scaptimony 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +16 -6
  3. data/Rakefile +1 -1
  4. data/app/models/scaptimony/arf_report.rb +51 -55
  5. data/app/models/scaptimony/arf_report_raw.rb +51 -0
  6. data/app/models/scaptimony/asset.rb +29 -0
  7. data/app/models/scaptimony/asset_policy.rb +6 -0
  8. data/app/models/scaptimony/policy.rb +19 -16
  9. data/app/models/scaptimony/scap_content.rb +36 -59
  10. data/app/models/scaptimony/xccdf_result.rb +1 -1
  11. data/app/models/scaptimony/xccdf_rule_result.rb +1 -1
  12. data/db/migrate/20141015115511_add_arf_report_unique_constraint.rb +1 -1
  13. data/db/migrate/20141104164201_create_scaptimony_scap_contents.rb +0 -3
  14. data/db/migrate/20141105174834_add_columns_to_scaptimony_policies.rb +1 -1
  15. data/db/migrate/20141111104519_add_constraint_to_scaptimony_scap_contents.rb +0 -1
  16. data/db/migrate/20141116171305_add_profile_to_scaptimony_policies.rb +1 -1
  17. data/db/migrate/20141206211151_create_scaptimony_assets_policies.rb +9 -0
  18. data/db/migrate/20141214112917_add_scap_file_to_scap_content.rb +5 -0
  19. data/db/migrate/20141216154502_rename_scaptimony_asset_policies.rb +5 -0
  20. data/db/migrate/20150111085317_polymorph_asset.rb +8 -0
  21. data/db/migrate/20150112152944_create_scaptimony_arf_report_raws.rb +10 -0
  22. data/db/migrate/20150114210634_rename_scaptimony_arf_report_raw_raw.rb +5 -0
  23. data/db/migrate/20150115155947_add_scaptimony_scap_content_digest.rb +19 -0
  24. data/db/migrate/20150116083129_add_day_of_month_and_cron_line_to_scaptimony_policy.rb +6 -0
  25. data/db/seeds.rb +9 -9
  26. data/lib/scaptimony.rb +1 -1
  27. data/lib/scaptimony/arf_reports_helper.rb +11 -6
  28. data/lib/scaptimony/engine.rb +0 -4
  29. data/lib/scaptimony/version.rb +1 -1
  30. data/test/dummy/config/application.rb +2 -3
  31. data/test/dummy/config/boot.rb +1 -1
  32. data/test/dummy/config/environments/test.rb +1 -1
  33. data/test/dummy/config/routes.rb +1 -1
  34. data/test/integration/navigation_test.rb +0 -1
  35. data/test/models/scaptimony/arf_report_raw_test.rb +9 -0
  36. data/test/scaptimony_test.rb +1 -1
  37. data/test/test_helper.rb +4 -4
  38. metadata +16 -6
  39. data/test/fixtures/scaptimony/scap_contents.yml +0 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 412955cff2de89a310f911da39fc9cf4d2ac20b3
4
- data.tar.gz: d839f32280880847e102a56c9a939d1e296956fc
3
+ metadata.gz: 1de7b66071d1a5cdc7b8a35b6e771aa9c1afab00
4
+ data.tar.gz: 45ac4cc03c0630a39a5b8f9e1e85e390a3795cf3
5
5
  SHA512:
6
- metadata.gz: 91080cb2eabe76f0038636ed5e0ae8b77374580a4557bd0963c785e222ece1081654856887e669dd59425c5e529d086ac6cd9dc76cd75b37b4c92fde0005561b
7
- data.tar.gz: e1aba9516775e5068e43eed1959be8761e027ec9063a76b3a9c3a6b8de63feed1acf413a9675542522e7d980c80ad85e06bea07a741d90b047b5556ebf23e5e4
6
+ metadata.gz: 40b85faa5dca890f6c0935e823ec40110d3107fb7fde70f20cac95cd9d82e90f8c2635af70d8826b35d7e11658b023a771b71996a9110439b0a85c5f69bf9db2
7
+ data.tar.gz: 101fec51fa7ae58fd6290866b4103a2f573ecb252278c5a24e49ec1946c6c2a632ca3f5cca9c7f316dca5604259e8ef48039554308f9a3f4e82829f40a971fb9
data/README.md CHANGED
@@ -10,20 +10,20 @@ as a stand-alone sealed server.
10
10
  + Provide API for tools to upload collected SCAP results
11
11
  + Define security/compliance policies
12
12
  + Upload SCAP content and assign it with the policy
13
+ + Set-up a periodical schedule of audits for the policy
14
+ + Organization defined targeting (Assign a set of nodes with the policy)
13
15
  + Result post-processing
14
16
  + Search SCAP results
15
17
  + Search for non-compliant systems
18
+ + Search for not audited systems
16
19
  + Rails artefacts to display audit results within your application
17
20
  + Future features:
18
21
  + Define security/compliance policies
19
22
  + Archive distinct versions of the policy
20
- + Set-up a periodical schedule of audits for the policy
21
- + Organization defined targeting (Assign a set of nodes with the policy)
22
23
  + Define known-issues and waivers (Assign waivers with a set of nodes and the policy)
23
24
  + Set-up rules for automated deletion of results
24
25
  + vulnerability assessment (processing OVAL CVE streams)
25
26
  + Result post-processing
26
- + Search for not audited systems
27
27
  * Comparison of audit results
28
28
  + Waive known issues
29
29
  + One time waivers of a report
@@ -32,7 +32,17 @@ as a stand-alone sealed server.
32
32
  + Calculate score before and after waiver (ammount of risk accepted needs to be made available to the authorizing official)
33
33
  + Let us know, if your feature is missing.
34
34
 
