openscap_parser 0.1.2 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 04a15bff1610dd289e619dfe869fa31f0af4309acac276aae1f5c10b15197238
-  data.tar.gz: 0706ef0b61d96b7d3dfa73ed7f6696caaa18bbeb6a4d81eb922ef8ca75b5f4f7
+  metadata.gz: 5bbc310b2adc402a398f0b9e8524199a91c06e0b74c2f2757a9fdae292c645c5
+  data.tar.gz: 1d8314602c86e916aff3b19b09d88a858892635beaee738bd79177bf38434abb
 SHA512:
-  metadata.gz: 2b066da57a23d5da4c235b97ce59c560f2c132e2275750e3861f7951905b5b56911388380aa81ff73ffe0e01c6b69b82821fa23a36738ed085548116a748b12b
-  data.tar.gz: 66aa26a5e7a4bf1cd89392304eb1d0cb77d4716384dd4a920684534ab4f3a5d360a0941419add841e003d724810acc08f07542ce01825a902cd2902cc5d1917d
+  metadata.gz: f2d316e18f0d82b9597b24b306dbae8615a044648102c085170005d1eaa9737263c11ec6a3c4e8af4e355cc59a9e57f78f560fe46f11c0e2cabfd134220153d7
+  data.tar.gz: 59f11993820161a4ece0d23df623ea3412cfb90d1895a5dd7a11fd1fa519e8eb3afbd0812c9a4a78ba1d254c74bcb58578f849ec773ace989ca91b07cffa4fab

data/Dockerfile

@@ -0,0 +1,15 @@
+# docker build . -t openscap_parser # build the container image
+# docker run -itv $PWD:/app:z openscap_parser rake # run tests
+# docker run -itv $PWD:/app:z openscap_parser pry --gem # console
+
+FROM ruby:2.5
+
+RUN gem update bundler
+
+WORKDIR /app
+
+COPY . ./
+
+RUN bundle -j4
+
+CMD bash

data/README.md

@@ -2,8 +2,6 @@
 
 Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/openscap_parser`. To experiment with that code, run `bin/console` for an interactive prompt.
 
-TODO: Delete this and the text above, and describe your gem
-
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -24,16 +22,30 @@ Or install it yourself as:
 
 ARF/XCCDF report goes IN - Ruby hash goes OUT
 
-{
-	profile
-	host
-	score
-	start_time
-	end_time
-	rule_result
+```rb
+parser = OpenscapParser::Base.new(File.read('rhel7-xccdf_org.ssgproject.content_profile_standard.xml'))
+parser.host # "rhel7-insights-client.virbr0.akofink-laptop"
+parser.start_time # <DateTime: 2019-08-08T17:25:50+00:00 ((2458704j,62750s,0n),+0s,2299161j)>
+parser.end_time # <DateTime: 2019-08-08T17:26:45+00:00 ((2458704j,62805s,0n),+0s,2299161j)>
+parser.score # 80.833328
+parser.profiles # {"xccdf_org.ssgproject.content_profile_standard"=>"Standard System Security Profile for Red Hat Enterprise Linux 7"}
+parser.rules # [#<OpenscapParser::Rule:0x00005576e752db7 ... >, ...]
+parser.rule_results # [#<OpenscapParser::RuleResult:0x00005576e8022f60 @id="xccdf_org.ssgproject.content_rule_package_rsh_removed", @result="notselected">, ...]
+
+# and more!
+```
+
+### Fetching SCAP Security Guide Content
 
-}
+This gem includes a rake task to sync content from the [ComplianceAsCode project](https://github.com/ComplianceAsCode/content). The following examples show how to download and exract datastream files from the released versions:
+
+```sh
+rake ssg:sync DATASTREAMS=latest:fedora # fetch and extract the latest fedora datastream
+rake ssg:sync DATASTREAMS=v0.1.45:fedora,v0.1.45:firefox # fetch and extract tag v0.1.45 for fedora and firefox datastreams
+rake ssg:sync_rhel # fetch and extract the latest released versions of the RHEL 6, 7, and 8 datastreams
+```
 
+An SSG version will be downloaded only once, even if it is specified multiple times for multiple datastreams.
 
