smart_proxy_openscap 0.7.3 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/bin/smart-proxy-openscap-send +5 -1
- data/lib/smart_proxy_openscap/arf_parser.rb +74 -17
- data/lib/smart_proxy_openscap/content_parser.rb +19 -25
- data/lib/smart_proxy_openscap/fetch_scap_file.rb +45 -0
- data/lib/smart_proxy_openscap/foreman_arf_forwarder.rb +15 -0
- data/lib/smart_proxy_openscap/foreman_forwarder.rb +19 -16
- data/lib/smart_proxy_openscap/foreman_oval_forwarder.rb +19 -0
- data/lib/smart_proxy_openscap/openscap_api.rb +59 -28
- data/lib/smart_proxy_openscap/openscap_exception.rb +1 -0
- data/lib/smart_proxy_openscap/openscap_html_generator.rb +1 -1
- data/lib/smart_proxy_openscap/openscap_import_api.rb +3 -3
- data/lib/smart_proxy_openscap/openscap_lib.rb +5 -3
- data/lib/smart_proxy_openscap/openscap_plugin.rb +2 -1
- data/lib/smart_proxy_openscap/oval_report_parser.rb +54 -0
- data/lib/smart_proxy_openscap/oval_report_storage_fs.rb +26 -0
- data/lib/smart_proxy_openscap/profiles_parser.rb +22 -23
- data/lib/smart_proxy_openscap/spool_forwarder.rb +4 -4
- data/lib/smart_proxy_openscap/storage.rb +0 -2
- data/lib/smart_proxy_openscap/storage_fs.rb +7 -4
- data/lib/smart_proxy_openscap/storage_fs_common.rb +42 -0
- data/lib/smart_proxy_openscap/version.rb +1 -1
- data/settings.d/openscap.yml.example +3 -0
- data/smart_proxy_openscap.gemspec +2 -0
- data/test/data/oval-results.xml.bz2 +0 -0
- data/test/data/rhel-7-including-unpatched.oval.xml.bz2 +0 -0
- data/test/fetch_oval_content_api_test.rb +38 -0
- data/test/fetch_scap_api_test.rb +1 -1
- data/test/oval_report_parser_test.rb +14 -0
- data/test/post_oval_report_api_test.rb +30 -0
- data/test/post_report_api_test.rb +2 -2
- data/test/scap_content_parser_api_test.rb +1 -1
- data/test/script_class_test.rb +0 -58
- metadata +29 -11
- data/bin/smart-proxy-arf-json +0 -7
- data/bin/smart-proxy-scap-profiles +0 -7
- data/bin/smart-proxy-scap-validation +0 -7
- data/lib/smart_proxy_openscap/arf_json.rb +0 -114
- data/lib/smart_proxy_openscap/fetch_scap_content.rb +0 -17
- data/lib/smart_proxy_openscap/fetch_tailoring_file.rb +0 -17
- data/lib/smart_proxy_openscap/scap_profiles.rb +0 -52
- data/lib/smart_proxy_openscap/scap_validation.rb +0 -35
@@ -58,7 +58,7 @@ class OpenSCAPApiTest < Test::Unit::TestCase
|
|
58
58
|
def test_fail_save_file_should_raise_error
|
59
59
|
@policy_id = 2
|
60
60
|
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}").to_return(:status => 500, :body => "{\"result\":\"server error\"}")
|
61
|
-
Proxy::OpenSCAP::
|
61
|
+
Proxy::OpenSCAP::StorageFs.any_instance.stubs(:create_directory).raises(StandardError)
|
62
62
|
post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
63
63
|
assert(last_response.server_error?, "Should return 500")
|
64
64
|
refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
|
@@ -67,7 +67,7 @@ class OpenSCAPApiTest < Test::Unit::TestCase
|
|
67
67
|
def test_success_post_fail_save_should_save_spool
|
68
68
|
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
|
69
69
|
.to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
|
70
|
-
Proxy::OpenSCAP::
|
70
|
+
Proxy::OpenSCAP::StorageFs.any_instance.stubs(:store_archive).raises(Proxy::OpenSCAP::StoreReportError)
|
71
71
|
post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
72
72
|
refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should not be in spool directory")
|
73
73
|
refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")
|
@@ -37,7 +37,7 @@ class ScapContentParserApiTest < Test::Unit::TestCase
|
|
37
37
|
|
38
38
|
def test_invalid_scap_content_policies
|
39
39
|
post '/scap_content/policies', '<xml>blah</xml>', 'CONTENT_TYPE' => 'text/xml'
|
40
|
-
assert(last_response.body.include?('
|
40
