smart_proxy_openscap 0.10.0 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smart_proxy_openscap/fetch_scap_file.rb +1 -5
- data/lib/smart_proxy_openscap/openscap_api.rb +2 -30
- data/lib/smart_proxy_openscap/openscap_lib.rb +0 -3
- data/lib/smart_proxy_openscap/openscap_plugin.rb +1 -2
- data/lib/smart_proxy_openscap/version.rb +1 -1
- data/settings.d/openscap.yml.example +0 -3
- metadata +3 -9
- data/lib/smart_proxy_openscap/foreman_oval_forwarder.rb +0 -19
- data/lib/smart_proxy_openscap/oval_report_parser.rb +0 -54
- data/lib/smart_proxy_openscap/oval_report_storage_fs.rb +0 -26
- data/test/fetch_oval_content_api_test.rb +0 -38
- data/test/oval_report_parser_test.rb +0 -14
- data/test/post_oval_report_api_test.rb +0 -30
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d72c5e418a9d30974b6154fbbdaf68e0c1cf88852626683021100310920e109a
|
|
4
|
+
data.tar.gz: d306fa47b4a2120c87d0ac8e7a4a0967cf9e77d8b689e83a2c4ccf655f227533
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9cba3aded1feccdd109d77c43579fc997388759ef00746da23e2c4005368655c7a04b4e971d7047cc67cca131b3dbf2ab07e789c3750c17d28fe5f7c26566ff0
|
|
7
|
+
data.tar.gz: 565420ad4a7368b91207eaa727c4243bb3abc09b92d806d8c98fd77f32b7346d216cd244afe14db8262b2b69e7f79b62bba9755abfe6197eb4ace92b41d67adc
|
|
@@ -24,8 +24,6 @@ module Proxy::OpenSCAP
|
|
|
24
24
|
"api/v2/compliance/policies/:policy_id/content"
|
|
25
25
|
when :tailoring_file
|
|
26
26
|
"api/v2/compliance/policies/:policy_id/tailoring"
|
|
27
|
-
when :oval_content
|
|
28
|
-
"api/v2/compliance/oval_policies/:policy_id/oval_content"
|
|
29
27
|
end
|
|
30
28
|
end
|
|
31
29
|
|
|
@@ -33,13 +31,11 @@ module Proxy::OpenSCAP
|
|
|
33
31
|
case @type
|
|
34
32
|
when :scap_content, :tailoring_file
|
|
35
33
|
"#{policy_id}_#{digest}.xml"
|
|
36
|
-
when :oval_content
|
|
37
|
-
"#{digest}.oval.xml.bz2"
|
|
38
34
|
end
|
|
39
35
|
end
|
|
40
36
|
|
|
41
37
|
def allowed_types
|
|
42
|
-
[:scap_content, :tailoring_file
|
|
38
|
+
[:scap_content, :tailoring_file]
|
|
43
39
|
end
|
|
44
40
|
end
|
|
45
41
|
end
|
|
@@ -25,7 +25,7 @@ module Proxy::OpenSCAP
|
|
|
25
25
|
include ::Proxy::Log
|
|
26
26
|
helpers ::Proxy::Helpers
|
|
27
27
|
authorize_with_ssl_client
|
|
28
|
-
CLIENT_PATHS = Regexp.compile(%r{^(/arf/\d+|/policies/\d+/content/|/policies/\d+/tailoring
|
|
28
|
+
CLIENT_PATHS = Regexp.compile(%r{^(/arf/\d+|/policies/\d+/content/|/policies/\d+/tailoring/)})
|
|
29
29
|
|
|
30
30
|
# authorize via trusted hosts but let client paths in without such authorization
|
|
31
31
|
before do
|
|
@@ -33,7 +33,7 @@ module Proxy::OpenSCAP
|
|
|
33
33
|
do_authorize_with_trusted_hosts
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
-
before '
|
|
36
|
+
before '/arf/*' do
|
|
37
37
|
begin
|
|
38
38
|
@cn = Proxy::OpenSCAP::common_name request
|
|
39
39
|
rescue Proxy::Error::Unauthorized => e
|
|
