smart_proxy_openscap 0.9.2 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/smart-proxy-openscap-send +60 -6
- data/lib/smart_proxy_openscap/arf_parser.rb +2 -1
- data/lib/smart_proxy_openscap/content_parser.rb +2 -3
- data/lib/smart_proxy_openscap/fetch_scap_file.rb +1 -5
- data/lib/smart_proxy_openscap/openscap_api.rb +2 -30
- data/lib/smart_proxy_openscap/openscap_lib.rb +0 -3
- data/lib/smart_proxy_openscap/openscap_plugin.rb +1 -2
- data/lib/smart_proxy_openscap/profiles_parser.rb +1 -1
- data/lib/smart_proxy_openscap/version.rb +1 -1
- data/settings.d/openscap.yml.example +0 -3
- metadata +3 -11
- data/bin/smart-proxy-openscap-send-inner +0 -61
- data/extra/rubygem-smart_proxy_openscap.spec +0 -101
- data/lib/smart_proxy_openscap/foreman_oval_forwarder.rb +0 -19
- data/lib/smart_proxy_openscap/oval_report_parser.rb +0 -54
- data/lib/smart_proxy_openscap/oval_report_storage_fs.rb +0 -26
- data/test/fetch_oval_content_api_test.rb +0 -38
- data/test/oval_report_parser_test.rb +0 -14
- data/test/post_oval_report_api_test.rb +0 -30
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d72c5e418a9d30974b6154fbbdaf68e0c1cf88852626683021100310920e109a
|
4
|
+
data.tar.gz: d306fa47b4a2120c87d0ac8e7a4a0967cf9e77d8b689e83a2c4ccf655f227533
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9cba3aded1feccdd109d77c43579fc997388759ef00746da23e2c4005368655c7a04b4e971d7047cc67cca131b3dbf2ab07e789c3750c17d28fe5f7c26566ff0
|
7
|
+
data.tar.gz: 565420ad4a7368b91207eaa727c4243bb3abc09b92d806d8c98fd77f32b7346d216cd244afe14db8262b2b69e7f79b62bba9755abfe6197eb4ace92b41d67adc
|
@@ -1,7 +1,61 @@
|
|
1
|
-
#!/bin/
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
# Copyright (c) 2014--2015 Red Hat Inc.
|
4
|
+
#
|
5
|
+
# This software is licensed to you under the GNU General Public License,
|
6
|
+
# version 3 (GPLv3). There is NO WARRANTY for this software, express or
|
7
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
8
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv3
|
9
|
+
# along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
|
10
|
+
#
|
2
11
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
12
|
+
$LOAD_PATH.unshift '/usr/share/foreman-proxy/lib'
|
13
|
+
$LOAD_PATH.unshift '/usr/share/foreman-proxy/modules'
|
14
|
+
|
15
|
+
require 'smart_proxy'
|
16
|
+
require 'smart_proxy_main'
|
17
|
+
require 'smart_proxy_openscap'
|
18
|
+
require 'smart_proxy_openscap/openscap_lib'
|
19
|
+
|
20
|
+
loaded_settings = Proxy::OpenSCAP.plugin_settings
|
21
|
+
|
22
|
+
# Don't run if OpenSCAP plugin is disabled or settings are missing.
|
23
|
+
if !loaded_settings.enabled || loaded_settings.nil? || loaded_settings.empty?
