smart_proxy_openscap 0.6.5 → 0.6.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e666336bf02a0dc32630813e523d0af008006603
-  data.tar.gz: e5fbd577be166d0b2ca4d79841c7753a7b958577
+  metadata.gz: 29317c06a0e14367b00b34438becb736c48a3963
+  data.tar.gz: 43c1ab223379188365b5d2c739fbc4a8f047dfc2
 SHA512:
-  metadata.gz: 76bfca9428e45706fcd289da3dabea7c145c540a1a58bcce5a9ecdd016cabaf4192b1b563035cf142deeb97f5058b69b0e332bbbdfb28d7cda8b746dbd6b8b04
-  data.tar.gz: 021058331dd2a2ebd832e0ea59c58021cfa8a22fc3b36265ae5743a7d8a7478ed6793d614e0033d4374d6a601d14a57e91779bbec4dc59cc071cb6e60f94e441
+  metadata.gz: 3951f55a4c38a11d354d8e31d3b2e8d400923893238bd312bf272c4cd39df1caad03206ebbcd41edd625358be8cad1added830238899304045e0e546f0edac02
+  data.tar.gz: 4063007b806d2f811f8ca556fedb7450a78468b40f8e02968a0779fe0055005f4ce8690982daee8c0665f51e78cb24804b30ebf71b2d97c784451f71d1f4d9f1

data/bin/smart-proxy-arf-html

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
+$:.unshift(path) if File.exist? path
+
+require 'smart_proxy_openscap/arf_html'
+
+Proxy::OpenSCAP::ArfHtml.new.generate_html ARGV[0], ARGV[1]

data/bin/{smart-proxy-parse-arf → smart-proxy-arf-json}

@@ -2,6 +2,6 @@
 path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
 $:.unshift(path) if File.exist? path
 
-require 'smart_proxy_openscap/arf_parser'
+require 'smart_proxy_openscap/arf_json'
 
-Proxy::OpenSCAP::ArfParser.new.parse ARGV[0], ARGV[1]
+Proxy::OpenSCAP::ArfJson.new.as_json ARGV[0], ARGV[1]

data/bin/smart-proxy-policy-guide

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
+$:.unshift(path) if File.exist? path
+
+require 'smart_proxy_openscap/policy_guide'
+
+Proxy::OpenSCAP::PolicyGuide.new.generate_guide *ARGV

data/bin/smart-proxy-scap-profiles

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
+$:.unshift(path) if File.exist? path
+
+require 'smart_proxy_openscap/scap_profiles'
+
+Proxy::OpenSCAP::ScapProfiles.new.profiles ARGV[0], ARGV[1], ARGV[2]

data/bin/smart-proxy-scap-validation

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+path = File.join(File.dirname(File.expand_path(__FILE__)), '..', 'lib')
+$:.unshift(path) if File.exist? path
+
+require 'smart_proxy_openscap/scap_validation'
+
+Proxy::OpenSCAP::ScapValidation.new.validate ARGV[0], ARGV[1], ARGV[2]

data/lib/smart_proxy_openscap/arf_html.rb

@@ -0,0 +1,21 @@
+require 'openscap'
+require 'openscap/ds/arf'
+
+module Proxy
+  module OpenSCAP
+    class ArfHtml
+      def generate_html(file_in, file_out)
+        ::OpenSCAP.oscap_init
+        File.write file_out, get_arf_html(file_in)
+        ::OpenSCAP.oscap_cleanup
+      end
+
+      def get_arf_html(file_in)
+        arf_object = ::OpenSCAP::DS::Arf.new(file_in)
+        # @TODO: Drop this when support for 1.8.7 ends
+        return arf_object.html if RUBY_VERSION.start_with? '1.8'
+        arf_object.html.force_encoding('UTF-8')
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/arf_json.rb

