smart_proxy_openscap 0.11.1 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5b5f74d9ef8cf5528ed8352c5fcf086f066e0b4c287d7af2d793af4aa8ca8f3
-  data.tar.gz: 853c160e1bd5bc964cd1254462be6294c745f82903fbfe4527accc8c7b59358f
+  metadata.gz: d64e75accfab154207646ea78d608d37877d3c293d38c3aa0fc0d4b7547b5ac0
+  data.tar.gz: dc18e3c41aaf4515abcc90ed7ec312a52705477bbc20372e9bd32c18203a479e
 SHA512:
-  metadata.gz: 76183d6d4a6cca39f0214b9de18b642bb939ae018a4374cd642bd94751c57368a40ba8287e515bf2cf49e3700a37f4071f57b2e5132b6e5cdbbf2307ad26a6c6
-  data.tar.gz: c83274635c726fe521dcd43441b1abf3d87fbf6322d6fcc2c0cc07a380add1683af520edcc11ac3e254353d2bebaebcc59b8918c81fe70a4634ac8f52ba33df1
+  metadata.gz: 0e4aa8c10499016653a8b7ef9151013ba3e23fb5ac0c1c12c40fa79bb3694135a4c6e33f765c53adaed9e83dd37dde090056dbe355ca4e1bcda626bea9c582fa
+  data.tar.gz: 5b40ab6cf91ecd6a5ffe87c9274714422deaf5b78e35c03c19ec304dda1ed2ec21275e0fb00836e42f5ef1dd4d60a9aedf47c0f224182ecd2b18568f104129c6

data/.github/workflows/test.yml

@@ -0,0 +1,14 @@
+name: CI
+
+on: pull_request
+
+concurrency:
+  group: ${{ github.ref_name }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Tests
+    uses: theforeman/actions/.github/workflows/smart_proxy_plugin.yml@v0
+    with:
+      extra_packages: libopenscap8

data/Gemfile

@@ -6,8 +6,7 @@ group :development do
   gem 'pry'
   gem 'pry-byebug'
   gem 'rubocop'
-  gem 'rack', '~> 1.6.8' if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2')
-  gem 'smart_proxy', :github => "theforeman/smart-proxy", :branch => 'develop'
+  gem 'smart_proxy', :github => "theforeman/smart-proxy", :branch => ENV.fetch('SMART_PROXY_BRANCH', 'develop')
 end
 
 # load local gemfile

data/lib/smart_proxy_openscap/arf_html.rb

@@ -1,21 +1,28 @@
-require 'openscap'
-require 'openscap/ds/arf'
+require 'smart_proxy_openscap/storage_fs'
+require 'smart_proxy_openscap/openscap_exception'
 
 module Proxy
   module OpenSCAP
     class ArfHtml
-      def generate_html(file_in, file_out)
-        ::OpenSCAP.oscap_init
-        File.write file_out, get_arf_html(file_in)
-      ensure
-        ::OpenSCAP.oscap_cleanup
+      include ::Proxy::Log
+
+      def generate(cname, id, date, digest)
+        file_path = file_path_in_storage cname, id, date, digest
+        as_html file_path
+      end
+
+      def as_html(file_in_storage)
+        Proxy::OpenSCAP.execute!('oscap', 'xccdf', 'generate', 'report', file_in_storage).first
+      rescue => e
+        logger.debug e.message
+        logger.debug e.backtrace.join("\n\t")
+        raise Proxy::OpenSCAP::ReportDecompressError, "Failed to generate report HTML, cause: #{e.message}"
       end
 