|
24
|
+
exit 436
|
25
|
+
end
|
26
|
+
|
27
|
+
module Proxy
|
28
|
+
module Log
|
29
|
+
@@logger = ::Logger.new(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP.plugin_settings.openscap_send_log_file), 6, 1024*1024*10)
|
30
|
+
@@logger.level = ::Logger.const_get(Proxy::SETTINGS.log_level.upcase)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
include Proxy::Log
|
34
|
+
|
35
|
+
if !Proxy::SETTINGS.foreman_url
|
36
|
+
logger.error "Foreman URL not configured"
|
37
|
+
exit 437
|
38
|
+
end
|
39
|
+
|
40
|
+
lockfile = File.join(loaded_settings.spooldir, "spool.lock")
|
41
|
+
|
42
|
+
Signal.trap("TERM") {
|
43
|
+
FileUtils.rm(lockfile) if File.exist?(lockfile)
|
44
|
+
exit
|
45
|
+
}
|
46
|
+
|
47
|
+
if File.exist? lockfile
|
48
|
+
logger.debug "Lock file #{lockfile} for openscap spool exists, not sending spool to server"
|
49
|
+
exit
|
50
|
+
end
|
51
|
+
|
52
|
+
begin
|
53
|
+
FileUtils.touch lockfile
|
54
|
+
Proxy::OpenSCAP::send_spool_to_foreman(loaded_settings)
|
55
|
+
rescue StandardError => e
|
56
|
+
logger.error e
|
57
|
+
puts "#{e} See #{Proxy::OpenSCAP.fullpath(loaded_settings.openscap_send_log_file)}"
|
58
|
+
exit 438
|
59
|
+
ensure
|
60
|
+
FileUtils.rm lockfile
|
61
|
+
end
|
@@ -87,7 +87,8 @@ module Proxy
|
|
87
87
|
{
|
88
88
|
:id => fix.id,
|
89
89
|
:system => fix.system,
|
90
|
-
:full_text => fix.full_text(set_values)
|
90
|
+
:full_text => fix.full_text(set_values),
|
91
|
+
:reboot => fix.instance_variable_get('@parsed_xml')['reboot'] # TODO: add this to openscap_parser lib
|
91
92
|
}
|
92
93
|
end
|
93
94
|
end
|
@@ -8,13 +8,12 @@ module Proxy::OpenSCAP
|
|
8
8
|
def validate(file_type, scap_file)
|
9
9
|
msg = 'Invalid XML format'
|
10
10
|
errors = []
|
11
|
-
file = nil
|
12
11
|
begin
|
13
12
|
case file_type
|
14
13
|
when 'scap_content'
|
15
|
-
|
14
|
+
::OpenscapParser::DatastreamFile.new(scap_file)
|
16
15
|
when 'tailoring_file'
|
17
|
-
|
16
|
+
::OpenscapParser::TailoringFile.new(scap_file)
|
18
17
|
end
|
19
18
|
rescue Nokogiri::XML::SyntaxError => e
|
20
19
|
logger.error msg
|
@@ -24,8 +24,6 @@ module Proxy::OpenSCAP
|
|
24
24
|
"api/v2/compliance/policies/:policy_id/content"
|
25
25
|
when :tailoring_file
|
26
26
|
"api/v2/compliance/policies/:policy_id/tailoring"
|
27
|
-
when :oval_content
|
28
|
-
"api/v2/compliance/oval_policies/:policy_id/oval_content"
|
29
27
|
end
|
30
28
|
end
|
31
29
|
|
@@ -33,13 +31,11 @@ module Proxy::OpenSCAP
|
|
33
31
|
case @type
|
34
32
|
when :scap_content, :tailoring_file
|
35
33
|
"#{policy_id}_#{digest}.xml"
|
36
|
-
when :oval_content
|
37
|
-
"#{digest}.oval.xml.bz2"
|
38
34
|
end
|
39
35
|
end
|
40
36
|
|
41
37
|
def allowed_types
|
42
|
-
[:scap_content, :tailoring_file
|
38
|
+
[:scap_content, :tailoring_file]
|
43
39
|
end
|
44
40
|
end
|
45
41
|
end
|
@@ -25,7 +25,7 @@ module Proxy::OpenSCAP
|
|
25
25
|
include ::Proxy::Log
|
26
26
|
helpers ::Proxy::Helpers
|
27
27
|
authorize_with_ssl_client
|
28
|
-
CLIENT_PATHS = Regexp.compile(%r{^(/arf/\d+|/policies/\d+/content/|/policies/\d+/tailoring
|
28
|
+
CLIENT_PATHS = Regexp.compile(%r{^(/arf/\d+|/policies/\d+/content/|/policies/\d+/tailoring/)})