35
- ## Installation
35
+ ## Installation from RPMs
36
+
37
+ - Enable [isimluk/OpenSCAP](https://copr.fedoraproject.org/coprs/isimluk/OpenSCAP/) COPR repository
38
+
39
+ - Install SCAPtimony
40
+
41
+ ```
42
+ yum install rubygem-scaptimony ruby193-rubygem-scaptimony
43
+ ```
44
+
45
+ ## Installation from upstream git
36
46
 
37
47
  - Get SCAPtimony sources
38
48
 
@@ -47,7 +57,7 @@ as a stand-alone sealed server.
47
57
  ```
48
58
  $ cd scaptimony
49
59
  $ gem build scaptimony.gemspec
50
- # yum install yum-utils rpm-build scl-utils scl-utils-build ruby193-rubygems-devel
60
+ # yum install yum-utils rpm-build scl-utils scl-utils-build ruby193-rubygems-devel ruby193-build ruby193
51
61
  # yum-builddep extra/rubygem-scaptimony.spec
52
62
  $ rpmbuild --define "_sourcedir `pwd`" --define "scl ruby193" -ba extra/rubygem-scaptimony.spec
53
63
  ```
@@ -55,7 +65,7 @@ as a stand-alone sealed server.
55
65
  - Install SCAPtimony RPM
56
66
 
57
67
  ```
58
- # yum local install ~/rpmbuild/RPMS/noarch/ruby193-rubygem-scaptimony-*.noarch.rpm
68
+ # yum localinstall ~/rpmbuild/RPMS/noarch/ruby193-rubygem-scaptimony-*.noarch.rpm
59
69
  ```
60
70
 
61
71
  ## Usage
data/Rakefile CHANGED
@@ -20,7 +20,7 @@ RDoc::Task.new(:rdoc) do |rdoc|
20
20
  rdoc.rdoc_files.include('lib/**/*.rb')
21
21
  end
22
22
 
23
- APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
23
+ APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
24
24
  load 'rails/tasks/engine.rake'
25
25
 
26
26
 
@@ -1,85 +1,81 @@
1
- require 'fileutils'
2
- require 'openscap'
3
- require 'openscap/ds/arf'
4
- require 'openscap/xccdf/testresult'
5
- require 'openscap/xccdf/ruleresult'
6
- require 'scaptimony/engine'
7
-
8
1
  module Scaptimony
9
2
  class ArfReport < ActiveRecord::Base
10
3
  belongs_to :asset
11
4
  belongs_to :policy
5
+ delegate :assetable, :to => :asset, :as => :assetable
12
6
  has_many :xccdf_rule_results, :dependent => :destroy
7
+ has_one :arf_report_raw, :dependent => :destroy
13
8
  has_one :arf_report_breakdown
14
9
 
15
- before_destroy { |record|
16
- record.delete
17
- }
10
+ scope :breakdown, joins(:arf_report_breakdown)
11
+ scope :comply, breakdown.where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 })
12
+ scope :incomply, breakdown.where('scaptimony_arf_report_breakdowns.failed != 0') # TODO:RAILS-4.0: where.not
13
+ scope :inconclusive, breakdown.where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 })
14
+ scope :latest, joins('INNER JOIN (select asset_id, policy_id, max(id) AS id
15
+ FROM scaptimony_arf_reports
16
+ GROUP BY asset_id, policy_id) latest
17
+ ON scaptimony_arf_reports.id = latest.id')
18
18
 
19
- scoped_search :on => :date, :complete_value => true
19
+ scoped_search :on => :date, :complete_value => true, :default_order => :desc
20
20
  scoped_search :in => :arf_report_breakdown, :on => :passed
21
21
  scoped_search :in => :arf_report_breakdown, :on => :failed
22
22
  scoped_search :in => :arf_report_breakdown, :on => :othered
23
+ scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :compliance_policy
24
+ scoped_search :on => :id, :rename => :last_for, :complete_value => { :host => 0, :policy => 1 },
25
+ :only_explicit => true, :ext_method => :search_by_last_for
26
+ scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :comply_with,
27
+ :only_explicit => true, :operators => ['= '], :ext_method => :search_by_comply_with
28
+ scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :not_comply_with,
29
+ :only_explicit => true, :operators => ['= '], :ext_method => :search_by_not_comply_with
30
+ scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :inconclusive_with,
31
+ :only_explicit => true, :operators => ['= '], :ext_method => :search_by_inconclusive_with
23
32
 
24
33
  def passed; arf_report_breakdown ? arf_report_breakdown.passed : 0; end
25
34
  def failed; arf_report_breakdown ? arf_report_breakdown.failed : 0; end
26
35
  def othered; arf_report_breakdown ? arf_report_breakdown.othered : 0; end
27
36
 
28
- def store!(data)
29
- begin
30
- FileUtils.mkdir_p dir
31
- File.open(path, 'wb') { |f| f.write(data) }
32
- save_dependent_entities
33
- rescue StandardError => e
34
- logger.error "Could not store ARF to '#{path}': #{e.message}"
35
- raise e
37
+ def to_html
38
+ if arf_report_raw.nil?
39
+ fail Error, "Cannot generate HTML report, ArfReport #{id} is missing XML details"
36
40
  end
41
+ arf_report_raw.to_html
37
42
  end
38
43
 