@@ -0,0 +1,111 @@
+# encoding=utf-8
+require 'openscap'
+require 'openscap/ds/arf'
+require 'openscap/xccdf/testresult'
+require 'openscap/xccdf/ruleresult'
+require 'openscap/xccdf/rule'
+require 'openscap/xccdf/fix'
+require 'openscap/xccdf/benchmark'
+require 'json'
+require 'digest'
+
+module Proxy
+  module OpenSCAP
+    class ArfJson
+      def as_json(file_in, file_out)
+        ::OpenSCAP.oscap_init
+        arf_digest   = Digest::SHA256.hexdigest(File.read(file_in))
+
+        arf          = ::OpenSCAP::DS::Arf.new(file_in)
+        test_result  = arf.test_result
+
+        results      = test_result.rr
+        sds          = arf.report_request
+        bench_source = sds.select_checklist!
+        benchmark    = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
+        items        = benchmark.items
+
+        report = parse_results(items, results, arf_digest)
+        File.write file_out, report.to_json
+      ensure
+        cleanup test_result, benchmark, sds, arf
+      end
+
+      private
+
+      def parse_results(items, results, arf_digest)
+        report       = {}
+        report[:logs] = []
+        passed        = 0
+        failed        = 0
+        othered         = 0
+        results.each do |rr_id, result|
+          next if result.result == 'notapplicable' || result.result == 'notselected'
+          # get rules and their results
+          rule_data = items[rr_id]
+          report[:logs] << populate_result_data(rr_id, result.result, rule_data)
+          # create metrics for the results
+          case result.result
+            when 'pass', 'fixed'
+              passed += 1
+            when 'fail'
+              failed += 1
+            else
+              othered += 1
+          end
+        end
+        report[:digest]  = arf_digest
+        report[:metrics] = { :passed => passed, :failed => failed, :othered => othered }
+        report
+      end
+
+      def populate_result_data(result_id, rule_result, rule_data)
+        log               = {}
+        log[:source]      = ascii8bit_to_utf8(result_id)
+        log[:result]      = ascii8bit_to_utf8(rule_result)
+        log[:title]       = ascii8bit_to_utf8(rule_data.title)
+        log[:description] = ascii8bit_to_utf8(rule_data.description)
+        log[:rationale]   = ascii8bit_to_utf8(rule_data.rationale)
+        log[:references]  = hash_a8b(rule_data.references.map(&:to_hash))
+        log[:fixes]       = hash_a8b(rule_data.fixes.map(&:to_hash))
+        log[:severity]    = ascii8bit_to_utf8(rule_data.severity)
+        log
+      end
+
+      def cleanup(*args)
+        args.compact.map(&:destroy)
+        ::OpenSCAP.oscap_cleanup
+      end
+
+      # Unfortunately openscap in ruby 1.9.3 outputs data in Ascii-8bit.
+      # We transform it to UTF-8 for easier json integration.
+
+      # :invalid ::
+      #   If the value is invalid, #encode replaces invalid byte sequences in
+      #   +str+ with the replacement character.  The default is to raise the
+      #   Encoding::InvalidByteSequenceError exception
+      # :undef ::
+      #   If the value is undefined, #encode replaces characters which are
+      #   undefined in the destination encoding with the replacement character.
+      #   The default is to raise the Encoding::UndefinedConversionError.
+      # :replace ::
+      #   Sets the replacement string to the given value. The default replacement
+      #   string is "\uFFFD" for Unicode encoding forms, and "?" otherwise.
+      def ascii8bit_to_utf8(string)
+        return ascii8bit_to_utf8_legacy(string) if RUBY_VERSION.start_with? '1.8'
+        string.to_s.encode('utf-8', :invalid => :replace, :undef => :replace, :replace => '_')
+      end
+
+      # String#encode appeared first in 1.9, so we need a workaround for 1.8
+      def ascii8bit_to_utf8_legacy(string)
+        Iconv.conv('UTF-8//IGNORE', 'UTF-8', string.to_s)
+      end
+
+      def hash_a8b(ary)
+        ary.map do |hash|
+          Hash[hash.map { |key, value| [ascii8bit_to_utf8(key), ascii8bit_to_utf8(value)] }]
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/arf_parser.rb

@@ -1,110 +1,34 @@
-# encoding=utf-8
-require 'openscap'
-require 'openscap/ds/arf'
-require 'openscap/xccdf/testresult'
-require 'openscap/xccdf/ruleresult'
-require 'openscap/xccdf/rule'
-require 'openscap/xccdf/fix'
-require 'openscap/xccdf/benchmark'
-require 'json'
-require 'digest'
+require 'smart_proxy_openscap/shell_wrapper'
 
 module Proxy
   module OpenSCAP
-    class ArfParser
-      def parse(file_in, file_out)
-        ::OpenSCAP.oscap_init
-        arf_digest   = Digest::SHA256.hexdigest(File.read(file_in))
+    class ArfParser < ShellWrapper
 
-        arf          = ::OpenSCAP::DS::Arf.new(file_in)
-        test_result  = arf.test_result
-
-        results      = test_result.rr
-        sds          = arf.report_request
-        bench_source = sds.select_checklist!
-        benchmark    = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
-        items        = benchmark.items
-
-        report = parse_results(items, results, arf_digest)
-        File.write file_out, report.to_json
-      ensure
-        cleanup test_result, benchmark, sds, arf
-      end
-
-      private
-
-      def parse_results(items, results, arf_digest)
-        report       = {}
-        report[:logs] = []
-        passed        = 0
-        failed        = 0
-        othered         = 0
-        results.each do |rr_id, result|
-          next if result.result == 'notapplicable' || result.result == 'notselected'
-          # get rules and their results
-          rule_data = items[rr_id]
-          report[:logs] << populate_result_data(rr_id, result.result, rule_data)
-          # create metrics for the results
-          case result.result
-            when 'pass', 'fixed'
-              passed += 1
-            when 'fail'
-              failed += 1
-            else
-              othered += 1
-          end
-        end
-        report[:digest]  = arf_digest
-        report[:metrics] = { :passed => passed, :failed => failed, :othered => othered }
-        report
+      def initialize(cname, policy_id, date)
+        @cname = cname
+        @policy_id = policy_id
+        @date = date
+        @script_name = 'smart-proxy-arf-json'
       end
 
-      def populate_result_data(result_id, rule_result, rule_data)
-        log               = {}
-        log[:source]      = ascii8bit_to_utf8(result_id)
-        log[:result]      = ascii8bit_to_utf8(rule_result)
-        log[:title]       = ascii8bit_to_utf8(rule_data.title)
-        log[:description] = ascii8bit_to_utf8(rule_data.description)
-        log[:rationale]   = ascii8bit_to_utf8(rule_data.rationale)
-        log[:references]  = hash_a8b(rule_data.references.map(&:to_hash))
-        log[:fixes]       = hash_a8b(rule_data.fixes.map(&:to_hash))
-        log[:severity]    = ascii8bit_to_utf8(rule_data.severity)
-        log
+      def as_json(arf_data)
+        execute_shell_command arf_data
       end
 
