smart_proxy_openscap 0.7.3 → 0.9.0

data/test/post_report_api_test.rb

@@ -58,7 +58,7 @@ class OpenSCAPApiTest < Test::Unit::TestCase
   def test_fail_save_file_should_raise_error
     @policy_id = 2
     stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}").to_return(:status => 500, :body => "{\"result\":\"server error\"}")
-    Proxy::OpenSCAP::StorageFS.any_instance.stubs(:create_directory).raises(StandardError)
+    Proxy::OpenSCAP::StorageFs.any_instance.stubs(:create_directory).raises(StandardError)
     post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
     assert(last_response.server_error?, "Should return 500")
     refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
@@ -67,7 +67,7 @@ class OpenSCAPApiTest < Test::Unit::TestCase
   def test_success_post_fail_save_should_save_spool
     stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
       .to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
-    Proxy::OpenSCAP::StorageFS.any_instance.stubs(:store_archive).raises(Proxy::OpenSCAP::StoreReportError)
+    Proxy::OpenSCAP::StorageFs.any_instance.stubs(:store_archive).raises(Proxy::OpenSCAP::StoreReportError)
     post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
     refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should not be  in spool directory")
     refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")

data/test/scap_content_parser_api_test.rb

@@ -37,7 +37,7 @@ class ScapContentParserApiTest < Test::Unit::TestCase
 
   def test_invalid_scap_content_policies
     post '/scap_content/policies', '<xml>blah</xml>', 'CONTENT_TYPE' => 'text/xml'
-    assert(last_response.body.include?('Failure when running script which extracts profiles from scap file'))
+    assert(last_response.body.include?('Failed to parse profiles'))
   end
 
   def test_scap_content_validator

data/test/script_class_test.rb

@@ -1,10 +1,6 @@
 require 'test_helper'
 require 'smart_proxy_openscap/arf_html'
-require 'smart_proxy_openscap/arf_json'
 require 'smart_proxy_openscap/policy_guide'
-require 'smart_proxy_openscap/scap_profiles'
-require 'smart_proxy_openscap/arf_json'
-require 'smart_proxy_openscap/scap_validation'
 
 class ScriptClassTest < Test::Unit::TestCase
   def test_arf_generate_html
@@ -15,17 +11,6 @@ class ScriptClassTest < Test::Unit::TestCase
     end
   end
 
-  def test_arf_as_json
-    carry_out do |tmp|
-      Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
-      json = read_json tmp
-      refute_empty json['logs']
-      refute_empty json['metrics']
-      refute_empty json['openscap_proxy_name']
-      refute_empty json['openscap_proxy_url']
-    end
-  end
-
   def test_policy_guide
     carry_out do |tmp|
       profile = "xccdf_org.ssgproject.content_profile_rht-ccp"
@@ -35,49 +20,6 @@ class ScriptClassTest < Test::Unit::TestCase
     end
   end
 
-  def test_scap_file_profiles
-    carry_out do |tmp|
-      Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
-      profiles = read_json tmp
-      refute_empty profiles
-      assert profiles["xccdf_org.ssgproject.content_profile_standard"]
-    end
-  end
-
-  def test_tailoring_file_profiles
-    carry_out do |tmp|
-      Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
-      profiles = read_json tmp
-      refute_empty profiles
-      assert profiles["xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized"]
-    end
-  end
-
-  def test_arf_json
-    carry_out do |tmp|
-      Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
-      json = read_json tmp
-      refute_empty json['logs']
-      refute_empty json['metrics']
-    end
-  end
-
-  def test_scap_content_validation
-    carry_out do |tmp|
-      Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
-      res = read_json tmp
-      assert_empty res['errors']
-    end
-  end
-
-  def test_tailoring_file_validation
-    carry_out do |tmp|
-      Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
-      res = read_json tmp
-      assert_empty res['errors']
-    end
-  end
-
   private
 
