scaptimony 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 412955cff2de89a310f911da39fc9cf4d2ac20b3
-  data.tar.gz: d839f32280880847e102a56c9a939d1e296956fc
+  metadata.gz: 1de7b66071d1a5cdc7b8a35b6e771aa9c1afab00
+  data.tar.gz: 45ac4cc03c0630a39a5b8f9e1e85e390a3795cf3
 SHA512:
-  metadata.gz: 91080cb2eabe76f0038636ed5e0ae8b77374580a4557bd0963c785e222ece1081654856887e669dd59425c5e529d086ac6cd9dc76cd75b37b4c92fde0005561b
-  data.tar.gz: e1aba9516775e5068e43eed1959be8761e027ec9063a76b3a9c3a6b8de63feed1acf413a9675542522e7d980c80ad85e06bea07a741d90b047b5556ebf23e5e4
+  metadata.gz: 40b85faa5dca890f6c0935e823ec40110d3107fb7fde70f20cac95cd9d82e90f8c2635af70d8826b35d7e11658b023a771b71996a9110439b0a85c5f69bf9db2
+  data.tar.gz: 101fec51fa7ae58fd6290866b4103a2f573ecb252278c5a24e49ec1946c6c2a632ca3f5cca9c7f316dca5604259e8ef48039554308f9a3f4e82829f40a971fb9

data/README.md

@@ -10,20 +10,20 @@ as a stand-alone sealed server.
     + Provide API for tools to upload collected SCAP results
   + Define security/compliance policies
     + Upload SCAP content and assign it with the policy
+    + Set-up a periodical schedule of audits for the policy
+    + Organization defined targeting (Assign a set of nodes with the policy)
   + Result post-processing
     + Search SCAP results
     + Search for non-compliant systems
+    + Search for not audited systems
   + Rails artefacts to display audit results within your application
 + Future features:
   + Define security/compliance policies
     + Archive distinct versions of the policy
-    + Set-up a periodical schedule of audits for the policy
-    + Organization defined targeting (Assign a set of nodes with the policy)
     + Define known-issues and waivers (Assign waivers with a set of nodes and the policy)
     + Set-up rules for automated deletion of results
   + vulnerability assessment (processing OVAL CVE streams)
   + Result post-processing
-    + Search for not audited systems
     * Comparison of audit results
     + Waive known issues
       + One time waivers of a report
@@ -32,7 +32,17 @@ as a stand-alone sealed server.
       + Calculate score before and after waiver (ammount of risk accepted needs to be made available to the authorizing official)
   + Let us know, if your feature is missing.
 
-## Installation
+## Installation from RPMs
+
+- Enable [isimluk/OpenSCAP](https://copr.fedoraproject.org/coprs/isimluk/OpenSCAP/) COPR repository
+
+- Install SCAPtimony
+
+  ```
+  yum install rubygem-scaptimony ruby193-rubygem-scaptimony
+  ```
+
+## Installation from upstream git
 
 - Get SCAPtimony sources
 
@@ -47,7 +57,7 @@ as a stand-alone sealed server.
   ```
   $ cd scaptimony
   $ gem build scaptimony.gemspec
-  # yum install yum-utils rpm-build scl-utils scl-utils-build ruby193-rubygems-devel
+  # yum install yum-utils rpm-build scl-utils scl-utils-build ruby193-rubygems-devel ruby193-build ruby193
   # yum-builddep extra/rubygem-scaptimony.spec
   $ rpmbuild  --define "_sourcedir `pwd`" --define "scl ruby193" -ba extra/rubygem-scaptimony.spec
   ```
@@ -55,7 +65,7 @@ as a stand-alone sealed server.
 - Install SCAPtimony RPM
 
   ```
-  # yum local install ~/rpmbuild/RPMS/noarch/ruby193-rubygem-scaptimony-*.noarch.rpm
+  # yum localinstall ~/rpmbuild/RPMS/noarch/ruby193-rubygem-scaptimony-*.noarch.rpm
   ```
 
 ## Usage

data/Rakefile

@@ -20,7 +20,7 @@ RDoc::Task.new(:rdoc) do |rdoc|
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
 
-APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
 load 'rails/tasks/engine.rake'
 
 

data/app/models/scaptimony/arf_report.rb

@@ -1,85 +1,81 @@
-require 'fileutils'
-require 'openscap'
-require 'openscap/ds/arf'
-require 'openscap/xccdf/testresult'
-require 'openscap/xccdf/ruleresult'
-require 'scaptimony/engine'
-
 module Scaptimony
   class ArfReport < ActiveRecord::Base
     belongs_to :asset
     belongs_to :policy
+    delegate :assetable, :to => :asset, :as => :assetable
     has_many :xccdf_rule_results, :dependent => :destroy
+    has_one :arf_report_raw, :dependent => :destroy
     has_one :arf_report_breakdown
 