|
29
29
|
|
30
30
|
# authorize via trusted hosts but let client paths in without such authorization
|
31
31
|
before do
|
@@ -33,7 +33,7 @@ module Proxy::OpenSCAP
|
|
33
33
|
do_authorize_with_trusted_hosts
|
34
34
|
end
|
35
35
|
|
36
|
-
before '
|
36
|
+
before '/arf/*' do
|
37
37
|
begin
|
38
38
|
@cn = Proxy::OpenSCAP::common_name request
|
39
39
|
rescue Proxy::Error::Unauthorized => e
|
@@ -72,22 +72,6 @@ module Proxy::OpenSCAP
|
|
72
72
|
end
|
73
73
|
end
|
74
74
|
|
75
|
-
post "/oval_reports/:oval_policy_id" do
|
76
|
-
ForemanOvalForwarder.new.post_report(@cn, params[:oval_policy_id], @reported_at, request.body.string, Plugin.settings.timeout)
|
77
|
-
|
78
|
-
{ :reported_at => Time.at(@reported_at) }.to_json
|
79
|
-
rescue *HTTP_ERRORS => e
|
80
|
-
msg = "Failed to upload to Foreman, failed with: #{e.message}"
|
81
|
-
logger.error e
|
82
|
-
{ :result => msg }.to_json
|
83
|
-
rescue Nokogiri::XML::SyntaxError => e
|
84
|
-
logger.error e
|
85
|
-
{ :result => 'Failed to parse OVAL report, see proxy logs for details' }.to_json
|
86
|
-
rescue Proxy::OpenSCAP::ReportUploadError, Proxy::OpenSCAP::ReportDecompressError => e
|
87
|
-
{ :result => e.message }.to_json
|
88
|
-
end
|
89
|
-
|
90
|
-
|
91
75
|
get "/arf/:id/:cname/:date/:digest/xml" do
|
92
76
|
content_type 'application/x-bzip2'
|
93
77
|
begin
|
@@ -139,18 +123,6 @@ module Proxy::OpenSCAP
|
|
139
123
|
end
|
140
124
|
end
|
141
125
|
|
142
|
-
get "/oval_policies/:oval_policy_id/oval_content/:digest" do
|
143
|
-
content_type 'application/x-bzip2'
|
144
|
-
begin
|
145
|
-
Proxy::OpenSCAP::FetchScapFile.new(:oval_content)
|
146
|
-
.fetch(params[:oval_policy_id], params[:digest], Proxy::OpenSCAP::Plugin.settings.oval_content_dir)
|
147
|
-
rescue *HTTP => e
|
148
|
-
log_halt e.response.code.to_i, file_not_found_msg
|
149
|
-
rescue StandardError => e
|
150
|
-
log_halt 500, "Error occurred: #{e.message}"
|
151
|
-
end
|
152
|
-
end
|
153
|
-
|
154
126
|
post "/scap_content/policies" do
|
155
127
|
begin
|
156
128
|
Proxy::OpenSCAP::ProfilesParser.new.profiles('scap_content', request.body.string)
|
@@ -17,7 +17,6 @@ require 'yaml'
|
|
17
17
|
require 'ostruct'
|
18
18
|
require 'proxy/request'
|
19
19
|
require 'smart_proxy_openscap/foreman_arf_forwarder'
|
20
|
-
require 'smart_proxy_openscap/foreman_oval_forwarder'
|
21
20
|
require 'smart_proxy_openscap/content_parser'
|
22
21
|
require 'smart_proxy_openscap/openscap_exception'
|
23
22
|
require 'smart_proxy_openscap/arf_parser'
|
@@ -25,8 +24,6 @@ require 'smart_proxy_openscap/spool_forwarder'
|
|
25
24
|
require 'smart_proxy_openscap/openscap_html_generator'
|
26
25
|
require 'smart_proxy_openscap/policy_parser'
|
27
26
|
require 'smart_proxy_openscap/profiles_parser'
|
28
|
-
require 'smart_proxy_openscap/oval_report_storage_fs'
|
29
|
-
require 'smart_proxy_openscap/oval_report_parser'
|
30
27
|
require 'smart_proxy_openscap/fetch_scap_file'
|
31
28
|
|
32
29
|
module Proxy::OpenSCAP
|
@@ -22,7 +22,6 @@ module Proxy::OpenSCAP
|
|
22
22
|
:contentdir => File.join(APP_ROOT, 'openscap/content'),
|
23
23
|
:reportsdir => File.join(APP_ROOT, 'openscap/reports'),
