smart_proxy_openscap 0.10.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 02ab6e238370db54d999386c79f2735991d9e1c4b23b3a0e9fc86471e82d238a
-  data.tar.gz: e75f6b653f970415b622304c9526543d81514488be71e3bf62b077bfe41df427
+  metadata.gz: d72c5e418a9d30974b6154fbbdaf68e0c1cf88852626683021100310920e109a
+  data.tar.gz: d306fa47b4a2120c87d0ac8e7a4a0967cf9e77d8b689e83a2c4ccf655f227533
 SHA512:
-  metadata.gz: 42d35a3f634b32d1936e6cee7cfc94d764bf43a856004fe6907f6a3b1097dd4d2175f59f295a89ff06240fb1948bf29fffb1659a0a1633f593c9cb67f0f8ed91
-  data.tar.gz: 80171b3bcbf413ba40a76875febf710e64faca2b84febf048056cb3b1777ccd7d228aced737a87e51906bffaf163fd60728b1c968117d9edf663442cef18c76a
+  metadata.gz: 9cba3aded1feccdd109d77c43579fc997388759ef00746da23e2c4005368655c7a04b4e971d7047cc67cca131b3dbf2ab07e789c3750c17d28fe5f7c26566ff0
+  data.tar.gz: 565420ad4a7368b91207eaa727c4243bb3abc09b92d806d8c98fd77f32b7346d216cd244afe14db8262b2b69e7f79b62bba9755abfe6197eb4ace92b41d67adc

data/lib/smart_proxy_openscap/fetch_scap_file.rb

@@ -24,8 +24,6 @@ module Proxy::OpenSCAP
         "api/v2/compliance/policies/:policy_id/content"
       when :tailoring_file
         "api/v2/compliance/policies/:policy_id/tailoring"
-      when :oval_content
-        "api/v2/compliance/oval_policies/:policy_id/oval_content"
       end
     end
 
@@ -33,13 +31,11 @@ module Proxy::OpenSCAP
       case @type
       when :scap_content, :tailoring_file
         "#{policy_id}_#{digest}.xml"
-      when :oval_content
-        "#{digest}.oval.xml.bz2"
       end
     end
 
     def allowed_types
-      [:scap_content, :tailoring_file, :oval_content]
+      [:scap_content, :tailoring_file]
     end
   end
 end

data/lib/smart_proxy_openscap/openscap_api.rb

@@ -25,7 +25,7 @@ module Proxy::OpenSCAP
     include ::Proxy::Log
     helpers ::Proxy::Helpers
     authorize_with_ssl_client
-    CLIENT_PATHS = Regexp.compile(%r{^(/arf/\d+|/policies/\d+/content/|/policies/\d+/tailoring/|/oval_reports|/oval_policies)})
+    CLIENT_PATHS = Regexp.compile(%r{^(/arf/\d+|/policies/\d+/content/|/policies/\d+/tailoring/)})
 
     # authorize via trusted hosts but let client paths in without such authorization
     before do
@@ -33,7 +33,7 @@ module Proxy::OpenSCAP
       do_authorize_with_trusted_hosts
     end
 
-    before '(/arf/*|/oval_reports/*)' do
+    before '/arf/*' do
       begin
         @cn = Proxy::OpenSCAP::common_name request
       rescue Proxy::Error::Unauthorized => e
@@ -72,22 +72,6 @@ module Proxy::OpenSCAP
       end
     end
 
-    post "/oval_reports/:oval_policy_id" do
-      ForemanOvalForwarder.new.post_report(@cn, params[:oval_policy_id], @reported_at, request.body.string, Plugin.settings.timeout)
-
-      { :reported_at => Time.at(@reported_at) }.to_json
-    rescue *HTTP_ERRORS => e
-      msg = "Failed to upload to Foreman, failed with: #{e.message}"
-      logger.error e
-      { :result => msg }.to_json
-    rescue Nokogiri::XML::SyntaxError => e
-      logger.error e
-      { :result => 'Failed to parse OVAL report, see proxy logs for details' }.to_json
-    rescue Proxy::OpenSCAP::ReportUploadError, Proxy::OpenSCAP::ReportDecompressError => e
-      { :result => e.message }.to_json
-    end
-
-
     get "/arf/:id/:cname/:date/:digest/xml" do
       content_type 'application/x-bzip2'
       begin
@@ -139,18 +123,6 @@ module Proxy::OpenSCAP
       end
     end
 