@@ -72,22 +72,6 @@ module Proxy::OpenSCAP
|
|
|
72
72
|
end
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
post "/oval_reports/:oval_policy_id" do
|
|
76
|
-
ForemanOvalForwarder.new.post_report(@cn, params[:oval_policy_id], @reported_at, request.body.string, Plugin.settings.timeout)
|
|
77
|
-
|
|
78
|
-
{ :reported_at => Time.at(@reported_at) }.to_json
|
|
79
|
-
rescue *HTTP_ERRORS => e
|
|
80
|
-
msg = "Failed to upload to Foreman, failed with: #{e.message}"
|
|
81
|
-
logger.error e
|
|
82
|
-
{ :result => msg }.to_json
|
|
83
|
-
rescue Nokogiri::XML::SyntaxError => e
|
|
84
|
-
logger.error e
|
|
85
|
-
{ :result => 'Failed to parse OVAL report, see proxy logs for details' }.to_json
|
|
86
|
-
rescue Proxy::OpenSCAP::ReportUploadError, Proxy::OpenSCAP::ReportDecompressError => e
|
|
87
|
-
{ :result => e.message }.to_json
|
|
88
|
-
end
|
|
89
|
-
|
|
90
|
-
|
|
91
75
|
get "/arf/:id/:cname/:date/:digest/xml" do
|
|
92
76
|
content_type 'application/x-bzip2'
|
|
93
77
|
begin
|
|
@@ -139,18 +123,6 @@ module Proxy::OpenSCAP
|
|
|
139
123
|
end
|
|
140
124
|
end
|
|
141
125
|
|
|
142
|
-
get "/oval_policies/:oval_policy_id/oval_content/:digest" do
|
|
143
|
-
content_type 'application/x-bzip2'
|
|
144
|
-
begin
|
|
145
|
-
Proxy::OpenSCAP::FetchScapFile.new(:oval_content)
|
|
146
|
-
.fetch(params[:oval_policy_id], params[:digest], Proxy::OpenSCAP::Plugin.settings.oval_content_dir)
|
|
147
|
-
rescue *HTTP => e
|
|
148
|
-
log_halt e.response.code.to_i, file_not_found_msg
|
|
149
|
-
rescue StandardError => e
|
|
150
|
-
log_halt 500, "Error occurred: #{e.message}"
|
|
151
|
-
end
|
|
152
|
-
end
|
|
153
|
-
|
|
154
126
|
post "/scap_content/policies" do
|
|
155
127
|
begin
|
|
156
128
|
Proxy::OpenSCAP::ProfilesParser.new.profiles('scap_content', request.body.string)
|
|
@@ -17,7 +17,6 @@ require 'yaml'
|
|
|
17
17
|
require 'ostruct'
|
|
18
18
|
require 'proxy/request'
|
|
19
19
|
require 'smart_proxy_openscap/foreman_arf_forwarder'
|
|
20
|
-
require 'smart_proxy_openscap/foreman_oval_forwarder'
|
|
21
20
|
require 'smart_proxy_openscap/content_parser'
|
|
22
21
|
require 'smart_proxy_openscap/openscap_exception'
|
|
23
22
|
require 'smart_proxy_openscap/arf_parser'
|
|
@@ -25,8 +24,6 @@ require 'smart_proxy_openscap/spool_forwarder'
|
|
|
25
24
|
require 'smart_proxy_openscap/openscap_html_generator'
|
|
26
25
|
require 'smart_proxy_openscap/policy_parser'
|
|
27
26
|
require 'smart_proxy_openscap/profiles_parser'
|
|
28
|
-
require 'smart_proxy_openscap/oval_report_storage_fs'
|
|
29
|
-
require 'smart_proxy_openscap/oval_report_parser'
|
|
30
27
|
require 'smart_proxy_openscap/fetch_scap_file'
|
|
31
28
|
|
|
32
29
|
module Proxy::OpenSCAP
|
|
@@ -22,7 +22,6 @@ module Proxy::OpenSCAP
|
|
|
22
22
|
:contentdir => File.join(APP_ROOT, 'openscap/content'),
|
|
23
23
|
:reportsdir => File.join(APP_ROOT, 'openscap/reports'),
|
|
24
