Class: Utils::InspecUtil

Inherits:

Object

• Object
• Utils::InspecUtil

Defined in:

lib/utilities/inspec_util.rb,
lib/exceptions/impact_input_error.rb,
lib/exceptions/severity_input_error.rb

Defined Under Namespace

Classes: ImpactInputError, SeverityInputError

Constant Summary

WIDTH =

80

IMPACT_SCORES =

{
  'none' => 0.0,
  'low' => 0.1,
  'medium' => 0.4,
  'high' => 0.7,
  'critical' => 0.9
}.freeze

Class Method Summary

• .control_finding_details(control, control_clk_status) ⇒ Object
• .control_status(control, for_summary = false) ⇒ Object
• .get_impact(severity, use_cvss_terms: true) ⇒ Object

  ‘impact’ level.

• .get_impact_string(impact, use_cvss_terms: true) ⇒ Object
• .get_platform(json) ⇒ Object
• .parse_data_for_ckl(json) ⇒ Object
• .to_dotted_hash(hash, recursive_key = '') ⇒ Object
• .unpack_inspec_json(directory, inspec_json, separated, output_format) ⇒ Object

Instance Method Summary

• #get_impact(severity) ⇒ Object

  Takes in the STIG severity tag and converts it to the InSpec #impact control tag.

Class Method Details

.control_finding_details(control, control_clk_status) ⇒ Object

# File 'lib/utilities/inspec_util.rb', line 114

def self.control_finding_details(control, control_clk_status)
  result = "One or more of the automated tests failed or was inconclusive for the control \n\n #{control[:message].sort.join}" if control_clk_status == 'Open'
  result = "All Automated tests passed for the control \n\n #{control[:message].join}" if control_clk_status == 'NotAFinding'
  result = "Automated test skipped due to known accepted condition in the control : \n\n#{control[:message].join}" if control_clk_status == 'Not_Reviewed'
  result = "Justification: \n #{control[:message].join}" if control_clk_status == 'Not_Applicable'
  result = 'No test available or some test errors occurred for this control' if control_clk_status == 'Profile_Error'
  result
end

.control_status(control, for_summary = false) ⇒ Object

# File 'lib/utilities/inspec_util.rb', line 98

def self.control_status(control, for_summary = false)
  status_list = control[:status].uniq
  if control[:impact].to_f.zero?
    'Not_Applicable'
  elsif (status_list.include?('error') || status_list.empty?) && for_summary
    'Profile_Error'
  elsif status_list.include?('failed')
    'Open'
  elsif status_list.include?('passed')
    'NotAFinding'
  else
    # profile skipped or profile error
    'Not_Reviewed'
  end
end

.get_impact(severity, use_cvss_terms: true) ⇒ Object

TODO:

Allow for the user to pass in a hash for the desired mapping of text

‘impact’ level.

mapped to a float between 0.0 - 1.0.

values to numbers or to override our hard coded values.

Parameters:

• severity (String) —

  the string value you want to map to an InSpec

Raises:

• (SeverityInputError)

# File 'lib/utilities/inspec_util.rb', line 139

def self.get_impact(severity, use_cvss_terms: true)
  return float_to_impact(severity, use_cvss_terms) if severity.is_a?(Float)

  return string_to_impact(severity, use_cvss_terms) if severity.is_a?(String)

  raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
                            '1.0 or one of the approved keywords.'
end

.get_impact_string(impact, use_cvss_terms: true) ⇒ Object

# File 'lib/utilities/inspec_util.rb', line 187

def self.get_impact_string(impact, use_cvss_terms: true)
  return if impact.nil?

  value = impact.to_f
  unless value.between?(0, 1)
    raise ImpactInputError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]."
  end

  IMPACT_SCORES.reverse_each do |name, impact_score|
    return 'high' if name == 'critical' && value >= impact_score && use_cvss_terms
    return name if value >= impact_score

    next
  end
end

.get_platform(json) ⇒ Object

# File 'lib/utilities/inspec_util.rb', line 83

def self.get_platform(json)
  json['profiles'].find { |profile| !profile[:platform].nil? }
end

.parse_data_for_ckl(json) ⇒ Object

# File 'lib/utilities/inspec_util.rb', line 27

def self.parse_data_for_ckl(json)
  data = {}

  # Parse for inspec profile results json
  json['profiles'].each do |profile|
    profile['controls'].each do |control|
      c_id = control['id'].to_sym
      data[c_id] = {}

      data[c_id][:vuln_num]       = control['id'] unless control['id'].nil?
      data[c_id][:rule_title]     = control['title'] unless control['title'].nil?
      data[c_id][:vuln_discuss]   = control['desc'] unless control['desc'].nil?

