scaptimony 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +16 -6
- data/Rakefile +1 -1
- data/app/models/scaptimony/arf_report.rb +51 -55
- data/app/models/scaptimony/arf_report_raw.rb +51 -0
- data/app/models/scaptimony/asset.rb +29 -0
- data/app/models/scaptimony/asset_policy.rb +6 -0
- data/app/models/scaptimony/policy.rb +19 -16
- data/app/models/scaptimony/scap_content.rb +36 -59
- data/app/models/scaptimony/xccdf_result.rb +1 -1
- data/app/models/scaptimony/xccdf_rule_result.rb +1 -1
- data/db/migrate/20141015115511_add_arf_report_unique_constraint.rb +1 -1
- data/db/migrate/20141104164201_create_scaptimony_scap_contents.rb +0 -3
- data/db/migrate/20141105174834_add_columns_to_scaptimony_policies.rb +1 -1
- data/db/migrate/20141111104519_add_constraint_to_scaptimony_scap_contents.rb +0 -1
- data/db/migrate/20141116171305_add_profile_to_scaptimony_policies.rb +1 -1
- data/db/migrate/20141206211151_create_scaptimony_assets_policies.rb +9 -0
- data/db/migrate/20141214112917_add_scap_file_to_scap_content.rb +5 -0
- data/db/migrate/20141216154502_rename_scaptimony_asset_policies.rb +5 -0
- data/db/migrate/20150111085317_polymorph_asset.rb +8 -0
- data/db/migrate/20150112152944_create_scaptimony_arf_report_raws.rb +10 -0
- data/db/migrate/20150114210634_rename_scaptimony_arf_report_raw_raw.rb +5 -0
- data/db/migrate/20150115155947_add_scaptimony_scap_content_digest.rb +19 -0
- data/db/migrate/20150116083129_add_day_of_month_and_cron_line_to_scaptimony_policy.rb +6 -0
- data/db/seeds.rb +9 -9
- data/lib/scaptimony.rb +1 -1
- data/lib/scaptimony/arf_reports_helper.rb +11 -6
- data/lib/scaptimony/engine.rb +0 -4
- data/lib/scaptimony/version.rb +1 -1
- data/test/dummy/config/application.rb +2 -3
- data/test/dummy/config/boot.rb +1 -1
- data/test/dummy/config/environments/test.rb +1 -1
- data/test/dummy/config/routes.rb +1 -1
- data/test/integration/navigation_test.rb +0 -1
- data/test/models/scaptimony/arf_report_raw_test.rb +9 -0
- data/test/scaptimony_test.rb +1 -1
- data/test/test_helper.rb +4 -4
- metadata +16 -6
- data/test/fixtures/scaptimony/scap_contents.yml +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1de7b66071d1a5cdc7b8a35b6e771aa9c1afab00
|
4
|
+
data.tar.gz: 45ac4cc03c0630a39a5b8f9e1e85e390a3795cf3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 40b85faa5dca890f6c0935e823ec40110d3107fb7fde70f20cac95cd9d82e90f8c2635af70d8826b35d7e11658b023a771b71996a9110439b0a85c5f69bf9db2
|
7
|
+
data.tar.gz: 101fec51fa7ae58fd6290866b4103a2f573ecb252278c5a24e49ec1946c6c2a632ca3f5cca9c7f316dca5604259e8ef48039554308f9a3f4e82829f40a971fb9
|
data/README.md
CHANGED
@@ -10,20 +10,20 @@ as a stand-alone sealed server.
|
|
10
10
|
+ Provide API for tools to upload collected SCAP results
|
11
11
|
+ Define security/compliance policies
|
12
12
|
+ Upload SCAP content and assign it with the policy
|
13
|
+
+ Set-up a periodical schedule of audits for the policy
|
14
|
+
+ Organization defined targeting (Assign a set of nodes with the policy)
|
13
15
|
+ Result post-processing
|
14
16
|
+ Search SCAP results
|
15
17
|
+ Search for non-compliant systems
|
18
|
+
+ Search for not audited systems
|
16
19
|
+ Rails artefacts to display audit results within your application
|
17
20
|
+ Future features:
|
18
21
|
+ Define security/compliance policies
|
19
22
|
+ Archive distinct versions of the policy
|
20
|
-
+ Set-up a periodical schedule of audits for the policy
|
21
|
-
+ Organization defined targeting (Assign a set of nodes with the policy)
|
22
23
|
+ Define known-issues and waivers (Assign waivers with a set of nodes and the policy)
|
23
24
|
+ Set-up rules for automated deletion of results
|
24
25
|
+ vulnerability assessment (processing OVAL CVE streams)
|
25
26
|
+ Result post-processing
|
26
|
-
+ Search for not audited systems
|
27
27
|
* Comparison of audit results
|
28
28
|
+ Waive known issues
|
29
29
|
+ One time waivers of a report
|
@@ -32,7 +32,17 @@ as a stand-alone sealed server.
|
|
32
32
|
+ Calculate score before and after waiver (ammount of risk accepted needs to be made available to the authorizing official)
|
33
33
|
+ Let us know, if your feature is missing.