 ## Development
 
@@ -41,6 +53,16 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
 
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
+### With Docker
+
+A Dockerfile is provided to allow a containerized development environment:
+
+```
+docker build . -t openscap_parser # build the container image
+docker run -itv $PWD:/app:z openscap_parser rake # run tests
+docker run -itv $PWD:/app:z openscap_parser pry --gem # console
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/elobato/openscap_parser. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/Rakefile

@@ -1,6 +1,8 @@
 require "bundler/gem_tasks"
 require "rake/testtask"
 
+import "./lib/tasks/ssg.rake"
+
 Rake::TestTask.new(:test) do |t|
   t.libs << "test"
   t.libs << "lib"

data/lib/openscap_parser/benchmark.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/util'
+require 'openscap_parser/xml_file'
+require 'openscap_parser/rules'
+require 'openscap_parser/profiles'
+require 'openscap_parser/rule_references'
+
+# Mimics openscap-ruby Benchmark interface
+module OpenscapParser
+  class Benchmark < XmlNode
+    include OpenscapParser::Util
+    include OpenscapParser::Rules
+    include OpenscapParser::RuleReferences
+    include OpenscapParser::Profiles
+
+    def id
+      @id ||= @parsed_xml['id']
+    end
+
+    def title
+      @title ||= @parsed_xml.xpath('title') &&
+        @parsed_xml.xpath('title').text
+    end
+
+    def description
+      @description ||= newline_to_whitespace(
+        @parsed_xml.xpath('description') &&
+          @parsed_xml.xpath('description').text || ''
+      )
+    end
+
+    def version
+      @version ||= @parsed_xml.xpath('version') &&
+        @parsed_xml.xpath('version').text
+    end
+  end
+end

data/lib/openscap_parser/benchmarks.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/benchmark'
+
+module OpenscapParser
+  # Methods related to saving profiles and finding which hosts
+  # they belong to
+  module Benchmarks
+    def self.included(base)
+      base.class_eval do
+        def benchmark
+          @benchmark ||= OpenscapParser::Benchmark.new(parsed_xml: benchmark_node)
+        end
+
+        def benchmark_node(xpath = ".//Benchmark")
+          xpath_node(xpath)
+        end
+      end
+    end
+  end
+end

data/lib/openscap_parser/datastream_file.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+require 'openscap_parser/xml_file'
+require 'openscap_parser/benchmarks'
+
+module OpenscapParser
+  # A class to represent a datastream (-ds.xml) XmlFile
+  class DatastreamFile < XmlFile
+    include OpenscapParser::Benchmarks
+
+    def valid?
+      return true if @parsed_xml.root.name == 'data-stream-collection' && namespaces.keys.include?('xmlns:ds')
+      false
+    end
+  end
+end

data/lib/openscap_parser/profile.rb

@@ -1,6 +1,35 @@
 module OpenscapParser
-  class Profile
-    attr_acessor :id, :title, :description
+  class Profile < XmlNode
+    def id
+      @id ||= @parsed_xml['id']
+    end
+
+    def extends_profile_id
+      @extends ||= @parsed_xml['extends']
+    end
+
+    def title
+      @title ||= @parsed_xml.at_css('title') &&
+        @parsed_xml.at_css('title').text
+    end
+    alias :name :title
+
+    def description
+      @description ||= @parsed_xml.at_css('description') &&
+        @parsed_xml.at_css('description').text
+    end
+
+    def selected_rule_ids
+      @selected_rule_ids ||= @parsed_xml.xpath("select[@selected='true']/@idref") &&
+        @parsed_xml.xpath("select[@selected='true']/@idref").map(&:text)
+    end
+
+    def set_values
+      @set_values ||= @parsed_xml.xpath("set-value") &&
+        @parsed_xml.xpath("set-value").map do |set_value|
+        [set_value['idref'], set_value.text]
+      end.to_h
+    end
 
     def to_h
       { :id => id, :title => title, :description => description }

data/lib/openscap_parser/profiles.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'openscap_parser/profile'
+
 module OpenscapParser
   # Methods related to saving profiles and finding which hosts
   # they belong to
@@ -7,20 +9,13 @@ module OpenscapParser
     def self.included(base)
       base.class_eval do
         def profiles
-          @profiles ||= {
-            profile_node['id'] => profile_node.at_css('title').text
-          }
-        end
-
-        private
-
-        def profile_node
-          @report_xml.at_xpath(".//Profile\
-                             [contains('#{test_result_node['id']}', @id)]")
+          @profiles ||= profile_nodes.map do |profile_node|
+            OpenscapParser::Profile.new(parsed_xml: profile_node)
+          end
         end
 
