smart_proxy_openscap 0.8.1 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smart_proxy_openscap/fetch_scap_file.rb +45 -0
- data/lib/smart_proxy_openscap/foreman_arf_forwarder.rb +15 -0
- data/lib/smart_proxy_openscap/foreman_forwarder.rb +19 -16
- data/lib/smart_proxy_openscap/foreman_oval_forwarder.rb +19 -0
- data/lib/smart_proxy_openscap/openscap_api.rb +47 -23
- data/lib/smart_proxy_openscap/openscap_html_generator.rb +1 -1
- data/lib/smart_proxy_openscap/openscap_import_api.rb +3 -3
- data/lib/smart_proxy_openscap/openscap_lib.rb +5 -3
- data/lib/smart_proxy_openscap/openscap_plugin.rb +2 -1
- data/lib/smart_proxy_openscap/oval_report_parser.rb +54 -0
- data/lib/smart_proxy_openscap/oval_report_storage_fs.rb +26 -0
- data/lib/smart_proxy_openscap/spool_forwarder.rb +3 -3
- data/lib/smart_proxy_openscap/storage.rb +0 -2
- data/lib/smart_proxy_openscap/storage_fs.rb +7 -4
- data/lib/smart_proxy_openscap/storage_fs_common.rb +42 -0
- data/lib/smart_proxy_openscap/version.rb +1 -1
- data/settings.d/openscap.yml.example +3 -0
- data/smart_proxy_openscap.gemspec +1 -2
- data/test/data/oval-results.xml.bz2 +0 -0
- data/test/data/rhel-7-including-unpatched.oval.xml.bz2 +0 -0
- data/test/fetch_oval_content_api_test.rb +38 -0
- data/test/fetch_scap_api_test.rb +1 -1
- data/test/oval_report_parser_test.rb +14 -0
- data/test/post_oval_report_api_test.rb +30 -0
- data/test/post_report_api_test.rb +2 -2
- metadata +15 -6
- data/lib/smart_proxy_openscap/fetch_scap_content.rb +0 -17
- data/lib/smart_proxy_openscap/fetch_tailoring_file.rb +0 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b4d1a52c4299cb9828c2cb492622a4cc13f9cd3d234fc6a9940dc9768840761b
|
|
4
|
+
data.tar.gz: bfa0d9e1444579127bec7bf5f32fe37d73577c99ab803dfd07b59c0ed6f1e15a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 49c8ece151fb60cdf31a3c396b22df455d3f653648640f5e6d05505c67c386128bf09970bd9d08b82e94710d493c3ba8dd003d47d584e05819204cd32987ffc3
|
|
7
|
+
data.tar.gz: 18acfdafceecc4845da3fce3703f7e670d0c991ddda0d6cb542c00ccb6d399cd4090b63cf44dbeb2fef5aa99cfa0fb7710a2a54cf5b6d4b1678f98b70d01678b
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
require 'smart_proxy_openscap/fetch_file'
|
|
2
|
+
|
|
3
|
+
module Proxy::OpenSCAP
|
|
4
|
+
class FetchScapFile < FetchFile
|
|
5
|
+
def initialize(type)
|
|
6
|
+
raise "Expected one of the following symbols: #{allowed_types.join(', ')}, got: #{type}" unless allowed_types.include? type
|
|
7
|
+
@type = type
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def fetch(policy_id, digest, content_dir)
|
|
11
|
+
store_dir = File.join(Proxy::OpenSCAP.fullpath(content_dir), policy_id.to_s)
|
|
12
|
+
scap_file = File.join(store_dir, file_name(policy_id, digest))
|
|
13
|
+
|
|
14
|
+
file_download_path = download_path.sub(':policy_id', policy_id)
|
|
15
|
+
create_store_dir store_dir
|
|
16
|
+
file = policy_content_file scap_file
|
|
17
|
+
clean_store_folder store_dir unless file
|
|
18
|
+
file ||= save_or_serve_scap_file scap_file, file_download_path
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def download_path
|
|
22
|
+
case @type
|
|
23
|
+
when :scap_content
|
|
24
|
+
"api/v2/compliance/policies/:policy_id/content"
|
|
25
|
+
when :tailoring_file
|
|
26
|
+
"api/v2/compliance/policies/:policy_id/tailoring"
|
|
27
|
+
when :oval_content
|
|
28
|
+
"api/v2/compliance/oval_policies/:policy_id/oval_content"
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def file_name(policy_id, digest)
|
|
33
|
+
case @type
|
|
34
|
+
when :scap_content, :tailoring_file
|
|
35
|
+
"#{policy_id}_#{digest}.xml"
|
|
36
|
+
when :oval_content
|
|
37
|
+
"#{digest}.oval.xml.bz2"
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def allowed_types
|
|
42
|
+
[:scap_content, :tailoring_file, :oval_content]
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
require 'smart_proxy_openscap/foreman_forwarder'
|
|
2
|
+
|
|
3
|
+
module Proxy::OpenSCAP
|
|
4
|
+
class ForemanArfForwarder < ForemanForwarder
|
|
5
|
+
private
|
|
6
|
+
|
|
7
|
+
def parse_report(cname, policy_id, date, report_data)
|
|
8
|
+
Proxy::OpenSCAP::ArfParser.new(cname, policy_id, date).as_json(report_data)
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def report_upload_path(cname, policy_id, date)
|
|
12
|
+
upload_path "arf_reports", cname, policy_id, date
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -4,26 +4,29 @@ module Proxy::OpenSCAP
|
|
|
4
4
|
class ForemanForwarder < Proxy::HttpRequest::ForemanRequest
|
|
5
5
|
include ::Proxy::Log
|
|
6
6
|
|
|
7
|
-
def
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
end
|
|
7
|
+
def post_report(cname, policy_id, date, data, timeout)
|
|
8
|
+
foreman_api_path = report_upload_path(cname, policy_id, date)
|
|
9
|
+
|
|
10
|
+
json = parse_report(cname, policy_id, date, data)
|
|
11
|
+
response = send_request(foreman_api_path, json, timeout)