|
34
34
|
|
35
|
-
## Installation
|
35
|
+
## Installation from RPMs
|
36
|
+
|
37
|
+
- Enable [isimluk/OpenSCAP](https://copr.fedoraproject.org/coprs/isimluk/OpenSCAP/) COPR repository
|
38
|
+
|
39
|
+
- Install SCAPtimony
|
40
|
+
|
41
|
+
```
|
42
|
+
yum install rubygem-scaptimony ruby193-rubygem-scaptimony
|
43
|
+
```
|
44
|
+
|
45
|
+
## Installation from upstream git
|
36
46
|
|
37
47
|
- Get SCAPtimony sources
|
38
48
|
|
@@ -47,7 +57,7 @@ as a stand-alone sealed server.
|
|
47
57
|
```
|
48
58
|
$ cd scaptimony
|
49
59
|
$ gem build scaptimony.gemspec
|
50
|
-
# yum install yum-utils rpm-build scl-utils scl-utils-build ruby193-rubygems-devel
|
60
|
+
# yum install yum-utils rpm-build scl-utils scl-utils-build ruby193-rubygems-devel ruby193-build ruby193
|
51
61
|
# yum-builddep extra/rubygem-scaptimony.spec
|
52
62
|
$ rpmbuild --define "_sourcedir `pwd`" --define "scl ruby193" -ba extra/rubygem-scaptimony.spec
|
53
63
|
```
|
@@ -55,7 +65,7 @@ as a stand-alone sealed server.
|
|
55
65
|
- Install SCAPtimony RPM
|
56
66
|
|
57
67
|
```
|
58
|
-
# yum
|
68
|
+
# yum localinstall ~/rpmbuild/RPMS/noarch/ruby193-rubygem-scaptimony-*.noarch.rpm
|
59
69
|
```
|
60
70
|
|
61
71
|
## Usage
|
data/Rakefile
CHANGED
@@ -20,7 +20,7 @@ RDoc::Task.new(:rdoc) do |rdoc|
|
|
20
20
|
rdoc.rdoc_files.include('lib/**/*.rb')
|
21
21
|
end
|
22
22
|
|
23
|
-
APP_RAKEFILE = File.expand_path(
|
23
|
+
APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
|
24
24
|
load 'rails/tasks/engine.rake'
|
25
25
|
|
26
26
|
|
@@ -1,85 +1,81 @@
|
|
1
|
-
require 'fileutils'
|
2
|
-
require 'openscap'
|
3
|
-
require 'openscap/ds/arf'
|
4
|
-
require 'openscap/xccdf/testresult'
|
5
|
-
require 'openscap/xccdf/ruleresult'
|
6
|
-
require 'scaptimony/engine'
|
7
|
-
|
8
1
|
module Scaptimony
|
9
2
|
class ArfReport < ActiveRecord::Base
|
10
3
|
belongs_to :asset
|
11
4
|
belongs_to :policy
|
5
|
+
delegate :assetable, :to => :asset, :as => :assetable
|
12
6
|
has_many :xccdf_rule_results, :dependent => :destroy
|
7
|
+
has_one :arf_report_raw, :dependent => :destroy
|
13
8
|
has_one :arf_report_breakdown
|
14
9
|
|
15
|
-
|
16
|
-
|
17
|
-
|
10
|
+
scope :breakdown, joins(:arf_report_breakdown)
|
11
|
+
scope :comply, breakdown.where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 })
|
12
|
+
scope :incomply, breakdown.where('scaptimony_arf_report_breakdowns.failed != 0') # TODO:RAILS-4.0: where.not
|
13
|
+
scope :inconclusive, breakdown.where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 })
|
14
|
+
scope :latest, joins('INNER JOIN (select asset_id, policy_id, max(id) AS id
|
15
|
+
FROM scaptimony_arf_reports
|
16
|
+
GROUP BY asset_id, policy_id) latest
|
17
|
+
ON scaptimony_arf_reports.id = latest.id')
|
18
18
|
|
19
|
-
scoped_search :on => :date, :complete_value => true
|
19
|
+
scoped_search :on => :date, :complete_value => true, :default_order => :desc
|
20
20
|
scoped_search :in => :arf_report_breakdown, :on => :passed
|
21
21
|
scoped_search :in => :arf_report_breakdown, :on => :failed
|
22
22
|
scoped_search :in => :arf_report_breakdown, :on => :othered
|
23
|
+
scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :compliance_policy
|
24
|
+
scoped_search :on => :id, :rename => :last_for, :complete_value => { :host => 0, :policy => 1 },
|
25
|
+
:only_explicit => true, :ext_method => :search_by_last_for
|
26
|
+
scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :comply_with,
|
27
|
+
:only_explicit => true, :operators => ['= '], :ext_method => :search_by_comply_with
|
28
|
+
scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :not_comply_with,
|
29
|
+
:only_explicit => true, :operators => ['= '], :ext_method => :search_by_not_comply_with
|
30
|
+
scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :inconclusive_with,
|
31
|
+
:only_explicit => true, :operators => ['= '], :ext_method => :search_by_inconclusive_with
|
23
32
|
|
24
33
|
def passed; arf_report_breakdown ? arf_report_breakdown.passed : 0; end
|
25
34
|
def failed; arf_report_breakdown ? arf_report_breakdown.failed : 0; end
|
26
35
|
def othered; arf_report_breakdown ? arf_report_breakdown.othered : 0; end
|
27
36
|
|
28
|
-
def
|
29
|
-
|
30
|
-
|
31
|
-
File.open(path, 'wb') { |f| f.write(data) }
|
32
|
-
save_dependent_entities
|
33
|
-
rescue StandardError => e
|
34
|
-
logger.error "Could not store ARF to '#{path}': #{e.message}"
|
35
|
-
raise e
|
37
|
+
def to_html
|
38
|
+
if arf_report_raw.nil?
