smart_proxy_openscap 0.7.3 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/bin/smart-proxy-openscap-send +5 -1
- data/lib/smart_proxy_openscap/arf_parser.rb +74 -17
- data/lib/smart_proxy_openscap/content_parser.rb +19 -25
- data/lib/smart_proxy_openscap/fetch_scap_file.rb +45 -0
- data/lib/smart_proxy_openscap/foreman_arf_forwarder.rb +15 -0
- data/lib/smart_proxy_openscap/foreman_forwarder.rb +19 -16
- data/lib/smart_proxy_openscap/foreman_oval_forwarder.rb +19 -0
- data/lib/smart_proxy_openscap/openscap_api.rb +59 -28
- data/lib/smart_proxy_openscap/openscap_exception.rb +1 -0
- data/lib/smart_proxy_openscap/openscap_html_generator.rb +1 -1
- data/lib/smart_proxy_openscap/openscap_import_api.rb +3 -3
- data/lib/smart_proxy_openscap/openscap_lib.rb +5 -3
- data/lib/smart_proxy_openscap/openscap_plugin.rb +2 -1
- data/lib/smart_proxy_openscap/oval_report_parser.rb +54 -0
- data/lib/smart_proxy_openscap/oval_report_storage_fs.rb +26 -0
- data/lib/smart_proxy_openscap/profiles_parser.rb +22 -23
- data/lib/smart_proxy_openscap/spool_forwarder.rb +4 -4
- data/lib/smart_proxy_openscap/storage.rb +0 -2
- data/lib/smart_proxy_openscap/storage_fs.rb +7 -4
- data/lib/smart_proxy_openscap/storage_fs_common.rb +42 -0
- data/lib/smart_proxy_openscap/version.rb +1 -1
- data/settings.d/openscap.yml.example +3 -0
- data/smart_proxy_openscap.gemspec +2 -0
- data/test/data/oval-results.xml.bz2 +0 -0
- data/test/data/rhel-7-including-unpatched.oval.xml.bz2 +0 -0
- data/test/fetch_oval_content_api_test.rb +38 -0
- data/test/fetch_scap_api_test.rb +1 -1
- data/test/oval_report_parser_test.rb +14 -0
- data/test/post_oval_report_api_test.rb +30 -0
- data/test/post_report_api_test.rb +2 -2
- data/test/scap_content_parser_api_test.rb +1 -1
- data/test/script_class_test.rb +0 -58
- metadata +29 -11
- data/bin/smart-proxy-arf-json +0 -7
- data/bin/smart-proxy-scap-profiles +0 -7
- data/bin/smart-proxy-scap-validation +0 -7
- data/lib/smart_proxy_openscap/arf_json.rb +0 -114
- data/lib/smart_proxy_openscap/fetch_scap_content.rb +0 -17
- data/lib/smart_proxy_openscap/fetch_tailoring_file.rb +0 -17
- data/lib/smart_proxy_openscap/scap_profiles.rb +0 -52
- data/lib/smart_proxy_openscap/scap_validation.rb +0 -35
@@ -58,7 +58,7 @@ class OpenSCAPApiTest < Test::Unit::TestCase
|
|
58
58
|
def test_fail_save_file_should_raise_error
|
59
59
|
@policy_id = 2
|
60
60
|
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}").to_return(:status => 500, :body => "{\"result\":\"server error\"}")
|
61
|
-
Proxy::OpenSCAP::
|
61
|
+
Proxy::OpenSCAP::StorageFs.any_instance.stubs(:create_directory).raises(StandardError)
|
62
62
|
post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
63
63
|
assert(last_response.server_error?, "Should return 500")
|
64
64
|
refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
|
@@ -67,7 +67,7 @@ class OpenSCAPApiTest < Test::Unit::TestCase
|
|
67
67
|
def test_success_post_fail_save_should_save_spool
|
68
68
|
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
|
69
69
|
.to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
|
70
|
-
Proxy::OpenSCAP::
|
70
|
+
Proxy::OpenSCAP::StorageFs.any_instance.stubs(:store_archive).raises(Proxy::OpenSCAP::StoreReportError)
|
71
71
|
post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
72
72
|
refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should not be in spool directory")
|
73
73
|
refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")
|
@@ -37,7 +37,7 @@ class ScapContentParserApiTest < Test::Unit::TestCase
|
|
37
37
|
|
38
38
|
def test_invalid_scap_content_policies
|
39
39
|
post '/scap_content/policies', '<xml>blah</xml>', 'CONTENT_TYPE' => 'text/xml'
|
40
|
-
assert(last_response.body.include?('
|
40
