From 0d2093230985de68686bfbd04f96e78cc517b8ab Mon Sep 17 00:00:00 2001 From: Robert Thew Date: Wed, 23 May 2018 15:40:35 -0400 Subject: [PATCH] Added filtering capability, forms, and tests --- Gemfile | 2 + app/assets/stylesheets/application.css | 15 + .../concerns/dashboard_controller.rb | 2 +- app/controllers/evaluations_controller.rb | 68 ++- app/controllers/filter_groups_controller.rb | 81 ++++ app/controllers/filters_controller.rb | 73 ++++ app/controllers/profiles_controller.rb | 16 +- app/helpers/application_helper.rb | 5 + app/models/ability.rb | 2 + app/models/control.rb | 25 ++ app/models/download.rb | 2 +- app/models/evaluation.rb | 24 +- app/models/filter.rb | 158 +++++++ app/models/filter_group.rb | 8 + app/models/profile.rb | 23 +- app/models/repo.rb | 16 +- app/views/evaluations/show.html.erb | 390 ++++++++++++++++-- app/views/evaluations/ssp.html.erb | 4 +- app/views/evaluations/ssp_pdf.html.erb | 4 +- .../filter_groups/_filter_group.json.jbuilder | 2 + app/views/filter_groups/_form.html.erb | 24 ++ app/views/filter_groups/edit.html.erb | 28 ++ app/views/filter_groups/index.html.erb | 45 ++ app/views/filter_groups/index.json.jbuilder | 1 + app/views/filter_groups/new.html.erb | 27 ++ app/views/filter_groups/show.html.erb | 90 ++++ app/views/filter_groups/show.json.jbuilder | 1 + app/views/filters/_filter.json.jbuilder | 2 + app/views/filters/_form.html.erb | 286 +++++++++++++ app/views/filters/edit.html.erb | 27 ++ app/views/filters/index.html.erb | 55 +++ app/views/filters/index.json.jbuilder | 1 + app/views/filters/new.html.erb | 27 ++ app/views/filters/show.html.erb | 64 +++ app/views/filters/show.json.jbuilder | 1 + app/views/layouts/_header.html.erb | 5 +- app/views/profiles/show.html.erb | 2 +- config/initializers/constants.rb | 8 + config/routes.rb | 8 +- lib/inspec2ckl.rb | 8 - lib/inspec2ckl/StigChecklist.rb | 93 ----- lib/inspec2ckl/cli.rb | 76 ---- lib/inspec2ckl/inspec2ckl.rb | 160 ------- lib/inspec2ckl/version.rb | 5 - .../evaluations_controller_spec.rb | 71 +++- .../filter_groups_controller_spec.rb | 158 +++++++ spec/controllers/filters_controller_spec.rb | 144 +++++++ spec/factories/filter_groups.rb | 5 + spec/factories/filters.rb | 31 ++ spec/helpers/application_helper_spec.rb | 6 + spec/models/filter_group_spec.rb | 6 + spec/models/filter_spec.rb | 102 +++++ spec/models/repo_spec.rb | 19 + spec/requests/filter_groups_spec.rb | 12 + spec/requests/filters_spec.rb | 12 + spec/views/evaluations/show.html.erb_spec.rb | 2 +- .../views/filter_groups/edit.html.erb_spec.rb | 18 + spec/views/filter_groups/new.html.erb_spec.rb | 18 + .../views/filter_groups/show.html.erb_spec.rb | 14 + 59 files changed, 2157 insertions(+), 425 deletions(-) create mode 100644 app/controllers/filter_groups_controller.rb create mode 100644 app/controllers/filters_controller.rb create mode 100644 app/models/filter.rb create mode 100644 app/models/filter_group.rb create mode 100644 app/views/filter_groups/_filter_group.json.jbuilder create mode 100644 app/views/filter_groups/_form.html.erb create mode 100644 app/views/filter_groups/edit.html.erb create mode 100644 app/views/filter_groups/index.html.erb create mode 100644 app/views/filter_groups/index.json.jbuilder create mode 100644 app/views/filter_groups/new.html.erb create mode 100644 app/views/filter_groups/show.html.erb create mode 100644 app/views/filter_groups/show.json.jbuilder create mode 100644 app/views/filters/_filter.json.jbuilder create mode 100644 app/views/filters/_form.html.erb create mode 100644 app/views/filters/edit.html.erb create mode 100644 app/views/filters/index.html.erb create mode 100644 app/views/filters/index.json.jbuilder create mode 100644 app/views/filters/new.html.erb create mode 100644 app/views/filters/show.html.erb create mode 100644 app/views/filters/show.json.jbuilder create mode 100644 config/initializers/constants.rb delete mode 100644 lib/inspec2ckl.rb delete mode 100644 lib/inspec2ckl/StigChecklist.rb delete mode 100755 lib/inspec2ckl/cli.rb delete mode 100755 lib/inspec2ckl/inspec2ckl.rb delete mode 100644 lib/inspec2ckl/version.rb create mode 100644 spec/controllers/filter_groups_controller_spec.rb create mode 100644 spec/controllers/filters_controller_spec.rb create mode 100644 spec/factories/filter_groups.rb create mode 100644 spec/factories/filters.rb create mode 100644 spec/models/filter_group_spec.rb create mode 100644 spec/models/filter_spec.rb create mode 100644 spec/requests/filter_groups_spec.rb create mode 100644 spec/requests/filters_spec.rb create mode 100644 spec/views/filter_groups/edit.html.erb_spec.rb create mode 100644 spec/views/filter_groups/new.html.erb_spec.rb create mode 100644 spec/views/filter_groups/show.html.erb_spec.rb diff --git a/Gemfile b/Gemfile index 4ea16a8..bb2ffba 100644 --- a/Gemfile +++ b/Gemfile @@ -52,6 +52,8 @@ gem 'thor' gem 'json' gem 'pry' +gem 'inspec_to', :git => "git@gitlab.mitre.org:inspec/inspec_to.git" + group :development, :test do # Call 'byebug' anywhere in the code to stop execution and get a debugger console gem 'byebug', platforms: [:mri, :mingw, :x64_mingw] diff --git a/app/assets/stylesheets/application.css b/app/assets/stylesheets/application.css index ab40f6a..903442f 100644 --- a/app/assets/stylesheets/application.css +++ b/app/assets/stylesheets/application.css @@ -64,6 +64,21 @@ padding: 5px; font-size: 70px; } +.padded-right { + padding-right: 35px; +} +.no-top-padding { + padding-top: 0px; + padding-bottom: 5px; +} +.little_wider { + min-width: 200px; +} +.span-title { + font-size: 18px; + margin: 0; + line-height: 1; +} .column-2 { -webkit-columns: 100px 2; /* Chrome, Safari, Opera */ -moz-columns: 100px 2; /* Firefox */ diff --git a/app/controllers/concerns/dashboard_controller.rb b/app/controllers/concerns/dashboard_controller.rb index 3fbbf45..1ec4023 100644 --- a/app/controllers/concerns/dashboard_controller.rb +++ b/app/controllers/concerns/dashboard_controller.rb @@ -1,5 +1,5 @@ class DashboardController < ApplicationController def index - # nop + session[:filter] = nil end end diff --git a/app/controllers/evaluations_controller.rb b/app/controllers/evaluations_controller.rb index ee84092..8d4a39a 100644 --- a/app/controllers/evaluations_controller.rb +++ b/app/controllers/evaluations_controller.rb @@ -1,6 +1,6 @@ class EvaluationsController < ApplicationController load_resource - authorize_resource only: [:show, :destroy, :filter] + authorize_resource only: [:show, :destroy, :filter, :clear_filter] protect_from_forgery # GET /evaluations @@ -12,10 +12,10 @@ def index # GET /evaluations/1 # GET /evaluations/1.json def show - logger.debug "params: #{params.inspect}" @profiles = @evaluation.profiles - @counts, @controls = @evaluation.status_counts - @nist_hash = ProfilesController.nist_800_53 + filters, @filter_label = session_filters + @counts, @controls = @evaluation.status_counts(filters) + @nist_hash = Constants::NIST_800_53 respond_to do |format| format.html { render :show } format.json { render :show } @@ -37,9 +37,8 @@ def destroy # GET /profiles/1.json def ssp authorize! :read, Evaluation - @nist_hash = ProfilesController.nist_800_53 + @nist_hash = Constants::NIST_800_53 @symbols = @evaluation.symbols - # @counts, @controls = @evaluation.status_counts @evaluation.profiles.each do |profile| families, nist = profile.control_families next if families.empty? @@ -61,14 +60,46 @@ def ssp def nist authorize! :read, Evaluation + filters, = session_filters category = nil category = params[:category].downcase if params.key?(:category) status_sym = nil status_sym = params[:status_symbol].downcase.tr(' ', '_').to_sym if params.key?(:status_symbol) - @control_hash = @evaluation.nist_hash category, status_sym - nist_hash = ProfilesController.nist_800_53 - @name = nist_hash['name'] - @families = nist_hash['children'] + @control_hash = @evaluation.nist_hash category, status_sym, filters + @name = Constants::NIST_800_53['name'] + @families = Constants::NIST_800_53['children'] + end + + def clear_filter + session[:filter] = nil + session[:filter_group] = nil + redirect_to @evaluation + end + + def filter + logger.debug "params: #{params.inspect}" + f_params = params[:filter] + @filter = Filter.valid_filter f_params + if f_params[:save_filter] + @filter.save + end + session[:filter] = @filter + session[:filter_group] = nil + redirect_to @evaluation + end + + def filter_select + filter_params = params[:filter_group] + if filter_params[:id].present? + @filter_group = FilterGroup.find(filter_params[:id]) + session[:filter] = nil + session[:filter_group] = @filter_group + elsif filter_params[:filter_ids].present? + @filter = Filter.find(filter_params[:filter_ids]) + session[:filter_group] = nil + session[:filter] = @filter + end + redirect_to @evaluation end def upload @@ -81,4 +112,21 @@ def upload redirect_to evaluations_url, notice: 'File does not contain an evaluation.' end end + + private + + def session_filters + filters = nil + filter_label = nil + if session[:filter] + filter = session[:filter].is_a?(Filter) ? session[:filter] : Filter.new(session[:filter]) + filters = [filter] + filter_label = filter.to_s + elsif session[:filter_group] + filter_group = session[:filter_group].is_a?(FilterGroup) ? session[:filter_group] : FilterGroup.new(session[:filter_group]) + filters = filter_group.filters + filter_label = "#{filter_group.name}: #{filter_group.filters.map(&:to_s).join(', ')}" + end + [filters, filter_label] + end end diff --git a/app/controllers/filter_groups_controller.rb b/app/controllers/filter_groups_controller.rb new file mode 100644 index 0000000..3c61d58 --- /dev/null +++ b/app/controllers/filter_groups_controller.rb @@ -0,0 +1,81 @@ +class FilterGroupsController < ApplicationController + load_and_authorize_resource + protect_from_forgery + # authorize_resource only: [:show, :destroy, :filter, :clear_filter] + # before_action :set_filter_group, only: [:show, :edit, :update, :destroy, :remove_filter] + + # GET /filter_groups + # GET /filter_groups.json + def index + @filter_groups = FilterGroup.all + end + + # GET /filter_groups/1 + # GET /filter_groups/1.json + def show + end + + # GET /filter_groups/new + def new + @filter_group = FilterGroup.new + end + + # GET /filter_groups/1/edit + def edit + end + + # POST /filter_groups + # POST /filter_groups.json + def create + @filter_group = FilterGroup.new(filter_group_params) + + respond_to do |format| + if @filter_group.save + format.html { redirect_to @filter_group, notice: 'Filter group was successfully created.' } + format.json { render :show, status: :created, location: @filter_group } + else + format.html { render :new } + format.json { render json: @filter_group.errors, status: :unprocessable_entity } + end + end + end + + # PATCH/PUT /filter_groups/1 + # PATCH/PUT /filter_groups/1.json + def update + logger.debug "filter_group_params: #{filter_group_params.inspect}" + if (filter_ids = filter_group_params[:filter_ids]) + if (filter = Filter.find(filter_ids[:id])) + @filter_group.filters << filter + redirect_to @filter_group, notice: 'Filter was added.' + end + else + respond_to do |format| + if @filter_group.update(filter_group_params) + format.html { redirect_to @filter_group, notice: 'Filter group was successfully updated.' } + format.json { render :show, status: :ok, location: @filter_group } + else + format.html { render :edit } + format.json { render json: @filter_group.errors, status: :unprocessable_entity } + end + end + end + end + + # DELETE /filter_groups/1 + # DELETE /filter_groups/1.json + def destroy + @filter_group.destroy + respond_to do |format| + format.html { redirect_to filter_groups_url, notice: 'Filter group was successfully destroyed.' } + format.json { head :no_content } + end + end + + private + + # Never trust parameters from the scary internet, only allow the white list through. + def filter_group_params + params.require(:filter_group).permit(:name, { filter_ids: [:id] }) + end +end diff --git a/app/controllers/filters_controller.rb b/app/controllers/filters_controller.rb new file mode 100644 index 0000000..d218f4b --- /dev/null +++ b/app/controllers/filters_controller.rb @@ -0,0 +1,73 @@ +class FiltersController < ApplicationController + load_and_authorize_resource + protect_from_forgery + + # GET /filters + # GET /filters.json + def index + @filters = Filter.all + end + + # GET /filters/1 + # GET /filters/1.json + def show + end + + # GET /filters/new + def new + @filter = Filter.new + @nist_hash = Constants::NIST_800_53 + end + + # GET /filters/1/edit + def edit + @nist_hash = Constants::NIST_800_53 + end + + # POST /filters + # POST /filters.json + def create + @filter = Filter.valid_filter filter_params + @filter.save + respond_to do |format| + format.html { redirect_to Filter.find(@filter.id), notice: 'Filter was successfully created.' } + format.json { render :show, status: :created, location: @filter } + end + end + + # PATCH/PUT /filters/1 + # PATCH/PUT /filters/1.json + def update + respond_to do |format| + @filter.update(filter_params) + format.html { redirect_to @filter, notice: 'Filter was successfully updated.' } + format.json { render :show, status: :ok, location: @filter } + end + end + + # DELETE /filters/1 + # DELETE /filters/1.json + def destroy + if params.key?