From 87fbb14f92a1939499d544f853a8b1de22c29fbe Mon Sep 17 00:00:00 2001 From: George Dias Date: Fri, 7 Apr 2023 22:20:17 -0500 Subject: [PATCH 1/2] Updated the toRuby to prevent from setting empty tags to nil Signed-off-by: George Dias --- package-lock.json | 4 ++-- src/objects/control.ts | 4 ++-- .../controls-cookstyle/inputs-interpolation/SV-204392.rb | 4 ++-- .../controls-cookstyle/inputs-interpolation/SV-205734.rb | 2 +- .../controls-cookstyle/inputs-interpolation/V-92975.rb | 2 +- .../controls-cookstyle/inputs-interpolation/V-92979.rb | 2 +- .../controls-cookstyle/inputs-interpolation/V-93033.rb | 2 +- test/tests/control.spec.ts | 6 ++++-- 8 files changed, 14 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index fd2765b0..4e6b62b7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@mitre/inspec-objects", - "version": "0.0.34", + "version": "1.0.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@mitre/inspec-objects", - "version": "0.0.34", + "version": "1.0.0", "license": "Apache-2.0", "dependencies": { "@types/flat": "^5.0.2", diff --git a/src/objects/control.ts b/src/objects/control.ts index e058d096..a7e6c6ce 100644 --- a/src/objects/control.ts +++ b/src/objects/control.ts @@ -200,7 +200,6 @@ export default class Control { } else { result += ` ref ${escapeQuotes(ref.ref?.toString() || '')}, url: ${escapeQuotes(ref.url || '')}` } - }); } @@ -228,7 +227,8 @@ export default class Control { result += ` tag ${tag}: ${escapeQuotes(value)}\n`; } } else { - result += ` tag ${tag}: nil\n`; + result += ` tag '${tag}'\n`; + if (verbose) {logger.info(`${this.id} does not have a value for tag: ${tag}`);} } }); diff --git a/test/sample_data/controls-cookstyle/inputs-interpolation/SV-204392.rb b/test/sample_data/controls-cookstyle/inputs-interpolation/SV-204392.rb index bdc5dcfc..c1165fda 100644 --- a/test/sample_data/controls-cookstyle/inputs-interpolation/SV-204392.rb +++ b/test/sample_data/controls-cookstyle/inputs-interpolation/SV-204392.rb @@ -45,8 +45,8 @@ tag cci: ['CCI-001494', 'CCI-001496', 'CCI-002165', 'CCI-002235'] tag nist: ['AU-9', 'AU-9 (3)', 'AC-3 (4)', 'AC-6 (10)'] tag subsystems: ['permissions', 'package', 'rpm'] - tag host: nil - tag container: nil + tag 'host' + tag 'container' if input('disable_slow_controls') describe "This control consistently takes a long time to run and has been disabled diff --git a/test/sample_data/controls-cookstyle/inputs-interpolation/SV-205734.rb b/test/sample_data/controls-cookstyle/inputs-interpolation/SV-205734.rb index 843beabb..1aa9b9d6 100644 --- a/test/sample_data/controls-cookstyle/inputs-interpolation/SV-205734.rb +++ b/test/sample_data/controls-cookstyle/inputs-interpolation/SV-205734.rb @@ -76,7 +76,7 @@ Users - Create files/write data - Subfolders only CREATOR OWNER - Full Control - Subfolders and files only) impact 0.5 - tag severity: nil + tag 'severity' tag gtitle: 'SRG-OS-000312-GPOS-00122' tag satisfies: ['SRG-OS-000312-GPOS-00122', 'SRG-OS-000312-GPOS-00123', 'SRG-OS-000312-GPOS-00124'] tag gid: 'V-93019' diff --git a/test/sample_data/controls-cookstyle/inputs-interpolation/V-92975.rb b/test/sample_data/controls-cookstyle/inputs-interpolation/V-92975.rb index f14c617f..afc8a79a 100644 --- a/test/sample_data/controls-cookstyle/inputs-interpolation/V-92975.rb +++ b/test/sample_data/controls-cookstyle/inputs-interpolation/V-92975.rb @@ -22,7 +22,7 @@ Local accounts can be configured to expire with the command "Net user [username] /expires:[mm/dd/yyyy]", where username is the name of the temporary user account. Delete any temporary user accounts that are no longer necessary.' impact 0.0 - tag severity: nil + tag 'severity' tag gtitle: 'SRG-OS-000002-GPOS-00002' tag gid: 'V-92975' tag rid: 'SV-103063r1_rule' diff --git a/test/sample_data/controls-cookstyle/inputs-interpolation/V-92979.rb b/test/sample_data/controls-cookstyle/inputs-interpolation/V-92979.rb index 028b641f..a76f6e65 100644 --- a/test/sample_data/controls-cookstyle/inputs-interpolation/V-92979.rb +++ b/test/sample_data/controls-cookstyle/inputs-interpolation/V-92979.rb @@ -32,7 +32,7 @@ System Audit Policies >> Account Management >> "Audit Security Group Management" with "Success" selected.' impact 0.5 - tag severity: nil + tag 'severity' tag gtitle: 'SRG-OS-000004-GPOS-00004' tag satisfies: ['SRG-OS-000004-GPOS-00004', 'SRG-OS-000239-GPOS-00089', 'SRG-OS-000240-GPOS-00090', 'SRG-OS-000241-GPOS-00091', 'SRG-OS-000303-GPOS-00120', 'SRG-OS-000476-GPOS-00221'] tag gid: 'V-92979' diff --git a/test/sample_data/controls-cookstyle/inputs-interpolation/V-93033.rb b/test/sample_data/controls-cookstyle/inputs-interpolation/V-93033.rb index 138a1f7a..1d4b1b2b 100644 --- a/test/sample_data/controls-cookstyle/inputs-interpolation/V-93033.rb +++ b/test/sample_data/controls-cookstyle/inputs-interpolation/V-93033.rb @@ -96,7 +96,7 @@ Domain Policy and Default Domain Controllers Policy. They will have this permission on created Group Policy objects.' impact 0.7 - tag severity: nil + tag 'severity' tag gtitle: 'SRG-OS-000324-GPOS-00125' tag gid: 'V-93033' tag rid: 'SV-103121r1_rule' diff --git a/test/tests/control.spec.ts b/test/tests/control.spec.ts index 23df5a95..0f22c0cc 100644 --- a/test/tests/control.spec.ts +++ b/test/tests/control.spec.ts @@ -17,9 +17,11 @@ TEST_USE_CASES.set('V-93149','should properly write a control with special chara describe('The control functionality', () => { const cookstyle_profile = processInSpecProfile(fs.readFileSync('test/sample_data/inspec/json/cookstyle-controls-profile.json', 'utf-8')) + const allKeys =[ ...TEST_USE_CASES.keys() ]; cookstyle_profile.controls.forEach(control => { - // Write the new control to the controls folder - fs.writeFileSync(path.join('test/sample_data/', 'controls-test-results', `${control.id}.rb`), control.toRuby(true)) + if (allKeys.includes(control.id)) { + fs.writeFileSync(path.join('test/sample_data/', 'controls-test-results', `${control.id}.rb`), control.toRuby(true)) + } }) // These checks are comparing what the function "toRuby" is outputting with a small sample profile created from From 307b2eabbc3833a05004021b9d6971f3aedbd2df Mon Sep 17 00:00:00 2001 From: Emily Rodriguez Date: Tue, 18 Apr 2023 09:50:34 -0500 Subject: [PATCH 2/2] allow severity and satisifies to have nil values on the tag Signed-off-by: Emily Rodriguez --- src/objects/control.ts | 8 +++++++- .../controls-cookstyle/inputs-interpolation/SV-205734.rb | 2 +- .../controls-cookstyle/inputs-interpolation/V-92975.rb | 2 +- .../controls-cookstyle/inputs-interpolation/V-92979.rb | 2 +- .../controls-cookstyle/inputs-interpolation/V-93033.rb | 2 +- 5 