|
39
|
+
fail Error, "Cannot generate HTML report, ArfReport #{id} is missing XML details"
|
36
40
|
end
|
41
|
+
arf_report_raw.to_html
|
37
42
|
end
|
38
43
|
|
39
|
-
def
|
40
|
-
|
41
|
-
arf = OpenSCAP::DS::Arf.new path
|
42
|
-
yield arf.html
|
43
|
-
arf.destroy
|
44
|
-
OpenSCAP.oscap_cleanup
|
44
|
+
def self.search_by_comply_with(_key, _operator, policy_name)
|
45
|
+
search_by_policy_results policy_name, &:comply
|
45
46
|
end
|
46
47
|
|
47
|
-
def
|
48
|
-
|
49
|
-
begin
|
50
|
-
Dir.delete dir
|
51
|
-
rescue StandardError => e
|
52
|
-
end
|
48
|
+
def self.search_by_not_comply_with(_key, _operator, policy_name)
|
49
|
+
search_by_policy_results policy_name, &:incomply
|
53
50
|
end
|
54
51
|
|
55
|
-
|
56
|
-
|
57
|
-
return unless xccdf_rule_results.empty?
|
58
|
-
begin
|
59
|
-
OpenSCAP.oscap_init
|
60
|
-
arf = OpenSCAP::DS::Arf.new path
|
61
|
-
test_result = arf.test_result
|
62
|
-
test_result.rr.each {|rr_id, rr|
|
63
|
-
rule = ::Scaptimony::XccdfRule.where(:xid => rr_id).first_or_create!
|
64
|
-
xccdf_rule_results.create!(:xccdf_rule_id => rule.id, :xccdf_result_id => XccdfResult.f(rr.result).id)
|
65
|
-
}
|
66
|
-
rescue StandardError => e
|
67
|
-
xccdf_rule_results.destroy_all
|
68
|
-
raise e
|
69
|
-
ensure
|
70
|
-
test_result.destroy unless test_result.nil?
|
71
|
-
arf.destroy unless arf.nil?
|
72
|
-
OpenSCAP.oscap_cleanup
|
73
|
-
end
|
52
|
+
def self.search_by_inconclusive_with(_key, _operator, policy_name)
|
53
|
+
search_by_policy_results policy_name, &:inconclusive
|
74
54
|
end
|
75
55
|
|
76
|
-
def
|
77
|
-
|
56
|
+
def self.search_by_policy_results(policy_name, &selection)
|
57
|
+
cond = sanitize_sql_for_conditions('scaptimony_policies.name' => policy_name)
|
58
|
+
{ :conditions => Scaptimony::ArfReport.arel_table[:id].in(
|
59
|
+
Scaptimony::ArfReport.select(Scaptimony::ArfReport.arel_table[:id])
|
60
|
+
.latest.instance_eval(&selection).joins(:policy).where(cond).ast
|
61
|
+
).to_sql
|
62
|
+
}
|
78
63
|
end
|
79
64
|
|
80
|
-
def
|
81
|
-
|
82
|
-
|
65
|
+
def self.search_by_last_for(key, operator, by)
|
66
|
+
by.gsub!(/[^[:alnum:]]/, '')
|
67
|
+
case by.downcase
|
68
|
+
when 'host'
|
69
|
+
{ :conditions => 'scaptimony_arf_reports.id IN (
|
70
|
+
SELECT MAX(id) FROM scaptimony_arf_reports sub
|
71
|
+
WHERE sub.asset_id = scaptimony_arf_reports.asset_id)' }
|
72
|
+
when 'policy'
|
73
|
+
{ :conditions => 'scaptimony_arf_reports.id IN (
|
74
|
+
SELECT MAX(id) FROM scaptimony_arf_reports sub
|
75
|
+
WHERE sub.policy_id = scaptimony_arf_reports.policy_id)' }
|
76
|
+
else
|
77
|
+
fail "Cannot search last by #{by}"
|
78
|
+
end
|
83
79
|
end
|
84
80
|
end
|
85
81
|
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
require 'openscap'
|
2
|
+
require 'openscap/ds/arf'
|
3
|
+
require 'openscap/xccdf/testresult'
|
4
|
+
require 'openscap/xccdf/ruleresult'
|
5
|
+
|
6
|
+
module Scaptimony
|
7
|
+
class ArfReportRaw < ActiveRecord::Base
|
8
|
+
set_primary_key :arf_report_id
|
9
|
+
belongs_to :arf_report
|
10
|
+
after_create :save_dependent_entities
|
11
|
+
|
12
|
+
def to_html
|
13
|
+
arf = build_arf
|
14
|
+
html = arf.html
|
15
|
+
arf.destroy
|
16
|
+
OpenSCAP.oscap_cleanup
|
17
|
+
html
|
18
|
+
end
|
19
|
+
|
20
|
+
private
|
21
|
+
|
22
|
+
def save_dependent_entities
|
23
|
+
return if arf_report.xccdf_rule_results.any?
