Handle OpenControl repo w/ no dependencies. Fixes #27.

GovReady · May 8, 2017 · 3f7b904 · 3f7b904
1 parent c0c22da
commit 3f7b904
Show file tree

Hide file tree

Showing 9 changed files with 146 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Change Log
 
+## compliancelib v1.1.2
+- fix OpenControlFiles crash when OpenControl repo contains no dependencies
+
 ## compliancelib v1.1.1
 - Improve OpenControl narrative parsing to handle narratives that are strings and lists
 

diff --git a/compliancelib/opencontrolfiles.py b/compliancelib/opencontrolfiles.py
@@ -85,9 +85,9 @@
 """
 
 __author__ = "Greg Elin (gregelin@govready.com)"
-__version__ = "$Revision: 1.1.0 $"
-__date__ = "$Date: 2016/10/18 05:30:00 $"
-__copyright__ = "Copyright (c) 2016 GovReady PBC"
+__version__ = "$Revision: 1.1.1 $"
+__date__ = "$Date: 2017/05/08 05:30:00 $"
+__copyright__ = "Copyright (c) 2016, 2017 GovReady PBC"
 __license__ = "Apache Software License 2.0"
 
 import os
@@ -235,6 +235,8 @@ def list_dependency_items_in_repo(self, ocfileurl, item_type):
         "list paths of items found in the dependencies of an opencontrol.yaml file"
         item_list = []
         ocfile_dict = self.load_ocfile_from_url(ocfileurl)
+        # Return empty if no dependencies key present
+        if not 'dependencies' in ocfile_dict: return []
         if item_type in ocfile_dict['dependencies'].keys():
             item_list = ocfile_dict['dependencies'][item_type]
         return item_list

diff --git a/compliancelib/tests/test_data/repo_no_dependencies/AU_policy/component.yaml b/compliancelib/tests/test_data/repo_no_dependencies/AU_policy/component.yaml
@@ -0,0 +1,41 @@
+documentation_complete: false
+name: Audit Policy
+schema_version: 3.0.0
+references:
+- name: AU Policy
+  path: https://github.com/opencontrol/freedonia-policies/wiki/Audit-Policy
+satisfies:
+- control_key: AU-1
+  standard_key: FRIST-800-53
+  covered_by: []
+  implementation_status: implemented
+  narrative:
+    - text: |
+        This text describes how our organization is meeting the requirements for the
+        Audit policy, and also references a more complete description at ./AU_policy/README.md
+
+        Since the AU-1 `control` is to document and disseminate a policy on Audit and Accountability, then
+        this narrative suffices to provide that control. A verification step could be something
+        that checks that the referenced policy is no more than 365 days old.
+- control_key: AU-2
+  standard_key: FRIST-800-53
+  covered_by: []
+  implementation_status: none
+  narrative:
+   - text: |
+        Application and Server logs are sent to PaperTrail to provide audit
+        reduction and report generation capabilites for Freedonia Devops and end users
+        of the Freedonia hello_world system.
+
+        PaperTrail is a SaaS for aggregation of audit log data across multiple systems and tiers
+
+        With the PaperTrail capability, organizations operations and development teams
+        can structure and customize audit logs queries to specific app instances, API
+        calls, system metrics, user access, system components, network traffic flow and
+        other criteria.
+- control_key: AU-3
+  standard_key: FRIST-800-53
+  covered_by: []
+  implementation_status: none
+  narrative: |
+        This is a sample control where no text attribute was defined for the control key, just text.
diff --git a/compliancelib/tests/test_data/repo_no_dependencies/certifications/FredRAMP-low.yaml b/compliancelib/tests/test_data/repo_no_dependencies/certifications/FredRAMP-low.yaml
@@ -0,0 +1,9 @@
+name: FredRAMP-low
+standards:
+
+  FRIST-800-53:
+    AU-1: {}
+    AU-2: {}
+    PE-2: {}
+    SC-1: {}
+    SC-7: {}
diff --git a/compliancelib/tests/test_data/repo_no_dependencies/certifications/LATO.yaml b/compliancelib/tests/test_data/repo_no_dependencies/certifications/LATO.yaml
@@ -0,0 +1,29 @@
+
+name: LATO
+standards:
+  NIST-800-53:
+    AC-2: {}
+    AC-3: {}
+    AC-6: {}
+    AU-2: {}
+    AU-6: {}
+    CA-8: {}
+    CM-2: {}
+    CM-3: {}
+    CM-6: {}
+    CM-8: {}
+    IA-2: {}
+    IA-2 (1): {}
+    IA-2 (2): {}
+    IA-2 (12): {}
+    PL-8: {}
+    RA-5: {}
+    SA-11 (1): {}
+    SA-22 (1): {}
+    SC-7: {}
+    SC-12 (1): {}
+    SC-13: {}
+    SC-28 (1): {}
+    SI-2: {}
+    SI-4: {}
+    SI-10: {}
diff --git a/compliancelib/tests/test_data/repo_no_dependencies/opencontrol.yaml b/compliancelib/tests/test_data/repo_no_dependencies/opencontrol.yaml
@@ -0,0 +1,13 @@
+schema_version: "1.0.0"
+name: freedonia_nd.fd
+metadata:
+  description: Test OpenControl repo with local certifications and standards and standards and no dependencies key
+  maintainers:
+    - pburkholder@pobox.com
+components:
+  - ./AU_policy
+standards:
+  - ./standards/FRIST-800-53.yaml
+certifications:
+  - ./certifications/FredRAMP-low.yaml
+  - ./certifications/LATO.yaml
diff --git a/compliancelib/tests/test_data/repo_no_dependencies/standards/FRIST-800-53.yaml b/compliancelib/tests/test_data/repo_no_dependencies/standards/FRIST-800-53.yaml
@@ -0,0 +1,22 @@
+name: FRIST-800-53
+AU-1:
+  family: AU
+  name: Audit and Accountability Policy and Procedures
+AU-2:
+  family: AU
+  name: Audit Events
+AU-2 (3):
+  family: AU
+  name: Audit Events | Reviews and Updates
+PE-2:
+  family: PE
+  name: Physical Access Authorizations
+SC-1:
+  family: SC
+  name: System and Communications Protection Policy and Procedures
+SC-7:
+  family: SC
+  name: Boundary Protection
+XX-1:
+  family: XX
+  name: Dummy Mock Control
diff --git a/compliancelib/tests/test_opencontrolfiles.py b/compliancelib/tests/test_opencontrolfiles.py
@@ -22,9 +22,9 @@
 """
 