-      def cleanup(*args)
-        args.compact.map(&:destroy)
-        ::OpenSCAP.oscap_cleanup
+      def in_filename
+        "#{super}-#{@cname}-#{@policy_id}-#{@date}-"
       end
 
-      # Unfortunately openscap in ruby 1.9.3 outputs data in Ascii-8bit.
-      # We transform it to UTF-8 for easier json integration.
-
-      # :invalid ::
-      #   If the value is invalid, #encode replaces invalid byte sequences in
-      #   +str+ with the replacement character.  The default is to raise the
-      #   Encoding::InvalidByteSequenceError exception
-      # :undef ::
-      #   If the value is undefined, #encode replaces characters which are
-      #   undefined in the destination encoding with the replacement character.
-      #   The default is to raise the Encoding::UndefinedConversionError.
-      # :replace ::
-      #   Sets the replacement string to the given value. The default replacement
-      #   string is "\uFFFD" for Unicode encoding forms, and "?" otherwise.
-      def ascii8bit_to_utf8(string)
-        return ascii8bit_to_utf8_legacy(string) if RUBY_VERSION.start_with? '1.8'
-        string.to_s.encode('utf-8', :invalid => :replace, :undef => :replace, :replace => '_')
+      def out_filename
+        "#{in_filename}json-"
       end
 
-      # String#encode appeared first in 1.9, so we need a workaround for 1.8
-      def ascii8bit_to_utf8_legacy(string)
-        Iconv.conv('UTF-8//IGNORE', 'UTF-8', string.to_s)
+      def failure_message
+        "Failure when running script which parses reports"
       end
 
-      def hash_a8b(ary)
-        ary.map do |hash|
-          Hash[hash.map { |key, value| [ascii8bit_to_utf8(key), ascii8bit_to_utf8(value)] }]
-        end
+      def command(in_file, out_file)
+        "#{script_location} #{in_file.path} #{out_file.path}"
       end
     end
   end

data/lib/smart_proxy_openscap/content_parser.rb

@@ -0,0 +1,30 @@
+require 'smart_proxy_openscap/shell_wrapper'
+
+module Proxy::OpenSCAP
+  class ContentParser < ShellWrapper
+    def initialize(type)
+      @type = type
+      @script_name = 'smart-proxy-scap-validation'
+    end
+
+    def validate(scap_file)
+      execute_shell_command scap_file
+    end
+
+    def out_filename
+      "#{in_filename}json-"
+    end
+
+    def in_filename
+      "#{super}-#{@type}-validate-"
+    end
+
+    def failure_message
+      "Failure when running script which validates scap files"
+    end
+
+    def command(in_file, out_file)
+      "#{script_location} #{in_file.path} #{out_file.path} #{@type}"
+    end
+  end
+end

data/lib/smart_proxy_openscap/foreman_forwarder.rb

@@ -5,8 +5,7 @@ module Proxy::OpenSCAP
     def post_arf_report(cname, policy_id, date, data)
       begin
         foreman_api_path = upload_path(cname, policy_id, date)
-        json = Proxy::OpenSCAP::Parse.new(cname, policy_id, date).as_json(data)
-        raise OpenSCAP::OpenSCAPError, "Failed to parse report" if json.nil? || json.empty?
+        json = Proxy::OpenSCAP::ArfParser.new(cname, policy_id, date).as_json(data)
         response = send_request(foreman_api_path, json)
         # Raise an HTTP error if the response is not 2xx (success).
         response.value

data/lib/smart_proxy_openscap/openscap_api.rb

@@ -42,7 +42,7 @@ module Proxy::OpenSCAP
         Proxy::OpenSCAP::StorageFS.new(Proxy::OpenSCAP::Plugin.settings.failed_dir, cn, post_to_foreman['id'], date).store_failed(request.body.string)
         logger.error "Failed to save Report in reports directory (#{Proxy::OpenSCAP::Plugin.settings.reportsdir}). Failed with: #{e.message}.
                       Saving file in #{Proxy::OpenSCAP::Plugin.settings.failed_dir}. Please copy manually to #{Proxy::OpenSCAP::Plugin.settings.reportsdir}"
-      rescue OpenSCAP::OpenSCAPError => e
+      rescue Proxy::OpenSCAP::OpenSCAPException => e
         logger.error "Failed to parse Arf Report, moving to #{Proxy::OpenSCAP::Plugin.settings.corrupted_dir}"
         Proxy::OpenSCAP::StorageFS.new(Proxy::OpenSCAP::Plugin.settings.corrupted_dir, cn, policy, date).store_corrupted(request.body.string)
       rescue *HTTP_ERRORS => e
@@ -73,9 +73,11 @@ module Proxy::OpenSCAP
 
     get "/arf/:id/:cname/:date/:digest/html" do
       begin
-        Proxy::OpenSCAP::StorageFS.new(Proxy::OpenSCAP::Plugin.settings.reportsdir, params[:cname], params[:id], params[:date]).get_arf_html(params[:digest])
+        Proxy::OpenSCAP::OpenscapHtmlGenerator.new(params[:cname], params[:id], params[:date], params[:digest]).get_html
       rescue FileNotFound => e
         log_halt 500, "Could not find requested file, #{e.message}"
+      rescue OpenSCAPException => e
+        log_halt 500, "Could not generate report in HTML"
       end
     end
 