|
+
assert(last_response.body.include?('Failed to parse profiles'))
|
41
41
|
end
|
42
42
|
|
43
43
|
def test_scap_content_validator
|
data/test/script_class_test.rb
CHANGED
@@ -1,10 +1,6 @@
|
|
1
1
|
require 'test_helper'
|
2
2
|
require 'smart_proxy_openscap/arf_html'
|
3
|
-
require 'smart_proxy_openscap/arf_json'
|
4
3
|
require 'smart_proxy_openscap/policy_guide'
|
5
|
-
require 'smart_proxy_openscap/scap_profiles'
|
6
|
-
require 'smart_proxy_openscap/arf_json'
|
7
|
-
require 'smart_proxy_openscap/scap_validation'
|
8
4
|
|
9
5
|
class ScriptClassTest < Test::Unit::TestCase
|
10
6
|
def test_arf_generate_html
|
@@ -15,17 +11,6 @@ class ScriptClassTest < Test::Unit::TestCase
|
|
15
11
|
end
|
16
12
|
end
|
17
13
|
|
18
|
-
def test_arf_as_json
|
19
|
-
carry_out do |tmp|
|
20
|
-
Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
|
21
|
-
json = read_json tmp
|
22
|
-
refute_empty json['logs']
|
23
|
-
refute_empty json['metrics']
|
24
|
-
refute_empty json['openscap_proxy_name']
|
25
|
-
refute_empty json['openscap_proxy_url']
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
14
|
def test_policy_guide
|
30
15
|
carry_out do |tmp|
|
31
16
|
profile = "xccdf_org.ssgproject.content_profile_rht-ccp"
|
@@ -35,49 +20,6 @@ class ScriptClassTest < Test::Unit::TestCase
|
|
35
20
|
end
|
36
21
|
end
|
37
22
|
|
38
|
-
def test_scap_file_profiles
|
39
|
-
carry_out do |tmp|
|
40
|
-
Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
|
41
|
-
profiles = read_json tmp
|
42
|
-
refute_empty profiles
|
43
|
-
assert profiles["xccdf_org.ssgproject.content_profile_standard"]
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
def test_tailoring_file_profiles
|
48
|
-
carry_out do |tmp|
|
49
|
-
Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
|
50
|
-
profiles = read_json tmp
|
51
|
-
refute_empty profiles
|
52
|
-
assert profiles["xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized"]
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
def test_arf_json
|
57
|
-
carry_out do |tmp|
|
58
|
-
Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
|
59
|
-
json = read_json tmp
|
60
|
-
refute_empty json['logs']
|
61
|
-
refute_empty json['metrics']
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
def test_scap_content_validation
|
66
|
-
carry_out do |tmp|
|
67
|
-
Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
|
68
|
-
res = read_json tmp
|
69
|
-
assert_empty res['errors']
|
70
|
-
end
|
71
|
-
end
|
72
|
-
|
73
|
-
def test_tailoring_file_validation
|
74
|
-
carry_out do |tmp|
|
75
|
-
Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
|
76
|
-
res = read_json tmp
|
77
|
-
assert_empty res['errors']
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
23
|
private
|
82
24
|
|
83
25
|
def carry_out
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.9.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Šimon Lukašík
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2021-05-18 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rake
|
@@ -82,6 +82,20 @@ dependencies:
|
|
82
82
|
- - "~>"
|
83
83
|
- !ruby/object:Gem::Version
|
84
84
|
version: 0.4.7
|
85
|
+
- !ruby/object:Gem::Dependency
|
86
|
+
name: openscap_parser
|
87
|
+
requirement: !ruby/object:Gem::Requirement
|
88
|
+
requirements:
|
89
|
+
- - "~>"
|
90
|
+
- !ruby/object:Gem::Version
|
91
|
+
version: 1.0.2
|
92
|
+
type: :runtime
|
93
|
+
prerelease: false
|
94
|
+
version_requirements: !ruby/object:Gem::Requirement
|
95
|
+
requirements:
|
96
|
+
- - "~>"
|
97
|
+
- !ruby/object:Gem::Version
|
98
|
+
version: 1.0.2
|
85
99
|
description: |-
|
86
100
|
A plug-in to the Foreman's smart-proxy which receives
|
87
101
|
bzip2ed ARF files and forwards them to the Foreman.