39
- def each
40
- OpenSCAP.oscap_init
41
- arf = OpenSCAP::DS::Arf.new path
42
- yield arf.html
43
- arf.destroy
44
- OpenSCAP.oscap_cleanup
44
+ def self.search_by_comply_with(_key, _operator, policy_name)
45
+ search_by_policy_results policy_name, &:comply
45
46
  end
46
47
 
47
- def delete
48
- File.delete path
49
- begin
50
- Dir.delete dir
51
- rescue StandardError => e
52
- end
48
+ def self.search_by_not_comply_with(_key, _operator, policy_name)
49
+ search_by_policy_results policy_name, &:incomply
53
50
  end
54
51
 
55
- private
56
- def save_dependent_entities
57
- return unless xccdf_rule_results.empty?
58
- begin
59
- OpenSCAP.oscap_init
60
- arf = OpenSCAP::DS::Arf.new path
61
- test_result = arf.test_result
62
- test_result.rr.each {|rr_id, rr|
63
- rule = ::Scaptimony::XccdfRule.where(:xid => rr_id).first_or_create!
64
- xccdf_rule_results.create!(:xccdf_rule_id => rule.id, :xccdf_result_id => XccdfResult.f(rr.result).id)
65
- }
66
- rescue StandardError => e
67
- xccdf_rule_results.destroy_all
68
- raise e
69
- ensure
70
- test_result.destroy unless test_result.nil?
71
- arf.destroy unless arf.nil?
72
- OpenSCAP.oscap_cleanup
73
- end
52
+ def self.search_by_inconclusive_with(_key, _operator, policy_name)
53
+ search_by_policy_results policy_name, &:inconclusive
74
54
  end
75
55
 
76
- def path
77
- "#{dir}/#{digest}.xml.bz2"
56
+ def self.search_by_policy_results(policy_name, &selection)
57
+ cond = sanitize_sql_for_conditions('scaptimony_policies.name' => policy_name)
58
+ { :conditions => Scaptimony::ArfReport.arel_table[:id].in(
59
+ Scaptimony::ArfReport.select(Scaptimony::ArfReport.arel_table[:id])
60
+ .latest.instance_eval(&selection).joins(:policy).where(cond).ast
61
+ ).to_sql
62
+ }
78
63
  end
79
64
 
80
- def dir
81
- # TODO this should be configurable
82
- "#{Scaptimony::Engine.dir}/arf/#{asset.name}/#{policy.name}/#{date}"
65
+ def self.search_by_last_for(key, operator, by)
66
+ by.gsub!(/[^[:alnum:]]/, '')
67
+ case by.downcase
68
+ when 'host'
69
+ { :conditions => 'scaptimony_arf_reports.id IN (
70
+ SELECT MAX(id) FROM scaptimony_arf_reports sub
71
+ WHERE sub.asset_id = scaptimony_arf_reports.asset_id)' }
72
+ when 'policy'
73
+ { :conditions => 'scaptimony_arf_reports.id IN (
74
+ SELECT MAX(id) FROM scaptimony_arf_reports sub
75
+ WHERE sub.policy_id = scaptimony_arf_reports.policy_id)' }
76
+ else
77
+ fail "Cannot search last by #{by}"
78
+ end
83
79
  end
84
80
  end
85
81
  end
@@ -0,0 +1,51 @@
1
+ require 'openscap'
2
+ require 'openscap/ds/arf'
3
+ require 'openscap/xccdf/testresult'
4
+ require 'openscap/xccdf/ruleresult'
5
+
6
+ module Scaptimony
7
+ class ArfReportRaw < ActiveRecord::Base
8
+ set_primary_key :arf_report_id
9
+ belongs_to :arf_report
10
+ after_create :save_dependent_entities
11
+
12
+ def to_html
13
+ arf = build_arf
14
+ html = arf.html
15
+ arf.destroy
16
+ OpenSCAP.oscap_cleanup
17
+ html
18
+ end
19
+
20
+ private
21
+
22
+ def save_dependent_entities
23
+ return if arf_report.xccdf_rule_results.any?
24
+ return if size < 0
25
+ begin
26
+ arf = build_arf
27
+ test_result = arf.test_result
28
+ create_rule_results(test_result)
29
+ rescue StandardError => e
30
+ arf_report.xccdf_rule_results.destroy_all
31
+ raise e
32
+ ensure
33
+ test_result.destroy unless test_result.nil?
34
+ arf.destroy unless arf.nil?
35
+ OpenSCAP.oscap_cleanup
36
+ end
37
+ end
38
+
39
+ def create_rule_results(test_result)
40
+ test_result.rr.each {|rr_id, rr|
41
+ rule = ::Scaptimony::XccdfRule.where(:xid => rr_id).first_or_create!
42
+ arf_report.xccdf_rule_results.create!(:xccdf_rule_id => rule.id, :xccdf_result_id => XccdfResult.f(rr.result).id)
43
+ }
44
+ end
45
+
46
+ def build_arf
47
+ OpenSCAP.oscap_init
48
+ OpenSCAP::DS::Arf.new :content => bzip_data, :path => 'arf.xml.bz2', :length => size
49
+ end
50
+ end
51
+ end
@@ -1,4 +1,33 @@
1
1
  module Scaptimony
2
2
  class Asset < ActiveRecord::Base
3
+ has_many :asset_policies
4
+ has_many :policies, :through => :asset_policies
5
+ has_many :arf_reports, :dependent => :destroy
6
+
7
+ scope :policy_reports, lambda { |policy| includes(:arf_reports).where(:scaptimony_arf_reports => { :policy_id => policy.id }) }
8
+ scope :policy_reports_missing, lambda { |policy|
9
+ where("id NOT IN (select asset_id from scaptimony_arf_reports where policy_id = #{policy.id})")
10
+ }
11
+ scope :comply_with, lambda { |policy|
12
+ last_arf(policy).breakdown.where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 })
13
+ }
14
+ scope :incomply_with, lambda { |policy|
15
+ last_arf(policy).breakdown.where('scaptimony_arf_report_breakdowns.failed != 0') # TODO:RAILS-4.0: rewrite with: where.not()
16
+ }
17
+ scope :inconclusive_with, lambda { |policy|
18
+ last_arf(policy).breakdown.
19
+ where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 }).
20
+ where('scaptimony_arf_report_breakdowns.failed != 0') # TODO:RAILS-4.0: rewrite with: where.not()
21
+ }
22
+ scope :breakdown, joins('INNER JOIN scaptimony_arf_report_breakdowns
23
+ ON scaptimony_arf_reports.id = scaptimony_arf_report_breakdowns.arf_report_id')
24
+ scope :last_arf, lambda { |policy|
25
+ joins("-- this is emo, we need some hipsters to rewrite this using arel
26
+ INNER JOIN (select asset_id, max(id) AS id
27
+ FROM scaptimony_arf_reports
28
+ WHERE policy_id = #{policy.id}
29
+ GROUP BY asset_id) scaptimony_arf_reports
30
+ ON scaptimony_arf_reports.asset_id = scaptimony_assets.id")
31
+ }
3
32
  end
4
33
  end
@@ -0,0 +1,6 @@
1
+ module Scaptimony
2
+ class AssetPolicy < ActiveRecord::Base
3
+ belongs_to :policy
4
+ belongs_to :asset
5
+ end
6
+ end
@@ -3,31 +3,34 @@ require 'openscap/ds/sds'
3
3
 