|
|
12
|
+
# Raise an HTTP error if the response is not 2xx (success).
|
|
13
|
+
response.value
|
|
14
|
+
JSON.parse(response.body)
|
|
15
|
+
rescue Net::HTTPServerException => e
|
|
16
|
+
logger.debug "Received response: #{response.code} #{response.msg}"
|
|
17
|
+
logger.debug response.body
|
|
18
|
+
raise ReportUploadError, e.message if response.code.to_i == 422
|
|
19
|
+
raise e
|
|
21
20
|
end
|
|
22
21
|
|
|
23
22
|
private
|
|
24
23
|
|
|
25
|
-
def upload_path(cname, policy_id, date)
|
|
26
|
-
"/api/v2/compliance
|
|
24
|
+
def upload_path(resource, cname, policy_id, date)
|
|
25
|
+
"/api/v2/compliance/#{resource}/#{cname}/#{policy_id}/#{date}"
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def parse_report(cname, policy_id, date, data)
|
|
29
|
+
raise NotImplementedError
|
|
27
30
|
end
|
|
28
31
|
|
|
29
32
|
def send_request(path, body, timeout)
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
require 'smart_proxy_openscap/foreman_forwarder'
|
|
2
|
+
|
|
3
|
+
module Proxy::OpenSCAP
|
|
4
|
+
class ForemanOvalForwarder < ForemanForwarder
|
|
5
|
+
private
|
|
6
|
+
|
|
7
|
+
def parse_report(cname, policy_id, date, report_data)
|
|
8
|
+
{
|
|
9
|
+
:oval_results => OvalReportParser.new.parse_cves(report_data),
|
|
10
|
+
:oval_policy_id => policy_id,
|
|
11
|
+
:cname => cname
|
|
12
|
+
}.to_json
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def report_upload_path(cname, policy_id, date)
|
|
16
|
+
upload_path "oval_reports", cname, policy_id, date
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -33,35 +33,37 @@ module Proxy::OpenSCAP
|
|
|
33
33
|
do_authorize_with_trusted_hosts
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
-
|
|
37
|
-
# first let's verify client's certificate
|
|
36
|
+
before '(/arf/*|/oval_reports/*)' do
|
|
38
37
|
begin
|
|
39
|
-
cn = Proxy::OpenSCAP::common_name request
|
|
38
|
+
@cn = Proxy::OpenSCAP::common_name request
|
|
40
39
|
rescue Proxy::Error::Unauthorized => e
|
|
41
40
|
log_halt 403, "Client authentication failed: #{e.message}"
|
|
42
41
|
end
|
|
43
|
-
|
|
42
|
+
@reported_at = Time.now.to_i
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
post "/arf/:policy" do
|
|
44
46
|
policy = params[:policy]
|
|
45
47
|
|
|
46
48
|
begin
|
|
47
|
-
post_to_foreman =
|
|
48
|
-
Proxy::OpenSCAP::
|
|
49
|
+
post_to_foreman = ForemanArfForwarder.new.post_report(@cn, policy, @reported_at, request.body.string, Proxy::OpenSCAP::Plugin.settings.timeout)
|
|
50
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.reportsdir, @cn, post_to_foreman['id'], @reported_at).store_archive(request.body.string)
|
|
49
51
|
post_to_foreman.to_json
|
|
50
52
|
rescue Proxy::OpenSCAP::StoreReportError => e
|
|
51
|
-
Proxy::OpenSCAP::
|
|
53
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.failed_dir, @cn, post_to_foreman['id'], @reported_at).store_failed(request.body.string)
|
|
52
54
|
logger.error "Failed to save Report in reports directory (#{Proxy::OpenSCAP::Plugin.settings.reportsdir}). Failed with: #{e.message}.