-    before_destroy { |record|
-      record.delete
-    }
+    scope :breakdown, joins(:arf_report_breakdown)
+    scope :comply, breakdown.where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 })
+    scope :incomply, breakdown.where('scaptimony_arf_report_breakdowns.failed != 0') # TODO:RAILS-4.0: where.not
+    scope :inconclusive, breakdown.where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 })
+    scope :latest, joins('INNER JOIN (select asset_id, policy_id, max(id) AS id
+                          FROM scaptimony_arf_reports
+                          GROUP BY asset_id, policy_id) latest
+                          ON scaptimony_arf_reports.id = latest.id')
 
-    scoped_search :on => :date, :complete_value => true
+    scoped_search :on => :date, :complete_value => true, :default_order => :desc
     scoped_search :in => :arf_report_breakdown, :on => :passed
     scoped_search :in => :arf_report_breakdown, :on => :failed
     scoped_search :in => :arf_report_breakdown, :on => :othered
+    scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :compliance_policy
+    scoped_search :on => :id, :rename => :last_for, :complete_value => { :host => 0, :policy => 1 },
+      :only_explicit => true, :ext_method => :search_by_last_for
+    scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :comply_with,
+      :only_explicit => true, :operators => ['= '], :ext_method => :search_by_comply_with
+    scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :not_comply_with,
+      :only_explicit => true, :operators => ['= '], :ext_method => :search_by_not_comply_with
+    scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :inconclusive_with,
+      :only_explicit => true, :operators => ['= '], :ext_method => :search_by_inconclusive_with
 
     def passed; arf_report_breakdown ? arf_report_breakdown.passed : 0; end
     def failed; arf_report_breakdown ? arf_report_breakdown.failed : 0; end
     def othered; arf_report_breakdown ? arf_report_breakdown.othered : 0; end
 
-    def store!(data)
-      begin
-        FileUtils.mkdir_p dir
-        File.open(path, 'wb') { |f| f.write(data) }
-        save_dependent_entities
-      rescue StandardError => e
-        logger.error "Could not store ARF to '#{path}': #{e.message}"
-        raise e
+    def to_html
+      if arf_report_raw.nil?
+        fail Error, "Cannot generate HTML report, ArfReport #{id} is missing XML details"
       end
+      arf_report_raw.to_html
     end
 
-    def each
-      OpenSCAP.oscap_init
-      arf = OpenSCAP::DS::Arf.new path
-      yield arf.html
-      arf.destroy
-      OpenSCAP.oscap_cleanup
+    def self.search_by_comply_with(_key, _operator, policy_name)
+      search_by_policy_results policy_name, &:comply
     end
 
-    def delete
-      File.delete path
-      begin
-        Dir.delete dir
-      rescue StandardError => e
-      end
+    def self.search_by_not_comply_with(_key, _operator, policy_name)
+      search_by_policy_results policy_name, &:incomply
     end
 
-    private
-    def save_dependent_entities
-      return unless xccdf_rule_results.empty?
-      begin
-        OpenSCAP.oscap_init
-        arf = OpenSCAP::DS::Arf.new path
-        test_result = arf.test_result
-        test_result.rr.each {|rr_id, rr|
-          rule = ::Scaptimony::XccdfRule.where(:xid => rr_id).first_or_create!
-          xccdf_rule_results.create!(:xccdf_rule_id => rule.id, :xccdf_result_id => XccdfResult.f(rr.result).id)
-        }
-      rescue StandardError => e
-        xccdf_rule_results.destroy_all
-        raise e
-      ensure
-        test_result.destroy unless test_result.nil?
-        arf.destroy unless arf.nil?
-        OpenSCAP.oscap_cleanup
-      end
+    def self.search_by_inconclusive_with(_key, _operator, policy_name)
+      search_by_policy_results policy_name, &:inconclusive
     end
 
-    def path
-      "#{dir}/#{digest}.xml.bz2"
+    def self.search_by_policy_results(policy_name, &selection)
+      cond = sanitize_sql_for_conditions('scaptimony_policies.name' => policy_name)
+      { :conditions => Scaptimony::ArfReport.arel_table[:id].in(
+          Scaptimony::ArfReport.select(Scaptimony::ArfReport.arel_table[:id])
+            .latest.instance_eval(&selection).joins(:policy).where(cond).ast
+        ).to_sql
+      }
     end
 
