smart_proxy_openscap 0.6.4 → 0.6.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 75a10b67932ee57464ae6b077cb0de13414400f8
-  data.tar.gz: 20d0b754e52f0a5c8c24f6c58cd1c460ac9cf0d5
+  metadata.gz: e666336bf02a0dc32630813e523d0af008006603
+  data.tar.gz: e5fbd577be166d0b2ca4d79841c7753a7b958577
 SHA512:
-  metadata.gz: 0055e9a3aa52ef8ca032942cffe3a03cc3455411d90642446dc33bfe406c0fdf1392f590c83ccb787ac5f3a5f670b4bcfa3a9092230356c5467cc4558f0b4dba
-  data.tar.gz: b12e3ebd02a8194528f49e88e253fb319bcd13f4c97579cea9c72d1094548f6558d78a8da2ae1250cc730a8fcf2b54f4dc119d07b82ca768ef8a1e9cf4db8032
+  metadata.gz: 76bfca9428e45706fcd289da3dabea7c145c540a1a58bcce5a9ecdd016cabaf4192b1b563035cf142deeb97f5058b69b0e332bbbdfb28d7cda8b746dbd6b8b04
+  data.tar.gz: 021058331dd2a2ebd832e0ea59c58021cfa8a22fc3b36265ae5743a7d8a7478ed6793d614e0033d4374d6a601d14a57e91779bbec4dc59cc071cb6e60f94e441

data/Gemfile

@@ -5,6 +5,7 @@ group :development do
   gem 'test-unit'
   gem 'pry'
   gem 'rubocop'
+  gem 'rack', '~> 1.6.8' if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2')
   gem 'smart_proxy', :github => "theforeman/smart-proxy", :branch => 'develop'
 end
 

data/bin/smart-proxy-parse-arf

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
+$:.unshift(path) if File.exist? path
+
+require 'smart_proxy_openscap/arf_parser'
+
+Proxy::OpenSCAP::ArfParser.new.parse ARGV[0], ARGV[1]

data/lib/smart_proxy_openscap/arf_parser.rb

@@ -0,0 +1,111 @@
+# encoding=utf-8
+require 'openscap'
+require 'openscap/ds/arf'
+require 'openscap/xccdf/testresult'
+require 'openscap/xccdf/ruleresult'
+require 'openscap/xccdf/rule'
+require 'openscap/xccdf/fix'
+require 'openscap/xccdf/benchmark'
+require 'json'
+require 'digest'
+
+module Proxy
+  module OpenSCAP
+    class ArfParser
+      def parse(file_in, file_out)
+        ::OpenSCAP.oscap_init
+        arf_digest   = Digest::SHA256.hexdigest(File.read(file_in))
+
+        arf          = ::OpenSCAP::DS::Arf.new(file_in)
+        test_result  = arf.test_result
+
+        results      = test_result.rr
+        sds          = arf.report_request
+        bench_source = sds.select_checklist!
+        benchmark    = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
+        items        = benchmark.items
+
+        report = parse_results(items, results, arf_digest)
+        File.write file_out, report.to_json
+      ensure
+        cleanup test_result, benchmark, sds, arf
+      end
+
+      private
+
+      def parse_results(items, results, arf_digest)
+        report       = {}
+        report[:logs] = []
+        passed        = 0
+        failed        = 0
+        othered         = 0
+        results.each do |rr_id, result|
+          next if result.result == 'notapplicable' || result.result == 'notselected'
+          # get rules and their results
+          rule_data = items[rr_id]
+          report[:logs] << populate_result_data(rr_id, result.result, rule_data)
+          # create metrics for the results
+          case result.result
+            when 'pass', 'fixed'
+              passed += 1
+            when 'fail'
+              failed += 1
+            else
+              othered += 1
+          end
+        end
+        report[:digest]  = arf_digest
+        report[:metrics] = { :passed => passed, :failed => failed, :othered => othered }
+        report
+      end
+
+      def populate_result_data(result_id, rule_result, rule_data)
+        log               = {}
+        log[:source]      = ascii8bit_to_utf8(result_id)
+        log[:result]      = ascii8bit_to_utf8(rule_result)
+        log[:title]       = ascii8bit_to_utf8(rule_data.title)
+        log[:description] = ascii8bit_to_utf8(rule_data.description)
+        log[:rationale]   = ascii8bit_to_utf8(rule_data.rationale)
+        log[:references]  = hash_a8b(rule_data.references.map(&:to_hash))
+        log[:fixes]       = hash_a8b(rule_data.fixes.map(&:to_hash))
+        log[:severity]    = ascii8bit_to_utf8(rule_data.severity)
+        log
+      end
+
+      def cleanup(*args)
+        args.compact.map(&:destroy)
+        ::OpenSCAP.oscap_cleanup
+      end
+
+      # Unfortunately openscap in ruby 1.9.3 outputs data in Ascii-8bit.
+      # We transform it to UTF-8 for easier json integration.
+
+      # :invalid ::
+      #   If the value is invalid, #encode replaces invalid byte sequences in
+      #   +str+ with the replacement character.  The default is to raise the
+      #   Encoding::InvalidByteSequenceError exception
+      # :undef ::
+      #   If the value is undefined, #encode replaces characters which are
+      #   undefined in the destination encoding with the replacement character.
+      #   The default is to raise the Encoding::UndefinedConversionError.
+      # :replace ::
+      #   Sets the replacement string to the given value. The default replacement
+      #   string is "\uFFFD" for Unicode encoding forms, and "?" otherwise.
+      def ascii8bit_to_utf8(string)
+        return ascii8bit_to_utf8_legacy(string) if RUBY_VERSION.start_with? '1.8'
+        string.to_s.encode('utf-8', :invalid => :replace, :undef => :replace, :replace => '_')
+      end
+
+      # String#encode appeared first in 1.9, so we need a workaround for 1.8
+      def ascii8bit_to_utf8_legacy(string)
+        Iconv.conv('UTF-8//IGNORE', 'UTF-8', string.to_s)
+      end
+
+      def hash_a8b(ary)
+        ary.map do |hash|
+          Hash[hash.map { |key, value| [ascii8bit_to_utf8(key), ascii8bit_to_utf8(value)] }]
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/foreman_forwarder.rb