24
|
:failed_dir => File.join(APP_ROOT, 'openscap/failed'),
|
|
25
|
-
:tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
|
|
26
|
-
:oval_content_dir => File.join(APP_ROOT, 'openscap/oval_content')
|
|
25
|
+
:tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
|
|
27
26
|
end
|
|
28
27
|
end
|
|
@@ -31,6 +31,3 @@
|
|
|
31
31
|
# Affects sending reports to Foreman (directly and from spool) and fetching scap content or tailoring file
|
|
32
32
|
# for distribution to clients
|
|
33
33
|
#:timeout: 60
|
|
34
|
-
|
|
35
|
-
# Directory where OpenSCAP OVAL content bzipped XML are stored
|
|
36
|
-
#:oval_content_dir: /var/lib/openscap/oval_content
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_openscap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Šimon Lukašík
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2024-05-
|
|
13
|
+
date: 2024-05-30 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rake
|
|
@@ -125,7 +125,6 @@ files:
|
|
|
125
125
|
- lib/smart_proxy_openscap/fetch_scap_file.rb
|
|
126
126
|
- lib/smart_proxy_openscap/foreman_arf_forwarder.rb
|
|
127
127
|
- lib/smart_proxy_openscap/foreman_forwarder.rb
|
|
128
|
-
- lib/smart_proxy_openscap/foreman_oval_forwarder.rb
|
|
129
128
|
- lib/smart_proxy_openscap/http_config.ru
|
|
130
129
|
- lib/smart_proxy_openscap/openscap_api.rb
|
|
131
130
|
- lib/smart_proxy_openscap/openscap_exception.rb
|
|
@@ -133,8 +132,6 @@ files:
|
|
|
133
132
|
- lib/smart_proxy_openscap/openscap_import_api.rb
|
|
134
133
|
- lib/smart_proxy_openscap/openscap_lib.rb
|
|
135
134
|
- lib/smart_proxy_openscap/openscap_plugin.rb
|
|
136
|
-
- lib/smart_proxy_openscap/oval_report_parser.rb
|
|
137
|
-
- lib/smart_proxy_openscap/oval_report_storage_fs.rb
|
|
138
135
|
- lib/smart_proxy_openscap/policy_guide.rb
|
|
139
136
|
- lib/smart_proxy_openscap/policy_parser.rb
|
|
140
137
|
- lib/smart_proxy_openscap/profiles_parser.rb
|
|
@@ -158,12 +155,9 @@ files:
|
|
|
158
155
|
- test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
|
159
156
|
- test/data/ssg-rhel7-ds.xml
|
|
160
157
|
- test/data/tailoring.xml
|
|
161
|
-
- test/fetch_oval_content_api_test.rb
|
|
162
158
|
- test/fetch_scap_api_test.rb
|
|
163
159
|
- test/fetch_tailoring_api_test.rb
|
|
164
160
|
- test/get_report_xml_html_test.rb
|
|
165
|
-
- test/oval_report_parser_test.rb
|
|
166
|
-
- test/post_oval_report_api_test.rb
|
|
167
161
|
- test/post_report_api_test.rb
|
|
168
162
|
- test/scap_content_parser_api_test.rb
|
|
169
163
|
- test/script_class_test.rb
|
|
@@ -189,7 +183,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
189
183
|
version: '0'
|
|
190
184
|
requirements:
|
|
191
185
|
- bzip2
|
|
192
|
-
rubygems_version: 3.
|
|
186
|
+
rubygems_version: 3.3.26
|
|
193
187
|
signing_key:
|
|
194
188
|
specification_version: 4
|
|
195
189
|
summary: OpenSCAP plug-in for Foreman's smart-proxy.
