Skip to content

Commit

Permalink
Enabled upload of zip archive of multiple SRG XML files
Browse files Browse the repository at this point in the history
Signed-off-by: Vanessa Fotso <[email protected]>
  • Loading branch information
vanessuniq committed Jan 26, 2023
1 parent 44e3217 commit 3adfb6a
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 21 deletions.
71 changes: 54 additions & 17 deletions app/controllers/security_requirements_guides_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
class SecurityRequirementsGuidesController < ApplicationController
before_action :authorize_admin, except: %i[index]
before_action :security_requirements_guide, only: %i[destroy]
before_action :read_uploaded_file, only: %i[create]

def index
@srgs = SecurityRequirementsGuide.all.order(:srg_id, :version).select(:id, :srg_id, :title, :version, :release_date)
Expand All @@ -14,24 +15,25 @@ def index
end

def create
file = params.require('file')
parsed_benchmark = Xccdf::Benchmark.parse(file.read)
srg = SecurityRequirementsGuide.from_mapping(parsed_benchmark)
file.tempfile.seek(0)
srg.parsed_benchmark = parsed_benchmark
srg.xml = file.read
if srg.save
render(json: { toast: 'Successfully created SRG.' }, status: :ok)
else
render(json: {
toast: {
title: 'Could not create SRG.',
message: srg.errors.full_messages,
variant: 'danger'
},
status: :unprocessable_entity
})
if @upload_errors.empty?
srg_models = build_srg_from_xml(@upload_contents)
failed_instances = SecurityRequirementsGuide.import(srg_models, all_or_none: true,
recursive: true).failed_instances
if failed_instances.blank?
render(json: { toast: "Successfully created #{srg_models.size} SRG." }, status: :ok) and return
end

@upload_errors = failed_instances.map { |instance| instance.errors.full_messages }.flatten
end

render(json: {
toast: {
title: 'Could not create SRG.',
message: @upload_errors,
variant: 'danger'
},
status: :unprocessable_entity
})
end

def destroy
Expand All @@ -48,4 +50,39 @@ def destroy
def security_requirements_guide
@srg = SecurityRequirementsGuide.find(params[:id])
end

def read_uploaded_file
file = params.require('file')
file_name = file.original_filename
@upload_contents = []
@upload_errors = []

if file_name.ends_with?('.xml')
@upload_contents << file.read
elsif file_name.ends_with?('.zip')
Zip::File.open_buffer(file.read) do |zf|
if zf.all? { |f| f.name.ends_with?('.xml') }
zf.each do |entry|
entry.get_input_stream { |io| @upload_contents << io.read }
end
else
@upload_errors << 'Error reading the submitted zip file. Ensure that all files in the zip are XML files.'
end
end
else
@upload_errors << 'Wrong file type submitted: accepted file type are XML or zip archive of XML files.'
end
end

def build_srg_from_xml(xmls)
srgs = []
xmls.each do |xml|
parsed_benchmark = Xccdf::Benchmark.parse(xml)
srg = SecurityRequirementsGuide.from_mapping(parsed_benchmark)
srg.parsed_benchmark = parsed_benchmark
srg.xml = xml
srgs << srg
end
srgs
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@
>
<b-form-file
v-model="file"
placeholder="Choose or drop an SRG XML here..."
drop-placeholder="Drop SRG XML here..."
accept="text/xml, application/xml"
placeholder="Choose or drop an SRG XML or zip of multi XML here..."
drop-placeholder="Drop SRG XML or zip XML here..."
accept="text/xml, application/xml, application/zip"
/>
<template #modal-footer>
<div class="row w-100">
Expand Down
2 changes: 1 addition & 1 deletion app/models/security_requirements_guide.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ def self.from_mapping(benchmark_mapping)
title = benchmark_mapping.title.first rescue nil
version = "V#{benchmark_mapping.version.version}" \
"#{SecurityRequirementsGuide.revision(benchmark_mapping.plaintext.first)}" rescue nil
release_date = SecurityRequirementsGuide.release_date(benchmark_mapping.plaintext.first)
release_date = SecurityRequirementsGuide.release_date(benchmark_mapping.plaintext.first) rescue nil
# rubocop:enable Style/RescueModifier

SecurityRequirementsGuide.new(srg_id: id, title: title, version: version, release_date: release_date)
Expand Down

0 comments on commit 3adfb6a

Please sign in to comment.