|
24
24
|
:failed_dir => File.join(APP_ROOT, 'openscap/failed'),
|
25
|
-
:tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
|
26
|
-
:oval_content_dir => File.join(APP_ROOT, 'openscap/oval_content')
|
25
|
+
:tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
|
27
26
|
end
|
28
27
|
end
|
@@ -31,6 +31,3 @@
|
|
31
31
|
# Affects sending reports to Foreman (directly and from spool) and fetching scap content or tailoring file
|
32
32
|
# for distribution to clients
|
33
33
|
#:timeout: 60
|
34
|
-
|
35
|
-
# Directory where OpenSCAP OVAL content bzipped XML are stored
|
36
|
-
#:oval_content_dir: /var/lib/openscap/oval_content
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Šimon Lukašík
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2024-05-30 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rake
|
@@ -114,10 +114,8 @@ files:
|
|
114
114
|
- Rakefile
|
115
115
|
- bin/smart-proxy-arf-html
|
116
116
|
- bin/smart-proxy-openscap-send
|
117
|
-
- bin/smart-proxy-openscap-send-inner
|
118
117
|
- bin/smart-proxy-policy-guide
|
119
118
|
- bundler.d/openscap.rb
|
120
|
-
- extra/rubygem-smart_proxy_openscap.spec
|
121
119
|
- extra/smart-proxy-openscap-send.cron
|
122
120
|
- lib/smart_proxy_openscap.rb
|
123
121
|
- lib/smart_proxy_openscap/arf_html.rb
|
@@ -127,7 +125,6 @@ files:
|
|
127
125
|
- lib/smart_proxy_openscap/fetch_scap_file.rb
|
128
126
|
- lib/smart_proxy_openscap/foreman_arf_forwarder.rb
|
129
127
|
- lib/smart_proxy_openscap/foreman_forwarder.rb
|
130
|
-
- lib/smart_proxy_openscap/foreman_oval_forwarder.rb
|
131
128
|
- lib/smart_proxy_openscap/http_config.ru
|
132
129
|
- lib/smart_proxy_openscap/openscap_api.rb
|
133
130
|
- lib/smart_proxy_openscap/openscap_exception.rb
|
@@ -135,8 +132,6 @@ files:
|
|
135
132
|
- lib/smart_proxy_openscap/openscap_import_api.rb
|
136
133
|
- lib/smart_proxy_openscap/openscap_lib.rb
|
137
134
|
- lib/smart_proxy_openscap/openscap_plugin.rb
|
138
|
-
- lib/smart_proxy_openscap/oval_report_parser.rb
|
139
|
-
- lib/smart_proxy_openscap/oval_report_storage_fs.rb
|
140
135
|
- lib/smart_proxy_openscap/policy_guide.rb
|
141
136
|
- lib/smart_proxy_openscap/policy_parser.rb
|
142
137
|
- lib/smart_proxy_openscap/profiles_parser.rb
|
@@ -160,12 +155,9 @@ files:
|
|
160
155
|
- test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
161
156
|
- test/data/ssg-rhel7-ds.xml
|
162
157
|
- test/data/tailoring.xml
|
163
|
-
- test/fetch_oval_content_api_test.rb
|
164
158
|
- test/fetch_scap_api_test.rb
|
165
159
|
- test/fetch_tailoring_api_test.rb
|
166
160
|
- test/get_report_xml_html_test.rb
|
167
|
-
- test/oval_report_parser_test.rb
|
168
|
-
- test/post_oval_report_api_test.rb
|
169
161
|
- test/post_report_api_test.rb
|
170
162
|
- test/scap_content_parser_api_test.rb
|
171
163
|
- test/script_class_test.rb
|
@@ -191,7 +183,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
191
183
|
version: '0'
|
192
184
|
requirements:
|
193
185
|
- bzip2
|
194
|
-
rubygems_version: 3.
|
186
|
+
rubygems_version: 3.3.26
|
195
187
|
signing_key:
|
196
188
|
specification_version: 4
|
197
189
|
summary: OpenSCAP plug-in for Foreman's smart-proxy.