-      def get_arf_html(file_in)
-        arf_object = ::OpenSCAP::DS::Arf.new(file_in)
-        # @TODO: Drop this when support for 1.8.7 ends
-        return arf_object.html if RUBY_VERSION.start_with? '1.8'
-        arf_object.html.force_encoding('UTF-8')
+      def file_path_in_storage(cname, id, date, digest)
+        path_to_dir = Proxy::OpenSCAP::Plugin.settings.reportsdir
+        storage = Proxy::OpenSCAP::StorageFs.new(path_to_dir, cname, id, date)
+        storage.get_path(digest)
       end
     end
   end

data/lib/smart_proxy_openscap/arf_parser.rb

@@ -13,17 +13,13 @@ module Proxy
       end
 
       def as_json(arf_data)
-        begin
-          file = Tempfile.new
+        decompressed = Tempfile.create do |file|
           file.write(arf_data)
-          file.rewind
-          decompressed = `bunzip2 -dc #{file.path}`
+          file.flush
+          Proxy::OpenSCAP.execute!('bunzip2', '-dc', file.path).first
         rescue => e
           logger.error e
           raise Proxy::OpenSCAP::ReportDecompressError, "Failed to decompress received report bzip, cause: #{e.message}"
-        ensure
-          file.close
-          file.unlink
         end
         arf_file = ::OpenscapParser::TestResultFile.new(decompressed)
         rules = arf_file.benchmark.rules.reduce({}) do |memo, rule|

data/lib/smart_proxy_openscap/openscap_api.rb

@@ -98,11 +98,11 @@ module Proxy::OpenSCAP
 
     get "/arf/:id/:cname/:date/:digest/html" do
       begin
-        Proxy::OpenSCAP::OpenscapHtmlGenerator.new(params[:cname], params[:id], params[:date], params[:digest]).get_html
+        Proxy::OpenSCAP::ArfHtml.new.generate(params[:cname], params[:id], params[:date], params[:digest])
       rescue FileNotFound => e
         log_halt 500, "Could not find requested file, #{e.message}"
-      rescue OpenSCAPException => e
-        log_halt 500, "Could not generate report in HTML"
+      rescue ReportDecompressError => e
+        log_halt 500, e.message
       end
     end
 
@@ -162,10 +162,11 @@ module Proxy::OpenSCAP
 
     post "/scap_content/guide/?:policy?" do
       begin
-        Proxy::OpenSCAP::PolicyParser.new(params[:policy]).guide(request.body.string)
+        html = Proxy::OpenSCAP::PolicyGuide.new.generate_guide(request.body.string, params[:policy])
+        { :html => html }.to_json
       rescue *HTTP_ERRORS => e
         log_halt 500, e.message
-      rescue StandardError => e
+      rescue StandardError, OpenSCAPException => e
         log_halt 500, "Error occurred: #{e.message}"
       end
     end

data/lib/smart_proxy_openscap/openscap_lib.rb

@@ -14,15 +14,16 @@ require 'pathname'
 require 'json'
 require 'proxy/error'
 require 'yaml'
+require 'open3'
 require 'ostruct'
 require 'proxy/request'
 require 'smart_proxy_openscap/foreman_arf_forwarder'
 require 'smart_proxy_openscap/content_parser'
 require 'smart_proxy_openscap/openscap_exception'
+require 'smart_proxy_openscap/arf_html'
 require 'smart_proxy_openscap/arf_parser'
 require 'smart_proxy_openscap/spool_forwarder'
-require 'smart_proxy_openscap/openscap_html_generator'
-require 'smart_proxy_openscap/policy_parser'
+require 'smart_proxy_openscap/policy_guide'
 require 'smart_proxy_openscap/profiles_parser'
 require 'smart_proxy_openscap/fetch_scap_file'
 
@@ -63,4 +64,10 @@ module Proxy::OpenSCAP
     pathname = Pathname.new(path)
     pathname.relative? ? pathname.expand_path(Sinatra::Base.root).to_s : path
   end
+
+  def self.execute!(*cmd)
+    out, err, status = Open3.capture3(*cmd)
+    raise "'#{cmd.join(' ')} exited with #{status.exitstatus}: #{err}" unless status.success?
+    [out, err, status]
+  end
 end

data/lib/smart_proxy_openscap/openscap_plugin.rb

@@ -9,6 +9,8 @@
 #
 
 require 'smart_proxy_openscap/version'
+require 'smart_proxy_openscap/validate_settings'
+require 'smart_proxy_openscap/openscap_exception'
 
