feat(Value): RHICOMPL-3460 parse all values and bounds

OpenSCAP · Dec 12, 2022 · bf425d9 · bf425d9
1 parent f8563f2
commit bf425d9
Show file tree

Hide file tree

Showing 9 changed files with 133 additions and 102 deletions.
diff --git a/lib/openscap_parser.rb b/lib/openscap_parser.rb
@@ -7,7 +7,7 @@
 require 'openscap_parser/profiles'
 require 'openscap_parser/rules'
 require 'openscap_parser/groups'
-require 'openscap_parser/value_definitions'
+require 'openscap_parser/values'
 require 'openscap_parser/rule_results'
 require 'openscap_parser/tailorings'
 

diff --git a/lib/openscap_parser/benchmark.rb b/lib/openscap_parser/benchmark.rb
@@ -6,7 +6,7 @@
 require 'openscap_parser/profiles'
 require 'openscap_parser/rule_references'
 require 'openscap_parser/groups'
-require 'openscap_parser/value_definitions'
+require 'openscap_parser/values'
 
 # Mimics openscap-ruby Benchmark interface
 module OpenscapParser
@@ -16,7 +16,7 @@ class Benchmark < XmlNode
     include OpenscapParser::RuleReferences
     include OpenscapParser::Profiles
     include OpenscapParser::Groups
-    include OpenscapParser::ValueDefinitions
+    include OpenscapParser::Values
 
     def id
       @id ||= @parsed_xml['id']

diff --git a/lib/openscap_parser/profile.rb b/lib/openscap_parser/profile.rb
@@ -53,10 +53,12 @@ def refined_values
     end
 
     def to_h
-      { :id => id,
+      {
+        :id => id,
         :title => title,
         :description => description,
-        :refined_values => refined_values }
+        :refined_values => refined_values
+      }
     end
   end
 end
diff --git a/lib/openscap_parser/value.rb b/lib/openscap_parser/value.rb
@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+module OpenscapParser
+  class Value < XmlNode
+    include OpenscapParser::Util
+
+    def id
+      @id ||= parsed_xml['id']
+    end
+
+    def description
+      @description ||= newline_to_whitespace(parsed_xml.at_css('description')&.text)
+    end
+
+    def title
+      @title ||= parsed_xml.at_css('title')&.text
+    end
+
+    def type
+      @type ||= parsed_xml['type'] || 'string'
+    end
+
+    def generic_selector(type, selector = nil)
+      cache = instance_variable_get("@#{type}")
+
+      unless cache
+        element_name = type.to_s.sub('_', '-')
+        cache = parsed_xml.xpath(element_name).each_with_object({}) do |element, elements|
+          elements[element.at_xpath('@selector')&.text.presence] = element&.text
+        end
+        instance_variable_set("@#{type}", cache)
+      end
+
+      return cache[selector] if selector
+
+      cache[nil] || cache.values.first
+    end
+
+    def upper_bound(selector = nil)
+      generic_selector(:upper_bound, selector)
+    end
+
+    def lower_bound(selector = nil)
+      generic_selector(:lower_bound, selector)
+    end
+
+    def value(selector = nil)
+      generic_selector(:value, selector)
+    end
+
+    def to_h
+      {
+        :id => id,
+        :title => title,
+        :description => description,
+        :type => type,
+        :lower_bound => lower_bound,
+        :upper_bound => upper_bound
+      }
+    end
+  end
+end
diff --git a/lib/openscap_parser/value_definition.rb b/lib/openscap_parser/value_definition.rb
diff --git a/lib/openscap_parser/value_definitions.rb b/lib/openscap_parser/value_definitions.rb
diff --git a/lib/openscap_parser/values.rb b/lib/openscap_parser/values.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/value'
+
+module OpenscapParser
+  # Methods related to parsing values
+  module Values
+    def self.included(base)
+      base.class_eval do
+        def values
+          @values ||= value_nodes.map do |vdn|
+            Value.new(parsed_xml: vdn)
+          end
+        end
+
+        def value_nodes(xpath = ".//Value")
+          xpath_nodes(xpath)
+        end
+      end
+    end
+  end
+end
diff --git a/test/fixtures/files/xccdf_report_with_conflicts_and_requires.xml b/test/fixtures/files/xccdf_report_with_conflicts_and_requires.xml
@@ -9202,7 +9202,7 @@ configurations are changed in an unauthorized manner.</description>
             <value selector='5345'>51882M</value>
             <value selector="512M">212M</value>
             <value selector="5435">1G</value>
-            <value selector='5345'>512M</value>
+            <value selector='5346'>512M</value>
           </Value>
           <Group id="xccdf_org.ssgproject.content_group_rpm_verification">
             <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Verify Integrity with RPM</title>