|
|
53
55
|
Saving file in #{Proxy::OpenSCAP::Plugin.settings.failed_dir}. Please copy manually to #{Proxy::OpenSCAP::Plugin.settings.reportsdir}"
|
|
54
56
|
{ :result => 'Storage failure on proxy, see proxy logs for details' }.to_json
|
|
55
57
|
rescue Nokogiri::XML::SyntaxError => e
|
|
56
58
|
error = "Failed to parse Arf Report, moving to #{Proxy::OpenSCAP::Plugin.settings.corrupted_dir}"
|
|
57
59
|
logger.error error
|
|
58
|
-
Proxy::OpenSCAP::
|
|
60
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.corrupted_dir, @cn, policy, @reported_at).store_corrupted(request.body.string)
|
|
59
61
|
{ :result => (error << ' on proxy') }.to_json
|
|
60
62
|
rescue *HTTP_ERRORS => e
|
|
61
63
|
### If the upload to foreman fails then store it in the spooldir
|
|
62
64
|
msg = "Failed to upload to Foreman, saving in spool. Failed with: #{e.message}"
|
|
63
65
|
logger.error msg
|
|
64
|
-
Proxy::OpenSCAP::
|
|
66
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.spooldir, @cn, policy, @reported_at).store_spool(request.body.string)
|
|
65
67
|
{ :result => msg }.to_json
|
|
66
68
|
rescue Proxy::OpenSCAP::StoreSpoolError => e
|
|
67
69
|
log_halt 500, e.message
|
|
@@ -70,10 +72,26 @@ module Proxy::OpenSCAP
|
|
|
70
72
|
end
|
|
71
73
|
end
|
|
72
74
|
|
|
75
|
+
post "/oval_reports/:oval_policy_id" do
|
|
76
|
+
ForemanOvalForwarder.new.post_report(@cn, params[:oval_policy_id], @reported_at, request.body.string, Plugin.settings.timeout)
|
|
77
|
+
|
|
78
|
+
{ :reported_at => Time.at(@reported_at) }.to_json
|
|
79
|
+
rescue *HTTP_ERRORS => e
|
|
80
|
+
msg = "Failed to upload to Foreman, failed with: #{e.message}"
|
|
81
|
+
logger.error e
|
|
82
|
+
{ :result => msg }.to_json
|
|
83
|
+
rescue Nokogiri::XML::SyntaxError => e
|
|
84
|
+
logger.error e
|
|
85
|
+
{ :result => 'Failed to parse OVAL report, see proxy logs for details' }.to_json
|
|
86
|
+
rescue Proxy::OpenSCAP::ReportUploadError, Proxy::OpenSCAP::ReportDecompressError => e
|
|
87
|
+
{ :result => e.message }.to_json
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
|
|
73
91
|
get "/arf/:id/:cname/:date/:digest/xml" do
|
|
74
92
|
content_type 'application/x-bzip2'
|
|
75
93
|
begin
|
|
76
|
-
Proxy::OpenSCAP::
|
|
94
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.reportsdir, params[:cname], params[:id], params[:date]).get_arf_xml(params[:digest])
|
|
77
95
|
rescue FileNotFound => e
|
|
78
96
|
log_halt 500, "Could not find requested file, #{e.message}"
|
|
79
97
|
end
|
|
@@ -81,7 +99,7 @@ module Proxy::OpenSCAP
|
|
|
81
99
|
|
|
82
100
|
delete "/arf/:id/:cname/:date/:digest" do
|
|
83
101
|
begin
|
|
84
|
-
Proxy::OpenSCAP::
|
|
102
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.reportsdir, params[:cname], params[:id], params[:date]).delete_arf_file
|
|
85
103
|
rescue FileNotFound => e
|
|
86
104
|
logger.debug "Could not find requested file, #{e.message} - Assuming deleted"
|
|
87
105
|
end
|
|
@@ -100,32 +118,34 @@ module Proxy::OpenSCAP
|
|
|
100
118
|
get "/policies/:policy_id/content/:digest" do
|
|
101
119
|
content_type 'application/xml'
|
|
102
120
|
begin
|
|
103
|
-
Proxy::OpenSCAP::
|
|
121
|
+
Proxy::OpenSCAP::FetchScapFile.new(:scap_content)
|
|
122
|
+
.fetch(params[:policy_id], params[:digest], Proxy::OpenSCAP::Plugin.settings.contentdir)
|
|
104
123
|
rescue *HTTP_ERRORS => e
|
|
105
|
-
log_halt e.response.code.to_i,
|
|
124
|
+
log_halt e.response.code.to_i, file_not_found_msg
|
|
106
125
|
rescue StandardError => e
|
|
107
126
|
log_halt 500, "Error occurred: #{e.message}"
|
|
108
127
|
end
|
|
109
128
|
end
|
|
110
129
|
|
|
111
|
-
get "/policies/:policy_id/
|
|
130
|
+
get "/policies/:policy_id/tailoring/:digest" do
|
|
112
131
|
content_type 'application/xml'
|
|
113
|
-
logger.warn 'DEPRECATION WARNING: /policies/:policy_id/content/:digest should be used, please update foreman_openscap'
|
|
114
132
|
begin
|
|
115
|
-
Proxy::OpenSCAP::
|
|
133
|
+
Proxy::OpenSCAP::FetchScapFile.new(:tailoring_file)
|
|
134
|
+
.fetch(params[:policy_id], params[:digest], Proxy::OpenSCAP::Plugin.settings.tailoring_dir)
|
|
116
135
|
rescue *HTTP_ERRORS => e
|
|
117
|
-
log_halt e.response.code.to_i,
|
|
136
|
+
log_halt e.response.code.to_i, file_not_found_msg
|
|
118
137
|
rescue StandardError => e
|
|
119
138
|
log_halt 500, "Error occurred: #{e.message}"
|
|
120
139
|
end
|
|
121
140
|
end
|
|
122
141
|
|
|
123
|
-
get "/
|
|
124
|
-
content_type 'application/
|
|
142
|
+
get "/oval_policies/:oval_policy_id/oval_content/:digest" do
|
|
143
|
+
content_type 'application/x-bzip2'
|
|
125
144
|
begin
|
|
126
|
-
Proxy::OpenSCAP::
|
|
127
|
-
|
|
128
|
-
|
|
145
|
+
Proxy::OpenSCAP::FetchScapFile.new(:oval_content)
|
|
146
|
+
.fetch(params[:oval_policy_id], params[:digest], Proxy::OpenSCAP::Plugin.settings.oval_content_dir)
|
|
147
|
+
rescue *HTTP => e
|
|
148
|
+
log_halt e.response.code.to_i, file_not_found_msg
|
|
129
149
|
rescue StandardError => e
|
|
130
150
|
log_halt 500, "Error occurred: #{e.message}"
|
|
131
151
|
end
|
|
@@ -173,7 +193,7 @@ module Proxy::OpenSCAP
|
|
|
173
193
|
|
|
174
194
|
get "/spool_errors" do
|
|
175
195
|
begin
|
|
176
|
-
Proxy::OpenSCAP::
|
|
196
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.corrupted_dir, nil, nil, nil).spool_errors.to_json
|
|
177
197
|
rescue StandardError => e
|
|
178
198
|
log_halt 500, "Error occurred: #{e.message}"
|
|
179
199
|
end
|
|
@@ -190,5 +210,9 @@ module Proxy::OpenSCAP
|
|
|
190
210
|
log_halt 500, "Error occurred: #{e.message}"
|
|
191
211
|
end
|
|
192
212
|
end
|
|
213
|
+
|
|
214
|
+
def file_not_found_msg
|
|
215
|
+
"File not found on Foreman. Wrong policy id?"