      unless control['tags'].nil?
        data[c_id][:severity]       = control['tags']['severity'] unless control['tags']['severity'].nil?
        data[c_id][:gid]            = control['tags']['gid'] unless control['tags']['gid'].nil?
        data[c_id][:group_title]    = control['tags']['gtitle'] unless control['tags']['gtitle'].nil?
        data[c_id][:rule_id]        = control['tags']['rid'] unless control['tags']['rid'].nil?
        data[c_id][:rule_ver]       = control['tags']['stig_id'] unless control['tags']['stig_id'].nil?
        data[c_id][:cci_ref]        = control['tags']['cci'] unless control['tags']['cci'].nil?
        data[c_id][:nist]           = control['tags']['nist'].join(' ') unless control['tags']['nist'].nil?
      end

      if control['descriptions'].respond_to?(:find)
        data[c_id][:check_content]  = control['descriptions'].find { |c| c['label'] == 'check' }&.dig('data')
        data[c_id][:fix_text]       = control['descriptions'].find { |c| c['label'] == 'fix' }&.dig('data')
      end

      data[c_id][:impact]         = control['impact'].to_s unless control['impact'].nil?
      data[c_id][:profile_name]   = profile['name'].to_s unless profile['name'].nil?
      data[c_id][:profile_shasum] = profile['sha256'].to_s unless profile['sha256'].nil?

      data[c_id][:status] = []
      data[c_id][:message] = []

      if control.key?('results')
        control['results'].each do |result|
          if !result['backtrace'].nil?
            result['status'] = 'error'
          end
          data[c_id][:status].push(result['status'])
          data[c_id][:message].push("SKIPPED -- Test: #{result['code_desc']}\nMessage: #{result['skip_message']}\n") if result['status'] == 'skipped'
          data[c_id][:message].push("FAILED -- Test: #{result['code_desc']}\nMessage: #{result['message']}\n") if result['status'] == 'failed'
          data[c_id][:message].push("PASS -- #{result['code_desc']}\n") if result['status'] == 'passed'
          data[c_id][:message].push("PROFILE_ERROR -- Test: #{result['code_desc']}\nMessage: #{result['backtrace']}\n") if result['status'] == 'error'
        end
      end

      if data[c_id][:impact].to_f.zero?
        data[c_id][:message].unshift("NOT_APPLICABLE -- Description: #{control['desc']}\n\n")
      end
    end
  end
  data
end

.to_dotted_hash(hash, recursive_key = '') ⇒ Object

# File 'lib/utilities/inspec_util.rb', line 87

def self.to_dotted_hash(hash, recursive_key = '')
  hash.each_with_object({}) do |(k, v), ret|
    key = recursive_key + k.to_s
    if v.is_a? Hash
      ret.merge! to_dotted_hash(v, "#{key}.")
    else
      ret[key] = v
    end
  end
end

.unpack_inspec_json(directory, inspec_json, separated, output_format) ⇒ Object

# File 'lib/utilities/inspec_util.rb', line 203

def self.unpack_inspec_json(directory, inspec_json, separated, output_format)
  if directory == 'id'
    directory = inspec_json['name']
  end
  controls = generate_controls(inspec_json)
  unpack_profile(directory || 'profile', controls, separated, output_format || 'json')
  create_inspec_yml(directory || 'profile', inspec_json)
  create_license(directory || 'profile', inspec_json)
  create_readme_md(directory || 'profile', inspec_json)
end

Instance Method Details

#get_impact(severity) ⇒ Object

Takes in the STIG severity tag and converts it to the InSpec #impact control tag. At the moment the mapping is static, so that:

high => 0.7
medium => 0.5
low => 0.3

# File 'lib/utilities/inspec_util.rb', line 139

def self.get_impact(severity, use_cvss_terms: true)
  return float_to_impact(severity, use_cvss_terms) if severity.is_a?(Float)

  return string_to_impact(severity, use_cvss_terms) if severity.is_a?(String)

  raise SeverityInputError, "'#{severity}' is not a valid severity value. It should be a Float between 0.0 and " \
                            '1.0 or one of the approved keywords.'
end