|
24
|
+
return if size < 0
|
25
|
+
begin
|
26
|
+
arf = build_arf
|
27
|
+
test_result = arf.test_result
|
28
|
+
create_rule_results(test_result)
|
29
|
+
rescue StandardError => e
|
30
|
+
arf_report.xccdf_rule_results.destroy_all
|
31
|
+
raise e
|
32
|
+
ensure
|
33
|
+
test_result.destroy unless test_result.nil?
|
34
|
+
arf.destroy unless arf.nil?
|
35
|
+
OpenSCAP.oscap_cleanup
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def create_rule_results(test_result)
|
40
|
+
test_result.rr.each {|rr_id, rr|
|
41
|
+
rule = ::Scaptimony::XccdfRule.where(:xid => rr_id).first_or_create!
|
42
|
+
arf_report.xccdf_rule_results.create!(:xccdf_rule_id => rule.id, :xccdf_result_id => XccdfResult.f(rr.result).id)
|
43
|
+
}
|
44
|
+
end
|
45
|
+
|
46
|
+
def build_arf
|
47
|
+
OpenSCAP.oscap_init
|
48
|
+
OpenSCAP::DS::Arf.new :content => bzip_data, :path => 'arf.xml.bz2', :length => size
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -1,4 +1,33 @@
|
|
1
1
|
module Scaptimony
|
2
2
|
class Asset < ActiveRecord::Base
|
3
|
+
has_many :asset_policies
|
4
|
+
has_many :policies, :through => :asset_policies
|
5
|
+
has_many :arf_reports, :dependent => :destroy
|
6
|
+
|
7
|
+
scope :policy_reports, lambda { |policy| includes(:arf_reports).where(:scaptimony_arf_reports => { :policy_id => policy.id }) }
|
8
|
+
scope :policy_reports_missing, lambda { |policy|
|
9
|
+
where("id NOT IN (select asset_id from scaptimony_arf_reports where policy_id = #{policy.id})")
|
10
|
+
}
|
11
|
+
scope :comply_with, lambda { |policy|
|
12
|
+
last_arf(policy).breakdown.where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 })
|
13
|
+
}
|
14
|
+
scope :incomply_with, lambda { |policy|
|
15
|
+
last_arf(policy).breakdown.where('scaptimony_arf_report_breakdowns.failed != 0') # TODO:RAILS-4.0: rewrite with: where.not()
|
16
|
+
}
|
17
|
+
scope :inconclusive_with, lambda { |policy|
|
18
|
+
last_arf(policy).breakdown.
|
19
|
+
where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 }).
|
20
|
+
where('scaptimony_arf_report_breakdowns.failed != 0') # TODO:RAILS-4.0: rewrite with: where.not()
|
21
|
+
}
|
22
|
+
scope :breakdown, joins('INNER JOIN scaptimony_arf_report_breakdowns
|
23
|
+
ON scaptimony_arf_reports.id = scaptimony_arf_report_breakdowns.arf_report_id')
|
24
|
+
scope :last_arf, lambda { |policy|
|
25
|
+
joins("-- this is emo, we need some hipsters to rewrite this using arel
|
26
|
+
INNER JOIN (select asset_id, max(id) AS id
|
27
|
+
FROM scaptimony_arf_reports
|
28
|
+
WHERE policy_id = #{policy.id}
|
29
|
+
GROUP BY asset_id) scaptimony_arf_reports
|
30
|
+
ON scaptimony_arf_reports.asset_id = scaptimony_assets.id")
|
31
|
+
}
|
3
32
|
end
|
4
33
|
end
|
@@ -3,31 +3,34 @@ require 'openscap/ds/sds'
|
|
3
3
|
|
4
4
|
module Scaptimony
|
5
5
|
class Policy < ActiveRecord::Base
|
6
|
+
attr_accessible :description, :name, :period, :scap_content_id, :scap_content_profile_id,
|
7
|
+
:weekday, :day_of_month, :cron_line
|
6
8
|
belongs_to :scap_content
|
7
9
|
belongs_to :scap_content_profile
|
8
|
-
has_many :arf_reports, dependent
|
10
|
+
has_many :arf_reports, :dependent => :destroy
|
11
|
+
has_many :asset_policies
|
12
|
+
has_many :assets, :through => :asset_policies
|
9
13
|
|
10
14
|
validates :name, :presence => true
|
11
|
-
end
|
12
15
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
@scap_content = p.scap_content
|
18
|
-
@profile = p.scap_content_profile
|
19
|
-
end
|
20
|
-
if @scap_content.nil? or @scap_content.source.nil?
|
21
|
-
OpenSCAP.raise! "Cannot generate HTML Guide for #{@scap_content}/#{@profile}"
|
22
|
-
end
|
16
|
+
scoped_search :on => :name, :complete_value => true
|
17
|
+
|
18
|
+
def assign_assets(a)
|
19
|
+
self.asset_ids = (self.asset_ids + a.collect(&:id)).uniq
|
23
20
|
end
|
24
21
|
|
25
|
-
def
|
26
|
-
|
22
|
+
def to_html
|
23
|
+
if self.scap_content.blank? || self.scap_content_profile.blank?