(:filter_group_id) + @filter_group = FilterGroup.find(params[:filter_group_id]) + @filter_group.filters.delete(Filter.find(params[:id])) + respond_to do |format| + format.html { redirect_to @filter_group, notice: 'Filter was successfully removed.' } + format.json { head :no_content } + end + else + @filter.destroy + respond_to do |format| + format.html { redirect_to filters_url, notice: 'Filter was successfully destroyed.' } + format.json { head :no_content } + end + end + end + + private + + # Never trust parameters from the scary internet, only allow the white list through. + def filter_params + params.require(:filter).permit(family: [], number: [], sub_fam: [], sub_num: [], enhancement: [], enh_sub_fam: [], enh_sub_num: []) + end +end diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index cabe7b1..003ce14 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -2,12 +2,6 @@ class ProfilesController < ApplicationController load_resource authorize_resource only: [:show, :edit, :destroy, :upload] - @nist_800_53_json = nil - - class << self - attr_accessor :nist_800_53_json - end - # GET /profiles # GET /profiles.json def index @@ -71,7 +65,7 @@ def nist category = nil category = params[:category].downcase if params.key?(:category) @control_hash = @profile.nist_hash category - nist_hash = ProfilesController.nist_800_53 + nist_hash = Constants::NIST_800_53 @name = nist_hash['name'] @families = nist_hash['children'] end @@ -96,14 +90,6 @@ def upload end end - def self.nist_800_53 - unless ProfilesController.nist_800_53_json - file = File.read("#{Rails.root}/data/nist_800_53.json") - ProfilesController.nist_800_53_json = JSON.parse(file) - end - ProfilesController.nist_800_53_json - end - private # Never trust parameters from the scary internet, only allow the white list through. diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 80d1a33..b3a3a73 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -37,4 +37,9 @@ def result_message(symbol) 'No test available for this control' end end + + def ary_to_s(val) + return '' if val.nil? || val.empty? + val.size == 1 ? val.first.to_s.delete('"') : val.to_s.delete('"') + end end diff --git a/app/models/ability.rb b/app/models/ability.rb index 502f1a4..6e13c38 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -20,6 +20,8 @@ def initialize(user) Role, Support, Tag, + Filter, + FilterGroup, ], created_by_id: user.id end if user.has_role?(:admin) diff --git a/app/models/control.rb b/app/models/control.rb index 40f3a17..c51d562 100644 --- a/app/models/control.rb +++ b/app/models/control.rb @@ -70,6 +70,31 @@ def severity end end + def parse_nist_tag(nist_tag) + if (m_fields = nist_tag.match(/([A-Z]{2})\-(\d+)((\s*([a-z])|\.([a-z])){1}((\.|\s+)(\d+))?)?\s*(\(\d+\))?((\s*([a-z])|\.([a-z])|\s*\(([a-z])\)){1}((\.|\s+)(\d+))?)?/)) + # + value = "#{m_fields[1]}-#{m_fields[2]}" + value += ".#{m_fields[5] || m_fields[6]}" if m_fields[4].present? + value += ".#{m_fields[9]}" if m_fields[9].present? + value += m_fields[10] if m_fields[10].present? + value += ".#{m_fields[13] || m_fields[14] || m_fields[15]}" if m_fields[12].present? + value += ".#{m_fields[18]}" if m_fields[18].present? + value + else + nist_tag + end + end + + def nist_tags + values = [] + if (nist_tags = tag('nist')) + nist_tags.split(',').map(&:strip).each do |nist_tag| + values << parse_nist_tag(nist_tag) + end + end + values + end + def short_title title.nil? ? '' : "#{title[0..50]}..." end diff --git a/app/models/download.rb b/app/models/download.rb index 953a787..28f4d28 100644 --- a/app/models/download.rb +++ b/app/models/download.rb @@ -41,7 +41,7 @@ def to_pdf 'margin-bottom': '0.10in', 'margin-left': '0.10in' } - kit = PDFKit.new(as_html, options=options) + kit = PDFKit.new(as_html, options) kit.to_file('tmp/ssp.pdf') end diff --git a/app/models/evaluation.rb b/app/models/evaluation.rb index 03dccad..df40e32 100644 --- a/app/models/evaluation.rb +++ b/app/models/evaluation.rb @@ -1,5 +1,3 @@ -require 'inspec2ckl' - class Evaluation include Mongoid::Document include Mongoid::Timestamps @@ -36,20 +34,22 @@ def to_json end def to_ckl - inspec2ckl = Inspec2ckl.new(to_json, nil, nil, nil) - inspec2ckl.to_ckl + InspecTo.ckl(to_json) end - def status_counts + def status_counts(filters = nil) counts = { open: 0, not_a_finding: 0, not_reviewed: 0, not_tested: 0, not_applicable: 0 } controls = {} profiles.each do |profile| - profile.controls.each do |control| + p_controls = filters.nil? ? profile.controls : profile.filtered_controls(filters) + p_controls.each do |control| controls[control.id] = { control: control, results: [] } end end results.each do |result| - controls[result.control_id][:results] << result + if controls[result.control_id] + controls[result.control_id][:results] << result + end end controls.each do |_, ct| sym = status_symbol(ct[:control], ct[:results]) @@ -113,10 +113,11 @@ def tag_values(tag, control, params, nist) end end - def profile_values(cat, params) + def profile_values(cat, params, filters = nil) nist = {} profiles.each do |profile| - profile.controls.each do |control| + p_controls = filters.nil? ? profile.controls : profile.filtered_controls(filters) + p_controls.each do |control| params[:ct_results] = params[:cts][control.id] severity = control.severity next unless severity && (cat.nil? || cat == severity) @@ -129,7 +130,7 @@ def profile_values(cat, params) nist end - def nist_hash(cat, status_symbol) + def nist_hash(cat, status_symbol, filters = nil) cts = {} results.each do |result| unless cts.key?(result.control_id) @@ -138,7 +139,7 @@ def nist_hash(cat, status_symbol) cts[result.control_id] << result end params = { status_symbol: status_symbol, cts: cts } - profile_values cat, params + profile_values cat, params, filters end def self.transform(hash) @@ -155,7 +156,6 @@ def self.transform(hash) all_profiles, results = Profile.parse hash.delete('profiles') hash['results'] = results hash['profiles'] = all_profiles - logger.debug("hash: #{hash.inspect}") hash end diff --git a/app/models/filter.rb b/app/models/filter.rb new file mode 100644 index 0000000..0e3bf78 --- /dev/null +++ b/app/models/filter.rb @@ -0,0 +1,158 @@ +class Filter + include Mongoid::Document + include Mongoid::Timestamps + include Mongoid::Userstamps::Model + field :family, type: Array, default: [] + field :number, type: Array, default: [] + field :sub_fam, type: Array, default: [] + field :sub_num, type: Array, default: [] + field :enhancement, type: Array, default: [] + field :enh_sub_fam, type: Array, default: [] + field :enh_sub_num, type: Array, default: [] + has_and_belongs_to_many :filter_groups + + def self.valid_filter(params) + %w{family number sub_fam sub_num enhancement enh_sub_fam enh_sub_num}.each do |field| + if params.key?(field) + params[field] = params[field].split(',') if params[field].is_a?(String) + else + params[field] = [] + end + end + if params['enhancement'].size != 1 || params['enhancement'].first == 'none' + params['enh_sub_fam'] = [] + params['enh_sub_num'] = [] + end + Filter.new( + family: params['family'], + number: params['number'], + sub_fam: params['sub_fam'], + sub_num: params['sub_num'], + enhancement: params['enhancement'], + enh_sub_fam: params['enh_sub_fam'], + enh_sub_num: params['enh_sub_num'], + ) + end + + def reg_sub_num + if sub_num.nil? || sub_num.empty? + '(\.\d+)?' + elsif sub_num.size == 1 + '\.' + sub_num.first + else + '\.(' + sub_num.join('|') + ')' + end + end + + def reg_sub_fam + if sub_fam.nil? || sub_fam.empty? + '(\.[a-z]{1})?(\.\d+)?' + elsif sub_fam.size == 1 + '\.' + sub_fam.first + reg_sub_num + else + '\.(' + sub_fam.join('|') + ')(\.\d+)?' + end + end + + def reg_number + if number.nil? || number.empty? + '\d+' + reg_sub_fam + elsif number.size == 1 + number.first + reg_sub_fam + else + '(' + number.join('|') + ')(\.[a-z]{1})?(\.\d+)?' + end + end + + def reg_enh_sub_num + if enh_sub_num.nil? || enh_sub_num.empty? + '(\.\d+)?\Z' + elsif enh_sub_num.size == 1 + '\.' + enh_sub_num.first + '\Z' + else + '\.(' + enh_sub_num.join('|') + ')\Z' + end + end + + def reg_enh_sub_fam + if enh_sub_fam.nil? || enh_sub_fam.empty? + '(\.[a-z]{1}(\.\d+)?)?\Z' + elsif enh_sub_fam.size == 1 + '\.' + enh_sub_fam.first + reg_enh_sub_num + else + '\.(' + enh_sub_fam.join('|') + ')(\.\d+)?\Z' + end + end + + def reg_enhancement + if enhancement.nil? || enhancement.empty? + '' + elsif enhancement.size == 1 + if enhancement.first == 'none' + '\Z' + else + '\(' + enhancement.first + '\)' + reg_enh_sub_fam + end + else + '\((' + enhancement.join('|') + ')\)' + + reg_enh_sub_fam + end + end + + # AC-15.a.3(2).b.2 + def reg_family + if family.nil? || family.empty? + '\b[A-Z]{2}.*' + elsif family.size == 1 + '\b' + family.first + '\-' + reg_number + reg_enhancement + else + '\b(' + family.join('|') + ').*' + end + end + + def regex + reg_str = reg_family + Object::Regexp.new reg_str + end + + def ary_to_s(val) + val.size == 1 ? val.first.to_s : val.to_s + end + + def family_s + val = "#{ary_to_s(family)}-" + if number.nil? || number.empty? + val += '*' + else + val += ary_to_s(number) + if sub_fam&.present? + val += ".#{ary_to_s(sub_fam)}" + if sub_num&.present? + val += ".#{ary_to_s(sub_num)}" + end + end + end + val + end + + def to_s + if family&.present? + val = family_s + else + val = '*' + end + if enhancement&.present? + if enhancement.first == 'none' + val += "\Z" + else + val += "(#{enhancement})" + end + if enh_sub_fam&.present? + val += ".#{ary_to_s(enh_sub_fam)}" + if enh_sub_num&.present? + val += ".#{ary_to_s(enh_sub_num)}" + end + end + end + val.delete '"' + end +end diff --git a/app/models/filter_group.rb b/app/models/filter_group.rb new file mode 100644 index 0000000..79098d6 --- /dev/null +++ b/app/models/filter_group.rb @@ -0,0 +1,8 @@ +class FilterGroup + include Mongoid::Document + include Mongoid::Timestamps + include Mongoid::Userstamps::Model + field :name, type: String + has_and_belongs_to_many :filters + validates_presence_of :name +end diff --git a/app/models/profile.rb b/app/models/profile.rb index 45e2900..24dec59 100644 --- a/app/models/profile.rb +++ b/app/models/profile.rb @@ -25,6 +25,24 @@ class Profile accepts_nested_attributes_for :profile_attributes validates_presence_of :name, :title, :sha256 + def filtered_controls(filters = nil) + return controls if filters.nil? + filtered_list = controls.select do |control| + keep = false + filters.each do |filter| + control.nist_tags.each do |nist_tag| + if nist_tag.match(filter.regex) + keep = true + break + end + end + break if keep + end + keep + end + filtered_list + end + def to_jbuilder Jbuilder.new do |json| json.extract! self, :name, :title, :maintainer, :copyright, @@ -86,7 +104,6 @@ def self.find_or_new(profile_hash) new_profile_hash, controls = Profile.transform(profile_hash.deep_dup) profile = Profile.create(new_profile_hash) controls.each do |control| - logger.debug "Add Control: #{control.keys}" profile.controls.create(control) end end @@ -99,16 +116,12 @@ def self.parse(profiles) profiles.try(:each) do |profile_hash| profile = Profile.find_or_new profile_hash profile_hash['controls'].try(:each) do |control_hash| - logger.debug "For #{control_hash['control_id']}" if (control = profile.controls.where(control_id: control_hash['control_id']).try(:first)) - logger.debug 'Found Control' control_hash['results'].try(:each) do |result| - logger.debug "For result #{result.inspect}" control.results.create(result) end results.concat control.results end - logger.debug "Results: #{results.size}" end all_profiles << profile end diff --git a/app/models/repo.rb b/app/models/repo.rb index 20bfd97..3692f05 100644 --- a/app/models/repo.rb +++ b/app/models/repo.rb @@ -15,11 +15,21 @@ def self.types end def projects(repo_cred) + return [] unless repo_cred if repo_type == 'GitLab' - api = Git::GitLabProxy.new(api_url, repo_cred.token) + begin + api = Git::GitLabProxy.new(api_url, repo_cred.token) + api.projects + rescue Gitlab::Error::Unauthorized, UncaughtThrowError + [] + end elsif repo_type == 'GitHub' - api = Git::GitHubProxy.new(repo_cred.token) + begin + api = Git::GitHubProxy.new(repo_cred.token) + api.projects + rescue Octokit::Unauthorized, UncaughtThrowError + [] + end end - api.projects end end diff --git a/app/views/evaluations/show.html.erb b/app/views/evaluations/show.html.erb index 813158d..65cbb41 100644 --- a/app/views/evaluations/show.html.erb +++ b/app/views/evaluations/show.html.erb @@ -165,7 +165,7 @@ -
+
@@ -189,40 +189,284 @@
- +
+ <%= form_for :filter, url: evaluation_filter_path(@evaluation), remote: true do |form| %> +
+
+
+