-    def dir
-      # TODO this should be configurable
-      "#{Scaptimony::Engine.dir}/arf/#{asset.name}/#{policy.name}/#{date}"
+    def self.search_by_last_for(key, operator, by)
+      by.gsub!(/[^[:alnum:]]/, '')
+      case by.downcase
+      when 'host'
+        { :conditions => 'scaptimony_arf_reports.id IN (
+              SELECT MAX(id) FROM scaptimony_arf_reports sub
+              WHERE sub.asset_id = scaptimony_arf_reports.asset_id)' }
+      when 'policy'
+        { :conditions => 'scaptimony_arf_reports.id IN (
+              SELECT MAX(id) FROM scaptimony_arf_reports sub
+              WHERE sub.policy_id = scaptimony_arf_reports.policy_id)' }
+      else
+        fail "Cannot search last by #{by}"
+      end
     end
   end
 end

data/app/models/scaptimony/arf_report_raw.rb

@@ -0,0 +1,51 @@
+require 'openscap'
+require 'openscap/ds/arf'
+require 'openscap/xccdf/testresult'
+require 'openscap/xccdf/ruleresult'
+
+module Scaptimony
+  class ArfReportRaw < ActiveRecord::Base
+    set_primary_key :arf_report_id
+    belongs_to :arf_report
+    after_create :save_dependent_entities
+
+    def to_html
+      arf = build_arf
+      html = arf.html
+      arf.destroy
+      OpenSCAP.oscap_cleanup
+      html
+    end
+
+    private
+
+    def save_dependent_entities
+      return if arf_report.xccdf_rule_results.any?
+      return if size < 0
+      begin
+        arf = build_arf
+        test_result = arf.test_result
+        create_rule_results(test_result)
+      rescue StandardError => e
+        arf_report.xccdf_rule_results.destroy_all
+        raise e
+      ensure
+        test_result.destroy unless test_result.nil?
+        arf.destroy unless arf.nil?
+        OpenSCAP.oscap_cleanup
+      end
+    end
+
+    def create_rule_results(test_result)
+      test_result.rr.each {|rr_id, rr|
+        rule = ::Scaptimony::XccdfRule.where(:xid => rr_id).first_or_create!
+        arf_report.xccdf_rule_results.create!(:xccdf_rule_id => rule.id, :xccdf_result_id => XccdfResult.f(rr.result).id)
+      }
+    end
+
+    def build_arf
+      OpenSCAP.oscap_init
+      OpenSCAP::DS::Arf.new :content => bzip_data, :path => 'arf.xml.bz2', :length => size
+    end
+  end
+end

data/app/models/scaptimony/asset.rb

@@ -1,4 +1,33 @@
 module Scaptimony
   class Asset < ActiveRecord::Base
+    has_many :asset_policies
+    has_many :policies, :through => :asset_policies
+    has_many :arf_reports, :dependent => :destroy
+
+    scope :policy_reports, lambda { |policy| includes(:arf_reports).where(:scaptimony_arf_reports => { :policy_id => policy.id }) }
+    scope :policy_reports_missing, lambda { |policy|
+      where("id NOT IN (select asset_id from scaptimony_arf_reports where policy_id = #{policy.id})")
+    }
+    scope :comply_with, lambda { |policy|
+      last_arf(policy).breakdown.where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 })
+    }
+    scope :incomply_with, lambda { |policy|
+      last_arf(policy).breakdown.where('scaptimony_arf_report_breakdowns.failed != 0') # TODO:RAILS-4.0: rewrite with: where.not()
+    }
+    scope :inconclusive_with, lambda { |policy|
+      last_arf(policy).breakdown.
+        where(:scaptimony_arf_report_breakdowns => { :failed => 0, :othered => 0 }).
+        where('scaptimony_arf_report_breakdowns.failed != 0') # TODO:RAILS-4.0: rewrite with: where.not()
+    }
+    scope :breakdown, joins('INNER JOIN scaptimony_arf_report_breakdowns
+      ON scaptimony_arf_reports.id = scaptimony_arf_report_breakdowns.arf_report_id')
+    scope :last_arf, lambda { |policy|
+      joins("-- this is emo, we need some hipsters to rewrite this using arel
+             INNER JOIN (select asset_id, max(id) AS id
+             FROM scaptimony_arf_reports
+             WHERE policy_id = #{policy.id}
+             GROUP BY asset_id) scaptimony_arf_reports
+             ON scaptimony_arf_reports.asset_id = scaptimony_assets.id")
+    }
   end
 end

data/app/models/scaptimony/asset_policy.rb

@@ -0,0 +1,6 @@
+module Scaptimony
+  class AssetPolicy < ActiveRecord::Base
+    belongs_to :policy
+    belongs_to :asset
+  end
+end

data/app/models/scaptimony/policy.rb

@@ -3,31 +3,34 @@ require 'openscap/ds/sds'
 