|
|
216
|
+
end
|
|
193
217
|
end
|
|
194
218
|
end
|
|
@@ -30,7 +30,7 @@ module Proxy
|
|
|
30
30
|
|
|
31
31
|
def file_path_in_storage
|
|
32
32
|
path_to_dir = Proxy::OpenSCAP::Plugin.settings.reportsdir
|
|
33
|
-
storage = Proxy::OpenSCAP::
|
|
33
|
+
storage = Proxy::OpenSCAP::StorageFs.new(path_to_dir, @cname, @id, @date)
|
|
34
34
|
storage.get_path(@digest)
|
|
35
35
|
end
|
|
36
36
|
end
|
|
@@ -14,15 +14,15 @@ module Proxy::OpenSCAP
|
|
|
14
14
|
|
|
15
15
|
post_to_foreman = ForemanForwarder.new.post_arf_report(cn, policy, date, request.body.string, Proxy::OpenSCAP::Plugin.settings.timeout)
|
|
16
16
|
begin
|
|
17
|
-
Proxy::OpenSCAP::
|
|
17
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.reportsdir, cn, post_to_foreman['id'], date).store_archive(request.body.string)
|
|
18
18
|
rescue Proxy::OpenSCAP::StoreReportError => e
|
|
19
|
-
Proxy::OpenSCAP::
|
|
19
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.failed_dir, cn, post_to_foreman['id'], date).store_failed(request.body.string)
|
|
20
20
|
logger.error "Failed to save Report in reports directory (#{Proxy::OpenSCAP::Plugin.settings.reportsdir}). Failed with: #{e.message}.
|
|
21
21
|
Saving file in #{Proxy::OpenSCAP::Plugin.settings.failed_dir}. Please copy manually to #{Proxy::OpenSCAP::Plugin.settings.reportsdir}"
|
|
22
22
|
rescue *HTTP_ERRORS => e
|
|
23
23
|
### If the upload to foreman fails then store it in the spooldir
|
|
24
24
|
logger.error "Failed to upload to Foreman, saving in spool. Failed with: #{e.message}"
|
|
25
|
-
Proxy::OpenSCAP::
|
|
25
|
+
Proxy::OpenSCAP::StorageFs.new(Proxy::OpenSCAP::Plugin.settings.spooldir, cn, policy, date).store_spool(request.body.string)
|
|
26
26
|
rescue Proxy::OpenSCAP::StoreSpoolError => e
|
|
27
27
|
log_halt 500, e.message
|
|
28
28
|
end
|
|
@@ -16,16 +16,18 @@ require 'proxy/error'
|
|
|
16
16
|
require 'yaml'
|
|
17
17
|
require 'ostruct'
|
|
18
18
|
require 'proxy/request'
|
|
19
|
-
require 'smart_proxy_openscap/
|
|
20
|
-
require 'smart_proxy_openscap/
|
|
19
|
+
require 'smart_proxy_openscap/foreman_arf_forwarder'
|
|
20
|
+
require 'smart_proxy_openscap/foreman_oval_forwarder'
|
|
21
21
|
require 'smart_proxy_openscap/content_parser'
|
|
22
22
|
require 'smart_proxy_openscap/openscap_exception'
|
|
23
23
|
require 'smart_proxy_openscap/arf_parser'
|
|
24
24
|
require 'smart_proxy_openscap/spool_forwarder'
|
|
25
25
|
require 'smart_proxy_openscap/openscap_html_generator'
|
|
26
|
-
require 'smart_proxy_openscap/fetch_tailoring_file'
|
|
27
26
|
require 'smart_proxy_openscap/policy_parser'
|
|
28
27
|
require 'smart_proxy_openscap/profiles_parser'
|
|
28
|
+
require 'smart_proxy_openscap/oval_report_storage_fs'
|
|
29
|
+
require 'smart_proxy_openscap/oval_report_parser'
|
|
30
|
+
require 'smart_proxy_openscap/fetch_scap_file'
|
|
29
31
|
|
|
30
32
|
module Proxy::OpenSCAP
|
|
31
33
|
extend ::Proxy::Log
|
|
@@ -22,6 +22,7 @@ module Proxy::OpenSCAP
|
|
|
22
22
|
:contentdir => File.join(APP_ROOT, 'openscap/content'),
|
|
23
23
|
:reportsdir => File.join(APP_ROOT, 'openscap/reports'),
|
|
24
24
|
:failed_dir => File.join(APP_ROOT, 'openscap/failed'),
|
|
25
|
-
:tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
|
|
25
|
+
:tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring'),
|
|
26
|
+
:oval_content_dir => File.join(APP_ROOT, 'openscap/oval_content')
|
|
26
27
|
end
|
|
27
28
|
end
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
require 'smart_proxy_openscap/openscap_exception'
|
|
2
|
+
require 'openscap_parser/oval_report'
|
|
3
|
+
|
|
4
|
+
module Proxy::OpenSCAP
|
|
5
|
+
class OvalReportParser
|
|
6
|
+
include Proxy::Log
|
|
7
|
+
|
|
8
|
+
def parse_cves(report_data)