-        def test_result_node
-          @test_result_node ||= @report_xml.at_css('TestResult')
+        def profile_nodes(xpath = ".//Profile")
+          xpath_nodes(xpath)
         end
       end
     end

data/lib/openscap_parser/rule.rb

@@ -1,44 +1,58 @@
 # frozen_string_literal: true
 
+require 'openscap_parser/rule_identifier'
+require 'openscap_parser/rule_references'
+require 'openscap_parser/xml_file'
+
 # Mimics openscap-ruby Rule interface
 module OpenscapParser
-  class Rule
-    def initialize(rule_xml: nil)
-      @rule_xml = rule_xml
-    end
+  class Rule < XmlNode
+    include OpenscapParser::Util
+    include OpenscapParser::RuleReferences
 
     def id
-      @id ||= @rule_xml['id']
+      @id ||= parsed_xml['id']
+    end
+
+    def selected
+      @selected ||= parsed_xml['selected']
     end
 
     def severity
-      @severity ||= @rule_xml['severity']
+      @severity ||= parsed_xml['severity']
     end
 
     def title
-      @title ||= @rule_xml.at_css('title').children.first.text
+      @title ||= parsed_xml.at_css('title') &&
+        parsed_xml.at_css('title').text
     end
 
     def description
-      @description ||= @rule_xml.at_css('description').text.delete("\n")
+      @description ||= newline_to_whitespace(
+        parsed_xml.at_css('description') &&
+          parsed_xml.at_css('description').text || ''
+      )
     end
 
     def rationale
-      @rationale ||= @rule_xml.at_css('rationale').children.text.delete("\n")
+      @rationale ||= newline_to_whitespace(
+        parsed_xml.at_css('rationale') &&
+          parsed_xml.at_css('rationale').text || ''
+      )
     end
 
-    def references
-      @references ||= @rule_xml.css('reference').map do |node|
-        { href: node['href'], label: node.text }
-      end
+    alias :rule_reference_nodes_old :rule_reference_nodes
+    def rule_reference_nodes(xpath = "reference")
+      rule_reference_nodes_old(xpath)
     end
 
-    def identifier
-      @identifier ||= {
-        label: @rule_xml.at_css('ident')&.text,
-        system: (ident = @rule_xml.at_css('ident')) && ident['system']
-      }
+    def rule_identifier
+      @identifier ||= RuleIdentifier.new(parsed_xml: identifier_node)
+    end
+    alias :identifier :rule_identifier
+
+    def identifier_node
+      @identifier_node ||= parsed_xml.at_xpath('ident')
     end
   end
 end
-

data/lib/openscap_parser/rule_identifier.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# RuleIdentifier interface as an object
+module OpenscapParser
+  class RuleIdentifier < XmlNode
+    def label
+      @label ||= @parsed_xml && @parsed_xml.text
+    end
+
+    def system
+      @system ||= @parsed_xml && @parsed_xml['system']
+    end
+  end
+end

data/lib/openscap_parser/rule_reference.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# RuleReference interface as an object
+module OpenscapParser
+  class RuleReference < XmlNode
+    def href
+      @href ||= @parsed_xml && @parsed_xml['href']
+    end
+
+    def label
+      @label ||= @parsed_xml && @parsed_xml.text
+    end
+  end
+end

data/lib/openscap_parser/rule_references.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/xml_file'
+require 'openscap_parser/rule_reference'
+
+module OpenscapParser
+  # Methods related to finding and saving rule references
+  module RuleReferences
+    def self.included(base)
+      base.class_eval do
+        def rule_reference_strings
+          @rule_reference_strings ||= rule_references.map do |rr|
+            "#{rr.label}#{rr.href}"
+          end
+        end
+
+        def rule_references
+          @rule_references ||= rule_reference_nodes.map do |node|
+            OpenscapParser::RuleReference.new(parsed_xml: node)
+          end.uniq do |reference|
+            [reference.label, reference.href]
+          end
+        end
+        alias :references :rule_references
+
+        def rule_reference_nodes(xpath = ".//Rule/reference")
+          xpath_nodes(xpath)
+        end
+      end
+    end
+  end
+end