|
@@ -1,61 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
#
|
3
|
-
# Copyright (c) 2014--2015 Red Hat Inc.
|
4
|
-
#
|
5
|
-
# This software is licensed to you under the GNU General Public License,
|
6
|
-
# version 3 (GPLv3). There is NO WARRANTY for this software, express or
|
7
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
8
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv3
|
9
|
-
# along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
|
10
|
-
#
|
11
|
-
|
12
|
-
$LOAD_PATH.unshift '/usr/share/foreman-proxy/lib'
|
13
|
-
$LOAD_PATH.unshift '/usr/share/foreman-proxy/modules'
|
14
|
-
|
15
|
-
require 'smart_proxy'
|
16
|
-
require 'smart_proxy_main'
|
17
|
-
require 'smart_proxy_openscap'
|
18
|
-
require 'smart_proxy_openscap/openscap_lib'
|
19
|
-
|
20
|
-
loaded_settings = Proxy::OpenSCAP.plugin_settings
|
21
|
-
|
22
|
-
# Don't run if OpenSCAP plugin is disabled or settings are missing.
|
23
|
-
if !loaded_settings.enabled || loaded_settings.nil? || loaded_settings.empty?
|
24
|
-
exit 436
|
25
|
-
end
|
26
|
-
|
27
|
-
module Proxy
|
28
|
-
module Log
|
29
|
-
@@logger = ::Logger.new(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP.plugin_settings.openscap_send_log_file), 6, 1024*1024*10)
|
30
|
-
@@logger.level = ::Logger.const_get(Proxy::SETTINGS.log_level.upcase)
|
31
|
-
end
|
32
|
-
end
|
33
|
-
include Proxy::Log
|
34
|
-
|
35
|
-
if !Proxy::SETTINGS.foreman_url
|
36
|
-
logger.error "Foreman URL not configured"
|
37
|
-
exit 437
|
38
|
-
end
|
39
|
-
|
40
|
-
lockfile = File.join(loaded_settings.spooldir, "spool.lock")
|
41
|
-
|
42
|
-
Signal.trap("TERM") {
|
43
|
-
FileUtils.rm(lockfile) if File.exist?(lockfile)
|
44
|
-
exit
|
45
|
-
}
|
46
|
-
|
47
|
-
if File.exist? lockfile
|
48
|
-
logger.debug "Lock file #{lockfile} for openscap spool exists, not sending spool to server"
|
49
|
-
exit
|
50
|
-
end
|
51
|
-
|
52
|
-
begin
|
53
|
-
FileUtils.touch lockfile
|
54
|
-
Proxy::OpenSCAP::send_spool_to_foreman(loaded_settings)
|
55
|
-
rescue StandardError => e
|
56
|
-
logger.error e
|
57
|
-
puts "#{e} See #{Proxy::OpenSCAP.fullpath(loaded_settings.openscap_send_log_file)}"
|
58
|
-
exit 438
|
59
|
-
ensure
|
60
|
-
FileUtils.rm lockfile
|
61
|
-
end
|
@@ -1,101 +0,0 @@
|
|
1
|
-
%global gem_name smart_proxy_openscap
|
2
|
-
|
3
|
-
%global foreman_proxy_bundlerd_dir /usr/share/foreman-proxy/bundler.d
|
4
|
-
%global foreman_proxy_pluginconf_dir /etc/foreman-proxy/settings.d
|
5
|
-
%global spool_dir /var/spool/foreman-proxy/openscap
|
6
|
-
%global proxy_user foreman-proxy
|
7
|
-
|
8
|
-
Name: rubygem-%{gem_name}
|
9
|
-
Version: 0.3.0
|
10
|
-
Release: 1%{?dist}
|
11
|
-
Summary: OpenSCAP plug-in for Foreman's smart-proxy.
|
12
|
-
Group: Applications/Internet
|
13
|
-
License: GPLv2+
|
14
|
-
URL: http://github.com/openscap/smart_proxy_openscap
|
15
|
-
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
|
16
|
-
#Requires: ruby(release)
|
17
|
-
Requires: ruby(rubygems)
|
18
|
-
Requires: foreman-proxy >= 1.7.0-0.develop.201410221520
|
19
|
-
Requires: crontabs
|
20
|
-
#BuildRequires: ruby(release)
|
21
|
-
BuildRequires: rubygems-devel
|
22
|
-
BuildRequires: ruby
|
23
|
-
BuildArch: noarch
|
24
|
-
Provides: rubygem(%{gem_name}) = %{version}
|
25
|
-
Obsoletes: rubygem-foreman-proxy_openscap
|
26
|
-
|
27
|
-
%description
|
28
|
-
A plug-in to the Foreman's smart-proxy which receives bzip2ed ARF files
|
29
|
-
and forwards them to the Foreman.