@@ -114,28 +116,22 @@ module Proxy::OpenSCAP
     end
 
     post "/scap_content/policies" do
-      content_parser = create_content_parser
       begin
-        content_parser.extract_policies
+        Proxy::OpenSCAP::ProfilesParser.new('scap_content').profiles(request.body.string)
       rescue *HTTP_ERRORS => e
         log_halt 500, e.message
       rescue StandardError => e
         log_halt 500, "Error occurred: #{e.message}"
-      ensure
-        content_parser.cleanup
       end
     end
 
     post "/tailoring_file/profiles" do
-      content_parser = create_content_parser
       begin
-        content_parser.get_profiles
+        Proxy::OpenSCAP::ProfilesParser.new('tailoring_file').profiles(request.body.string)
       rescue *HTTP_ERRORS => e
         log_halt 500, e.message
       rescue StandardError => e
         log_halt 500, "Error occurred: #{e.message}"
-      ensure
-        content_parser.cleanup
       end
     end
 
@@ -150,15 +146,12 @@ module Proxy::OpenSCAP
     end
 
     post "/scap_content/guide/:policy" do
-      content_parser = create_content_parser
       begin
-        content_parser.guide(params[:policy])
+        Proxy::OpenSCAP::PolicyParser.new(params[:policy]).guide(request.body.string)
       rescue *HTTP_ERRORS => e
         log_halt 500, e.message
       rescue StandardError => e
         log_halt 500, "Error occurred: #{e.message}"
-      ensure
-        content_parser.cleanup
       end
     end
 
@@ -166,16 +159,12 @@ module Proxy::OpenSCAP
 
     def validate_scap_file(params)
       begin
-        Proxy::OpenSCAP::ContentParser.new(request.body.string, params[:type]).validate
+        Proxy::OpenSCAP::ContentParser.new(params[:type]).validate(request.body.string)
       rescue *HTTP_ERRORS => e
         log_halt 500, e.message
       rescue StandardError => e
         log_halt 500, "Error occurred: #{e.message}"
       end
     end
-
-    def create_content_parser
-      Proxy::OpenSCAP::ContentParser.new(request.body.string)
-    end
   end
 end

data/lib/smart_proxy_openscap/openscap_html_generator.rb

@@ -0,0 +1,38 @@
+require 'smart_proxy_openscap/storage_fs'
+require 'smart_proxy_openscap/shell_wrapper'
+
+module Proxy
+  module OpenSCAP
+    class OpenscapHtmlGenerator < ShellWrapper
+      def initialize(cname, id, date, digest)
+        @cname = cname
+        @id = id
+        @date = date
+        @digest = digest
+        @script_name = 'smart-proxy-arf-html'
+      end
+
+      def get_html
+        execute_shell_command
+      end
+
+      def out_filename
+        "#{super}-#{@cname}-#{@id}-#{@date}-#{@digest}-"
+      end
+
+      def command(in_file, out_file)
+        "#{script_location} #{file_path_in_storage} #{out_file.path}"
+      end
+
+      def failure_message
+        "Failure when running script which generates html reports"
+      end
+
+      def file_path_in_storage
+        path_to_dir = Proxy::OpenSCAP::Plugin.settings.reportsdir
+        storage = Proxy::OpenSCAP::StorageFS.new(path_to_dir, @cname, @id, @date)
+        storage.get_path(@digest)
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/openscap_lib.rb

@@ -16,12 +16,14 @@ require 'proxy/error'
 require 'proxy/request'
 require 'smart_proxy_openscap/fetch_scap_content'
 require 'smart_proxy_openscap/foreman_forwarder'
-require 'smart_proxy_openscap/openscap_content_parser'
+require 'smart_proxy_openscap/content_parser'
 require 'smart_proxy_openscap/openscap_exception'
-require 'smart_proxy_openscap/openscap_report_parser'
+require 'smart_proxy_openscap/arf_parser'
 require 'smart_proxy_openscap/spool_forwarder'
-require 'smart_proxy_openscap/storage_fs'
+require 'smart_proxy_openscap/openscap_html_generator'
 require 'smart_proxy_openscap/fetch_tailoring_file'
+require 'smart_proxy_openscap/policy_parser'
+require 'smart_proxy_openscap/profiles_parser'
 
 module Proxy::OpenSCAP
   extend ::Proxy::Log

data/lib/smart_proxy_openscap/openscap_plugin.rb

@@ -9,7 +9,6 @@
 #
 
 require 'smart_proxy_openscap/version'
-require 'smart_proxy_openscap/plugin_configuration'
 
 module Proxy::OpenSCAP
   class Plugin < ::Proxy::Plugin
@@ -24,10 +23,5 @@ module Proxy::OpenSCAP
                      :reportsdir => File.join(APP_ROOT, 'openscap/reports'),
                      :failed_dir => File.join(APP_ROOT, 'openscap/failed'),
                      :tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
-
-    load_classes ::Proxy::OpenSCAP::PluginConfiguration
-    load_dependency_injection_wirings ::Proxy::OpenSCAP::PluginConfiguration
-
-    start_services :openscap_initializer
   end
 end

data/lib/smart_proxy_openscap/policy_guide.rb

@@ -0,0 +1,23 @@
+require 'openscap'
+require 'openscap/source'
+require 'openscap/ds/sds'
+require 'json'
+
+module Proxy
+  module OpenSCAP
+    class PolicyGuide
+      def generate_guide(in_file, out_file, policy)
+        ::OpenSCAP.oscap_init
+        source = ::OpenSCAP::Source.new in_file
+        sds = ::OpenSCAP::DS::Sds.new source
+        sds.select_checklist
+        profile_id = policy ? nil : policy
+        html = sds.html_guide profile_id
+        File.write(out_file, { :html => html.force_encoding('UTF-8') }.to_json)
+        sds.destroy
+        source.destroy
+        ::OpenSCAP.oscap_cleanup
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/policy_parser.rb