|
24
|
+
return warn(_('Cannot generate HTML guide for %{scap_content}/%{profile}') %
|
25
|
+
{ :scap_content => self.scap_content, :profile => self.scap_content_profile })
|
26
|
+
end
|
27
|
+
|
28
|
+
sds = OpenSCAP::DS::Sds.new self.scap_content.source
|
27
29
|
sds.select_checklist
|
28
|
-
profile_id =
|
29
|
-
|
30
|
+
profile_id = self.scap_content_profile.nil? ? nil : self.scap_content_profile.profile_id
|
31
|
+
html = sds.html_guide profile_id
|
30
32
|
sds.destroy
|
33
|
+
html
|
31
34
|
end
|
32
35
|
end
|
33
36
|
end
|
@@ -1,5 +1,4 @@
|
|
1
|
-
require 'digest'
|
2
|
-
require 'fileutils'
|
1
|
+
require 'digest/sha2'
|
3
2
|
require 'openscap/ds/sds'
|
4
3
|
require 'openscap/source'
|
5
4
|
require 'openscap/xccdf/benchmark'
|
@@ -8,24 +7,10 @@ require 'scaptimony/engine'
|
|
8
7
|
module Scaptimony
|
9
8
|
class DataStreamValidator < ActiveModel::Validator
|
10
9
|
def validate(scap_content)
|
11
|
-
|
12
|
-
return true if scap_content.scap_file.nil?
|
13
|
-
scap_content.errors[:base] << _("Cannot change uploaded file while editing content.")
|
14
|
-
return false
|
15
|
-
end
|
16
|
-
if scap_content.scap_file.nil?
|
17
|
-
scap_content.errors[:base] << _("Please select file for upload.")
|
18
|
-
return false
|
19
|
-
end
|
20
|
-
|
21
|
-
existing = ScapContent.where(:digest => scap_content.digest).first
|
22
|
-
if !existing.nil?
|
23
|
-
scap_content.errors[:base] << _("This file has been already uploaded as '#{existing.title}'.")
|
24
|
-
return false
|
25
|
-
end
|
10
|
+
return unless scap_content.scap_file_changed?
|
26
11
|
|
27
12
|
allowed_type = 'SCAP Source Datastream'
|
28
|
-
if scap_content.source.type != allowed_type
|
13
|
+
if scap_content.source.try(:type) != allowed_type
|
29
14
|
scap_content.errors[:base] << _("Uploaded file is not #{allowed_type}.")
|
30
15
|
return false
|
31
16
|
end
|
@@ -35,36 +20,33 @@ module Scaptimony
|
|
35
20
|
rescue OpenSCAP::OpenSCAPError => e
|
36
21
|
scap_content.errors[:base] << e.message
|
37
22
|
end
|
23
|
+
|
24
|
+
unless (scap_content.scap_content_profiles.map(&:profile_id) - scap_content.benchmark_profiles.profiles.keys).empty?
|
25
|
+
scap_content.errors[:base] << _('Changed file does not include existing SCAP Content profiles.')
|
26
|
+
return false
|
27
|
+
end
|
38
28
|
end
|
39
29
|
end
|
40
30
|
|
41
31
|
class ScapContent < ActiveRecord::Base
|
32
|
+
attr_accessible :original_filename, :scap_file, :title
|
42
33
|
has_many :scap_content_profiles, :dependent => :destroy
|
43
|
-
has_many :policies
|
34
|
+
has_many :policies
|
35
|
+
|
36
|
+
before_destroy EnsureNotUsedBy.new(:policies)
|
44
37
|
|
45
38
|
validates_with Scaptimony::DataStreamValidator
|
46
39
|
validates :title, :presence => true
|
47
40
|
validates :digest, :presence => true
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
source.save path
|
55
|
-
return false if !save
|
56
|
-
create_profiles
|
57
|
-
rescue StandardError => e
|
58
|
-
errors[:base] << e.message
|
59
|
-
return false
|
60
|
-
end
|
61
|
-
else
|
62
|
-
save
|
63
|
-
end
|
64
|
-
end
|
41
|
+
validates :scap_file, :presence => true
|
42
|
+
|
43
|
+
after_save :create_profiles
|
44
|
+
|
45
|
+
scoped_search :on => :title, :complete_value => true
|
46
|
+
scoped_search :on => :original_filename, :complete_value => true, :rename => :filename
|
65
47
|
|
66
|
-
def
|
67
|
-
|
48
|
+
def to_label
|
49
|
+
title
|
68
50
|
end
|
69
51
|
|
70
52
|
def source
|
@@ -72,37 +54,32 @@ module Scaptimony
|
|
72
54
|
end
|
73
55
|
|
74
56
|
def digest
|
75
|
-
self[:digest] ||= Digest::SHA256.hexdigest "#{
|
57
|
+
self[:digest] ||= Digest::SHA256.hexdigest "#{scap_file}"
|
76
58
|
end
|
77
59
|
|
78
|
-
|
79
|
-
|
60
|
+
# returns OpenSCAP::Xccdf::Benchmark with profiles.
|
61
|
+
def benchmark_profiles
|
62
|
+
sds = ::OpenSCAP::DS::Sds.new(source)
|
63
|
+
bench_source = sds.select_checklist!