|
|
9
|
+
report = oval_report report_data
|
|
10
|
+
results = report.definition_results.reduce({}) do |memo, result|
|
|
11
|
+
memo.tap { |acc| acc[result.definition_id] = parse_cve_res result }
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
report.definitions.map do |definition|
|
|
15
|
+
results[definition.id].merge(parse_cve_def definition)
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
private
|
|
20
|
+
|
|
21
|
+
def parse_cve_def(definition)
|
|
22
|
+
refs = definition.references.reduce([]) do |memo, ref|
|
|
23
|
+
memo.tap { |acc| acc << { :ref_id => ref.ref_id, :ref_url => ref.ref_url } }
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
{ :references => refs, :definition_id => definition.id }
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def parse_cve_res(result)
|
|
30
|
+
{ :result => result.result }
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def oval_report(report_data)
|
|
34
|
+
decompressed = decompress report_data
|
|
35
|
+
::OpenscapParser::OvalReport.new(decompressed)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def decompress(report_data)
|
|
39
|
+
begin
|
|
40
|
+
file = Tempfile.new
|
|
41
|
+
file.write report_data
|
|
42
|
+
file.rewind
|
|
43
|
+
decompressed = `bunzip2 -dc #{file.path}`
|
|
44
|
+
rescue => e
|
|
45
|
+
logger.error e
|
|
46
|
+
raise Proxy::OpenSCAP::ReportDecompressError, "Failed to decompress received report bzip, cause: #{e.message}"
|
|
47
|
+
ensure
|
|
48
|
+
file.close
|
|
49
|
+
file.unlink
|
|
50
|
+
end
|
|
51
|
+
decompressed
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
require 'smart_proxy_openscap/storage_fs_common'
|
|
2
|
+
require 'smart_proxy_openscap/openscap_exception'
|
|
3
|
+
|
|
4
|
+
module Proxy::OpenSCAP
|
|
5
|
+
class OvalReportStorageFs
|
|
6
|
+
include StorageFsCommon
|
|
7
|
+
|
|
8
|
+
def initialize(path_to_dir, oval_policy_id, cname, reported_at)
|
|
9
|
+
@namespace = 'oval'
|
|
10
|
+
@reported_at = reported_at
|
|
11
|
+
@path = "#{path_to_dir}/#{@namespace}/#{oval_policy_id}/#{cname}/"
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def store_report(report_data)
|
|
15
|
+
store(report_data, StoreReportError)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
private
|
|
19
|
+
|
|
20
|
+
def store_file(path_to_store, report_data)
|
|
21
|
+
target_path = "#{path_to_store}#{@reported_at}"
|
|
22
|
+
File.open(target_path, 'w') { |f| f.write(report_data) }
|
|
23
|
+
target_path
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
@@ -52,13 +52,13 @@ module Proxy::OpenSCAP
|
|
|
52
52
|
|
|
53
53
|
def forward_arf_file(cname, policy_id, date, arf_file_path)
|
|
54
54
|
data = File.open(arf_file_path, 'rb') { |io| io.read }
|
|
55
|
-
post_to_foreman =
|
|
56
|
-
Proxy::OpenSCAP::
|
|
55
|
+
post_to_foreman = ForemanArfForwarder.new.post_report(cname, policy_id, date, data, @loaded_settings.timeout)
|
|
56
|
+
Proxy::OpenSCAP::StorageFs.new(@loaded_settings.reportsdir, cname, post_to_foreman['id'], date).store_archive(data)
|
|
57
57
|
File.delete arf_file_path
|
|
58
58
|
rescue Nokogiri::XML::SyntaxError, Proxy::OpenSCAP::ReportDecompressError => e
|
|
59
59
|
logger.error "Failed to parse Arf Report at #{arf_file_path}, moving to #{@loaded_settings.corrupted_dir}"
|
|
60
60
|
|
|
61
|
-
Proxy::OpenSCAP::
|
|
61
|
+
Proxy::OpenSCAP::StorageFs.new(@loaded_settings.corrupted_dir, cname, policy_id, date).
|
|
62
62
|
move_corrupted(arf_file_path.split('/').last, @loaded_settings.spooldir)
|
|
63
63
|
rescue Proxy::OpenSCAP::ReportUploadError => e
|
|
64
64
|
logger.error "Failed to upload Arf Report at #{arf_file_path}, cause: #{e.message}, the report will be deleted."