Families

+
+
+
+ <% @nist_hash["children"].first((@nist_hash["children"].size/2).to_i).each do |family| %> +
+ +
+ <% end %> +
+
+ <% @nist_hash["children"].last((@nist_hash["children"].size/2).to_i).each do |family| %> +
+ +
+ <% end %> +
+
+
+
+
+

Numbers

+
+
+
+ <% (1..11).each do |num| %> +
+ +
+ <% end %> +
+
+ <% (12..22).each do |num| %> +
+ +
+ <% end %> +
+
+ <% (23..33).each do |num| %> +
+ +
+ <% end %> +
+
+ <% (34..44).each do |num| %> +
+ +
+ <% end %> +
+
+
+
+
+

Part

+
+
+
+ <% ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k'].each do |fam| %> +
+ +
+ <% end %> +
+
+
+
+
+

Sub-Part

+
+
+
+ <% (1..10).each do |num| %> +
+ +
+ <% end %> +
+
+
+
+
+

Enhancement

+
+
+
+ <% (1..12).each do |enhancement| %> +
+ +
+ <% end %> +
+
+ <% (13..24).each do |enhancement| %> +
+ +
+ <% end %> +
+ +
+
+
+
+
+
+

Part

+
+
+
+ <% ['a', 'b', 'c', 'd', 'e', 'f'].each do |fam| %> +
+ +
+ <% end %> +
+
-
- <% @nist_hash["children"].last((@nist_hash["children"].size/2).to_i).each do |family| %> -
- +
+
+

Sub-Part

+
+
+
+ <% (1..5).each do |num| %> +
+ +
+ <% end %>
+
+
+
+
+
+
+ +
+
+
+ <%= button_tag(type: "submit", class: "btn btn-primary pull-right margin-right") do %> + Filter by Selected <% end %>
+
+ +
<% end %>
- +
@@ -265,7 +509,7 @@ <%= control.title %> <%= link_to control.control_id, profile_control_path(control.profile_id, control.id) %> <%= control.severity %> - <%= control.tag 'nist' %> + <%= control.nist_tags.join(', ') %> <%= control.code %> <% end %> @@ -296,6 +540,91 @@ var shown_id = null; var loaded = null; var compliance_count = 0.0; var total_count = 0; +var nist_counts = {"AC": 25, "AU": 16, "AT": 5, "CM": 11, "CP": 13, "IA": 11, "IR": 10, "MA": 6, "MP": 8, + "PS": 8, "PE": 20, "PL": 9, "PM": 16, "RA": 6, "CA": 9, "SC": 44, "SI": 17, "SA": 22}; + +function filterNumbers() { + count = 0; + checked = null; + $('input:checkbox[id^="fam_cb_"]:checked').each(function(){ + count += 1; + checked = $(this).val(); + }); + if(count == 1) { + $('input:checkbox[id^="num_cb_"]').each(function(){ + if($(this).val() <= nist_counts[checked]) { + $(this).prop("disabled", false); + } else { + $(this).prop('checked', false); + $(this).prop("disabled", true); + } + $('input:checkbox[id^="sub_fam_cb_"]').each(function(){ + $(this).prop("disabled", false); + }); + $('input:checkbox[id^="sub_num_cb_"]').each(function(){ + $(this).prop("disabled", false); + }); + }); + } else if (count > 1) { + $('input:checkbox[id^="num_cb_"]').each(function(){ + $(this).prop('checked', false); + $(this).prop("disabled", true); + }); + $('input:checkbox[id^="sub_fam_cb_"]').each(function(){ + $(this).prop('checked', false); + $(this).prop("disabled", true); + }); + $('input:checkbox[id^="sub_num_cb_"]').each(function(){ + $(this).prop('checked', false); + $(this).prop("disabled", true); + }); + } else { + $('input:checkbox[id^="num_cb_"]').each(function(){ + $(this).prop("disabled", false); + }); + } +} + +function noEnhancements() { + $('input:checkbox[id^="enhancement_cb_"]').each(function(){ + $(this).prop('checked', false); + }); + $('input:checkbox[id^="enh_sub_fam_cb_"]').each(function(){ + $(this).prop('checked', false); + $(this).prop("disabled", true); + }); + $('input:checkbox[id^="enh_sub_num_cb_"]').each(function(){ + $(this).prop('checked', false); + $(this).prop("disabled", true); + }); +} + +function yesEnhancements() { + count = 0; + $('input:checkbox[id^="enhancement_cb_"]:checked').each(function(){ + count += 1; + }); + $('input:checkbox[id^="none_enhance_cb"]').each(function(){ + $(this).prop('checked', false); + }); + if(count > 1){ + $('input:checkbox[id^="enh_sub_fam_cb_"]').each(function(){ + $(this).prop('checked', false); + $(this).prop("disabled", true); + }); + $('input:checkbox[id^="enh_sub_num_cb_"]').each(function(){ + $(this).prop('checked', false); + $(this).prop("disabled", true); + }); + } else { + $('input:checkbox[id^="enh_sub_fam_cb_"]').each(function(){ + $(this).prop("disabled", false); + }); + $('input:checkbox[id^="enh_sub_num_cb_"]').each(function(){ + $(this).prop("disabled", false); + }); + } +} function show_details(profile_id, control_id, evaluation_id) { hsh = "#" + control_id; @@ -382,6 +711,16 @@ document.addEventListener("turbolinks:load", function() { }); } + $("#build_btn").click(function(){ + console.log("show builder"); + document.getElementById("filter_row").style.display = 'block'; + }); + + $("#close_build_btn").click(function(){ + console.log("Close builder"); + document.getElementById("filter_row").style.display = 'none'; + }); + $("#clear_filters_button").click(function() { if (currentDepth == 0) { document.getElementById("clear_filters_button").style.visibility = "hidden"; @@ -425,7 +764,6 @@ document.addEventListener("turbolinks:load", function() { if (!(ary.includes(child3.name))) { ary.push(child3.name); status_value = child3.status_value; - console.log("Child3: " + child3.name + ", status_value: " + status_value); if (status_value == 0.2) { not_app += 1; } else if (status_value == 0.4) { @@ -446,8 +784,8 @@ document.addEventListener("turbolinks:load", function() { //var not_rev = accumulate_status(d, 0.4); //var not_find = accumulate_status(d, 0.6); //var open = accumulate_status(d, 0.8); - total_count = not_app + not_find + not_rev + open; - compliance_count = ((not_find + not_app) / total_count) * 100; + total_count = not_find + not_rev + open; + compliance_count = (not_find / total_count) * 100; status_data = [ ['Not A Finding', not_find], diff --git a/app/views/evaluations/ssp.html.erb b/app/views/evaluations/ssp.html.erb index 974e1c3..ee4cb7c 100644 --- a/app/views/evaluations/ssp.html.erb +++ b/app/views/evaluations/ssp.html.erb @@ -134,8 +134,8 @@
<% counts, _ = @evaluation.status_counts %> - <% total_count = counts[:open] + counts[:not_a_finding] + counts[:not_reviewed] + counts[:not_tested] + counts[:not_applicable] %> - <% compliance_level = ((counts[:not_a_finding] + counts[:not_applicable]).to_f / total_count) * 100 %> + <% total_count = counts[:open] + counts[:not_a_finding] + counts[:not_reviewed] + counts[:not_tested] %> + <% compliance_level = ((counts[:not_a_finding]).to_f / total_count) * 100 %>