4
4
  module Scaptimony
5
5
  class Policy < ActiveRecord::Base
6
+ attr_accessible :description, :name, :period, :scap_content_id, :scap_content_profile_id,
7
+ :weekday, :day_of_month, :cron_line
6
8
  belongs_to :scap_content
7
9
  belongs_to :scap_content_profile
8
- has_many :arf_reports, dependent: :destroy
10
+ has_many :arf_reports, :dependent => :destroy
11
+ has_many :asset_policies
12
+ has_many :assets, :through => :asset_policies
9
13
 
10
14
  validates :name, :presence => true
11
- end
12
15
 
13
- class GuideGenerator
14
- def initialize(p)
15
- case p
16
- when Scaptimony::Policy
17
- @scap_content = p.scap_content
18
- @profile = p.scap_content_profile
19
- end
20
- if @scap_content.nil? or @scap_content.source.nil?
21
- OpenSCAP.raise! "Cannot generate HTML Guide for #{@scap_content}/#{@profile}"
22
- end
16
+ scoped_search :on => :name, :complete_value => true
17
+
18
+ def assign_assets(a)
19
+ self.asset_ids = (self.asset_ids + a.collect(&:id)).uniq
23
20
  end
24
21
 
25
- def each
26
- sds = OpenSCAP::DS::Sds.new @scap_content.source
22
+ def to_html
23
+ if self.scap_content.blank? || self.scap_content_profile.blank?
24
+ return warn(_('Cannot generate HTML guide for %{scap_content}/%{profile}') %
25
+ { :scap_content => self.scap_content, :profile => self.scap_content_profile })
26
+ end
27
+
28
+ sds = OpenSCAP::DS::Sds.new self.scap_content.source
27
29
  sds.select_checklist
28
- profile_id = @profile.nil? ? nil : @profile.profile_id
29
- yield sds.html_guide profile_id
30
+ profile_id = self.scap_content_profile.nil? ? nil : self.scap_content_profile.profile_id
31
+ html = sds.html_guide profile_id
30
32
  sds.destroy
33
+ html
31
34
  end
32
35
  end
33
36
  end
@@ -1,5 +1,4 @@
1
- require 'digest'
2
- require 'fileutils'
1
+ require 'digest/sha2'
3
2
  require 'openscap/ds/sds'
4
3
  require 'openscap/source'
5
4
  require 'openscap/xccdf/benchmark'
@@ -8,24 +7,10 @@ require 'scaptimony/engine'
8
7
  module Scaptimony
9
8
  class DataStreamValidator < ActiveModel::Validator
10
9
  def validate(scap_content)
11
- if !scap_content.new_record?
12
- return true if scap_content.scap_file.nil?
13
- scap_content.errors[:base] << _("Cannot change uploaded file while editing content.")
14
- return false
15
- end
16
- if scap_content.scap_file.nil?
17
- scap_content.errors[:base] << _("Please select file for upload.")
18
- return false
19
- end
20
-
21
- existing = ScapContent.where(:digest => scap_content.digest).first
22
- if !existing.nil?
23
- scap_content.errors[:base] << _("This file has been already uploaded as '#{existing.title}'.")
24
- return false
25
- end
10
+ return unless scap_content.scap_file_changed?
26
11
 
27
12
  allowed_type = 'SCAP Source Datastream'
28
- if scap_content.source.type != allowed_type
13
+ if scap_content.source.try(:type) != allowed_type
29
14
  scap_content.errors[:base] << _("Uploaded file is not #{allowed_type}.")
30
15
  return false
31
16
  end
@@ -35,36 +20,33 @@ module Scaptimony
35
20
  rescue OpenSCAP::OpenSCAPError => e
36
21
  scap_content.errors[:base] << e.message
37
22
  end
23
+
24
+ unless (scap_content.scap_content_profiles.map(&:profile_id) - scap_content.benchmark_profiles.profiles.keys).empty?
25
+ scap_content.errors[:base] << _('Changed file does not include existing SCAP Content profiles.')
26
+ return false
27
+ end
38
28
  end
39
29
  end
40
30
 