 module Scaptimony
   class Policy < ActiveRecord::Base
+    attr_accessible :description, :name, :period, :scap_content_id, :scap_content_profile_id,
+                    :weekday, :day_of_month, :cron_line
     belongs_to :scap_content
     belongs_to :scap_content_profile
-    has_many :arf_reports, dependent: :destroy
+    has_many :arf_reports, :dependent => :destroy
+    has_many :asset_policies
+    has_many :assets, :through => :asset_policies
 
     validates :name, :presence => true
-  end
 
-  class GuideGenerator
-    def initialize(p)
-      case p
-      when Scaptimony::Policy
-        @scap_content = p.scap_content
-        @profile = p.scap_content_profile
-      end
-      if @scap_content.nil? or @scap_content.source.nil?
-        OpenSCAP.raise! "Cannot generate HTML Guide for #{@scap_content}/#{@profile}"
-      end
+    scoped_search :on => :name, :complete_value => true
+
+    def assign_assets(a)
+      self.asset_ids = (self.asset_ids + a.collect(&:id)).uniq
     end
 
-    def each
-      sds = OpenSCAP::DS::Sds.new @scap_content.source
+    def to_html
+      if self.scap_content.blank? || self.scap_content_profile.blank?
+        return warn(_('Cannot generate HTML guide for %{scap_content}/%{profile}') %
+          { :scap_content => self.scap_content, :profile => self.scap_content_profile })
+      end
+
+      sds = OpenSCAP::DS::Sds.new self.scap_content.source
       sds.select_checklist
-      profile_id = @profile.nil? ? nil : @profile.profile_id
-      yield sds.html_guide profile_id
+      profile_id = self.scap_content_profile.nil? ? nil : self.scap_content_profile.profile_id
+      html = sds.html_guide profile_id
       sds.destroy
+      html
     end
   end
 end

data/app/models/scaptimony/scap_content.rb

@@ -1,5 +1,4 @@
-require 'digest'
-require 'fileutils'
+require 'digest/sha2'
 require 'openscap/ds/sds'
 require 'openscap/source'
 require 'openscap/xccdf/benchmark'
@@ -8,24 +7,10 @@ require 'scaptimony/engine'
 module Scaptimony
   class DataStreamValidator < ActiveModel::Validator
     def validate(scap_content)
-      if !scap_content.new_record?
-        return true if scap_content.scap_file.nil?
-        scap_content.errors[:base] << _("Cannot change uploaded file while editing content.")
-        return false
-      end
-      if scap_content.scap_file.nil?
-        scap_content.errors[:base] << _("Please select file for upload.")
-        return false
-      end
-
-      existing = ScapContent.where(:digest => scap_content.digest).first
-      if !existing.nil?
-        scap_content.errors[:base] << _("This file has been already uploaded as '#{existing.title}'.")
-        return false
-      end
+      return unless scap_content.scap_file_changed?
 
       allowed_type = 'SCAP Source Datastream'
-      if scap_content.source.type != allowed_type
+      if scap_content.source.try(:type) != allowed_type
         scap_content.errors[:base] << _("Uploaded file is not #{allowed_type}.")
         return false
       end
@@ -35,36 +20,33 @@ module Scaptimony
       rescue OpenSCAP::OpenSCAPError => e
         scap_content.errors[:base] << e.message
       end
+
+      unless (scap_content.scap_content_profiles.map(&:profile_id) - scap_content.benchmark_profiles.profiles.keys).empty?
+        scap_content.errors[:base] << _('Changed file does not include existing SCAP Content profiles.')
+        return false
+      end
     end
   end
 
   class ScapContent < ActiveRecord::Base
+    attr_accessible :original_filename, :scap_file, :title
     has_many :scap_content_profiles, :dependent => :destroy
-    has_many :policies, :dependent => :destroy
+    has_many :policies
+
+    before_destroy EnsureNotUsedBy.new(:policies)
 
     validates_with Scaptimony::DataStreamValidator
     validates :title, :presence => true
     validates :digest, :presence => true
-    attr_accessor :scap_file
-
-    def store
-      if valid_store_attempt
-        begin
-          FileUtils.mkdir_p dir
-          source.save path
-          return false if !save
-          create_profiles
-        rescue StandardError => e
-          errors[:base] << e.message
-          return false
-        end
-      else
-        save
-      end
-    end
+    validates :scap_file, :presence => true
+
+    after_save :create_profiles
+
+    scoped_search :on => :title,             :complete_value => true
+    scoped_search :on => :original_filename, :complete_value => true, :rename => :filename
 
-    def valid_store_attempt
-      new_record? and !@scap_file.nil?
+    def to_label
+      title
     end
 
     def source
@@ -72,37 +54,32 @@ module Scaptimony
     end
 
     def digest
-      self[:digest] ||= Digest::SHA256.hexdigest "#{@scap_file}"
+      self[:digest] ||= Digest::SHA256.hexdigest "#{scap_file}"
     end
 