|
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
require 'pathname'
|
|
2
2
|
require 'smart_proxy_openscap/storage'
|
|
3
|
+
require 'smart_proxy_openscap/storage_fs_common'
|
|
3
4
|
|
|
4
5
|
module Proxy::OpenSCAP
|
|
5
|
-
class
|
|
6
|
+
class StorageFs < Storage
|
|
7
|
+
include StorageFsCommon
|
|
8
|
+
|
|
6
9
|
def store_archive(data)
|
|
7
10
|
store(data, StoreReportError)
|
|
8
11
|
end
|
|
@@ -57,9 +60,9 @@ module Proxy::OpenSCAP
|
|
|
57
60
|
|
|
58
61
|
private
|
|
59
62
|
|
|
60
|
-
def
|
|
63
|
+
def store_file(path_to_store, data)
|
|
61
64
|
filename = Digest::SHA256.hexdigest data
|
|
62
|
-
target_path =
|
|
65
|
+
target_path = path_to_store + filename
|
|
63
66
|
File.open(target_path,'w') { |f| f.write(data) }
|
|
64
67
|
target_path
|
|
65
68
|
end
|
|
@@ -91,7 +94,7 @@ module Proxy::OpenSCAP
|
|
|
91
94
|
end
|
|
92
95
|
|
|
93
96
|
begin
|
|
94
|
-
target_path =
|
|
97
|
+
target_path = store_file(@path, data)
|
|
95
98
|
rescue StandardError => e
|
|
96
99
|
raise error_type, "Could not store file: #{e.message}"
|
|
97
100
|
end
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module Proxy::OpenSCAP
|
|
2
|
+
module StorageFsCommon
|
|
3
|
+
include ::Proxy::Log
|
|
4
|
+
|
|
5
|
+
private
|
|
6
|
+
|
|
7
|
+
def create_directory
|
|
8
|
+
begin
|
|
9
|
+
FileUtils.mkdir_p @path
|
|
10
|
+
rescue StandardError => e
|
|
11
|
+
logger.error "Could not create '#{@path}' directory: #{e.message}"
|
|
12
|
+
raise e
|
|
13
|
+
end
|
|
14
|
+
@path
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def move(source, error_type)
|
|
18
|
+
begin
|
|
19
|
+
create_directory
|
|
20
|
+
FileUtils.mv source, @path
|
|
21
|
+
rescue StandardError => e
|
|
22
|
+
raise error_type, "Could not move file: #{e.message}"
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def store(data, error_type)
|
|
27
|
+
begin
|
|
28
|
+
create_directory
|
|
29
|
+
rescue StandardError => e
|
|
30
|
+
raise error_type, "Could not fulfill request: #{e.message}"
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
begin
|
|
34
|
+
target_path = store_file(@path, data)
|
|
35
|
+
rescue StandardError => e
|
|
36
|
+
raise error_type, "Could not store file: #{e.message}"
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
logger.debug "File #{target_path} stored in reports dir."
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -31,3 +31,6 @@
|
|
|
31
31
|
# Affects sending reports to Foreman (directly and from spool) and fetching scap content or tailoring file
|
|
32
32
|
# for distribution to clients
|
|
33
33
|
#:timeout: 60
|
|
34
|
+
|
|
35
|
+
# Directory where OpenSCAP OVAL content bzipped XML are stored
|
|
36
|
+
#:oval_content_dir: /var/lib/openscap/oval_content
|
|
@@ -21,6 +21,5 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
s.add_development_dependency('mocha')
|
|
22
22
|
s.add_development_dependency('webmock')
|
|
23
23
|
s.add_dependency 'openscap', '~> 0.4.7'
|
|
24
|
-
|
|
25
|
-
s.add_dependency 'openscap_parser', '~> 1.0.1'
|
|
24
|
+
s.add_dependency 'openscap_parser', '~> 1.0.2'
|
|
26
25
|
end
|
|
Binary file
|
|
Binary file
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
require 'smart_proxy_openscap'
|
|
3
|
+
require 'smart_proxy_openscap/openscap_api'
|
|
4
|
+
|
|
5
|
+
ENV['RACK_ENV'] = 'test'
|
|
6
|
+
|
|
7
|
+
class FetchOvalContentApiTest < Test::Unit::TestCase
|
|
8
|
+
include Rack::Test::Methods
|
|
9
|
+
|
|
10
|
+
def setup
|
|
11
|
+
@foreman_url = 'https://foreman.example.com'
|
|
12
|
+
@fixture_path = "/test/data/rhel-7-including-unpatched.oval.xml.bz2"
|
|
13
|
+
@fixture_full_path = File.join(Dir.getwd, @fixture_path)
|
|
14
|
+
Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
|
|
15
|
+
@results_path = ("#{Dir.getwd}/test/test_run_files")
|
|
16
|
+
FileUtils.mkdir_p(@results_path)
|
|
17
|
+
Proxy::OpenSCAP::Plugin.settings.stubs(:oval_content_dir).returns(@results_path)
|
|
18
|
+
@oval_content = File.new(@fixture_full_path).read
|
|
19
|
+
@digest = Digest::SHA256.hexdigest @oval_content
|
|
20
|
+
@policy_id = 1
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def teardown
|
|
24
|
+
FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def app
|
|
28
|
+
::Proxy::OpenSCAP::Api.new
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def test_get_oval_content_from_file
|
|
32
|
+
FileUtils.mkdir("#{@results_path}/#{@policy_id}")
|
|
33
|
+
FileUtils.cp(@fixture_full_path, "#{@results_path}/#{@policy_id}/#{@digest}.oval.xml.bz2")
|
|
34
|
+
get "/oval_policies/#{@policy_id}/oval_content/#{@digest}"
|
|
35
|
+
assert_equal("application/x-bzip2", last_response.header["Content-Type"], "Response header should be application/x-bzip2")
|
|
36
|
+
assert(last_response.successful?, "Response should be success")
|
|
37
|
+
end
|
|
38
|
+
end
|
data/test/fetch_scap_api_test.rb
CHANGED
|
@@ -54,7 +54,7 @@ class FetchScapApiTest < Test::Unit::TestCase
|
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
def test_get_scap_content_permissions
|
|
57
|
-
Proxy::OpenSCAP::
|
|
57
|
+
Proxy::OpenSCAP::FetchScapFile.any_instance.stubs(:fetch).raises(Errno::EACCES)
|
|
58
58
|
stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
|
|
59
59
|
get "/policies/#{@policy_id}/content/#{@digest}"
|
|
60
60
|
assert_equal(500, last_response.status, "No permissions should raise error 500")
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
require 'smart_proxy_openscap'
|
|
3
|
+
require 'smart_proxy_openscap/oval_report_parser'
|
|
4
|
+
|
|
5
|
+
class OvalReportParserTest < Test::Unit::TestCase
|
|
6
|
+
|
|
7
|
+
def test_oval_report_parsing
|
|
8
|
+
oval_report = File.open("#{Dir.getwd}/test/data/oval-results.xml.bz2").read
|
|
9
|
+
res = Proxy::OpenSCAP::OvalReportParser.new.parse_cves oval_report
|
|
10
|
+
refute res.empty?