data/lib/openscap_parser/rule_result.rb

@@ -1,8 +1,27 @@
 # frozen_string_literal: true
 
 module OpenscapParser
-  class RuleResult
-    attr_accessor :id, :result
+  class RuleResult < XmlNode
+    def id
+      @id ||= parsed_xml['idref']
+    end
+
+    def time
+      @time ||= parsed_xml['time']
+    end
+
+    def severity
+      @severity ||= parsed_xml['severity']
+    end
+
+    def weight
+      @weight ||= parsed_xml['weight']
+    end
+
+    def result
+      @result ||= parsed_xml.at_xpath('result') &&
+        parsed_xml.at_xpath('result').text || ''
+    end
   end
 end
 

data/lib/openscap_parser/rule_results.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/rule_result'
+
+module OpenscapParser
+  module RuleResults
+    def self.included(base)
+      base.class_eval do
+        def rule_result_nodes
+          @rule_result_nodes ||= parsed_xml.xpath('rule-result')
+        end
+
+        def rule_results
+          rule_result_nodes.map do |node|
+            RuleResult.new(parsed_xml: node)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/openscap_parser/rules.rb

@@ -1,21 +1,22 @@
 # frozen_string_literal: true
 
+require 'openscap_parser/rule'
+
 module OpenscapParser
   # Methods related to parsing rules
   module Rules
     def self.included(base)
       base.class_eval do
-        def rule_ids
-          test_result_node.xpath('.//rule-result/@idref').map(&:value)
-        end
-
         def rule_objects
-          return @rule_objects unless @rule_objects.nil?
-
-          @rule_objects ||= @report_xml.search('Rule').map do |rule|
-            Rule.new(rule_xml: rule)
+          @rule_objects ||= rule_nodes.map do |rule_node|
+            Rule.new(parsed_xml: rule_node)
           end
         end
+        alias :rules :rule_objects
+
+        def rule_nodes(xpath = ".//Rule")
+          xpath_nodes(xpath)
+        end
       end
     end
   end

data/lib/openscap_parser/tailoring.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+# Mimics openscap-ruby Rule interface
+module OpenscapParser
+  class Tailoring < XmlNode
+    include OpenscapParser::Profiles
+
+    def id
+      @id ||= @parsed_xml['id']
+    end
+
+    def benchmark
+      @benchmark ||= @parsed_xml.at_xpath('benchmark/@href') &&
+        @parsed_xml.at_xpath('benchmark/@href').text
+    end
+
+    def version
+      @version ||= @parsed_xml.at_xpath('version') &&
+        @parsed_xml.at_xpath('version').text
+    end
+
+    def version_time
+      @version_time ||= @parsed_xml.at_xpath('version/@time') &&
+        @parsed_xml.at_xpath('version/@time').text
+    end
+  end
+end

data/lib/openscap_parser/tailoring_file.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module OpenscapParser
+  # A class to represent a tailoring XmlFile
+  class TailoringFile < XmlFile
+    include OpenscapParser::Tailorings
+
+    def valid?
+      return true if @parsed_xml.root.name == 'Tailoring' && namespaces.keys.include?('xmlns:xccdf')
+      false
+    end
+  end
+end

data/lib/openscap_parser/tailorings.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/tailoring'
+
+module OpenscapParser
+  # Methods related to parsing Xccdf Tailoring types
+  module Tailorings
+    def self.included(base)
+      base.class_eval do
+        def tailoring
+          @tailoring ||= OpenscapParser::Tailoring.new(
+            parsed_xml: tailoring_node
+          )
+        end
+
+        def tailoring_node(xpath = ".//Tailoring")
+          xpath_node(xpath)
+        end
+      end
+    end
+  end
+end