41
31
  class ScapContent < ActiveRecord::Base
32
+ attr_accessible :original_filename, :scap_file, :title
42
33
  has_many :scap_content_profiles, :dependent => :destroy
43
- has_many :policies, :dependent => :destroy
34
+ has_many :policies
35
+
36
+ before_destroy EnsureNotUsedBy.new(:policies)
44
37
 
45
38
  validates_with Scaptimony::DataStreamValidator
46
39
  validates :title, :presence => true
47
40
  validates :digest, :presence => true
48
- attr_accessor :scap_file
49
-
50
- def store
51
- if valid_store_attempt
52
- begin
53
- FileUtils.mkdir_p dir
54
- source.save path
55
- return false if !save
56
- create_profiles
57
- rescue StandardError => e
58
- errors[:base] << e.message
59
- return false
60
- end
61
- else
62
- save
63
- end
64
- end
41
+ validates :scap_file, :presence => true
42
+
43
+ after_save :create_profiles
44
+
45
+ scoped_search :on => :title, :complete_value => true
46
+ scoped_search :on => :original_filename, :complete_value => true, :rename => :filename
65
47
 
66
- def valid_store_attempt
67
- new_record? and !@scap_file.nil?
48
+ def to_label
49
+ title
68
50
  end
69
51
 
70
52
  def source
@@ -72,37 +54,32 @@ module Scaptimony
72
54
  end
73
55
 
74
56
  def digest
75
- self[:digest] ||= Digest::SHA256.hexdigest "#{@scap_file}"
57
+ self[:digest] ||= Digest::SHA256.hexdigest "#{scap_file}"
76
58
  end
77
59
 
78
- def path
79
- "#{dir}/#{digest}"
60
+ # returns OpenSCAP::Xccdf::Benchmark with profiles.
61
+ def benchmark_profiles
62
+ sds = ::OpenSCAP::DS::Sds.new(source)
63
+ bench_source = sds.select_checklist!
64
+ benchmark = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
65
+ sds.destroy
66
+ benchmark
80
67
  end
81
68
 
82
69
  private
83
70
  def source_init
84
71
  OpenSCAP.oscap_init
85
- if new_record?
86
- OpenSCAP::Source.new(:content => @scap_file, :path => path)
87
- else
88
- OpenSCAP::Source.new path
89
- end
72
+ OpenSCAP::Source.new(:content => scap_file)
90
73
  end
91
74
 
92
- def dir
93
- "#{Scaptimony::Engine.dir}/content"
75
+ def create_profiles
76
+ bench = benchmark_profiles
77
+ bench.profiles.each { |key, profile|
78
+ scap_content_profiles.find_or_create_by_profile_id_and_title(key, profile.title)
79
+ }
80
+ bench.destroy
81
+
94
82
  end
95
83
 
96
- def create_profiles
97
- sds = ::OpenSCAP::DS::Sds.new source
98
- bench_source = sds.select_checklist!
99
- bench = ::OpenSCAP::Xccdf::Benchmark.new bench_source
100
- bench.profiles.each { |key, profile|
101
- scap_content_profiles.create!(:profile_id => key, :title => profile.title)
102
- }
103
- bench.destroy
104
- sds.destroy
105
- true
106
- end
107
84
  end
108
85
  end
@@ -1,6 +1,6 @@
1
1
  module Scaptimony
2
2
  class XccdfResult < ActiveRecord::Base
3
- def self.f result_name
3
+ def self.f(result_name)
4
4
  where(:name => "#{result_name}").first!
5
5
  end
6
6
  end
@@ -4,7 +4,7 @@ module Scaptimony
4
4
  belongs_to :xccdf_result
5
5
  belongs_to :xccdf_rule
6
6
 
7
- def self.f result_name
7
+ def self.f(result_name)
8
8
  includes(:xccdf_result).where("scaptimony_xccdf_results.name = '#{result_name}'")
9
9
  end
10
10
  end
@@ -1,6 +1,6 @@
1
1
  class AddArfReportUniqueConstraint < ActiveRecord::Migration
2
2
  def change
3
3
  add_index :scaptimony_arf_reports, [:asset_id, :policy_id, :date, :digest],
4
- :unique => true, :name => :index_scaptimony_arf_reports_unique_set
4
+ :unique => true, :name => :index_scaptimony_arf_reports_unique_set
5
5
  end
6
6
  end
@@ -1,10 +1,7 @@
1
1
  class CreateScaptimonyScapContents < ActiveRecord::Migration
2
2
  def change
3
3
  create_table :scaptimony_scap_contents do |t|
4
- t.string :digest, limit: 128
5
-
6
4
  t.timestamps
7
5
  end
8
- add_index :scaptimony_scap_contents, :digest, unique: true
9
6
  end
10
7
  end
@@ -5,7 +5,7 @@ class AddColumnsToScaptimonyPolicies < ActiveRecord::Migration
5
5
  add_column :scaptimony_policies, :weekday, :string
6
6
  add_column :scaptimony_policies, :description, :string
7
7
 