 module Proxy::OpenSCAP
   class Plugin < ::Proxy::Plugin
@@ -23,5 +25,8 @@ module Proxy::OpenSCAP
                      :reportsdir => File.join(APP_ROOT, 'openscap/reports'),
                      :failed_dir => File.join(APP_ROOT, 'openscap/failed'),
                      :tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
+
+    load_validators :validate_settings => ::Proxy::OpenSCAP::ValidateSettings
+    validate :validate!, :validate_settings => nil
   end
 end

data/lib/smart_proxy_openscap/policy_guide.rb

@@ -1,22 +1,25 @@
-require 'openscap'
-require 'openscap/source'
-require 'openscap/ds/sds'
-require 'json'
+require 'smart_proxy_openscap/openscap_exception'
 
 module Proxy
   module OpenSCAP
     class PolicyGuide
-      def generate_guide(in_file, out_file, policy=nil)
-        ::OpenSCAP.oscap_init
-        source = ::OpenSCAP::Source.new in_file
-        sds = ::OpenSCAP::DS::Sds.new source
-        sds.select_checklist
-        html = sds.html_guide policy
-        File.write(out_file, { :html => html.force_encoding('UTF-8') }.to_json)
-      ensure
-        sds.destroy if sds
-        source.destroy if source
-        ::OpenSCAP.oscap_cleanup
+      include ::Proxy::Log
+
+      def generate_guide(file_content, policy_id)
+        Tempfile.create do |file|
+          file.write file_content
+          file.flush
+          command = ['oscap', 'xccdf', 'generate'] + profile_opt(policy_id) + ['guide', file.path]
+          Proxy::OpenSCAP.execute!(*command).first
+        end
+      rescue => e
+        logger.debug e.message
+        logger.debug e.backtrace.join("\n\t")
+        raise OpenSCAPException, "Failed to generate policy guide, cause: #{e.message}"
+      end
+
+      def profile_opt(policy_id)
+        policy_id ? ['--profile', policy_id] : []
       end
     end
   end

data/lib/smart_proxy_openscap/validate_settings.rb

@@ -0,0 +1,11 @@
+require 'open3'
+
+module Proxy::OpenSCAP
+  class ValidateSettings < ::Proxy::PluginValidators::Base
+    def validate!(_settings)
+      _, _, _ = Open3.popen3(['oscap', '--help'])
+    rescue Errno::ENOENT
+      raise FileNotFound.new("'oscap' utility is not available")
+    end
+  end
+end

data/lib/smart_proxy_openscap/version.rb

@@ -10,6 +10,6 @@
 
 module Proxy
   module OpenSCAP
-    VERSION = '0.11.1'
+    VERSION = '0.12.0'
   end
 end

data/smart_proxy_openscap.gemspec

@@ -15,11 +15,13 @@ Gem::Specification.new do |s|
   s.files = `git ls-files`.split("\n") - ['.gitignore']
   s.executables = ['smart-proxy-openscap-send']
   s.requirements = 'bzip2'
+  s.requirements = 'oscap'
 
-  s.add_development_dependency('rake')
-  s.add_development_dependency('rack-test')
-  s.add_development_dependency('mocha')
-  s.add_development_dependency('webmock')
-  s.add_dependency 'openscap', '~> 0.4.7'
+  s.required_ruby_version = '>= 2.7', '< 4'
+
+  s.add_development_dependency('rake', '~> 13.0')
+  s.add_development_dependency('rack-test', '~> 0')
+  s.add_development_dependency('mocha', '~> 1')
+  s.add_development_dependency('webmock', '~> 3')
   s.add_dependency 'openscap_parser', '~> 1.0.2'
 end

data/test/arf_html_test.rb

@@ -0,0 +1,12 @@
+require 'test_helper'
+require 'smart_proxy_openscap/arf_html'
+
+class ArfHtmlTest < Test::Unit::TestCase
+  def test_html_report
+    obj = Proxy::OpenSCAP::ArfHtml.new
+    obj.stubs(:file_path_in_storage).returns("#{Dir.getwd}/test/data/arf_report")
+    html = obj.generate('consumer-uuid', 5, 523455, 'digest')
+
+    assert html.start_with?('<!DOCTYPE'), "File should be html"
+  end
+end