-    get "/oval_policies/:oval_policy_id/oval_content/:digest" do
-      content_type 'application/x-bzip2'
-      begin
-        Proxy::OpenSCAP::FetchScapFile.new(:oval_content)
-          .fetch(params[:oval_policy_id], params[:digest], Proxy::OpenSCAP::Plugin.settings.oval_content_dir)
-      rescue *HTTP => e
-        log_halt e.response.code.to_i, file_not_found_msg
-      rescue StandardError => e
-        log_halt 500, "Error occurred: #{e.message}"
-      end
-    end
-
     post "/scap_content/policies" do
       begin
         Proxy::OpenSCAP::ProfilesParser.new.profiles('scap_content', request.body.string)

data/lib/smart_proxy_openscap/openscap_lib.rb

@@ -17,7 +17,6 @@ require 'yaml'
 require 'ostruct'
 require 'proxy/request'
 require 'smart_proxy_openscap/foreman_arf_forwarder'
-require 'smart_proxy_openscap/foreman_oval_forwarder'
 require 'smart_proxy_openscap/content_parser'
 require 'smart_proxy_openscap/openscap_exception'
 require 'smart_proxy_openscap/arf_parser'
@@ -25,8 +24,6 @@ require 'smart_proxy_openscap/spool_forwarder'
 require 'smart_proxy_openscap/openscap_html_generator'
 require 'smart_proxy_openscap/policy_parser'
 require 'smart_proxy_openscap/profiles_parser'
-require 'smart_proxy_openscap/oval_report_storage_fs'
-require 'smart_proxy_openscap/oval_report_parser'
 require 'smart_proxy_openscap/fetch_scap_file'
 
 module Proxy::OpenSCAP

data/lib/smart_proxy_openscap/openscap_plugin.rb

@@ -22,7 +22,6 @@ module Proxy::OpenSCAP
                      :contentdir => File.join(APP_ROOT, 'openscap/content'),
                      :reportsdir => File.join(APP_ROOT, 'openscap/reports'),
                      :failed_dir => File.join(APP_ROOT, 'openscap/failed'),
-                     :tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring'),
-                     :oval_content_dir => File.join(APP_ROOT, 'openscap/oval_content')
+                     :tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
   end
 end

data/lib/smart_proxy_openscap/version.rb

@@ -10,6 +10,6 @@
 
 module Proxy
   module OpenSCAP
-    VERSION = '0.10.0'
+    VERSION = '0.11.0'
   end
 end

data/settings.d/openscap.yml.example

@@ -31,6 +31,3 @@
 # Affects sending reports to Foreman (directly and from spool) and fetching scap content or tailoring file
 # for distribution to clients
 #:timeout: 60
-
-# Directory where OpenSCAP OVAL content bzipped XML are stored
-#:oval_content_dir: /var/lib/openscap/oval_content