8
- #This works only with rails-4, I want to support rails-3 too
8
+ # This works only with rails-4, I want to support rails-3 too
9
9
  # add_reference :scaptimony_policies, :scap_content, index: true
10
10
  add_column :scaptimony_policies, :scap_content_id, :integer, references: :scap_content
11
11
  end
@@ -1,6 +1,5 @@
1
1
  class AddConstraintToScaptimonyScapContents < ActiveRecord::Migration
2
2
  def change
3
3
  change_column :scaptimony_scap_contents, :title, :string, :null => false
4
- change_column :scaptimony_scap_contents, :digest, :string, :null => false
5
4
  end
6
5
  end
@@ -1,6 +1,6 @@
1
1
  class AddProfileToScaptimonyPolicies < ActiveRecord::Migration
2
2
  def change
3
- #add_reference :scaptimony_policies, :scap_content_profile, index: true
3
+ # add_reference :scaptimony_policies, :scap_content_profile, index: true
4
4
  add_column :scaptimony_policies, :scap_content_profile_id, :integer, references: :scap_content_profile
5
5
  end
6
6
  end
@@ -0,0 +1,9 @@
1
+ class CreateScaptimonyAssetsPolicies < ActiveRecord::Migration
2
+ def change
3
+ create_table :scaptimony_assets_policies, :id => false do |t|
4
+ t.references :asset, :index => true, :null => false
5
+ t.references :policy, :index => true, :null => false
6
+ end
7
+ add_index :scaptimony_assets_policies, [:asset_id, :policy_id], :unique => true
8
+ end
9
+ end
@@ -0,0 +1,5 @@
1
+ class AddScapFileToScapContent < ActiveRecord::Migration
2
+ def change
3
+ add_column :scaptimony_scap_contents, :scap_file, :binary
4
+ end
5
+ end
@@ -0,0 +1,5 @@
1
+ class RenameScaptimonyAssetPolicies < ActiveRecord::Migration
2
+ def change
3
+ rename_table(:scaptimony_assets_policies, :scaptimony_asset_policies)
4
+ end
5
+ end
@@ -0,0 +1,8 @@
1
+ class PolymorphAsset < ActiveRecord::Migration
2
+ def change
3
+ change_table(:scaptimony_assets) do |t|
4
+ t.references :assetable, :polymorphic => true, :index => true
5
+ t.remove :name
6
+ end
7
+ end
8
+ end
@@ -0,0 +1,10 @@
1
+ class CreateScaptimonyArfReportRaws < ActiveRecord::Migration
2
+ def change
3
+ create_table :scaptimony_arf_report_raws, :id => false do |t|
4
+ t.references :arf_report, :index => true, :null => false
5
+ t.integer :size
6
+ t.binary :raw
7
+ end
8
+ add_index :scaptimony_arf_report_raws, [:arf_report_id], :unique => true
9
+ end
10
+ end
@@ -0,0 +1,5 @@
1
+ class RenameScaptimonyArfReportRawRaw < ActiveRecord::Migration
2
+ def change
3
+ rename_column :scaptimony_arf_report_raws, :raw, :bzip_data
4
+ end
5
+ end
@@ -0,0 +1,19 @@
1
+ require 'digest/sha2'
2
+
3
+ class AddScaptimonyScapContentDigest < ActiveRecord::Migration
4
+ def change
5
+ add_column :scaptimony_scap_contents, :digest, :string, :limit => 128
6
+ ScapContentHack.find_each do |content|
7
+ content.digest
8
+ content.save!
9
+ end
10
+ change_column :scaptimony_scap_contents, :digest, :string, :null => false
11
+ end
12
+
13
+ class ScapContentHack < ActiveRecord::Base
14
+ self.table_name = 'scaptimony_scap_contents'
15
+ def digest
16
+ self[:digest] ||= Digest::SHA256.hexdigest "#{scap_file}"
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,6 @@
1
+ class AddDayOfMonthAndCronLineToScaptimonyPolicy < ActiveRecord::Migration
2
+ def change
3
+ add_column :scaptimony_policies, :day_of_month, :integer
4
+ add_column :scaptimony_policies, :cron_line, :string
5
+ end
6
+ end
@@ -1,9 +1,9 @@
1
- Scaptimony::XccdfResult.create(:name => 'pass')
2
- Scaptimony::XccdfResult.create(:name => 'fail')
3
- Scaptimony::XccdfResult.create(:name => 'error')
4
- Scaptimony::XccdfResult.create(:name => 'unknown')
5
- Scaptimony::XccdfResult.create(:name => 'notapplicable')
6
- Scaptimony::XccdfResult.create(:name => 'notchecked')
7
- Scaptimony::XccdfResult.create(:name => 'notselected')
8
- Scaptimony::XccdfResult.create(:name => 'informational')
9
- Scaptimony::XccdfResult.create(:name => 'fixed')
1
+ Scaptimony::XccdfResult.find_or_create_by_name(:name => 'pass')
2
+ Scaptimony::XccdfResult.find_or_create_by_name(:name => 'fail')
3
+ Scaptimony::XccdfResult.find_or_create_by_name(:name => 'error')
4
+ Scaptimony::XccdfResult.find_or_create_by_name(:name => 'unknown')
5
+ Scaptimony::XccdfResult.find_or_create_by_name(:name => 'notapplicable')
6
+ Scaptimony::XccdfResult.find_or_create_by_name(:name => 'notchecked')
7
+ Scaptimony::XccdfResult.find_or_create_by_name(:name => 'notselected')
8
+ Scaptimony::XccdfResult.find_or_create_by_name(:name => 'informational')
9
+ Scaptimony::XccdfResult.find_or_create_by_name(:name => 'fixed')
@@ -1,4 +1,4 @@
1
- require "scaptimony/engine"
1
+ require 'scaptimony/engine'
2
2
 