|
30
|
-
|
31
|
-
%prep
|
32
|
-
gem unpack %{SOURCE0}
|
33
|
-
%setup -q -D -T -n %{gem_name}-%{version}
|
34
|
-
gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
|
35
|
-
|
36
|
-
%build
|
37
|
-
# Create the gem as gem install only works on a gem file
|
38
|
-
gem build %{gem_name}.gemspec
|
39
|
-
|
40
|
-
# %%gem_install compiles any C extensions and installs the gem into ./%gem_dir
|
41
|
-
# by default, so that we can move it into the buildroot in %%install
|
42
|
-
%gem_install
|
43
|
-
|
44
|
-
%install
|
45
|
-
mkdir -p %{buildroot}%{gem_dir}
|
46
|
-
cp -a .%{gem_dir}/* \
|
47
|
-
%{buildroot}%{gem_dir}/
|
48
|
-
mv %{buildroot}%{gem_instdir}/%{gem_name}.gemspec %{buildroot}/%{gem_spec}
|
49
|
-
rm %{buildroot}%{gem_instdir}/extra/*.spec # this specfile
|
50
|
-
|
51
|
-
# executables
|
52
|
-
mkdir -p %{buildroot}%{_bindir}
|
53
|
-
mv %{buildroot}%{gem_instdir}/bin/* \
|
54
|
-
%{buildroot}%{_bindir}
|
55
|
-
|
56
|
-
# bundler file
|
57
|
-
mkdir -p %{buildroot}%{foreman_proxy_bundlerd_dir}
|
58
|
-
mv %{buildroot}%{gem_instdir}/bundler.d/openscap.rb \
|
59
|
-
%{buildroot}%{foreman_proxy_bundlerd_dir}
|
60
|
-
|
61
|
-
# sample config
|
62
|
-
mkdir -p %{buildroot}%{foreman_proxy_pluginconf_dir}
|
63
|
-
mv %{buildroot}%{gem_instdir}/settings.d/openscap.yml.example \
|
64
|
-
%{buildroot}%{foreman_proxy_pluginconf_dir}/
|
65
|
-
|
66
|
-
# crontab
|
67
|
-
mkdir -p %{buildroot}%{_sysconfdir}/cron.d/
|
68
|
-
mv %{buildroot}%{gem_instdir}/extra/smart-proxy-openscap-send.cron \
|
69
|
-
%{buildroot}%{_sysconfdir}/cron.d/%{name}
|
70
|
-
|
71
|
-
# create spool directory
|
72
|
-
mkdir -p %{buildroot}%{spool_dir}
|
73
|
-
|
74
|
-
%files
|
75
|
-
%dir %{gem_instdir}
|
76
|
-
%{gem_libdir}
|
77
|
-
%exclude %{gem_cache}
|
78
|
-
%{gem_spec}
|
79
|
-
|
80
|
-
%attr(-,%{proxy_user},%{proxy_user}) %{spool_dir}
|
81
|
-
%{foreman_proxy_bundlerd_dir}/openscap.rb
|
82
|
-
%{_bindir}/smart-proxy-openscap-send
|
83
|
-
%doc %{foreman_proxy_pluginconf_dir}/openscap.yml.example
|
84
|
-
%config(noreplace) %attr(0644, root, root) %{_sysconfdir}/cron.d/%{name}
|
85
|
-
|
86
|
-
%{gem_docdir}
|
87
|
-
%{gem_instdir}/README.md
|
88
|
-
%{gem_instdir}/COPYING
|
89
|
-
|
90
|
-
%changelog
|
91
|
-
* Tue Jan 20 2015 Šimon Lukašík <slukasik@redhat.com> - 0.3.0-1
|
92
|
-
- new upstream release
|
93
|
-
|
94
|
-
* Tue Jan 20 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.0-2
|
95
|
-
- renamed to smart_proxy_openscap
|
96
|
-
|
97
|
-
* Fri Oct 24 2014 Šimon Lukašík <slukasik@redhat.com> - 0.1.0-1
|
98
|
-
- rebuilt
|
99
|
-
|
100
|
-
* Fri Jul 18 2014 Šimon Lukašík <slukasik@redhat.com> - 0.0.1-1
|
101
|
-
- Initial package
|
@@ -1,19 +0,0 @@
|
|
1
|
-
require 'smart_proxy_openscap/foreman_forwarder'
|
2
|
-
|
3
|
-
module Proxy::OpenSCAP
|
4
|
-
class ForemanOvalForwarder < ForemanForwarder
|
5
|
-
private
|
6
|
-
|
7
|
-
def parse_report(cname, policy_id, date, report_data)
|
8
|
-
{
|
9
|
-
:oval_results => OvalReportParser.new.parse_cves(report_data),
|
10
|
-
:oval_policy_id => policy_id,
|
11
|
-
:cname => cname