data/lib/openscap_parser/test_result.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/rule_results'
+
+module OpenscapParser
+  class TestResult < XmlNode
+    include OpenscapParser::RuleResults
+
+    def target
+      @target ||= parsed_xml.at_xpath('target') &&
+        parsed_xml.at_xpath('target').text || ''
+    end
+    alias :host :target
+
+    def target_fact_nodes
+      @target_fact_nodes ||= parsed_xml.xpath('target-facts/fact')
+    end
+
+    def platform_nodes
+      @platform_nodes ||= parsed_xml.xpath('platform')
+    end
+
+    def title
+      @title ||= parsed_xml.at_xpath('title') &&
+        parsed_xml.at_xpath('title').text || ''
+    end
+
+    def identity
+      @identity ||= parsed_xml.at_xpath('identity') &&
+        parsed_xml.at_xpath('identity').text || ''
+    end
+
+    def profile_id
+      @profile_id ||= parsed_xml.at_xpath('profile') &&
+        parsed_xml.at_xpath('profile')['idref'] || ''
+    end
+
+    def benchmark_id
+      @benchmark_id ||= parsed_xml.at_xpath('benchmark') &&
+        parsed_xml.at_xpath('benchmark')['id'] || ''
+    end
+
+    def set_value_nodes
+      @set_value_nodes ||= parsed_xml.xpath('set-value')
+    end
+
+    def score
+      @score ||= parsed_xml.at_xpath('score') &&
+        parsed_xml.at_xpath('score').text.to_f
+    end
+
+    def start_time
+      @start_time ||= DateTime.parse(parsed_xml['start-time'])
+    end
+
+    def end_time
+      @end_time ||= DateTime.parse(parsed_xml['end-time'])
+    end
+  end
+end

data/lib/openscap_parser/test_result_file.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module OpenscapParser
+  # A class to represent an XmlFile which contains a <TestResult /> Xccdf type
+  class TestResultFile < XmlFile
+    include ::OpenscapParser::Benchmarks
+    include ::OpenscapParser::TestResults
+  end
+end

data/lib/openscap_parser/test_results.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/test_result'
+
+module OpenscapParser
+  module TestResults
+    def self.included(base)
+      base.class_eval do
+        def test_result
+          TestResult.new(parsed_xml: test_result_node)
+        end
+
+        def test_result_node
+          @test_result_node ||= xpath_node('.//TestResult')
+        end
+      end
+    end
+  end
+end

data/lib/openscap_parser/util.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Utility functions for OpenscapParser
+module OpenscapParser
+  module Util
+    def newline_to_whitespace(string)
+      string.gsub(/ *\n+/, " ").strip
+    end
+  end
+end

data/lib/openscap_parser/version.rb

@@ -1,3 +1,3 @@
 module OpenscapParser
-  VERSION = "0.1.2"
+  VERSION = "1.0.0"
 end

data/lib/openscap_parser/xml_file.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
+
 require 'nokogiri'
+require 'openscap_parser/xml_node'
 
 module OpenscapParser
-  module XmlFile
-    def report_xml(report_contents = '')
-      @report_xml ||= ::Nokogiri::XML.parse(report_contents)
-      @report_xml.remove_namespaces!
+  class XmlFile < XmlNode
+
+    def initialize(raw_xml)
+      parsed_xml(raw_xml)
     end
   end
 end

data/lib/openscap_parser/xml_node.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'nokogiri'
+
+module OpenscapParser
+  # Represents a generic Xml node with parsed_xml
+  class XmlNode
+    attr_reader :namespaces
+
+    def initialize(parsed_xml: nil)
+      @parsed_xml = parsed_xml
+    end
+
+    def parsed_xml(report_contents = '')
+      return @parsed_xml if @parsed_xml
+      @parsed_xml = ::Nokogiri::XML.parse(
+        report_contents, nil, nil, Nokogiri::XML::ParseOptions.new.norecover)
+      @namespaces = @parsed_xml.namespaces.clone
+      @parsed_xml.remove_namespaces!
+    end
+
+    def xpath_node(xpath)
+      parsed_xml && parsed_xml.at_xpath(xpath)
+    end
+    alias :at_xpath :xpath_node
+
+    def xpath_nodes(xpath)
+      parsed_xml && parsed_xml.xpath(xpath) || []
+    end
+    alias :xpath :xpath_nodes
+  end
+end