@@ -3,23 +3,19 @@ module Proxy::OpenSCAP
     include ::Proxy::Log
 
     def post_arf_report(cname, policy_id, date, data)
-        parser = Proxy::OpenSCAP::Parse.new(data)
       begin
         foreman_api_path = upload_path(cname, policy_id, date)
-        response = send_request(foreman_api_path, parser.as_json)
+        json = Proxy::OpenSCAP::Parse.new(cname, policy_id, date).as_json(data)
+        raise OpenSCAP::OpenSCAPError, "Failed to parse report" if json.nil? || json.empty?
+        response = send_request(foreman_api_path, json)
         # Raise an HTTP error if the response is not 2xx (success).
         response.value
         res = JSON.parse(response.body)
         raise StandardError, "Received response: #{response.code} #{response.msg}" unless res['result'] == 'OK'
-      rescue OpenSCAP::OpenSCAPError => e
-        logger.debug e.backtrace.join("\n\t")
-        raise e
       rescue StandardError => e
         logger.debug response.body if response
         logger.debug e.backtrace.join("\n\t")
         raise e
-      ensure
-        parser.cleanup
       end
       res
     end

data/lib/smart_proxy_openscap/openscap_content_parser.rb

@@ -6,14 +6,12 @@ require 'openscap/xccdf/tailoring'
 module Proxy::OpenSCAP
   class ContentParser
     def initialize(scap_file, type = 'scap_content')
-      OpenSCAP.oscap_init
       @source = OpenSCAP::Source.new(:content => scap_file)
       @type = type
     end
 
     def cleanup
       @source.destroy if @source
-      OpenSCAP.oscap_cleanup
     end
 
     def allowed_types

data/lib/smart_proxy_openscap/openscap_initializer.rb

@@ -0,0 +1,21 @@
+require 'openscap'
+
+module Proxy::OpenSCAP
+  class OpenscapInitializer
+    include ::Proxy::Log
+
+    def initialize
+      @mutex = Mutex.new
+    end
+
+    def start
+      logger.debug "Initializing openscap component"
+      @mutex.synchronize { OpenSCAP.oscap_init }
+    end
+
+    def stop
+      logger.debug "Stopping openscap component"
+      @mutex.synchronize { OpenSCAP.oscap_cleanup }
+    end
+  end
+end

data/lib/smart_proxy_openscap/openscap_plugin.rb

@@ -9,6 +9,7 @@
 #
 
 require 'smart_proxy_openscap/version'
+require 'smart_proxy_openscap/plugin_configuration'
 
 module Proxy::OpenSCAP
   class Plugin < ::Proxy::Plugin
@@ -23,5 +24,10 @@ module Proxy::OpenSCAP
                      :reportsdir => File.join(APP_ROOT, 'openscap/reports'),
                      :failed_dir => File.join(APP_ROOT, 'openscap/failed'),
                      :tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
+
+    load_classes ::Proxy::OpenSCAP::PluginConfiguration
+    load_dependency_injection_wirings ::Proxy::OpenSCAP::PluginConfiguration
+
+    start_services :openscap_initializer
   end
 end