|
12
|
-
}.to_json
|
13
|
-
end
|
14
|
-
|
15
|
-
def report_upload_path(cname, policy_id, date)
|
16
|
-
upload_path "oval_reports", cname, policy_id, date
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
@@ -1,54 +0,0 @@
|
|
1
|
-
require 'smart_proxy_openscap/openscap_exception'
|
2
|
-
require 'openscap_parser/oval_report'
|
3
|
-
|
4
|
-
module Proxy::OpenSCAP
|
5
|
-
class OvalReportParser
|
6
|
-
include Proxy::Log
|
7
|
-
|
8
|
-
def parse_cves(report_data)
|
9
|
-
report = oval_report report_data
|
10
|
-
results = report.definition_results.reduce({}) do |memo, result|
|
11
|
-
memo.tap { |acc| acc[result.definition_id] = parse_cve_res result }
|
12
|
-
end
|
13
|
-
|
14
|
-
report.definitions.map do |definition|
|
15
|
-
results[definition.id].merge(parse_cve_def definition)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
private
|
20
|
-
|
21
|
-
def parse_cve_def(definition)
|
22
|
-
refs = definition.references.reduce([]) do |memo, ref|
|
23
|
-
memo.tap { |acc| acc << { :ref_id => ref.ref_id, :ref_url => ref.ref_url } }
|
24
|
-
end
|
25
|
-
|
26
|
-
{ :references => refs, :definition_id => definition.id }
|
27
|
-
end
|
28
|
-
|
29
|
-
def parse_cve_res(result)
|
30
|
-
{ :result => result.result }
|
31
|
-
end
|
32
|
-
|
33
|
-
def oval_report(report_data)
|
34
|
-
decompressed = decompress report_data
|
35
|
-
::OpenscapParser::OvalReport.new(decompressed)
|
36
|
-
end
|
37
|
-
|
38
|
-
def decompress(report_data)
|
39
|
-
begin
|
40
|
-
file = Tempfile.new
|
41
|
-
file.write report_data
|
42
|
-
file.rewind
|
43
|
-
decompressed = `bunzip2 -dc #{file.path}`
|
44
|
-
rescue => e
|
45
|
-
logger.error e
|
46
|
-
raise Proxy::OpenSCAP::ReportDecompressError, "Failed to decompress received report bzip, cause: #{e.message}"
|
47
|
-
ensure
|
48
|
-
file.close
|
49
|
-
file.unlink
|
50
|
-
end
|
51
|
-
decompressed
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
@@ -1,26 +0,0 @@
|
|
1
|
-
require 'smart_proxy_openscap/storage_fs_common'
|
2
|
-
require 'smart_proxy_openscap/openscap_exception'
|
3
|
-
|
4
|
-
module Proxy::OpenSCAP
|
5
|
-
class OvalReportStorageFs
|
6
|
-
include StorageFsCommon
|
7
|
-
|
8
|
-
def initialize(path_to_dir, oval_policy_id, cname, reported_at)
|
9
|
-
@namespace = 'oval'
|
10
|
-
@reported_at = reported_at
|
11
|
-
@path = "#{path_to_dir}/#{@namespace}/#{oval_policy_id}/#{cname}/"
|
12
|
-
end
|
13
|
-
|
14
|
-
def store_report(report_data)
|
15
|
-
store(report_data, StoreReportError)
|
16
|
-
end
|
17
|
-
|
18
|
-
private
|
19
|
-
|
20
|
-
def store_file(path_to_store, report_data)
|
21
|
-
target_path = "#{path_to_store}#{@reported_at}"
|
22
|
-
File.open(target_path, 'w') { |f| f.write(report_data) }
|
23
|
-
target_path
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
@@ -1,38 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
require 'smart_proxy_openscap'
|
3
|
-
require 'smart_proxy_openscap/openscap_api'
|
4
|
-
|
5
|
-
ENV['RACK_ENV'] = 'test'
|
6
|
-
|
7
|
-
class FetchOvalContentApiTest < Test::Unit::TestCase
|
8
|
-
include Rack::Test::Methods
|