|
@@ -99,24 +113,21 @@ files:
|
|
99
113
|
- README.md
|
100
114
|
- Rakefile
|
101
115
|
- bin/smart-proxy-arf-html
|
102
|
-
- bin/smart-proxy-arf-json
|
103
116
|
- bin/smart-proxy-openscap-send
|
104
117
|
- bin/smart-proxy-openscap-send-inner
|
105
118
|
- bin/smart-proxy-policy-guide
|
106
|
-
- bin/smart-proxy-scap-profiles
|
107
|
-
- bin/smart-proxy-scap-validation
|
108
119
|
- bundler.d/openscap.rb
|
109
120
|
- extra/rubygem-smart_proxy_openscap.spec
|
110
121
|
- extra/smart-proxy-openscap-send.cron
|
111
122
|
- lib/smart_proxy_openscap.rb
|
112
123
|
- lib/smart_proxy_openscap/arf_html.rb
|
113
|
-
- lib/smart_proxy_openscap/arf_json.rb
|
114
124
|
- lib/smart_proxy_openscap/arf_parser.rb
|
115
125
|
- lib/smart_proxy_openscap/content_parser.rb
|
116
126
|
- lib/smart_proxy_openscap/fetch_file.rb
|
117
|
-
- lib/smart_proxy_openscap/
|
118
|
-
- lib/smart_proxy_openscap/
|
127
|
+
- lib/smart_proxy_openscap/fetch_scap_file.rb
|
128
|
+
- lib/smart_proxy_openscap/foreman_arf_forwarder.rb
|
119
129
|
- lib/smart_proxy_openscap/foreman_forwarder.rb
|
130
|
+
- lib/smart_proxy_openscap/foreman_oval_forwarder.rb
|
120
131
|
- lib/smart_proxy_openscap/http_config.ru
|
121
132
|
- lib/smart_proxy_openscap/openscap_api.rb
|
122
133
|
- lib/smart_proxy_openscap/openscap_exception.rb
|
@@ -124,20 +135,23 @@ files:
|
|
124
135
|
- lib/smart_proxy_openscap/openscap_import_api.rb
|
125
136
|
- lib/smart_proxy_openscap/openscap_lib.rb
|
126
137
|
- lib/smart_proxy_openscap/openscap_plugin.rb
|
138
|
+
- lib/smart_proxy_openscap/oval_report_parser.rb
|
139
|
+
- lib/smart_proxy_openscap/oval_report_storage_fs.rb
|
127
140
|
- lib/smart_proxy_openscap/policy_guide.rb
|
128
141
|
- lib/smart_proxy_openscap/policy_parser.rb
|
129
142
|
- lib/smart_proxy_openscap/profiles_parser.rb
|
130
|
-
- lib/smart_proxy_openscap/scap_profiles.rb
|
131
|
-
- lib/smart_proxy_openscap/scap_validation.rb
|
132
143
|
- lib/smart_proxy_openscap/shell_wrapper.rb
|
133
144
|
- lib/smart_proxy_openscap/spool_forwarder.rb
|
134
145
|
- lib/smart_proxy_openscap/storage.rb
|
135
146
|
- lib/smart_proxy_openscap/storage_fs.rb
|
147
|
+
- lib/smart_proxy_openscap/storage_fs_common.rb
|
136
148
|
- lib/smart_proxy_openscap/version.rb
|
137
149
|
- settings.d/openscap.yml.example
|
138
150
|
- smart_proxy_openscap.gemspec