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_openscap
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors:
 - Šimon Lukašík
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-15 00:00:00.000000000 Z
+date: 2024-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -125,7 +125,6 @@ files:
 - lib/smart_proxy_openscap/fetch_scap_file.rb
 - lib/smart_proxy_openscap/foreman_arf_forwarder.rb
 - lib/smart_proxy_openscap/foreman_forwarder.rb
-- lib/smart_proxy_openscap/foreman_oval_forwarder.rb
 - lib/smart_proxy_openscap/http_config.ru
 - lib/smart_proxy_openscap/openscap_api.rb
 - lib/smart_proxy_openscap/openscap_exception.rb
@@ -133,8 +132,6 @@ files:
 - lib/smart_proxy_openscap/openscap_import_api.rb
 - lib/smart_proxy_openscap/openscap_lib.rb
 - lib/smart_proxy_openscap/openscap_plugin.rb
-- lib/smart_proxy_openscap/oval_report_parser.rb
-- lib/smart_proxy_openscap/oval_report_storage_fs.rb
 - lib/smart_proxy_openscap/policy_guide.rb
 - lib/smart_proxy_openscap/policy_parser.rb
 - lib/smart_proxy_openscap/profiles_parser.rb
@@ -158,12 +155,9 @@ files:
 - test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
 - test/data/ssg-rhel7-ds.xml
 - test/data/tailoring.xml
-- test/fetch_oval_content_api_test.rb
 - test/fetch_scap_api_test.rb
 - test/fetch_tailoring_api_test.rb
 - test/get_report_xml_html_test.rb
-- test/oval_report_parser_test.rb
-- test/post_oval_report_api_test.rb
 - test/post_report_api_test.rb
 - test/scap_content_parser_api_test.rb
 - test/script_class_test.rb
@@ -189,7 +183,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - bzip2
-rubygems_version: 3.5.9
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: OpenSCAP plug-in for Foreman's smart-proxy.

data/lib/smart_proxy_openscap/foreman_oval_forwarder.rb

@@ -1,19 +0,0 @@
-require 'smart_proxy_openscap/foreman_forwarder'
-
-module Proxy::OpenSCAP
-  class ForemanOvalForwarder < ForemanForwarder
-    private
-
-    def parse_report(cname, policy_id, date, report_data)
-      {
-        :oval_results => OvalReportParser.new.parse_cves(report_data),
-        :oval_policy_id => policy_id,
-        :cname => cname
-      }.to_json
-    end
-
-    def report_upload_path(cname, policy_id, date)
-      upload_path "oval_reports", cname, policy_id, date
-    end
-  end
-end

data/lib/smart_proxy_openscap/oval_report_parser.rb

@@ -1,54 +0,0 @@
-require 'smart_proxy_openscap/openscap_exception'
-require 'openscap_parser/oval_report'
-
-module Proxy::OpenSCAP
-  class OvalReportParser
-    include Proxy::Log
-
-    def parse_cves(report_data)
-      report = oval_report report_data
-      results = report.definition_results.reduce({}) do |memo, result|
-        memo.tap { |acc| acc[result.definition_id] = parse_cve_res result }
-      end
-
-      report.definitions.map do |definition|
-        results[definition.id].merge(parse_cve_def definition)
-      end
-    end
-
-    private
-
-    def parse_cve_def(definition)
-      refs = definition.references.reduce([]) do |memo, ref|
-        memo.tap { |acc| acc << { :ref_id => ref.ref_id, :ref_url => ref.ref_url } }
-      end
-
-      { :references => refs, :definition_id => definition.id }
-    end
-
-    def parse_cve_res(result)
-      { :result => result.result }
-    end
-
-    def oval_report(report_data)
-      decompressed = decompress report_data
-      ::OpenscapParser::OvalReport.new(decompressed)
-    end
-
-    def decompress(report_data)
-      begin
-        file = Tempfile.new
-        file.write report_data
-        file.rewind
-        decompressed = `bunzip2 -dc #{file.path}`
-      rescue => e
-        logger.error e
-        raise Proxy::OpenSCAP::ReportDecompressError, "Failed to decompress received report bzip, cause: #{e.message}"
-      ensure
-        file.close
-        file.unlink
-      end
-      decompressed
-    end
-  end
-end