-    def path
-      "#{dir}/#{digest}"
+    # returns OpenSCAP::Xccdf::Benchmark with profiles.
+    def benchmark_profiles
+      sds          = ::OpenSCAP::DS::Sds.new(source)
+      bench_source = sds.select_checklist!
+      benchmark = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
+      sds.destroy
+      benchmark
     end
 
     private
     def source_init
       OpenSCAP.oscap_init
-      if new_record?
-        OpenSCAP::Source.new(:content => @scap_file, :path => path)
-      else
-        OpenSCAP::Source.new path
-      end
+      OpenSCAP::Source.new(:content => scap_file)
     end
 
-    def dir
-      "#{Scaptimony::Engine.dir}/content"
+    def create_profiles
+      bench = benchmark_profiles
+      bench.profiles.each { |key, profile|
+        scap_content_profiles.find_or_create_by_profile_id_and_title(key, profile.title)
+      }
+      bench.destroy
+
     end
 
-    def create_profiles
-        sds = ::OpenSCAP::DS::Sds.new source
-        bench_source = sds.select_checklist!
-        bench = ::OpenSCAP::Xccdf::Benchmark.new bench_source
-        bench.profiles.each { |key, profile|
-          scap_content_profiles.create!(:profile_id => key, :title => profile.title)
-        }
-        bench.destroy
-        sds.destroy
-        true
-      end
   end
 end

data/app/models/scaptimony/xccdf_result.rb

@@ -1,6 +1,6 @@
 module Scaptimony
   class XccdfResult < ActiveRecord::Base
-    def self.f result_name
+    def self.f(result_name)
       where(:name => "#{result_name}").first!
     end
   end

data/app/models/scaptimony/xccdf_rule_result.rb

@@ -4,7 +4,7 @@ module Scaptimony
     belongs_to :xccdf_result
     belongs_to :xccdf_rule
 
-    def self.f result_name
+    def self.f(result_name)
       includes(:xccdf_result).where("scaptimony_xccdf_results.name = '#{result_name}'")
     end
   end

data/db/migrate/20141015115511_add_arf_report_unique_constraint.rb

@@ -1,6 +1,6 @@
 class AddArfReportUniqueConstraint < ActiveRecord::Migration
   def change
     add_index :scaptimony_arf_reports, [:asset_id, :policy_id, :date, :digest],
-	:unique => true, :name => :index_scaptimony_arf_reports_unique_set
+              :unique => true, :name => :index_scaptimony_arf_reports_unique_set
   end
 end

data/db/migrate/20141104164201_create_scaptimony_scap_contents.rb

@@ -1,10 +1,7 @@
 class CreateScaptimonyScapContents < ActiveRecord::Migration
   def change
     create_table :scaptimony_scap_contents do |t|
-      t.string :digest, limit: 128
-
       t.timestamps
     end
-    add_index :scaptimony_scap_contents, :digest, unique: true
   end
 end

data/db/migrate/20141105174834_add_columns_to_scaptimony_policies.rb

@@ -5,7 +5,7 @@ class AddColumnsToScaptimonyPolicies < ActiveRecord::Migration
     add_column :scaptimony_policies, :weekday, :string
     add_column :scaptimony_policies, :description, :string
 
-    #This works only with rails-4, I want to support rails-3 too
+    # This works only with rails-4, I want to support rails-3 too
     # add_reference :scaptimony_policies, :scap_content, index: true
     add_column :scaptimony_policies, :scap_content_id, :integer, references: :scap_content
   end

data/db/migrate/20141111104519_add_constraint_to_scaptimony_scap_contents.rb

@@ -1,6 +1,5 @@
 class AddConstraintToScaptimonyScapContents < ActiveRecord::Migration
   def change
     change_column :scaptimony_scap_contents, :title, :string, :null => false
-    change_column :scaptimony_scap_contents, :digest, :string, :null => false
   end
 end

data/db/migrate/20141116171305_add_profile_to_scaptimony_policies.rb

@@ -1,6 +1,6 @@
 class AddProfileToScaptimonyPolicies < ActiveRecord::Migration
   def change
-    #add_reference :scaptimony_policies, :scap_content_profile, index: true
+    # add_reference :scaptimony_policies, :scap_content_profile, index: true
     add_column :scaptimony_policies, :scap_content_profile_id, :integer, references: :scap_content_profile
   end
 end

data/db/migrate/20141206211151_create_scaptimony_assets_policies.rb

@@ -0,0 +1,9 @@
+class CreateScaptimonyAssetsPolicies < ActiveRecord::Migration
+  def change
+    create_table :scaptimony_assets_policies, :id => false do |t|
+      t.references :asset, :index => true, :null => false
+      t.references :policy, :index => true, :null => false
+    end
+    add_index :scaptimony_assets_policies, [:asset_id, :policy_id], :unique => true
+  end
+end