|
139
151
|
- test/data/arf_report
|
140
152
|
- test/data/corrupted_arf_report
|
153
|
+
- test/data/oval-results.xml.bz2
|
154
|
+
- test/data/rhel-7-including-unpatched.oval.xml.bz2
|
141
155
|
- test/data/spool/cleanup_spool/arf/2c101b95-033f-4b15-b490-f50bf9090dae/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
142
156
|
- test/data/spool/cleanup_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
143
157
|
- test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/a4dfba5db27b21795e6fa401b8dce7a70faeb25b7963891f07f6f4baaf052afb
|
@@ -146,9 +160,12 @@ files:
|
|
146
160
|
- test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
147
161
|
- test/data/ssg-rhel7-ds.xml
|
148
162
|
- test/data/tailoring.xml
|
163
|
+
- test/fetch_oval_content_api_test.rb
|
149
164
|
- test/fetch_scap_api_test.rb
|
150
165
|
- test/fetch_tailoring_api_test.rb
|
151
166
|
- test/get_report_xml_html_test.rb
|
167
|
+
- test/oval_report_parser_test.rb
|
168
|
+
- test/post_oval_report_api_test.rb
|
152
169
|
- test/post_report_api_test.rb
|
153
170
|
- test/scap_content_parser_api_test.rb
|
154
171
|
- test/script_class_test.rb
|
@@ -172,7 +189,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
172
189
|
- - ">="
|
173
190
|
- !ruby/object:Gem::Version
|
174
191
|
version: '0'
|
175
|
-
requirements:
|
192
|
+
requirements:
|
193
|
+
- bzip2
|
176
194
|
rubygems_version: 3.1.2
|
177
195
|
signing_key:
|
178
196
|
specification_version: 4
|
data/bin/smart-proxy-arf-json
DELETED
@@ -1,114 +0,0 @@
|
|
1
|
-
# encoding=utf-8
|
2
|
-
require 'openscap'
|
3
|
-
require 'openscap/ds/arf'
|
4
|
-
require 'openscap/xccdf/testresult'
|
5
|
-
require 'openscap/xccdf/ruleresult'
|
6
|
-
require 'openscap/xccdf/rule'
|
7
|
-
require 'openscap/xccdf/fix'
|
8
|
-
require 'openscap/xccdf/benchmark'
|
9
|
-
require 'json'
|
10
|
-
require 'digest'
|
11
|
-
|
12
|
-
module Proxy
|
13
|
-
module OpenSCAP
|
14
|
-
class ArfJson
|
15
|
-
def as_json(file_in, file_out, proxy_name, proxy_url)
|
16
|
-
::OpenSCAP.oscap_init
|
17
|
-
arf_digest = Digest::SHA256.hexdigest(File.read(file_in))
|
18
|
-
|
19
|
-
arf = ::OpenSCAP::DS::Arf.new(file_in)
|
20
|
-
test_result = arf.test_result
|
21
|
-
|
22
|
-
results = test_result.rr
|
23
|
-
sds = arf.report_request
|
24
|
-
bench_source = sds.select_checklist!