@@ -0,0 +1,33 @@
+require 'smart_proxy_openscap/shell_wrapper'
+
+module Proxy
+  module OpenSCAP
+    class PolicyParser < ShellWrapper
+
+      def initialize(policy)
+        @script_name = "smart-proxy-policy-guide"
+        @policy = policy
+      end
+
+      def guide(scap_file)
+        execute_shell_command scap_file
+      end
+
+      def in_filename
+        super
+      end
+
+      def out_filename
+        "#{in_filename}json-"
+      end
+
+      def failure_message
+        "Failure when running script which renders policy guide"
+      end
+
+      def command(in_file, out_file)
+        "#{script_location} #{in_file.path} #{out_file.path} #{@policy}"
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/profiles_parser.rb

@@ -0,0 +1,32 @@
+require 'smart_proxy_openscap/shell_wrapper'
+
+module Proxy
+  module OpenSCAP
+    class ProfilesParser < ShellWrapper
+      def initialize(type)
+        @type = type
+        @script_name = 'smart-proxy-scap-profiles'
+      end
+
+      def profiles(scap_file)
+        execute_shell_command scap_file
+      end
+
+      def out_filename
+        "#{in_filename}json-"
+      end
+
+      def in_filename
+        "#{super}-#{@type}-profiles-"
+      end
+
+      def failure_message
+        "Failure when running script which extracts profiles from scap file"
+      end
+
+      def command(in_file, out_file)
+        "#{script_location} #{in_file.path} #{out_file.path} #{@type}"
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/scap_profiles.rb

@@ -0,0 +1,49 @@
+require 'openscap'
+require 'openscap/ds/sds'
+require 'openscap/source'
+require 'openscap/xccdf/benchmark'
+require 'openscap/xccdf/tailoring'
+require 'json'
+
+module Proxy
+  module OpenSCAP
+    class ScapProfiles
+      def profiles(in_file, out_file, type)
+        ::OpenSCAP.oscap_init
+        source = ::OpenSCAP::Source.new(in_file)
+        json = type == 'scap_content' ? scap_content_profiles(source) : tailoring_profiles(source)
+        File.write out_file, json
+        source.destroy
+        ::OpenSCAP.oscap_cleanup
+      end
+
+      def scap_content_profiles(source)
+        bench = benchmark_profiles source
+        profiles = collect_profiles bench
+        bench.destroy
+        profiles.to_json
+      end
+
+      def tailoring_profiles(source)
+        tailoring = ::OpenSCAP::Xccdf::Tailoring.new(source, nil)
+        profiles = collect_profiles tailoring
+        tailoring.destroy
+        profiles.to_json
+      end
+
+      def collect_profiles(profile_source)
+        profile_source.profiles.inject({}) do |memo, (key, profile)|
+          memo.tap { |hash| hash[key] = profile.title.strip }
+        end
+      end
+
+      def benchmark_profiles(source)
+        sds          = ::OpenSCAP::DS::Sds.new(source)
+        bench_source = sds.select_checklist!
+        benchmark = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
+        sds.destroy
+        benchmark
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/scap_validation.rb

@@ -0,0 +1,34 @@
+require 'json'
+require 'openscap'
+require 'openscap/source'
+
+module Proxy
+  module OpenSCAP
+    class ScapValidation
+      def allowed_types
+        {
+          'tailoring_file' => 'XCCDF Tailoring',
+          'scap_content' => 'SCAP Source Datastream'
+        }
+      end
+
+      def validate(in_file, out_file, type)
+        errors = []
+        ::OpenSCAP.oscap_init
+        source = ::OpenSCAP::Source.new(in_file)
+        if source.type != allowed_types[type]
+          errors << "Uploaded file is #{source.type}, unexpected file type"
+        end
+
+        begin
+          source.validate!
+        rescue ::OpenSCAP::OpenSCAPError
+          errors << "Invalid SCAP file type"
+        end
+        File.write out_file, { :errors => errors }.to_json
+        source.destroy
+        ::OpenSCAP.oscap_cleanup
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/shell_wrapper.rb