Compliance Level: <%= compliance_level.round(1) %>%

diff --git a/app/views/evaluations/ssp_pdf.html.erb b/app/views/evaluations/ssp_pdf.html.erb index bc879e0..28aef1f 100644 --- a/app/views/evaluations/ssp_pdf.html.erb +++ b/app/views/evaluations/ssp_pdf.html.erb @@ -693,8 +693,8 @@ fieldset[disabled] .btn-link:focus {

<%= evaluation.profiles.map(&:name).join(', ') %>

<% counts, _ = evaluation.status_counts %> - <% total_count = counts[:open] + counts[:not_a_finding] + counts[:not_reviewed] + counts[:not_tested] + counts[:not_applicable] %> - <% compliance_level = ((counts[:not_a_finding] + counts[:not_applicable]).to_f / total_count) * 100 %> + <% total_count = counts[:open] + counts[:not_a_finding] + counts[:not_reviewed] + counts[:not_tested] %> + <% compliance_level = ((counts[:not_a_finding]).to_f / total_count) * 100 %>

Compliance Level: <%= compliance_level.round(1) %>%

diff --git a/app/views/filter_groups/_filter_group.json.jbuilder b/app/views/filter_groups/_filter_group.json.jbuilder new file mode 100644 index 0000000..98a0c52 --- /dev/null +++ b/app/views/filter_groups/_filter_group.json.jbuilder @@ -0,0 +1,2 @@ +json.extract! filter_group, :id, :name, :created_at, :updated_at +json.url filter_group_url(filter_group, format: :json) diff --git a/app/views/filter_groups/_form.html.erb b/app/views/filter_groups/_form.html.erb new file mode 100644 index 0000000..bf743b6 --- /dev/null +++ b/app/views/filter_groups/_form.html.erb @@ -0,0 +1,24 @@ +<%= form_with(model: filter_group, local: true) do |form| %> + <% if filter_group.errors.any? %> +
+

<%= pluralize(filter_group.errors.count, "error") %> prohibited this filter_group from being saved:

+ +
    + <% filter_group.errors.full_messages.each do |message| %> +
  • <%= message %>
    • + <% end %> +
+
+ <% end %> + +
+ <%= form.label :name %> + <%= form.text_field :name, id: :filter_group_name %> +
+
+
+ <%= button_tag(type: "submit", class: "btn btn-primary") do %> + Save + <% end %> +
+<% end %> diff --git a/app/views/filter_groups/edit.html.erb b/app/views/filter_groups/edit.html.erb new file mode 100644 index 0000000..10ab8b1 --- /dev/null +++ b/app/views/filter_groups/edit.html.erb @@ -0,0 +1,28 @@ +
+

+ Edit Filter Group +

+
    +
  1. <%= link_to (' Dashboard').html_safe, home_path %>
    2. +
  2. <%= link_to 'Filters Groups', filter_groups_path %>
    3. +
  3. <%= link_to 'Filters Group', @filter_group %>
    4. +
  4. Edit Filter Group
    5. +
+
+ + +
+
+
+
+
+

Edit Filter Group

+
+ +
+ <%= render 'form', filter_group: @filter_group %> +
+
+
+
+
diff --git a/app/views/filter_groups/index.html.erb b/app/views/filter_groups/index.html.erb new file mode 100644 index 0000000..9368f85 --- /dev/null +++ b/app/views/filter_groups/index.html.erb @@ -0,0 +1,45 @@ +
+

+ Filter Groups +

+
    +
  1. <%= link_to (' Dashboard').html_safe, home_path %>
    2. +
  2. Filter Groups
    3. +
+
+ +
+
+
+
+
+

Filter Groups

+
+ + <% if can? :read, FilterGroup %> +
+
+ + + + + + <% @filter_groups.each do |filter_group| %> + + + + + + <% end %> +
NameFilters
<%= link_to filter_group.name, filter_group %> + <%= filter_group.filters.map{|filter| filter.to_s}.join(', ') %> + <%= link_to 'Destroy', filter_group, method: :delete, data: { confirm: 'Are you sure?' } %>
+
+ <% end %> +
+
+
+
+ <%= link_to 'New Filter Group', new_filter_group_path, class: "btn btn-info" %> +
+ diff --git a/app/views/filter_groups/index.json.jbuilder b/app/views/filter_groups/index.json.jbuilder new file mode 100644 index 0000000..d0e47d1 --- /dev/null +++ b/app/views/filter_groups/index.json.jbuilder @@ -0,0 +1 @@ +json.array! @filter_groups, partial: 'filter_groups/filter_group', as: :filter_group diff --git a/app/views/filter_groups/new.html.erb b/app/views/filter_groups/new.html.erb new file mode 100644 index 0000000..119fb63 --- /dev/null +++ b/app/views/filter_groups/new.html.erb @@ -0,0 +1,27 @@ +
+

+ New Filter Group +

+
    +
  1. <%= link_to (' Dashboard').html_safe, home_path %>
    2. +
  2. <%= link_to 'Filter Groups', filter_groups_path %>
    3. +
  3. New Filter Group
    4. +
+
+ + +
+
+
+
+
+

New Filter Group

+
+ +
+ <%= render 'form', filter_group: @filter_group %> +
+
+
+
+
diff --git a/app/views/filter_groups/show.html.erb b/app/views/filter_groups/show.html.erb new file mode 100644 index 0000000..49f18f1 --- /dev/null +++ b/app/views/filter_groups/show.html.erb @@ -0,0 +1,90 @@ +
+

+ Filter Group +

+
    +
  1. <%= link_to (' Dashboard').html_safe, home_path %>
    2. +
  2. <%= link_to 'Filter Groups', filter_groups_path %>
    3. +
  3. Filter Group
    4. +
+
+ + +
+
+
+
+
+

Filter Group

+ <% if can? :read, FilterGroup %> + <%= link_to 'Destroy', @filter_group, :method => :delete, class: "btn btn-danger pull-right", data: { confirm: 'Are you sure?' } %> + <%= link_to (' Edit').html_safe, edit_filter_group_path(@filter_group), class: "btn btn-primary pull-right margin-right" %> + <% end %> +
+ +
+

+ Name: + <%= @filter_group.name %> +

+
+
+
+
+
+
+
+
+

Filters

+
+
+ Add Filter: + <% #form_with(model: @filter_group, url: filter_group_add_filter_path(@filter_group), local: true) do |form| %> + <%= form_with(model: @filter_group, local: true) do |form| %> +

+ <%= form.fields_for :filter_ids do |ff| %> + <%= ff.select :id, Filter.all.collect {|u| [u.to_s, u.id]}, { :prompt => 'Select Filter' } %> + <% end %> + <%= button_tag(type: "submit", class: "btn btn-primary margin-right") do %> + Add + <% end %> +

+ <% end %> +
+
+ + + + + + + + + + + + + <% @filter_group.filters.each do |filter| %> + + + + + + + + + + + + <% end %> +
FilterFamilyNumberPartSub-PartEnhancementPartSub-Part
<%= link_to filter.to_s, filter %><%= ary_to_s(filter.family) %><%= ary_to_s(filter.number) %><%= ary_to_s(filter.sub_fam) %><%= ary_to_s(filter.sub_num) %><%= ary_to_s(filter.enhancement) %><%= ary_to_s(filter.enh_sub_fam) %><%= ary_to_s(filter.enh_sub_num) %> + <%= link_to 'Remove', filter_group_filter_path(@filter_group, filter), :method => :delete, data: { confirm: 'Are you sure?' } %> +
+
+
+ <%= link_to 'Create New Filter', new_filter_path, class: "btn btn-info" %> +
+
+
+
+
diff --git a/app/views/filter_groups/show.json.jbuilder b/app/views/filter_groups/show.json.jbuilder new file mode 100644 index 0000000..01ffaf9 --- /dev/null +++ b/app/views/filter_groups/show.json.jbuilder @@ -0,0 +1 @@ +json.partial! 'filter_groups/filter_group', filter_group: @filter_group diff --git a/app/views/filters/_filter.json.jbuilder b/app/views/filters/_filter.json.jbuilder new file mode 100644 index 0000000..6cc3e2a --- /dev/null +++ b/app/views/filters/_filter.json.jbuilder @@ -0,0 +1,2 @@ +json.extract! filter, :id, :family, :number, :sub_fam, :sub_num, :enhancement, :enh_sub_fam, :enh_sub_num, :created_at, :updated_at +json.url filter_url(filter, format: :json) diff --git a/app/views/filters/_form.html.erb b/app/views/filters/_form.html.erb new file mode 100644 index 0000000..d1a4e59 --- /dev/null +++ b/app/views/filters/_form.html.erb @@ -0,0 +1,286 @@ +<%= form_with(model: filter, local: true) do |form| %> + <% if filter.errors.any? %> +
+

<%= pluralize(filter.errors.count, "error") %> prohibited this filter from being saved:

+ +
    + <% filter.errors.full_messages.each do |message| %> +
  • <%= message %>
    • + <% end %> +
+
+ <% end %> + +
+
+
+

Families

+
+
+
+ <% nist_hash["children"].first((nist_hash["children"].size/2).to_i).each do |family| %> +
+ +
+ <% end %> +
+
+ <% nist_hash["children"].last((nist_hash["children"].size/2).to_i).each do |family| %> +
+ +
+ <% end %> +
+
+
+
+
+

Numbers

+
+
+
+ <% (1..11).each do |num| %> +
+ +
+ <% end %> +
+
+ <% (12..22).each do |num| %> +
+ +
+ <% end %> +
+
+ <% (23..33).each do |num| %> +
+ +
+ <% end %> +
+
+ <% (34..44).each do |num| %> +
+ +
+ <% end %> +
+
+
+
+
+