data/lib/smart_proxy_openscap/openscap_report_parser.rb

@@ -1,110 +1,47 @@
 # encoding=utf-8
-require 'openscap'
-require 'openscap/ds/arf'
-require 'openscap/xccdf/testresult'
-require 'openscap/xccdf/ruleresult'
-require 'openscap/xccdf/rule'
-require 'openscap/xccdf/fix'
-require 'openscap/xccdf/benchmark'
-require 'json'
-require 'iconv' if RUBY_VERSION.start_with? '1.8'
-
-module Proxy::OpenSCAP
-  class Parse
-    def initialize(arf_data)
-      OpenSCAP.oscap_init
-      size         = arf_data.size
-      @arf_digest  = Digest::SHA256.hexdigest(arf_data)
-      @arf         = OpenSCAP::DS::Arf.new(:content => arf_data, :path => 'arf.xml.bz2', :length => size)
-      @test_result  = @arf.test_result
-
-      @results      = @test_result.rr
-      @sds          = @arf.report_request
-      bench_source = @sds.select_checklist!
-      @benchmark    = OpenSCAP::Xccdf::Benchmark.new(bench_source)
-      @items        = @benchmark.items
-    end
-
-    def cleanup
-      @test_result.destroy if @test_result
-      @benchmark.destroy if @benchmark
-      @sds.destroy if @sds
-      @arf.destroy if @arf
-      OpenSCAP.oscap_cleanup
-    end
-
-    def as_json
-      parse_report.to_json
-    end
-
-    private
+require 'tempfile'
+
+module Proxy
+  module OpenSCAP
+    class Parse
+      include ::Proxy::Log
+      include ::Proxy::Util
+
+      def initialize(cname, policy_id, date)
+        @cname = cname
+        @policy_id = policy_id
+        @date = date
+      end
 
-    def parse_report
-      report        = {}
-      report[:logs] = []
-      passed        = 0
-      failed        = 0
-      othered         = 0
-      @results.each do |rr_id, result|
-        next if result.result == 'notapplicable' || result.result == 'notselected'
-        # get rules and their results
-        rule_data = @items[rr_id]
-        report[:logs] << populate_result_data(rr_id, result.result, rule_data)
-        # create metrics for the results
-        case result.result
-          when 'pass', 'fixed'
-            passed += 1
-          when 'fail'
-            failed += 1
-          else
-            othered += 1
+      def as_json(arf_data)
+        in_file = Tempfile.new("#{filename}json-", "/var/tmp")
+        json_file = Tempfile.new(filename, "/var/tmp")
+        begin
+          in_file.write arf_data
+          command = "#{script_location} #{in_file.path} #{json_file.path}"
+          logger.debug "Executing: #{command}"
+          `#{command}`
+          json_file.read
+        rescue => e
+          logger.debug "Failure when running script which parses reports"
+          logger.debug e.backtrace.join("\n\t")
+          return nil
+        ensure
+          in_file.close
+          in_file.unlink
+          json_file.close
+          json_file.unlink
         end
       end
-      report[:digest]  = @arf_digest
-      report[:metrics] = { :passed => passed, :failed => failed, :othered => othered }
-      report
-    end
-
-    def populate_result_data(result_id, rule_result, rule_data)
-      log               = {}
-      log[:source]      = ascii8bit_to_utf8(result_id)
-      log[:result]      = ascii8bit_to_utf8(rule_result)
-      log[:title]       = ascii8bit_to_utf8(rule_data.title)
-      log[:description] = ascii8bit_to_utf8(rule_data.description)
-      log[:rationale]   = ascii8bit_to_utf8(rule_data.rationale)
-      log[:references]  = hash_a8b(rule_data.references.map(&:to_hash))
-      log[:fixes]       = hash_a8b(rule_data.fixes.map(&:to_hash))
-      log[:severity]    = ascii8bit_to_utf8(rule_data.severity)
-      log
-    end
-
-    # Unfortunately openscap in ruby 1.9.3 outputs data in Ascii-8bit.
-    # We transform it to UTF-8 for easier json integration.
 