data/lib/smart_proxy_openscap/oval_report_storage_fs.rb

@@ -1,26 +0,0 @@
-require 'smart_proxy_openscap/storage_fs_common'
-require 'smart_proxy_openscap/openscap_exception'
-
-module Proxy::OpenSCAP
-  class OvalReportStorageFs
-    include StorageFsCommon
-
-    def initialize(path_to_dir, oval_policy_id, cname, reported_at)
-      @namespace = 'oval'
-      @reported_at = reported_at
-      @path = "#{path_to_dir}/#{@namespace}/#{oval_policy_id}/#{cname}/"
-    end
-
-    def store_report(report_data)
-      store(report_data, StoreReportError)
-    end
-
-    private
-
-    def store_file(path_to_store, report_data)
-      target_path = "#{path_to_store}#{@reported_at}"
-      File.open(target_path, 'w') { |f| f.write(report_data) }
-      target_path
-    end
-  end
-end

data/test/fetch_oval_content_api_test.rb

@@ -1,38 +0,0 @@
-require 'test_helper'
-require 'smart_proxy_openscap'
-require 'smart_proxy_openscap/openscap_api'
-
-ENV['RACK_ENV'] = 'test'
-
-class FetchOvalContentApiTest < Test::Unit::TestCase
-  include Rack::Test::Methods
-
-  def setup
-    @foreman_url = 'https://foreman.example.com'
-    @fixture_path = "/test/data/rhel-7-including-unpatched.oval.xml.bz2"
-    @fixture_full_path = File.join(Dir.getwd, @fixture_path)
-    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
-    @results_path = ("#{Dir.getwd}/test/test_run_files")
-    FileUtils.mkdir_p(@results_path)
-    Proxy::OpenSCAP::Plugin.settings.stubs(:oval_content_dir).returns(@results_path)
-    @oval_content = File.new(@fixture_full_path).read
-    @digest = Digest::SHA256.hexdigest @oval_content
-    @policy_id = 1
-  end
-
-  def teardown
-    FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
-  end
-
-  def app
-    ::Proxy::OpenSCAP::Api.new
-  end
-
-  def test_get_oval_content_from_file
-    FileUtils.mkdir("#{@results_path}/#{@policy_id}")
-    FileUtils.cp(@fixture_full_path, "#{@results_path}/#{@policy_id}/#{@digest}.oval.xml.bz2")
-    get "/oval_policies/#{@policy_id}/oval_content/#{@digest}"
-    assert_equal("application/x-bzip2", last_response.header["Content-Type"], "Response header should be application/x-bzip2")
-    assert(last_response.successful?, "Response should be success")
-  end
-end

data/test/oval_report_parser_test.rb

@@ -1,14 +0,0 @@
-require 'test_helper'
-require 'smart_proxy_openscap'
-require 'smart_proxy_openscap/oval_report_parser'
-
-class OvalReportParserTest < Test::Unit::TestCase
-
-  def test_oval_report_parsing
-    oval_report = File.open("#{Dir.getwd}/test/data/oval-results.xml.bz2").read
-    res = Proxy::OpenSCAP::OvalReportParser.new.parse_cves oval_report
-    refute res.empty?
-    assert res.first[:result]
-    refute res.first[:references].empty?
-  end
-end

data/test/post_oval_report_api_test.rb

@@ -1,30 +0,0 @@
-require 'test_helper'
-require 'smart_proxy_openscap'
-require 'smart_proxy_openscap/openscap_api'
-
-ENV['RACK_ENV'] = 'test'
-
-class PostOvalReportApiTest < Test::Unit::TestCase
-  include Rack::Test::Methods
-
-  setup do
-    @foreman_url = 'https://foreman.example.com'
-    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
-    @oval_report = File.open("#{Dir.getwd}/test/data/oval-results.xml.bz2").read
-    @cname = 'node.example.org'
-    @date = Time.now.to_i
-    @policy_id = 1
-    Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
-  end
-
-  def app
-    ::Proxy::OpenSCAP::Api.new
-  end
-
-  def test_post_oval_report_to_foreman
-    stub_request(:post, "#{@foreman_url}/api/v2/compliance/oval_reports/#{@cname}/#{@policy_id}/#{@date}")
-      .to_return(:status => 200, :body => '{ "result": "ok" }')
-    post "/oval_reports/#{@policy_id}", @oval_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
-    assert(last_response.successful?, "Should be a success")
-  end
-end