data/db/migrate/20141214112917_add_scap_file_to_scap_content.rb

@@ -0,0 +1,5 @@
+class AddScapFileToScapContent < ActiveRecord::Migration
+  def change
+    add_column :scaptimony_scap_contents, :scap_file, :binary
+  end
+end

data/db/migrate/20141216154502_rename_scaptimony_asset_policies.rb

@@ -0,0 +1,5 @@
+class RenameScaptimonyAssetPolicies < ActiveRecord::Migration
+  def change
+    rename_table(:scaptimony_assets_policies, :scaptimony_asset_policies)
+  end
+end

data/db/migrate/20150111085317_polymorph_asset.rb

@@ -0,0 +1,8 @@
+class PolymorphAsset < ActiveRecord::Migration
+  def change
+    change_table(:scaptimony_assets) do |t|
+      t.references :assetable, :polymorphic => true, :index => true
+      t.remove :name
+    end
+  end
+end

data/db/migrate/20150112152944_create_scaptimony_arf_report_raws.rb

@@ -0,0 +1,10 @@
+class CreateScaptimonyArfReportRaws < ActiveRecord::Migration
+  def change
+    create_table :scaptimony_arf_report_raws, :id => false do |t|
+      t.references :arf_report, :index => true, :null => false
+      t.integer :size
+      t.binary :raw
+    end
+    add_index :scaptimony_arf_report_raws, [:arf_report_id], :unique => true
+  end
+end

data/db/migrate/20150114210634_rename_scaptimony_arf_report_raw_raw.rb

@@ -0,0 +1,5 @@
+class RenameScaptimonyArfReportRawRaw < ActiveRecord::Migration
+  def change
+    rename_column :scaptimony_arf_report_raws, :raw, :bzip_data
+  end
+end

data/db/migrate/20150115155947_add_scaptimony_scap_content_digest.rb

@@ -0,0 +1,19 @@
+require 'digest/sha2'
+
+class AddScaptimonyScapContentDigest < ActiveRecord::Migration
+  def change
+    add_column :scaptimony_scap_contents, :digest, :string, :limit => 128
+    ScapContentHack.find_each do |content|
+      content.digest
+      content.save!
+    end
+    change_column :scaptimony_scap_contents, :digest, :string, :null => false
+  end
+
+  class ScapContentHack < ActiveRecord::Base
+    self.table_name = 'scaptimony_scap_contents'
+    def digest
+      self[:digest] ||= Digest::SHA256.hexdigest "#{scap_file}"
+    end
+  end
+end

data/db/migrate/20150116083129_add_day_of_month_and_cron_line_to_scaptimony_policy.rb

@@ -0,0 +1,6 @@
+class AddDayOfMonthAndCronLineToScaptimonyPolicy < ActiveRecord::Migration
+  def change
+    add_column :scaptimony_policies, :day_of_month, :integer
+    add_column :scaptimony_policies, :cron_line, :string
+  end
+end

data/db/seeds.rb

@@ -1,9 +1,9 @@
-Scaptimony::XccdfResult.create(:name => 'pass')
-Scaptimony::XccdfResult.create(:name => 'fail')
-Scaptimony::XccdfResult.create(:name => 'error')
-Scaptimony::XccdfResult.create(:name => 'unknown')
-Scaptimony::XccdfResult.create(:name => 'notapplicable')
-Scaptimony::XccdfResult.create(:name => 'notchecked')
-Scaptimony::XccdfResult.create(:name => 'notselected')
-Scaptimony::XccdfResult.create(:name => 'informational')
-Scaptimony::XccdfResult.create(:name => 'fixed')
+Scaptimony::XccdfResult.find_or_create_by_name(:name => 'pass')
+Scaptimony::XccdfResult.find_or_create_by_name(:name => 'fail')
+Scaptimony::XccdfResult.find_or_create_by_name(:name => 'error')
+Scaptimony::XccdfResult.find_or_create_by_name(:name => 'unknown')
+Scaptimony::XccdfResult.find_or_create_by_name(:name => 'notapplicable')
+Scaptimony::XccdfResult.find_or_create_by_name(:name => 'notchecked')
+Scaptimony::XccdfResult.find_or_create_by_name(:name => 'notselected')
+Scaptimony::XccdfResult.find_or_create_by_name(:name => 'informational')
+Scaptimony::XccdfResult.find_or_create_by_name(:name => 'fixed')

data/lib/scaptimony.rb

@@ -1,4 +1,4 @@
-require "scaptimony/engine"
+require 'scaptimony/engine'
 
 module Scaptimony
 end

data/lib/scaptimony/arf_reports_helper.rb

@@ -12,13 +12,18 @@ require 'digest'
 