 __author__ = "Greg Elin (gregelin@govready.com)"
-__version__ = "$Revision: 0.4.0 $"
-__date__ = "$Date: 2016/10/18 05:30:00 $"
-__copyright__ = "Copyright (c) 2016 GovReady PBC"
+__version__ = "$Revision: 0.5.0 $"
+__date__ = "$Date: 2017/05/08 03:12:00 $"
+__copyright__ = "Copyright (c) 2016, 2017 GovReady PBC"
 __license__ = "Apache Software License 2.0"
 
 from unittest import TestCase
@@ -321,5 +321,25 @@ def test_list_dependency_items_in_repo(self):
         print("test_list_dependency_items_in_repo 'non-existent-type' are: ", items)
         self.assertTrue([] == items)
 
+    def test_list_dependency_items_in_repo_no_dependencies(self):
+        "Test generating a list of items from opencontrol.yaml file dependencies section"
+        ocf = OpenControlFiles()
+        # TODO: need better test in case Docker adds dependencies
+        # construct absolute file path
+        dir_path = os.path.dirname(os.path.realpath(__file__))
+        repo_ref = "file://{}/{}".format(dir_path, "test_data/repo_no_dependencies")
+        revision = 'master'
+        item_type = "dependencies"
+        # resolve the `opencontrol.yaml` file
+        ocfileurl = ocf.resolve_ocfile_url(repo_ref, revision)
+        # print debug info
+        print("dir_path is {}".format(dir_path))
+        print("repo_ref is {}".format(repo_ref))
+        # load opencontrol.yaml file
+        items = ocf.list_dependency_items_in_repo(ocfileurl, item_type)
+        print("test_list_dependency_items_in_repo 'dependencies' are: ", items)
+        self.assertTrue([] == items)
+
+
 if __name__ == "__main__":
     unittest.main()
diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@ def readme():
         return f.read()
 
 setup(name='compliancelib',
-      version='1.1.1',
+      version='1.1.2',
       description='A python library for modeling IT Compliance',
       long_description=readme(),
       classifiers=[