diff --git a/test/openscap_parser/test_result_file_test.rb b/test/openscap_parser/test_result_file_test.rb
@@ -53,6 +53,25 @@ def setup
       test 'profile_selected_entity_ids' do
         assert_equal(248, @test_result_file2.benchmark.profiles.first.selected_entity_ids.length)
       end
+
+      test 'profile_refined_values' do
+        assert_equal({"xccdf_org.ssgproject.content_value_var_selinux_state"=>"enforcing",
+                      "xccdf_org.ssgproject.content_value_var_selinux_policy_name"=>"targeted",
+                      "xccdf_org.ssgproject.content_value_login_banner_text"=>"usgcb_default",
+                      "xccdf_org.ssgproject.content_value_var_auditd_max_log_file"=>"6",
+                      "xccdf_org.ssgproject.content_value_var_auditd_action_mail_acct"=>"root",
+                      "xccdf_org.ssgproject.content_value_var_auditd_admin_space_left_action"=>"single",
+                      "xccdf_org.ssgproject.content_value_var_sshd_set_keepalive"=>"0",
+                      "xccdf_org.ssgproject.content_value_var_password_pam_minlen"=>"14",
+                      "xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time"=>"900",
+                      "xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny"=>"5",
+                      "xccdf_org.ssgproject.content_value_var_password_pam_unix_remember"=>"5",
+                      "xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs"=>"90",
+                      "xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs"=>"7",
+                      "xccdf_org.ssgproject.content_value_var_accounts_password_warn_age_login_defs"=>"7",
+                      "xccdf_org.ssgproject.content_value_var_account_disable_post_pw_expiration"=>"30"},
+        @test_result_file2.benchmark.profiles.first.refined_values)
+      end
     end
 
     context 'groups' do
@@ -189,33 +208,40 @@ def setup
       end
     end
 
-    context 'value_definitions' do
+    context 'values' do
       test 'value_description' do
         assert_match(/^Specify the email address for designated personnel if baseline configurations are changed in an unauthorized manner./,
-                     @test_result_file2.benchmark.value_definitions.first.description)
+                     @test_result_file2.benchmark.values.first.description)
       end
 
       test 'type' do
-        assert_equal("string", @test_result_file2.benchmark.value_definitions[0].type)
-        assert_equal("string", @test_result_file2.benchmark.value_definitions[1].type)
-        assert_equal("number", @test_result_file2.benchmark.value_definitions[4].type)
+        assert_equal("string", @test_result_file2.benchmark.values[0].type)
+        assert_equal("string", @test_result_file2.benchmark.values[1].type)
+        assert_equal("number", @test_result_file2.benchmark.values[4].type)
       end
 
       test 'lower bound' do
-        assert_equal(nil, @test_result_file2.benchmark.value_definitions[0].lower_bound)
-        assert_equal("0", @test_result_file2.benchmark.value_definitions[4].lower_bound)
+        assert_equal(nil, @test_result_file2.benchmark.values[0].lower_bound)
+        assert_equal('0', @test_result_file2.benchmark.values[4].lower_bound)
+        assert_equal('1', @test_result_file2.benchmark.values[4].lower_bound('1_day'))
       end
 
       test 'upper bound' do
-        assert_equal(nil, @test_result_file2.benchmark.value_definitions[0].upper_bound)
-        assert_equal("40000000", @test_result_file2.benchmark.value_definitions[4].upper_bound)
-      end
-
-      test 'default value' do
-        assert_equal("51882M", @test_result_file2.benchmark.value_definitions[0].default_value)
-        assert_equal("512M", @test_result_file2.benchmark.value_definitions[1].default_value)
-        assert_equal("3h", @test_result_file2.benchmark.value_definitions[2].default_value)
-        assert_equal("DEFAULT", @test_result_file2.benchmark.value_definitions[3].default_value)
+        assert_equal(nil, @test_result_file2.benchmark.values[0].upper_bound)
+        assert_equal('40000000', @test_result_file2.benchmark.values[4].upper_bound)
+        assert_equal('70000000', @test_result_file2.benchmark.values[4].upper_bound('1_day'))
+      end
+
+      test 'value' do
+        assert_equal("51882M", @test_result_file2.benchmark.values[0].value)
+        assert_equal("512M", @test_result_file2.benchmark.values[1].value)
+        assert_equal("3h", @test_result_file2.benchmark.values[2].value)
+        assert_equal("DEFAULT", @test_result_file2.benchmark.values[3].value)
+        assert_equal("212M", @test_result_file2.benchmark.values[0].value('512M'))
+        assert_equal('1G', @test_result_file2.benchmark.values[1].value('1G'))
+        assert_equal("1h", @test_result_file2.benchmark.values[2].value('1hour'))
+        assert_equal("3h", @test_result_file2.benchmark.values[2].value('3hour'))
+        assert_equal("DEFAULT2", @test_result_file2.benchmark.values[3].value('default_policy'))
       end
     end