3
3
  module Scaptimony
4
4
  end
@@ -12,13 +12,18 @@ require 'digest'
12
12
 
13
13
  module Scaptimony
14
14
  module ArfReportsHelper
15
- def self.create_arf(asset, params, arf_bzip)
16
- # TODO:RAILS-4.0: This should become policy = Policy.find_or_create_by!(name: params[:policy])
17
- policy = Policy.where(:name => params[:policy]).first_or_create!
15
+ def self.create_arf(asset, params, arf_bzip, arf_bzip_size)
16
+ # fail if policy does not exist.
17
+ policy = Policy.find(params[:policy_id])
18
18
  digest = Digest::SHA256.hexdigest arf_bzip
19
- # TODO:RAILS-4.0: This should become arf_report = ArfReport.find_or_create_by! ...
20
- arf_report = ArfReport.where(:asset_id => asset.id, :policy_id => policy.id, :date => params[:date], :digest => digest).first_or_create!
21
- arf_report.store!(arf_bzip)
19
+ ArfReportRaw.transaction do
20
+ # TODO:RAILS-4.0: This should become arf_report = ArfReport.find_or_create_by! ...
21
+ arf_report = ArfReport.where(:asset_id => asset.id, :policy_id => policy.id,
22
+ :date => params[:date], :digest => digest).first_or_create!
23
+ if arf_report.arf_report_raw.nil?
24
+ ArfReportRaw.where(:arf_report_id => arf_report.id, :size => arf_bzip_size, :bzip_data => arf_bzip).create!
25
+ end
26
+ end
22
27
  end
23
28
  end
24
29
  end
@@ -1,9 +1,5 @@
1
1
  module Scaptimony
2
2
  class Engine < ::Rails::Engine
3
3
  isolate_namespace Scaptimony
4
- def self.dir
5
- # TODO this should be configurable
6
- '/var/lib/foreman/scaptimony'
7
- end
8
4
  end
9
5
  end
@@ -1,3 +1,3 @@
1
1
  module Scaptimony
2
- VERSION = "0.2.0"
2
+ VERSION = '0.3.0'
3
3
  end
@@ -3,7 +3,7 @@ require File.expand_path('../boot', __FILE__)
3
3
  require 'rails/all'
4
4
 
5
5
  Bundler.require
6
- require "scaptimony"
6
+ require 'scaptimony'
7
7
 
8
8
  module Dummy
9
9
  class Application < Rails::Application
@@ -30,7 +30,7 @@ module Dummy
30
30
  # config.i18n.default_locale = :de
31
31
 
32
32
  # Configure the default encoding used in templates for Ruby 1.9.
33
- config.encoding = "utf-8"
33
+ config.encoding = 'utf-8'
34
34
 
35
35
  # Configure sensitive parameters which will be filtered from the log file.
36
36
  config.filter_parameters += [:password]
@@ -56,4 +56,3 @@ module Dummy
56
56
  config.assets.version = '1.0'
57
57
  end
58
58
  end
59
-
@@ -7,4 +7,4 @@ if File.exist?(gemfile)
7
7
  Bundler.setup
8
8
  end
9
9
 
10
- $:.unshift File.expand_path('../../../../lib', __FILE__)
10
+ $:.unshift File.expand_path('../../../../lib', __FILE__)
@@ -9,7 +9,7 @@ Dummy::Application.configure do
9
9
 
10
10
  # Configure static asset server for tests with Cache-Control for performance
11
11
  config.serve_static_assets = true
12
- config.static_cache_control = "public, max-age=3600"
12
+ config.static_cache_control = 'public, max-age=3600'
13
13
 
14
14
  # Log error messages when you accidentally call methods on nil
15
15
  config.whiny_nils = true
@@ -1,4 +1,4 @@
1
1
  Rails.application.routes.draw do
2
2
 
3
- mount Scaptimony::Engine => "/scaptimony"
3
+ mount Scaptimony::Engine => '/scaptimony'
4
4
  end
@@ -7,4 +7,3 @@ class NavigationTest < ActionDispatch::IntegrationTest
7
7
  # assert true
8
8
  # end
9
9
  end
10
-
@@ -0,0 +1,9 @@
1
+ require 'test_helper'
2
+
3
+ module Scaptimony
4
+ class ArfReportRawTest < ActiveSupport::TestCase
5
+ # test "the truth" do
6
+ # assert true
7
+ # end
8
+ end
9
+ end
@@ -1,7 +1,7 @@
1
1
  require 'test_helper'
2
2
 
3
3
  class ScaptimonyTest < ActiveSupport::TestCase
4
- test "truth" do
4
+ test 'truth' do
5
5
  assert_kind_of Module, Scaptimony
6
6
  end
7
7
  end
@@ -1,8 +1,8 @@
1
1
  # Configure Rails Environment
2
- ENV["RAILS_ENV"] = "test"
2
+ ENV['RAILS_ENV'] = 'test'
3
3
 
4
- require File.expand_path("../dummy/config/environment.rb", __FILE__)
5
- require "rails/test_help"
4
+ require File.expand_path('../dummy/config/environment.rb', __FILE__)
5
+ require 'rails/test_help'
6
6
 