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
require 'smart_proxy_openscap/foreman_forwarder'
|
|
2
|
-
|
|
3
|
-
module Proxy::OpenSCAP
|
|
4
|
-
class ForemanOvalForwarder < ForemanForwarder
|
|
5
|
-
private
|
|
6
|
-
|
|
7
|
-
def parse_report(cname, policy_id, date, report_data)
|
|
8
|
-
{
|
|
9
|
-
:oval_results => OvalReportParser.new.parse_cves(report_data),
|
|
10
|
-
:oval_policy_id => policy_id,
|
|
11
|
-
:cname => cname
|
|
12
|
-
}.to_json
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
def report_upload_path(cname, policy_id, date)
|
|
16
|
-
upload_path "oval_reports", cname, policy_id, date
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
end
|
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
require 'smart_proxy_openscap/openscap_exception'
|
|
2
|
-
require 'openscap_parser/oval_report'
|
|
3
|
-
|
|
4
|
-
module Proxy::OpenSCAP
|
|
5
|
-
class OvalReportParser
|
|
6
|
-
include Proxy::Log
|
|
7
|
-
|
|
8
|
-
def parse_cves(report_data)
|
|
9
|
-
report = oval_report report_data
|
|
10
|
-
results = report.definition_results.reduce({}) do |memo, result|
|
|
11
|
-
memo.tap { |acc| acc[result.definition_id] = parse_cve_res result }
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
report.definitions.map do |definition|
|
|
15
|
-
results[definition.id].merge(parse_cve_def definition)
|
|
16
|
-
end
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
private
|
|
20
|
-
|
|
21
|
-
def parse_cve_def(definition)
|
|
22
|
-
refs = definition.references.reduce([]) do |memo, ref|
|
|
23
|
-
memo.tap { |acc| acc << { :ref_id => ref.ref_id, :ref_url => ref.ref_url } }
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
{ :references => refs, :definition_id => definition.id }
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def parse_cve_res(result)
|
|
30
|
-
{ :result => result.result }
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def oval_report(report_data)
|
|
34
|
-
decompressed = decompress report_data
|
|
35
|
-
::OpenscapParser::OvalReport.new(decompressed)
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def decompress(report_data)
|
|
39
|
-
begin
|
|
40
|
-
file = Tempfile.new
|
|
41
|
-
file.write report_data
|
|
42
|
-
file.rewind
|
|
43
|
-
decompressed = `bunzip2 -dc #{file.path}`
|
|
44
|
-
rescue => e
|
|
45
|
-
logger.error e
|
|
46
|
-
raise Proxy::OpenSCAP::ReportDecompressError, "Failed to decompress received report bzip, cause: #{e.message}"
|
|
47
|
-
ensure
|
|
48
|
-
file.close
|
|
49
|
-
file.unlink
|
|
50
|
-
end
|
|
51
|
-
decompressed
|
|
52
|
-
end
|
|
53
|
-
end
|
|
54
|
-
end
|
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
require 'smart_proxy_openscap/storage_fs_common'
|
|
2
|
-
require 'smart_proxy_openscap/openscap_exception'
|
|
3
|
-
|
|
4
|
-
module Proxy::OpenSCAP
|
|
5
|
-
class OvalReportStorageFs
|
|
6
|
-
include StorageFsCommon
|
|
7
|
-
|
|
8
|
-
def initialize(path_to_dir, oval_policy_id, cname, reported_at)
|
|
9
|
-
@namespace = 'oval'
|
|
10
|
-
@reported_at = reported_at
|
|
11
|
-
@path = "#{path_to_dir}/#{@namespace}/#{oval_policy_id}/#{cname}/"
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def store_report(report_data)
|
|
15
|
-
store(report_data, StoreReportError)
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
private
|
|
19
|
-
|
|
20
|
-
def store_file(path_to_store, report_data)
|
|
21
|
-
target_path = "#{path_to_store}#{@reported_at}"
|
|
22
|
-
File.open(target_path, 'w') { |f| f.write(report_data) }
|
|
23
|
-
target_path
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