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/objects/control.ts b/src/objects/control.ts index a7e6c6ce..17b3e7d7 100644 --- a/src/objects/control.ts +++ b/src/objects/control.ts @@ -227,7 +227,13 @@ export default class Control { result += ` tag ${tag}: ${escapeQuotes(value)}\n`; } } else { - result += ` tag '${tag}'\n`; + const nilTagList = ['severity', 'satisfies'] + if (nilTagList.includes(tag)) { + result += ` tag ${tag}: nil\n`; + } + else { + result += ` tag '${tag}'\n`; + } if (verbose) {logger.info(`${this.id} does not have a value for tag: ${tag}`);} } }); diff --git a/test/sample_data/controls-cookstyle/inputs-interpolation/SV-205734.rb b/test/sample_data/controls-cookstyle/inputs-interpolation/SV-205734.rb index 1aa9b9d6..843beabb 100644 --- a/test/sample_data/controls-cookstyle/inputs-interpolation/SV-205734.rb +++ b/test/sample_data/controls-cookstyle/inputs-interpolation/SV-205734.rb @@ -76,7 +76,7 @@ Users - Create files/write data - Subfolders only CREATOR OWNER - Full Control - Subfolders and files only) impact 0.5 - tag 'severity' + tag severity: nil tag gtitle: 'SRG-OS-000312-GPOS-00122' tag satisfies: ['SRG-OS-000312-GPOS-00122', 'SRG-OS-000312-GPOS-00123', 'SRG-OS-000312-GPOS-00124'] tag gid: 'V-93019' diff --git a/test/sample_data/controls-cookstyle/inputs-interpolation/V-92975.rb b/test/sample_data/controls-cookstyle/inputs-interpolation/V-92975.rb index afc8a79a..f14c617f 100644 --- a/test/sample_data/controls-cookstyle/inputs-interpolation/V-92975.rb +++ b/test/sample_data/controls-cookstyle/inputs-interpolation/V-92975.rb @@ -22,7 +22,7 @@ Local accounts can be configured to expire with the command "Net user [username] /expires:[mm/dd/yyyy]", where username is the name of the temporary user account. Delete any temporary user accounts that are no longer necessary.' impact 0.0 - tag 'severity' + tag severity: nil tag gtitle: 'SRG-OS-000002-GPOS-00002' tag gid: 'V-92975' tag rid: 'SV-103063r1_rule' diff --git a/test/sample_data/controls-cookstyle/inputs-interpolation/V-92979.rb b/test/sample_data/controls-cookstyle/inputs-interpolation/V-92979.rb index a76f6e65..028b641f 100644 --- a/test/sample_data/controls-cookstyle/inputs-interpolation/V-92979.rb +++ b/test/sample_data/controls-cookstyle/inputs-interpolation/V-92979.rb @@ -32,7 +32,7 @@ System Audit Policies >> Account Management >> "Audit Security Group Management" with "Success" selected.' impact 0.5 - tag 'severity' + tag severity: nil tag gtitle: 'SRG-OS-000004-GPOS-00004' tag satisfies: ['SRG-OS-000004-GPOS-00004', 'SRG-OS-000239-GPOS-00089', 'SRG-OS-000240-GPOS-00090', 'SRG-OS-000241-GPOS-00091', 'SRG-OS-000303-GPOS-00120', 'SRG-OS-000476-GPOS-00221'] tag gid: 'V-92979' diff --git a/test/sample_data/controls-cookstyle/inputs-interpolation/V-93033.rb b/test/sample_data/controls-cookstyle/inputs-interpolation/V-93033.rb index 1d4b1b2b..138a1f7a 100644 --- a/test/sample_data/controls-cookstyle/inputs-interpolation/V-93033.rb +++ b/test/sample_data/controls-cookstyle/inputs-interpolation/V-93033.rb @@ -96,7 +96,7 @@ Domain Policy and Default Domain Controllers Policy. They will have this permission on created Group Policy objects.' impact 0.7 - tag 'severity' + tag severity: nil tag gtitle: 'SRG-OS-000324-GPOS-00125' tag gid: 'V-93033' tag rid: 'SV-103121r1_rule'