|
+
assert(last_response.body.include?('Failed to parse profiles'))
|
41
41
|
end
|
42
42
|
|
43
43
|
def test_scap_content_validator
|
data/test/script_class_test.rb
CHANGED
@@ -1,10 +1,6 @@
|
|
1
1
|
require 'test_helper'
|
2
2
|
require 'smart_proxy_openscap/arf_html'
|
3
|
-
require 'smart_proxy_openscap/arf_json'
|
4
3
|
require 'smart_proxy_openscap/policy_guide'
|
5
|
-
require 'smart_proxy_openscap/scap_profiles'
|
6
|
-
require 'smart_proxy_openscap/arf_json'
|
7
|
-
require 'smart_proxy_openscap/scap_validation'
|
8
4
|
|
9
5
|
class ScriptClassTest < Test::Unit::TestCase
|
10
6
|
def test_arf_generate_html
|
@@ -15,17 +11,6 @@ class ScriptClassTest < Test::Unit::TestCase
|
|
15
11
|
end
|
16
12
|
end
|
17
13
|
|
18
|
-
def test_arf_as_json
|
19
|
-
carry_out do |tmp|
|
20
|
-
Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
|
21
|
-
json = read_json tmp
|
22
|
-
refute_empty json['logs']
|
23
|
-
refute_empty json['metrics']
|
24
|
-
refute_empty json['openscap_proxy_name']
|
25
|
-
refute_empty json['openscap_proxy_url']
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
14
|
def test_policy_guide
|
30
15
|
carry_out do |tmp|
|
31
16
|
profile = "xccdf_org.ssgproject.content_profile_rht-ccp"
|
@@ -35,49 +20,6 @@ class ScriptClassTest < Test::Unit::TestCase
|
|
35
20
|
end
|
36
21
|
end
|
37
22
|
|
38
|
-
def test_scap_file_profiles
|
39
|
-
carry_out do |tmp|
|
40
|
-
Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
|
41
|
-
profiles = read_json tmp
|
42
|
-
refute_empty profiles
|
43
|
-
assert profiles["xccdf_org.ssgproject.content_profile_standard"]
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
def test_tailoring_file_profiles
|
48
|
-
carry_out do |tmp|
|
49
|
-
Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
|
50
|
-
profiles = read_json tmp
|
51
|
-
refute_empty profiles
|
52
|
-
assert profiles["xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized"]
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
def test_arf_json
|
57
|
-
carry_out do |tmp|
|
58
|
-
Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
|
59
|
-
json = read_json tmp
|
60
|
-
refute_empty json['logs']
|
61
|
-
refute_empty json['metrics']
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
def test_scap_content_validation
|
66
|
-
carry_out do |tmp|
|
67
|
-
Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
|
68
|
-
res = read_json tmp
|
69
|
-
assert_empty res['errors']
|
70
|
-
end
|
71
|
-
end
|
72
|
-
|
73
|
-
def test_tailoring_file_validation
|
74
|
-
carry_out do |tmp|
|
75
|
-
Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
|
76
|
-
res = read_json tmp
|
77
|
-
assert_empty res['errors']
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
23
|
private
|
82
24
|
|
83
25
|
def carry_out
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.9.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Šimon Lukašík
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2021-05-18 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rake
|
@@ -82,6 +82,20 @@ dependencies:
|
|
82
82
|
- - "~>"
|
83
83
|
- !ruby/object:Gem::Version
|
84
84
|
version: 0.4.7
|
85
|
+
- !ruby/object:Gem::Dependency
|
86
|
+
name: openscap_parser
|
87
|
+
requirement: !ruby/object:Gem::Requirement
|
88
|
+
requirements:
|
89
|
+
- - "~>"
|
90
|
+
- !ruby/object:Gem::Version
|
91
|
+
version: 1.0.2
|
92
|
+
type: :runtime
|
93
|
+
prerelease: false
|
94
|
+
version_requirements: !ruby/object:Gem::Requirement
|
95
|
+
requirements:
|
96
|
+
- - "~>"
|
97
|
+
- !ruby/object:Gem::Version
|
98
|
+
version: 1.0.2
|
85
99
|
description: |-
|
86
100
|
A plug-in to the Foreman's smart-proxy which receives
|
87
101
|
bzip2ed ARF files and forwards them to the Foreman.