@@ -0,0 +1,77 @@
+require 'tempfile'
+
+module Proxy
+  module OpenSCAP
+    class ShellWrapper
+      include ::Proxy::Log
+
+      attr_reader :script_name
+
+      def script_location
+        raise NotImplementedError, 'Must have @script_name' unless script_name
+        path = File.join(File.dirname(File.expand_path(__FILE__)), '../../bin', script_name)
+        return path if File.exist? path
+        script_name
+      end
+
+      def execute_shell_command(in_file_content = nil)
+        out_file = Tempfile.new(out_filename, "/var/tmp")
+        in_file = prepare_in_file in_file_content
+        comm = command(in_file, out_file)
+        logger.debug "Executing: #{comm}"
+        output = nil
+        begin
+          `#{comm}`
+          output = out_file.read
+        rescue => e
+          logger.debug failure_message
+          logger.debug e.message
+          logger.debug e.backtrace.join("\n\t")
+        ensure
+          close_unlink out_file, in_file
+        end
+        raise OpenSCAPException, exception_message if output.nil? || output.empty?
+        output
+      end
+
+      def close_unlink(*files)
+        files.compact.each do |file|
+          file.close
+          file.unlink
+        end
+      end
+
+      def prepare_in_file(in_file_content)
+        return unless in_file_content
+        file = Tempfile.new(in_filename, "/var/tmp")
+        file.write in_file_content
+        file.rewind
+        file
+      end
+
+      def in_filename
+        @in_filename ||= unique_filename
+      end
+
+      def out_filename
+        @out_filename ||= unique_filename
+      end
+
+      def unique_filename
+        SecureRandom.uuid
+      end
+
+      def command(in_file, out_file)
+        raise NotImplementedError, "Must be implemented"
+      end
+
+      def failure_message
+        raise NotImplementedError, "Must be implemented"
+      end
+
+      def exception_message
+        failure_message
+      end
+    end
+  end
+end

data/lib/smart_proxy_openscap/spool_forwarder.rb

@@ -51,7 +51,7 @@ module Proxy::OpenSCAP
       post_to_foreman = ForemanForwarder.new.post_arf_report(cname, policy_id, date, data)
       Proxy::OpenSCAP::StorageFS.new(Proxy::OpenSCAP::Plugin.settings.reportsdir, cname, post_to_foreman['id'], date).store_archive(data)
       File.delete arf_file_path
-    rescue OpenSCAP::OpenSCAPError => e
+    rescue Proxy::OpenSCAP::OpenSCAPException => e
       logger.error "Failed to parse Arf Report at #{arf_file_path}, moving to #{Proxy::OpenSCAP::Plugin.settings.corrupted_dir}"
 
       Proxy::OpenSCAP::StorageFS.new(Proxy::OpenSCAP::Plugin.settings.corrupted_dir, cname, policy_id, date).

data/lib/smart_proxy_openscap/storage.rb

@@ -1,6 +1,4 @@
 require 'smart_proxy_openscap/openscap_exception'
-require 'openscap'
-require 'openscap/ds/arf'
 
 module Proxy::OpenSCAP
   class Storage

data/lib/smart_proxy_openscap/storage_fs.rb

@@ -27,15 +27,6 @@ module Proxy::OpenSCAP
       get_arf_file(digest)[:xml]
     end
 
-    def get_arf_html(digest)
-      xml = get_arf_file(digest)[:xml]
-      size = get_arf_file(digest)[:size]
-      arf_object = OpenSCAP::DS::Arf.new(:content => xml, :path => 'arf.xml.bz2', :length => size)
-      # @TODO: Drop this when support for 1.8.7 ends
-      return arf_object.html if RUBY_VERSION.start_with? '1.8'
-      arf_object.html.force_encoding('UTF-8')
-    end
-
     def delete_arf_file
       path = "#{@path_to_dir}/#{@namespace}/#{@cname}/#{@id}"
       raise FileNotFound, "Can't find path #{path}" if !File.directory?(path) || File.zero?(path)
@@ -43,6 +34,17 @@ module Proxy::OpenSCAP
       {:id => @id, :deleted => true}.to_json
     end
 
+    def get_arf_file(digest)
+      file = File.open(get_path digest)
+      { :size => File.size(file), :xml => file.read }
+    end
+
+    def get_path(digest)
+      full_path = @path + digest
+      raise FileNotFound, "Can't find path #{full_path}" if !File.file?(full_path) || File.zero?(full_path)
+      full_path
+    end
+
     private
 
     def store_arf(spool_arf_dir, data)
@@ -86,12 +88,5 @@ module Proxy::OpenSCAP
 
       logger.debug "File #{target_path} stored in reports dir."
     end
-
-    def get_arf_file(digest)
-      full_path = @path + digest
-      raise FileNotFound, "Can't find path #{full_path}" if !File.file?(full_path) || File.zero?(full_path)
-      file = File.open(full_path)
-      { :size => File.size(file), :xml => file.read }
-    end
   end
 end

data/lib/smart_proxy_openscap/version.rb

@@ -10,6 +10,6 @@
 
 module Proxy
   module OpenSCAP
-    VERSION = '0.6.5'
+    VERSION = '0.6.6'
   end
 end

data/test/get_report_xml_html_test.rb

@@ -39,9 +39,7 @@ class OpenSCAPGetArfTest < Test::Unit::TestCase
   end
 
   def test_get_html_arf
-    OpenSCAP.oscap_init
     get "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}/html"
-    OpenSCAP.oscap_cleanup
     assert(last_response.successful?, "Should return OK")
     assert(last_response.body.start_with?('<!DOCTYPE'), 'File should start with html')
   end

data/test/scap_content_parser_api_test.rb

@@ -28,7 +28,7 @@ class ScapContentParserApiTest < Test::Unit::TestCase
 
   def test_invalid_scap_content_policies
     post '/scap_content/policies', '<xml>blah</xml>', 'CONTENT_TYPE' => 'text/xml'
-    assert(last_response.body.include?('Could not create Source DataStream session'))
+    assert(last_response.body.include?('Failure when running script which extracts profiles from scap file'))
   end
 