-    # :invalid ::
-    #   If the value is invalid, #encode replaces invalid byte sequences in
-    #   +str+ with the replacement character.  The default is to raise the
-    #   Encoding::InvalidByteSequenceError exception
-    # :undef ::
-    #   If the value is undefined, #encode replaces characters which are
-    #   undefined in the destination encoding with the replacement character.
-    #   The default is to raise the Encoding::UndefinedConversionError.
-    # :replace ::
-    #   Sets the replacement string to the given value. The default replacement
-    #   string is "\uFFFD" for Unicode encoding forms, and "?" otherwise.
-    def ascii8bit_to_utf8(string)
-      return ascii8bit_to_utf8_legacy(string) if RUBY_VERSION.start_with? '1.8'
-      string.to_s.encode('utf-8', :invalid => :replace, :undef => :replace, :replace => '_')
-    end
-
-    # String#encode appeared first in 1.9, so we need a workaround for 1.8
-    def ascii8bit_to_utf8_legacy(string)
-      Iconv.conv('UTF-8//IGNORE', 'UTF-8', string.to_s)
-    end
+      def filename
+        "#{@cname}-#{@policy_id}-#{@date}-"
+      end
 
-    def hash_a8b(ary)
-      ary.map do |hash|
-        Hash[hash.map { |key, value| [ascii8bit_to_utf8(key), ascii8bit_to_utf8(value)] }]
+      def script_location
+        path = File.join(File.dirname(File.expand_path(__FILE__)), '../..','bin/smart-proxy-parse-arf')
+        return path if File.exist? path
+        "smart-proxy-parse-arf"
       end
     end
   end

data/lib/smart_proxy_openscap/plugin_configuration.rb

@@ -0,0 +1,13 @@
+module Proxy::OpenSCAP
+  class PluginConfiguration
+    def load_dependency_injection_wirings(container, settings)
+      container.singleton_dependency :openscap_initializer, ( lambda do
+        ::Proxy::OpenSCAP::OpenscapInitializer.new
+      end)
+    end
+
+    def load_classes
+      require 'smart_proxy_openscap/openscap_initializer'
+    end
+  end
+end

data/lib/smart_proxy_openscap/storage_fs.rb

@@ -28,7 +28,6 @@ module Proxy::OpenSCAP
     end
 
     def get_arf_html(digest)
-      OpenSCAP.oscap_init
       xml = get_arf_file(digest)[:xml]
       size = get_arf_file(digest)[:size]
       arf_object = OpenSCAP::DS::Arf.new(:content => xml, :path => 'arf.xml.bz2', :length => size)

data/lib/smart_proxy_openscap/version.rb

@@ -10,6 +10,6 @@
 
 module Proxy
   module OpenSCAP
-    VERSION = '0.6.4'
+    VERSION = '0.6.5'
   end
 end

data/test/get_report_xml_html_test.rb

@@ -39,7 +39,9 @@ class OpenSCAPGetArfTest < Test::Unit::TestCase
   end
 
   def test_get_html_arf
+    OpenSCAP.oscap_init
     get "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}/html"
+    OpenSCAP.oscap_cleanup
     assert(last_response.successful?, "Should return OK")
     assert(last_response.body.start_with?('<!DOCTYPE'), 'File should start with html')
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_openscap
 version: !ruby/object:Gem::Version
-  version: 0.6.4
+  version: 0.6.5
 platform: ruby
 authors:
 - "Šimon Lukašík"
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-12 00:00:00.000000000 Z
+date: 2017-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -98,10 +98,12 @@ files:
 - README.md
 - Rakefile
 - bin/smart-proxy-openscap-send
+- bin/smart-proxy-parse-arf
 - bundler.d/openscap.rb
 - extra/rubygem-smart_proxy_openscap.spec
 - extra/smart-proxy-openscap-send.cron
 - lib/smart_proxy_openscap.rb
+- lib/smart_proxy_openscap/arf_parser.rb
 - lib/smart_proxy_openscap/fetch_file.rb
 - lib/smart_proxy_openscap/fetch_scap_content.rb
 - lib/smart_proxy_openscap/fetch_tailoring_file.rb
@@ -111,9 +113,11 @@ files:
 - lib/smart_proxy_openscap/openscap_content_parser.rb
 - lib/smart_proxy_openscap/openscap_exception.rb
 - lib/smart_proxy_openscap/openscap_import_api.rb
+- lib/smart_proxy_openscap/openscap_initializer.rb
 - lib/smart_proxy_openscap/openscap_lib.rb
 - lib/smart_proxy_openscap/openscap_plugin.rb
 - lib/smart_proxy_openscap/openscap_report_parser.rb
+- lib/smart_proxy_openscap/plugin_configuration.rb
 - lib/smart_proxy_openscap/spool_forwarder.rb
 - lib/smart_proxy_openscap/storage.rb
 - lib/smart_proxy_openscap/storage_fs.rb
@@ -157,8 +161,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.4.6
 signing_key: 
 specification_version: 4
 summary: OpenSCAP plug-in for Foreman's smart-proxy.
 test_files: []
+has_rdoc: