From 53e9976ba76d1fbd5ce20e470a28ceaf002e46f8 Mon Sep 17 00:00:00 2001 From: Kyle Date: Fri, 20 Mar 2020 13:58:28 -0400 Subject: [PATCH] Remove warnings (#minor) (#101) * Remove circular imports to fix warning * Swap encoding to be specified by the Ruby invocation instead of inside the application * Delete root level inspec_tools since its redundant with exe/inspec_tools * Remove unnecessary rubygems import * Remove unnecessary inspec import * Remove dependencies within Gemfile in favor of using the gemspec * Add simplecov to the test suite * Migrate to the inspec objects library --- Gemfile | 5 -- exe/inspec_tools | 2 +- inspec_tools | 1 - inspec_tools.gemspec | 28 +++++----- lib/happy_mapper_tools/stig_checklist.rb | 1 - lib/inspec_tools/cli.rb | 2 +- lib/inspec_tools/csv.rb | 1 - lib/inspec_tools/pdf.rb | 1 - lib/inspec_tools/plugin_cli.rb | 1 - lib/inspec_tools/xccdf.rb | 1 - lib/inspec_tools/xlsx.rb | 3 +- lib/inspec_tools_plugin.rb | 4 +- lib/utilities/inspec_util.rb | 70 ++++++++++++++---------- test/unit/inspec_tools_test.rb | 1 - test/unit/test_helper.rb | 5 +- 15 files changed, 64 insertions(+), 62 deletions(-) delete mode 120000 inspec_tools diff --git a/Gemfile b/Gemfile index feb658b0..b825eda9 100644 --- a/Gemfile +++ b/Gemfile @@ -2,8 +2,3 @@ source "https://rubygems.org" # Specify your gem dependencies in inspec_tools.gemspec gemspec - -gem "codeclimate-test-reporter", group: :test, require: nil -gem "minitest" -gem "nokogiri-happymapper" -gem "macaddr" diff --git a/exe/inspec_tools b/exe/inspec_tools index 1d49574f..294de4fc 100755 --- a/exe/inspec_tools +++ b/exe/inspec_tools @@ -1,4 +1,4 @@ -#!/usr/bin/env ruby +#!/usr/bin/env ruby -E UTF-8 # Trap ^C Signal.trap('INT') { diff --git a/inspec_tools b/inspec_tools deleted file mode 120000 index 144f372c..00000000 --- a/inspec_tools +++ /dev/null @@ -1 +0,0 @@ -exe/inspec_tools \ No newline at end of file diff --git a/inspec_tools.gemspec b/inspec_tools.gemspec index fab76f6e..c36079db 100644 --- a/inspec_tools.gemspec +++ b/inspec_tools.gemspec @@ -31,17 +31,19 @@ Gem::Specification.new do |spec| # rubocop:disable Metrics/BlockLength spec.required_ruby_version = '~> 2.3' - spec.add_dependency 'colorize', '~> 0' - spec.add_dependency 'inspec', ">= 3.0", "< 5.0" - spec.add_dependency 'nokogiri', '~> 1.8' - spec.add_dependency 'nokogiri-happymapper', '~> 0' - spec.add_dependency 'OptionParser', '~> 0' - spec.add_dependency 'pdf-reader', '~> 2.1', '>= 2.1.0' - spec.add_dependency 'roo', '~> 2.8' - spec.add_dependency 'thor', '~> 0.19' - spec.add_dependency 'word_wrap', '~> 1.0', '~> 1.0.0' - spec.add_development_dependency 'bundler', '~> 2.0' - spec.add_development_dependency 'minitest', '~> 5.0' - spec.add_development_dependency 'pry', '~> 0' - spec.add_development_dependency 'rake', '~> 13.0' + spec.add_runtime_dependency 'colorize', '~> 0' + spec.add_runtime_dependency 'inspec-objects' + spec.add_runtime_dependency 'nokogiri', '~> 1.8' + spec.add_runtime_dependency 'nokogiri-happymapper', '~> 0' + spec.add_runtime_dependency 'OptionParser', '~> 0' + spec.add_runtime_dependency 'pdf-reader', '~> 2.1', '>= 2.1.0' + spec.add_runtime_dependency 'roo', '~> 2.8' + spec.add_runtime_dependency 'thor', '~> 0.19' + spec.add_runtime_dependency 'word_wrap', '~> 1.0' + spec.add_development_dependency 'bundler' + spec.add_development_dependency 'minitest' + spec.add_development_dependency 'pry' + spec.add_development_dependency 'rake' + spec.add_development_dependency 'codeclimate-test-reporter' + spec.add_development_dependency 'simplecov' end diff --git a/lib/happy_mapper_tools/stig_checklist.rb b/lib/happy_mapper_tools/stig_checklist.rb index 3d5271cf..6221d40b 100644 --- a/lib/happy_mapper_tools/stig_checklist.rb +++ b/lib/happy_mapper_tools/stig_checklist.rb @@ -79,7 +79,6 @@ class Checklist tag 'CHECKLIST' has_one :asset, Asset, tag: 'ASSET' has_one :stig, Stigs, tag: 'STIGS' - Encoding.default_external = 'UTF-8' def where(attrib, data) stig.istig.vuln.each do |vuln| diff --git a/lib/inspec_tools/cli.rb b/lib/inspec_tools/cli.rb index e8fca129..b24c8a26 100644 --- a/lib/inspec_tools/cli.rb +++ b/lib/inspec_tools/cli.rb @@ -1,7 +1,7 @@ require 'yaml' require 'json' -require 'inspec' +require 'inspec-objects' require_relative 'version' require_relative '../utilities/inspec_util' diff --git a/lib/inspec_tools/csv.rb b/lib/inspec_tools/csv.rb index 10e03894..bdfd0978 100644 --- a/lib/inspec_tools/csv.rb +++ b/lib/inspec_tools/csv.rb @@ -1,6 +1,5 @@ require 'csv' require 'nokogiri' -require 'inspec' require 'word_wrap' require 'yaml' require 'digest' diff --git a/lib/inspec_tools/pdf.rb b/lib/inspec_tools/pdf.rb index 78e3b934..aa54ed86 100644 --- a/lib/inspec_tools/pdf.rb +++ b/lib/inspec_tools/pdf.rb @@ -1,5 +1,4 @@ require 'digest' -require 'inspec' require_relative '../utilities/inspec_util' require_relative '../utilities/extract_pdf_text' diff --git a/lib/inspec_tools/plugin_cli.rb b/lib/inspec_tools/plugin_cli.rb index b1fdda3a..406fcf32 100644 --- a/lib/inspec_tools/plugin_cli.rb +++ b/lib/inspec_tools/plugin_cli.rb @@ -1,7 +1,6 @@ require 'yaml' require 'json' -require 'inspec' require 'roo' require_relative 'version' diff --git a/lib/inspec_tools/xccdf.rb b/lib/inspec_tools/xccdf.rb index eaf0b9a2..e9a106d4 100644 --- a/lib/inspec_tools/xccdf.rb +++ b/lib/inspec_tools/xccdf.rb @@ -4,7 +4,6 @@ require 'digest' require 'json' -require 'inspec' module InspecTools # rubocop:disable Metrics/ClassLength diff --git a/lib/inspec_tools/xlsx.rb b/lib/inspec_tools/xlsx.rb index 029ccc4b..0d864a94 100644 --- a/lib/inspec_tools/xlsx.rb +++ b/lib/inspec_tools/xlsx.rb @@ -3,7 +3,6 @@ require 'word_wrap' require 'yaml' require 'digest' -require 'inspec' require_relative '../utilities/inspec_util' @@ -92,7 +91,7 @@ def parse_cis_controls(control_prefix) cis_tags = row[tag_pos['cis_controls']].formatted_value.scan(/CONTROL:v(\d) (\d+)\.?(\d*)/) control['tags']['cis_controls'] = [] control['tags']['nist'] = [] - cis_tags.each do |cis_tag| + cis_tags.each do |cis_tag| if cis_tag[2].nil? || cis_tag[2] == "" control['tags']['cis_controls'] << cis_tag[1].to_s control['tags']['nist'] << cis2Nist[cis_tag[1]] diff --git a/lib/inspec_tools_plugin.rb b/lib/inspec_tools_plugin.rb index fd0a0af4..7fe8beb8 100644 --- a/lib/inspec_tools_plugin.rb +++ b/lib/inspec_tools_plugin.rb @@ -1,9 +1,7 @@ -# frozen_string_literal: true + # frozen_string_literal: true libdir = File.dirname(__FILE__) $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir) require 'inspec_tools/version' require 'inspec_tools/plugin' - -require 'rubygems' diff --git a/lib/utilities/inspec_util.rb b/lib/utilities/inspec_util.rb index 5f4611cd..dec2d9f3 100644 --- a/lib/utilities/inspec_util.rb +++ b/lib/utilities/inspec_util.rb @@ -1,5 +1,4 @@ require 'inspec/objects' -require 'inspec/impact' require 'word_wrap' require 'pp' require 'uri' @@ -48,6 +47,15 @@ module Utils class InspecUtil DATA_NOT_FOUND_MESSAGE = 'N/A'.freeze WIDTH = 80 + IMPACT_SCORES = { + "none" => 0.0, + "low" => 0.1, + "medium" => 0.4, + "high" => 0.7, + "critical" => 0.9, + }.freeze + + class ImpactError; end def self.parse_data_for_xccdf(json) data = {} @@ -214,7 +222,13 @@ def self.get_impact(severity) end def self.get_impact_string(impact) - Inspec::Impact.string_from_impact(impact) unless impact.nil? + return if impact.nil? + value = impact.to_f + raise ImpactError, "'#{value}' is not a valid impact score. Valid impact scores: [0.0 - 1.0]." if value < 0 || value > 1 + + IMPACT_SCORES.reverse_each do |name, impact| + return name if value >= impact + end end def self.unpack_inspec_json(directory, inspec_json, separated, output_format) @@ -239,7 +253,7 @@ def self.unpack_inspec_json(directory, inspec_json, separated, output_format) private_class_method def self.generate_controls(inspec_json) controls = [] inspec_json['controls'].each do |json_control| - control = Inspec::Control.new + control = ::Inspec::Object::Control.new if (defined? control.desc).nil? control.descriptions[:default] = json_control['desc'] control.descriptions[:rationale] = json_control['tags']['rationale'] @@ -253,32 +267,32 @@ def self.unpack_inspec_json(directory, inspec_json, separated, output_format) control.impact = get_impact(json_control['impact']) #json_control['tags'].each do |tag| - # control.add_tag(Inspec::Tag.new(tag.key, tag.value) + # control.add_tag(Inspec::Object::Tag.new(tag.key, tag.value) #end - control.add_tag(Inspec::Tag.new('severity', json_control['tags']['severity'])) - control.add_tag(Inspec::Tag.new('gtitle', json_control['tags']['gtitle'])) - control.add_tag(Inspec::Tag.new('satisfies', json_control['tags']['satisfies'])) if json_control['tags']['satisfies'] - control.add_tag(Inspec::Tag.new('gid', json_control['tags']['gid'])) - control.add_tag(Inspec::Tag.new('rid', json_control['tags']['rid'])) - control.add_tag(Inspec::Tag.new('stig_id', json_control['tags']['stig_id'])) - control.add_tag(Inspec::Tag.new('fix_id', json_control['tags']['fix_id'])) - control.add_tag(Inspec::Tag.new('cci', json_control['tags']['cci'])) - control.add_tag(Inspec::Tag.new('nist', json_control['tags']['nist'])) - control.add_tag(Inspec::Tag.new('cis_level', json_control['tags']['cis_level'])) unless json_control['tags']['cis_level'].blank? - control.add_tag(Inspec::Tag.new('cis_controls', json_control['tags']['cis_controls'])) unless json_control['tags']['cis_controls'].blank? - control.add_tag(Inspec::Tag.new('cis_rid', json_control['tags']['cis_rid'])) unless json_control['tags']['cis_rid'].blank? - control.add_tag(Inspec::Tag.new('ref', json_control['tags']['ref'])) unless json_control['tags']['ref'].blank? - control.add_tag(Inspec::Tag.new('false_negatives', json_control['tags']['false_negatives'])) unless json_control['tags']['false_positives'].blank? - control.add_tag(Inspec::Tag.new('false_positives', json_control['tags']['false_positives'])) unless json_control['tags']['false_positives'].blank? - control.add_tag(Inspec::Tag.new('documentable', json_control['tags']['documentable'])) unless json_control['tags']['documentable'].blank? - control.add_tag(Inspec::Tag.new('mitigations', json_control['tags']['mitigations'])) unless json_control['tags']['mitigations'].blank? - control.add_tag(Inspec::Tag.new('severity_override_guidance', json_control['tags']['documentable'])) unless json_control['tags']['severity_override_guidance'].blank? - control.add_tag(Inspec::Tag.new('potential_impacts', json_control['tags']['potential_impacts'])) unless json_control['tags']['potential_impacts'].blank? - control.add_tag(Inspec::Tag.new('third_party_tools', json_control['tags']['third_party_tools'])) unless json_control['tags']['third_party_tools'].blank? - control.add_tag(Inspec::Tag.new('mitigation_controls', json_control['tags']['mitigation_controls'])) unless json_control['tags']['mitigation_controls'].blank? - control.add_tag(Inspec::Tag.new('responsibility', json_control['tags']['responsibility'])) unless json_control['tags']['responsibility'].blank? - control.add_tag(Inspec::Tag.new('ia_controls', json_control['tags']['ia_controls'])) unless json_control['tags']['ia_controls'].blank? + control.add_tag(::Inspec::Object::Tag.new('severity', json_control['tags']['severity'])) + control.add_tag(::Inspec::Object::Tag.new('gtitle', json_control['tags']['gtitle'])) + control.add_tag(::Inspec::Object::Tag.new('satisfies', json_control['tags']['satisfies'])) if json_control['tags']['satisfies'] + control.add_tag(::Inspec::Object::Tag.new('gid', json_control['tags']['gid'])) + control.add_tag(::Inspec::Object::Tag.new('rid', json_control['tags']['rid'])) + control.add_tag(::Inspec::Object::Tag.new('stig_id', json_control['tags']['stig_id'])) + control.add_tag(::Inspec::Object::Tag.new('fix_id', json_control['tags']['fix_id'])) + control.add_tag(::Inspec::Object::Tag.new('cci', json_control['tags']['cci'])) + control.add_tag(::Inspec::Object::Tag.new('nist', json_control['tags']['nist'])) + control.add_tag(::Inspec::Object::Tag.new('cis_level', json_control['tags']['cis_level'])) unless json_control['tags']['cis_level'].blank? + control.add_tag(::Inspec::Object::Tag.new('cis_controls', json_control['tags']['cis_controls'])) unless json_control['tags']['cis_controls'].blank? + control.add_tag(::Inspec::Object::Tag.new('cis_rid', json_control['tags']['cis_rid'])) unless json_control['tags']['cis_rid'].blank? + control.add_tag(::Inspec::Object::Tag.new('ref', json_control['tags']['ref'])) unless json_control['tags']['ref'].blank? + control.add_tag(::Inspec::Object::Tag.new('false_negatives', json_control['tags']['false_negatives'])) unless json_control['tags']['false_positives'].blank? + control.add_tag(::Inspec::Object::Tag.new('false_positives', json_control['tags']['false_positives'])) unless json_control['tags']['false_positives'].blank? + control.add_tag(::Inspec::Object::Tag.new('documentable', json_control['tags']['documentable'])) unless json_control['tags']['documentable'].blank? + control.add_tag(::Inspec::Object::Tag.new('mitigations', json_control['tags']['mitigations'])) unless json_control['tags']['mitigations'].blank? + control.add_tag(::Inspec::Object::Tag.new('severity_override_guidance', json_control['tags']['documentable'])) unless json_control['tags']['severity_override_guidance'].blank? + control.add_tag(::Inspec::Object::Tag.new('potential_impacts', json_control['tags']['potential_impacts'])) unless json_control['tags']['potential_impacts'].blank? + control.add_tag(::Inspec::Object::Tag.new('third_party_tools', json_control['tags']['third_party_tools'])) unless json_control['tags']['third_party_tools'].blank? + control.add_tag(::Inspec::Object::Tag.new('mitigation_controls', json_control['tags']['mitigation_controls'])) unless json_control['tags']['mitigation_controls'].blank? + control.add_tag(::Inspec::Object::Tag.new('responsibility', json_control['tags']['responsibility'])) unless json_control['tags']['responsibility'].blank? + control.add_tag(::Inspec::Object::Tag.new('ia_controls', json_control['tags']['ia_controls'])) unless json_control['tags']['ia_controls'].blank? controls << control end @@ -313,7 +327,7 @@ def self.unpack_inspec_json(directory, inspec_json, separated, output_format) else license_content = inspec_json['license'] end - rescue StandardError => e + rescue StandardError => _e license_content = inspec_json['license'] end end diff --git a/test/unit/inspec_tools_test.rb b/test/unit/inspec_tools_test.rb index 5c4b10d3..fbbd6eda 100644 --- a/test/unit/inspec_tools_test.rb +++ b/test/unit/inspec_tools_test.rb @@ -1,5 +1,4 @@ require_relative 'test_helper' -require 'inspec' class InspecToolsTest < Minitest::Test def test_that_it_has_a_version_number diff --git a/test/unit/test_helper.rb b/test/unit/test_helper.rb index df12da0c..ffdb652f 100644 --- a/test/unit/test_helper.rb +++ b/test/unit/test_helper.rb @@ -1,5 +1,6 @@ +require 'simplecov' +SimpleCov.start +require 'minitest/autorun' $LOAD_PATH.unshift File.expand_path('../../lib', __FILE__) root = File.expand_path("../../", File.dirname(__FILE__)) require "#{root}/lib/inspec_tools" - -require 'minitest/autorun'