Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enabled upload of zip archive of multiple SRG XML files #512

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 54 additions & 17 deletions app/controllers/security_requirements_guides_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
class SecurityRequirementsGuidesController < ApplicationController
before_action :authorize_admin, except: %i[index]
before_action :security_requirements_guide, only: %i[destroy]
before_action :read_uploaded_file, only: %i[create]

def index
@srgs = SecurityRequirementsGuide.all.order(:srg_id, :version).select(:id, :srg_id, :title, :version, :release_date)
Expand All @@ -14,24 +15,25 @@ def index
end

def create
file = params.require('file')
parsed_benchmark = Xccdf::Benchmark.parse(file.read)
srg = SecurityRequirementsGuide.from_mapping(parsed_benchmark)
file.tempfile.seek(0)
srg.parsed_benchmark = parsed_benchmark
srg.xml = file.read
if srg.save
render(json: { toast: 'Successfully created SRG.' }, status: :ok)
else
render(json: {
toast: {
title: 'Could not create SRG.',
message: srg.errors.full_messages,
variant: 'danger'
},
status: :unprocessable_entity
})
if @upload_errors.empty?
srg_models = build_srg_from_xml(@upload_contents)
failed_instances = SecurityRequirementsGuide.import(srg_models, all_or_none: true,
recursive: true).failed_instances
if failed_instances.blank?
render(json: { toast: "Successfully created #{srg_models.size} SRG." }, status: :ok) and return
end

@upload_errors = failed_instances.map { |instance| instance.errors.full_messages }.flatten
end

render(json: {
toast: {
title: 'Could not create SRG.',
message: @upload_errors,
variant: 'danger'
},
status: :unprocessable_entity
})
end

def destroy
Expand All @@ -48,4 +50,39 @@ def destroy
def security_requirements_guide
@srg = SecurityRequirementsGuide.find(params[:id])
end

def read_uploaded_file
file = params.require('file')
file_name = file.original_filename
@upload_contents = []
@upload_errors = []

if file_name.ends_with?('.xml')
@upload_contents << file.read
elsif file_name.ends_with?('.zip')
Zip::File.open_buffer(file.read) do |zf|
if zf.all? { |f| f.name.ends_with?('.xml') }
zf.each do |entry|
entry.get_input_stream { |io| @upload_contents << io.read }
end
else
@upload_errors << 'Error reading the submitted zip file. Ensure that all files in the zip are XML files.'
end
end
else
@upload_errors << 'Wrong file type submitted: accepted file type are XML or zip archive of XML files.'
end
end

def build_srg_from_xml(xmls)
srgs = []
xmls.each do |xml|
parsed_benchmark = Xccdf::Benchmark.parse(xml)
srg = SecurityRequirementsGuide.from_mapping(parsed_benchmark)
srg.parsed_benchmark = parsed_benchmark
srg.xml = xml
srgs << srg
end
srgs
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@
>
<b-form-file
v-model="file"
placeholder="Choose or drop an SRG XML here..."
drop-placeholder="Drop SRG XML here..."
accept="text/xml, application/xml"
placeholder="Choose or drop an SRG XML or zip of multi XML here..."
drop-placeholder="Drop SRG XML or zip XML here..."
accept="text/xml, application/xml, application/zip"
/>
<template #modal-footer>
<div class="row w-100">
Expand Down
2 changes: 1 addition & 1 deletion app/models/security_requirements_guide.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ def self.from_mapping(benchmark_mapping)
title = benchmark_mapping.title.first rescue nil
version = "V#{benchmark_mapping.version.version}" \
"#{SecurityRequirementsGuide.revision(benchmark_mapping.plaintext.first)}" rescue nil
release_date = SecurityRequirementsGuide.release_date(benchmark_mapping.plaintext.first)
release_date = SecurityRequirementsGuide.release_date(benchmark_mapping.plaintext.first) rescue nil
Copy link
Preview

Copilot AI Dec 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using rescue nil suppresses all errors, which might hide issues that should be addressed. Suggestion: Handle specific exceptions or log the error for debugging purposes.

Suggested change
release_date = SecurityRequirementsGuide.release_date(benchmark_mapping.plaintext.first) rescue nil
release_date = SecurityRequirementsGuide.release_date(benchmark_mapping.plaintext.first) rescue StandardError => e; Rails.logger.error(e.message); nil

Copilot is powered by AI, so mistakes are possible. Review output carefully before use.

Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
# rubocop:enable Style/RescueModifier

SecurityRequirementsGuide.new(srg_id: id, title: title, version: version, release_date: release_date)
Expand Down