|
@@ -99,24 +113,21 @@ files:
|
|
99
113
|
- README.md
|
100
114
|
- Rakefile
|
101
115
|
- bin/smart-proxy-arf-html
|
102
|
-
- bin/smart-proxy-arf-json
|
103
116
|
- bin/smart-proxy-openscap-send
|
104
117
|
- bin/smart-proxy-openscap-send-inner
|
105
118
|
- bin/smart-proxy-policy-guide
|
106
|
-
- bin/smart-proxy-scap-profiles
|
107
|
-
- bin/smart-proxy-scap-validation
|
108
119
|
- bundler.d/openscap.rb
|
109
120
|
- extra/rubygem-smart_proxy_openscap.spec
|
110
121
|
- extra/smart-proxy-openscap-send.cron
|
111
122
|
- lib/smart_proxy_openscap.rb
|
112
123
|
- lib/smart_proxy_openscap/arf_html.rb
|
113
|
-
- lib/smart_proxy_openscap/arf_json.rb
|
114
124
|
- lib/smart_proxy_openscap/arf_parser.rb
|
115
125
|
- lib/smart_proxy_openscap/content_parser.rb
|
116
126
|
- lib/smart_proxy_openscap/fetch_file.rb
|
117
|
-
- lib/smart_proxy_openscap/
|
118
|
-
- lib/smart_proxy_openscap/
|
127
|
+
- lib/smart_proxy_openscap/fetch_scap_file.rb
|
128
|
+
- lib/smart_proxy_openscap/foreman_arf_forwarder.rb
|
119
129
|
- lib/smart_proxy_openscap/foreman_forwarder.rb
|
130
|
+
- lib/smart_proxy_openscap/foreman_oval_forwarder.rb
|
120
131
|
- lib/smart_proxy_openscap/http_config.ru
|
121
132
|
- lib/smart_proxy_openscap/openscap_api.rb
|
122
133
|
- lib/smart_proxy_openscap/openscap_exception.rb
|
@@ -124,20 +135,23 @@ files:
|
|
124
135
|
- lib/smart_proxy_openscap/openscap_import_api.rb
|
125
136
|
- lib/smart_proxy_openscap/openscap_lib.rb
|
126
137
|
- lib/smart_proxy_openscap/openscap_plugin.rb
|
138
|
+
- lib/smart_proxy_openscap/oval_report_parser.rb
|
139
|
+
- lib/smart_proxy_openscap/oval_report_storage_fs.rb
|
127
140
|
- lib/smart_proxy_openscap/policy_guide.rb
|
128
141
|
- lib/smart_proxy_openscap/policy_parser.rb
|
129
142
|
- lib/smart_proxy_openscap/profiles_parser.rb
|
130
|
-
- lib/smart_proxy_openscap/scap_profiles.rb
|
131
|
-
- lib/smart_proxy_openscap/scap_validation.rb
|
132
143
|
- lib/smart_proxy_openscap/shell_wrapper.rb
|
133
144
|
- lib/smart_proxy_openscap/spool_forwarder.rb
|
134
145
|
- lib/smart_proxy_openscap/storage.rb
|
135
146
|
- lib/smart_proxy_openscap/storage_fs.rb
|
147
|
+
- lib/smart_proxy_openscap/storage_fs_common.rb
|
136
148
|
- lib/smart_proxy_openscap/version.rb
|
137
149
|
- settings.d/openscap.yml.example
|
138
150
|
- smart_proxy_openscap.gemspec