   def test_scap_content_validator

data/test/script_class_test.rb

@@ -0,0 +1,94 @@
+require 'test_helper'
+require 'smart_proxy_openscap/arf_html'
+require 'smart_proxy_openscap/arf_json'
+require 'smart_proxy_openscap/policy_guide'
+require 'smart_proxy_openscap/scap_profiles'
+require 'smart_proxy_openscap/arf_json'
+require 'smart_proxy_openscap/scap_validation'
+
+class ScriptClassTest < Test::Unit::TestCase
+  def test_arf_generate_html
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ArfHtml.new.generate_html("#{Dir.getwd}/test/data/arf_report", tmp.path)
+      content = File.read tmp
+      assert content.start_with?('<!DOCTYPE'), "File should be html"
+    end
+  end
+
+  def test_arf_as_json
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path)
+      json = read_json tmp
+      refute json['logs'].empty?
+      refute json['metrics'].empty?
+    end
+  end
+
+  def test_policy_guide
+    carry_out do |tmp|
+      profile = "xccdf_org.ssgproject.content_profile_stig-rhel7-workstation-upstream"
+      Proxy::OpenSCAP::PolicyGuide.new.generate_guide("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, profile)
+      guide = read_json tmp
+      assert guide['html'].start_with?('<!DOCTYPE'), "File should be html"
+    end
+  end
+
+  def test_scap_file_profiles
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
+      profiles = read_json tmp
+      refute profiles.empty?
+      assert profiles["xccdf_org.ssgproject.content_profile_common"]
+    end
+  end
+
+  def test_tailoring_file_profiles
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
+      profiles = read_json tmp
+      refute profiles.empty?
+      assert profiles["xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized"]
+    end
+  end
+
+  def test_arf_json
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path)
+      json = read_json tmp
+      refute json['logs'].empty?
+      refute json['metrics'].empty?
+    end
+  end
+
+  def test_scap_content_validation
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
+      res = read_json tmp
+      assert res['errors'].empty?
+    end
+  end
+
+  def test_tailoring_file_validation
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
+      res = read_json tmp
+      assert res['errors'].empty?
+    end
+  end
+
+  private
+
+  def carry_out
+    tmp = Tempfile.new('test')
+    begin
+      yield tmp if block_given?
+    ensure
+      tmp.close
+      tmp.unlink
+    end
+  end
+
+  def read_json(file)
+    JSON.parse(File.read file)
+  end
+end

data/test/test_helper.rb

@@ -4,6 +4,7 @@ require 'webmock/test_unit'
 require 'mocha/setup'
 require 'json'
 require 'ostruct'
+require 'tempfile'
 
 require 'smart_proxy_for_testing'
 

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_openscap
 version: !ruby/object:Gem::Version
-  version: 0.6.5
+  version: 0.6.6
 platform: ruby
 authors:
-- "Šimon Lukašík"
+- Šimon Lukašík
 - Shlomi Zadok
 - Marek Hulan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-27 00:00:00.000000000 Z
+date: 2017-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -97,27 +97,37 @@ files:
 - Gemfile
 - README.md
 - Rakefile
+- bin/smart-proxy-arf-html
+- bin/smart-proxy-arf-json
 - bin/smart-proxy-openscap-send
-- bin/smart-proxy-parse-arf
+- bin/smart-proxy-policy-guide
+- bin/smart-proxy-scap-profiles
+- bin/smart-proxy-scap-validation
 - bundler.d/openscap.rb
 - extra/rubygem-smart_proxy_openscap.spec
 - extra/smart-proxy-openscap-send.cron
 - lib/smart_proxy_openscap.rb
+- lib/smart_proxy_openscap/arf_html.rb
+- lib/smart_proxy_openscap/arf_json.rb
 - lib/smart_proxy_openscap/arf_parser.rb
+- lib/smart_proxy_openscap/content_parser.rb
 - lib/smart_proxy_openscap/fetch_file.rb
 - lib/smart_proxy_openscap/fetch_scap_content.rb
 - lib/smart_proxy_openscap/fetch_tailoring_file.rb
 - lib/smart_proxy_openscap/foreman_forwarder.rb
 - lib/smart_proxy_openscap/http_config.ru
 - lib/smart_proxy_openscap/openscap_api.rb
-- lib/smart_proxy_openscap/openscap_content_parser.rb
 - lib/smart_proxy_openscap/openscap_exception.rb
+- lib/smart_proxy_openscap/openscap_html_generator.rb
 - lib/smart_proxy_openscap/openscap_import_api.rb
-- lib/smart_proxy_openscap/openscap_initializer.rb
 - lib/smart_proxy_openscap/openscap_lib.rb
 - lib/smart_proxy_openscap/openscap_plugin.rb
-- lib/smart_proxy_openscap/openscap_report_parser.rb
-- lib/smart_proxy_openscap/plugin_configuration.rb
+- lib/smart_proxy_openscap/policy_guide.rb
+- lib/smart_proxy_openscap/policy_parser.rb
+- lib/smart_proxy_openscap/profiles_parser.rb
+- lib/smart_proxy_openscap/scap_profiles.rb
+- lib/smart_proxy_openscap/scap_validation.rb
+- lib/smart_proxy_openscap/shell_wrapper.rb
 - lib/smart_proxy_openscap/spool_forwarder.rb
 - lib/smart_proxy_openscap/storage.rb
 - lib/smart_proxy_openscap/storage_fs.rb
@@ -139,6 +149,7 @@ files:
 - test/get_report_xml_html_test.rb
 - test/post_report_api_test.rb
 - test/scap_content_parser_api_test.rb
+- test/script_class_test.rb
 - test/spool_forwarder_test.rb
 - test/test_helper.rb
 homepage: http://github.com/OpenSCAP/smart_proxy_openscap
@@ -161,9 +172,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: OpenSCAP plug-in for Foreman's smart-proxy.
 test_files: []
-has_rdoc: 