 module Scaptimony
   module ArfReportsHelper
-    def self.create_arf(asset, params, arf_bzip)
-      # TODO:RAILS-4.0: This should become policy = Policy.find_or_create_by!(name: params[:policy])
-      policy = Policy.where(:name => params[:policy]).first_or_create!
+    def self.create_arf(asset, params, arf_bzip, arf_bzip_size)
+      # fail if policy does not exist.
+      policy = Policy.find(params[:policy_id])
       digest = Digest::SHA256.hexdigest arf_bzip
-      # TODO:RAILS-4.0: This should become arf_report = ArfReport.find_or_create_by! ...
-      arf_report = ArfReport.where(:asset_id => asset.id, :policy_id => policy.id, :date => params[:date], :digest => digest).first_or_create!
-      arf_report.store!(arf_bzip)
+      ArfReportRaw.transaction do
+        # TODO:RAILS-4.0: This should become arf_report = ArfReport.find_or_create_by! ...
+        arf_report = ArfReport.where(:asset_id => asset.id, :policy_id => policy.id,
+                                     :date => params[:date], :digest => digest).first_or_create!
+        if arf_report.arf_report_raw.nil?
+          ArfReportRaw.where(:arf_report_id => arf_report.id, :size => arf_bzip_size, :bzip_data => arf_bzip).create!
+        end
+      end
     end
   end
 end

data/lib/scaptimony/engine.rb

@@ -1,9 +1,5 @@
 module Scaptimony
   class Engine < ::Rails::Engine
     isolate_namespace Scaptimony
-    def self.dir
-      # TODO this should be configurable
-      '/var/lib/foreman/scaptimony'
-    end
   end
 end

data/lib/scaptimony/version.rb

@@ -1,3 +1,3 @@
 module Scaptimony
-  VERSION = "0.2.0"
+  VERSION = '0.3.0'
 end

data/test/dummy/config/application.rb

@@ -3,7 +3,7 @@ require File.expand_path('../boot', __FILE__)
 require 'rails/all'
 
 Bundler.require
-require "scaptimony"
+require 'scaptimony'
 
 module Dummy
   class Application < Rails::Application
@@ -30,7 +30,7 @@ module Dummy
     # config.i18n.default_locale = :de
 
     # Configure the default encoding used in templates for Ruby 1.9.
-    config.encoding = "utf-8"
+    config.encoding = 'utf-8'
 
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password]
@@ -56,4 +56,3 @@ module Dummy
     config.assets.version = '1.0'
   end
 end
-

data/test/dummy/config/boot.rb

@@ -7,4 +7,4 @@ if File.exist?(gemfile)
   Bundler.setup
 end
 
-$:.unshift File.expand_path('../../../../lib', __FILE__)
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/test/dummy/config/environments/test.rb

@@ -9,7 +9,7 @@ Dummy::Application.configure do
 
   # Configure static asset server for tests with Cache-Control for performance
   config.serve_static_assets = true
-  config.static_cache_control = "public, max-age=3600"
+  config.static_cache_control = 'public, max-age=3600'
 
   # Log error messages when you accidentally call methods on nil
   config.whiny_nils = true

data/test/dummy/config/routes.rb

@@ -1,4 +1,4 @@
 Rails.application.routes.draw do
 
-  mount Scaptimony::Engine => "/scaptimony"
+  mount Scaptimony::Engine => '/scaptimony'
 end

data/test/integration/navigation_test.rb

@@ -7,4 +7,3 @@ class NavigationTest < ActionDispatch::IntegrationTest
   #   assert true
   # end
 end
-

data/test/models/scaptimony/arf_report_raw_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+module Scaptimony
+  class ArfReportRawTest < ActiveSupport::TestCase
+    # test "the truth" do
+    #   assert true
+    # end
+  end
+end

data/test/scaptimony_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 
 class ScaptimonyTest < ActiveSupport::TestCase
-  test "truth" do
+  test 'truth' do
     assert_kind_of Module, Scaptimony
   end
 end

data/test/test_helper.rb

@@ -1,8 +1,8 @@
 # Configure Rails Environment
-ENV["RAILS_ENV"] = "test"
+ENV['RAILS_ENV'] = 'test'
 
-require File.expand_path("../dummy/config/environment.rb",  __FILE__)
-require "rails/test_help"
+require File.expand_path('../dummy/config/environment.rb',  __FILE__)
+require 'rails/test_help'
 
 Rails.backtrace_cleaner.remove_silencers!
 