|
139
151
|
- test/data/arf_report
|
140
152
|
- test/data/corrupted_arf_report
|
153
|
+
- test/data/oval-results.xml.bz2
|
154
|
+
- test/data/rhel-7-including-unpatched.oval.xml.bz2
|
141
155
|
- test/data/spool/cleanup_spool/arf/2c101b95-033f-4b15-b490-f50bf9090dae/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
142
156
|
- test/data/spool/cleanup_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
143
157
|
- test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/a4dfba5db27b21795e6fa401b8dce7a70faeb25b7963891f07f6f4baaf052afb
|
@@ -146,9 +160,12 @@ files:
|
|
146
160
|
- test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
147
161
|
- test/data/ssg-rhel7-ds.xml
|
148
162
|
- test/data/tailoring.xml
|
163
|
+
- test/fetch_oval_content_api_test.rb
|
149
164
|
- test/fetch_scap_api_test.rb
|
150
165
|
- test/fetch_tailoring_api_test.rb
|
151
166
|
- test/get_report_xml_html_test.rb
|
167
|
+
- test/oval_report_parser_test.rb
|
168
|
+
- test/post_oval_report_api_test.rb
|
152
169
|
- test/post_report_api_test.rb
|
153
170
|
- test/scap_content_parser_api_test.rb
|
154
171
|
- test/script_class_test.rb
|
@@ -172,7 +189,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
172
189
|
- - ">="
|
173
190
|
- !ruby/object:Gem::Version
|
174
191
|
version: '0'
|
175
|
-
requirements:
|
192
|
+
requirements:
|
193
|
+
- bzip2
|
176
194
|
rubygems_version: 3.1.2
|
177
195
|
signing_key:
|
178
196
|
specification_version: 4
|
data/bin/smart-proxy-arf-json
DELETED
@@ -1,114 +0,0 @@
|
|
1
|
-
# encoding=utf-8
|
2
|
-
require 'openscap'
|
3
|
-
require 'openscap/ds/arf'
|
4
|
-
require 'openscap/xccdf/testresult'
|
5
|
-
require 'openscap/xccdf/ruleresult'
|
6
|
-
require 'openscap/xccdf/rule'
|
7
|
-
require 'openscap/xccdf/fix'
|
8
|
-
require 'openscap/xccdf/benchmark'
|
9
|
-
require 'json'
|
10
|
-
require 'digest'
|
11
|
-
|
12
|
-
module Proxy
|
13
|
-
module OpenSCAP
|
14
|
-
class ArfJson
|
15
|
-
def as_json(file_in, file_out, proxy_name, proxy_url)
|
16
|
-
::OpenSCAP.oscap_init
|
17
|
-
arf_digest = Digest::SHA256.hexdigest(File.read(file_in))
|
18
|
-
|
19
|
-
arf = ::OpenSCAP::DS::Arf.new(file_in)
|
20
|
-
test_result = arf.test_result
|
21
|
-
|
22
|
-
results = test_result.rr
|
23
|
-
sds = arf.report_request
|
24
|
-
bench_source = sds.select_checklist!