|
64
|
+
benchmark = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
|
65
|
+
sds.destroy
|
66
|
+
benchmark
|
80
67
|
end
|
81
68
|
|
82
69
|
private
|
83
70
|
def source_init
|
84
71
|
OpenSCAP.oscap_init
|
85
|
-
|
86
|
-
OpenSCAP::Source.new(:content => @scap_file, :path => path)
|
87
|
-
else
|
88
|
-
OpenSCAP::Source.new path
|
89
|
-
end
|
72
|
+
OpenSCAP::Source.new(:content => scap_file)
|
90
73
|
end
|
91
74
|
|
92
|
-
def
|
93
|
-
|
75
|
+
def create_profiles
|
76
|
+
bench = benchmark_profiles
|
77
|
+
bench.profiles.each { |key, profile|
|
78
|
+
scap_content_profiles.find_or_create_by_profile_id_and_title(key, profile.title)
|
79
|
+
}
|
80
|
+
bench.destroy
|
81
|
+
|
94
82
|
end
|
95
83
|
|
96
|
-
def create_profiles
|
97
|
-
sds = ::OpenSCAP::DS::Sds.new source
|
98
|
-
bench_source = sds.select_checklist!
|
99
|
-
bench = ::OpenSCAP::Xccdf::Benchmark.new bench_source
|
100
|
-
bench.profiles.each { |key, profile|
|
101
|
-
scap_content_profiles.create!(:profile_id => key, :title => profile.title)
|
102
|
-
}
|
103
|
-
bench.destroy
|
104
|
-
sds.destroy
|
105
|
-
true
|
106
|
-
end
|
107
84
|
end
|
108
85
|
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
class AddArfReportUniqueConstraint < ActiveRecord::Migration
|
2
2
|
def change
|
3
3
|
add_index :scaptimony_arf_reports, [:asset_id, :policy_id, :date, :digest],
|
4
|
-
|
4
|
+
:unique => true, :name => :index_scaptimony_arf_reports_unique_set
|
5
5
|
end
|
6
6
|
end
|
@@ -5,7 +5,7 @@ class AddColumnsToScaptimonyPolicies < ActiveRecord::Migration
|
|
5
5
|
add_column :scaptimony_policies, :weekday, :string
|
6
6
|
add_column :scaptimony_policies, :description, :string
|
7
7
|
|
8
|
-
#This works only with rails-4, I want to support rails-3 too
|
8
|
+
# This works only with rails-4, I want to support rails-3 too
|
9
9
|
# add_reference :scaptimony_policies, :scap_content, index: true
|
10
10
|
add_column :scaptimony_policies, :scap_content_id, :integer, references: :scap_content
|
11
11
|
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
class AddProfileToScaptimonyPolicies < ActiveRecord::Migration
|
2
2
|
def change
|
3
|
-
#add_reference :scaptimony_policies, :scap_content_profile, index: true
|
3
|
+
# add_reference :scaptimony_policies, :scap_content_profile, index: true
|
4
4
|
add_column :scaptimony_policies, :scap_content_profile_id, :integer, references: :scap_content_profile
|
5
5
|
end
|
6
6
|
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
class CreateScaptimonyAssetsPolicies < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :scaptimony_assets_policies, :id => false do |t|
|
4
|
+
t.references :asset, :index => true, :null => false
|
5
|
+
t.references :policy, :index => true, :null => false
|
6
|
+
end
|
7
|
+
add_index :scaptimony_assets_policies, [:asset_id, :policy_id], :unique => true
|
8
|
+
end
|
9
|
+
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
class CreateScaptimonyArfReportRaws < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :scaptimony_arf_report_raws, :id => false do |t|
|
4
|
+
t.references :arf_report, :index => true, :null => false
|
5
|
+
t.integer :size
|
6
|
+
t.binary :raw
|
7
|
+
end
|
8
|
+
add_index :scaptimony_arf_report_raws, [:arf_report_id], :unique => true
|
9
|
+
end
|
10
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'digest/sha2'
|
2
|
+
|
3
|
+
class AddScaptimonyScapContentDigest < ActiveRecord::Migration
|
4
|
+
def change
|
5
|
+
add_column :scaptimony_scap_contents, :digest, :string, :limit => 128
|
6
|
+
ScapContentHack.find_each do |content|
|
7
|
+
content.digest
|
8
|
+
content.save!
|
9
|
+
end
|
10
|
+
change_column :scaptimony_scap_contents, :digest, :string, :null => false
|
11
|
+
end
|
12
|
+
|
13
|
+
class ScapContentHack < ActiveRecord::Base
|
14
|
+
self.table_name = 'scaptimony_scap_contents'
|
15
|
+
def digest
|
16
|
+
self[:digest] ||= Digest::SHA256.hexdigest "#{scap_file}"
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
data/db/seeds.rb
CHANGED
@@ -1,9 +1,9 @@
|
|
1
|
-
Scaptimony::XccdfResult.
|
2
|
-
Scaptimony::XccdfResult.
|
3
|
-
Scaptimony::XccdfResult.
|
4
|
-
Scaptimony::XccdfResult.
|
5
|
-
Scaptimony::XccdfResult.
|
6
|
-
Scaptimony::XccdfResult.
|
7
|
-
Scaptimony::XccdfResult.
|
8
|
-
Scaptimony::XccdfResult.
|
9
|
-
Scaptimony::XccdfResult.