data/test/policy_guide_test.rb

@@ -0,0 +1,11 @@
+require 'test_helper'
+require 'smart_proxy_openscap/policy_guide'
+
+class PolicyGuideTest < Test::Unit::TestCase
+  def test_policy_guide
+    profile = "xccdf_org.ssgproject.content_profile_rht-ccp"
+    policy_data = File.read "#{Dir.getwd}/test/data/ssg-rhel7-ds.xml"
+    guide = Proxy::OpenSCAP::PolicyGuide.new.generate_guide(policy_data, profile)
+    assert guide.start_with?('<!DOCTYPE'), "File should be html"
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_openscap
 version: !ruby/object:Gem::Version
-  version: 0.11.1
+  version: 0.12.0
 platform: ruby
 authors:
 - Šimon Lukašík
@@ -10,78 +10,64 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-07-24 00:00:00.000000000 Z
+date: 2024-12-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1'
 - !ruby/object:Gem::Dependency
   name: webmock
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: openscap
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.7
-  type: :runtime
+        version: '3'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.7
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: openscap_parser
   requirement: !ruby/object:Gem::Requirement
@@ -105,6 +91,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/test.yml"
 - ".rubocop.yml"
 - ".rubocop_todo.yml"
 - ".travis.yml"
@@ -112,9 +99,7 @@ files:
 - Gemfile
 - README.md
 - Rakefile
-- bin/smart-proxy-arf-html
 - bin/smart-proxy-openscap-send
-- bin/smart-proxy-policy-guide
 - bundler.d/openscap.rb
 - extra/smart-proxy-openscap-send.cron
 - lib/smart_proxy_openscap.rb
@@ -134,16 +119,16 @@ files:
 - lib/smart_proxy_openscap/openscap_lib.rb
 - lib/smart_proxy_openscap/openscap_plugin.rb
 - lib/smart_proxy_openscap/policy_guide.rb
-- lib/smart_proxy_openscap/policy_parser.rb
 - lib/smart_proxy_openscap/profiles_parser.rb
-- lib/smart_proxy_openscap/shell_wrapper.rb
 - lib/smart_proxy_openscap/spool_forwarder.rb
 - lib/smart_proxy_openscap/storage.rb
 - lib/smart_proxy_openscap/storage_fs.rb
 - lib/smart_proxy_openscap/storage_fs_common.rb
+- lib/smart_proxy_openscap/validate_settings.rb
 - lib/smart_proxy_openscap/version.rb
 - settings.d/openscap.yml.example
 - smart_proxy_openscap.gemspec
+- test/arf_html_test.rb
 - test/data/arf_report
 - test/data/corrupted_arf_report
 - test/data/oval-results.xml.bz2
@@ -159,9 +144,9 @@ files:
 - test/fetch_scap_api_test.rb
 - test/fetch_tailoring_api_test.rb
 - test/get_report_xml_html_test.rb
+- test/policy_guide_test.rb
 - test/post_report_api_test.rb
 - test/scap_content_parser_api_test.rb
-- test/script_class_test.rb
 - test/spool_forwarder_test.rb
 - test/test_helper.rb
 homepage: https://github.com/theforeman/smart_proxy_openscap
@@ -176,15 +161,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.7'
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements:
-- bzip2
-rubygems_version: 3.3.26
+- oscap
+rubygems_version: 3.2.33
 signing_key:
 specification_version: 4
 summary: OpenSCAP plug-in for Foreman's smart-proxy.

data/bin/smart-proxy-arf-html

@@ -1,7 +0,0 @@
-#!/usr/bin/env ruby
-path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
-$:.unshift(path) if File.exist? path
-
-require 'smart_proxy_openscap/arf_html'
-
-Proxy::OpenSCAP::ArfHtml.new.generate_html ARGV[0], ARGV[1]

data/bin/smart-proxy-policy-guide

@@ -1,7 +0,0 @@
-#!/usr/bin/env ruby
-path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
-$:.unshift(path) if File.exist? path
-
-require 'smart_proxy_openscap/policy_guide'
-
-Proxy::OpenSCAP::PolicyGuide.new.generate_guide *ARGV