|
25
|
-
benchmark = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
|
26
|
-
items = benchmark.items
|
27
|
-
|
28
|
-
report = parse_results(items, results, arf_digest)
|
29
|
-
report[:openscap_proxy_name] = proxy_name
|
30
|
-
report[:openscap_proxy_url] = proxy_url
|
31
|
-
|
32
|
-
File.write file_out, report.to_json
|
33
|
-
ensure
|
34
|
-
cleanup test_result, benchmark, sds, arf
|
35
|
-
end
|
36
|
-
|
37
|
-
private
|
38
|
-
|
39
|
-
def parse_results(items, results, arf_digest)
|
40
|
-
report = {}
|
41
|
-
report[:logs] = []
|
42
|
-
passed = 0
|
43
|
-
failed = 0
|
44
|
-
othered = 0
|
45
|
-
results.each do |rr_id, result|
|
46
|
-
next if result.result == 'notapplicable' || result.result == 'notselected'
|
47
|
-
# get rules and their results
|
48
|
-
rule_data = items[rr_id]
|
49
|
-
report[:logs] << populate_result_data(rr_id, result.result, rule_data)
|
50
|
-
# create metrics for the results
|
51
|
-
case result.result
|
52
|
-
when 'pass', 'fixed'
|
53
|
-
passed += 1
|
54
|
-
when 'fail'
|
55
|
-
failed += 1
|
56
|
-
else
|
57
|
-
othered += 1
|
58
|
-
end
|
59
|
-
end
|
60
|
-
report[:digest] = arf_digest
|
61
|
-
report[:metrics] = { :passed => passed, :failed => failed, :othered => othered }
|
62
|
-
report
|
63
|
-
end
|
64
|
-
|
65
|
-
def populate_result_data(result_id, rule_result, rule_data)
|
66
|
-
log = {}
|
67
|
-
log[:source] = ascii8bit_to_utf8(result_id)
|
68
|
-
log[:result] = ascii8bit_to_utf8(rule_result)
|
69
|
-
log[:title] = ascii8bit_to_utf8(rule_data.title)
|
70
|
-
log[:description] = ascii8bit_to_utf8(rule_data.description)
|
71
|
-
log[:rationale] = ascii8bit_to_utf8(rule_data.rationale)
|
72
|
-
log[:references] = hash_a8b(rule_data.references.map(&:to_hash))
|
73
|
-
log[:fixes] = hash_a8b(rule_data.fixes.map(&:to_hash))
|
74
|
-
log[:severity] = ascii8bit_to_utf8(rule_data.severity)
|
75
|
-
log
|
76
|
-
end
|
77
|
-
|
78
|
-
def cleanup(*args)
|
79
|
-
args.compact.map(&:destroy)
