_development_dependency "shoulda-context"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "pry-byebug"
 end

metadata

@@ -1,29 +1,30 @@
 --- !ruby/object:Gem::Specification
 name: openscap_parser
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.2
 platform: ruby
 authors:
 - Daniel Lobato Garcia
+- Andrew Kofink
 autorequire: 
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2019-06-05 00:00:00.000000000 Z
+date: 2020-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -66,6 +67,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: shoulda-context
   requirement: !ruby/object:Gem::Requirement
@@ -80,16 +95,50 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a Ruby interface into SCAP content. It can parse SCAP datastream
+  files (i.e. ssg-rhel7-ds.xml), scan result files output by oscap eval, and tailoring
+  files.
 email:
 - me@daniellobato.me
-executables: []
+- ajkofink@gmail.com
+executables:
+- console
+- setup
 extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
+- Dockerfile
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -97,14 +146,46 @@ files:
 - bin/console
 - bin/setup
 - lib/openscap_parser.rb
+- lib/openscap_parser/benchmark.rb
+- lib/openscap_parser/benchmarks.rb
+- lib/openscap_parser/datastream_file.rb
+- lib/openscap_parser/fix.rb
+- lib/openscap_parser/fixes.rb
+- lib/openscap_parser/oval_report.rb
+- lib/openscap_parser/profile.rb
 - lib/openscap_parser/profiles.rb
 - lib/openscap_parser/rule.rb
+- lib/openscap_parser/rule_identifier.rb
+- lib/openscap_parser/rule_reference.rb
+- lib/openscap_parser/rule_references.rb
 - lib/openscap_parser/rule_result.rb
+- lib/openscap_parser/rule_results.rb
 - lib/openscap_parser/rules.rb
+- lib/openscap_parser/selectors.rb
+- lib/openscap_parser/set_value.rb
+- lib/openscap_parser/set_values.rb
+- lib/openscap_parser/sub.rb
+- lib/openscap_parser/subs.rb
+- lib/openscap_parser/tailoring.rb
+- lib/openscap_parser/tailoring_file.rb
+- lib/openscap_parser/tailorings.rb
+- lib/openscap_parser/test_result.rb
+- lib/openscap_parser/test_result_file.rb
+- lib/openscap_parser/test_results.rb
+- lib/openscap_parser/util.rb
 - lib/openscap_parser/version.rb
-- lib/openscap_parser/xml_report.rb
+- lib/openscap_parser/xml_file.rb
+- lib/openscap_parser/xml_node.rb
+- lib/oval/definition.rb
+- lib/oval/definition_result.rb
+- lib/oval/reference.rb
+- lib/railtie.rb
+- lib/ssg.rb
+- lib/ssg/downloader.rb
+- lib/ssg/unarchiver.rb
+- lib/tasks/ssg.rake
 - openscap_parser.gemspec
-homepage: 
+homepage: https://github.com/OpenSCAP/openscap_parser
 licenses:
 - MIT
 metadata: {}
@@ -123,9 +204,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
-summary: Parse OpenSCAP reports
+summary: Parse OpenSCAP content
 test_files: []