Part

+
+
+
+ <% ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k'].each do |fam| %> +
+ +
+ <% end %> +
+
+
+
+
+

Sub-Part

+
+
+
+ <% (1..10).each do |num| %> +
+ +
+ <% end %> +
+
+
+
+
+

Enhancement

+
+
+
+ <% (1..12).each do |enhancement| %> +
+ +
+ <% end %> +
+
+ <% (13..24).each do |enhancement| %> +
+ +
+ <% end %> +
+ +
+
+
+
+
+
+

Part

+
+
+
+ <% ['a', 'b', 'c', 'd', 'e', 'f'].each do |fam| %> +
+ +
+ <% end %> +
+
+
+
+
+

Sub-Part

+
+
+
+ <% (1..5).each do |num| %> +
+ +
+ <% end %> +
+
+
+
+
+
+ <%= button_tag(type: "submit", class: "btn btn-primary") do %> + Save + <% end %> +
+<% end %> + + diff --git a/app/views/filters/edit.html.erb b/app/views/filters/edit.html.erb new file mode 100644 index 0000000..903ab44 --- /dev/null +++ b/app/views/filters/edit.html.erb @@ -0,0 +1,27 @@ +
+

+ Editing Filter +

+
    +
  1. <%= link_to (' Dashboard').html_safe, home_path %>
    2. +
  2. <%= link_to 'Filters', filters_path %>
    3. +
  3. Editing Filter
    4. +
+
+ + +
+
+
+
+
+

Editing Filter

+
+ +
+ <%= render 'form', filter: @filter, nist_hash: @nist_hash %> +
+
+
+
+
diff --git a/app/views/filters/index.html.erb b/app/views/filters/index.html.erb new file mode 100644 index 0000000..0e561b2 --- /dev/null +++ b/app/views/filters/index.html.erb @@ -0,0 +1,55 @@ +
+

+ Filters +

+
    +
  1. <%= link_to (' Dashboard').html_safe, home_path %>
    2. +
  2. Filters
    3. +
+
+ +
+
+
+
+
+

Filters

+
+ + <% if can? :read, FilterGroup %> +
+ + + + + + + + + + + + + <% @filters.each do |filter| %> + + + + + + + + + + + + <% end %> +
FilterFamilyNumberPartSub-PartEnhancementPartSub-Part
<%= link_to filter.to_s, filter %><%= ary_to_s(filter.family) %><%= ary_to_s(filter.number) %><%= ary_to_s(filter.sub_fam) %><%= ary_to_s(filter.sub_num) %><%= ary_to_s(filter.enhancement) %><%= ary_to_s(filter.enh_sub_fam) %><%= ary_to_s(filter.enh_sub_num) %><%= link_to 'Destroy', filter, method: :delete, data: { confirm: 'Are you sure?' } %>
+
+ <% end %> +
+
+
+
+ <%= link_to 'New Filter', new_filter_path, class: "btn btn-info" %> +
+
diff --git a/app/views/filters/index.json.jbuilder b/app/views/filters/index.json.jbuilder new file mode 100644 index 0000000..a934aca --- /dev/null +++ b/app/views/filters/index.json.jbuilder @@ -0,0 +1 @@ +json.array! @filters, partial: 'filters/filter', as: :filter diff --git a/app/views/filters/new.html.erb b/app/views/filters/new.html.erb new file mode 100644 index 0000000..af7ac67 --- /dev/null +++ b/app/views/filters/new.html.erb @@ -0,0 +1,27 @@ +
+

+ New Filter +

+
    +
  1. <%= link_to (' Dashboard').html_safe, home_path %>
    2. +
  2. <%= link_to 'Filters', filters_path %>
    3. +
  3. New Filter
    4. +
+
+ + +
+
+
+
+
+

New Filter

+
+ +
+ <%= render 'form', filter: @filter, nist_hash: @nist_hash %> +
+
+
+
+
diff --git a/app/views/filters/show.html.erb b/app/views/filters/show.html.erb new file mode 100644 index 0000000..74f7073 --- /dev/null +++ b/app/views/filters/show.html.erb @@ -0,0 +1,64 @@ +
+

+ Filter +

+
    +
  1. <%= link_to (' Dashboard').html_safe, home_path %>
    2. +
  2. <%= link_to 'Filters', filters_path %>
    3. +
  3. Filter
    4. +
+
+ +
+
+
+
+
+

Filter

+
+ + <% if can? :read, Filter %> +
+

+ Family: + <%= @filter.family %> +

+ +

+ Number: + <%= @filter.number %> +

+ +

+ Part: + <%= @filter.sub_fam %> +

+ +

+ Sub-Part: + <%= @filter.sub_num %> +

+ +

+ Enhancement: + <%= @filter.enhancement %> +

+ +

+ Part: + <%= @filter.enh_sub_fam %> +

+ +

+ Sub-Part: + <%= @filter.enh_sub_num %> +

+
+ <% end %> +
+
+
+ <%= link_to 'Edit', edit_filter_path(@filter), class: "btn btn-info" %> +
+
+
diff --git a/app/views/filters/show.json.jbuilder b/app/views/filters/show.json.jbuilder new file mode 100644 index 0000000..30a8a25 --- /dev/null +++ b/app/views/filters/show.json.jbuilder @@ -0,0 +1 @@ +json.partial! 'filters/filter', filter: @filter diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb index a29724c..3497517 100644 --- a/app/views/layouts/_header.html.erb +++ b/app/views/layouts/_header.html.erb @@ -16,12 +16,13 @@
  • <%= link_to "Evaluations", evaluations_path %>
  • <%= link_to "Profiles", profiles_path %>
  • <%= link_to "Repos", repos_path %>
    • +
  • <%= link_to "Filters", filter_groups_path %>
    • -
    diff --git a/app/views/profiles/show.html.erb b/app/views/profiles/show.html.erb index c656bcf..2010e18 100644 --- a/app/views/profiles/show.html.erb +++ b/app/views/profiles/show.html.erb @@ -67,7 +67,7 @@ <%= control.title %> <%= link_to control.control_id, profile_control_path(@profile.id, control.id) %> <%= control.severity %> - <%= control.tag 'nist' %> + <%= control.nist_tags.join(', ') %> <%= control.code %> <% end %> diff --git a/config/initializers/constants.rb b/config/initializers/constants.rb new file mode 100644 index 0000000..e8db819 --- /dev/null +++ b/config/initializers/constants.rb @@ -0,0 +1,8 @@ +module Constants + NIST_800_53 = JSON.parse(File.read("#{Rails.root}/data/nist_800_53.json")) + hsh = {} + NIST_800_53['children'].each do |cf| + hsh[cf['name']] = cf['children'].size + end + NIST_800_53_COUNTS = hsh +end diff --git a/config/routes.rb b/config/routes.rb index 8003e2e..f36af04 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,4 +1,8 @@ Rails.application.routes.draw do + resources :filter_groups do + resources :filters, only: [:update, :destroy] + end + resources :filters resources :repos do resources :repo_creds, only: [:create, :update, :destroy] end @@ -24,7 +28,9 @@ match 'profiles/:id/nist(/category/:category)' => 'profiles#nist', as: :profile_nist, :via => :get match 'profile_upload' => 'profiles#upload', as: :upload_profile, :via => :post match 'evaluations/:id/ssp' => 'evaluations#ssp', as: :evaluation_ssp, :via => :get - match 'evaluations/:id/filter' => 'evaluations#show', as: :evaluation_filter, :via => :post + match 'evaluations/:id/filter' => 'evaluations#filter', as: :evaluation_filter, :via => :post + match 'evaluations/:id/filter_select' => 'evaluations#filter_select', as: :evaluation_filter_select, :via => :post + match 'evaluations/:id/clear_filter' => 'evaluations#clear_filter', as: :evaluation_clear_filter, :via => :get match 'evaluation_upload' => 'evaluations#upload', as: :upload_evaluation, :via => :post match 'evaluations/:id/nist(/category/:category)(/status/:status_symbol)' => 'evaluations#nist', as: :evaluation_nist, :via => :get diff --git a/lib/inspec2ckl.rb b/lib/inspec2ckl.rb deleted file mode 100644 index 5b2788a..0000000 --- a/lib/inspec2ckl.rb +++ /dev/null @@ -1,8 +0,0 @@ -# encoding: utf-8 - -libdir = File.dirname(__FILE__) -$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir) - -require 'inspec2ckl/inspec2ckl' -require 'inspec2ckl/StigChecklist' -require 'inspec2ckl/version' diff --git a/lib/inspec2ckl/StigChecklist.rb b/lib/inspec2ckl/StigChecklist.rb deleted file mode 100644 index 39c86c0..0000000 --- a/lib/inspec2ckl/StigChecklist.rb +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/local/bin/ruby -# encoding: utf-8 -# author: Aaron Lippold -# author: Rony Xavier rx294@nyu.edu - -require 'happymapper' -require 'nokogiri' - -# see: https://github.com/dam5s/happymapper -# Class Asset maps from the 'Asset' from Checklist XML file using HappyMapper -class Asset - include HappyMapper - tag 'ASSET' - element :role, String, tag: 'ROLE' - element :type, String, tag: 'ASSET_TYPE' - element :host_name, String, tag: 'HOST_NAME' - element :host_ip, String, tag: 'HOST_IP' - element :host_mac, String, tag: 'HOST_MAC' - element :host_guid, String, tag: 'HOST_GUID' - element :host_fqdn, String, tag: 'HOST_FQDN' - element :tech_area, String, tag: 'TECH_AREA' - element :target_key, String, tag: 'TARGET_KEY' - element :web_or_database, String, tag: 'WEB_OR_DATABASE' - element :web_db_site, String, tag: 'WEB_DB_SITE' - element :web_db_instance, String, tag: 'WEB_DB_INSTANCE' -end - -# Class Asset maps from the 'SI_DATA' from Checklist XML file using HappyMapper -class SI_DATA - include HappyMapper - tag 'SI_DATA' - element :name, String, tag: 'SID_NAME' - element :data, String, tag: 'SID_DATA' -end - -#Class Asset maps from the 'STIG_INFO' from Checklist XML file using HappyMapper -class StigInfo - include HappyMapper - tag 'STIG_INFO' - has_many :si_data, SI_DATA, tag: 'SI_DATA' -end - -#Class Asset maps from the 'STIG_DATA' from Checklist XML file using HappyMapper -class StigData - include HappyMapper - tag 'STIG_DATA' - has_one :attrib, String, tag: 'VULN_ATTRIBUTE' - has_one :data, String, tag: 'ATTRIBUTE_DATA' -end - -# Class Asset maps from the 'VULN' from Checklist XML file using HappyMapper -class Vuln - include HappyMapper - tag 'VULN' - has_many :stig_data, StigData, tag:'STIG_DATA' - has_one :status, String, tag: 'STATUS' - has_one :finding_details, String, tag: 'FINDING_DETAILS' - has_one :comments, String, tag: 'COMMENTS' - has_one :severity_override, String, tag: 'SEVERITY_OVERRIDE' - has_one :severity_justification, String, tag: 'SEVERITY_JUSTIFICATION' -end - -# Class Asset maps from the 'iSTIG' from Checklist XML file using HappyMapper -class IStig - include HappyMapper - tag 'iSTIG' - has_one :stig_info, StigInfo, tag: 'STIG_INFO' - has_many :vuln, Vuln, tag: 'VULN' -end - -# Class Asset maps from the 'STIGS' from Checklist XML file using HappyMapper -class Stigs - include HappyMapper - tag 'STIGS' - has_one :istig, IStig, tag: 'iSTIG' -end - -class Checklist - include HappyMapper - tag 'CHECKLIST' - has_one :asset, Asset, tag: 'ASSET' - has_one :stig, Stigs, tag: 'STIGS' - Encoding.default_external = 'UTF-8' - - def where(attrib, data) - stig.istig.vuln.each do |vuln| - if vuln.stig_data.any? { |element| element.attrib == attrib && element.data == data} - # @todo Handle multiple objects that match the condition - return vuln - end - end - end -end diff --git a/lib/inspec2ckl/cli.rb b/lib/inspec2ckl/cli.rb deleted file mode 100755 index f9de076..0000000 --- a/lib/inspec2ckl/cli.rb +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env ruby -# frozen_string_literal: true -# encoding:utf-8 - -# author: Aaron Lippold -# author: Rony Xavier rx294@nyu.edu - -require 'thor' -require 'nokogiri' -require 'yaml' -require_relative 'version' -require_relative 'inspec2ckl' - -class MyCLI < Thor - desc 'exec', 'Inspec2ckl translates Inspec results json to Stig Checklist' - option :json, required: true, aliases: '-j' - option :cklist, required: false, aliases: '-c' - option :title, required: false, aliases: '-t' - option :date, required: false, aliases: '-d' - option :attrib, required: false, aliases: '-a' - option :output, required: true, aliases: '-o' - def exec - inspec_json = File.read(options[:json]) - cklist_doc = options[:cklist] ? File.open(options[:cklist]) { |f| Nokogiri::XML(f) } : nil - attrib = YAML.load_file(options[:attrib]) unless options[:attrib].nil? || !File.file?(options[:attrib]) - attrib ||= {} - title = options[:title] || attrib['title'] - date = options[:date] || attrib['date'] - inspec2ckl = Inspec2ckl.new(inspec_json, cklist_doc, title, date) - File.write(options[:output], inspec2ckl.to_ckl) - end - - # desc 'validate', 'A small parser to take the JSON full output of an InSpec profile results and update the DISA Checklist file.' - # option :json, aliases: '-j' - # option :cklist, aliases: '-c' - # def validate - # if !options[:json].nil? - # # @todo complete json validation code - # puts schema = Inspec::Schema.json('exec-json') - # inspec_json = File.read(options[:json]) - # # puts inspec_json - # puts JSON::Validator.validate(schema, inspec_json.to_s) - # end - # if !options[:cklist].nil? - # # @todo complete xml validation code - # xml = File.read(options[:cklist]) - # # puts xml - # options = Nokogiri::XML::ParseOptions::DTDVALID - # puts options - # doc = Nokogiri::XML::Document.parse(xml, nil, nil, options) - # puts doc.external_subset.validate(doc) - # end - # end - - map %w{--help -h} => :help - desc 'help', 'Help for using Inspec2ckl' - def help - puts "\nInspec2ckl translates Inspec results json to Stig Checklist\n\n" - puts "\t-j --json : Path to Inspec results json file" - puts "\t-c --cklist : Path to Stig Checklist file" - puts "\t-t --title : Title of Stig Checklist file" - puts "\t-d --date : Date of the Stig Checklist file" - puts "\t-a --attrib : Path to attributes yaml file" - puts "\t-o --output : Path to output checklist file" - puts "\t-V --verbose : verbose run" - puts "\nexample: ./inspec2ckl exec -c checklist.ckl -j results.json -o output.ckl\n\n" - end - - map %w{--version -v} => :print_version - desc '--version, -v', "print's inspec2ckl version" - def print_version - puts InspecCKL::VERSION - end -end - -MyCLI.start(ARGV) diff --git a/lib/inspec2ckl/inspec2ckl.rb b/lib/inspec2ckl/inspec2ckl.rb deleted file mode 100755 index 8453d53..0000000 --- a/lib/inspec2ckl/inspec2ckl.rb +++ /dev/null @@ -1,160 +0,0 @@ -#!/usr/local/bin/ruby -# frozen_string_literal: true -# encoding:utf-8 - -# author: Aaron Lippold -# author: Rony Xavier rx294@nyu.edu - -require 'date' -require 'happymapper' -require 'nokogiri' -require 'json' -require 'cgi' -require_relative 'StigChecklist' -Encoding.default_external = 'UTF-8' - -class Inspec2ckl < Checklist - def initialize(inspec_json, cklist, title, date) - json = JSON.parse(inspec_json) - @title = generate_title title, json, date - @cklist = cklist - @data = parse_json(json) - @checklist = Checklist.new - end - - def to_ckl - if @cklist.nil? - generate_ckl - else - update_ckl_file - end - CGI.unescapeHTML(@checklist.to_xml.encode('UTF-8')).gsub('', '').chomp - end - - def clk_status(control) - status_list = control[:status].uniq - if status_list.include?('failed') - result = 'Open' - elsif status_list.include?('passed') - result = 'NotAFinding' - elsif status_list.include?('skipped') - result = 'Not_Reviewed' - else - result = 'Not_Tested' - end - if control[:impact].to_f.zero? - result = 'Not_Applicable' - end - result - end - - def clk_finding_details(control, control_clk_status) - result = "One or more of the automated tests failed or was inconclusive for the control \n\n #{control[:message].sort.join}" if control_clk_status == 'Open' - result = "All Automated tests passed for the control \n\n #{control[:message].join}" if control_clk_status == 'NotAFinding' - result = "Automated test skipped due to known accepted condition in the control : \n\n#{control[:message].join}" if control_clk_status == 'Not_Reviewed' - result = "Justification: \n #{control[:message].split.join(' ')}" if control_clk_status == 'Not_Applicable' - result = 'No test available for this control' if control_clk_status == 'Not_Tested' - result - end - - def update_ckl_file - @checklist = Checklist.parse(@cklist.to_s) - @data.keys.each do |control_id| - vuln = @checklist.where('Vuln_Num', control_id.to_s) - vuln.status = clk_status(@data[control_id]) - vuln.finding_details << clk_finding_details(@data[control_id], vuln.status) - end - end - - def generate_vuln_data(control) - vuln = Vuln.new - stig_data_list = [] - - %w{ - Vuln_Num Severity Group_Title Rule_ID Rule_Ver Rule_Title Vuln_Discuss - Check_Content Fix_Text CCI_REF - }.each do |param| - stigdata = StigData.new - stigdata.attrib = param - stigdata.data = control[param.downcase.to_sym] - stig_data_list.push(stigdata) - end - - stigdata = StigData.new - stigdata.attrib = 'STIGRef' - stigdata.data = @title - stig_data_list.push(stigdata) - - vuln.stig_data = stig_data_list - vuln.status = clk_status(control) - vuln.comments = "\nAutomated compliance tests brought to you by the MITRE corporation and the InSpec project.