data/lib/smart_proxy_openscap/openscap_content_parser.rb

@@ -1,77 +0,0 @@
-require 'openscap/ds/sds'
-require 'openscap/source'
-require 'openscap/xccdf/benchmark'
-require 'openscap/xccdf/tailoring'
-
-module Proxy::OpenSCAP
-  class ContentParser
-    def initialize(scap_file, type = 'scap_content')
-      @source = OpenSCAP::Source.new(:content => scap_file)
-      @type = type
-    end
-
-    def cleanup
-      @source.destroy if @source
-    end
-
-    def allowed_types
-      {
-        'tailoring_file' => 'XCCDF Tailoring',
-        'scap_content' => 'SCAP Source Datastream'
-      }
-    end
-
-    def extract_policies
-      policies = {}
-      bench = benchmark_profiles
-      bench.profiles.each do |key, profile|
-        policies[key] = profile.title
-      end
-      bench.destroy
-      policies.to_json
-    end
-
-    def get_profiles
-      tailoring = ::OpenSCAP::Xccdf::Tailoring.new(@source, nil)
-      profiles = tailoring.profiles.inject({}) do |memo, (key, profile)|
-        memo.tap { |hash| hash[key] = profile.title }
-      end
-      tailoring.destroy
-      profiles.to_json
-    end
-
-    def validate
-      errors = []
-
-      if @source.type != allowed_types[@type]
-        errors << "Uploaded file is #{@source.type}, unexpected file type"
-      end
-
-      begin
-        @source.validate!
-      rescue OpenSCAP::OpenSCAPError
-        errors << "Invalid SCAP file type"
-      end
-      {:errors => errors}.to_json
-    end
-
-    def guide(policy)
-      sds = OpenSCAP::DS::Sds.new @source
-      sds.select_checklist
-      profile_id = policy ? nil : policy
-      html = sds.html_guide profile_id
-      sds.destroy
-      {:html => html.force_encoding('UTF-8')}.to_json
-    end
-
-    private
-
-    def benchmark_profiles
-      sds          = ::OpenSCAP::DS::Sds.new(@source)
-      bench_source = sds.select_checklist!
-      benchmark = ::OpenSCAP::Xccdf::Benchmark.new(bench_source)
-      sds.destroy
-      benchmark
-    end
-  end
-end

data/lib/smart_proxy_openscap/openscap_initializer.rb

@@ -1,21 +0,0 @@
-require 'openscap'
-
-module Proxy::OpenSCAP
-  class OpenscapInitializer
-    include ::Proxy::Log
-
-    def initialize
-      @mutex = Mutex.new
-    end
-
-    def start
-      logger.debug "Initializing openscap component"
-      @mutex.synchronize { OpenSCAP.oscap_init }
-    end
-
-    def stop
-      logger.debug "Stopping openscap component"
-      @mutex.synchronize { OpenSCAP.oscap_cleanup }
-    end
-  end
-end

data/lib/smart_proxy_openscap/openscap_report_parser.rb

@@ -1,48 +0,0 @@
-# encoding=utf-8
-require 'tempfile'
-
-module Proxy
-  module OpenSCAP
-    class Parse
-      include ::Proxy::Log
-      include ::Proxy::Util
-
-      def initialize(cname, policy_id, date)
-        @cname = cname
-        @policy_id = policy_id
-        @date = date
-      end
-
-      def as_json(arf_data)
-        in_file = Tempfile.new("#{filename}json-", "/var/tmp")
-        json_file = Tempfile.new(filename, "/var/tmp")
-        begin
-          in_file.write arf_data
-          command = "#{script_location} #{in_file.path} #{json_file.path}"
-          logger.debug "Executing: #{command}"
-          `#{command}`
-          json_file.read
-        rescue => e
-          logger.debug "Failure when running script which parses reports"
-          logger.debug e.backtrace.join("\n\t")
-          return nil
-        ensure
-          in_file.close
-          in_file.unlink
-          json_file.close
-          json_file.unlink
-        end
-      end
-
-      def filename
-        "#{@cname}-#{@policy_id}-#{@date}-"
-      end
-
-      def script_location
-        path = File.join(File.dirname(File.expand_path(__FILE__)), '../..','bin/smart-proxy-parse-arf')
-        return path if File.exist? path
-        "smart-proxy-parse-arf"
-      end
-    end
-  end
-end

data/lib/smart_proxy_openscap/plugin_configuration.rb

@@ -1,13 +0,0 @@
-module Proxy::OpenSCAP
-  class PluginConfiguration
-    def load_dependency_injection_wirings(container, settings)
-      container.singleton_dependency :openscap_initializer, ( lambda do
-        ::Proxy::OpenSCAP::OpenscapInitializer.new
-      end)
-    end
-
-    def load_classes
-      require 'smart_proxy_openscap/openscap_initializer'
-    end
-  end
-end