|
1
|
+
Scaptimony::XccdfResult.find_or_create_by_name(:name => 'pass')
|
2
|
+
Scaptimony::XccdfResult.find_or_create_by_name(:name => 'fail')
|
3
|
+
Scaptimony::XccdfResult.find_or_create_by_name(:name => 'error')
|
4
|
+
Scaptimony::XccdfResult.find_or_create_by_name(:name => 'unknown')
|
5
|
+
Scaptimony::XccdfResult.find_or_create_by_name(:name => 'notapplicable')
|
6
|
+
Scaptimony::XccdfResult.find_or_create_by_name(:name => 'notchecked')
|
7
|
+
Scaptimony::XccdfResult.find_or_create_by_name(:name => 'notselected')
|
8
|
+
Scaptimony::XccdfResult.find_or_create_by_name(:name => 'informational')
|
9
|
+
Scaptimony::XccdfResult.find_or_create_by_name(:name => 'fixed')
|
data/lib/scaptimony.rb
CHANGED
@@ -12,13 +12,18 @@ require 'digest'
|
|
12
12
|
|
13
13
|
module Scaptimony
|
14
14
|
module ArfReportsHelper
|
15
|
-
def self.create_arf(asset, params, arf_bzip)
|
16
|
-
#
|
17
|
-
policy = Policy.
|
15
|
+
def self.create_arf(asset, params, arf_bzip, arf_bzip_size)
|
16
|
+
# fail if policy does not exist.
|
17
|
+
policy = Policy.find(params[:policy_id])
|
18
18
|
digest = Digest::SHA256.hexdigest arf_bzip
|
19
|
-
|
20
|
-
|
21
|
-
|
19
|
+
ArfReportRaw.transaction do
|
20
|
+
# TODO:RAILS-4.0: This should become arf_report = ArfReport.find_or_create_by! ...
|
21
|
+
arf_report = ArfReport.where(:asset_id => asset.id, :policy_id => policy.id,
|
22
|
+
:date => params[:date], :digest => digest).first_or_create!
|
23
|
+
if arf_report.arf_report_raw.nil?
|
24
|
+
ArfReportRaw.where(:arf_report_id => arf_report.id, :size => arf_bzip_size, :bzip_data => arf_bzip).create!
|
25
|
+
end
|
26
|
+
end
|
22
27
|
end
|
23
28
|
end
|
24
29
|
end
|
data/lib/scaptimony/engine.rb
CHANGED
data/lib/scaptimony/version.rb
CHANGED
@@ -3,7 +3,7 @@ require File.expand_path('../boot', __FILE__)
|
|
3
3
|
require 'rails/all'
|
4
4
|
|
5
5
|
Bundler.require
|
6
|
-
require
|
6
|
+
require 'scaptimony'
|
7
7
|
|
8
8
|
module Dummy
|
9
9
|
class Application < Rails::Application
|
@@ -30,7 +30,7 @@ module Dummy
|
|
30
30
|
# config.i18n.default_locale = :de
|
31
31
|
|
32
32
|
# Configure the default encoding used in templates for Ruby 1.9.
|
33
|
-
config.encoding =
|
33
|
+
config.encoding = 'utf-8'
|
34
34
|
|
35
35
|
# Configure sensitive parameters which will be filtered from the log file.
|
36
36
|
config.filter_parameters += [:password]
|
@@ -56,4 +56,3 @@ module Dummy
|
|
56
56
|
config.assets.version = '1.0'
|
57
57
|
end
|
58
58
|
end
|
59
|
-
|
data/test/dummy/config/boot.rb
CHANGED
@@ -9,7 +9,7 @@ Dummy::Application.configure do
|
|
9
9
|
|
10
10
|
# Configure static asset server for tests with Cache-Control for performance
|
11
11
|
config.serve_static_assets = true
|
12
|
-
config.static_cache_control =
|
12
|
+
config.static_cache_control = 'public, max-age=3600'
|
13
13
|
|
14
14
|
# Log error messages when you accidentally call methods on nil
|
15
15
|
config.whiny_nils = true
|
data/test/dummy/config/routes.rb
CHANGED
data/test/scaptimony_test.rb
CHANGED
data/test/test_helper.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
# Configure Rails Environment
|
2
|
-
ENV[
|
2
|
+
ENV['RAILS_ENV'] = 'test'
|
3
3
|
|
4
|
-
require File.expand_path(
|
5
|
-
require
|
4
|
+
require File.expand_path('../dummy/config/environment.rb', __FILE__)
|
5
|
+
require 'rails/test_help'
|
6
6
|
|
7
7
|
Rails.backtrace_cleaner.remove_silencers!
|
8
8
|
|
@@ -11,5 +11,5 @@ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
|
|
11
11
|
|
12
12
|
# Load fixtures from the engine
|
13
13
|
if ActiveSupport::TestCase.method_defined?(:fixture_path=)
|
14
|
-
ActiveSupport::TestCase.fixture_path = File.expand_path(
|
14
|
+
ActiveSupport::TestCase.fixture_path = File.expand_path('../fixtures', __FILE__)
|
15
15
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: scaptimony
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Šimon Lukašík
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2015-01-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - '>='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.4.
|
33
|
+
version: 0.4.1
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '>='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.4.