   def carry_out

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_openscap
 version: !ruby/object:Gem::Version
-  version: 0.7.3
+  version: 0.9.0
 platform: ruby
 authors:
 - Šimon Lukašík
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-30 00:00:00.000000000 Z
+date: 2021-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -82,6 +82,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.4.7
+- !ruby/object:Gem::Dependency
+  name: openscap_parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.2
 description: |-
   A plug-in to the Foreman's smart-proxy which receives
     bzip2ed ARF files and forwards them to the Foreman.
@@ -99,24 +113,21 @@ files:
 - README.md
 - Rakefile
 - bin/smart-proxy-arf-html
-- bin/smart-proxy-arf-json
 - bin/smart-proxy-openscap-send
 - bin/smart-proxy-openscap-send-inner
 - bin/smart-proxy-policy-guide
-- bin/smart-proxy-scap-profiles
-- bin/smart-proxy-scap-validation
 - bundler.d/openscap.rb
 - extra/rubygem-smart_proxy_openscap.spec
 - extra/smart-proxy-openscap-send.cron
 - lib/smart_proxy_openscap.rb
 - lib/smart_proxy_openscap/arf_html.rb
-- lib/smart_proxy_openscap/arf_json.rb
 - lib/smart_proxy_openscap/arf_parser.rb
 - lib/smart_proxy_openscap/content_parser.rb
 - lib/smart_proxy_openscap/fetch_file.rb
-- lib/smart_proxy_openscap/fetch_scap_content.rb
-- lib/smart_proxy_openscap/fetch_tailoring_file.rb
+- lib/smart_proxy_openscap/fetch_scap_file.rb
+- lib/smart_proxy_openscap/foreman_arf_forwarder.rb
 - lib/smart_proxy_openscap/foreman_forwarder.rb
+- lib/smart_proxy_openscap/foreman_oval_forwarder.rb
 - lib/smart_proxy_openscap/http_config.ru
 - lib/smart_proxy_openscap/openscap_api.rb
 - lib/smart_proxy_openscap/openscap_exception.rb
@@ -124,20 +135,23 @@ files:
 - lib/smart_proxy_openscap/openscap_import_api.rb
 - lib/smart_proxy_openscap/openscap_lib.rb
 - lib/smart_proxy_openscap/openscap_plugin.rb
+- lib/smart_proxy_openscap/oval_report_parser.rb
+- lib/smart_proxy_openscap/oval_report_storage_fs.rb
 - lib/smart_proxy_openscap/policy_guide.rb
 - lib/smart_proxy_openscap/policy_parser.rb
 - lib/smart_proxy_openscap/profiles_parser.rb
-- lib/smart_proxy_openscap/scap_profiles.rb
-- lib/smart_proxy_openscap/scap_validation.rb
 - lib/smart_proxy_openscap/shell_wrapper.rb
 - lib/smart_proxy_openscap/spool_forwarder.rb
 - lib/smart_proxy_openscap/storage.rb
 - lib/smart_proxy_openscap/storage_fs.rb
+- lib/smart_proxy_openscap/storage_fs_common.rb
 - lib/smart_proxy_openscap/version.rb
 - settings.d/openscap.yml.example
 - smart_proxy_openscap.gemspec
 - test/data/arf_report
 - test/data/corrupted_arf_report
+- test/data/oval-results.xml.bz2
+- test/data/rhel-7-including-unpatched.oval.xml.bz2
 - test/data/spool/cleanup_spool/arf/2c101b95-033f-4b15-b490-f50bf9090dae/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
 - test/data/spool/cleanup_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
 - test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/a4dfba5db27b21795e6fa401b8dce7a70faeb25b7963891f07f6f4baaf052afb
@@ -146,9 +160,12 @@ files:
 - test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
 - test/data/ssg-rhel7-ds.xml
 - test/data/tailoring.xml
+- test/fetch_oval_content_api_test.rb
 - test/fetch_scap_api_test.rb
 - test/fetch_tailoring_api_test.rb
 - test/get_report_xml_html_test.rb
+- test/oval_report_parser_test.rb
+- test/post_oval_report_api_test.rb
 - test/post_report_api_test.rb
 - test/scap_content_parser_api_test.rb
 - test/script_class_test.rb
@@ -172,7 +189,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-requirements: []
+requirements:
+- bzip2
 rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4

data/bin/smart-proxy-arf-json

@@ -1,7 +0,0 @@
-#!/usr/bin/env ruby
-path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
-$:.unshift(path) if File.exist? path
-
-require 'smart_proxy_openscap/arf_json'
-
-Proxy::OpenSCAP::ArfJson.new.as_json ARGV[0], ARGV[1], ARGV[2], ARGV[3]