|
25
|
-
benchmark = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
|
26
|
-
items = benchmark.items
|
27
|
-
|
28
|
-
report = parse_results(items, results, arf_digest)
|
29
|
-
report[:openscap_proxy_name] = proxy_name
|
30
|
-
report[:openscap_proxy_url] = proxy_url
|
31
|
-
|
32
|
-
File.write file_out, report.to_json
|
33
|
-
ensure
|
34
|
-
cleanup test_result, benchmark, sds, arf
|
35
|
-
end
|
36
|
-
|
37
|
-
private
|
38
|
-
|
39
|
-
def parse_results(items, results, arf_digest)
|
40
|
-
report = {}
|
41
|
-
report[:logs] = []
|
42
|
-
passed = 0
|
43
|
-
failed = 0
|
44
|
-
othered = 0
|
45
|
-
results.each do |rr_id, result|
|
46
|
-
next if result.result == 'notapplicable' || result.result == 'notselected'
|
47
|
-
# get rules and their results
|
48
|
-
rule_data = items[rr_id]
|
49
|
-
report[:logs] << populate_result_data(rr_id, result.result, rule_data)
|
50
|
-
# create metrics for the results
|
51
|
-
case result.result
|
52
|
-
when 'pass', 'fixed'
|
53
|
-
passed += 1
|
54
|
-
when 'fail'
|
55
|
-
failed += 1
|
56
|
-
else
|
57
|
-
othered += 1
|
58
|
-
end
|
59
|
-
end
|
60
|
-
report[:digest] = arf_digest
|
61
|
-
report[:metrics] = { :passed => passed, :failed => failed, :othered => othered }
|
62
|
-
report
|
63
|
-
end
|
64
|
-
|
65
|
-
def populate_result_data(result_id, rule_result, rule_data)
|
66
|
-
log = {}
|
67
|
-
log[:source] = ascii8bit_to_utf8(result_id)
|
68
|
-
log[:result] = ascii8bit_to_utf8(rule_result)
|
69
|
-
log[:title] = ascii8bit_to_utf8(rule_data.title)
|
70
|
-
log[:description] = ascii8bit_to_utf8(rule_data.description)
|
71
|
-
log[:rationale] = ascii8bit_to_utf8(rule_data.rationale)
|
72
|
-
log[:references] = hash_a8b(rule_data.references.map(&:to_hash))
|
73
|
-
log[:fixes] = hash_a8b(rule_data.fixes.map(&:to_hash))
|
74
|
-
log[:severity] = ascii8bit_to_utf8(rule_data.severity)
|
75
|
-
log
|
76
|
-
end
|
77
|
-
|
78
|
-
def cleanup(*args)
|
79
|
-
args.compact.map(&:destroy)
