Class: AbideDevUtils::XCCDF::Benchmark
- Inherits:
-
Object
- Object
- AbideDevUtils::XCCDF::Benchmark
show all
- Includes:
- Common
- Defined in:
- lib/abide_dev_utils/xccdf.rb
Overview
Class representation of an XCCDF benchmark
Constant Summary
collapse
- CIS_MAP_INDICES =
%w[title hiera_title hiera_title_num number].freeze
- STIG_MAP_INDICES =
%w[vulnid ruleid].freeze
Constants included
from Common
Common::CIS_CONTROL_NUMBER, Common::CIS_CONTROL_PARTS, Common::CIS_LEVEL_CODE, Common::CIS_NEXT_GEN_WINDOWS, Common::CIS_PROFILE_PARTS, Common::CIS_TITLE_MARKER, Common::CONTROL_PARTS, Common::CONTROL_PREFIX, Common::PROFILE_PARTS, Common::STIG_CONTROL_PARTS, Common::STIG_PROFILE_PARTS, Common::STIG_TITLE_MARKER, Common::UNDERSCORED, Common::XPATHS
Instance Attribute Summary collapse
Instance Method Summary
collapse
-
#controls ⇒ Object
-
#controls_by_profile_level(level_code) ⇒ Object
-
#controls_by_profile_title(profile_title) ⇒ Object
-
#facter_benchmark ⇒ Object
-
#facter_platform ⇒ Object
-
#find_cis_recommendation(name, number_format: false) ⇒ Object
-
#gen_map(dir: nil, type: 'cis', parent_key_prefix: '', version_output_dir: false, **_) ⇒ Object
-
#initialize(path) ⇒ Benchmark
constructor
A new instance of Benchmark.
-
#map_indexed(indicies: [], index: 'title', framework: 'cis', key_prefix: '') ⇒ Object
-
#normalized_title ⇒ Object
-
#profile_levels ⇒ Object
-
#profile_titles ⇒ Object
-
#profiles ⇒ Object
-
#resolve_cis_control_reference(control) ⇒ Object
-
#to_h ⇒ Object
-
#to_hiera(parent_key_prefix: nil, num: false, levels: [], titles: [], **_kwargs) ⇒ String
Converts object to Hiera-formatted YAML.
Methods included from Common
#==, #abide_object?, #control_parts, #control_profile_text, #name_normalize_control, #normalize_control_name, #normalize_profile_name, #normalize_string, #number_normalize_control, #profile_parts, #text_normalize, #validate_xccdf, #xpath
Constructor Details
#initialize(path) ⇒ Benchmark
Returns a new instance of Benchmark.
187
188
189
190
191
192
193
194
|
# File 'lib/abide_dev_utils/xccdf.rb', line 187
def initialize(path)
@xml = parse(path)
@xml.remove_namespaces!
@benchmark = xpath('Benchmark')
@title = xpath('Benchmark/title').text
@version = xpath('Benchmark/version').text
@diff_properties = %i[title version profiles]
end
|
Instance Attribute Details
#benchmark ⇒ Object
Returns the value of attribute benchmark.
185
186
187
|
# File 'lib/abide_dev_utils/xccdf.rb', line 185
def benchmark
@benchmark
end
|
#diff_properties ⇒ Object
Returns the value of attribute diff_properties.
185
186
187
|
# File 'lib/abide_dev_utils/xccdf.rb', line 185
def diff_properties
@diff_properties
end
|
#title ⇒ Object
Returns the value of attribute title.
185
186
187
|
# File 'lib/abide_dev_utils/xccdf.rb', line 185
def title
@title
end
|
#version ⇒ Object
Returns the value of attribute version.
185
186
187
|
# File 'lib/abide_dev_utils/xccdf.rb', line 185
def version
@version
end
|
#xml ⇒ Object
Returns the value of attribute xml.
185
186
187
|
# File 'lib/abide_dev_utils/xccdf.rb', line 185
def xml
@xml
end
|
Instance Method Details
#controls ⇒ Object
212
213
214
|
# File 'lib/abide_dev_utils/xccdf.rb', line 212
def controls
@controls ||= Controls.new(xpath('//select'))
end
|
#controls_by_profile_level(level_code) ⇒ Object
216
217
218
|
# File 'lib/abide_dev_utils/xccdf.rb', line 216
def controls_by_profile_level(level_code)
profiles.select { |x| x.level == level_code }.map(&:controls).flatten.uniq
end
|
#controls_by_profile_title(profile_title) ⇒ Object
220
221
222
|
# File 'lib/abide_dev_utils/xccdf.rb', line 220
def controls_by_profile_title(profile_title)
profiles.select { |x| x.title == profile_title }.controls
end
|
#facter_benchmark ⇒ Object
274
275
276
277
|
# File 'lib/abide_dev_utils/xccdf.rb', line 274
def facter_benchmark
id = xpath('Benchmark/@id').text
id.split('_')[0..-2]
end
|
279
280
281
282
283
284
285
286
287
288
289
290
291
|
# File 'lib/abide_dev_utils/xccdf.rb', line 279
def facter_platform
cpe = xpath('Benchmark/platform')[0]['idref'].split(':')
if cpe.length > 4
product_name = cpe[4].split('_')
product_version = cpe[5].split('.') unless cpe[5].nil?