data/bin/smart-proxy-scap-profiles

@@ -1,7 +0,0 @@
-#!/usr/bin/env ruby
-path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
-$:.unshift(path) if File.exist? path
-
-require 'smart_proxy_openscap/scap_profiles'
-
-Proxy::OpenSCAP::ScapProfiles.new.profiles ARGV[0], ARGV[1], ARGV[2]

data/bin/smart-proxy-scap-validation

@@ -1,7 +0,0 @@
-#!/usr/bin/env ruby
-path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
-$:.unshift(path) if File.exist? path
-
-require 'smart_proxy_openscap/scap_validation'
-
-Proxy::OpenSCAP::ScapValidation.new.validate ARGV[0], ARGV[1], ARGV[2]

data/lib/smart_proxy_openscap/arf_json.rb

@@ -1,114 +0,0 @@
-# encoding=utf-8
-require 'openscap'
-require 'openscap/ds/arf'
-require 'openscap/xccdf/testresult'
-require 'openscap/xccdf/ruleresult'
-require 'openscap/xccdf/rule'
-require 'openscap/xccdf/fix'
-require 'openscap/xccdf/benchmark'
-require 'json'
-require 'digest'
-
-module Proxy
-  module OpenSCAP
-    class ArfJson
-      def as_json(file_in, file_out, proxy_name, proxy_url)
-        ::OpenSCAP.oscap_init
-        arf_digest   = Digest::SHA256.hexdigest(File.read(file_in))
-
-        arf          = ::OpenSCAP::DS::Arf.new(file_in)
-        test_result  = arf.test_result
-
-        results      = test_result.rr
-        sds          = arf.report_request
-        bench_source = sds.select_checklist!
-        benchmark    = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
-        items        = benchmark.items
-
-        report = parse_results(items, results, arf_digest)
-        report[:openscap_proxy_name] = proxy_name
-        report[:openscap_proxy_url] = proxy_url
-
-        File.write file_out, report.to_json
-      ensure
-        cleanup test_result, benchmark, sds, arf
-      end
-
-      private
-
-      def parse_results(items, results, arf_digest)
-        report       = {}
-        report[:logs] = []
-        passed        = 0
-        failed        = 0
-        othered         = 0
-        results.each do |rr_id, result|
-          next if result.result == 'notapplicable' || result.result == 'notselected'
-          # get rules and their results
-          rule_data = items[rr_id]
-          report[:logs] << populate_result_data(rr_id, result.result, rule_data)
-          # create metrics for the results
-          case result.result
-            when 'pass', 'fixed'
-              passed += 1
-            when 'fail'
-              failed += 1
-            else
-              othered += 1
-          end
-        end
-        report[:digest]  = arf_digest
-        report[:metrics] = { :passed => passed, :failed => failed, :othered => othered }
-        report
-      end
-
-      def populate_result_data(result_id, rule_result, rule_data)
-        log               = {}
-        log[:source]      = ascii8bit_to_utf8(result_id)
-        log[:result]      = ascii8bit_to_utf8(rule_result)
-        log[:title]       = ascii8bit_to_utf8(rule_data.title)
-        log[:description] = ascii8bit_to_utf8(rule_data.description)
-        log[:rationale]   = ascii8bit_to_utf8(rule_data.rationale)
-        log[:references]  = hash_a8b(rule_data.references.map(&:to_hash))
-        log[:fixes]       = hash_a8b(rule_data.fixes.map(&:to_hash))
-        log[:severity]    = ascii8bit_to_utf8(rule_data.severity)
-        log
-      end
-
-      def cleanup(*args)
-        args.compact.map(&:destroy)
-        ::OpenSCAP.oscap_cleanup
-      end
-
-      # Unfortunately openscap in ruby 1.9.3 outputs data in Ascii-8bit.
-      # We transform it to UTF-8 for easier json integration.
-
-      # :invalid ::
-      #   If the value is invalid, #encode replaces invalid byte sequences in
-      #   +str+ with the replacement character.  The default is to raise the
-      #   Encoding::InvalidByteSequenceError exception
-      # :undef ::
-      #   If the value is undefined, #encode replaces characters which are
-      #   undefined in the destination encoding with the replacement character.
-      #   The default is to raise the Encoding::UndefinedConversionError.
-      # :replace ::
-      #   Sets the replacement string to the given value. The default replacement
-      #   string is "\uFFFD" for Unicode encoding forms, and "?" otherwise.
-      def ascii8bit_to_utf8(string)
-        return ascii8bit_to_utf8_legacy(string) if RUBY_VERSION.start_with? '1.8'
-        string.to_s.encode('utf-8', :invalid => :replace, :undef => :replace, :replace => '_')
-      end
-
-      # String#encode appeared first in 1.9, so we need a workaround for 1.8
-      def ascii8bit_to_utf8_legacy(string)
-        Iconv.conv('UTF-8//IGNORE', 'UTF-8', string.to_s)
-      end
-
-      def hash_a8b(ary)
-        ary.map do |hash|
-          Hash[hash.map { |key, value| [ascii8bit_to_utf8(key), ascii8bit_to_utf8(value)] }]
-        end
-      end
-    end
-  end
-end