data/lib/openscap_parser.rb

@@ -1,45 +1,22 @@
 # frozen_string_literal: true
+
+require 'openscap_parser/version'
+require 'openscap_parser/util'
+require 'openscap_parser/benchmarks'
+require 'openscap_parser/test_results'
 require 'openscap_parser/profiles'
-require 'openscap_parser/rule'
-require 'openscap_parser/rule_result'
 require 'openscap_parser/rules'
-require 'openscap_parser/version'
-require 'openscap_parser/xml_report'
-require 'openscap_parser/ds'
+require 'openscap_parser/rule_results'
+require 'openscap_parser/tailorings'
+
+require 'openscap_parser/xml_file'
+require 'openscap_parser/datastream_file'
+require 'openscap_parser/test_result_file'
+require 'openscap_parser/tailoring_file'
 
 require 'date'
+require 'railtie' if defined?(Rails)
 
 module OpenscapParser
   class Error < StandardError; end
-
-  class Base
-    include OpenscapParser::XMLReport
-    include OpenscapParser::Profiles
-    include OpenscapParser::Rules
-
-    def initialize(report)
-      report_xml(report)
-    end
-
-    def score
-      test_result_node.search('score').text.to_f
-    end
-
-    def start_time
-      @start_time ||= DateTime.parse(test_result_node['start-time'])
-    end
-
-    def end_time
-      @end_time ||= DateTime.parse(test_result_node['end-time'])
-    end
-
-    def rule_results
-      @rule_results ||= test_result_node.search('rule-result').map do |rr|
-	rule_result_oscap = RuleResult.new
-	rule_result_oscap.id = rr.attributes['idref'].value
-	rule_result_oscap.result = rr.search('result').first.text
-	rule_result_oscap
-      end
-    end
-  end
 end

data/lib/railtie.rb

@@ -0,0 +1,15 @@
+# lib/railtie.rb
+require 'openscap_parser'
+
+if defined?(Rails)
+  module OpenscapParser
+    class Railtie < Rails::Railtie
+      railtie_name :openscap_parser
+
+      rake_tasks do
+        path = File.expand_path(__dir__)
+        Dir.glob("#{path}/tasks/**/*.rake").each { |f| load f }
+      end
+    end
+  end
+end

data/lib/ssg/downloader.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'net/http'
+
+module Ssg
+  # Downloads SCAP datastreams from the SCAP Security Guide
+  # https://github.com/ComplianceAsCode/content
+  class Downloader
+    RELEASES_API = 'https://api.github.com/repos'\
+                             '/ComplianceAsCode/content/releases/'
+    SSG_DS_REGEX = /scap-security-guide-(\d+\.)+zip$/
+
+    def initialize(version = 'latest')
+      @release_uri = URI(
+        "#{RELEASES_API}#{'tags/' unless version[/^latest$/]}#{version}"
+      )
+    end
+
+    def self.download!(versions = [])
+      versions.uniq.map do |version|
+        [version, new(version).fetch_datastream_file]
+      end.to_h
+    end
+
+    def fetch_datastream_file
+      puts "Fetching #{datastream_filename}"
+      get_chunked(datastream_uri)
+
+      datastream_filename
+    end
+
+    private
+
+    def datastream_uri
+      @datastream_uri ||= URI(
+        download_urls.find { |url| url[SSG_DS_REGEX] }
+      )
+    end
+
+    def download_urls
+      get_json(@release_uri).dig('assets').map do |asset|
+        asset.dig('browser_download_url')
+      end
+    end
+
+    def fetch(request, &block)
+      Net::HTTP.start(
+        request.uri.host, request.uri.port,
+        use_ssl: request.uri.scheme['https']
+      ) do |http|
+        check_response(http.request(request, &block), &block)
+      end
+    end
+
+    def get(uri, &block)
+      fetch(Net::HTTP::Get.new(uri), &block)
+    end
+
+    def head(uri, &block)
+      fetch(Net::HTTP::Head.new(uri), &block)
+    end
+
+    def check_response(response, &block)
+      case response
+      when Net::HTTPSuccess
+        response
+      when Net::HTTPRedirection
+        get(URI(response['location']), &block)
+      else
+        response.value
+      end
+    end
+
+    def get_chunked(uri, filename: datastream_filename)
+      head(uri) do |response|
+        next unless Net::HTTPSuccess === response
+        open(filename, 'wb') do |file|
+          response.read_body do |chunk|
+            file.write(chunk)
+          end
+        end
+      end
+    end
+
+    def datastream_filename
+      datastream_uri.path.split('/').last[SSG_DS_REGEX]
+    end
+
+    def get_json(uri)
+      JSON.parse(get(uri).body)
+    end
+  end
+end