\n\nInspec Profile: #{control[:profile_name]}\nProfile shasum: #{control[:profile_shasum]}" - vuln.finding_details = clk_finding_details(control, vuln.status) - vuln.severity_override = '' - vuln.severity_justification = '' - - vuln - end - - def generate_title(title, json, date) - title ||= "Untitled - Checklist Created from Automated InSpec Results JSON; Profiles: #{json['profiles'].map { |x| x['name'] }.join(' | ')}" - title + " Checklist Date: #{date || Date.today.to_s}" - end - - def generate_ckl - stigs = Stigs.new - istig = IStig.new - vuln_list = [] - @data.keys.each do |control_id| - vuln_list.push(generate_vuln_data(@data[control_id])) - end - istig.stig_info = StigInfo.new - istig.vuln = vuln_list - stigs.istig = istig - @checklist.stig = stigs - asset = Asset.new - asset.type = 'Computing' - @checklist.asset = asset - end - - def parse_json(json) - data = {} - json['profiles'].each do |profile| - profile['controls'].each do |control| - c_id = control['id'].to_sym - data[c_id] = {} - data[c_id][:vuln_num] = control['id'] unless control['id'].nil? - data[c_id][:rule_title] = control['title'] unless control['title'].nil? - data[c_id][:vuln_discuss] = control['desc'] unless control['desc'].nil? - unless control['tags'].nil? - data[c_id][:severity] = control['tags']['severity'] unless control['tags']['severity'].nil? - data[c_id][:gid] = control['tags']['gid'] unless control['tags']['gid'].nil? - data[c_id][:group_title] = control['tags']['gtitle'] unless control['tags']['gtitle'].nil? - data[c_id][:rule_id] = control['tags']['rid'] unless control['tags']['rid'].nil? - data[c_id][:rule_ver] = control['tags']['stig_id'] unless control['tags']['stig_id'].nil? - data[c_id][:cci_ref] = control['tags']['cci'] unless control['tags']['cci'].nil? - data[c_id][:nist] = control['tags']['nist'].join(' ') unless control['tags']['nist'].nil? - data[c_id][:check_content] = control['tags']['check'] unless control['tags']['check'].nil? - data[c_id][:fix_text] = control['tags']['fix'] unless control['tags']['fix'].nil? - end - data[c_id][:impact] = control['impact'].to_s unless control['impact'].nil? - data[c_id][:profile_name] = profile['name'].to_s unless profile['name'].nil? - data[c_id][:profile_shasum] = profile['sha256'].to_s unless profile['sha256'].nil? - - data[c_id][:status] = [] - data[c_id][:message] = [] - if control.key?('results') - control['results'].each do |result| - data[c_id][:status].push(result['status']) - data[c_id][:message].push(result['skip_message']) if result['status'] == 'skipped' - data[c_id][:message].push("FAILED -- Test: #{result['code_desc']}\nMessage: #{result['message']}\n") if result['status'] == 'failed' - data[c_id][:message].push("PASS -- #{result['code_desc']}\n") if result['status'] == 'passed' - end - end - if data[c_id][:impact].to_f.zero? - data[c_id][:message] = control['desc'] - end - end - end - data - end -end diff --git a/lib/inspec2ckl/version.rb b/lib/inspec2ckl/version.rb deleted file mode 100644 index d5a5920..0000000 --- a/lib/inspec2ckl/version.rb +++ /dev/null @@ -1,5 +0,0 @@ -# encoding:utf-8 - -module InspecCKL - VERSION = '1.0.1'.freeze -end diff --git a/spec/controllers/evaluations_controller_spec.rb b/spec/controllers/evaluations_controller_spec.rb index 839004f..4a15877 100644 --- a/spec/controllers/evaluations_controller_spec.rb +++ b/spec/controllers/evaluations_controller_spec.rb @@ -29,6 +29,11 @@ # in order to pass any filters (e.g. authentication) defined in # EvaluationsController. Be sure to keep this updated too. let(:valid_session) { {} } + let(:filter_session) { { filter: FactoryGirl.create(:filter) } } + let(:filter_group_session) { { filter_group: FactoryGirl.create(:filter_group) } } + let(:filter_attributes) { + FactoryGirl.build(:filter_no_enh).attributes + } context 'Editor is logged in' do let(:user) { FactoryGirl.create(:editor) } @@ -48,11 +53,38 @@ describe 'GET #nist' do it 'returns a success response' do - # evaluation = create :evaluation, created_by: user get :nist, params: { format: 'json', id: eval.to_param, category: 'Medium' }, session: valid_session expect(response.content_type).to eq('application/json') end end + + describe 'GET #show with filter' do + render_views + it 'returns a success response' do + get :show, params: { id: eval.to_param }, session: filter_session + expect(response).to be_success + end + end + + describe 'GET #show with filter group' do + render_views + it 'returns a success response' do + filter_group = create :filter_group, created_by: user + filter = create :filter_simple, created_by: user + filter_group.filters << filter + get :show, params: { id: eval.to_param }, session: { filter_group: filter_group } + expect(response).to be_success + end + end + + describe 'GET clear filter' do + render_views + it 'returns a success response' do + get :clear_filter, params: { id: eval.to_param }, session: valid_session + expect(response).to redirect_to(Evaluation.last) + end + end + end describe 'GET #index' do @@ -86,6 +118,43 @@ end end + describe 'POST filter' do + it 'can create a filter' do + evaluation = create :evaluation, created_by: user + post :filter, params: { id: evaluation.to_param, filter: filter_attributes }, session: valid_session + expect(response).to redirect_to(Evaluation.last) + end + + it 'can save a filter' do + evaluation = create :evaluation, created_by: user + post :filter, params: { id: evaluation.to_param, filter: { family: %w{AC SC}, save_filter: 'true' } }, session: valid_session + expect(response).to redirect_to(Evaluation.last) + end + end + + context 'with filters' do + before(:each) do + @filter_group = create :filter_group, created_by: user + @filter = create :filter, filter_group_ids: [@filter_group.id], created_by: user + end + + describe 'Select filter group' do + it 'can upload an evaluation' do + evaluation = create :evaluation, created_by: user + post :filter_select, params: { id: evaluation.to_param, filter_group: { id: @filter_group.id } }, session: valid_session + expect(response).to redirect_to(Evaluation.last) + end + end + + describe 'Select filter' do + it 'can upload an evaluation' do + evaluation = create :evaluation, created_by: user + post :filter_select, params: { id: evaluation.to_param, filter_group: { id: nil, filter_ids: @filter.id } }, session: valid_session + expect(response).to redirect_to(Evaluation.last) + end + end + end + describe 'DELETE #destroy' do it "is blocked from destroying the evaluation it doesn't own" do evaluation = create :evaluation diff --git a/spec/controllers/filter_groups_controller_spec.rb b/spec/controllers/filter_groups_controller_spec.rb new file mode 100644 index 0000000..6ffe5da --- /dev/null +++ b/spec/controllers/filter_groups_controller_spec.rb @@ -0,0 +1,158 @@ +require 'rails_helper' + +# This spec was generated by rspec-rails when you ran the scaffold generator. +# It demonstrates how one might use RSpec to specify the controller code that +# was generated by Rails when you ran the scaffold generator. +# +# It assumes that the implementation code is generated by the rails scaffold +# generator. If you are using any extension libraries to generate different +# controller code, this generated spec may or may not pass. +# +# It only uses APIs available in rails and/or rspec-rails. There are a number +# of tools you can use to make these specs even more expressive, but we're +# sticking to rails and rspec-rails APIs to keep things simple and stable. +# +# Compared to earlier versions of this generator, there is very limited use of +# stubs and message expectations in this spec. Stubs are only used when there +# is no simpler way to get a handle on the object needed for the example. +# Message expectations are only used when there is no simpler way to specify +# that an instance is receiving a specific message. +# +# Also compared to earlier versions of this generator, there are no longer any +# expectations of assigns and templates rendered. These features have been +# removed from Rails core in Rails 5, but can be added back in via the +# `rails-controller-testing` gem. + +RSpec.describe FilterGroupsController, type: :controller do + + # This should return the minimal set of attributes required to create a valid + # FilterGroup. As you add validations to FilterGroup, be sure to + # adjust the attributes here as well. + let(:valid_attributes) { + FactoryGirl.build(:filter_group).attributes + } + + let(:invalid_attributes) { + { name: nil } + } + + # This should return the minimal set of values that should be in the session + # in order to pass any filters (e.g. authentication) defined in + # FilterGroupsController. Be sure to keep this updated too. + let(:valid_session) { {} } + + context 'User is logged in' do + let(:user) { FactoryGirl.create(:editor) } + before do + sign_in user + end + + describe 'GET #index' do + it 'returns a success response' do + create :filter_group, created_by: user + get :index, params: {}, session: valid_session + expect(response).to be_success + end + end + + describe 'GET #show' do + it 'returns a success response' do + filter_group = create :filter_group, created_by: user + get :show, params: { id: filter_group.to_param }, session: valid_session + expect(response).to be_success + end + end + + describe 'GET #new' do + it 'returns a success response' do + get :new, params: {}, session: valid_session + expect(response).to be_success + end + end + + describe 'GET #edit' do + it 'returns a success response' do + filter_group = create :filter_group, created_by: user + get :edit, params: { id: filter_group.to_param }, session: valid_session + expect(response).to be_success + end + end + + describe 'POST #create' do + context 'with valid params' do + it 'creates a new FilterGroup' do + expect { + post :create, params: { filter_group: valid_attributes }, session: valid_session + }.to change(FilterGroup, :count).by(1) + end + + it 'redirects to the created filter_group' do + post :create, params: { filter_group: valid_attributes }, session: valid_session + expect(response).to redirect_to(FilterGroup.last) + end + end + + context 'with invalid params' do + it "returns a success response (i.e. to display the 'new' template)" do + post :create, params: { filter_group: invalid_attributes }, session: valid_session + expect(response).to be_success + end + end + end + + describe 'PUT #update' do + context 'with valid params' do + let(:new_attributes) { + { name: 'New Name' } + } + + it 'updates the requested filter_group' do + filter_group = create :filter_group, created_by: user + put :update, params: { id: filter_group.to_param, filter_group: new_attributes }, session: valid_session + filter_group.reload + expect(filter_group.name).to eq('New Name') + end + + it 'redirects to the filter_group' do + filter_group = create :filter_group, created_by: user + put :update, params: { id: filter_group.to_param, filter_group: valid_attributes }, session: valid_session + expect(response).to redirect_to(filter_group) + end + end + + context 'with invalid params' do + it "returns a success response (i.e. to display the 'edit' template)" do + filter_group = create :filter_group, created_by: user + put :update, params: { id: filter_group.to_param, filter_group: invalid_attributes }, session: valid_session + expect(response).to be_success + end + end + end + + describe 'DELETE #destroy' do + it 'destroys the requested filter_group' do + filter_group = create :filter_group, created_by: user + expect { + delete :destroy, params: { id: filter_group.to_param }, session: valid_session + }.to change(FilterGroup, :count).by(-1) + end + + it 'redirects to the filter_groups list' do + filter_group = create :filter_group, created_by: user + delete :destroy, params: { id: filter_group.to_param }, session: valid_session + expect(response).to redirect_to(filter_groups_url) + end + end + + describe 'Add Filter' do + it 'updates the requested filter_group' do + filter_group = create :filter_group, created_by: user + filter = create :filter, created_by: user + put :update, params: { id: filter_group.to_param, filter_group: { filter_ids: { id: filter.id } } }, session: valid_session + filter_group.reload + expect(filter_group.filters.size).to eq(1) + end + end + + end +end diff --git a/spec/controllers/filters_controller_spec.rb b/spec/controllers/filters_controller_spec.rb new file mode 100644 index 0000000..9d7072f --- /dev/null +++ b/spec/controllers/filters_controller_spec.rb @@ -0,0 +1,144 @@ +require 'rails_helper' + +# This spec was generated by rspec-rails when you ran the scaffold generator. +# It demonstrates how one might use RSpec to specify the controller code that +# was generated by Rails when you ran the scaffold generator. +# +# It assumes that the implementation code is generated by the rails scaffold +# generator. If you are using any extension libraries to generate different +# controller code, this generated spec may or may not pass. +# +# It only uses APIs available in rails and/or rspec-rails. There are a number +# of tools you can use to make these specs even more expressive, but we're +# sticking to rails and rspec-rails APIs to keep things simple and stable. +# +# Compared to earlier versions of this generator, there is very limited use of +# stubs and message expectations in this spec. Stubs are only used when there +# is no simpler way to get a handle on the object needed for the example. +# Message expectations are only used when there is no simpler way to specify +# that an instance is receiving a specific message. +# +# Also compared