9
|
-
|
10
|
-
def setup
|
11
|
-
@foreman_url = 'https://foreman.example.com'
|
12
|
-
@fixture_path = "/test/data/rhel-7-including-unpatched.oval.xml.bz2"
|
13
|
-
@fixture_full_path = File.join(Dir.getwd, @fixture_path)
|
14
|
-
Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
|
15
|
-
@results_path = ("#{Dir.getwd}/test/test_run_files")
|
16
|
-
FileUtils.mkdir_p(@results_path)
|
17
|
-
Proxy::OpenSCAP::Plugin.settings.stubs(:oval_content_dir).returns(@results_path)
|
18
|
-
@oval_content = File.new(@fixture_full_path).read
|
19
|
-
@digest = Digest::SHA256.hexdigest @oval_content
|
20
|
-
@policy_id = 1
|
21
|
-
end
|
22
|
-
|
23
|
-
def teardown
|
24
|
-
FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
|
25
|
-
end
|
26
|
-
|
27
|
-
def app
|
28
|
-
::Proxy::OpenSCAP::Api.new
|
29
|
-
end
|
30
|
-
|
31
|
-
def test_get_oval_content_from_file
|
32
|
-
FileUtils.mkdir("#{@results_path}/#{@policy_id}")
|
33
|
-
FileUtils.cp(@fixture_full_path, "#{@results_path}/#{@policy_id}/#{@digest}.oval.xml.bz2")
|
34
|
-
get "/oval_policies/#{@policy_id}/oval_content/#{@digest}"
|
35
|
-
assert_equal("application/x-bzip2", last_response.header["Content-Type"], "Response header should be application/x-bzip2")
|
36
|
-
assert(last_response.successful?, "Response should be success")
|
37
|
-
end
|
38
|
-
end
|
@@ -1,14 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
require 'smart_proxy_openscap'
|
3
|
-
require 'smart_proxy_openscap/oval_report_parser'
|
4
|
-
|
5
|
-
class OvalReportParserTest < Test::Unit::TestCase
|
6
|
-
|
7
|
-
def test_oval_report_parsing
|
8
|
-
oval_report = File.open("#{Dir.getwd}/test/data/oval-results.xml.bz2").read
|
9
|
-
res = Proxy::OpenSCAP::OvalReportParser.new.parse_cves oval_report
|
10
|
-
refute res.empty?
|
11
|
-
assert res.first[:result]
|
12
|
-
refute res.first[:references].empty?
|
13
|
-
end
|
14
|
-
end
|
@@ -1,30 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
require 'smart_proxy_openscap'
|
3
|
-
require 'smart_proxy_openscap/openscap_api'
|
4
|
-
|
5
|
-
ENV['RACK_ENV'] = 'test'
|
6
|
-
|
7
|
-
class PostOvalReportApiTest < Test::Unit::TestCase
|
8
|
-
include Rack::Test::Methods
|
9
|
-
|
10
|
-
setup do
|
11
|
-
@foreman_url = 'https://foreman.example.com'
|
12
|
-
Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
|
13
|
-
@oval_report = File.open("#{Dir.getwd}/test/data/oval-results.xml.bz2").read
|
14
|
-
@cname = 'node.example.org'
|
15
|
-
@date = Time.now.to_i
|
16
|
-
@policy_id = 1
|
17
|
-
Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
|
18
|
-
end
|
19
|
-
|
20
|
-
def app
|
21
|
-
::Proxy::OpenSCAP::Api.new
|
22
|
-
end
|
23
|
-
|
24
|
-
def test_post_oval_report_to_foreman
|
25
|
-
stub_request(:post, "#{@foreman_url}/api/v2/compliance/oval_reports/#{@cname}/#{@policy_id}/#{@date}")
|
26
|
-
.to_return(:status => 200, :body => '{ "result": "ok" }')
|
27
|
-
post "/oval_reports/#{@policy_id}", @oval_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
28
|
-
assert(last_response.successful?, "Should be a success")
|
29
|
-
end
|
30
|
-
end
|