data/lib/smart_proxy_openscap/policy_parser.rb

@@ -1,33 +0,0 @@
-require 'smart_proxy_openscap/shell_wrapper'
-
-module Proxy
-  module OpenSCAP
-    class PolicyParser < ShellWrapper
-
-      def initialize(policy)
-        @script_name = "smart-proxy-policy-guide"
-        @policy = policy
-      end
-
-      def guide(scap_file)
-        execute_shell_command scap_file
-      end
-
-      def in_filename
-        super
-      end
-
-      def out_filename
-        "#{in_filename}json-"
-      end
-
-      def failure_message
-        "Failure when running script which renders policy guide"
-      end
-
-      def command(in_file, out_file)
-        "#{script_location} #{in_file.path} #{out_file.path} #{@policy}"
-      end
-    end
-  end
-end

data/lib/smart_proxy_openscap/shell_wrapper.rb

@@ -1,77 +0,0 @@
-require 'tempfile'
-
-module Proxy
-  module OpenSCAP
-    class ShellWrapper
-      include ::Proxy::Log
-
-      attr_reader :script_name
-
-      def script_location
-        raise NotImplementedError, 'Must have @script_name' unless script_name
-        path = File.join(File.dirname(File.expand_path(__FILE__)), '../../bin', script_name)
-        return path if File.exist? path
-        script_name
-      end
-
-      def execute_shell_command(in_file_content = nil)
-        out_file = Tempfile.new(out_filename, "/var/tmp")
-        in_file = prepare_in_file in_file_content
-        comm = command(in_file, out_file)
-        logger.debug "Executing: #{comm}"
-        output = nil
-        begin
-          `#{comm}`
-          output = out_file.read
-        rescue => e
-          logger.debug failure_message
-          logger.debug e.message
-          logger.debug e.backtrace.join("\n\t")
-        ensure
-          close_unlink out_file, in_file
-        end
-        raise OpenSCAPException, exception_message if output.nil? || output.empty?
-        output
-      end
-
-      def close_unlink(*files)
-        files.compact.each do |file|
-          file.close
-          file.unlink
-        end
-      end
-
-      def prepare_in_file(in_file_content)
-        return unless in_file_content
-        file = Tempfile.new(in_filename, "/var/tmp")
-        file.write in_file_content
-        file.rewind
-        file
-      end
-
-      def in_filename
-        @in_filename ||= unique_filename
-      end
-
-      def out_filename
-        @out_filename ||= unique_filename
-      end
-
-      def unique_filename
-        SecureRandom.uuid
-      end
-
-      def command(in_file, out_file)
-        raise NotImplementedError, "Must be implemented"
-      end
-
-      def failure_message
-        raise NotImplementedError, "Must be implemented"
-      end
-
-      def exception_message
-        failure_message
-      end
-    end
-  end
-end

data/test/script_class_test.rb

@@ -1,39 +0,0 @@
-require 'test_helper'
-require 'smart_proxy_openscap/arf_html'
-require 'smart_proxy_openscap/policy_guide'
-
-class ScriptClassTest < Test::Unit::TestCase
-  def test_arf_generate_html
-    carry_out do |tmp|
-      Proxy::OpenSCAP::ArfHtml.new.generate_html("#{Dir.getwd}/test/data/arf_report", tmp.path)
-      content = File.read tmp
-      assert content.start_with?('<!DOCTYPE'), "File should be html"
-    end
-  end
-
-  def test_policy_guide
-    carry_out do |tmp|
-      profile = "xccdf_org.ssgproject.content_profile_rht-ccp"
-      Proxy::OpenSCAP::PolicyGuide.new.generate_guide("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, profile)
-      guide = read_json tmp
-      assert guide['html'].start_with?('<!DOCTYPE'), "File should be html"
-    end
-  end
-
-  private
-
-  def carry_out
-    tmp = Tempfile.new('test')
-    begin
-      yield tmp if block_given?
-    ensure
-      tmp.close
-      tmp.unlink
-    end
-  end
-
-  def read_json(file)
-    file.flush
-    JSON.parse(File.read file)
-  end
-end