|
80
|
-
::OpenSCAP.oscap_cleanup
|
81
|
-
end
|
82
|
-
|
83
|
-
# Unfortunately openscap in ruby 1.9.3 outputs data in Ascii-8bit.
|
84
|
-
# We transform it to UTF-8 for easier json integration.
|
85
|
-
|
86
|
-
# :invalid ::
|
87
|
-
# If the value is invalid, #encode replaces invalid byte sequences in
|
88
|
-
# +str+ with the replacement character. The default is to raise the
|
89
|
-
# Encoding::InvalidByteSequenceError exception
|
90
|
-
# :undef ::
|
91
|
-
# If the value is undefined, #encode replaces characters which are
|
92
|
-
# undefined in the destination encoding with the replacement character.
|
93
|
-
# The default is to raise the Encoding::UndefinedConversionError.
|
94
|
-
# :replace ::
|
95
|
-
# Sets the replacement string to the given value. The default replacement
|
96
|
-
# string is "\uFFFD" for Unicode encoding forms, and "?" otherwise.
|
97
|
-
def ascii8bit_to_utf8(string)
|
98
|
-
return ascii8bit_to_utf8_legacy(string) if RUBY_VERSION.start_with? '1.8'
|
99
|
-
string.to_s.encode('utf-8', :invalid => :replace, :undef => :replace, :replace => '_')
|
100
|
-
end
|
101
|
-
|
102
|
-
# String#encode appeared first in 1.9, so we need a workaround for 1.8
|
103
|
-
def ascii8bit_to_utf8_legacy(string)
|
104
|
-
Iconv.conv('UTF-8//IGNORE', 'UTF-8', string.to_s)
|
105
|
-
end
|
106
|
-
|
107
|
-
def hash_a8b(ary)
|
108
|
-
ary.map do |hash|
|
109
|
-
Hash[hash.map { |key, value| [ascii8bit_to_utf8(key), ascii8bit_to_utf8(value)] }]
|
110
|
-
end
|
111
|
-
end
|
112
|
-
end
|
113
|
-
end
|
114
|
-
end
|
@@ -1,17 +0,0 @@
|
|
1
|
-
require 'smart_proxy_openscap/fetch_file'
|
2
|
-
|
3
|
-
module Proxy::OpenSCAP
|
4
|
-
class FetchScapContent < FetchFile
|
5
|
-
def get_policy_content(policy_id, digest)
|
6
|
-
policy_store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.contentdir), policy_id.to_s)
|
7
|
-
policy_scap_file = File.join(policy_store_dir, "#{policy_id}_#{digest}.xml")
|
8
|
-
file_download_path = "api/v2/compliance/policies/#{policy_id}/content"
|
9
|
-
|
10
|
-
create_store_dir policy_store_dir
|
11
|
-
|
12
|
-
scap_file = policy_content_file(policy_scap_file)
|
13
|
-
clean_store_folder(policy_store_dir) unless scap_file
|
14
|
-
scap_file ||= save_or_serve_scap_file(policy_scap_file, file_download_path)
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,17 +0,0 @@
|
|
1
|
-
require 'smart_proxy_openscap/fetch_file'
|
2
|
-
|
3
|
-
module Proxy::OpenSCAP
|
4
|
-
class FetchTailoringFile < FetchFile
|
5
|
-
def get_tailoring_file(policy_id, digest)
|
6
|
-
store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.tailoring_dir), policy_id.to_s)
|
7
|
-
policy_tailoring_file = File.join(store_dir, "#{policy_id}_#{digest}.xml")
|
8
|
-
file_download_path = "api/v2/compliance/policies/#{policy_id}/tailoring"
|
9
|
-
|
10
|
-
create_store_dir store_dir
|
11
|
-
|
12
|
-
scap_file = policy_content_file(policy_tailoring_file)
|
13
|
-
clean_store_folder(store_dir) unless scap_file
|
14
|
-
scap_file ||= save_or_serve_scap_file(policy_tailoring_file, file_download_path)
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,52 +0,0 @@
|
|
1
|
-
require 'openscap'
|
2
|
-
require 'openscap/ds/sds'
|
3
|
-
require 'openscap/source'
|
4
|
-
require 'openscap/xccdf/benchmark'
|
5
|
-
require 'openscap/xccdf/tailoring'
|
6
|
-
require 'json'
|
7
|
-
|
8
|
-
module Proxy
|
9
|
-
module OpenSCAP
|
10
|
-
class ScapProfiles
|
11
|
-
def profiles(in_file, out_file, type)
|
12
|
-
::OpenSCAP.oscap_init
|
13
|
-
source = ::OpenSCAP::Source.new(in_file)
|
14
|
-
json = type == 'scap_content' ? scap_content_profiles(source) : tailoring_profiles(source)
|
15
|
-
File.write out_file, json
|
16
|
-
ensure
|
17
|
-
source.destroy if source
|
18
|
-
::OpenSCAP.oscap_cleanup
|
19
|
-
end
|
20
|
-
|
21
|
-
def scap_content_profiles(source)
|
22
|
-
bench = benchmark_profiles source
|
23
|
-
profiles = collect_profiles bench
|
24
|
-
profiles.to_json
|
25
|
-
ensure
|
26
|
-
bench.destroy if bench
|
27
|
-
end
|
28
|
-
|
29
|
-
def tailoring_profiles(source)
|
30
|
-
tailoring = ::OpenSCAP::Xccdf::Tailoring.new(source, nil)
|
31
|
-
profiles = collect_profiles tailoring
|
32
|
-
profiles.to_json
|
33
|
-
ensure
|
34
|
-
tailoring.destroy if tailoring
|
35
|
-
end
|
36
|
-
|
37
|
-
def collect_profiles(profile_source)
|
38
|
-
profile_source.profiles.inject({}) do |memo, (key, profile)|
|
39
|
-
memo.tap { |hash| hash[key] = profile.title.strip }
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
def benchmark_profiles(source)
|
44
|
-
sds = ::OpenSCAP::DS::Sds.new(source)
|
45
|
-
bench_source = sds.select_checklist!
|
46
|
-
::OpenSCAP::Xccdf::Benchmark.new(bench_source)
|
47
|
-
ensure
|
48
|
-
sds.destroy if sds
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|