|
80
|
-
::OpenSCAP.oscap_cleanup
|
81
|
-
end
|
82
|
-
|
83
|
-
# Unfortunately openscap in ruby 1.9.3 outputs data in Ascii-8bit.
|
84
|
-
# We transform it to UTF-8 for easier json integration.
|
85
|
-
|
86
|
-
# :invalid ::
|
87
|
-
# If the value is invalid, #encode replaces invalid byte sequences in
|
88
|
-
# +str+ with the replacement character. The default is to raise the
|
89
|
-
# Encoding::InvalidByteSequenceError exception
|
90
|
-
# :undef ::
|
91
|
-
# If the value is undefined, #encode replaces characters which are
|
92
|
-
# undefined in the destination encoding with the replacement character.
|
93
|
-
# The default is to raise the Encoding::UndefinedConversionError.
|
94
|
-
# :replace ::
|
95
|
-
# Sets the replacement string to the given value. The default replacement
|
96
|
-
# string is "\uFFFD" for Unicode encoding forms, and "?" otherwise.
|
97
|
-
def ascii8bit_to_utf8(string)
|
98
|
-
return ascii8bit_to_utf8_legacy(string) if RUBY_VERSION.start_with? '1.8'
|
99
|
-
string.to_s.encode('utf-8', :invalid => :replace, :undef => :replace, :replace => '_')
|
100
|
-
end
|
101
|
-
|
102
|
-
# String#encode appeared first in 1.9, so we need a workaround for 1.8
|
103
|
-
def ascii8bit_to_utf8_legacy(string)
|
104
|
-
Iconv.conv('UTF-8//IGNORE', 'UTF-8', string.to_s)
|
105
|
-
end
|
106
|
-
|
107
|
-
def hash_a8b(ary)
|
108
|
-
ary.map do |hash|
|
109
|
-
Hash[hash.map { |key, value| [ascii8bit_to_utf8(key), ascii8bit_to_utf8(value)] }]
|
110
|
-
end
|
111
|
-
end
|
112
|
-
end
|
113
|
-
end
|
114
|
-
end
|
@@ -1,17 +0,0 @@
|
|
1
|
-
require 'smart_proxy_openscap/fetch_file'
|
2
|
-
|
3
|
-
module Proxy::OpenSCAP
|
4
|
-
class FetchScapContent < FetchFile
|
5
|
-
def get_policy_content(policy_id, digest)
|
6
|
-
policy_store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.contentdir), policy_id.to_s)
|
7
|
-
policy_scap_file = File.join(policy_store_dir, "#{policy_id}_#{digest}.xml")
|
8
|
-
file_download_path = "api/v2/compliance/policies/#{policy_id}/content"
|
9
|
-
|
10
|
-
create_store_dir policy_store_dir
|
11
|
-
|
12
|
-
scap_file = policy_content_file(policy_scap_file)
|
13
|
-
clean_store_folder(policy_store_dir) unless scap_file
|
14
|
-
scap_file ||= save_or_serve_scap_file(policy_scap_file, file_download_path)
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,17 +0,0 @@
|
|
1
|
-
require 'smart_proxy_openscap/fetch_file'
|
2
|
-
|
3
|
-
module Proxy::OpenSCAP
|
4
|
-
class FetchTailoringFile < FetchFile
|
5
|
-
def get_tailoring_file(policy_id, digest)
|
6
|
-
store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.tailoring_dir), policy_id.to_s)
|
7
|
-
policy_tailoring_file = File.join(store_dir, "#{policy_id}_#{digest}.xml")
|
8
|
-
file_download_path = "api/v2/compliance/policies/#{policy_id}/tailoring"
|
9
|
-
|
10
|
-
create_store_dir store_dir
|
11
|
-
|
12
|
-
scap_file = policy_content_file(policy_tailoring_file)
|
13
|
-
clean_store_folder(store_dir) unless scap_file
|
14
|
-
scap_file ||= save_or_serve_scap_file(policy_tailoring_file, file_download_path)
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,52 +0,0 @@
|
|
1
|
-
require 'openscap'
|
2
|
-
require 'openscap/ds/sds'
|
3
|
-
require 'openscap/source'
|
4
|
-
require 'openscap/xccdf/benchmark'
|
5
|
-
require 'openscap/xccdf/tailoring'
|
6
|
-
require 'json'
|
7
|
-
|
8
|
-
module Proxy
|
9
|
-
module OpenSCAP
|
10
|
-
class ScapProfiles
|
11
|
-
def profiles(in_file, out_file, type)
|
12
|
-
::OpenSCAP.oscap_init
|
13
|
-
source = ::OpenSCAP::Source.new(in_file)
|
14
|
-
json = type == 'scap_content' ? scap_content_profiles(source) : tailoring_profiles(source)
|
15
|
-
File.write out_file, json
|
16
|
-
ensure
|
17
|
-
source.destroy if source
|
18
|
-
::OpenSCAP.oscap_cleanup
|
19
|
-
end
|
20
|
-
|
21
|
-
def scap_content_profiles(source)
|
22
|
-
bench = benchmark_profiles source
|
23
|
-
profiles = collect_profiles bench
|
24
|
-
profiles.to_json
|
25
|
-
ensure
|
26
|
-
bench.destroy if bench
|
27
|
-
end
|
28
|
-
|
29
|
-
def tailoring_profiles(source)
|
30
|
-
tailoring = ::OpenSCAP::Xccdf::Tailoring.new(source, nil)
|
31
|
-
profiles = collect_profiles tailoring
|
32
|
-
profiles.to_json
|
33
|
-
ensure
|
34
|
-
tailoring.destroy if tailoring
|
35
|
-
end
|
36
|
-
|
37
|
-
def collect_profiles(profile_source)
|
38
|
-
profile_source.profiles.inject({}) do |memo, (key, profile)|
|
39
|
-
memo.tap { |hash| hash[key] = profile.title.strip }
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
def benchmark_profiles(source)
|
44
|
-
sds = ::OpenSCAP::DS::Sds.new(source)
|
45
|
-
bench_source = sds.select_checklist!
|
46
|
-
::OpenSCAP::Xccdf::Benchmark.new(bench_source)
|
47
|
-
ensure
|
48
|
-
sds.destroy if sds
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|