Merge pull request #9 from xprazak2/tailoring

Add basic implementation for tailoring

Author: isimluk

lib/openscap/xccdf/tailoring.rb

@@ -0,0 +1,62 @@
+#
+# Copyright (c) 2016 Red Hat Inc.
+#
+# This software is licensed to you under the GNU General Public License,
+# version 2 (GPLv2). There is NO WARRANTY for this software, express or
+# implied, including the implied warranties of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
+# along with this software; if not, see
+# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
+#
+
+require 'openscap/source'
+require 'openscap/xccdf/profile'
+
+module OpenSCAP
+  module Xccdf
+    class Tailoring
+      attr_reader :raw
+
+      def initialize(source, benchmark)
+        case source
+        when OpenSCAP::Source
+          @raw = OpenSCAP.xccdf_tailoring_import_source source.raw, benchmark
+        else
+          fail OpenSCAP::OpenSCAPError, "Cannot initialize OpenSCAP::Xccdf::Tailoring with '#{source}'"
+        end
+        OpenSCAP.raise! if @raw.null?
+      end
+
+      def profiles
+        @profiles ||= profiles_init
+      end
+
+      def destroy
+        OpenSCAP.xccdf_tailoring_free @raw
+        @raw = nil
+      end
+
+      private
+
+      def profiles_init
+        profiles = {}
+        profit = OpenSCAP.xccdf_tailoring_get_profiles raw
+        while OpenSCAP.xccdf_profile_iterator_has_more profit
+          profile_p = OpenSCAP.xccdf_profile_iterator_next profit
+          profile = OpenSCAP::Xccdf::Profile.new profile_p
+          profiles[profile.id] = profile
+        end
+        OpenSCAP.xccdf_profile_iterator_free profit
+        profiles
+      end
+    end
+  end
+
+  attach_function :xccdf_tailoring_import_source, [:pointer, :pointer], :pointer
+  attach_function :xccdf_tailoring_free, [:pointer], :void
+
+  attach_function :xccdf_tailoring_get_profiles, [:pointer], :pointer
+  attach_function :xccdf_profile_iterator_has_more, [:pointer], :bool
+  attach_function :xccdf_profile_iterator_next, [:pointer], :pointer
+  attach_function :xccdf_profile_iterator_free, [:pointer], :void
+end

test/data/tailoring.xml

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
+  <xccdf:benchmark href="/usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml"/>
+  <xccdf:version time="2016-11-10T11:24:26">1</xccdf:version>
+  <xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized" extends="xccdf_org.ssgproject.content_profile_stig-firefox-upstream">
+    <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Upstream Firefox STIG [CUSTOMIZED]</xccdf:title>
+    <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">This profile is developed under the DoD consensus model and DISA FSO Vendor STIG process,
+serving as the upstream development environment for the Firefox STIG.
+
+As a result of the upstream/downstream relationship between the SCAP Security Guide project
+and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content.
+For official DISA FSO STIG content, refer to http://iase.disa.mil/stigs/app-security/browser-guidance/Pages/index.aspx.
+
+While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note
+that commercial support of this SCAP content is NOT available. This profile is provided as example
+SCAP content with no endorsement for suitability or production readiness. Support for this
+profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The
+upstream project homepage is https://fedorahosted.org/scap-security-guide/.
+</xccdf:description>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-non-secure_page_warning" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_text" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_context_menus" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_changes" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_resizing" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_changes" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-auto-update_of_firefox" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_passwords" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_forms" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-addons_plugin_updates" selected="false"/>
+  </xccdf:Profile>
+</xccdf:Tailoring>

test/xccdf/tailoring_test.rb

@@ -0,0 +1,39 @@
+#
+# Copyright (c) 2014--2016 Red Hat Inc.
+#
+# This software is licensed to you under the GNU General Public License,
+# version 2 (GPLv2). There is NO WARRANTY for this software, express or
+# implied, including the implied warranties of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
+# along with this software; if not, see
+# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
+#
+
+require 'openscap'
+require 'openscap/source'
+require 'openscap/xccdf/tailoring'
+require 'common/testcase'
+
+class TailoringTest < OpenSCAP::TestCase
+  def test_new_from_file
+    tailoring = tailoring_from_file
+    tailoring.destroy
+    refute tailoring.raw
+  end
+
+  def test_profiles
+    profiles = tailoring_from_file.profiles
+    assert_equal 1, profiles.length
+    assert profiles.values.first.is_a?(OpenSCAP::Xccdf::Profile)
+  end
+
+  private
+
+  def tailoring_from_file
+    source = OpenSCAP::Source.new '../data/tailoring.xml'
+    tailoring = OpenSCAP::Xccdf::Tailoring.new source, nil
+    source.destroy
+    assert tailoring
+    tailoring
+  end
+end