|
40
|
+
version: 0.4.1
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: sqlite3
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -75,25 +75,35 @@ files:
|
|
75
75
|
- app/models/scaptimony/xccdf_rule.rb
|
76
76
|
- app/models/scaptimony/xccdf_result.rb
|
77
77
|
- app/models/scaptimony/asset.rb
|
78
|
+
- app/models/scaptimony/asset_policy.rb
|
78
79
|
- app/models/scaptimony/scap_content_profile.rb
|
80
|
+
- app/models/scaptimony/arf_report_raw.rb
|
79
81
|
- app/models/scaptimony/arf_report_breakdown.rb
|
80
82
|
- config/routes.rb
|
81
83
|
- db/migrate/20141116171305_add_profile_to_scaptimony_policies.rb
|
82
84
|
- db/migrate/20141116170632_remove_xccdf_profile_from_scaptimony_policies.rb
|
83
85
|
- db/migrate/20141119182606_create_scaptimony_xccdf_rule_results.rb
|
86
|
+
- db/migrate/20150116083129_add_day_of_month_and_cron_line_to_scaptimony_policy.rb
|
84
87
|
- db/migrate/20141015115511_add_arf_report_unique_constraint.rb
|
85
88
|
- db/migrate/20141015092642_create_scaptimony_arf_reports.rb
|
89
|
+
- db/migrate/20150111085317_polymorph_asset.rb
|
90
|
+
- db/migrate/20141216154502_rename_scaptimony_asset_policies.rb
|
86
91
|
- db/migrate/20141119175434_create_scaptimony_xccdf_rules.rb
|
87
92
|
- db/migrate/20141014105333_create_scaptimony_assets.rb
|
88
93
|
- db/migrate/20141119164918_create_scaptimony_xccdf_results.rb
|
94
|
+
- db/migrate/20150112152944_create_scaptimony_arf_report_raws.rb
|
89
95
|
- db/migrate/20141107091756_add_columns_to_scaptimony_scap_contents.rb
|
90
96
|
- db/migrate/20141113221054_create_scaptimony_scap_content_profiles.rb
|
91
97
|
- db/migrate/20141111104519_add_constraint_to_scaptimony_scap_contents.rb
|
92
98
|
- db/migrate/20141105174834_add_columns_to_scaptimony_policies.rb
|
93
99
|
- db/migrate/20141104164201_create_scaptimony_scap_contents.rb
|
94
100
|
- db/migrate/20141013172051_create_scaptimony_policies.rb
|
101
|
+
- db/migrate/20141206211151_create_scaptimony_assets_policies.rb
|
95
102
|
- db/migrate/20141105174625_add_description_to_scaptimony_policy_revisions.rb
|
103
|
+
- db/migrate/20150115155947_add_scaptimony_scap_content_digest.rb
|
96
104
|
- db/migrate/20141104171545_create_scaptimony_policy_revisions.rb
|
105
|
+
- db/migrate/20150114210634_rename_scaptimony_arf_report_raw_raw.rb
|
106
|
+
- db/migrate/20141214112917_add_scap_file_to_scap_content.rb
|
97
107
|
- db/migrate/20141121120326_create_scaptimony_arf_report_breakdowns.rb
|
98
108
|
- db/migrate/20141118142954_add_constraint_to_scaptimony_policies.rb
|
99
109
|
- db/migrate/20141121164042_replace_arf_report_breakdown_view.rb
|
@@ -134,7 +144,6 @@ files:
|
|
134
144
|
- test/dummy/config/locales/en.yml
|
135
145
|
- test/dummy/config.ru
|
136
146
|
- test/dummy/README.rdoc
|
137
|
-
- test/fixtures/scaptimony/scap_contents.yml
|
138
147
|
- test/fixtures/scaptimony/xccdf_rule_results.yml
|
139
148
|
- test/fixtures/scaptimony/xccdf_results.yml
|
140
149
|
- test/fixtures/scaptimony/policies.yml
|
@@ -155,6 +164,7 @@ files:
|
|
155
164
|
- test/models/scaptimony/arf_report_breakdown_test.rb
|
156
165
|
- test/models/scaptimony/arf_report_test.rb
|
157
166
|
- test/models/scaptimony/asset_test.rb
|
167
|
+
- test/models/scaptimony/arf_report_raw_test.rb
|
158
168
|
- test/models/scaptimony/xccdf_rule_result_test.rb
|
159
169
|
- test/models/scaptimony/policy_test.rb
|
160
170
|
homepage: https://github.com/OpenSCAP/scaptimony
|
@@ -210,7 +220,6 @@ test_files:
|
|
210
220
|
- test/dummy/config/locales/en.yml
|
211
221
|
- test/dummy/config.ru
|
212
222
|
- test/dummy/README.rdoc
|
213
|
-
- test/fixtures/scaptimony/scap_contents.yml
|
214
223
|
- test/fixtures/scaptimony/xccdf_rule_results.yml
|
215
224
|
- test/fixtures/scaptimony/xccdf_results.yml
|
216
225
|
- test/fixtures/scaptimony/policies.yml
|
@@ -231,5 +240,6 @@ test_files:
|
|
231
240
|
- test/models/scaptimony/arf_report_breakdown_test.rb
|
232
241
|
- test/models/scaptimony/arf_report_test.rb
|
233
242
|
- test/models/scaptimony/asset_test.rb
|
243
|
+
- test/models/scaptimony/arf_report_raw_test.rb
|
234
244
|
- test/models/scaptimony/xccdf_rule_result_test.rb
|
235
245
|
- test/models/scaptimony/policy_test.rb
|