|
-
end
|
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
require 'test_helper'
|
|
2
|
-
require 'smart_proxy_openscap'
|
|
3
|
-
require 'smart_proxy_openscap/openscap_api'
|
|
4
|
-
|
|
5
|
-
ENV['RACK_ENV'] = 'test'
|
|
6
|
-
|
|
7
|
-
class FetchOvalContentApiTest < Test::Unit::TestCase
|
|
8
|
-
include Rack::Test::Methods
|
|
9
|
-
|
|
10
|
-
def setup
|
|
11
|
-
@foreman_url = 'https://foreman.example.com'
|
|
12
|
-
@fixture_path = "/test/data/rhel-7-including-unpatched.oval.xml.bz2"
|
|
13
|
-
@fixture_full_path = File.join(Dir.getwd, @fixture_path)
|
|
14
|
-
Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
|
|
15
|
-
@results_path = ("#{Dir.getwd}/test/test_run_files")
|
|
16
|
-
FileUtils.mkdir_p(@results_path)
|
|
17
|
-
Proxy::OpenSCAP::Plugin.settings.stubs(:oval_content_dir).returns(@results_path)
|
|
18
|
-
@oval_content = File.new(@fixture_full_path).read
|
|
19
|
-
@digest = Digest::SHA256.hexdigest @oval_content
|
|
20
|
-
@policy_id = 1
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def teardown
|
|
24
|
-
FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
def app
|
|
28
|
-
::Proxy::OpenSCAP::Api.new
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def test_get_oval_content_from_file
|
|
32
|
-
FileUtils.mkdir("#{@results_path}/#{@policy_id}")
|
|
33
|
-
FileUtils.cp(@fixture_full_path, "#{@results_path}/#{@policy_id}/#{@digest}.oval.xml.bz2")
|
|
34
|
-
get "/oval_policies/#{@policy_id}/oval_content/#{@digest}"
|
|
35
|
-
assert_equal("application/x-bzip2", last_response.header["Content-Type"], "Response header should be application/x-bzip2")
|
|
36
|
-
assert(last_response.successful?, "Response should be success")
|
|
37
|
-
end
|
|
38
|
-
end
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
require 'test_helper'
|
|
2
|
-
require 'smart_proxy_openscap'
|
|
3
|
-
require 'smart_proxy_openscap/oval_report_parser'
|
|
4
|
-
|
|
5
|
-
class OvalReportParserTest < Test::Unit::TestCase
|
|
6
|
-
|
|
7
|
-
def test_oval_report_parsing
|
|
8
|
-
oval_report = File.open("#{Dir.getwd}/test/data/oval-results.xml.bz2").read
|
|
9
|
-
res = Proxy::OpenSCAP::OvalReportParser.new.parse_cves oval_report
|
|
10
|
-
refute res.empty?
|
|
11
|
-
assert res.first[:result]
|
|
12
|
-
refute res.first[:references].empty?
|
|
13
|
-
end
|
|
14
|
-
end
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
require 'test_helper'
|
|
2
|
-
require 'smart_proxy_openscap'
|
|
3
|
-
require 'smart_proxy_openscap/openscap_api'
|
|
4
|
-
|
|
5
|
-
ENV['RACK_ENV'] = 'test'
|
|
6
|
-
|
|
7
|
-
class PostOvalReportApiTest < Test::Unit::TestCase
|
|
8
|
-
include Rack::Test::Methods
|
|
9
|
-
|
|
10
|
-
setup do
|
|
11
|
-
@foreman_url = 'https://foreman.example.com'
|
|
12
|
-
Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
|
|
13
|
-
@oval_report = File.open("#{Dir.getwd}/test/data/oval-results.xml.bz2").read
|
|
14
|
-
@cname = 'node.example.org'
|
|
15
|
-
@date = Time.now.to_i
|
|
16
|
-
@policy_id = 1
|
|
17
|
-
Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def app
|
|
21
|
-
::Proxy::OpenSCAP::Api.new
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
def test_post_oval_report_to_foreman
|
|
25
|
-
stub_request(:post, "#{@foreman_url}/api/v2/compliance/oval_reports/#{@cname}/#{@policy_id}/#{@date}")
|
|
26
|
-
.to_return(:status => 200, :body => '{ "result": "ok" }')
|
|
27
|
-
post "/oval_reports/#{@policy_id}", @oval_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
|
28
|
-
assert(last_response.successful?, "Should be a success")
|
|
29
|
-
end
|
|
30
|
-
end
|