to earlier versions of this generator, there are no longer any +# expectations of assigns and templates rendered. These features have been +# removed from Rails core in Rails 5, but can be added back in via the +# `rails-controller-testing` gem. + +RSpec.describe FiltersController, type: :controller do + + # This should return the minimal set of attributes required to create a valid + # Filter. As you add validations to Filter, be sure to + # adjust the attributes here as well. + let(:valid_attributes) { + FactoryGirl.build(:filter).attributes + } + + # This should return the minimal set of values that should be in the session + # in order to pass any filters (e.g. authentication) defined in + # FiltersController. Be sure to keep this updated too. + let(:valid_session) { {} } + + context 'User is logged in' do + let(:user) { FactoryGirl.create(:editor) } + before do + sign_in user + end + + describe 'GET #index' do + it 'returns a success response' do + create :filter, created_by: user + get :index, params: {}, session: valid_session + expect(response).to be_success + end + end + + describe 'GET #show' do + it 'returns a success response' do + filter = create :filter, created_by: user + get :show, params: { id: filter.to_param }, session: valid_session + expect(response).to be_success + end + end + + describe 'GET #new' do + it 'returns a success response' do + get :new, params: {}, session: valid_session + expect(response).to be_success + end + end + + describe 'GET #edit' do + it 'returns a success response' do + filter = create :filter, created_by: user + get :edit, params: { id: filter.to_param }, session: valid_session + expect(response).to be_success + end + end + + describe 'POST #create' do + context 'with valid params' do + it 'creates a new Filter' do + expect { + post :create, params: { filter: valid_attributes }, session: valid_session + }.to change(Filter, :count).by(1) + end + + it 'redirects to the created filter' do + post :create, params: { filter: valid_attributes }, session: valid_session + expect(response).to redirect_to(Filter.last) + end + end + end + + describe 'PUT #update' do + context 'with valid params' do + let(:new_attributes) { + { family: ['SC'] } + } + + it 'updates the requested filter' do + filter = create :filter, created_by: user + put :update, params: { id: filter.to_param, filter: new_attributes }, session: valid_session + filter.reload + expect(filter.family).to eq(['SC']) + end + + it 'redirects to the filter' do + filter = create :filter, created_by: user + put :update, params: { id: filter.to_param, filter: valid_attributes }, session: valid_session + expect(response).to redirect_to(filter) + end + end + + end + + describe 'DELETE #destroy' do + it 'destroys the requested filter' do + filter = create :filter, created_by: user + expect { + delete :destroy, params: { id: filter.to_param }, session: valid_session + }.to change(Filter, :count).by(-1) + end + + it 'redirects to the filters list' do + filter = create :filter, created_by: user + delete :destroy, params: { id: filter.to_param }, session: valid_session + expect(response).to redirect_to(filters_url) + end + end + + describe 'DELETE nested filter' do + context 'Filter group exists' do + before(:each) do + @filter_group = create :filter_group, created_by: user + end + + it 'removes the nested filter' do + filter = create :filter, filter_group_ids: [@filter_group.id], created_by: user + expect { + delete :destroy, params: { id: filter.to_param, filter_group_id: @filter_group.id }, session: valid_session + }.to change(Filter, :count).by(0) + end + end + end + end +end diff --git a/spec/factories/filter_groups.rb b/spec/factories/filter_groups.rb new file mode 100644 index 0000000..b7b7ae9 --- /dev/null +++ b/spec/factories/filter_groups.rb @@ -0,0 +1,5 @@ +FactoryGirl.define do + factory :filter_group, class: FilterGroup do + name 'MyGroup' + end +end diff --git a/spec/factories/filters.rb b/spec/factories/filters.rb new file mode 100644 index 0000000..84fdeb2 --- /dev/null +++ b/spec/factories/filters.rb @@ -0,0 +1,31 @@ +FactoryGirl.define do + factory :filter, class: Filter do + family ['AC'] + number ['7'] + sub_fam ['a'] + sub_num ['1'] + enhancement ['4'] + enh_sub_fam ['a'] + enh_sub_num ['2'] + end + + factory :filter_simple, class: Filter do + family ['AC'] + number [] + sub_fam [] + sub_num [] + enhancement [] + enh_sub_fam [] + enh_sub_num [] + end + + factory :filter_no_enh, class: Filter do + family ['AC'] + number ['7'] + sub_fam ['a'] + sub_num ['1'] + enhancement ['none'] + enh_sub_fam [] + enh_sub_num [] + end +end diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb index 81d6377..46ad5c1 100644 --- a/spec/helpers/application_helper_spec.rb +++ b/spec/helpers/application_helper_spec.rb @@ -35,4 +35,10 @@ end end + describe 'ary_to_s' do + it 'converts an array to a string' do + expect(helper.ary_to_s(['"value"'])).to eq('value') + end + end + end diff --git a/spec/models/filter_group_spec.rb b/spec/models/filter_group_spec.rb new file mode 100644 index 0000000..8be55ab --- /dev/null +++ b/spec/models/filter_group_spec.rb @@ -0,0 +1,6 @@ +require 'rails_helper' + +RSpec.describe FilterGroup, type: :model do + it { is_expected.to be_mongoid_document } + it { is_expected.to have_and_belong_to_many(:filters).of_type(Filter) } +end diff --git a/spec/models/filter_spec.rb b/spec/models/filter_spec.rb new file mode 100644 index 0000000..65b8f60 --- /dev/null +++ b/spec/models/filter_spec.rb @@ -0,0 +1,102 @@ +require 'rails_helper' + +RSpec.describe Filter, type: :model do + it { is_expected.to be_mongoid_document } + it { is_expected.to have_and_belong_to_many(:filter_groups).of_type(FilterGroup) } + + it 'creates a regex' do + filter = Filter.new + expect(filter.to_s).to eq '*' + expect(filter.regex).to eq(/\b[A-Z]{2}.*/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC']) + expect(filter.to_s).to eq 'AC-*' + expect(filter.regex).to eq(/\bAC\-\d+(\.[a-z]{1})?(\.\d+)?/) + end + + it 'creates a regex' do + filter = Filter.new(family: %w{AC IA SC}) + expect(filter.to_s).to eq '[AC, IA, SC]-*' + expect(filter.regex).to eq(/\b(AC|IA|SC).*/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], number: ['7']) + expect(filter.to_s).to eq 'AC-7' + expect(filter.regex).to eq(/\bAC\-7(\.[a-z]{1})?(\.\d+)?/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], number: %w{1 2 3 7}) + expect(filter.to_s).to eq 'AC-[1, 2, 3, 7]' + expect(filter.regex).to eq(/\bAC\-(1|2|3|7)(\.[a-z]{1})?(\.\d+)?/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], number: ['7'], sub_fam: ['a']) + expect(filter.to_s).to eq 'AC-7.a' + expect(filter.regex).to eq(/\bAC\-7\.a(\.\d+)?/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], number: ['7'], sub_fam: %w{a b}) + expect(filter.to_s).to eq 'AC-7.[a, b]' + expect(filter.regex).to eq(/\bAC\-7\.(a|b)(\.\d+)?/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], number: ['7'], sub_fam: ['a'], sub_num: ['1']) + expect(filter.to_s).to eq 'AC-7.a.1' + expect(filter.regex).to eq(/\bAC\-7\.a\.1/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], number: ['7'], sub_fam: ['a'], sub_num: %w{1 2}) + expect(filter.to_s).to eq 'AC-7.a.[1, 2]' + expect(filter.regex).to eq(/\bAC\-7\.a\.(1|2)/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], enhancement: ['2']) + expect(filter.to_s).to eq 'AC-*([2])' + expect(filter.regex).to eq(/\bAC\-\d+(\.[a-z]{1})?(\.\d+)?\(2\)(\.[a-z]{1}(\.\d+)?)?\Z/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], enhancement: ['none']) + expect(filter.to_s).to eq 'AC-*Z' + expect(filter.regex).to eq(/\bAC\-\d+(\.[a-z]{1})?(\.\d+)?\Z/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], enhancement: %w{2 3}) + expect(filter.to_s).to eq 'AC-*([2, 3])' + expect(filter.regex).to eq(/\bAC\-\d+(\.[a-z]{1})?(\.\d+)?\((2|3)\)(\.[a-z]{1}(\.\d+)?)?\Z/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], enhancement: ['2'], enh_sub_fam: ['a']) + expect(filter.to_s).to eq 'AC-*([2]).a' + expect(filter.regex).to eq(/\bAC\-\d+(\.[a-z]{1})?(\.\d+)?\(2\)\.a(\.\d+)?\Z/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], enhancement: ['2'], enh_sub_fam: %w{a b}) + expect(filter.to_s).to eq 'AC-*([2]).[a, b]' + expect(filter.regex).to eq(/\bAC\-\d+(\.[a-z]{1})?(\.\d+)?\(2\)\.(a|b)(\.\d+)?\Z/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], enhancement: ['2'], enh_sub_fam: ['a'], enh_sub_num: ['1']) + expect(filter.to_s).to eq 'AC-*([2]).a.1' + expect(filter.regex).to eq(/\bAC\-\d+(\.[a-z]{1})?(\.\d+)?\(2\)\.a\.1\Z/) + end + + it 'creates a regex' do + filter = Filter.new(family: ['AC'], enhancement: ['2'], enh_sub_fam: ['a'], enh_sub_num: %w{1 2}) + expect(filter.to_s).to eq 'AC-*([2]).a.[1, 2]' + expect(filter.regex).to eq(/\bAC\-\d+(\.[a-z]{1})?(\.\d+)?\(2\)\.a\.(1|2)\Z/) + end +end diff --git a/spec/models/repo_spec.rb b/spec/models/repo_spec.rb index ebdfd51..3e51149 100644 --- a/spec/models/repo_spec.rb +++ b/spec/models/repo_spec.rb @@ -3,6 +3,25 @@ RSpec.describe Repo, type: :model do it { is_expected.to be_mongoid_document } + context 'Stubbed as Unauthorized' do + let(:user) { FactoryGirl.create(:editor) } + it 'GitLab returns an empty array on auth failure' do + repo_cred = create :gitlab_cred, created_by: user + @repo = repo_cred.repo + Git::GitLabProxy.stubs(:new).throws(Gitlab::Error::Unauthorized) + projects = @repo.projects repo_cred + expect(projects).to eq [] + end + + it 'GitHub returns an empty array on auth failure' do + repo_cred = create :github_cred, created_by: user + @repo = repo_cred.repo + Git::GitHubProxy.stubs(:new).throws(Octokit::Unauthorized) + projects = @repo.projects repo_cred + expect(projects).to eq [] + end + end + context 'GitLab Stubbed' do let(:user) { FactoryGirl.create(:editor) } before do diff --git a/spec/requests/filter_groups_spec.rb b/spec/requests/filter_groups_spec.rb new file mode 100644 index 0000000..c345cc9 --- /dev/null +++ b/spec/requests/filter_groups_spec.rb @@ -0,0 +1,12 @@ +require 'rails_helper' + +RSpec.describe 'FilterGroups', type: :request do + describe 'GET /filter_groups' do + it 'works! (now write some real specs)' do + sign_in_as_a_valid_user + filter_group = create :filter_group, created_by: @user + get filter_group_path(filter_group) + expect(response).to have_http_status(200) + end + end +end diff --git a/spec/requests/filters_spec.rb b/spec/requests/filters_spec.rb new file mode 100644 index 0000000..85fa9db --- /dev/null +++ b/spec/requests/filters_spec.rb @@ -0,0 +1,12 @@ +require 'rails_helper' + +RSpec.describe 'Filters', type: :request do + describe 'GET /filters' do + it 'works! (now write some real specs)' do + sign_in_as_a_valid_user + filter = create :filter, created_by: @user + get filter_path(filter) + expect(response).to have_http_status(200) + end + end +end diff --git a/spec/views/evaluations/show.html.erb_spec.rb b/spec/views/evaluations/show.html.erb_spec.rb index 5e71405..d3b451d 100644 --- a/spec/views/evaluations/show.html.erb_spec.rb +++ b/spec/views/evaluations/show.html.erb_spec.rb @@ -13,7 +13,7 @@ ), ) @counts, @controls = @evaluation.status_counts - @nist_hash = ProfilesController.nist_800_53 + @nist_hash = Constants::NIST_800_53 end it 'renders attributes' do diff --git a/spec/views/filter_groups/edit.html.erb_spec.rb b/spec/views/filter_groups/edit.html.erb_spec.rb new file mode 100644 index 0000000..777cd8d --- /dev/null +++ b/spec/views/filter_groups/edit.html.erb_spec.rb @@ -0,0 +1,18 @@ +require 'rails_helper' + +RSpec.describe 'filter_groups/edit', type: :view do + before(:each) do + @filter_group = assign(:filter_group, FilterGroup.create!( + name: 'MyString', + )) + end + + it 'renders the edit filter_group form' do + render + + assert_select 'form[action=?][method=?]', filter_group_path(@filter_group), 'post' do + + assert_select 'input[name=?]', 'filter_group[name]' + end + end +end diff --git a/spec/views/filter_groups/new.html.erb_spec.rb b/spec/views/filter_groups/new.html.erb_spec.rb new file mode 100644 index 0000000..317f674 --- /dev/null +++ b/spec/views/filter_groups/new.html.erb_spec.rb @@ -0,0 +1,18 @@ +require 'rails_helper' + +RSpec.describe 'filter_groups/new', type: :view do + before(:each) do + assign(:filter_group, FilterGroup.new( + name: 'MyString', + )) + end + + it 'renders new filter_group form' do + render + + assert_select 'form[action=?][method=?]', filter_groups_path, 'post' do + + assert_select 'input[name=?]', 'filter_group[name]' + end + end +end diff --git a/spec/views/filter_groups/show.html.erb_spec.rb b/spec/views/filter_groups/show.html.erb_spec.rb new file mode 100644 index 0000000..7eac9c3 --- /dev/null +++ b/spec/views/filter_groups/show.html.erb_spec.rb @@ -0,0 +1,14 @@ +require 'rails_helper' + +RSpec.describe 'filter_groups/show', type: :view do + before(:each) do + @filter_group = assign(:filter_group, FilterGroup.create!( + name: 'Name', + )) + end + + it 'renders attributes in

    ' do + render + expect(rendered).to match(/Name/) + end +end