@@ -11,5 +11,5 @@ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
 
 # Load fixtures from the engine
 if ActiveSupport::TestCase.method_defined?(:fixture_path=)
-  ActiveSupport::TestCase.fixture_path = File.expand_path("../fixtures", __FILE__)
+  ActiveSupport::TestCase.fixture_path = File.expand_path('../fixtures', __FILE__)
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: scaptimony
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Šimon Lukašík
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-04 00:00:00.000000000 Z
+date: 2015-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: 0.4.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: 0.4.1
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -75,25 +75,35 @@ files:
 - app/models/scaptimony/xccdf_rule.rb
 - app/models/scaptimony/xccdf_result.rb
 - app/models/scaptimony/asset.rb
+- app/models/scaptimony/asset_policy.rb
 - app/models/scaptimony/scap_content_profile.rb
+- app/models/scaptimony/arf_report_raw.rb
 - app/models/scaptimony/arf_report_breakdown.rb
 - config/routes.rb
 - db/migrate/20141116171305_add_profile_to_scaptimony_policies.rb
 - db/migrate/20141116170632_remove_xccdf_profile_from_scaptimony_policies.rb
 - db/migrate/20141119182606_create_scaptimony_xccdf_rule_results.rb
+- db/migrate/20150116083129_add_day_of_month_and_cron_line_to_scaptimony_policy.rb
 - db/migrate/20141015115511_add_arf_report_unique_constraint.rb
 - db/migrate/20141015092642_create_scaptimony_arf_reports.rb
+- db/migrate/20150111085317_polymorph_asset.rb
+- db/migrate/20141216154502_rename_scaptimony_asset_policies.rb
 - db/migrate/20141119175434_create_scaptimony_xccdf_rules.rb
 - db/migrate/20141014105333_create_scaptimony_assets.rb
 - db/migrate/20141119164918_create_scaptimony_xccdf_results.rb
+- db/migrate/20150112152944_create_scaptimony_arf_report_raws.rb
 - db/migrate/20141107091756_add_columns_to_scaptimony_scap_contents.rb
 - db/migrate/20141113221054_create_scaptimony_scap_content_profiles.rb
 - db/migrate/20141111104519_add_constraint_to_scaptimony_scap_contents.rb
 - db/migrate/20141105174834_add_columns_to_scaptimony_policies.rb
 - db/migrate/20141104164201_create_scaptimony_scap_contents.rb
 - db/migrate/20141013172051_create_scaptimony_policies.rb
+- db/migrate/20141206211151_create_scaptimony_assets_policies.rb
 - db/migrate/20141105174625_add_description_to_scaptimony_policy_revisions.rb
+- db/migrate/20150115155947_add_scaptimony_scap_content_digest.rb
 - db/migrate/20141104171545_create_scaptimony_policy_revisions.rb
+- db/migrate/20150114210634_rename_scaptimony_arf_report_raw_raw.rb
+- db/migrate/20141214112917_add_scap_file_to_scap_content.rb
 - db/migrate/20141121120326_create_scaptimony_arf_report_breakdowns.rb
 - db/migrate/20141118142954_add_constraint_to_scaptimony_policies.rb
 - db/migrate/20141121164042_replace_arf_report_breakdown_view.rb
@@ -134,7 +144,6 @@ files:
 - test/dummy/config/locales/en.yml
 - test/dummy/config.ru
 - test/dummy/README.rdoc
-- test/fixtures/scaptimony/scap_contents.yml
 - test/fixtures/scaptimony/xccdf_rule_results.yml
 - test/fixtures/scaptimony/xccdf_results.yml
 - test/fixtures/scaptimony/policies.yml
@@ -155,6 +164,7 @@ files:
 - test/models/scaptimony/arf_report_breakdown_test.rb
 - test/models/scaptimony/arf_report_test.rb
 - test/models/scaptimony/asset_test.rb
+- test/models/scaptimony/arf_report_raw_test.rb
 - test/models/scaptimony/xccdf_rule_result_test.rb
 - test/models/scaptimony/policy_test.rb
 homepage: https://github.com/OpenSCAP/scaptimony
@@ -210,7 +220,6 @@ test_files:
 - test/dummy/config/locales/en.yml
 - test/dummy/config.ru
 - test/dummy/README.rdoc
-- test/fixtures/scaptimony/scap_contents.yml
 - test/fixtures/scaptimony/xccdf_rule_results.yml
 - test/fixtures/scaptimony/xccdf_results.yml
 - test/fixtures/scaptimony/policies.yml
@@ -231,5 +240,6 @@ test_files:
 - test/models/scaptimony/arf_report_breakdown_test.rb
 - test/models/scaptimony/arf_report_test.rb
 - test/models/scaptimony/asset_test.rb
+- test/models/scaptimony/arf_report_raw_test.rb
 - test/models/scaptimony/xccdf_rule_result_test.rb
 - test/models/scaptimony/policy_test.rb

data/test/fixtures/scaptimony/scap_contents.yml

@@ -1,7 +0,0 @@
-# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
-
-one:
-  digest: MyString
-
-two:
-  digest: MyString