Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added ability to compare new benchmarks to old profiles still using deprecated IDs (V-XXXXXX) #1

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
added update_id function to allow user to ONLY update the control fil…
…enames, so that they can split the filename and file content changes into separate commits

Signed-off-by: Will Dower <wdower@mitre.org>
wdower committed Feb 1, 2022
commit 5f156abe24023f83dfd1e52ee28dec047f2168de
16 changes: 16 additions & 0 deletions lib/inspec_delta/commands/profile.rb
Original file line number Diff line number Diff line change
@@ -18,11 +18,27 @@ class Profile < Thor
desc: 'Sets inspec_delta to use STIG Rule IDs (SV-XXXXXX) as the primary key for comparison between the benchmark and the profile. Set to false to use the Vuln ID (V-XXXXXX) as the comparator.',
type: :boolean,
default: true

def update
prof = InspecDelta::Object::Profile.new(options[:profile_path])
prof.update(options[:stig_file_path], options[:rule_id])
prof.format
end

desc 'update_id', 'Relabel the controls in the profile with the updated IDs from the benchmark. Run this first if the profile uses the old-stlye V-XXXXXX IDs and you want to rename the files with the right IDs in a separate commit.'
method_option :profile_path,
aliases: %w[-p --pr],
desc: 'The path to the directory that contains the profile to modify.',
required: true
method_option :stig_file_path,
aliases: %w[-s --st],
desc: 'The path to the stig file to apply to the profile.',
required: true
def update_id
prof = InspecDelta::Object::Profile.new(options[:profile_path])
prof.update_id(options[:stig_file_path])
prof.format
end
end
end
end
35 changes: 32 additions & 3 deletions lib/inspec_delta/objects/profile.rb
Original file line number Diff line number Diff line change
@@ -48,6 +48,34 @@ def update(stig_file_path, rule_id)
end
end

# Updates ONLY the filenames of the profile's controls metadata with definitions from a STIG xml file
#
# @param [profile_path] String - path to the inspec profile's root directory.
# @param [stig_file_path] String - The STIG file to be applied to profile.
def update_id(stig_file_path)
raise StandardError, "STIG file at #{stig_file_path} not found" unless File.exist?(stig_file_path)
control_dir = "#{@profile_path}/controls"
benchmark = InspecDelta::Parser::Benchmark.get_benchmark(stig_file_path)
benchmark.each do |control_id, control| unless control[:legacy].nil? || control[:legacy].empty?
benchmark_control = InspecDelta::Object::Control.from_benchmark(control)
control_filename = "#{control[:legacy].select{ |x| x.start_with? ('V-') }.first}.rb"
profile_control_path = File.join(File.expand_path(control_dir), control_filename)
#require 'pry'; binding.pry
if File.file?(profile_control_path)
puts "Updating \"#{control_filename}\" ==> \"#{control[:id]}.rb\""
updated_path = profile_control_path.sub(
/[^\/\\]+.rb/,
control[:id] + '.rb'
)
system("cd #{@profile_path} && git mv #{profile_control_path} #{updated_path}")
#require 'pry'; binding.pry
end
end
puts "Done updating."
end
end


# Updates a control file with the updates from the stig
#
# @param [profile_control_path] String - The location of the Inspec profile on disk
@@ -59,11 +87,12 @@ def update_existing_control_file(profile_control_path, benchmark_control)
/[^\/\\]+.rb/,
updated_control[:id] + '.rb'
)

File.open(profile_control_path, 'w') { |f| f.puts updated_control[:control_string] }
if updated_path != profile_control_path
File.rename(profile_control_path, updated_path)
#require 'pry'; binding.pry
system("cd #{@profile_path} && git mv #{profile_control_path} #{updated_path}")
profile_control_path = updated_path
end
File.open(profile_control_path, 'w') { |f| f.puts updated_control[:control_string] }
end

# Creates a control file with the string representation of the benchmark control