data/lib/ssg/unarchiver.rb

@@ -0,0 +1,34 @@
+module Ssg
+  class Unarchiver
+    UNZIP_CMD = ['unzip', '-o']
+
+    def initialize(ds_zip_filename, datastreams)
+      @ds_zip_filename = ds_zip_filename
+      @datastreams = datastreams
+    end
+
+    def self.unarchive!(ds_zip_filenames, datastreams)
+      ds_zip_filenames.map do |version, ds_zip_filename|
+        new(ds_zip_filename, [datastreams[version]].flatten).datastream_files
+      end
+    end
+
+    def datastream_files
+      datastream_filenames if system(
+        *UNZIP_CMD, @ds_zip_filename, *datastream_filenames
+      )
+    end
+
+    private
+
+    def datastream_filenames
+      @datastreams.map do |datastream|
+        "#{datastream_dir}/ssg-#{datastream}-ds.xml"
+      end
+    end
+
+    def datastream_dir
+      @ds_zip_filename.split('.')[0...-1].join('.')
+    end
+  end
+end

data/lib/ssg.rb

@@ -0,0 +1,5 @@
+require 'ssg/downloader'
+require 'ssg/unarchiver'
+
+module Ssg
+end

data/lib/tasks/ssg.rake

@@ -0,0 +1,33 @@
+desc 'Import or update SCAP datastreams from the SCAP Security Guide'
+namespace :ssg do
+  desc 'Import or update SCAP datastreams for RHEL 6, 7, and 8'
+  task :sync_rhel do |task|
+    RHEL_SSG_VERSIONS = (
+      'v0.1.28:rhel6,'\
+      'v0.1.43:rhel7,'\
+      'v0.1.42:rhel8'
+    )
+
+    ENV['DATASTREAMS'] = RHEL_SSG_VERSIONS
+    Rake::Task['ssg:sync'].invoke
+  end
+
+  desc 'Import or update SCAP datastreams, '\
+    'provided as a comma separated list: '\
+    '`rake ssg:sync DATASTREAMS=v0.1.43:rhel7,latest:fedora`'
+  task :sync do |task|
+    DATASTREAMS = ENV.fetch('DATASTREAMS', '').split(',')
+      .inject({}) do |datastreams, arg|
+      version, datastream = arg.split(':')
+      datastreams[version] = (datastreams[version] || []).push(datastream)
+
+      datastreams
+    end
+
+    require 'ssg'
+
+    ds_zip_filenames = Ssg::Downloader.download!(DATASTREAMS.keys)
+    DATASTREAM_FILENAMES = Ssg::Unarchiver.
+      unarchive!(ds_zip_filenames, DATASTREAMS)
+  end
+end

data/openscap_parser.gemspec

@@ -4,15 +4,15 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "openscap_parser/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = "openscap_parser"
+  spec.name          = 'openscap_parser'
   spec.version       = OpenscapParser::VERSION
-  spec.authors       = ["Daniel Lobato Garcia"]
-  spec.email         = ["me@daniellobato.me"]
+  spec.authors       = ['Daniel Lobato Garcia', 'Andrew Kofink']
+  spec.email         = ['me@daniellobato.me', 'ajkofink@gmail.com']
 
-  spec.summary       = %q{Parse OpenSCAP reports}
- # spec.description   = %q{TODO: Write a longer description or delete this line.}
-  # spec.homepage      = "TODO: Put your gem's website or public repo URL here."
-  spec.license       = "MIT"
+  spec.summary       = %q{Parse OpenSCAP content}
+  spec.description   = %q{This gem is a Ruby interface into SCAP content. It can parse SCAP datastream files (i.e. ssg-rhel7-ds.xml), scan result files output by oscap eval, and tailoring files.}
+  spec.homepage      = 'https://github.com/dLobatog/openscap_parser'
+  spec.license       = 'MIT'
 
   # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
   # to allow pushing to a single host or delete this section to allow pushing to any host.
@@ -32,13 +32,16 @@ Gem::Specification.new do |spec|
   spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency 'nokogiri'
+  spec.add_dependency "nokogiri", "~> 1.6"
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "minitest", "~> 5.0"
+  spec.add_development_dependency "mocha", "~> 1.0"
   spec.add_development_dependency "shoulda-context"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "pry-byebug"
 end

metadata

@@ -1,29 +1,30 @@
 --- !ruby/object:Gem::Specification
 name: openscap_parser
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 1.0.0
 platform: ruby
 authors:
 - Daniel Lobato Garcia
+- Andrew Kofink
 autorequire: 
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2019-06-12 00:00:00.000000000 Z
+date: 2019-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -66,6 +67,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: shoulda-context
   requirement: !ruby/object:Gem::Requirement
@@ -80,16 +95,50 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a Ruby interface into SCAP content. It can parse SCAP datastream
+  files (i.e. ssg-rhel7-ds.xml), scan result files output by oscap eval, and tailoring
+  files.
 email:
 - me@daniellobato.me
-executables: []
+- ajkofink@gmail.com
+executables:
+- console
+- setup
 extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
+- Dockerfile
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -97,17 +146,35 @@ files:
 - bin/console
 - bin/setup
 - lib/openscap_parser.rb
-- lib/openscap_parser/ds.rb
+- lib/openscap_parser/benchmark.rb
+- lib/openscap_parser/benchmarks.rb
+- lib/openscap_parser/datastream_file.rb
 - lib/openscap_parser/profile.rb
 - lib/openscap_parser/profiles.rb
 - lib/openscap_parser/rule.rb
+- lib/openscap_parser/rule_identifier.rb
+- lib/openscap_parser/rule_reference.rb
+- lib/openscap_parser/rule_references.rb
 - lib/openscap_parser/rule_result.rb
+- lib/openscap_parser/rule_results.rb
 - lib/openscap_parser/rules.rb
+- lib/openscap_parser/tailoring.rb
+- lib/openscap_parser/tailoring_file.rb
+- lib/openscap_parser/tailorings.rb
+- lib/openscap_parser/test_result.rb
+- lib/openscap_parser/test_result_file.rb
+- lib/openscap_parser/test_results.rb
+- lib/openscap_parser/util.rb
 - lib/openscap_parser/version.rb
 - lib/openscap_parser/xml_file.rb
-- lib/openscap_parser/xml_report.rb
+- lib/openscap_parser/xml_node.rb
+- lib/railtie.rb
+- lib/ssg.rb
+- lib/ssg/downloader.rb
+- lib/ssg/unarchiver.rb
+- lib/tasks/ssg.rake
 - openscap_parser.gemspec
-homepage: 
+homepage: https://github.com/dLobatog/openscap_parser
 licenses:
 - MIT
 metadata: {}
@@ -126,9 +193,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
-summary: Parse OpenSCAP reports
+summary: Parse OpenSCAP content
 test_files: []

data/lib/openscap_parser/ds.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-require 'openscap_parser/xml_file'
-
-module OpenscapParser
-  class Ds
-    include OpenscapParser::XmlFile
-
-    def initialize(report)
-      report_xml report
-    end
-
-    def profiles
-      @profiles ||= profile_nodes
-    end
-
-    private
-
-    def profile_nodes
-      @report_xml.xpath(".//Profile").map do |node|
-        id = node.attribute('id')&.value
-        title = node.at_xpath('./title')&.text
-        description = node.at_xpath('./description')&.text
-        { :id => id, :title => title, :description => description }
-      end
-    end
-  end
-end

data/lib/openscap_parser/xml_report.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-require 'nokogiri'
-require 'openscap_parser/xml_file'
-
-module OpenscapParser
-  # Methods related with parsing directly the XML from the Report
-  # as opposed to using the OpenSCAP APIs
-  module XMLReport
-    def self.included(base)
-      base.class_eval do
-        include OpenscapParser::XmlFile
-
-        def host
-          @report_xml.search('target').text
-        end
-
-        def description
-          @report_xml.search('description').first.text
-        end
-      end
-    end
-  end
-end