return [product_name[0], product_version[0]] unless product_version[0] == '-'
return [product_name[0], product_name[-1]] if product_version[0] == '-'
end
product = cpe[3].split('_')
[product[0], product[-1]] end
|
#find_cis_recommendation(name, number_format: false) ⇒ Object
244
245
246
247
248
249
250
|
# File 'lib/abide_dev_utils/xccdf.rb', line 244
def find_cis_recommendation(name, number_format: false)
profiles.each do |profile|
profile.controls.each do |ctrl|
return [profile, ctrl] if normalize_control_name(ctrl, number_format: number_format) == name
end
end
end
|
#gen_map(dir: nil, type: 'cis', parent_key_prefix: '', version_output_dir: false, **_) ⇒ Object
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
|
# File 'lib/abide_dev_utils/xccdf.rb', line 224
def gen_map(dir: nil, type: 'cis', parent_key_prefix: '', version_output_dir: false, **_)
case type
when 'cis'
os, ver = facter_platform
indicies = CIS_MAP_INDICES
when 'stig'
os, ver = facter_benchmark
indicies = STIG_MAP_INDICES
end
output_path = [type, os, ver]
output_path.unshift(File.expand_path(dir)) if dir
output_path << version if version_output_dir
mapping_dir = File.expand_path(File.join(output_path))
parent_key_prefix = '' if parent_key_prefix.nil?
indicies.each_with_object({}) do |idx, h|
map_file_path = "#{mapping_dir}/#{idx}.yaml"
h[map_file_path] = map_indexed(indicies: indicies, index: idx, framework: type, key_prefix: parent_key_prefix)
end
end
|
#map_indexed(indicies: [], index: 'title', framework: 'cis', key_prefix: '') ⇒ Object
260
261
262
263
264
265
266
267
268
269
270
271
272
|
# File 'lib/abide_dev_utils/xccdf.rb', line 260
def map_indexed(indicies: [], index: 'title', framework: 'cis', key_prefix: '')
c_map = profiles.each_with_object({}) do |profile, obj|
obj[profile.level.downcase] = {} unless obj[profile.level.downcase].is_a?(Hash)
obj[profile.level.downcase][profile.title.downcase] = map_controls_hash(profile, indicies, index).sort_by do |k, _|
k
end.to_h
end
c_map['benchmark'] = { 'title' => title, 'version' => version }
mappings = [framework, index]
mappings.unshift(key_prefix) unless key_prefix.empty?
{ mappings.join('::') => c_map }.to_yaml
end
|
#normalized_title ⇒ Object
196
197
198
|
# File 'lib/abide_dev_utils/xccdf.rb', line 196
def normalized_title
normalize_string(title)
end
|
#profile_levels ⇒ Object
204
205
206
|
# File 'lib/abide_dev_utils/xccdf.rb', line 204
def profile_levels
@profiles.levels
end
|
#profile_titles ⇒ Object
208
209
210
|
# File 'lib/abide_dev_utils/xccdf.rb', line 208
def profile_titles
@profiles.titles
end
|
#profiles ⇒ Object
200
201
202
|
# File 'lib/abide_dev_utils/xccdf.rb', line 200
def profiles
@profiles ||= Profiles.new(xpath('Benchmark/Profile'), @benchmark)
end
|
#resolve_cis_control_reference(control) ⇒ Object
310
311
312
|
# File 'lib/abide_dev_utils/xccdf.rb', line 310
def resolve_cis_control_reference(control)
xpath("//Rule[@id='#{control.reference}']")
end
|
#to_h ⇒ Object
252
253
254
255
256
257
258
|
# File 'lib/abide_dev_utils/xccdf.rb', line 252
def to_h
{
title: title,
version: version,
profiles: profiles.to_h
}
end
|
#to_hiera(parent_key_prefix: nil, num: false, levels: [], titles: [], **_kwargs) ⇒ String
Converts object to Hiera-formatted YAML
295
296
297
298
299
300
301
302
303
304
305
306
307
308
|
# File 'lib/abide_dev_utils/xccdf.rb', line 295
def to_hiera(parent_key_prefix: nil, num: false, levels: [], titles: [], **_kwargs)
hash = { 'title' => title, 'version' => version }
key_prefix = hiera_parent_key(parent_key_prefix)
profiles.each do |profile|
next unless levels.empty? || levels.include?(profile.level)
next unless titles.empty? || titles.include?(profile.title)
hash[profile.hiera_title] = hiera_controls_for_profile(profile, num)
end
hash.transform_keys! do |k|
[key_prefix, k].join('::').strip
end
hash.to_yaml
end
|