|
|
11
|
+
assert res.first[:result]
|
|
12
|
+
refute res.first[:references].empty?
|
|
13
|
+
end
|
|
14
|
+
end
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
require 'smart_proxy_openscap'
|
|
3
|
+
require 'smart_proxy_openscap/openscap_api'
|
|
4
|
+
|
|
5
|
+
ENV['RACK_ENV'] = 'test'
|
|
6
|
+
|
|
7
|
+
class PostOvalReportApiTest < Test::Unit::TestCase
|
|
8
|
+
include Rack::Test::Methods
|
|
9
|
+
|
|
10
|
+
setup do
|
|
11
|
+
@foreman_url = 'https://foreman.example.com'
|
|
12
|
+
Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
|
|
13
|
+
@oval_report = File.open("#{Dir.getwd}/test/data/oval-results.xml.bz2").read
|
|
14
|
+
@cname = 'node.example.org'
|
|
15
|
+
@date = Time.now.to_i
|
|
16
|
+
@policy_id = 1
|
|
17
|
+
Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def app
|
|
21
|
+
::Proxy::OpenSCAP::Api.new
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def test_post_oval_report_to_foreman
|
|
25
|
+
stub_request(:post, "#{@foreman_url}/api/v2/compliance/oval_reports/#{@cname}/#{@policy_id}/#{@date}")
|
|
26
|
+
.to_return(:status => 200, :body => '{ "result": "ok" }')
|
|
27
|
+
post "/oval_reports/#{@policy_id}", @oval_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
|
28
|
+
assert(last_response.successful?, "Should be a success")
|
|
29
|
+
end
|
|
30
|
+
end
|
|
@@ -58,7 +58,7 @@ class OpenSCAPApiTest < Test::Unit::TestCase
|
|
|
58
58
|
def test_fail_save_file_should_raise_error
|
|
59
59
|
@policy_id = 2
|
|
60
60
|
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}").to_return(:status => 500, :body => "{\"result\":\"server error\"}")
|
|
61
|
-
Proxy::OpenSCAP::
|
|
61
|
+
Proxy::OpenSCAP::StorageFs.any_instance.stubs(:create_directory).raises(StandardError)
|
|
62
62
|
post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
|
63
63
|
assert(last_response.server_error?, "Should return 500")
|
|
64
64
|
refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
|
|
@@ -67,7 +67,7 @@ class OpenSCAPApiTest < Test::Unit::TestCase
|
|
|
67
67
|
def test_success_post_fail_save_should_save_spool
|
|
68
68
|
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
|
|
69
69
|
.to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
|
|
70
|
-
Proxy::OpenSCAP::
|
|
70
|
+
Proxy::OpenSCAP::StorageFs.any_instance.stubs(:store_archive).raises(Proxy::OpenSCAP::StoreReportError)
|
|
71
71
|
post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
|
72
72
|
refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should not be in spool directory")
|
|
73
73
|
refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_openscap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Šimon Lukašík
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2021-
|
|
13
|
+
date: 2021-05-18 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rake
|
|
@@ -88,14 +88,14 @@ dependencies:
|
|
|
88
88
|
requirements:
|
|
89
89
|
- - "~>"
|
|
90
90
|
- !ruby/object:Gem::Version
|
|
91
|
-
version: 1.0.
|
|
91
|
+
version: 1.0.2
|
|
92
92
|
type: :runtime
|
|
93
93
|
prerelease: false
|
|
94
94
|
version_requirements: !ruby/object:Gem::Requirement
|
|
95
95
|
requirements:
|
|
96
96
|
- - "~>"
|
|
97
97
|
- !ruby/object:Gem::Version
|
|
98
|
-
version: 1.0.
|
|
98
|
+
version: 1.0.2
|
|
99
99
|
description: |-
|
|
100
100
|
A plug-in to the Foreman's smart-proxy which receives
|
|
101
101
|
bzip2ed ARF files and forwards them to the Foreman.