data/lib/smart_proxy_openscap/fetch_scap_content.rb

@@ -1,17 +0,0 @@
-require 'smart_proxy_openscap/fetch_file'
-
-module Proxy::OpenSCAP
-  class FetchScapContent < FetchFile
-    def get_policy_content(policy_id, digest)
-      policy_store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.contentdir), policy_id.to_s)
-      policy_scap_file = File.join(policy_store_dir, "#{policy_id}_#{digest}.xml")
-      file_download_path = "api/v2/compliance/policies/#{policy_id}/content"
-
-      create_store_dir policy_store_dir
-
-      scap_file = policy_content_file(policy_scap_file)
-      clean_store_folder(policy_store_dir) unless scap_file
-      scap_file ||= save_or_serve_scap_file(policy_scap_file, file_download_path)
-    end
-  end
-end

data/lib/smart_proxy_openscap/fetch_tailoring_file.rb

@@ -1,17 +0,0 @@
-require 'smart_proxy_openscap/fetch_file'
-
-module Proxy::OpenSCAP
-  class FetchTailoringFile < FetchFile
-    def get_tailoring_file(policy_id, digest)
-      store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.tailoring_dir), policy_id.to_s)
-      policy_tailoring_file = File.join(store_dir, "#{policy_id}_#{digest}.xml")
-      file_download_path = "api/v2/compliance/policies/#{policy_id}/tailoring"
-
-      create_store_dir store_dir
-
-      scap_file = policy_content_file(policy_tailoring_file)
-      clean_store_folder(store_dir) unless scap_file
-      scap_file ||= save_or_serve_scap_file(policy_tailoring_file, file_download_path)
-    end
-  end
-end

data/lib/smart_proxy_openscap/scap_profiles.rb

@@ -1,52 +0,0 @@
-require 'openscap'
-require 'openscap/ds/sds'
-require 'openscap/source'
-require 'openscap/xccdf/benchmark'
-require 'openscap/xccdf/tailoring'
-require 'json'
-
-module Proxy
-  module OpenSCAP
-    class ScapProfiles
-      def profiles(in_file, out_file, type)
-        ::OpenSCAP.oscap_init
-        source = ::OpenSCAP::Source.new(in_file)
-        json = type == 'scap_content' ? scap_content_profiles(source) : tailoring_profiles(source)
-        File.write out_file, json
-      ensure
-        source.destroy if source
-        ::OpenSCAP.oscap_cleanup
-      end
-
-      def scap_content_profiles(source)
-        bench = benchmark_profiles source
-        profiles = collect_profiles bench
-        profiles.to_json
-      ensure
-        bench.destroy if bench
-      end
-
-      def tailoring_profiles(source)
-        tailoring = ::OpenSCAP::Xccdf::Tailoring.new(source, nil)
-        profiles = collect_profiles tailoring
-        profiles.to_json
-      ensure
-        tailoring.destroy if tailoring
-      end
-
-      def collect_profiles(profile_source)
-        profile_source.profiles.inject({}) do |memo, (key, profile)|
-          memo.tap { |hash| hash[key] = profile.title.strip }
-        end
-      end
-
-      def benchmark_profiles(source)
-        sds          = ::OpenSCAP::DS::Sds.new(source)
-        bench_source = sds.select_checklist!
-        ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
-      ensure
-        sds.destroy if sds
-      end
-    end
-  end
-end