7
7
  Rails.backtrace_cleaner.remove_silencers!
8
8
 
@@ -11,5 +11,5 @@ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
11
11
 
12
12
  # Load fixtures from the engine
13
13
  if ActiveSupport::TestCase.method_defined?(:fixture_path=)
14
- ActiveSupport::TestCase.fixture_path = File.expand_path("../fixtures", __FILE__)
14
+ ActiveSupport::TestCase.fixture_path = File.expand_path('../fixtures', __FILE__)
15
15
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: scaptimony
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Šimon Lukašík
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-04 00:00:00.000000000 Z
11
+ date: 2015-01-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - '>='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.4.0
33
+ version: 0.4.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '>='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.4.0
40
+ version: 0.4.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: sqlite3
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -75,25 +75,35 @@ files:
75
75
  - app/models/scaptimony/xccdf_rule.rb
76
76
  - app/models/scaptimony/xccdf_result.rb
77
77
  - app/models/scaptimony/asset.rb
78
+ - app/models/scaptimony/asset_policy.rb
78
79
  - app/models/scaptimony/scap_content_profile.rb
80
+ - app/models/scaptimony/arf_report_raw.rb
79
81
  - app/models/scaptimony/arf_report_breakdown.rb
80
82
  - config/routes.rb
81
83
  - db/migrate/20141116171305_add_profile_to_scaptimony_policies.rb
82
84
  - db/migrate/20141116170632_remove_xccdf_profile_from_scaptimony_policies.rb
83
85
  - db/migrate/20141119182606_create_scaptimony_xccdf_rule_results.rb
86
+ - db/migrate/20150116083129_add_day_of_month_and_cron_line_to_scaptimony_policy.rb
84
87
  - db/migrate/20141015115511_add_arf_report_unique_constraint.rb
85
88
  - db/migrate/20141015092642_create_scaptimony_arf_reports.rb
89
+ - db/migrate/20150111085317_polymorph_asset.rb
90
+ - db/migrate/20141216154502_rename_scaptimony_asset_policies.rb
86
91
  - db/migrate/20141119175434_create_scaptimony_xccdf_rules.rb
87
92
  - db/migrate/20141014105333_create_scaptimony_assets.rb
88
93
  - db/migrate/20141119164918_create_scaptimony_xccdf_results.rb
94
+ - db/migrate/20150112152944_create_scaptimony_arf_report_raws.rb
89
95
  - db/migrate/20141107091756_add_columns_to_scaptimony_scap_contents.rb
90
96
  - db/migrate/20141113221054_create_scaptimony_scap_content_profiles.rb
91
97
  - db/migrate/20141111104519_add_constraint_to_scaptimony_scap_contents.rb
92
98
  - db/migrate/20141105174834_add_columns_to_scaptimony_policies.rb
93
99
  - db/migrate/20141104164201_create_scaptimony_scap_contents.rb
94
100
  - db/migrate/20141013172051_create_scaptimony_policies.rb
101
+ - db/migrate/20141206211151_create_scaptimony_assets_policies.rb
95
102
  - db/migrate/20141105174625_add_description_to_scaptimony_policy_revisions.rb
103
+ - db/migrate/20150115155947_add_scaptimony_scap_content_digest.rb
96
104
  - db/migrate/20141104171545_create_scaptimony_policy_revisions.rb
105
+ - db/migrate/20150114210634_rename_scaptimony_arf_report_raw_raw.rb
106
+ - db/migrate/20141214112917_add_scap_file_to_scap_content.rb
97
107
  - db/migrate/20141121120326_create_scaptimony_arf_report_breakdowns.rb
98
108
  - db/migrate/20141118142954_add_constraint_to_scaptimony_policies.rb
99
109
  - db/migrate/20141121164042_replace_arf_report_breakdown_view.rb
@@ -134,7 +144,6 @@ files:
134
144
  - test/dummy/config/locales/en.yml
135
145
  - test/dummy/config.ru
136
146
  - test/dummy/README.rdoc
137
- - test/fixtures/scaptimony/scap_contents.yml
138
147
  - test/fixtures/scaptimony/xccdf_rule_results.yml
139
148
  - test/fixtures/scaptimony/xccdf_results.yml
140
149
  - test/fixtures/scaptimony/policies.yml
@@ -155,6 +164,7 @@ files:
155
164
  - test/models/scaptimony/arf_report_breakdown_test.rb
156
165
  - test/models/scaptimony/arf_report_test.rb
157
166
  - test/models/scaptimony/asset_test.rb
167
+ - test/models/scaptimony/arf_report_raw_test.rb
158
168
  - test/models/scaptimony/xccdf_rule_result_test.rb
159
169
  - test/models/scaptimony/policy_test.rb
160
170
  homepage: https://github.com/OpenSCAP/scaptimony
@@ -210,7 +220,6 @@ test_files:
210
220
  - test/dummy/config/locales/en.yml
211
221
  - test/dummy/config.ru
212
222
  - test/dummy/README.rdoc
213
- - test/fixtures/scaptimony/scap_contents.yml
214
223
  - test/fixtures/scaptimony/xccdf_rule_results.yml
215
224
  - test/fixtures/scaptimony/xccdf_results.yml
216
225
  - test/fixtures/scaptimony/policies.yml
@@ -231,5 +240,6 @@ test_files:
231
240
  - test/models/scaptimony/arf_report_breakdown_test.rb
232
241
  - test/models/scaptimony/arf_report_test.rb
233
242
  - test/models/scaptimony/asset_test.rb
243
+ - test/models/scaptimony/arf_report_raw_test.rb
234
244
  - test/models/scaptimony/xccdf_rule_result_test.rb
235
245
  - test/models/scaptimony/policy_test.rb
@@ -1,7 +0,0 @@
1
- # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
2
-
3
- one:
4
- digest: MyString
5
-
6
- two:
7
- digest: MyString