|
|
@@ -124,9 +124,10 @@ files:
|
|
|
124
124
|
- lib/smart_proxy_openscap/arf_parser.rb
|
|
125
125
|
- lib/smart_proxy_openscap/content_parser.rb
|
|
126
126
|
- lib/smart_proxy_openscap/fetch_file.rb
|
|
127
|
-
- lib/smart_proxy_openscap/
|
|
128
|
-
- lib/smart_proxy_openscap/
|
|
127
|
+
- lib/smart_proxy_openscap/fetch_scap_file.rb
|
|
128
|
+
- lib/smart_proxy_openscap/foreman_arf_forwarder.rb
|
|
129
129
|
- lib/smart_proxy_openscap/foreman_forwarder.rb
|
|
130
|
+
- lib/smart_proxy_openscap/foreman_oval_forwarder.rb
|
|
130
131
|
- lib/smart_proxy_openscap/http_config.ru
|
|
131
132
|
- lib/smart_proxy_openscap/openscap_api.rb
|
|
132
133
|
- lib/smart_proxy_openscap/openscap_exception.rb
|
|
@@ -134,6 +135,8 @@ files:
|
|
|
134
135
|
- lib/smart_proxy_openscap/openscap_import_api.rb
|
|
135
136
|
- lib/smart_proxy_openscap/openscap_lib.rb
|
|
136
137
|
- lib/smart_proxy_openscap/openscap_plugin.rb
|
|
138
|
+
- lib/smart_proxy_openscap/oval_report_parser.rb
|
|
139
|
+
- lib/smart_proxy_openscap/oval_report_storage_fs.rb
|
|
137
140
|
- lib/smart_proxy_openscap/policy_guide.rb
|
|
138
141
|
- lib/smart_proxy_openscap/policy_parser.rb
|
|
139
142
|
- lib/smart_proxy_openscap/profiles_parser.rb
|
|
@@ -141,11 +144,14 @@ files:
|
|
|
141
144
|
- lib/smart_proxy_openscap/spool_forwarder.rb
|
|
142
145
|
- lib/smart_proxy_openscap/storage.rb
|
|
143
146
|
- lib/smart_proxy_openscap/storage_fs.rb
|
|
147
|
+
- lib/smart_proxy_openscap/storage_fs_common.rb
|
|
144
148
|
- lib/smart_proxy_openscap/version.rb
|
|
145
149
|
- settings.d/openscap.yml.example
|
|
146
150
|
- smart_proxy_openscap.gemspec
|
|
147
151
|
- test/data/arf_report
|
|
148
152
|
- test/data/corrupted_arf_report
|
|
153
|
+
- test/data/oval-results.xml.bz2
|
|
154
|
+
- test/data/rhel-7-including-unpatched.oval.xml.bz2
|
|
149
155
|
- test/data/spool/cleanup_spool/arf/2c101b95-033f-4b15-b490-f50bf9090dae/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
|
150
156
|
- test/data/spool/cleanup_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
|
151
157
|
- test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/a4dfba5db27b21795e6fa401b8dce7a70faeb25b7963891f07f6f4baaf052afb
|
|
@@ -154,9 +160,12 @@ files:
|
|
|
154
160
|
- test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
|
155
161
|
- test/data/ssg-rhel7-ds.xml
|
|
156
162
|
- test/data/tailoring.xml
|
|
163
|
+
- test/fetch_oval_content_api_test.rb
|
|
157
164
|
- test/fetch_scap_api_test.rb
|
|
158
165
|
- test/fetch_tailoring_api_test.rb
|
|
159
166
|
- test/get_report_xml_html_test.rb
|
|
167
|
+
- test/oval_report_parser_test.rb
|
|
168
|
+
- test/post_oval_report_api_test.rb
|
|
160
169
|
- test/post_report_api_test.rb
|
|
161
170
|
- test/scap_content_parser_api_test.rb
|
|
162
171
|
- test/script_class_test.rb
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
require 'smart_proxy_openscap/fetch_file'
|
|
2
|
-
|
|
3
|
-
module Proxy::OpenSCAP
|
|
4
|
-
class FetchScapContent < FetchFile
|
|
5
|
-
def get_policy_content(policy_id, digest)
|
|
6
|
-
policy_store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.contentdir), policy_id.to_s)
|
|
7
|
-
policy_scap_file = File.join(policy_store_dir, "#{policy_id}_#{digest}.xml")
|
|
8
|
-
file_download_path = "api/v2/compliance/policies/#{policy_id}/content"
|
|
9
|
-
|
|
10
|
-
create_store_dir policy_store_dir
|
|
11
|
-
|
|
12
|
-
scap_file = policy_content_file(policy_scap_file)
|
|
13
|
-
clean_store_folder(policy_store_dir) unless scap_file
|
|
14
|
-
scap_file ||= save_or_serve_scap_file(policy_scap_file, file_download_path)
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
end
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
require 'smart_proxy_openscap/fetch_file'
|
|
2
|
-
|
|
3
|
-
module Proxy::OpenSCAP
|
|
4
|
-
class FetchTailoringFile < FetchFile
|
|
5
|
-
def get_tailoring_file(policy_id, digest)
|
|
6
|
-
store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.tailoring_dir), policy_id.to_s)
|
|
7
|
-
policy_tailoring_file = File.join(store_dir, "#{policy_id}_#{digest}.xml")
|
|
8
|
-
file_download_path = "api/v2/compliance/policies/#{policy_id}/tailoring"
|
|
9
|
-
|
|
10
|
-
create_store_dir store_dir
|
|
11
|
-
|
|
12
|
-
scap_file = policy_content_file(policy_tailoring_file)
|
|
13
|
-
clean_store_folder(store_dir) unless scap_file
|
|
14
|
-
scap_file ||= save_or_serve_scap_file(policy_tailoring_file, file_download_path)
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
end
|